Bennett Adelson Technical Blog

Posts from the consultants at Bennett Adelson

First Looks for Windows 10 Preview

Windows 10 Live Tiles

Here are some first looks at the Windows 10 Preview installation experience and initial use of the system. This is the very first release and I expect changes to happen quickly as feedback happens but will try to keep the blog updated as things go. I think the first this you will notice after installing and logging in is the change in how you get to you applications and make system changes. The Start Menu is back and the swipe for switching apps is changed.

Installation

The following are screens of the installation process. Nothing amazing and it really just reminds me of Windows 8. I wouldn’t expect much yet as the focus is on core functionality of the OS, not the installation experience. There are a few things to note:

  1. Review the legal notice. They have done some work to make it easier to understand and have also effectively use bold fonts to highlight things that are of importance to you.
  2. The importing of settings. These are from Windows 8.1, but sure make setting up your system easy. I ran this on my Surface Pro and was amazed that in the upgrade I did not have to reinstall anything. All my windows apps were there as well as my Modern apps. all of my data was there as well.

Windows 10 install  clip_image002

 clip_image003  clip_image004

 clip_image005   clip_image006

 clip_image007 

Initial Configuration

Here, for the sake of being able to get into the system quickly, I chose to use express settings. I will choose the other route and blog on it later.

clip_image008

You will need internet access (just like in Windows 8 if you want to link to your Microsoft account. Otherwise you will get a message saying to create a local account.

clip_image009   clip_image010

If you have Windows Phone 8.1, you might be familiar with this next screen. Microsoft has an application for your phone called Authenticator that is similar to an RSA token for your Live ID. I love this two factor method for ensuring my live ID doesn’t get associated to rogue machine and have all my data sync to it.

clip_image011

wp_ss_20141001_0001 wp_ss_20141001_0002

If it connects, it will let you import settings from other systems you might have. In this case, here is my Win8.1 Surface Pro

clip_image012

Just like Windows 8.1, you get the first run experience for Microsoft Apps

clip_image013   clip_image015clip_image016

And after login (yes, my wallpaper is a black screen on my computers)

 clip_image017

The desktop

Once in, there are two things you will find quickly. One, is that we have the Start Menu back. I have mixed feelings about this as I am really used to the Start Screen and grouping my apps. Drilling in to find my apps from an alphabetized list is not optimal for me, however, it isn’t that I browse for applications like that very often. On my Surface, I found this type of menu difficult to use with only touch.

The other is the feedback function as you click on new features. Personally, I think this should not appear the first time I click on something as I am exploring new features and the prompting is on something I don’t have context to provide opinion on yet necessarily. However, you can add feedback easily enough later as you use the system through the Feedback application.

Windows 10 Start menu   clip_image019

You can see folders still just like windows 7, and your modern apps are in the root and you can interact with them just like you could in the start screen by right clicking on them. Here I right clicked ion Yammer and told it to install.

clip_image020

You can still pin applications to the start, resize them, and leverage live tiles. It is like the best of both worlds from Windows 7 and Windows 8.

Windows 10 Live Tiles

Modern Apps in a Windows world

We can now use Modern Apps (Metro Apps) like we use regular Windows applications. They wove around in Windows and dock seamlessly, however some application UIs are not meant for windows and you will find moving around with scrollbars challenging/annoying. There is a new item in the title bar for interacting with the application for displaying and interacting with it. I found the options in the drop down to be difficult to click on using touch on my Surface and I expect this to change. Docking them is simpler and swapping between them using swipe from the left has changed from full application swapping to the familiar application task switch similar to Windows 7.

Yammer

Conclusion

On the surface, you might question why this is a whole new version. The control panel, file system, and desktop all work the same.There are some interface changes, notably the Start Menu and application interaction but if your using Win8/Win8.1 already you would be challenged to see a major difference outside of that. I definitely have the feeling they are trying to reach the users of Windows 7 that just don’t want to go to the new interface for Windows 8. This is a nice halfway point and I can see it being accepted.

