Latest Discussions
Gpresult /H and GPMC settings view do not match RSOP.
I am having an issue where I have a couple of GPO settings on a win 11 device not showing in a gpresult /h but they do show in an rsop. I have seen this in the past on a few occasions but never really gave it much thought and just assumed it was something lacking in gpresult as html. I have verified running gpresult /v on the system shows the missing settings and matching rsop so I am confident that the settings are being applied but I am not finding any other examples online of this situation. I also noticed that the settings do not display in the gpmc settings tab on the GPO with the settings but I have of course verified they exist in GPME after right clicking and editing the appropriate GPO. This post is to hopefully find some sort of Microsoft or community backing in my thought process that this is simply the html lacking compatibility to show some extended settings or I am completely open minded to a separate explanation of what is happening. Thanks in advance for any help!
June 2024 Enterprise version of Microsoft Support and Recovery Assistant has expired
We're in the middle of migrating several thousand PCs from older Office versions to M365 Apps for Enterprise and are using the enterprise SaRA tool to remove Office. The current posted version of the Enterprise SaRA tool has expired and a new version has not been posted as of Sept 20, 2024. Any word on if an update will show up soon? https://learn.microsoft.com/en-us/microsoft-365/troubleshoot/administration/sara-command-line-versionVLSC is gone - welcome admin.cloud.microsoft, how-to access keys, ISOs today
Hi everyone, if anyone is looking for volume licensing downloads, keys etc. there's a significant change. While most Windows devices out there are licensed through OEM nowaways there are exceptions for upgrade licenses such as Windows Enterprise or other SKUs that may be part of Volume Licensing. Here's a brief blogpost on this important change.
DNS Issue
Server 2019 client Windows 11 A client workstation has 4 DNS servers we expect to work in a "round robin". The servers are: accounting research dev admin The systems we are trying to access exist in the DNS server DEV. When we run NSLOOKUP and set the DNS server to DEV, we are able to look up the systems we are trying to access. When we exit NSLOOKUP and try to ping or access a system through its web portal, the system doesn't recognize the name. Any ideas? Thanks!Remote Desktop failing with Error code: 0x50331742 Extended error code: 0x0
Looking up Remote Desktop error codes, the list ends at50331728 so50331742 is off the charts.What does error code50331742 mean? https://social.technet.microsoft.com/wiki/contents/articles/37870.remote-desktop-client-troubleshooting-disconnect-codes-and-reasons.aspx Windows 10 Pro 22H2 x64bit AlsoI noticed as I attempted to debug thatUmRdpService won't start. It gives an error indicating the service started then stopped but it won't stay running. Remote Desktop was working fine a few months ago then stopped. Debug steps tried: Checked that all umrdpservice dependentservices are running Checked that umrdp.dll (Version 10.0.19041.1806) is present in the System32 folder Ran Sfc /scannow and DISM /Online /Cleanup-Image /RestoreHealth completes with no error. Reset the service with "sc config UmRdpService start= demand" Outbound RDP connections work fine, inbound fail with the50331742 error code. Network is set to Private Cleared the RDP cert in the cert store and restarted the service to create a new one RDP listen port is correctly in the registry Set Telnet fDenyTSConnectionsetting to 0 Group policy shows "Allow users to connect remotely by using Remote Desktop Services" is enabled IPV6 is disabled Custom Scaling is disabled RDP Firewall setting are open DNS is working fine and can resolve and ping the hostname Event Logs show no errors Verified user account is has permission to Remote Desktop. Please advise becauseI am out of ideas of what to try next. Something is stopping the service from starting and I can't think of what that could be?
