Category: Windows Server

Virtual attendance to Microsoft Build 2019

New features and cool stuff – Microsoft 365, Office 365, Azure, Edge, Windows 10, and everything else Microsoft

There are so many cool things you can do with new types of disruptive technology that was not even imaginable a decade ago. Impressive progress has been made across several disciplines within IT, and it doesn’t look like it will slow down at all. Automation, augmented reality and analytics, AI-driven development, and digital twins just to mention a few areas that come to my mind as examples of groundbreaking new tech-trends – thanks to Gartner’s report Top 10 Strategic Technology Trends for 2019. All of these new technology trends are possible thanks to extremely talented researchers, mathematicians, and developers to name a few. A lot of this new tech is built on or with technology from Microsoft – that’s why Microsoft Build is such an interesting conference.

Even though my daily work is around project management, end user computing and the operations side of digital infrastructure, I’m always curious on what’s to come and try to find the next big thing or cool features that can improve the EUC-experience for all of our current and future customers.

One impressive technology, albeit rather old, is virtual presence and live online streaming. That’s something I’m very thankful for a day like this. Last evening and night, was the first day of Microsofts annual developer conference Build in Seattle, WA, and I was able to watch a few hours of presentations from my couch instead of having to go to the US. Even though attending in person would have been a bit more exciting and fun, my couch is much better than nothing at all. 😃

Being able to listen to Microsoft vision and plan for the future, and also learn about the latest new features from the couch might not sound reasonable for everyone, but a completely logical move to me.

After a good night’s sleep I have been trying to come up with a list of the most interesting parts from the presentation I saw last night, from a EUC standpoint. Obviously, there will be lots and lots of more neat new features and updates to products presented during the conference but that might be for another blog post.

Microsoft Edge Chromium

Three major updates were announced for Microsoft edge last night. Thanks to Microsoft’s decision to move to a fork of the open source browser Chromium my bet is that we will see a lot of more news around the browser in the months to come.

If you would like to try the new public version of the Edge Chromium browser you can do so here!

  1. IE Mode

This is a big one for EUC enthusiasts like myself. There has always been a push-pull struggle to decide on which browser to use for end users in an enterprise environment and that usually, not always, has to do with compatibility to do.

Microsoft’s announcement last night hopefully means that we won’t have to trade off new features in modern browsers and being able to work effectively in old and legacy LOB applications. I think we all can agree on the fact that most bigger enterprises have a handful of “extremely important” old web apps that won’t disappear in the forseeable future.

What Microsoft announced is the possibility for Edge Chromium to load an old web app straight into the new browser but with the old Internet Explorer rendering engine. Previously Edge started a separate IE-process and users had to switch between the two browsers, this news means that you can have IE-tabs and Edge Chromium-tabs within the same browser, really neat.

IE Enterprise Mode works well, but I think this will be much much better. We’ll see!

  1. Collections

Another cool feature presented during the keynote was Collections. In summary, I’d say that is the next generation of the old favorites feature. You will be able to create collections of links, pictures, text, and other information within the browser.

If you want to it’s then possible to export/share that collection with your co-workers via Excel or Word. The Edge Chromium browser generates good looking files with headers, aligned pictures, and URLs/sources.

  1. Privacy

You will be able to select from one of three predefined privacy configurations. Unrestricted, balanced or strict. The strict mode blocks most trackers and trackers but sites might break. The unrestricted is the complete opposite, and the balanced mode is what we swedes say is lagom – not too much, not too little tracking.

The World’s Computer (Azure)

It’s no surprise to see that there’s a lot of focus on Microsoft Azure during the conference. Some interesting news that might be of extra interest for the EUC community I’d say are these:

Of course, there are loads of other new features but i found these to stand out.

To see all Microsoft Azure announcements, check out this link.

Windows Terminal

WOW! Finally, the old terminal will be replaced with something new! The new terminal will support shells like Command Prompt, PowerShell, and WSL.