It is what you can’t see that is the most exciting. Management of the system will leverage MDM frameworks, possibly making it easier to manage and discern corporate data and settings from personal. I think this was evident in to me when I upgraded my Surface and all of my data, applications, and configurations stayed. There wasn’t a single thing I had to do to make my Surface usable. Kick off the process, come back 20 minutes later and pickup where I started with a new UI. Awesome! HomeGroups will be leveraged more as will the connection to cloud services, OneDrive being most prevalent at first. Exciting times and I look forward to getting to dig in under the hood now.

I will explore more and keep you posted on any other changes I find.

Jason Condo
Principle Consultant

Microsoft to start blocking out of date ActiveX controls in Internet Explorer

As we all know some of the most obvious paths into the system through the browser is through out of date ActiveX controls like old versions of Java and Flash, among others. While many enterprises may still have a need to run old versions of Java for their line of business app that they just can’t get upgraded, this leaves their user and systems vulnerable to malware written to take advantage of those old, unpatched versions. I had a customer not too long ago that had to have the older version of Java 1.6 for a time keeping system. Every time I would go in and review their SCEP logs I would see JAVA vulnerabilities at the top of the list and many systems infected to a point that they had to reimage them.

Microsoft has recognized this and is implementing a patch to Internet Explorer 8 and newer that will implement functionality to identify a list of known ActiveX controls (from a hosted definition file at Microsoft) and if not in the Local Intranet or Trusted sites zone, will display a pop-up bar notifying the user the ActiveX control has been blocked and that they should upgrade it to the latest. IT Pros will be able to manage this experience, as well as make sure their line-of-business applications are in the correct zones. To aid in this, there are new ADM templates available so that GPOs can be created to assist in configuring this.

While Microsoft was looking to implement the blocking functionality this week, we have some reprieve from the feedback heard from the community and provided an update yesterday that they will initially just be warning on old ActiveX controls for 30 days before the blocking goes into effect. This give IT Pros like you about 30 days to address this. While you can read more here (http://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-ActiveX-controls.aspx), I see a few options available to you:

Upgrade or replace your application to work with the latest ActiveX control

I am pretty sure this will not be the immediate option since this most likely requires a budget, time, and resources to implement before the deadline and I have seen approvals for projects take longer than that. This is the best option though since it only takes one system to get infected from a vulnerability to bring an enterprise down.

Look to moving your applications into the proper security zones in IE

I have worked many customers who did not know how to manage security zones in IE (or even why it was important) and open their Internet zone up to enable their line-of-business apps/websites to run. I feel this is worse than any outdated ActiveX issue since every bit of code on the web gets the same open access the LOB app did. I recommend that if you aren’t familiar with zones, make an effort to do so and use them. Then look to moving your outdated application to a zone that allows it to run.

Temporarily block the IE update

If you manage your IE settings already and manage updates to your systems, you may have the ability to prevent the update from installing. While this is definitely a short term workaround, it would at least prevent the blocking aspect of the patch from taking effect until you have had time to implement a zones workaround or application upgrade. This is technically feasible but I have not tried it to verify.

Use a different browser

While I see this happening more and more because of other compatibility issues with IE, this is an option if you are dead set on keeping that old application and cannot move it to an appropriate security zone or manage it. This still may not be an option because many of those older apps were written to work with older versions of IE as well.

Whatever you choose, I wish you well in keeping your line-of-business apps working and hopefully this is a step from Microsoft towards a safer surfing experience for your users.

Upcoming Event: “A Tour of Power BI: Pivot, View, Query, and Map”

Join us Tuesday, February 11th @ 5:45pm for the .NET SIG.  Jeff Mlakar from our Business Intelligence team (@BIatBA) will be presenting on the Microsoft Power BI stack, including Power Query, Power Pivot, Power View, and Power Map.  Jeff will be showing how these free add-ins can be used within Excel, and he will be demonstrating how to leverage Power BI on Office 365 to share and collaborate with the data both online and via the new Power BI mobile app.

Register for the event here.

Why did my email messages disappear from my inbox?

While the Personal Archive mailbox in Exchange Online is a great feature for most end users, some folks become distressed when all of their old mail “disappears” from their inbox and mailbox folders.

By default, when you enable a Personal Archive mailbox, all mail older than two years in all primary mailbox folders will be moved to the Personal Archive mailbox. This is a result of a Retention Policy being applied daily to the mailbox.

You may find that two years isn’t long enough for a majority of your end users, so you want to extend the age of the items archived, or simply disable the automatic archiving. To do so, you’ll need to modify the default retention policy.

