Windows 11 automatically restarting after install security Update — With GPO and WSUS.
Hi everyone, I’m facing a strange behavior with Windows 11 devices that receive updates through WSUS and are fully managed via Group Policy. Here’s the scenario: We have a GPO configured as follows: -Configure Automatic Updates → 4 (Auto download and schedule the install) -Scheduled installation every day at 10:00 -Install during automatic maintenance → disabled -Active Hours configured -Turn off auto-restart for updates during active hours → Enabled -Update deadlines set to 0 (to avoid any forced restart) -No other restart-related policies set in the domain Even with this configuration, after updates are installed, Windows 11 shows the following message: “Your organization manages update settings. We will restart and install this update at X minutes.” And then the device automatically restarts, even when: -a user is logged in -it is outside Active Hours -deadlines are disabled -no-auto-restart is enabled This behavior does not happen on Windows 10 — only on Windows 11.
Runtime installations on Azure Functions
We have a serverless requirement to run an ETL tool jobs from Azure Functions. The run time utility package for the ETL tool, would need to be installed on the azure functions, so it can run those utility tasks when invoked. Is there a standard way of installing a utility package every time the azure function is invoked? Note the azure function would be in python and python does not have an existing package to run informatica jobs.
Partial script not running while deployment
Hi All, I am deploying a windows VM in Azure using terraform and want to install some software while deployment so I thought about PS script extension. Things are working fine for me however ENV variables is not getting added though If I will run this script in the system after deployment then everything is right. Can anyone suggest me why only ENV variable is not getting set. you can read the script here, https://raw.githubusercontent.com/INGourav/Azure-Resources/master/azbastionsetup01.ps1 <# Script to install chocolatey on the windows system and install some apps that is needed for Azure Author : - Gourav Kumar Reach Me : - email address removed for privacy reasons Version : - 1.0.1 #> Set-ExecutionPolicy Bypass -Scope Process -Force; New-Item -Path 'C:\Temp\terraform_1.2.4_windows_amd64' -ItemType Directory # setting env vars $path = (Get-Item -Path Env:\Path).Value Start-Sleep -Seconds 5; $newpath = $path + 'C:\Temp\terraform_1.2.4_windows_amd64' Start-Sleep -Seconds 5; Set-Item -Path Env:\Path -Value $newpath # Installation of Terraform on the machine Invoke-WebRequest 'https://releases.hashicorp.com/terraform/1.2.4/terraform_1.2.4_windows_amd64.zip' -OutFile C:\temp\terraform_1.2.4_windows_amd64.zip -Verbose Start-Sleep -Seconds 5; Expand-Archive C:\temp\terraform_1.2.4_windows_amd64.zip C:\temp\terraform_1.2.4_windows_amd64 -Verbose -Force Start-Sleep -Seconds 5; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) -Verbose Start-Sleep -Seconds 5; # Installation of apps (Pycharm, vscode, git, and drwaio) choco install pycharm -y --force; Start-Sleep -Seconds 5; choco install vscode -y --force; Start-Sleep -Seconds 5; choco install git -y --force; Start-Sleep -Seconds 5; choco install drawio -y --force; Start-Sleep -Seconds 5; The code that I am using to deploy resources is as follows, provider "azurerm" { features {} } data "azurerm_subnet" "vmsnet" { name = "vm_subnet" virtual_network_name = "az_test" resource_group_name = "poc" } resource "azurerm_resource_group" "vmrg" { name = "tfvmtestrg" location = "uk south" } resource "azurerm_network_interface" "az_vm_nic" { location = "uk south" name = "tfvmtestnic" resource_group_name = azurerm_resource_group.vmrg.name ip_configuration { name = "internal" private_ip_address_allocation = "Dynamic" subnet_id = data.azurerm_subnet.vmsnet.id } } resource "azurerm_windows_virtual_machine" "az_vm_win" { admin_password = "tfvmtestrgrtetghcgh" admin_username = "tfvmtestrg" location = "uk south" name = "tfvmtestvm" network_interface_ids = [azurerm_network_interface.az_vm_nic.id] resource_group_name = azurerm_resource_group.vmrg.name size = "Standard_D2s_v3" os_disk { caching = "ReadWrite" storage_account_type = "Standard_LRS" } source_image_reference { publisher = "MicrosoftWindowsServer" offer = "WindowsServer" sku = "2022-Datacenter" version = "latest" } } resource "azurerm_virtual_machine_extension" "vmext" { name = azurerm_windows_virtual_machine.az_vm_win.name virtual_machine_id = azurerm_windows_virtual_machine.az_vm_win.id publisher = "Microsoft.Compute" type = "CustomScriptExtension" type_handler_version = "1.10" ### THIS PART IS ALL NEEDED, INCLUDING THE WEIRD SETTINGS BIT. settings = <<SETTINGS { "commandToExecute": "powershell -ExecutionPolicy Unrestricted -File azbastionsetup01.ps1", "fileUris": ["https://raw.githubusercontent.com/INGourav/Azure-Resources/master/azbastionsetup01.ps1"] } SETTINGS }
Azure Machine Learning compute cluster - avoid using docker?
