CCMEXEC.COM – System Center blog

CCMEXEC.COM – by Jörgen Nilsson

Browsing Posts in System Center Configuration Manager

In Windows 10 1607 App-V and UE-V are built-in natively in the Operating System (Not in Pro) and no additional setup needs to be run anymore, this is awesome! Both App-V and UE-V can be enabled using a Group Policy or by using the following Powershell commands, Enable-Appv and Enable-UEV.

In some scenarios especially for App-V we need to enable it during OSD in our Task Sequence so that we can install App-V applications before the Group Policies are applied.

This is really simple we use just use the Powershell to activate it. If we want to enable both App-V and UE-V we use the following command

powershell.exe -NoProfile -Command “&{ Enable-Appv; Enable-Uev }”

activate App-V for instance using the following command:

powershell.exe -NoProfile -Command Enable-Appv

The Run Command Line Step must run after the Setup Windows and Configuration Manager step as shown below.

Task Sequence Step

If we then use the command prompt after that step to check the App-V status, it is now enabled.

App-v during OSD

In many scenarios and solutions, we use a single Task Sequence to deploy multiple Windows Versions in these scenario the following WMI query can be used to only run the command on Windows 10 1607, select * from Win32_OperatingSystem where BuildNumber = “14393″ as shown below.

Conditions using buildnumber

This really makes our life simpler!

It is time again! System Center User Group Sweden are planning an Enterprise Client day on the 29th of October at Microsoft in Akalla, Stockholm!
We have a preliminary agenda inplace and registrations are now open as well, hope to see you all there! The sessions will be held in Swedish.

Agenda (preliminary):

Description
Agenda is preliminary
0800 – Registration Opens
0815 – Welcome
0830-0915 – Third Party Patching with Shavlik
0930-1030 – Deploying Windows 10 Like A Boss
1045-1130 – Building Secure Mobility with Conditional Access
1130-1230 – Lunch
1230-1315 – ConfigMgr Tech Update
1330 – 1415 – The Flexera Offering around Client Management
1430 – 1515 – Customizing Windows 10 for the Enterprise
1530 -1615 – Device and Application Management in a Modern World
1630 – 1715 – Securing your Clients against Modern Threats

0800 – Registration Opens

0815 – Welcome

0830-0915 – Third Party Patching with Shavlik

0930-1030 – Deploying Windows 10 Like A Boss

1045-1130 - Building Secure Mobility with Conditional Access

1130-1230 – Lunch

1230-1315 – ConfigMgr Tech Update

1330 – 1415 - The Flexera Offering around Client Management

1430 – 1515 – Customizing Windows 10 for the Enterprise

1530 -1615 – Device and Application Management in a Modern World

1630 – 1715 – Securing your Clients against Modern Threats

Registration is now live here:

https://www.eventbrite.com/e/scug-se-enterprise-client-day-tickets-27391385371

There will also be a Datacenter day which is the day after the 28 of October more information can be found here:

https://www.eventbrite.com/e/scugse-cloud-and-datacenter-day-tickets-27391969117

Hope to see you all there!!

740810_10151223710004296_1783026840_o

Yesterday the Configuration Manager 1608 technical preview was released and just love the fact that we get a better end user experience in Software Center, I just had to write this.
One of the new features in Software Center is that we can both see if there are new items and which item is new.

1608 Whats New

And also we have Application request in Software Center and not in the Application Catalog.
Application Request

Application Request 2

Awesome new feature for the end users!

More new features are, from the blog post: https://blogs.technet.microsoft.com/enterprisemobility/2016/08/22/update-1608-for-configuration-manager-technical-preview-available-now/

  • Improvements to Asset Intelligence: We have added a field to the properties for inventoried software that lets you set a parent and child relationship with other software. In the Inventoried Software list, you can view the parent of any software and also hide all child software.
  • Improvements to the Prepare ConfigMgr Client for Capture task sequence step: The Prepare ConfigMgr Client step will now completely remove the Configuration Manager client, instead of only removing key information. When the task sequence deploys the captured operating system image, it will install a new Configuration Manager client each time.
  • Keyboard Translation for Remote Control: By default in a remote control session, characters typed on the viewer’s keyboard are sent to the controlled device instead of the keys – whether or not their keyboard layouts match. This behavior may be turned off in the Remote Control viewer Action menu.
Let’s focus on Remote Control, it is great that Remote Control gets some developer love, one thing I would like to see is the possibility to control the startup of the Remote Control Service on all clients from Automatic(Delayed) to Automatic using a Client Setting.
I created a user voice item for it so if you feel the same way, please vote for it here: https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/15756271-remote-tools-client-setting-to-change-client-ser

The documentation of what is new in Configuration Manager 1608 Technical preview can be found here: https://technet.microsoft.com/en-us/library/mt761995.aspx

Another post of mine on how to make Windows 10 1607 handle the way I like in an Enterprise is now live on the 4Sysops website.