Out of the box, every Exchange Online mailbox has the “Default MRM Policy” retention policy assigned to it.

image

We need to find it the bit in the retention policy that moves mail to the Personal Archive (When the PA is enabled) from the primary mailbox after 2 years.

Go to compliance management >> retention policies.  Double click the “Default MRM Policy” to open the properties:

image

The retention policy properties window shows a list of retention policy tags and their actions.  We’re trying to identify the tag which archives the email after two years, so we want the one which has the retention action of “Archive”:

image

Now that we’ve identified the name of the retention tag being used to send items to the archive, click cancel to close the properties window, and then click retention tags in the top menu.  Double click the “Default 2 year…” retention tag to view the properties:

image

Alter the “Retention period” settings to increase or decrease the item age. You can also select “Never” to never allow the retention tag to move anything to the personal archive.  Just to be tidy, if you change the item age, modify the retention tag name to reflect the new item age. Click save to save these changes:

image clip_image011

Why don’t we simply delete the retention tag instead of setting the retention period to “Never”? It’s a personal preference. I don’t like to delete default settings. Deleting the tag would have the same effect.

Note: Altering the archive retention tag won’t restore archived mail to the primary mailbox if the retention policy previously ran against a mailbox. Mailbox users will have to manually move the archived items back into their primary mailbox if that’s what they want to do.

See Retention Tags and Retention Policies at Microsoft TechNet for more detailed information.

Barry Thompson
Principal Consultant – Cloud Solutions

Microsoft Online Services Performance Test Tool is Back

The Microsoft Online Services “Performance Test for Internet Connection to Microsoft Online Services” (formerly found at speedtest.microsoftonline.com) is back, after several months of absence.

SNAGHTML16481e1f

As a Microsoft Cloud Partner, we’ve found the tool to be extremely useful when performing initial client environment discovery and general Office 365 readiness by measuring response times, bandwidth and connection quality with Microsoft Online Services.  The one notable difference with this tool is the requirement to enter an Office 365 tenant domain before beginning.  Interestingly enough, entering “company.onmicrosoft.com”, as listed in the example, does allow the test to begin.

We typically use the tool during the pre-sales phase with clients.  During instances when we can’t be on site to run the tool ourselves, It’s very easy to direct clients to the tool so they can run it from a computer within their company network, and then return the results to us.

Once the tool has completed it’s run, click on the down arrow in the bottom-left (highlighted in the image below) to reveal more tabs:

image

Clicking on the Advanced tab reveals summary statistics from the test, including download and upload capacity:

image

The tool is hosted on two different sets of domains/URLs, each with a version available for three different regions.  Currently, the cloudapp.net locations appear to be the most reliable and available.

Fast Track Network Analysis (North America)
http://na1-fasttrack.cloudapp.net/

Fast Track Network Analysis (Asia Pacific)
http://ap1-fasttrack.cloudapp.net/

Fast Track Network Analysis (EMEA)
http://em1-fasttrack.cloudapp.net/

At the time of this writing, the APAC and EMEA sites at deployoffice365.com are not yet available:

Office 365 Network Analysis Test (North America)
http://na.deployoffice365.com

Office 365 Network Analysis Test (Asia Pacific)
http://apac.deployoffice365.com

Office 365 Network Analysis Test (EMEA)
http://emea.deployoffice365.com


Barry Thompson
Principal Consultant – Cloud Solutions

How do I get to all my applications in Windows RT 8.1 Blue Preview?

With Microsoft releasing the Windows 8.1 (Blue) upgrade for download yesterday evening and us always wanting to jump into new technology, our first impressions of Windows 8.1 (Blue) upgrade on our test Windows RT tablet were pretty good. There were some good things, and some difficulties. One of those difficulties were around getting to our applications using the familiar ways we learned in RT. The following is from one of our consultant’s experiences. Keep checking back often as we blog about our experiences with the Windows Server 2012 R2 and Windows 8.1 previews!

All my apps are gone!!!

For those of you who have installed the 8.1 Blue preview, you may have found it more difficult to find any of your applications that are not pinned to the start screen.

Windows 8.1 Start Screen

Windows 8.1 All Applications

Previously in Windows RT (and in Surface Pro), you could just swipe up and then click on the icon in the corner to view all you applications.

