How to: Disable the Windows Store

 

One of the features of Windows 10, is the Windows Store.  The Windows Store is a digital distribution platform for Microsoft Windows. It started as an app store for Windows 8 and Windows Server 2012 as the primary means of distributing Universal Windows Platform apps.

Ref: https://en.wikipedia.org/wiki/Microsoft_Store_(digital)

As system configurators and administrators, this may be problematic as it introduces new configuration that was not expected or supported by the IT Staff.  To mitigate this the following steps can be used to disable the Windows Store.

This can be disabled via local group policy or via active directory domain services group policy.

Type gpedit in the search bar to find and start Group Policy Editor.

In the console tree of the snap-in, click Computer Configuration, click Administrative Templates, click Windows Components, and then click Store.

In the Setting pane, click Turn off Store application and then click Edit policy setting.

On the Turn off Store application setting page, click Enabled, and then click OK.

 

Considerations:

These policies are applicable to users of the Enterprise and Education editions only. ref: https://support.microsoft.com/en-us/help/3135657/can-t-disable-windows-store-in-windows-10-pro-through-group-policy

 

Blocking Internet Advertisements, and more with Pi-hole

The challenge is to mitigate exposure to the advertisements spammed all over the internet with the same approach as fighting against virus and malware threats.

I recently upgrade my Pi-hole® to take on not only the task of blocking Internet advertisements, but malware, and adult sites.

Here is my list on pastebin: https://pastebin.com/eV3cUnjy

Installing Pi-hole

Pi-hole makes it as easy as possible to download and get running with a one-line script that starts up a menu-based installer. Simply enter: curl -sSL https://install.pi-hole.net | bash

More on setup here

Whitelisting

There was a fair amount of whitelisting that needed to be applied to allow some social media sites to work as desired. You will want to monitor what’s blocked to determine what you are willing to allow.

Mobile Protection

I started using the Pi-hole® to protect my mobile device from these threats by leveraging the same blocking I am using on my home network.  This not only cuts back on the data use but also add layers of privacy and security protection to my device while on untrusted networks.

 

A simple solution to use is OpenVPN. Fore more info on setup please visit: https://openvpn.net/

DNSSEC

But what about my ISP who can see my upstream DNS requests.  Well for that, we could trust them, or trust in a 3rd party who uses DNSSEC technology to protect your privacy. Use Google, Norton, DNS.WATCH or Quad9 DNS servers.

And with that you get some decent statistics about your network.

 

 

 

 

 

 

 

 

 

 

Configure preferred geo data location in Office 365

 

GDPR had me thinking about Multi-Geo in Office 365

By default, Office 365 resources for your users are located in the same geo as your Azure AD tenant. So, if your tenant is located in North America, then the users’ Exchange mailboxes, OneDrive is also located in North America. For a multinational organization, this might not be optimal for various reasons.

Reasons such as

  • Performance and
  • Data residency requirements for data-at-rest

Multi-Geo enables a single Office 365 tenant to span across multiple Office 365 data-center geographies (geos) and gives customers the ability to store their Exchange and OneDrive data, at-rest, on a per-user basis, in their chosen geos

By setting the attribute preferredDataLocation, you can define a user’s geo

A list of all geos for Office 365 can be found here or long URL format: https://products.office.com/en-us/where-is-your-data-located?geo=All

These values can be set in your Office 365 tenant via PowerShell or Azure AD Connect.

In PowerShell – 

# Connect to Office 365 – by Jermal Smith (@jermsmit)
Set-ExecutionPolicy RemoteSigned
# Get-Credential – You will be asked for username / password
$credential = Get-Credential
# Import-Module MsOnline
Import-Module MsOnline
# If this step fails in error – Install-Module MsOnline
# Connect to MsolService using supplied credentials
Connect-MsolService -Credential $credential

Then use the command: Set-MsolCompanyAllowedDataLocation followed by service type and location.

Ref: https://docs.microsoft.com/en-us/powershell/module/msonline/set-msolcompanyalloweddatalocation?view=azureadps-1.0

After you have assigned Data Locations you can then set users to the location by issue the following example command:

Set-MsolUser -UserPrincipalName jsmith@jermsmit.com -PreferredDataLocation EUR

Then confirming with:

Get-MsolUser -UserPrincipalName jsmith@jermsmit.com | Select PreferredDataLocation

The above works well for new users, but for existing user’s you will need to trigger a migration with the following command:

Start-SPOUserAndContentMove -UserPrincipalName jsmith@jermsmit.com -DestinationDataLocation EUR

Ref: https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/start-spouserandcontentmove?view=sharepoint-ps

Lastly… “To be eligible for Multi-Geo, you must have at least 5,000 seats in your Office 365 subscription” As this is just getting released I am confident more information will be known soon.

