Windows 10 News You Can Use – May 2017

Posted on Updated on

For this May 2017 edition of “Windows 10 news you can use”, the highlight is the release of the Windows 10 Creators Updates (aka R2, aka 1703). Since there is a lot of news surrounding the release, this newsletter is broken down into three sections.

General Win10 News

  1. ‘Ask Microsoft Anything’ (AMA) about Windows as a service event will give you the opportunity to connect with members of the Windows product and engineering teams, who will be on hand to answer your questions and listen to feedback – held on Thursday, May 4, 2017 from 9:00 a.m. to 10:00 a.m. PT
  2. Windows 10 IT Pro content map – A comprehensive list of resources designed to help IT professionals explore, plan for, deploy, manage, and support Windows 10
  3. Announcing the Windows Insider Program for Business. Insiders can now register for Windows 10 Insider Preview Builds on their PC using their corporate credentials in Azure Active Directory. Using corporate credentials will enable you to increase the visibility of your organization’s feedback – especially on features that support productivity and business needs. You’ll also be able to better advocate for the needs of your organization, and have real-time dialogue with Microsoft on features critical to specific business needs.
  4. A series of videos and blog posts are being published introduce you to the best of Microsoft Edge and share tips and tricks for making the most out of your browsing experience
  5. Announcement on the new release cadence of Office 365 ProPlus and SCCM along with Windows 10 branches
  6. Microsoft IT showcase – Enhancing remote access in Windows 10 with an automatic VPN profile

Windows 10 1703

  1. A consolidated description of content features and related resources for IT Pros to learn about what’s new in Windows 10, version 1703
  2. With the Creators Update, we’re upgrading Microsoft Edge with dozens of new features and under-the-hood improvements to make the best browser on Windows 10 faster, leaner, and more capable than ever.
  3. New Microsoft Mechanics videos
  4. Microsoft shares what is collected in the Basic telemetry level. With telemetry enabled, Microsoft is giving back to customers with data-driven insights from the Windows Analytics suite to reduce the costs of deploying, servicing, and supporting Windows 10.

Windows 10 Security

  1. Windows 10 Security in Real Life – experts provide an in-depth look at the most secure Windows ever, and see how to put the new features to work for you right away, as you build up your Windows 10 security skills
  2. Microsoft published a “ransomware response playbook”, which outlines a scenario-driven story about how WDATP can help protect against ransomware in the enterprise
  3. Recent Gartner research explores the new Windows threat resistance security features that are important to security and risk management leaders
  4. A new, more thorough Windows Defender Antivirus library on TechNet with an impressive 47 topics and 164 pages!

Finding ConfigMgr Collections with Queries

Posted on Updated on

Using ConfigMgr 2012 R2 (and newer), the following PowerShell script can be used to identify which device collections have a query in them, and those that do not.

Example output:



import-module ($Env:SMS_ADMIN_UI_PATH.Substring(0,$Env:SMS_ADMIN_UI_PATH.Length-5) + '\ConfigurationManager.psd1')
# Site Code + :
Set-Location "GAL:"

$CollectionList = Get-CMDeviceCollection

ForEach ($Collection in $CollectionList) {
    $RuleName = (Get-CMDeviceCollectionQueryMembershipRule -CollectionId $Collection.CollectionID).RuleName

    If ([string]::IsNullOrEmpty($RuleName)) {
        write-host "NO Query: " $Collection.CollectionID "," $Collection.Name -foregroundcolor Red
    } Else {
        write-host "YES Query:" $Collection.CollectionID "," $Collection.Name ", Query name:" $RuleName

Why update ConfigMgr clients after upgrades?

Posted on Updated on

I was recently asked by a couple of friends, is it required for me to update my ConfigMgr clients after upgrading my site?  Intuitively I knew the answer and the why, but they need “proof” or documentation from Microsoft that stated it as such.  It was a bit of a needle-in-the-haystack to find, but the following reference on TechNet illustrates the case.

From the guide for Planning to Upgrade System Center 2012 Configuration Manager, in the upgrade checklist, the last step is to Upgrade Clients.

“After you upgrade a primary site, plan to upgrade clients that are assigned to that site. Although a Configuration Manager primary site or secondary site can support communication from clients that have a lower service pack version (including clients that run Configuration Manager SP1 talking to a site that runs System Center 2012 R2 Configuration Manager), this communication should be a temporary configuration. Clients that run a previous service pack version of Configuration Manager cannot use the new functionality that is available with the new version of Configuration Manager.”

Windows Error: 0x2E4 with ConfigMgr 2012 R2 and App-V 5.0

Posted on Updated on

If an App-V package has scripts to perform an operation, the application install may fail and show a dialog box similar to the image below.


Checking the AppEnforce.log file will reveal the error as below.

Publish-AppvClientPackage : Application Virtualization Service failed to complete requested operation.
Operation attempted: Publish AppV Package.
Windows Error: 0x2E4 – The requested operation requires elevation
Error module: Embedded Scripting. Internal error detail: 7D401E30000002E4.
Please consult AppV Client Event Log for more details.

In this case the problem is caused because the application is targeting the user and cannot execute the necessary PowerShell commands to run the script which has been embedded in the App-V package.  This particular scenario utilizes a demo that I do for customers to install an application compatibility shim as per my blog post “App-V 5.0 Demo – Application Shims“.  With this scripting, it’s best for the package to be globally published (i.e. targeting the computer) and not user published.

Updated 7/16/2015: As pointed out in the comments, the actual problem/solution was found.  Instead of using the PublishPackage element of the UserConfig.xml script, use the AddPackage element of the DeploymentConfig.xml script.  In that way the PowerShell commands have the permissions to execute.

App-V 5.0 – get .appv package file

Posted on Updated on

If using standalone AppV 5.0 infrastructure, use the following SQL query against your AppVManagement database to retrieve the list of packages and their corresponding .appv file/path.

Select Name, PackageURL

From dbo.PackageVersions

Order By Name


ConfigMgr 2012 Reports Node Empty / HTTP Error 404

Posted on Updated on

Are you experiencing a problem with your ConfigMgr 2012/R2 console not showing reports in the Reports node?  I was recently for implementation at a customer site!


When a console user select this node, the console queries SRS website directly then returns the results.  That’s how it keeps up-to-date with any new reports which may be created.  In this particular case, SRS was configured to use only the NETBIOS name as the URLs for the websites.  To know which URL your console is trying to use, simply click on the root Reporting node.


So when we’d attempt to access the website directly via a web browser, it would generate a 404 not found error.  Long story short, this was because of the use of a proxy server.  The URL would be redirected to the Internet and couldn’t find any website named “http:\\server\reports”.

To fix this, we needed to change how SRS was configured so as to force it to use a FQDN address.  There are a couple of ways which this could be completed.  One way could be to configure the reporting services point for HTTPS to improve reporting security.  The other way could be to reconfigure the URLs in SRS to use a specific host header name (outlined below).

1.  Open SQL Server Reporting Services Configuration Manager.  Go to the Web Service URL and click Advanced.  In the image below, note by the arrow that the URL is only the NETBIOS name.


2.  Next, change the IP Address from “All Assigned” to use the FQDN.  Save all of the changes.


The new URL result will look as follows:


3.  Repeat the above steps for the Report Manager URL.

4.  Finally, reinstall the Reporting Service Point role in ConfigMgr.


Then voila!  The console will now use the FQDN for reports, which will now be displayed.