Windows RT - All apps icon

However, in the update, this has been replaced by an icon for customizing the groups of apps in the start screen (sorting and naming groups). This is easier now than it was before for those functions, however it didn’t get me to what I wanted, which was access an application tile not on my start screen.

Windows RT 8.1 - Customize icon  image

All was not lost however. I could still search for an app (swipe from the right and choose search from the charms menu) and then open it. But to actually get to an app’s tile and then select it to pin to the Start, I found the following two ways:

First, the swipe method:

Once in the start tile screen, just swipe up from the middle of the screen to be presented all of your applications. Swiping up or down then swaps between all apps and the start screen. It makes sense, but wasn’t as intuitive as I expected and was discovered with some trial and error.

Second, the more apps icon:

The second isn’t obvious, but if you notice small things is pretty easy to catch. If you swipe your start screen all the way to the right you will notice an arrow in the lower left corner pointing down. clicking on that will take you to all of your applications, same as the swipe down does.

Windows RT 8.1 Start Screen - More Windows RT 8.1 - More apps icon

Take away:

While not immediately intuitive, I think my kids could have found these quickly enough and after using it a few times I find it to be a much faster way to get to my apps without having them on the start screen.

 

I hope our consultant’s experience can help some of you who are wondering where all of your applications are in the Windows 8.1 preview. We hope to have more of their experiences in the coming posts to give you some exposure to Microsoft’s newest version of Windows 8.

Jason Condo
Principle Consultant

System Center 2012 R2 Preview released (with Server 2012 R2 also!)

System Center 2012 R2 PreviewIf you are eager to get your hands on the latest release from the System Center suite, Microsoft has released System Center 2012 R2 for preview today. That is more commonly referred to as its components; Configuration Manager (SCCM, ConfigMgr), Operations Manager (SCOM, OpsMgr), Virtual Machine Manager (SCVMM), Service Manager (SCSM), Data Protection Manager (SCDPM), and Orchestrator (SCORCH). With it you can choose to also get your hands on Server 2012 R2 as well. I will be blogging more on this later as I get the bits installed and start playing with the many new features, but I wanted to get you the information for getting to download the preview now.

http://technet.microsoft.com/en-US/evalcenter/dn205295

Here is an excerpt from the System Center team blog on the announcement (http://blogs.technet.com/b/systemcenter/archive/2013/06/25/microsoft-system-center-2012-r2-preview-is-now-available-for-download.aspx):

Windows Server 2012 R2 and System Center 2012 R2 provide a wealth of new advancements to help IT organizations build and deliver private and hybrid cloud infrastructure for their businesses.  Some of the highlights include:

  • Enabling hybrid cloud – Windows Server Hyper-V and System Center enable virtual machine portability across customer, service provider and Windows Azure clouds, while a new System Center Management Pack for Windows Azure enhances cross-cloud management of virtual machine and storage resources.  Windows Azure Backup and Hyper-V Recovery Manager provide offsite backup and disaster recovery options.
  • Windows Azure Pack provides Windows Azure technology that enterprises and services providers can run on their Windows Server infrastructure for multi-tenant web and virtual machine cloud services. 
  • Built-in software-defined networking – Site-to-Site VPN Gateway helps customers seamlessly bridge physical and virtual networks and extend them from their datacenter to service provider datacenters. 
  • High performance, cost effective storage Features such as Storage Spaces Tiering, VHDX resizing and de-duplication for virtual desktop infrastructure provide high performance for critical on-premises workloads (like SQL and Hyper-V) using lower-cost, industry-standard hardware.
  • Empowering employee productivity – Windows Server Work Folders, Web App Proxy, improvements to Active Directory Federation Services and other technologies will help companies give their employees consistent access to company resources on the device of their choice.

Jason Condo
Principal Consultant

Cumulative Update 2 (CU2) for System Center Configuration Manager (ConfigMgr) 2012 SP1 is available

 

For those of you running ConfigMgr 2012 SP1 and still having some minor issues (or major depending on the business criticality of the function), Microsoft has released a hotfix (CU2) to help address them.. I do not believe this requires you to have installed CU1 first.