Hello, I would like to use an Azure Machine Learning Compute Cluster as a compute target but do not want it to containerize my project. Is there a way to deactivate this "feature" ? The main reasons behind this request is that : I already set up a docker-compose file that is used to specify 3 containers for Apache Airflow and want to avoid a Docker-in-Docker situation. Especially that I already tried to do so but failed so far. I prefer not to use a Compute Instance as it is tied to an Azure account which is not ideal for automation purposes. Thanks in advance.
Allow to take RDP from Laptop only and not from IP
Hello Experts, We have scenario where , We want to Allow to take RDP from His Laptop only. Which mean user is allowed to take of RDP of Some Server only from his Laptop and not from any other Computers. We have already checked for Windows firewall but it is working for IP based , and We want for Machine based. as user is roaming between Offices. Please suggest if there is any GPO or Policy or Firewall Rule using which If possible to take RDP using Machine based and not IP based. ThanksExperience with Automanage Machine Configuration
Hi, I am experimenting with Automanage Machine Configuration and find the overall experience and documentation very poor. I am wondering if there are others who have experience with automanage and can point me towards additional documentation. I have built an example implementation which I am using as my lab setup: https://github.com/JelleBroekhuijsen/azure-automanage-example What I am experiencing is that the compliance-state reporting seems to be very inconsistent. Sometimes these sample configurations reports everything being compliant while maybe 30 minutes later the same configuration is marked as incompliant (while the VM is observably in a compliant state). Additionally, there seems to be no option to get support or report issues with the GuestConfiguration-extension (for Windows) or the GuestConfiguration PowerShell module. For instance, in my experimenting with the module I found that calling the PackageManagement DSC resource from within a configuration leads to a conflict with the embedded PackageManagement module in the windows extension. I found a workaround for this, but I have no way to report this issue.
Azure Function to unzip blob to specific blob folder
If this is not the right group to post this, please let me know. I am not much of a developer but have a need to extract a ZIP file that resides in a Blob Container into the same container in a specific folder, I would like that folder to be named the same of the zip filename. I have found several Azure Function blobs that use the new file blob trigger but all of them simply extract all the files in a specific container. I cannot for the life of me figure out how to tell it to save it in a specific folder and how to get it to pull the name of the file to name that folder. Does anyone have a template or code they would be willing to share with me? The reason I need this is due to the fact that Power Automate's "extract to ***" connectors have a limit of 100 files in the zip. Of course my zip files have just over 100 files in them......
Active Directory Unable to reset user passwords
I am managing a Windows Server 2025 Active Directory environment with client machines. I created a test user and enabled the option “User must change password at next logon.” I then provided a temporary password to the user, expecting them to get the prompt to change it on first login. However, when the user attempts to change the password, they receive the error: “The user must change password before signing in.” My goal is that when I provide a temporary password to a user: They get the prompt to change the password at next logon. When they change it, it should not throw the “user must change password before signing in” error. I need guidance on how to achieve this so users can reset their passwords successfully.Add Passkey support to Active Directory
Everyone, Please go to the feedback hub and upvote my suggestion to add passkey support to Active Directory Domain Services: https://aka.ms/AAw8z54 The reason I am recommending this is because there needs to be a standard way to use passkeys in an AD environment.