 

 

MethylPREDNIsolone DOSEPAK 21S

Methylprednisolone is a steroid that prevents the release of substances in the body that cause inflammation. Methylprednisolone is used to treat many different conditions such as allergic disorders, skin conditions, ulcerative colitis, arthritis, lupus, psoriasis, or breathing disorders.

Friday, March 30, 2018

Today I start my DOSEOAK, sometimes referred to as Medrol (Pak) which was prescribed to me by my doctor to help address possible issues with inflammation in the area of my neck which may be triggering nerve sensations ending in pain starting in my shoulder, down the backside of my arm into my wrist and finally causing numbness in my fingers.

I am logging my treatment here as a reminder to myself and sharing the outcome with you.

  • 7 AM – First 2 pills of the Medrol (Pak)
  • 1 PM – pill number 3 after my lunch

Saturday, March 31, 2018

  • 9:00 AM – First pill of the day. Off to Orthopedic around noon.  I’ll be receiving x-ray of my shoulder and neck.
  • 12:00 PM – Completed neck and shoulder x-rays now waiting for the doctor.
  • 1:00 PM – I am now going to be scheduled for an MRI, also my medication dosage was increased by the Orthopedic because he felt that 4 MG was too low of a dosage considering the evident nerve pain in my fingertips.

Sunday, April 1, 2018

I started my new round of Prednisone Oral 20 MG Tablets

The plan:

  • Take 3 tablets by mouth daily for 2 days
  • Then take 2 tablets daily for 2 days
  • and then take 1 tablet daily for 2 days

Monday, April 2, 2018

Day 2 of my new plan, first dose at 7:00 AM – No side effects although, I do have soreness in my hips which is new…

Few hours after my second dose of the 20 MG Tablets – I felt cold sensations down my left arm (arm that was previously in pain).  Hand also felt cold

Tuesday, April 3, 2018

Today is day way of 2 tablets daily —  Took my dose in the morning 7:00 AM and went to work.

Around 12:00 PM I noticed the cold feeling running up down my arm again and into my hand and fingers.  Typing is difficult as is it feels like I’m poking my fingers with pins…  Reading online about symptoms has me paranoid …  Now reading about: Thoracic outlet syndrome – https://www.mayoclinic.org/diseases-conditions/thoracic-outlet-syndrome/symptoms-causes/syc-20353988

7:30 PM Took my second dose for the day.

In bed by 10 PM, numb feeling in fingers during the night while sleeping

 

Wednesday, April 4, 2018

Day 2 of my 2 tablets — Took my dose in the morning 7:00 AM

Around Noon, my arm felt cold again

 

VMware Guest Customization Specification, Configure Domain Joining

I recently worked to correct an outstanding support issue of VMware Guest Customization Specification not joining guests to Active Directory Domains. I thought I’d share my setup so it might help others facing similar issues.

Log into the vSphere console, navigate to the Home page section

From the Home page click the Customization Specification Manager

Once in the Customization Specification Manager Click on “+” symbol to create VMware Guest Customization Specification.

Select the operating system either Windows or Linux from the drop-down on target VM operating system and Specify the name for the Customization Specification. Enter the description of the customization specification. Click on Next.

Provide your registration information and click Next.

I use the computer name of guest OS as same as the virtual machine name. It simplifies the identification of the virtual machine in the vCenter inventory. Select “Use the virtual machine name” to use the computer name as same as virtual machine name and click Next.

Enter the windows licensing information for this copy of the guest operating system; if you are using a KMS server for activation you don’t have to type a key here.

Specify the administrator password and auto-login option for the administrator account of Windows operating system. Click Next.

Select your time zone and continue.

If you need to run some commands on the first log on, put them here and when your done click Next.

On the Configure Network, you can specify the network settings for the guest operating system. Either you can use DHCP or specify the custom network settings.

To specify the custom network settings, Click on Edit “Pencil Icon”… In this section is where I specify the DNS suffix to add to the Windows operating system. Click on OK.

This allows me to communicate to a specific Active Directory Domain Service (ADDS), and include the domain suffix. Once Network settings are specified in customization specification. Click on Next.

Under Set Workgroup or Domain, choose “Windows Server Domain”, specify FQDN and specify the user account and credentials information that has permission to add a computer to the domain.
The user account is in the format of user@domain.tld
Click on Next.

Select the checkbox “Generate New Security ID (SID)” to generate a new security identity for the windows virtual machine. This option is important to generate the new SID from the source machine. Click Next.

Finally, review all the settings specified in VMware customization specification and click on Finish

Now you can Deploy Templates Using VMware Guest Customization Specification, and join the guest to your Active Directory Domain without issue.