This update just bundles a number of fixes discovered by MS in support of SP1. Some of the things addressed in this update are:

  • Administrator Console – issues adding site servers and screen reader software enhancement
  • APP-V – errors with 2007 migrations and cert errors
  • OSD – app installs in task sequences, custom ports issues, limited functionality with WinPE 3.1 images, multicast functionality
  • Asset Intelligence – fixed a report for more accurate data
  • MDM – fixed mobile 6.5 client issue
  • Software distribution – fixed the waiting for content forever issue, content status issues during upgrades, and status routing for DPs
  • Non-Windows support – added more OSs supported
  • Site Systems – fixed some status messages and filtering, site server installs, fixed AD discovery with deltas
  • ConfigMgr SDK – object error on 64 bit systems for CPapplet.CPAppletMgr Automation object
  • Client – fixed automatic client updates error
  • CU Setup wrapper – now can update all in one instead of separately, better logging

 

More information on the above items and the hotfix can be found here:
http://support.microsoft.com/kb/2854009

Jason Condo
Principle Consultant

Importing ConfigMgr 2007 task sequences XML to ConfigMgr 2012 ZIP

With the new 2012 import/export functionality, the new file format is “.zip” file. This compressed file contains not only the task sequence XML can also include any dependencies to the task sequence like a boot image. While this is awesome for migrating between a test and production ConfigMgr 2012 environment, it does not help if you are trying to import task sequences from a disconnected 2007 environment.

In my consulting practice, we do a lot of OSD implementations using a base set of task sequences that we already have pre-configured. Once at a customer, we customize our base templates for the specific project and then export the XML or ZIP to the project documentation. Well today I was at a client that we had previously done work for and they had already performed a 2012 upgrade and removed their old 2007 environment. However, they did not migrate any of the OSD and were looking for us to re-implement OSD in their new environment. Instead of importing our canned OSD for 2012 and then customizing for their needs, we wanted to use the customized 2007 task sequences we had implemented for their old environment. The first problem, however, was the only copy of those were from the archived XML from our project files we had left them. The second is that you can’t import that XML through the 2012 console. Not to worry though, we can still make it work.

The 2012 exports are just compressed files full of the resources, some configuration files, and then the task sequences XML. This 2012 task sequence XML is not the same as the old 2007, but we are able to insert the 2007 XML into the appropriate spot to make it useful. This enabled us to save a bunch of time from recreating the old TS logic. The following is a quick example of how this works.

Start with a 2012 exported task sequence. This is in .ZIP format.

Export a Configuration manager 2012 task sequence

task sequence exported to .zip

Once exported, open the zip file and navigate to the task sequence folder and copy out the object.xml

open the object.xml file

Open the object.xml file and you will see a lot of new xml, however, scrolling almost to the end of the file you will find a section with embedded task sequence XML.

look for the embedded task sequence xml

This XML is the same task sequence XML as you have in a normal exported task sequence from 2007, however you need to be sure only to grab the appropriate XML nodes and not the whole task sequence. To do so, in the old 2007 XML, copy the nodes and data from the sequence xml node:

<sequence version=”3.00″>
…..
</sequence>
copy the 2007 task sequence xml

and paste it into the object.xml in the CDATA section in the 2012 XML replacing the existing embedded sequence node:

<![CDATA[
….
]]
paste the xml into the 2012 task sequence

You don’t have to worry about the text/line formatting. Save the file and then copy it back into the .ZIP file. You can then import the ZIP file into your 2012 environment and adjust your referenced objects accordingly. This is great when you have a master task sequence of custom tasks and you just would like the ability to copy/paste them into your new 2012 task sequences. One thing to remember is that your old task sequences were built on the package/program model for software installs. If you are leveraging the new applications model (which you should be) you will have to recreate those specific tasks anyways.

Jason Condo
Principle Consultant

   

June 26th
Additional Notes:

It seems that some people are having problems importing. While I’m not sure as to what they are seeing specifically, I found that the best option that worked for me was to create a blank default task sequence (not a MDT task sequence) to use as the export template from 2012. I grabbed the sequence node from the old and inserted it into the new, replacing the embedded sequence xml node. I don’t see why you couldn’t grab below the sequence node as well (after <sequence version=”3.00″>). It think may address some of the users’ experiences of having 3.10 as a sequence version. Hope that helps and keep sharing your experiences.

