GPMC, Group Policy Objects, Windows 10

Fixing Folder Redirection on Windows 10 1709

Upgrading devices from Windows 8.1 to Windows 10 1709. Folder Redirection and Offline Files was not applying to Windows 10 devices. After searching we found a registry setting that reapplied the Folder Redirection link:

  1. Go into regedit.
  2. Locate the registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  3. Create a new DWORD Value.
  4. Type EnableLinkedConnections, and then click Modify.
  5. In the Value data box, type 1, and then click OK.
  6. Exit the registry and then restart the device.

By default folders that are redirected should be offline by default. We found this wasn’t the case in the environment.

So next we needed to specify administratively assigned Offline Files. This can be found at: Computer Configuration/Administrative Templates/Network/Offline Files

Add in your UNC path for the home drive/redirected folders and we were back in business.

Deployment, Office 365, Windows 10

Microsoft 365 Powered Device Assessment Kit & Service Offerings Guide

In this session we will talk about how to engage your customers to deploy modern Windows and Office and keep them always up-to-date. Learn about the Microsoft 365 powered device Assessment kit based on Windows Analytics and how it can assist you to engage customers as they consider the move to, and support of, Windows 10 and Office ProPlus. We will also discuss some of the potential services opportunities related to Microsoft 365 powered device, that you can package and offer to your customers.

Products featured: Windows 10, Office 365 ProPlus

Watch a replay:

Active Directory, Administration, Azure, Configuration Manager 2012, Configuration Manager 2016, Deployment, EMS, Intune, Microsoft, Office 365, Security, Training & Workshop, Uncategorized, Windows 10

Microsoft Ignite – Configuration Manager What’s Next?

System Center Configuration Manager Overview and Roadmap

Learn about the latest developments in System Center Configuration Manager (ConfigMgr), watch demos, and understand what is coming next.

Windows has evolved. Simplify Windows 10 management and lower the Total Cost of Ownership (TCO) with the Microsoft Cloud. See how Enterprise Mobility + Security (EMS) and Windows 10 can be used together to ease procurement, simplify provisioning and lower TCO through modern management & security, and deliver cloud-based updates without the need for an on-premises infrastructure.


Conference, Configuration Manager 2016, EMS, Intune, Training & Workshop, Windows 10

Windows as a Service Partner Workshop

Windows as a Service Partner Workshop – 20 Feb 2018, 9am – 12pm

Cliftons Auckland
Level 4, 45 Queen Street, Auckland CBD
Auckland 1010, New Zealand

Windows 10 has been around for over 2 years, you’ve successfully completed a number of Windows 10 projects, but have your customers successfully adopted Windows as a Service?

Windows as a Service with the increased cadence of change and new support lifecycle makes it significantly different to adopt and support. How has your project approach transformed to address these changes?

Come and find out how our approach to Windows 10 projects need to change to help our customers adopt Windows as a Service long after our project is completed.

Audience: Solution Architects & Designated Windows as a Service champions in the organisation

Overview: What is Windows as a Service, why is it important and what are the inherent benefits of the new servicing model.

Technical update: Refresher on the technical side of Windows as a Service and cover the recent changes to the servicing model.

Adoption of a service: What needs to change within our customers organisation to support a “service” and what do we have to do to help them successfully adopt Windows as a Service.

Transforming our project approach: Look at how our project approach needs to be transformed to address the changes introduced by Windows as a Service.

Administration, Windows 10

Demystifying Windows as a Service – Wake Up!

Great article on WaaS. It is a changed mindset on how Windows 10 is feed and water by all users. Yes, Windows 10 needs to be upgraded more frequently, but the total management time is reduced compared to the traditional operating systems.

Azure, Conference, Configuration Manager 2012, Deployment, Intune, Microsoft, Office 365, System Center, Training & Workshop, Windows 10

Microsoft 365 Enterprise Tech Series – Enterprise Deployment & Management Technical Workshop L300

Microsoft 365 Enterprise Tech Series – Enterprise Deployment & Management Technical Workshop L300

November 30-December 1, 2017 | Auckland, New Zealand

A 2-day Training on the Complete, Intelligent, Secure Solution that Empowers Employees

What is Microsoft 365 Enterprise Tech Series?

Microsoft 365 is a complete, intelligent solution, including Office 365, Windows 10, and Enterprise Mobility + Security, that empowers everyone to be creative and work together, securely. The Enterprise Tech Series will help empower your team, safeguard your business, and simplify IT management with a single solution, purpose-built for your business

What to Expect from Training:

Understand the Microsoft 365 Vision
Dive into Modern IT Deployment
Learn about Traditional IT Transformation
Feel equipped to fully manage Microsoft 365 environments

GPMC, Group Policy Objects, Group Policy Preferences, Registry, Windows 10

How to: Enable Windows 10 Biometrics (Facial and Fingerprint) Logon

Enable all of these policies and set the registry key to enable the Windows 10 facial and fingerprint logon feature.

