Azure RemoteApp will be stopped

Today, Microsoft announced, that they will shutdown the service Azure RemoteApp. New purchases will end as of October 1st 2016! Existing customers will have support until the end of August 2017. Here is the official statement: Link.

Microsoft will set on the strong partnership with Citrix and a new product “XenApp express”, which is actually under development and should be available early 2017.

Block Microsoft Account in MS Store Windows 10 (1511 tested)

After my last blog – Only display the private store within the Windows Store app (Windows 10, 1511) – there came a lot of inputs, that users can still install APPs with their private Microsoft Account. This is true, because the described setting is only deactivating the menus in the store app. So a user can add his Microsoft Account and add APPs (not as easy as usual, because he cannot see them directly in the APP).

BUT, there is a way through MDM or WMI to deactivate the Microsoft Account for Store APPs. Take care, this is not the setting “Users can’t add or log on with Microsoft accounts” (Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options)! This only prohibits to login with a Microsoft Account to the Windows 10 device!

Continue reading

Only display the private store within the Windows Store app (Windows 10, 1511)

A lot of customers are interested to use the Microsoft Business Store for Windows 10, a private store hosted by Microsoft (description about the business store you can find here: Implement Microsoft Windows Store for Business and Windows 10 Mobile). One of the first question is always: Can we disable the Microsoft Store APP but enable the Business Store, where we can manage the APPs? The answer is: YES, you can Smile –> you cannot disable the Store APP, because the Windows Store and the Business Store are the same APP (Business store only adds an additional menu when logged in with a Workplace or School Account). But you can configure the APP to only show your business store menu which is described in this post.

Continue reading

Local Administrator Password Management (LAPS)

A few weeks ago, Microsoft published a new tool – named “LAPS” – which is available for free. You will have the possibility to manage your local admin passwords for all your clients without special scripting. Since it’s not possible anymore to change the password through Group Policy Preferences, this is a nice way to do it.

You can schedule through GPO, when the password for the local administrator will be changed (how long it is valid…) and how complex it has to be. Every client has a different password, which is written back to the Active Directory. What’s needed and how you can configure it is written here.

Continue reading

Deploy Java 8 Update 25 (Error 1722)

Silent installation of the Java Runtime version 8 Update 25 (x64 and x86) will end in an error:
When installing by MSI, you’ll find the following failure in the Event Viewer under application: 1722 – There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected.

With a little modification in the MSI file (of course in the MST) and a file copy before deployment it will run.

Continue reading

Create Java 1.7 Ruleset – create JAR File – sign JAR File

We are all happy, how fast the Java versions are changing and also, that in every version new “security” features are integrated. It’s not so easy to follow all the changes (started with version 1.7 upd 07), so it’s very important to test the deployments of java everytime! Unfortunately, not all settings can be tested… but for this, I will write another post later. In this blog we take a look how to deploy a Java RULESET, so java will run for specific sites without prompting the user, if he is really sure, to use java.

General

  1. Identify critical applets and web start applications, either by location (e.g. http://test.exam.com), name (e.g. MindMan), or code-sign hash.
  2. Create a file called ruleset.xml
  3. Package your ruleset.xml into a signed DeploymentRuleSet.jar
  4. Deploy your DeploymentRuleSet.jar to user desktops
  5. Verify usage of your rule set on a client desktop

Continue reading

OSD for Dell e7440 / e7240 – NIC Driver Problem / KMDF Update

The OS Deployment for the hardware models “Dell Latitude E7440” and “Dell Latitude E7240” is full of pitfalls. O.k., two things are a little bit special (I think the same will be for other hardware vendors):

  • NIC Driver from Dell Homepage not working
  • OSD error while installing drivers –> Kernel Mode Driver Framework (KMDF) Update needed (error: Windows installation cannot proceed. To install Windows click OK to restart the computer, and then restart the installation)

Continue reading