Tip of the Day: The Always ON VPN Deployment Guide is Now Live

Today’s Tip… The Always On VPN Deployment Guide is now live on the web, in the new Virtual Private Networking (VPN) section of the Windows Server 2016 Technical Library: Remote Access Always On VPN Deployment Guide for Windows Server 2016 and Windows 10


Tip of the Day: Modernizing Windows deployment with Windows AutoPilot

Today’s Tip… Here’s a great seven minute video providing a technical overview of Windows AutoPilot: a new cloud service that provides you with a zero-touch experience for deploying new Windows 10 devices. References: “Windows AutoPilot deployment” – https://technet.microsoft.com/en-us/windows/mt803299 “Modernizing Windows deployment with Windows AutoPilot” – https://blogs.technet.microsoft.com/windowsitpro/2017/06/29/modernizing-windows-deployment-with-windows-autopilot/


Tip of the Day: Security Compliance Manager (SCM) Tool Retired

Today’s tip… The Security Compliance Manager tool retirement has been announced on the Microsoft Security Guidance Blog. A new tool, Security Compliance Toolkit, enables enterprise security administrators to effectively manage their enterprise’s Group Policy Objects (GPOs).  Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store…


Tip of the Day: Using PowerShell to Obtain Update Information

Today’s tip… Here’s a quick way to obtain update information. To search for all updates: $Session = New-Object -ComObject Microsoft.Update.Session $Searcher = $Session.CreateUpdateSearcher() $Searcher.Search(“IsInstalled=1”).Updates | ft -a title Example Output: To search for a specific update: $Searcher.Search(“IsInstalled=1”).Updates | Where {$_.Title -like “*KB4016509*”} | ft title Example Output:


Tip of the Day: Semi-Annual Channel and more!

Today’s tip… These articles cover the Semi-annual Channel in Windows and Office, LTSC (previously called LTSB), servicing, and Windows Insider Preview information. Reference: Delivering continuous innovation with Windows Server – https://blogs.technet.microsoft.com/hybridcloud/2017/06/15/delivering-continuous-innovation-with-windows-server/ Windows Server Semi-annual Channel Overview – https://docs.microsoft.com/en-us/windows-server/get-started/semi-annual-channel-overview Overview of the upcoming changes to Office 365 ProPlus update management – https://support.office.com/en-us/article/Overview-of-the-upcoming-changes-to-Office-365-ProPlus-update-management-78B33779-9356-4CDF-9D2C-08350EF05CCA?ui=en-US&rs=en-US&ad=US


(RDS) Tip of the Day: Protect your RDS Deployment! Configure disaster recovery for Remote Desktop Services

Today’s tip… When you deploy Remote Desktop Services into your environment, it becomes a critical part of your infrastructure, particularly the apps and resources that you share with users. If the RDS deployment goes down due to anything from a network failure to a natural disaster, users can’t access those apps and resources, and your…


(RDS) Tip of the Day: Azure Post Exploitation Techniques

Today’s tip… The Cloud and Enterprise Red Team introduced how to apply traditional network attack techniques to the cloud along with mindset trends seen in Azure to address them. The presentation was given at the Infiltrate 2017 conference and is now available online. Presentation Cloud Post Exploitation Technique References: Azure Post Exploitation Techniques – https://azure.microsoft.com/en-us/blog/azure-post-exploitation-techniques/…


(RDS) Tip of the Day: Which graphics virtualization technology is right for you?

Today’s tip… You have a range of options when it comes to enabling graphics rendering in Remote Desktop Services. In Windows Server 2016, you have two graphics virtualization technologies available with Hyper-V that let you leverage the GPU hardware: Discrete Device Assignment (DDA) – For the highest performance using one or more GPUs dedicated to…


Tip of the Day: Using DNSSEC with DNS Zone Scopes

Today’s tip… QUESTION Does anyone know whether the DNS ZoneScopes used by DNS Policy can be signed and DNSSEC enabled? Looking at the DNSSEC related DnsServer PowerShell cmdlets it appears that they do not support the -ZoneScope parameter. As this is the only way to manipulate ZoneScope settings it seems to indicate that signing scopes…