Configuring Windows 10 via GPO
Hello I’d like to configure my Windows 10 to have zero unannounced installations. That is it must ask user or admin, first, regardless of what it’s installing. Secondly I’d like to set the internet traffic in / out to zero bytes unless either initiated by user or admin or approved by user / admin. I’ve spent a few days looking at individual policies and got pretty close but I’ve had to reinstall now cause Microsoft Security would not load at all after setting the previous set of rules. If posted in wrong thread, please advise. Thank you for reading my help requestFAQ: Supporting Microsoft Store experiences on managed devices
Find answers to common questions about new Microsoft Store app integrations in Microsoft Intune and transitioning application management from the Microsoft Store for Business. Looking for more information? Read Update to Intune integration with the Microsoft Store on Windows. Editor's note: Questions in this FAQ may be added and/or updated over time to provide more detail. Updates and new questions will be indicated. Editor's note (3.23.2023): The retirement of the Microsoft Store for Business and the Microsoft Store for Education, originally scheduled for March 31, 2023, has been postponed. We will share an update here on future plans when they're available. In this FAQ: Early access and availability Application content Technical requirements Migration Application management and controls Benefits of integration with Endpoint Manager Options for app acquisition without Endpoint Manager Early access and availability What are the preview opportunities and when will they be available? Organizations looking to evaluate the new Microsoft Store app repository integration with Endpoint Manager will be able to sign up and participate in a private preview in the September 2022 release of Endpoint Manager. (Note: this date is subject to change.)) How can I sign up for the private, and later, the public preview? We will work with select organizations in the initial phase of the private preview and open it to additional organizations later in the process. When we move to Public Preview, there will be no need to sign up. The new capabilities will appear with the (Preview) tag in the Microsoft Endpoint Manager admin center. Contact your Microsoft account team for more information. When is the end-to-end replacement scenario for Microsoft Store for Business going to be generally available? The current plan is to make Microsoft Store support within Microsoft Endpoint Manager generally available in Q4 of 2022, with the community and private repository support in early 2023. This date is subject to change. When is the Microsoft Store for Business being retired? The retirement of the Microsoft Store for Business is planned for Q1 of 2023. This date is subject to change. What are the options for organizations to meet Microsoft Store for Business needs between now and general availability as the current Microsoft Store for Business does not work on Windows 11? Do we need to wait to update our estate to Windows 11? If deploying Store apps on Windows 11 is a core priority and you are not currently using Endpoint Manager, then you will not be able to deploy Store apps to devices on Windows 11. For organizations currently using Endpoint Manager, the process of deploying Microsoft Store apps to Windows 11 works currently with no interruptions. Application content Can I pick and choose from a combination of Stores and Apps? Yes. You will be able to pick from a variety of sources of Microsoft Store apps, including public Microsoft Store apps or apps made available from private sources including software vendor and line-of-business applications not available in public sources. The private sources will require prior authorization from the private repository owner and authentication to be able to access those applications. Is there a plan to incorporate the replacement of Microsoft Store for Business into the Store app tab on Windows 10/11 for employees to access the private store? No, the private Microsoft Store for Business, as it existed, is being retired. Organizations should leverage Microsoft Endpoint Manager and the Company Portal to provide end-to-end app experiences for their employees. Technical requirements Is the Company Portal App going to be free if we don't license Intune? An Intune license is required to take advantage of the new functionality and to continue to deploy Store apps directly to user and device groups. The Windows Package Manager platform is openly available to enable custom app installation apps and websites to be built. How can people download the Company Portal directly? Today there is not a standalone download to meet this need. The Company Portal app is a free download from the Microsoft Store on Windows. To discover and install applications, devices will need to be enrolled. It is expected that, as is the case today with Microsoft Endpoint Manager, IT admins will deploy the Company Portal app as part of the provisioning process. Employees that have access to the Store can also download and install it themselves, then login with their company credentials. How is servicing for apps installed from the Microsoft Store integration with Endpoint Manager going to work? What configuration (service accounts, ports, and policies) needs to be in place? Using Intune, you can assign applications as required or available to employees taking advantage of their existing device enrollment with their organization. IT admins and employees will be able to install and update Store apps. For more information, see Network endpoints for Microsoft Intune. Do our devices need to be managed by Intune (enrolled in MDM) or can Microsoft Configuration Manager be used instead? Microsoft Endpoint Manager includes both Intune and Configuration Manager. In order to leverage the new Store and private repositories for apps, you will need to enroll in MDM and use the Company Portal app for discovery and installation. Organizations using Configuration Manager can take advantage of co-management to deploy Store apps. Migration Will servicing of Microsoft Store in-box apps be able to be done in the same way? Yes, in-box apps that have a presence in the Microsoft Store on Windows can be serviced exactly the same way. In some cases, in-box apps can be uninstalled using Endpoint Manager app uninstall assignments. What do I need to do to have apps I installed from the Microsoft Store for Business remain up-to-date and manageable? Do I need to reinstall them? Will they stop working? Apps that are already installed on devices will continue to work for employees. To be able to service them as an IT pro, you will need to create a new assignment of those apps using the new Store integration with Endpoint Manager. This will not force any reinstall of the app, just reconnect the app from the employee's device to your Endpoint Manager app list. What is the process to migrate existing Microsoft Store for Business applications over to the new solution? There is no client migration or device changes required for previously installed apps. On the admin side, you will need to recreate and reassign applications to user and/or device groups and recreate role-based access control assignments that were previously created for individual Store for Business applications. What should I be doing right now to be ready for the transition? Identify those business-critical apps that you have deployed through the Microsoft Store for Business, understand how they are being used in your environment, and plan to recreate the app in the Endpoint Manager console