Technical

How to: Disable the Windows Store

 

One of the features of Windows 10, is the Windows Store.  The Windows Store is a digital distribution platform for Microsoft Windows. It started as an app store for Windows 8 and Windows Server 2012 as the primary means of distributing Universal Windows Platform apps.

Ref: https://en.wikipedia.org/wiki/Microsoft_Store_(digital)

As system configurators and administrators, this may be problematic as it introduces new configuration that was not expected or supported by the IT Staff.  To mitigate this the following steps can be used to disable the Windows Store.

This can be disabled via local group policy or via active directory domain services group policy.

Type gpedit in the search bar to find and start Group Policy Editor.

In the console tree of the snap-in, click Computer Configuration, click Administrative Templates, click Windows Components, and then click Store.

In the Setting pane, click Turn off Store application and then click Edit policy setting.

On the Turn off Store application setting page, click Enabled, and then click OK.

 

Considerations:

These policies are applicable to users of the Enterprise and Education editions only. ref: https://support.microsoft.com/en-us/help/3135657/can-t-disable-windows-store-in-windows-10-pro-through-group-policy

 

Configure preferred geo data location in Office 365

 

GDPR had me thinking about Multi-Geo in Office 365

By default, Office 365 resources for your users are located in the same geo as your Azure AD tenant. So, if your tenant is located in North America, then the users’ Exchange mailboxes, OneDrive is also located in North America. For a multinational organization, this might not be optimal for various reasons.

Reasons such as

  • Performance and
  • Data residency requirements for data-at-rest

Multi-Geo enables a single Office 365 tenant to span across multiple Office 365 data-center geographies (geos) and gives customers the ability to store their Exchange and OneDrive data, at-rest, on a per-user basis, in their chosen geos

By setting the attribute preferredDataLocation, you can define a user’s geo

A list of all geos for Office 365 can be found here or long URL format: https://products.office.com/en-us/where-is-your-data-located?geo=All

These values can be set in your Office 365 tenant via PowerShell or Azure AD Connect.

In PowerShell – 

# Connect to Office 365 – by Jermal Smith (@jermsmit)
Set-ExecutionPolicy RemoteSigned
# Get-Credential – You will be asked for username / password
$credential = Get-Credential
# Import-Module MsOnline
Import-Module MsOnline
# If this step fails in error – Install-Module MsOnline
# Connect to MsolService using supplied credentials
Connect-MsolService -Credential $credential

Then use the command: Set-MsolCompanyAllowedDataLocation followed by service type and location.

Ref: https://docs.microsoft.com/en-us/powershell/module/msonline/set-msolcompanyalloweddatalocation?view=azureadps-1.0

After you have assigned Data Locations you can then set users to the location by issue the following example command:

Set-MsolUser -UserPrincipalName jsmith@jermsmit.com -PreferredDataLocation EUR

Then confirming with:

Get-MsolUser -UserPrincipalName jsmith@jermsmit.com | Select PreferredDataLocation

The above works well for new users, but for existing user’s you will need to trigger a migration with the following command:

Start-SPOUserAndContentMove -UserPrincipalName jsmith@jermsmit.com -DestinationDataLocation EUR

Ref: https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/start-spouserandcontentmove?view=sharepoint-ps

Lastly… “To be eligible for Multi-Geo, you must have at least 5,000 seats in your Office 365 subscription” As this is just getting released I am confident more information will be known soon.

 

 

VMware Guest Customization Specification, Configure Domain Joining

I recently worked to correct an outstanding support issue of VMware Guest Customization Specification not joining guests to Active Directory Domains. I thought I’d share my setup so it might help others facing similar issues.

Log into the vSphere console, navigate to the Home page section

From the Home page click the Customization Specification Manager

Once in the Customization Specification Manager Click on “+” symbol to create VMware Guest Customization Specification.

Select the operating system either Windows or Linux from the drop-down on target VM operating system and Specify the name for the Customization Specification. Enter the description of the customization specification. Click on Next.

Provide your registration information and click Next.

I use the computer name of guest OS as same as the virtual machine name. It simplifies the identification of the virtual machine in the vCenter inventory. Select “Use the virtual machine name” to use the computer name as same as virtual machine name and click Next.

Enter the windows licensing information for this copy of the guest operating system; if you are using a KMS server for activation you don’t have to type a key here.

Specify the administrator password and auto-login option for the administrator account of Windows operating system. Click Next.

Select your time zone and continue.

If you need to run some commands on the first log on, put them here and when your done click Next.

On the Configure Network, you can specify the network settings for the guest operating system. Either you can use DHCP or specify the custom network settings.

To specify the custom network settings, Click on Edit “Pencil Icon”… In this section is where I specify the DNS suffix to add to the Windows operating system. Click on OK.

This allows me to communicate to a specific Active Directory Domain Service (ADDS), and include the domain suffix. Once Network settings are specified in customization specification. Click on Next.

