Latest Event Updates

Inventory of systems that are using Offline Files

Posted on Updated on

If you need a mechanism by which to identity or inventory systems that have cached files using Offline Files, you can retrieve details through WMI in Win32_OfflineFilesItem.  ConfigMgr inventory can be easily expanded to collect this data for reporting.  Below is an example screen shot from my lab on a Win7 system that has a cached offline file.  Be aware, and keep in mind that you may risk exposing confidential information based upon the server or file name. 

 offlinefiles_wmi

 

p.s. happy Pi day

Windows 10 News You Can Use – March 2017

Posted on

This March 2017 edition of “news you can use” for Windows 10 is chalked full of many resources as it was an active month in February!  To help break apart such a large list, I have split it into three sections – Win10 news and resources, combating new security threats with Win10, and training / how-to guides.

Windows 10 News & Resources

  1. Signup for the new Win10 IT Professional insider newsletter! Get the latest news, resources, tools, and guidance to help you explore and deploy Windows 10; migrate from Windows 8.1 or Windows 7; and manage your existing Windows client infrastructures successfully—and with less effort.
    https://technet.microsoft.com/en-us/windows/ee837411
  2. Windows 10 security experts share how to stay ahead of the catalysts shaping the cyber landscape
    http://blogs.windows.com/business/2017/02/13/security-trends-windows-10
  3. FastTrack for Windows 10 announced
    https://blogs.windows.com/business/2017/01/23/get-fasttrack-deploy-windows-10
  4. The whitepaper on the “total economic impact” of Windows 10 was updated and refreshed in December 2016.  This Microsoft-commissioned report by Forrester demonstrates how deploying Windows 10 can help reduce costs and provide significant benefits to your organization. The report found an ROI of 233% with a payback period of only 14 months. Download now to read more!
    http://wincom.blob.core.windows.net/documents/Windows%2010%20TEI%20Study.pdf
  5. Infographic: Simplify Windows 10 management and lower TCO
    https://gallery.technet.microsoft.com/Infographic-Simplify-37e77674
  6. For those using and creating Provisioning Packages, the Windows Image Configuration Designer is now available as a universal application.  So it’s not necessary to download and install from the Windows ADK!
    https://www.microsoft.com/store/apps/9nblggh4tx22

Windows 10 and Surface stomp on security threats with new enterprise innovations

These are key announcements from blog post: https://blogs.windows.com/business/2017/02/10/windows-10-surface-stomp-security-threats-new-enterprise-innovations

  1. NSA adds Windows 10 and Surface to list for classified use – Surface Pro 3, Surface Pro 4 and Surface Book have been added to the NSA’s Commercial Solutions for Classified Programs (CSfC) list. Additional information on the NSA site: https://www.nsa.gov/resources/everyone/csfc/components-list
  2. Enhanced security capabilities with Surface Enterprise Management Mode (SEMM).  SEMM will protect PCs at the UEFI level – “so a lot of the attacks you would expect attackers to use in order to just re-enable the camera without the user knowing, won’t even work, because the device is disabled at a fundamental, hardware level”.
  3. Extending device management in Windows 10 using MDM software, administrators will be able to apply settings and configurations from the Security Baseline Policies list. Previously, those settings were only available through Group Policy.
  4. New MDM Migration Analytics Tool designed to help customers figure out migrating from Group Policy to MDM. It scans a system for all of the policies applied to it, tries to map those policies to their MDM equivalents, and spits out a report of the results.
  5. The quest for No More Passwords with Windows Hello – Now available with on-premises Active Directory not just Azure AD.
  6. Additionally, the Dynamic Lock feature in Windows Hello connects a user’s smartphone to their Windows 10 device, and automatically locks the device when the phone’s Bluetooth signal drifts far away.
  7. The Upgrade Analytics “tool” is being rolled into a suite of tools called Windows Analytics.  Upgrade Analytics itself is being rebranded as Upgrade Readiness.
  8. Windows Analytics will now include  Update Compliance – free insights that provide a holistic view of Windows 10 update compliance for both monthly quality updates and new feature updates. This free resource will help organizations monitor deployment progress, identify issues and provide insights about their fully-patched, secure Windows 10 device environment.