To get a glimpse of the amazing future of Windows Terminal, check this out.

The new console is open source and you can build, run, test, for the app right now. Their repo can be found here.

Key features according to Microsoft is:

  • Multiple tabs
  • Beautiful text (GPU accelerated DirectWrite/DirectX-based rendering, emojis, powerline, icons, etc.)
  • Lots and lots of configuration possibilities (profiles, tabs, blur/transparency/fonts… you name it)

So, get a new graphics card and get started working in the new terminal 😃

Office 365 Fluid Framework

A new framework called the Fluid Framework was announced. The new framework will make it seem like users are working together in real time, charts and presentations will be updated in an instant, and translations into loads of languages will be live.

During the keynote, the presenter wrote in a document at the same time as others did, and it really looked like there was no latency. The live translation part was really cool and I recommend you to watch it in action to get why this is something that might be of real interest for your business.

Watch it in action here.

Windows Hello, FIDO2 certification

Windows Hello is now FIDO2 certified. What does that mean?

Without digging into the details the new certification hopefully means that more websites and online services will be able to allow other forms of authentication than just username/password. Passwordless authentication is proven secure and with Microsoft adhering to the new specification it will be easier to allow user-friendly authentication methods like fingerprint and face recognition.

FIDO2 is the overarching term for FIDO Alliance’s newest set of specifications. FIDO2 enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments. The FIDO2 specifications are the World Wide Web Consortium’s (W3C) Web Authentication (WebAuthn) specification and FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP).

Windows Subsystem on Linux 2 (WSL2)

The new version of WSL will be running from a completely open source Linux Kernel that Microsoft will build themselves. There are probably 100s of reasons why Microsoft do this but one of them is performance. The kernel version will be 4.19 which is the same version that is used by Azure.

The new WSL-version will make it possible to run containers natively which means that locally hosted Virtual Machines won’t be necessary anymore.

Like before there won’t be any userspace binaries within WSL which means that we will still be able to select which flavor we want to run.

The first public versions of WSL2 will be available sometime this summer.

Honorable mentions or too cool not to mention

  • Mixed reality services within Teams and Hololens, for example, the live Spatial meetings using AR
  • Hololens 2 and the Mittel presentation
  • Cortana updates where the AI Bot is integrated and helps even further with scheduling and assisting you during your workday
  • All news regarding containers, Docker, and Kubernetes/AKS
  • Microsofts new Fluent Design System
  • Xbox Live for new devices (Android and iPhone) and new collaborations with game studios
  • Some kind of Minecraft AR game for mobile phones being released on May 17

Psst. Did you know that you can watch loads of presentations and also the keynote here?

What do you think? Have I missed anything obvious?



Citrix Virtual Apps and Desktops 1903

Citrix announced their new release Virtual Apps and Desktops 1903 on 28th of March and it contains a lot of interesting changes in all categories along with a long list of fixed issues. I will cover two of the changes in this blog-post which I found extra interesting, and that I would recommend you looking into as well!

Director

Citrix Director has been given some love and has received a few changes in the user interface. It has also been announced that similar changes to improve the user experience, are to be expected in the coming releases.

Also a profile processing duration counter has been added on the logon duration chart. This for making troubleshooting easier on profile related matters.

Virtual Delivery Agent

DPI matching on Windows Server 2016/2019, which allows your session to match your clients DPI. Requires minimum Citrix Workspace App on your client.

Pen functionality support with Windows Ink-based applications on Microsoft Surface products. Requires Windows 10 and Citrix Workspace App 1902 for a minimum.

