How-To

How to: Disable the Windows Store

 

One of the features of Windows 10, is the Windows Store.  The Windows Store is a digital distribution platform for Microsoft Windows. It started as an app store for Windows 8 and Windows Server 2012 as the primary means of distributing Universal Windows Platform apps.

Ref: https://en.wikipedia.org/wiki/Microsoft_Store_(digital)

As system configurators and administrators, this may be problematic as it introduces new configuration that was not expected or supported by the IT Staff.  To mitigate this the following steps can be used to disable the Windows Store.

This can be disabled via local group policy or via active directory domain services group policy.

Type gpedit in the search bar to find and start Group Policy Editor.

In the console tree of the snap-in, click Computer Configuration, click Administrative Templates, click Windows Components, and then click Store.

In the Setting pane, click Turn off Store application and then click Edit policy setting.

On the Turn off Store application setting page, click Enabled, and then click OK.

 

Considerations:

These policies are applicable to users of the Enterprise and Education editions only. ref: https://support.microsoft.com/en-us/help/3135657/can-t-disable-windows-store-in-windows-10-pro-through-group-policy

 

Configure preferred geo data location in Office 365

 

GDPR had me thinking about Multi-Geo in Office 365

By default, Office 365 resources for your users are located in the same geo as your Azure AD tenant. So, if your tenant is located in North America, then the users’ Exchange mailboxes, OneDrive is also located in North America. For a multinational organization, this might not be optimal for various reasons.

Reasons such as

  • Performance and
  • Data residency requirements for data-at-rest

Multi-Geo enables a single Office 365 tenant to span across multiple Office 365 data-center geographies (geos) and gives customers the ability to store their Exchange and OneDrive data, at-rest, on a per-user basis, in their chosen geos

By setting the attribute preferredDataLocation, you can define a user’s geo

A list of all geos for Office 365 can be found here or long URL format: https://products.office.com/en-us/where-is-your-data-located?geo=All

These values can be set in your Office 365 tenant via PowerShell or Azure AD Connect.

In PowerShell – 

# Connect to Office 365 – by Jermal Smith (@jermsmit)
Set-ExecutionPolicy RemoteSigned
# Get-Credential – You will be asked for username / password
$credential = Get-Credential
# Import-Module MsOnline
Import-Module MsOnline
# If this step fails in error – Install-Module MsOnline
# Connect to MsolService using supplied credentials
Connect-MsolService -Credential $credential

Then use the command: Set-MsolCompanyAllowedDataLocation followed by service type and location.

Ref: https://docs.microsoft.com/en-us/powershell/module/msonline/set-msolcompanyalloweddatalocation?view=azureadps-1.0

After you have assigned Data Locations you can then set users to the location by issue the following example command:

Set-MsolUser -UserPrincipalName jsmith@jermsmit.com -PreferredDataLocation EUR

Then confirming with:

Get-MsolUser -UserPrincipalName jsmith@jermsmit.com | Select PreferredDataLocation

The above works well for new users, but for existing user’s you will need to trigger a migration with the following command:

Start-SPOUserAndContentMove -UserPrincipalName jsmith@jermsmit.com -DestinationDataLocation EUR

Ref: https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/start-spouserandcontentmove?view=sharepoint-ps

Lastly… “To be eligible for Multi-Geo, you must have at least 5,000 seats in your Office 365 subscription” As this is just getting released I am confident more information will be known soon.

 

 

VMware Guest Customization Specification, Configure Domain Joining

I recently worked to correct an outstanding support issue of VMware Guest Customization Specification not joining guests to Active Directory Domains. I thought I’d share my setup so it might help others facing similar issues.

Log into the vSphere console, navigate to the Home page section

From the Home page click the Customization Specification Manager

Once in the Customization Specification Manager Click on “+” symbol to create VMware Guest Customization Specification.

Select the operating system either Windows or Linux from the drop-down on target VM operating system and Specify the name for the Customization Specification. Enter the description of the customization specification. Click on Next.

Provide your registration information and click Next.

I use the computer name of guest OS as same as the virtual machine name. It simplifies the identification of the virtual machine in the vCenter inventory. Select “Use the virtual machine name” to use the computer name as same as virtual machine name and click Next.

Enter the windows licensing information for this copy of the guest operating system; if you are using a KMS server for activation you don’t have to type a key here.

Specify the administrator password and auto-login option for the administrator account of Windows operating system. Click Next.

Select your time zone and continue.

If you need to run some commands on the first log on, put them here and when your done click Next.