Windows 10 Training and Guides

  1. New how-to articles and guides available from Microsoft!
  2. Stop malware with Windows 10 Device Guard
    https://mva.microsoft.com/en-US/training-courses/dropping-the-hammer-on-malware-with-windows-10-device-guard-16926
  3. Microsoft Mechanics video: A look at Advanced Threat Analytics in the datacenter
    https://youtu.be/RAS-TI6PUrg

Windows 10 News You Can Use – February 2017

Posted on Updated on

  1. NSS Labs reports showing that Microsoft Edge (in Windows 10) blocks more phishing sites and socially engineered malware than Chrome or Firefox. Available for download from http://www.nsslabs.com/browser-security.
  2. New evidence and stories on enterprise detection and response (EDR) against threat actors:
  3. Microsoft IT Showcase – Windows Defender ATP for EDR helps detect sophisticated threats https://www.microsoft.com/itshowcase/Article/Content/854/Windows-Defender-ATP-helps-detect-sophisticated-threats
  4. Desktop as a Service (DaaS) – Virtualization of Win10 in the cloud, fast provisioning and flexibility
  5. Two new videos in the Win10 IT pro series have been published online!
  6. Windows Hello supports a growing variety of secured companion devices
    https://blogs.windows.com/windowsexperience/2017/01/12/windows-hello-supports-growing-variety-secured-companion-devices
  7. BIOS legacy to UEFI conversion tool.
    • Although not specifically called out in the 15007 Build Blog, it looks like the In-Place UEFI tool announced in December has rolled out in 15007.
    • See below and also this Blog from a partner.
    • This is available on the fast build of the latest release. Let us know what you think!
  8. Windows 10 achieves FIPS 140-2 compliance.
    http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2017.htm

Windows 10 News You Can Use – January 2017

Posted on

Happy new year to one and all!  Welcome to my first 2017 edition of “news you can use” for Windows 10.  I originally set out to compile and share these bits of information that I see come through the wire, with the hopes that it would be beneficial to you as well.

Windows 10 News You Can Use – Dec 2016

Posted on Updated on

This my inaugural edition of “news you can use” for Windows 10.  I originally set out to compile and share these bits of information that I see come through the wire, with the hopes that it would be beneficial to you as well.   

