Active Directory, Azure

Five steps to securing your identity infrastructure in Azure Active Directory

This link to the Microsoft document will help you get a more secure posture using the capabilities of Azure Active Directory by using a five-step checklist to inoculate your organization against cyber-attacks.

This checklist will help you quickly deploy critical recommended actions to protect your organization immediately by explaining how to:

  • Strengthen your credentials.
  • Reduce your attack surface area.
  • Automate threat response.
  • Increase your awareness of auditing and monitoring.
  • Enable more predictable and complete end-user security with self-help.

https://docs.microsoft.com/en-us/azure/security/azure-ad-secure-steps

Advertisements
Configuration Manager 2012, Windows 10

Windows IT Pros: Save Time Through Automation

As Configuration Manager pro, you have tens of thousands of endpoints to manage and not nearly enough time to do it all. Your challenge is complex, involving multiple teams within your organization. It may also require new staff, contractors, hardware, and infrastructure.

Join us for this webinar where you will learn the tools, technologies and best practices that Fortune 500 organizations use to manage and secure their endpoints at scale. Discover ways to automate countless endpoint management tasks and eliminate costly I.T. infrastructure.

How to Automatically Manage and Secure Windows Endpoints at Scale
Chaz Spahn, Sr. Solutions Architect, Adaptiva
Tuesday, Oct 30th, 2018
9am PDT / 12pm EDT / 6pm CEST

The program will present many of the products, tools, and training you need to:
• Reliably and cost effectively distribute software, including Windows 10, across an enterprise
• Automate endpoint security configuration management to reduce manual troubleshooting time
• Increase visibility, control, and reporting across an enterprise’s endpoints
• Rapidly adapt to changing I.T. priorities and endpoint security conditions

Register URL: http://www2.adaptiva.com/managesecure

Active Directory, DISM, Group Policy Objects, Group Policy Preferences, Uncategorized, Windows 10

Setting Acrobat Reader DC as the default PDF viewer on Windows 10 with a GPO

  1. Create a AdobeReaderAssociations.xml file that’s in the Adobe Enterprise Administration Guide or create your own using DISM
  2. Copy that file on a shared location. Using group policy preferences copy the XML file to the local device
  3. Apply the XML file by opening up the group policy and navigate to Computer Configuration\Administrative Templates\Windows Components\File Explorer\Set a default associations configuration file
  4. Select Enabled and specify the path for the XML file and click Apply
  5. The corresponding registry entry is HKLM\Software\Policies\Microsoft\Windows\System\DefaultAssociationsConfiguration
Thanks to the GuruPackager
Adaptiva

What is Adaptiva OneSite?

What is Adaptiva OneSite?
Adaptiva OneSite allows you to consolidate your server hierarchy and improve bandwidth utilization. It allows you to remove all ConfigMgr Secondary sites, Distribution Points, and unwanted Primary sites. Companies are able to save on hardware costs, as well as drastically reduce the cost of managing these servers. This is made possible through an enterprise Peer to Peer system, a distributed virtual cache, and an advanced network protocol.

Adaptiva OneSite Benefits
– Roll-out ConfigMgr 2007 or 2012 server infrastructure instantly: do it in weeks
– Simplify operations: no system design or operational maintenance
– Lower costs: Reduce server cost, maximize bandwidth utilization
– Dramatically faster package downloads
– Secure software distribution and patching
– Fault tolerant and agile
– No need for bandwidth throttles or scheduled distributions

Adaptiva OneSite Users Guide

Adaptiva, Best Practices, Configuration Manager 2012, Configuration Manager 2016, Intune, MDT, Microsoft, Windows 10

Windows 10 OSD Best Practices with ConfigMgr

Microsoft MVP Ami Casto will give you demonstrations of community tools and Adaptiva technologies to help ensure your success with:

  • Windows 10 OSD planning, deployment, and maintenance
  • Large-scale, zero-touch deployments and ongoing servicing
  • Security configuration management to harden attack surfaces
  • Real-time incident response to urgent security issues
  • Windows 10 OSD Best Practices with ConfigMgr Webinar

https://adaptiva.com/videos/2018/2018-06-26-windows-10-osd-best-practices/

Administration, Applications

Application Portfolio Management – TIME (Tolerate, Invest, Migrate, Eliminate)

Great article on creating an application portfolio management. Which applications are worth the investment versus those that might not be.

TIME (Tolerate, Invest, Migrate, and Eliminate) analysis has proven to be useful tool for structuring the sorting of applications in a company’s portfolio. After all the applications are divided into four categories, a deeper analysis of the application portfolio can be performed.