On the Configure Network, you can specify the network settings for the guest operating system. Either you can use DHCP or specify the custom network settings.

To specify the custom network settings, Click on Edit “Pencil Icon”… In this section is where I specify the DNS suffix to add to the Windows operating system. Click on OK.

This allows me to communicate to a specific Active Directory Domain Service (ADDS), and include the domain suffix. Once Network settings are specified in customization specification. Click on Next.

Under Set Workgroup or Domain, choose “Windows Server Domain”, specify FQDN and specify the user account and credentials information that has permission to add a computer to the domain.
The user account is in the format of user@domain.tld
Click on Next.

Select the checkbox “Generate New Security ID (SID)” to generate a new security identity for the windows virtual machine. This option is important to generate the new SID from the source machine. Click Next.

Finally, review all the settings specified in VMware customization specification and click on Finish

Now you can Deploy Templates Using VMware Guest Customization Specification, and join the guest to your Active Directory Domain without issue.

How to delay the Windows 10 Spring Creators Update

As we edge ever nearer to the release of the Windows 10 Spring Creators Update, we must pause and think about what could possibly break in the process.  That said, it’s a good practice to allow yourself time to test these things before deploying out to your company.

Here are steps you can take locally – or via Active Directory Domain Services (ADDS) – Group Policy to defer the updates until a later time.

Requirement:  A version of Windows supporting the ability to defer feature updates

  • Windows 10 Pro
  • Windows 10 Enterprise 
  • Windows 10 Education

 

Steps:

  1. Open the Group Policy Editor (Local Windows) or Group Policy Management (for ADDS)
  2. Navigate to the following folder: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates
  3. Double-click on “Select when Feature Updates are received” to open the policy setting. First thing you need to do is set the policy to enabled. This activates the options that are provided.
  4. Click on Enable
  5. Select the branch readiness level for the feature updates you want to receive – Current Branch
  6. Choose the number of days to defer receiving the updates.  – 90 days works for me

Ref: https://docs.microsoft.com/en-us/windows/deployment/update/waas-configure-wufb

 

Download a copy of your Facebook data

Recently we have all have been reading about Facebook’s breach of trust. Even Mark Zuckerberg, admitted that Facebook has made mistakes.

The issue: Cambridge Analytica, a U.K.-based political data-analytics firm hired by the 2016 Trump campaign, got its hands on data for 50 million Facebook users — without the users’ knowledge or consent. At this point, it’s unclear whether the uproar over Cambridge Analytica will lead to new legislation or government regulations but in my circles, I have noticed a significant exodus of companies and users.

Before you make the jump to delete your account.  Download a copy of your Facebook data.

The following steps should help:

  • Go to Facebook.com > Settings > General Account Settings
  • Click “Download a copy of your Facebook data.”
  • Click “Download Archive.”
  • It takes a short period of time for Facebook to generate an archive of your data.
    You will be alerted when the archive is ready.
  • Once notified of its completion, click “Download Archive”, and a zip file will download to your computer.
  • Browse through that archive by opening each file inside the folder.

In the archive, you’ll find your entire history on facebook including messages. In doing so, it’s clear how much Facebook knows about you.

 

Examples of what you will find

  • The index also contains information about every Event invite you got, every Poke and Message you’ve sent or received (even if you are not Facebook friends with the person, or if they are no longer on Facebook), any Facebook applications you installed (even if you don’t use them anymore), and any Facebook “Places” (locations) you may have created.
  • Profile section, you will find some basic information about your profile including any profile names you have had in the past, all your contact info, any pages and interests you liked, groups you joined, and any Facebook pages you are a page administrator for.
  • The Contact Info section contains all the contacts on your mobile phone.
  • The Timeline section contains all your status updates and posts from friends on your timeline. The Photos and Videos sections contain photos and videos you posted; the former also contains code about your Facial Recognition info.
  • The Friends section contains a list of all your Facebook friends along with the date you become friends. It also contains a list of friends you unfriended and when, friend requests you declined, a list of friend requests you sent that are pending being accepted, a list of people who “Follow” you by clicking the follow button on your profile, and anyone you are following.
  • There’s also a Security section tracking IP addresses, devices and browsers you logged in from with dates and timestamps.
  • The Ads section contains a list of Ad Topics you are being targeted for based on interests gleaned from Facebook pages you liked. There’s also a list of the recent ads you clicked on and any advertisers that have your contact information. You can find (and remove) additional ads and ad topics you are being targeted for by visiting: https://www.facebook.com/ads/preferences/.