Deprecation and removal

With change comes deprecation, and Virtual Apps and Desktops release 1903 is not an exception. In this release Citrix announced and removed the following components:

  • Announced in 1903 – To be removed
    • Smart Check for Virtual Apps and Desktops
  • Removed in 1903
    • Linux VDA – Support on Red Hat Enterprise Linux/CentOS 7.5
    • Citrix Receiver for Web classic experience
    • Support for Framehawk – Also removed option to enable from VDA installation
    • Delivery Controller options for end-of-life products (VDI-in-a-Box, and XenMobile < 9.0)

A full list of changes can be found here:
https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/whats-new.html

If you have any questions regarding Citrix Virtual Apps and Desktops, feel free to email me at robert.skyllberg@xenit.se or comment down below.



Simplify removing of distributed content with the help of Powershell

Begin

TLDR; Go to the Process block.

Ever since I first got introduced to Powershell, I have always tried to come up with ways to include, facilitate and apply it to my my everyday tasks. But for me, using Powershell in combination with SCCM has never been the ultimate combination, the built in cmdlets doesn’t always do it for me, and the gui is most of the times easier to understand.

So when I got a request to simplify removal of distributed content on all distribution points or all distribution point groups, it left me with two options. To create a script what did the desired job, or to create a function that would cover all the possible scenarios. So I thought; “Why don’t I take these matters in my own hands and create what I actually desire?” That is why I created a script that helped to find the content wanted for removal, and to have the distributed content removed from every Distribution Point or Distribution Point Group.

Lets say that you have 10 Distribution Points, and you have distributed content to 5 out of 10, and you have not been using a Distribution Point Group, the way to go would be to repeatedly proceed with the following steps:


And to do these steps for every distribution point would just take forever. Of course, using one Distribution Point Group would of course be more effective and the ideal way to go, but you might have distributed it to multiple Distribution Point Groups? That is something that already has been thought of, and that is why this script is created. Even if you have distributed it to some distribution points, and some distribution point groups, it will all be removed.

Process

But how does it work? In this demonstration, I will have two packages distributed with similar names. One of them will be sent to a Distribution Point Group, and the other one to 2 Distribution Points. And I would like to have both of them removed from whatever they have been distributed to. 
1. Start by launching Powershell, and import the script by running “. .\Remove-CMAllSiteContent.ps1”

2. Run the script with the required parameters. As shown in the picture below, I searched for ‘TestCM’, but it resulted in showing multiple results. The search is done with wildcard, so everything similar to the stated PackageName will be found. All the parameters have a more detailed description in the script below.

  • The search can either be done with the parameter -PackageName or -PackageID,
  • The parameter -PackageName is searching with wildcards both at the beginning and the end of the stated name. This should be used when you are not sure of the PackageID, or want to remove multiple packages, 
  • The parameter -PackageID is the unique ID for the specific package you want to remove from the distribution point(s) or group(s). This should be used when you are sure of what you would like to remove,
  • The parameter -CMSiteCode is mandatory and must be specified. 

3. In this case, I would like to remove both of the displaying packages, so I choose 0 for ‘All’, followed by a confirmation (Y / N is not case sensitive)

4. After it has been confirmed, the script will check the following:

  • If the content is distributed to Distribution Point Group(s) as an Application,
  • If not, check if it distributed to Distribution Point Group(s) as a Package,
  • If none of these is correct, the script will check if the content is distributed on each Distribution Point as an Application,
  • If not, it will check if the content is distributed to each Distribution Point as a Package.

At the beginning of the script, the content is validated as distributed. If not, it will not be shown. These four steps above covers all distributed scenarios.

5. When finished, we can see that the Distributed content successfully has been removed.

Please read the comment based help to get a better understanding of what is actually running in the background.

End

This can of course be modified with more choices in every step, but at the moment I did not see the need for it.

If anyone have any questions or just want to discuss their point of view regarding this post, I would be more than happy to have a dialogue. Please email me at johan.nilsson@xenit.se or comment below.