and reassign. Existing assignments continue to work; new deployments will proceed according to your group assignments. Can I service part of my app instead of reinstalling the entire app if I'm using the new Microsoft Store app integration with Endpoint Manager solution? Redeploying an app will not explicitly result in a complete reinstall if the app is already available on the client device. However, this is entirely dependent on the application installer and how the vendor created it to behave. It is independent from how the Store works as the delivery mechanism. Do I need to repackage all my line-of-business apps for the new Microsoft Store app integration with Endpoint Manager solution? Repackaging is not a requirement. LOB apps previously deployed via Endpoint Manager are not affected. Application management and controls Can I force or gate a user to stay on a specific version of an app until I approve a newer version for my enterprise? The Store will only keep a few of the most current versions of an app available. We are evaluating, with the new Microsoft Store integration, a way that you will be able to, per app, decide whether auto-update is appropriate or whether you as an IT admin want to control the flow of updates using Endpoint Manager. If you need to keep an older version of an app around (N-2 or N-3, etc.) you will need to maintain your own copy of that application and deploy it manually. Can IT admins enforce mandatory or deadline dates? This capability is not yet available, but something we are looking into. How do I manage app entitlements using the Microsoft Store app integration with Endpoint Manager? There is no concept of entitlements or licenses. You also cannot use the Store to purchase apps on behalf of your employees. By assigning an app to a user group or device group, you are granting installation rights to all members of that group either as a required (also known as a push-install) or as an app available for the employee to install themselves through the Company Portal. Do you expect apps that have their own "auto updaters' (e.g. Microsoft Edge, Teams, and OneDrive) to change their servicing strategy? What powers the Store and private repositories and app manageability is the Windows Package Manager technology which affords the ability to update applications. Although applications with auto-updates still exist, you can use the Store to control the flow of updates with more certainty. We want apps to be automatically serviced, how will that work? What about for organizations not using Intune? Automatic servicing of apps deployed from the Store using Endpoint Manager will be an option that IT Admins can select on a per-app basis. The Store in the absence of management tools, like Endpoint Manager, will behave as it does today. Is there a plan for compliance reporting to show when applications are not current, i.e., out of date and subject to security fixes? These types of features are possible and under consideration. What management capabilities are there for IT admins to curate which apps an employee can install, but not allow full access to download all apps? IT admins can block access to the full Microsoft Store and, using Endpoint Manager, only allow the installation of apps either through required assignments or available assignments, in which the employee can search and install apps using the Company Portal. Will apps take advantage of peer content sharing, e.g., Delivery Optimization, or do they pull direct each time? Full Delivery Optimization support is available for Store applications deployed to Windows devices. What monitoring and reporting options will be available? As with most apps deployed via Endpoint Manager, you will have full monitoring and assignment reports available to you as well as complete device app inventory reporting for apps assigned using Windows Package Manager integration. What is the process to revoke or uninstall an application in the event of a zero-day vulnerability or once we are no longer licensing an application? Endpoint Manager has the full ability to update an app to resolve bugs or vulnerabilities. It also can be used to remove or uninstall apps of your choosing. How do I handle application dependencies? For example, one of our apps requires .NET to be installed before the app itself can be installed? Dependencies are a feature that is likely to be shipped after general availability but is something we plan to support in the future. Benefits of integration with Endpoint Manager What are the advantages of the Store for Business replacement solution in Endpoint Manager? There are many advantages, one of which is improved search and app discovery experience. It is much easier to find and assign apps to user groups, and the expanded app catalog content includes Win32 apps. There is also access to a broader set of apps from the Microsoft Store on Windows, including those submitted by the community and those made available through private software vendors or company-owned app repositories. Through Windows Package Manager, you have a richer set of APIs and integration points as well as developer tools. Options for app acquisition without Endpoint Manager What are our options if we don't have Intune or use a non-Microsoft management solution? Windows Package Manager has a rich set of tools and APIs available for you to discover and deploy applications to Windows devices. See the following for more details: Manage Windows Package Manager with Group Policy. What is the process for custom and line-of-business apps? Line-of-business apps can continue to be deployed through any of the various methods already available in Endpoint Manager through the Intune service or through Configuration Manager. For Store-based apps, using a private repository would include the benefits of publishing, lifecycle management, servicing/updating, and uninstalling/removing.Heather_PoulsenAug 13, 2024Community Manager
Credential Manager for Outlook :
I have an outlook email address and account. Recently there was some sort of muddle, due, apparently, to having tried to access it from a laptop which I seldom use. I received a message from Microsoft suggesting that I should change my password. That was done, and things worked ok until a new version of Thunderbird was installed. This refused to accept the new password, and will not connect with Outlook.com unless there is a new message. I need to find what passwords are stored in Windows Credentials Manager. Yes, there are 'help' pages which explain how to do it, but none of them seem to work.Get-WindowsAutoPilotInfo - A quicker way...
Hi All Just a Tip from me to make it easier (if you got other ways, let me know, would be interested) Starting to deploy via Autopilot but first grabbing the information - so I am using a USB Drive with the following : Plug in the USB Drive.. Right Click the file ..GetAutoPilot.cmd and (run as Administrator) (it seems everytime I plug in the USB I get 😧 Drive but with the updated command below its automatic ) Prepare Files 1)GetAutoPilot.cmd 2) Download a copy ofGet-WindowsAutoPilotInfo.ps1 Contents of GetAutoPilot.cmd PowerShell -NoProfile -ExecutionPolicy Unrestricted -Command %~d0\Get-WindowsAutoPilotInfo.ps1 -ComputerName $env:computername -OutputFile %~d0\computers.csv -append Get-WindowsAutoPilotInfo.ps1 - downloaded from powershellgallery https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo/1.6 What it does... It quickly dumps the CSV file onto the USB Drive and now I have all the CSV Files that I need in one file ready to upload to intune. Then unplug and move onto the next device ... Easy ! Simon Allison