Many enterprises would like to control and remove such notifications because they can confuse users and trigger unnecessary help desk calls. At the time of this writing, no Edge setting or Group Policy exists that allows admins to remove the Edge welcome page. Thus, I decided to dig in to how we can stop the page from showing.
Edge Welcome Page

It ended up being an Active Setup as the registry keys are not present when the user logons the first time, a user would hit the welcome page if they launch Microsoft Edge without login in/out once. I tried creating the whole structure but that didn’t feel right and could probably be something that bites back as that is for all modern apps and Microsoft Edge seemed to hang for me afterwards.

I hope it is useful!

Read the full post here:

https://4sysops.com/archives/disable-welcome-to-microsoft-edge-page-and-default-browser-prompt-in-windows-10-1607/

I had to write a post on the new options we have in Windows 10 1607 and managing the items in the Taskbar, it is now live at 4Syops.com where I am one of the authors. It covers how to deploy a custom taskbar during OS deployment, Group Policy, Powershell script and some lessons I learned so far when using it.

“The feature we used to deploy a customized Start menu in Windows 10 has been extended with the ability to manage pinned items on the Taskbar. There are some unsupported solutions for importing a Taskbar layout during OS deployment, including the one I wrote :-) However, now we can do it in a supported manner, and we can even add items using Group Policy after we create the user profile.

Windows 10 Taskbar

Note that this feature requires Windows 10 Enterprise/Education and it only works in Windows 10 1607.  (Editor’s note: There is some evidence that this feature works in Windows 10 Pro. Please share your experiences in a comment.) We cannot use this feature to remove items the user pinned to the Taskbar; we can only remove items from the Taskbar that we added with the new feature.

The Taskbar layout is configured in an .xml file either together with the Start menu layout or in a separate file. The .xml file can then be deployed using different tools according to which suits your organization best.”

Check out the whole post here:

https://4sysops.com/archives/pin-apps-to-the-taskbar-in-windows-10-1607-with-group-policy/

I have written posts both about how to uninstall builtin apps in Windows 10 using Powershell and how to block them with Applocker before so this is just a note that you will need to use Applocker once more.
Now that Windows 10 1607 is here we have a new app called “Connect” which we cannot uninstall much like the Contact Support app.

Connect2

The connect app turns your PC into a Miracast Receiver , which can be useful but not really in an enterprise.
Connect1

If we try to uninstall it, we get the following message, that it is part of the Operating System and cannot be removed.

Remove Connect

We can block it using Group Policy as I have described before with the Contact Support app and Microsoft Feedback app. http://ccmexec.com/2015/08/blocking-built-in-apps-in-windows-10-using-applocker/

If you are doing that already we only need to edit the Group Policy and add the following app as well. In the Group Policy add a new Package app rule for the Connect app
Connect3

So we end up with the following rules together with the Contact Support app and Feedback app as I have in my Group Policy since Windows 10 1507 and 1511.
Connect4

When deploying Windows 10 1607 the anniversary update for the first time I realized I need to be able to filter applications and also Task Sequence steps based on builds in the future. Why? Well I am lazy so I just copied my existing Windows 10 deployment Task Sequence and it failed when deploying applications as it included both the App-v client and the UE-V Client installations and those are now builtin Windows 10 and the installation will fail.

So here are two ways of creating a Global Condition that can be used as requirements for the different deployment types in the application model.

Global Condition using Buildnumber as a variable

This will give us the possibility to enter different Buildnumbers in the Deployment Type Requirements as shown below. So we can type 14393, 10586 or whatever we need it to evaluate on the clients for the deployment type to install.

Global3

Global4To create it do the following:

1.In the Configuration Manager Console we select Create Global Condition under Software Library/Application Management/Global Conditions
Global1

2. We use the values below

Global2

3. Done!

Global Condition using a specific Buildnumber

We can also create a Global Condition for a specific build number, so that we don’t have to type the build number in the deployment type Requirement like shown below when selecting it, we use the “Existential” option instead of string.

Global5

This is created in the following way:

1.In the Configuration Manager Console we select Create Global Condition under Software Library/Application Management/Global Conditions
Global1

2. The only difference is that now we enter the WQL Where query as well as shown below.

Global6

3. Done!

When we deploy the UE-V application to a Windows 10 1607 machine we get the following in the deployment status to verify that it works.
Global Condition

I hope it is useful!

Windows defender has become even better in the Windows 10 1607 release which is great! But it has also added a first-run dialog for each user that launches the Windows Defender UI.
Defender 1607

This is kind of annoying as it doesn’t check i the settings are already configured and a normal user doesn’t have permissions to turn it on as it requires local admin permissions. So after a little Regshot usage, the registry value that is set after you press close is the following: HKCU\Software\Microsoft\Windows Defender\UIFirstRun with a value of 0.
Defender1So by using a script or a Group policy preference as shown below we can disable that end-user dialog. I haven’t found it in the group policy settings for Windows 10 1607 which I think it actually should have been. Enterprises will want to turn this of. Defender2I hope that can be useful!