Easy way to disable items in Control Panel and Settings App in Windows 10 and Server 2019

In Windows 10 and Server 2019 there are both a Control Panel and a Settings App. This is somewhat confusing for the user. However, this is probably how it’s going to be until Microsoft have had enough time to migrate all settings from the Control Panel to the Settings App. Microsoft have provided great lists on canonical names for both the items in the Control Panel and Settings App. Although this is great posts, this may be overwhelming.

In Windows 10 and Server 2019 you may want to lockdown the settings the users may access. It is not appropriate that a user can start Windows Update on a Server 2019 that is used as a session host with several users logged in. To lockdown Control Panel and the Settings App, you may use the two policies below.

  1. “Computer Configuration\Administrative Templates\Control Panel” and configure “Settings Page Visibility”
  2. User Configuration\Administrative Templates\Control Panel” and configure “Show only Specified Control Panels items”

To find what to add into these policies you can use the two Microsoft articles provided above or you can use a sweet tool called Win10 Settings Blocker. With this tool you can add what settings you want to hide (or show) and then copy the registry data to the policy.

After you have successfully added the settings you want to hide you can go to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer” and copy the data from the registry key named “SettingsPageVisibility”.

Copy the data and paste it to the setting “Computer Configuration\Administrative Templates\Control Panel\Settings Page Visibility”.

You can do the same thing for the Control Panel. Just make sure to change to select “Control Panel Options” in the app instead.

When applying to hide any of the Control Panel options you can find the locked down Control Panel items under  “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictCpl”.



“Outlook cannot perform your search” on Windows Server 2016 running Remote Desktop Services

INTRODUCTION

Speaking on behalf of all IT technicians, it is with no doubt that we all have had our hand in cases related to Outlook. Oftentimes I experience them to be quite understandable in order to be resolved. However, that was until I encountered a particularly obscure issue with Outlook’s search engine, nonetheless its very same obscure resolution.



How to handle pinned start menu apps in Windows 10

As I have been working with customizing Windows 10 for a while now, it has never worked against me this much. However, sometimes Windows do have its ways of working against you. With challenges like these you get the opportunity to spend a lot of time coming up with a solution. So this blog post is about my battle with the start menu of Windows 10 Professional. If you are here for the quick solution, skip to the bottom and the TL;DR section.

The Problem:

I have been able to customize the start menu of Windows 10 with ease since version 1511 with the Export / Import-StartLayout cmdlet. But this time I got a request to remove all the pinned apps on the right side of the start menu. A colleague discussed this and he told me he had done a similar solution inside a Citrix Virtual Desktop, and he spent quite the amount of time with this, I thought this would be much easier than it turned out to be. So the requested start menu should at the end look something like this upcoming picture, with the following demands:

  • No pinned apps on the right box or the start menu
  • In the task bar, have Chrome & Explorer pinned. 

This was the requested layout

To begin with, I created an XML file with just Chrome & Explorer pinned in the task bar, and having set the <DefaultLayoutOverride LayoutCustomizationRestrictionType=”OnlySpecifiedGroups”> . My thought was that this would give me a clean start menu, but this was my first failed attempt. The colleague of mine who preciously had a similar issue in a Citrix environment had during his research time come across this post containing a script called “Pin-Apps“. This script contained a Unpin function which turned out to be very helpful. So I started adapting my work after this script. But this is where I came across my second setback. First, I was not able to have this script and the Import-StartLayout-script in the same logon script, nor having one script on startup, and one on login, so I had to think of a way configure this in my isolated lab environment.

Luckily, I’ve been working a lot with OS-deployment, so I created a Task Sequence containing the Import-StartLayout-script, which managed to run successfully together with my login-script containing the Pin-Apps script. But here I came across my third setback, which by far had the most impact and was the one I spent the most time struggling with. For some reason I was not able to remove bloatware, such as Candy Crush, Minecraft etc. The script ran successfully, but every time, the outcome looked like this

Some applications would not be removed

I could not understand why these applications would not be removed. I have had to deal with bloat ware before, but then it was just to remove them with Appx-cmdlets. I checked Get-AppxPackage & Get-AppxProvisionedPackage, and ran Remove-AppxPackage and Remove-AppxProvisionedPackage several times, but these apps were not removable and did not show up until I manually selected them, and they started downloading (as shown on the application in the top right corner on the picture). So apparently they were either links or shortcuts to the Windows Store. This is works if you are using Windows 10 Enterprise. 