  1. Did you miss Microsoft Ignite in September?  No worries, the sessions were recorded and are available online.  Here is a catalog of the related Windows 10 sessions.  Optionally, you also download all of those sessions (decks and videos) directly from my OneDrive!
    Download: https://1drv.ms/f/s!Auu_dRzvdA2Ohu41JASZ_8XW-7S6LA
  2. Have you heard of the new Upgrade Analytics service to help in your application compatibility planning and readiness?  If not, recently a Microsoft Mechanics video (6 minutes) was created to highlight and showcase the technology.
    Read more and watch: https://technet.microsoft.com/en-us/windows/mt743627
  3. The Windows 10 IT Showcase is about how Microsoft IT used the materials in this program to support the Windows 10 deployment to all employee devices within the Microsoft global enterprise. Now, you can use them to facilitate employee adoption, promote best practices, and ensure a direct path to productivity with the best Windows ever.
    Read more: https://www.microsoft.com/itshowcase/windows10deployment
  4. Updated GPO settings reference for Win10/Server 2016.
    Read more: https://www.microsoft.com/en-us/download/details.aspx?id=25250
  5. The Win10 Anniversary Release (1607) has been officially declared as a Current Branch for Business (CBB).
    Read more: https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security
  6. Microsoft has announced the new Unified Update Platform (UUP) that is under development and coming to new branches of Windows 10.  The community and customer benefits of UUP is the reduction you’ll see in download size on PCs.  We have converged technologies in our build and publishing systems to enable differential downloads for all devices built on the Mobile and PC OS.
    Read more: https://blogs.windows.com/windowsexperience/2016/11/03/introducing-unified-update-platform-uup
  7. Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. And we take this responsibility very seriously. Recently, the activity group that Microsoft Threat Intelligence calls STRONTIUM conducted a low-volume spear-phishing campaign. Customers using Microsoft Edge on Windows 10 Anniversary Update are known to be protected from versions of this attack observed in the wild. This attack campaign, originally identified by Google’s Threat Analysis Group, used two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel to target a specific set of customers.
    Read more: https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security
  8. Configuration Manager 1610 released and contains new features
    Read more: https://blogs.technet.microsoft.com/enterprisemobility/2016/11/18/now-available-update-1610-for-system-center-configuration-manager
  9. The next Win10 branch release was announced as the Creators Update and is due to arrive in the spring of 2017.  Included is the introduction of the Surface Studio and Surface Dial device!
    Read more and watch demo: https://blogs.windows.com/windowsexperience/2016/10/26/empowering-a-new-wave-of-creativity-with-the-windows-10-creators-update-and-surface-studio
  10. While it’s not really “news for Win10”, are you scrambling for the perfect gifts for the geeks on your list this holiday season? Just don’t know where to start? Lucky for you, the Microsoft elves have spent 2016 putting together the ultimate list of the year’s best tech, toys, and tools and collected them here in the Holiday Gift Guide for Geeks 2016.
    Read more: https://info.microsoft.com/holiday-gift-guide-2016.html

Automating Web URLs as Start Menu Links

Posted on Updated on

In my previous post on Creating Web URLs as Start Menu Links, I outlined details how to manually create links to URLs (as seen in the images below).  While this does work, most folks in the systems management community would prefer to automate this link creations.  The following PowerShell script can be used to create a custom start menu link for all users.

Note that a problem that you may encounter is the link not being displayed in the grouping.  This could be caused by having two .lnk files with the same target path pointing to the same URL.


# Create a Shortcut with Windows PowerShell
$oWScriptShell = New-Object -ComObject WScript.Shell
$sTargetFile = "C:\Windows\explorer.exe"
$sShortcutFile = $oWScriptShell.SpecialFolders("AllUsersPrograms") + "\Links\t3chn1ck.lnk"
# Note: to open URL in a specific browser like Edge, add in front of the URL Microsoft-edge:
$sURL = "http://t3chn1ck.com"

#Delete existing shortcut if exists
If (Test-Path $sShortcutFile){
Remove-Item $sShortcutFile
}

$oShortcut = $oWScriptShell.CreateShortcut($sShortcutFile)
$oShortcut.IconLocation = "explorer.exe,20"
$oShortcut.TargetPath = $sTargetFile
$oShortcut.Arguments = $sURL
$oShortcut.Save()

urldemo5 urldemo4

Creating Web URLs as Start Menu Links

Posted on Updated on

If you’re looking for a quick and ‘easy’ method to create shortcut links to website URLs that are part of a user’s start menu…and that can be found by Windows search…follow this simple process.

  1. Create a generic program shortcut to %windir%\explorer.exe. An easy way to do this is just browse to the executable file, right-click, and select Sent To > Desktop.urldemo1
  2. Modify the properties of the .lnk file to have:
    • The URL after the name explorer.exe; note that prefacing the URL with http:// or https:// maybe necessary.
    • Change the icon to be more website looking (optional)
    • Change the name of the shortcut to something ‘friendly’ (on the General tab)urldemo2
  3. Copy the shortcut to C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CustomLinkDirectoryName\urldemo3

Now the URL shortcut will be listed in the start menu for all your users!  An added bonus is that this link will open in whatever is the user’s default browser as well.  These links can then be distributed and managed by a systems management tool such as ConfigMgr.

To automate this process using PowerShell, see my post Automating Web URLs as Start Menu Links.

urldemo4   urldemo5