security
473 TopicsAnnouncing Trusted Launch for Virtual Machines for Windows Server Insiders
Trusted Launch for virtual machines We are excited to announce Trusted Launch for virtual machines (TVMs) in Windows Server Insider Preview. Trusted Launch is a security feature you can enable when creating Hyper-V Generation 2 VMs. It enables Secure Boot, installs a virtual Trusted Platform Module (vTPM), protects vTPM state at rest, and supports boot integrity verification (ability to verify if the VM started in a well-known good state). Further, when the VM runs in a Failover Cluster, the vTPM state is automatically made available when the VM live migrates or fails over to other nodes in the cluster – this ensures the VM remains available after migration or failover. This is unlike a Generation 2 VM with a vTPM, which will not start after migration or failover to another node in the cluster – the TPM state protection key needs to be moved to the destination node manually so the VM can start. With boot integrity verification, the entire boot path is measured and boot integrity is verified by Microsoft Azure Attestation service. This helps detect any alterations to the boot path or boot components. Such alterations, e.g. implanting malware in the boot path, can be detected by boot integrity verification. Increasingly attackers prefer implanting malware in the boot path for a variety of reasons: the OS layer is usually well protected, while firmware – as highly privileged code – can be used to alter what gets loaded (boot loader and drivers). Such alterations are not easily detectable by anti-virus software running at the OS layer. Boot integrity verification helps detect such alterations so a relying party (such as an app or service) can take suitable remediation actions, e.g. shutting down the VM. Boot integrity verification is an important part of establishing trust by verifying that the virtual machine started in a well-known good state. Insider preview TVMs are available for preview starting with Windows Server Insider preview build 29621. This initial preview only supports some of the Trusted Launch capabilities: Secure boot, vTPM, and vTPM state protection (at rest). You can create and manage TVMs using PowerShell. Guest state protection: The guest state (including the vTPM state) for each TVM is protected using a unique key that is stored in a KSP (Key Storage Provider) local to the server. Without this key, the VM will not start. Moving the VM to another server is not supported in this release. Not supported in this release: Moving TVMs to another server. TVMs in Failover Clusters or Hyper-V Replica. Boot integrity verification. Support for TVMs in Windows Admin Center (WAC). Instructions At a high-level, the steps involve: Install Windows Server Insider preview build on your server Enable Hyper-V Enable Trusted Launch feature Verify guest state protection 1. Install Windows Server Insider preview build Trusted Launch for virtual machines is available starting with the Windows Insider preview build number 29621. Install this build or a later build on your server. (Join Windows Server Insiders if you haven’t already!) 2. Enable Hyper-V (if it is not already enabled) Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart After enabling Hyper-V, the server needs to be restarted. 3. Set registry key property value (required to enable the Trusted Launch feature) New-Item -Path "HKLM:\SOFTWARE\Microsoft\AszIgvmAgent" -Force New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\AszIgvmAgent" -Name "TvmWinServer" -Value 1 -PropertyType DWord -Force Setting the above regkey informs relevant system components that the Trusted Launch feature is being used in a Windows Server environment. 4. Enable Trusted Launch feature Enable-WindowsOptionalFeature -Online -FeatureName "IsolatedGuestVm" -NoRestart 5. Verify if IgvmAgent is running IgvmAgent (Isolated Guest Virtual Machine agent) is a system-level service that helps support Trusted Launch capabilities. Get-Service -Name "IGVmAgent" The output should show Status as Running. If the Status is Running, you can skip to next step. If the Status is not Running, please report the issue. Add the following event logs to the report: Event Viewer: Applications and Services Logs => Microsoft => Windows => IGVmAgent => Operational Event Viewer: Applications and Services Logs => Microsoft => Windows => IGVmSystem => Operational You can open Event Viewer via the Run dialog: Press Win + R → type "eventvwr.msc" → press Enter 6. Create an external virtual switch (if you don't already have one you can use) Create and configure a virtual switch with Hyper-V | Microsoft Learn To see available external virtual switches: (Get-VMSwitch | Where-Object { $_.SwitchType -eq "External" }).Name 7. Create TVM If you already have a virtual hard disk (VHD or VHDX) for a Gen 2 VM with an installed guest OS, run: New-VM -Name <VMName> -Generation 2 -GuestStateIsolationType TrustedLaunch -SwitchName <virtual switch name> -VHDPath <path to vhdx> -Path <path to where VM config files will be stored> Else, run: New-VM -Name <VMName> -SwitchName <virtual switch name> -NewVHDPath <path to where new VHD will be stored> -NewVHDSizeBytes 40GB -Generation 2 -GuestStateIsolationType TrustedLaunch -Path <path to where VM config files will be stored> Then, add to the VM a virtual DVD drive containing an ISO image for the guest OS (Windows or Linux OS-compatible with Hyper-V Gen 2 virtual machine). Add-VMDvdDrive -VMName <VMName> -Path <Guest OS ISO image path> Note: The guest OS will be installed when the VM starts up. When connecting to the VM you will be prompted to install the guest OS from the DVD drive. Make sure that the DVD drive is at the top of the boot order specified in the firmware so the VM will boot from the DVD drive. For more information, see New-VM. 8. Verify VM guest state isolation type (Get-VM -name <VMName>).GuestStateIsolationType should return "TrustedLaunch". 9. Verify guest state protection To verify guest state protection, stop IGVmAgent service and restart the VM. Without IGVmAgent in Running state, a TVM with guest state protection will not start. Call to action Trusted Launch brings foundational VM security — Secure Boot, a vTPM, and protected guest state — to Windows Server, helping safeguard your VMs against boot-level and firmware threats. Please try out TVMs and provide your feedback via the Windows Server Insiders Forum. — Christina Curlette and Ram Jeyaraman (and the Windows Server team)Announcing Windows Server vNext Preview Build 29621
Hello Windows Server Insiders! