Windows 10 21H2 and Windows 11 21H2 both show up as "2009" release
I'm not real sure where to post this, so will try here. I have noticed that for both Windows 10 - 21H2 and Windows 11 - 21H2, the "ReleaseID" value in the Registry is incorrectly shown as "2009". (We are using Windows 10/11 Enterprise.) This is located at this key in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion We rely on inventorying this value to determine which computers have which "Feature Update" installed, and therefore, which computers we still need to update. Has Microsoft migrated away from using this value to indicate which Feature Update is installed? Do we need to change our approach to look at the "DisplayVersion" instead of the "ReleaseID"? Or some other value in the registry? Also, Windows 11 has another issue. In the same registry key location, the "ProductName" value is listed as "Windows 10 Enterprise", which of course is incorrect. Are others seeing these same results with these items? Anyone heard if Microsoft has plans to fix these issues?GPO stettings for Privacy Windows 10 and Windows 11
Hello, Ihave set a security policy in GPO for some privacy & security settings. But I cannot find these settings in GPO. I don't want to edit this using the Windows registry, does anyone perhaps know where these settings are available? Let apps show me personalized ads by using my advertising ID Let websites show me locally relevant content by accessing my language list Let windows improve start and search results by tracking app launches Show me suggested content in the Settings app
How do I verify network endpoint connectivity.
Hi, Is there an easy way to verify internet endpoint connectivity. I come across this regularly where a product documents that I need to verify internet endpoint connectivity to various url's and ports. For example, for windows update: - this page https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-troubleshooting has this entry - Ensure that devices can reach necessary Windows Update endpoints through the firewall. For example, for Windows 10, version 2004, the following protocols must be able to reach these respective endpoints: Protocol Endpoint URL TLS 1.2 *.prod.do.dsp.mp.microsoft.com HTTP emdl.ws.microsoft.com HTTP *.dl.delivery.mp.microsoft.com HTTP *.windowsupdate.com HTTPS *.delivery.mp.microsoft.com TLS 1.2 *.update.microsoft.com TLS 1.2 tsfe.trafficshaping.dsp.mp.microsoft.com How do I test that. obviously using ICMP is no test for verifying http, https or TLS connectivity. What is the process? I haven't found anything powershell to do it as everything seems to rely on ping. i figure for the standard addresses, I could do something like this for http Telnet address1.microsoft.com 80 but I figure Telnet is old school, there should be something newer around these days and also how do I test the entries with * on the front of the name how do I test TLS 1.2 I'm sure there are hundreds of tech support people out there doing this currently, somebody should be able to point me in the right direction.OMA-URI Lockscreen
Recently our Organization started to migrate our client infrastructure to Microsoft Intune. Windows 10 OMA-URI Lockscreen Timeout: To personalize a timer of inactivity to lock Windows 10 you will have to create a custom device configuration profile with an OMA-URI path. I will now explain you which settings you have to set to get it working: How-to The OMA-URI Path is: To define a time of inactivity create the Data typeInteger. Use your preferenced amountin seconds. (for exampe: 900 for 15 minutes.) Take a look to the image attachment for exact configuration. Now assign this device configuration profile to your device group. Make sure you also sync it to the client from the web portal of Intune, but also on the client in the company portal. Perfect, the assigned devices will now lock after a user inactivity time which you defined.
Prevent Windows 11 upgrade, but allow Windows 10 feature packs
I am looking for a Script, GPO, or Registry key that will prevent Windows 10 from upgrading to Windows 11, but still allow the endpoint to upgrade to the latest feature pack. I have already investigated using the 'select target feature pack' GPO or registry key, but management doesn't want us to have to manually maintain the version. We currently do not use WSUS or another management software. Any suggestions are appreciated ThanksChanging MAC address without using third-party app.
