Monthly archives: februari, 2019

Citrix brings back Local Text Echo

Have you ever experienced the frustration of working on a bad connection resulting in tremendous amount of latency when typing?

Past releases of Citrix Virtual Apps and Desktops (Formerly XenApp & XenDesktop) have included many interesting news and functions, especially regarding HDX innovations and ICA improvements. One of the ”new” features that caught my eye in the Citrix Virtual Apps and Desktops 1811 release notes is Local text echo, which I will shortly cover in this post.



Wireless Networking in Windows Server 2019

The other day I installed a NUC with an integrated wireless NIC. I installed Windows Server 2019 to the NUC and installed the wireless networking drivers from Intel’s website. The problem was that after I’ve installed the network drivers they didn’t work. After a lot of trial and error I discovered that you cannot use wireless NICs without the ”Wireless-Networking” role installed. Install the role by running below in Powershell.

 

 

I restarted the computer and after that everything started to work as expected.

 



New features in Azure Blueprints

The past couple of weeks i have seen new features being released for Azure Blueprints. In this short post i will write about the updates in Definition location and Lock assignment.

New to Azure Blueprints?

Azure Blueprints allows you to define a repeatable set of Azure resources that follows your organizations standards, patterns and requirements. This allows for a more rapidly deployment of new environments while making it easy to keep your compliance at desired level.

Artifacts:

Azure Blueprints is a package or container used to achieve an organizational standard and patterns for implementation of Azure Cloud Services. To achieve this, we use Artifacts.

Artifacts available today are:

  • Role Assignments
  • Policy Assignments
  • Resource Groups
  • ARM Templates

The public preview of blueprints was released during Ignite in September last year, and its still in preview.

Read more about the basics of Azure Blueprints here

Definition location

This is where in your hierarchy you place the Blueprint, and we think of it as a hierarchy because after creation the assignments of the blue print can be done at current level or below in the hierarchy. Until now the option for definition location has been Management groups. With the new released support for subscription level you can now start use Blueprints even if you have not adopted Management groups yet.

Note you need contributor permissions to be able to save your definition to a subscription.

If you are new to management groups, I recommend you take a look at it since it’s a great way to control and apply your governance across multiple subscriptions.

Read more about Management groups here

Definition location for Blueprints

Lock Assignment

During assignment of a Blueprint we are given the option to lock the assignment.

Up until recently we only had Lock or Don’t lock. If we chose to lock the assignment all resources were locked and could not be modified or removed. Not even by a subscription owner.

Now we have the option to set the assignment to:

  • Don’t Lock – The resources are not protected by blueprints and can be deleted and modified.
  • Read Only – The resources can´t be changed in any way and can´t be deleted.
  • Do Not Delete – This is a new option that gives us the flexibility to lock our resources from deletion but still gives us the option to change the resources.

Lock assignment during assignment of Blueprint

Removing lock states

If you need to modify or remove your lock assignments, you can either:

  • Change the assignment lock to Don´t Lock
  • Delete the blueprint assignment.

Note that there is a cache so changes might take up to 30 minutes before they become active.

You can read more about resource locking here

Summary

With the ”Do not Delete” i think we will see a better use of the Lock assignment and we will have the flexibility to make changes on our resources without the possibility to delete them. And with Definition location set to subscription we can start using the Blueprints without Management groups and i can see that this might be a useful in environments where Management groups have not been introduced.

Good luck with your blueprinting!

You can reach me at Tobias.Vuorenmaa@xenit.se if you have any questions.



Easy way to disable items in Control Panel and Settings App in Windows 10 and Server 2019

In Windows 10 and Server 2019 there are both a Control Panel and a Settings App. This is somewhat confusing for the user. However, this is probably how it’s going to be until Microsoft have had enough time to migrate all settings from the Control Panel to the Settings App. Microsoft have provided great lists on canonical names for both the items in the Control Panel and Settings App. Although this is great posts, this may be overwhelming.

In Windows 10 and Server 2019 you may want to lockdown the settings the users may access. It is not appropriate that a user can start Windows Update on a Server 2019 that is used as a session host with several users logged in. To lockdown Control Panel and the Settings App, you may use the two policies below.

  1. “Computer Configuration\Administrative Templates\Control Panel” and configure “Settings Page Visibility”
  2. User Configuration\Administrative Templates\Control Panel” and configure “Show only Specified Control Panels items”

To find what to add into these policies you can use the two Microsoft articles provided above or you can use a sweet tool called Win10 Settings Blocker. With this tool you can add what settings you want to hide (or show) and then copy the registry data to the policy.

After you have successfully added the settings you want to hide you can go to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer” and copy the data from the registry key named “SettingsPageVisibility”.

Copy the data and paste it to the setting “Computer Configuration\Administrative Templates\Control Panel\Settings Page Visibility”.

You can do the same thing for the Control Panel. Just make sure to change to select “Control Panel Options” in the app instead.

When applying to hide any of the Control Panel options you can find the locked down Control Panel items under  “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictCpl”.