Group Policy settings:

Computer Configuration\Administrative Templates\System\Logon

  • Turn on convenience PIN sign-in (Enabled)

Computer Configuration\Administrative Templates\Biometrics

  • Allow the use of biometrics (Enabled)
  • Allow users to log on using biometrics (Enabled)
  • Allow domain users to log on using biometrics (Enabled)

Computer Configuration\Administrative Templates\Biometrics\Facial Features

  • Use enhanced anti-spoofing when available (Disabled)

Computer Configuration\Administrative Templates\Windows Hello for Business

  • Use a hardware security device (Enable)
  • Use biometrics (Enabled)

Group Policy Preference settings:



Windows 10

Inside the Windows 10 Fall Creators Update: The MVP Perspective Q and A

Highlights from the Windows 10 MVP Q&A

Question: How do you propose I should keep 4,500 desktop and laptops across 90+ separate physical schools updated in an 18 month period?
Answer: This is a longer conversation and I would be happy to have it with you offline. The problem breaks down into 4 categories.
1.Hardware being compatible (Analytics Upgrade readiness will help here)
2.Software being tested and compatible (Windows Analytics really helps you focus here). Lots of FUD here that can easily be scoped.
3.Infrastructure – look for software solutions to reduce the number of servers and eliminate the network impact
4.User process – scheduling and control by the end user to ensure your timing is not disruptive (WOL is always a good call for education)

Question: So every windows 10 upgrade will be a clean install or it just retain the state with all settings and applications as in the previous version?
Answer: Upgrade is in place and leaves user state and applications 1untouched. Upgrades are the recommend path once you are windows 10 with UEFI. You will have the ability to back-out and upgrade assuming your space cleanup process has not run yet. There are several triggers for cleanup like running out of space. As for a clean install, you can use Imaging via SCCM to ensure that process is available for break-fix, new hire, replace, or security-based issues.I would be happy to talk more about the 4 major categories of Operating System Deployment (OSD).

Question: When will Windows 10 1703 go Current Branch for Business?
Answer: The term for Current Branch for Business (CBB) has been replaced by Semi-Annual Channel.  The process to promote a deployment from Semi-Annual Targeted to Channel is based on you testing targeted in your environment than going broad.

Question: Can windows S be patched using SCCM? Can we define these folders via GPO? Why not protect them all?
Answer: I believe Windows 10 S Enterprise is to be managed via Intune as S does not allow you to run non Store applications.  I have not seen any mention of SCCM/ConfigMgr in regards to Windows 10 S Enterprise.

Question: There are a lot of features not required in Enterprise which is making LTSC more attractive for a stable build to avoid build change cost.
Answer: Long Term Saving Branch is for very specific scenarios.  I would not recommend LTSB for any internet connected device as there are too many exploits coming to quickly. LTSB has had issues with RSAT, software compatibility, MDM, windows hello, DoD requirements, lack or new hardware support (LTSB only supports silicon from when it was released), etc. That being said, LTSB does have very specific use cases as long as you are aware of all the pitfalls.

Question: Does it reinstall Store Apps?
Answer: During an upgrade, applications would not change.  However, new features may be added.

Administration, Azure, Deployment, EMS, Microsoft, Office 365, Windows 10

Windows AutoPilot Deployment

Microsoft has announced that Windows AutoPilot Deployment – a new cloud service that enables IT professionals and partners to customize the Windows 10 out of box setup experience. It used cloud configuration, delivering a self-service deployment experience with new Windows 10 Pro devices. It is now available through CSP.

For Windows AutoPilot Deployment feature overviews and demos please see below:

BitLocker, Configuration Manager 2012, Deployment, Registry, Task Sequence, Windows 10, Windows 7, Windows Preinstallation Environment

Windows 7 Pre-Provision Bitlocker Not Working

After updating Configuration Manager 2012 R2 and adding the Windows 10 ADK, task sequences will no longer pre-provision BitLocker


With WinPE 10 it uses the AES-CBC 128-bit encryption method.


Add the following Run Command Line steps after Format and Partition and before Pre-provision BitLocker.

  1.  Set EncryptionMethodWithXtsFdv – reg add HKLM\SOFTWARE\Policies\Microsoft\FVE /t REG_DWORD /v EncryptionMethodWithXtsFdv /d 3 /f
  2. Set EncryptionMethodWithXtsOs – reg add HKLM\SOFTWARE\Policies\Microsoft\FVE /t REG_DWORD /v EncryptionMethodWithXtsOs /d 3 /f
  3. Set EncryptionMethodWithXtsRdv – reg add HKLM\SOFTWARE\Policies\Microsoft\FVE /t REG_DWORD /v EncryptionMethodWithXtsRdv /d 3 /f

Available Encryption Methods in WinPE 10

  1. Value Data: 3 (Description: AES-CBC 128-bit)
  2. Value Data: 4 (Description: AES-CBC 256-bit)
  3. Value Data: 6 (Description: XTS-AES 128 bit)
  4. Value Data: 7 (Description: XTS-AES 256-bit)