This is where I started going deep. The apps were all published in the Windows AppStore, so I started looking for any kind of possibilities, with help from Powershell, to by force download all apps in the Windows Store. I spent a lot of time with this, but without any success. So I had to rethink my plan. There was no way to have the bloat ware-applications to be downloaded by force, there was no way to remove them by removing them with Appx-cmdlets, and there was no way to have a clean start menu with a XML-file. This gave me the idea. If you can’t beat them, join them. There was no way to actively remove all the applications from the start menu of a Windows 10 Professional, but replacing them worked.

The solution:

As I have yet to find any other way of removing the superfluous applications, creating a new XML replacing the start menu with some random default applications was the only successful way for me. To list these applications, go to Shell:AppsFolder or shell:::{4234d49b-0245-)4df3-b780-3893943456e1} in file explorer.

Applications can be found here

I just chose to pin some of the applications which were default on my start menu, that I knew was very much removable, exported these to a new XML which turned out to it look like this:

From here I had to modify the Pin-Apps script to make it more suitable for a Swedish operating system, and added a register key so it would not run more than once on each user. If you want to lock down the right side of the start menu, you just set or create the LockedStartLayout registry key, located under both HKEY_Local_Machine & HKEY_Current_User\Software\Policies\Microsoft\Windows\Explorer, to 1

If you are running another OS language than Swedish or English, to find the verb for unpin, simply save an application name to the variable $appname (as an example I will use Windows Powershell) and run the following part: 

This will give you all the verbs which are applied to this application. In this case “Unpin from Start” is present.

After modifying the necessary bits I added it to a PowerShell logon script GPO with the parameter -UnpinAll, with the .ps1 file located inside the GPO repository, making sure it’s accessible for everyone.

 

TL;DR: 

If you are running Windows 10 Professional, you need to replace applications in the start menu before removing them, as a suggestion running in a Task Sequence of some kind setting the default start menu layout and then have a GPO to run the PowerShell script stated above.

If you are running Windows 10 Enterprise, just use the Logon script GPO and you will be fine. If you still have some unwanted applications, run a script removing built-in apps (for example this Invoke-RemoveBuiltinApps )

If you have any questions or thoughts about this post, feel free to email me at johan.nilsson@xenit.se



Mapped network printers unavailable due to SMB1 being obsolete

INTRODUCTION

As we all might be familiar with, printers are one of those little peculiar matters within IT. Implementing these in an IT-environment is self-explanatory oftentimes, but when they do not cooperate the issue itself can stem from one single obscure root cause, if not a string of these having to be checked upon.

Recently, I encountered a particular printer issue which I found interesting enough to share. The root cause here, in summary, was due to the network protocol SMB1 (Server Message Block) being obsolete in recent Windows releases.



Monitoring vDisk Rebalance Enabled

In a recent use-case that I stumbled across, I wanted to monitor a few different things in a Citrix-environment with Provisioning Services technology.

In this specific blog-post I’ll show you how I configured monitoring for whether Rebalance Enabled is configured for active vDisk, with Provisioning Services (PVS) Powershell SnapIn.



Monitoring vDisk Replication

In a recent use-case that I stumbled across, I wanted to monitor a few different things in a Citrix-environment with Provisioning Services technology.

In this specific blog-post I’ll show you how I configured monitoring of vDisk Replication with Provisioning Services (PVS) Powershell SnapIn.



HTML5 Web Client for Remote Desktop Services 2016

Microsoft recently announced that the new HTML5 client for Remote Desktop Services has reached general availability. The new web