Under Set Workgroup or Domain, choose “Windows Server Domain”, specify FQDN and specify the user account and credentials information that has permission to add a computer to the domain.
The user account is in the format of user@domain.tld
Click on Next.

Select the checkbox “Generate New Security ID (SID)” to generate a new security identity for the windows virtual machine. This option is important to generate the new SID from the source machine. Click Next.

Finally, review all the settings specified in VMware customization specification and click on Finish

Now you can Deploy Templates Using VMware Guest Customization Specification, and join the guest to your Active Directory Domain without issue.

How to delay the Windows 10 Spring Creators Update

As we edge ever nearer to the release of the Windows 10 Spring Creators Update, we must pause and think about what could possibly break in the process.  That said, it’s a good practice to allow yourself time to test these things before deploying out to your company.

Here are steps you can take locally – or via Active Directory Domain Services (ADDS) – Group Policy to defer the updates until a later time.

Requirement:  A version of Windows supporting the ability to defer feature updates

  • Windows 10 Pro
  • Windows 10 Enterprise 
  • Windows 10 Education

 

Steps:

  1. Open the Group Policy Editor (Local Windows) or Group Policy Management (for ADDS)
  2. Navigate to the following folder: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates
  3. Double-click on “Select when Feature Updates are received” to open the policy setting. First thing you need to do is set the policy to enabled. This activates the options that are provided.
  4. Click on Enable
  5. Select the branch readiness level for the feature updates you want to receive – Current Branch
  6. Choose the number of days to defer receiving the updates.  – 90 days works for me

Ref: https://docs.microsoft.com/en-us/windows/deployment/update/waas-configure-wufb

 

VMware, Windows 10 Customization Specification Not Completing

Here are details of my setup – in fact, I started over from scratch to document my steps.
This seems to be a new problem occurring with Windows 10, version 1709

 

Install of new VMware guest for the purpose of being a template

  1. Create new VM, named it windows_10_enterprise_version_1703
  2. Remove floppy drive
  3. Uncheck networking (for install)
  4. Mount ISO and enable, click OK to save settings

Install of OS on the guest virtual machine

  1. Boot newly created VM (windows_10_enterprise_version_1703)
  2. Step through the installation until completion
  3. Complete language settings to arrive at Windows desktop
  4. Enable the ‘Administrator’ account as its disabled by default
  5. Log out of installation user (the account I named ‘install’)
  6. Log into the ‘Administrator’ account
  7. Enter control panel, user and delete the ‘install’ user account.
  8. Install VMWare tools, Reboot once
  9. Shutdown

 

Prepare VM to be a template

  1. Edit the VM settings
  2. Connect networking
  3. Disconnect CD Drive
  4. Click OK
  5. Convert VM to a Template

 

Customization Specification Setup

  1. Create new specification, (I named mine Windows Desktop – DHCP)
  2. Applied registration information
  3. Computer Name – Use the virtual machine name
  4. Windows License – Left this blank (unchecked include server licensing information)
  5. Administrator Password – Set password, choose the option to automatically login as Administrator
  6. Time Zone – Set my desired time zone
  7. Run Once – Left this blank (blank for now, later intend on applying KMS details)
  8. Network – Use standard network setting (DHCP)
  9. Workgroup or Domain – For now just Workgroup and left workgroup name as ‘WORKGROUP’
  10. Operating System Options – Generate New Security ID (SID)
  11. Ready to complete – Clicked OK

Deploying template

  1. Right-click on the template – New VM from the template
  2. Gave a simple name – TEST01
  3. Selected Datacenter, Selected Cluster
  4. Selected Storage
  5. Selected Options (Customize VM) and (Power on the virtual machine after creation)
  6. Selected ‘Windows Desktop – DHCP’ from customized guest OS options
  7. Clicked Next, then Finish and wait …

 

Where things get stuck

  1. After the first boot, the guest gets an IP address from the network
  2. Customization starts in the background and system reboots
  3. When the system resumes I arrive at the following screen
  4. The system customization never completes, and I find my VM’s stuck at the “Let’s start with region …” screen

And, I’ll update this as soon as I find a solution, but for now…  I’m stuck

Log Shared via Pastebin:  https://pastebin.com/ETpuLX3U

 

Update: March 18, 2018

I’ve had others also test this using the latest ISO for Windows 10 – en_windows_10_enterprise_version_1703_updated_march_2017_x86_dvd, they too now encounter this same issue.  So the problem seems to be with the build of Windows 10 that was released.

I am going to download another build from MSDN and see if there is a change.

 

Update: March 19, 2018

I was able to get this working by way of reinstalling Windows 10 using the following ISO build: en_windows_10_multi-edition_vl_version_1709_updated_sept_2017_x64_dvd

Was even able to apply Windows updates and redeploy without error.