Notes from the Microsoft Management Summit 2013

This was another great year at the Microsoft Management Summit (MMS) in Las Vegas. While there were not an major product launches, much focus was given on the enhancements with SP1 for System Center. This news isn’t new since SP1 has officially been out since January but while there has been a lot of discussion about the features, seeing how Microsoft sees them in action and their alignment with the cloud mindset was beneficial. In the ConfigMgr space, there were numerous enhancements that were made with SP1 but my favorite is the hierarchal changes and the expansion of non-windows and non-PC device support.

Down to one

One great feature of the SP1 enhancements for ConfigMgr were the changes made to the architecture permitting a much flatter hierarchy. A very compelling argument was made as to why a CAS is not needed and that a single Primary site is all you need (unless you have over 100K clients or a solid reason to have multiples). Again and again it was stated from MS product team as well as MVPs managing huge deployments that you don’t need the CAS in the design and that a single Primary site server should be good for almost all but the largest deployments. This is backed up by the fact that the design changes in SP1 enable you to add a CAS server at any time later (thank goodness) and that the total number of clients supported at a single primary is 100,000. This is a huge shift for many of us, who based on the RTM specs, had installed CAS servers in solutions just in case a customer would want to expand their hierarchy later.

What was also discussed was the impact of having a CAS that doesn’t do anything, as in the solutions we described above. This impact was defined as the “replication tax” and basically described that since all primary servers in a hierarchy are equal, any change made at one server has to replicate to all the other servers and then up the hierarchy. When all your clients are reporting to a single primary with a CAS, that means that to see changes made at a Primary, you have to wait for it to replicate to see it at the CAS, for no real benefit. Since Primaries can’t be used to separate rights or access, the argument to have multiple primaries and a CAS really become difficult to support.

To example this effect, the product team was performing some “bathtub” testing against a design managing 400,000 clients during a normal Patch Tuesday rollout. With the minimal 4 Primary Site Servers they found it took around 14 hours to process all the backlogs. You would think throwing more servers at the solution would speed things up, however increasing the number of Primaries to 10 increased the backlog to 26 hours! In both scenarios the CAS was running at 100% utilization trying to keep up with the replication needs. This is huge, so make sure you are understanding this when you are designing your solution. If you have multiple Primary Servers now and have under 100,000 clients, I would strongly suggest you review your design and adjust accordingly.

Intune and ConfigMgr – Better together

Another great feature in ConfigMgr SP1 is the expanded support for deploying applications across numerous platforms and devices. Native support for IOS 10.6+, Linux, and Android means that you can have an agent, manage devices, and deploy software all from the same console. The user experience across all devices are similar and can even deeplink into the platform’s store to a specific public software install (App Store, Microsoft Store, Google Play). You can even use SCEP 2012 on your Apple systems.

While using ConfigMgr natively is great to manage on-prem devices, Microsoft expects you to manage cloud devices (mobile devices, disconnected pc’s, windows RT) from the cloud. Sounds obvious, and why not, since that is the easiest way to ensure an internet connected device can be managed without the work of making your management solution public facing. Microsoft has been working hard on their unified device management initiative, and with the latest version of Intune, creates a connection between your ConfigMgr SP1 solution and your Intune subscription service. Now there are ways you can empower users to be able to enroll their own devices and allow you to inventory, manage, deploy applications, and wipe those devices. All while having a single toolset to manage and a consistent experience for the end-user for application delivery. Let’s face it, keeping things simple and having a happy user makes a productive user and a happy you. There is so much to tell about this that I just can’t write it all but if you want more details feel free to reach out to me and I can help you dig in deeper.

As always, the sessions were great, the food was plentiful, the vendor parties were fun, and the socializing with other IT folks that wrestle with the same things I do was priceless. If you didn’t get a chance to go or was able to but missed some sessions in lieu of other ones, Microsoft has the recorded sessions along with slide decks available for download at http://channel9.msdn.com/Events/MMS/2013.

Now the only question (beside the obvious one about upgrading to SP1) is whether I will see you at next year’s MMS. However, the decision as to whether Microsoft will have another is still up in the air. We can leave that for another post though :)

Jason Condo
Principal Consultant

Follow

Get every new post delivered to your Inbox.