Hi, For changing MAC address without using third-party app, following options I found in most articles: A. Using Device Manager B. Using Random Hardware Addresses in Windows 10 and Windows 11 There are multiple queries and doubts related to changing MAC address as below: 1. I know, MAC address is a 48-bit hardware address in 12-digit format of hexadecimal number. How can I calculate random number for the value of Locally Administered Address, if we want to change the MAC address using Device Manager? 2. In case of Random Hardware Addresses in Windows 10 and Windows 11, Windows 10 and Windows 11 have different options as below; Windows 10 Windows 11 Like Windows 10, can I setup Change daily in Windows 11? 3. Random Hardware Addresses option is available only, if system is connected with Wi-Fi. The option is not available, if system is connected with an Ethernet cable. Can I enable Random Hardware Addresses option, if system is connected with an Ethernet cable? 4. After changing the MAC address, how do I know the actual MAC address which is engraved on the network adapter? Please resolved queries. I'll be thankful for your assistance. With Regards NndnGAsk the Experts LIVE: Securing Windows Devices with Microsoft Endpoint Manager
Save the date and get answers to any questions you have around securing Windows devices with Microsoft Endpoint Manager in this special Ask the Experts event! This event will take place on Teams Live Events. At (or just before) 9:00 a.m. Pacific Time on Tuesday, October 27, 2020, visit https://aka.ms/MEMATE/SecWin to join the meeting. We'll have members of the engineering and product teams on camera and on chat to help answer your questions large and small, including: Matt Shadbolt Mike Danoski Laura Arrizza Tyler Castaldo Aasawari Navathe Lance Crandall Dave Randall Dilip Radhakrishnan Mahyar Ghadiali Sameer Yadav Shiv Patel Matt Call We hope you can join us for a great discussion!
Turn On - System Protection via Group Policy
Hey everyone, Is there a way to Turn On system protection AND set it to run once a day via a group policy? I've searched and I've come empty about this so I wanted to reach out to the community and see if it's possible. I know that I can Turn On System Protection using PowerShell, using the Enable-ComputerRestore, and I know I can use Checkpoint-Computer to create a checkpoint; however, I'm trying to do this for 500+ devices and I wanted to stay away from using a script and deploy it using SCCM. Thanks!Windows Hello for Business prompt after Hybrid Azure AD Joining Win 10 Device | WHFB disabled
Hello, I'm looking for some clarification on the behaviour around Windows Hello for Business after Hybrid Azure AD joining Windows 10 devices. I recently enabled HAADJ in AAD Connect. As expected first of all, the devices acquire a userCertificate attribute as part of the WorkplaceJoin schedule task, sync to AzureAD as part on the next AADConnect sync cycle and show up in the Azure AD tenant as a HAAD device. The issue I encounter is with the Windows Hello for Business prompt. When a synced user logs in, they're prompted to setup a Windows Hello for Business PIN. You can skip the process and continue but every subsequent login ask you to set-up a PIN which you can sync. The devices are HAADJ but not enrolled into Intune for MDM. In the AzureAD Portal underMicrosoft Intune\Device Enrollment\Windows Enrollment\Windows Hello for Business, it was set asNot Configured.I also changed this toDisabled, but the users still get the prompt. I only way forward I'm finding to deal with this is by setting the settings“Use Windows Hello for Business”under"User Configuration\Administrative Templates\Windows Components\Windows Hello for Business”to Disabled. It was previously set toNot Configured.This stops the setup PIN prompt coming up after login, however, notifications still appear in the notification area after login saying thatThe system is configuredto use Windows Hello for Business, Click here to setup you PIN. I do not get this behaviour in other environments where I have HAADJ configured, with seemingly the same settings. End goal is wanting to retain HAADJ but disable all the prompts for setting up Windows Hello for Business. Any ideas?
New Windows 10 deployment process posters
Take a look at two new process posters that flowchart you through: Deploying Windows 10 with Autopilot Deploying Windows 10 with System Center Configuration Manager See the end-to-end steps with decision points to help you understand these two complex processes and get you down the deployment road faster.