Tolerate – applications that are creating enough business value and have manageable costs but should be maintained for various reasons.

Invest – ideally we need to strive to place all existing portfolio of application under this category. These are the most lucrative and investment-worthy applications that bring enough revenue and help streamline operations.

Migrate – applications that need modernization and no are no longer worth the investment.

Eliminate – this category consists of applications that have low business value and even high risks. Therefore, they are of no real value to the organization and need to be eliminated.

https://blog.planview.com/driving-transparency-time-analysis-apm/

Administration, Deployment, Windows 10

Why a Windows 10 upgrade was unsuccessful? Use SetupDiag to find out.

SetupDiag is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful.

SetupDiag works by examining Windows Setup log files. It attempts to parse these log files to determine the root cause of a failure to update or upgrade the computer to Windows 10. SetupDiag can be run on the computer that failed to update, or you can export logs from the computer to another location and run SetupDiag in offline mode.

To quickly use SetupDiag on your current computer:

  1. Verify that your system meets the requirements described below. If needed, install the .NET framework 4.6.
  2. Download SetupDiag.
  3. If your web browser asks what to do with the file, choose Save. By default, the file will be saved to your Downloads folder. You can also save it to a different location if desired by using Save As.
  4. When SetupDiag has finished downloading, open the folder where you downloaded the file. As mentioned above, by default this is your Downloads folder which is displayed in File Explorer under Quick access in the left navigation pane.
  5. Double-click the SetupDiag file to run it. Click Yes if you are asked to approve running the program.
    • Double-clicking the file to run it will automatically close the command window when SetupDiag has completed its analysis. If you wish to keep this window open instead, and review the messages that you see, run the program by typing SetupDiag at the command prompt instead of double-clicking it. You will need to change directories to the location of SetupDiag to run it this way.
  6. A command window will open while SetupDiag diagnoses your computer. Wait for this to finish.
  7. When SetupDiag finishes, two files will be created in the same folder where you double-clicked SetupDiag. One is a configuration file, the other is a log file.
  8. Use Notepad to open the log file: SetupDiagResults.log.
  9. Review the information that is displayed. If a rule was matched this can tell you why the computer failed to upgrade, and potentially how to fix the problem.
Intune, Microsoft, Microsoft 365, Office 365, Training & Workshop, Windows 10

Modern Workplace (Microsoft 365) Discovery Day – Overview Session

Thursday, 16 August 2018, 9:00 AM-4:00 PM

Cliftons Auckland
Level 4, 45 Queen Street, Auckland

From home to business, from desktop to web and the devices in between, Microsoft 365 empowers your employees with intelligent & secure tools to get work done.

Showcasing the product suite of Microsoft 365, join us to understand what products are available to you now with your current subscription, as well as understanding new products which can be implemented immediately and work seamlessly with existing tools and infrastructure.

We’re inviting you to experience M365’s potential in person with a full-day Microsoft 365 Discovery session.

GPMC, Group Policy Objects, Windows 10

Fixing Folder Redirection on Windows 10 1709

Upgrading devices from Windows 8.1 to Windows 10 1709. Folder Redirection and Offline Files was not applying to Windows 10 devices. After searching we found a registry setting that reapplied the Folder Redirection link:

  1. Go into regedit.
  2. Locate the registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  3. Create a new DWORD Value.
  4. Type EnableLinkedConnections, and then click Modify.
  5. In the Value data box, type 1, and then click OK.
  6. Exit the registry and then restart the device.

By default folders that are redirected should be offline by default. We found this wasn’t the case in the environment.

So next we needed to specify administratively assigned Offline Files. This can be found at: Computer Configuration/Administrative Templates/Network/Offline Files

Add in your UNC path for the home drive/redirected folders and we were back in business.

Applications, Configuration Manager 2012, Deployment, Error

App Install Failed 80004005 – SCCM OSD Standalone Media

Issue:

I created a standalone media of a fully functioning network build task sequence. A number of applications would not install from the stand alone media.

The SMSTS.log showed the following:
App install failed.
Install application action failed: ‘Office_2016_ProPlus_16.0.4266.1001_P1’. Error Code 0x80004005

No MSI log file was created, so the installer didn’t even begin.

Solution:

In the task sequence the application had the Retry this step if computer unexpectedly restarts option enabled. Disable this setting and the stand alone media worked correctly.

#DuncanToTheRescue