A Bit About the Windows Servicing Model

Hello, Paul Bergson back again with a discussion on the upcoming changes to our monthly patch releases to align down-level supported operating systems, updating practices to coincide with the Windows 10 Service Model. This includes Windows 7/8/8.1 and Windows Server 2008 R2/2012/2012R2 (this will also impact Windows Server 2016 once released). “From October 2016 onwards,… Read more

Using PowerShell Runspaces to Generate GPO Reports

Stephen Mathews here to talk to you about generating Group Policy Object reports quickly and efficiently. I had a customer ask me if there was an easy way to find all the RunOnce GUIDs in their GPOs. The customer was concerned that they would generate duplicate GUIDs in their deployment of Group Policy Preferences. Yes,… Read more

WPT: Peeking at Logon Delays

Hi everyone, Randolph Reyes (Randy) here with another blog contribution. In this particular engagement, I was working doing an Active Directory Offline Security Assessment (awesome delivery), and one employee with knowledge of using Windows Performance Toolkit stopped me on my way to lunch. Customer: Can we see how long takes an employee to type their… Read more

Windows Failover Cluster Troubleshooter Data Grab

This blog post brought to you by eighteen year veteran Microsoft Premier Field Engineer David Morgan. Goal of this Post Over the years my customers have asked about what they should do first when they get a trouble ticket for a misbehaving Windows failover cluster. There are some fairly simple steps one can take first… Read more

ADFS: Excluding a Specific User Group from MFA

Hi there, JJ Streicher-Bremer back again, this time talking about ADFS and multi-factor authentication. I had a need to configure an environment where everyone was required to use multi-factor authentication _except_ for folks in a specific AD group. When looking at the ADFS 3.0 MFA configuration GUI there is a simple way to add users… Read more

Endpoint Protection Updates for Configuration Manager

Hi everyone, my name is Nicholas Jones, Premier Field Engineer with Microsoft, specializing in System Center Configuration Manager. For my first blog, I want to introduce you to updating System Center Endpoint Protection (SCEP) definition updates. Huge thanks to my colleague Jeramy Skidmore, Sr. Escalation Engineer, for helping me with this blog. If your company… Read more

Determining the Dominant User and Setting the ManagedBy Computer Attribute

Hi again, this is Stephen Mathews and I’m here to talk about how to determine the dominant or primary user of a Windows operating system. This insight can help administrators facilitate direct communication with the affected user when a system needs management, and can even help non-enterprise users, such as a parent questioning which child… Read more

Who broke my user GPOs?

Hi folks. From Orlando, Florida, Sean Greenbaum here with some news about a recent set of security patches released on June 14, 2016. If you’re reading this, chances are you are having group policy issues, or you heard this patch will cause you to have issues and you want to get ahead of it. So,… Read more

AppLocker – Another Layer in the Defense in Depth Against Malware

Hello, Paul Bergson here with a discussion on Security in particular utilizing Microsoft’s AppLocker to help prevent the infection of Malware. Ransomware has been getting a lot of attention. There have been several high profile attacks in the press over the past few months and Understanding the Risk is important. If people don’t understand the… Read more

Comparing Windows Server 2016 Nano TP5 Provisioning Time to GUI/Core Installation Options

Foreword Hello again from Prague! Here is Jaromir and, in this post, I’ll show you how you can play with ws2016lab to measure I/O consumption of each server installation option. I decided to compare the Nano Server IO footprint to other, traditional GUI/Core installations. Why? I just wanted to demonstrate that having unnecessary components is… Read more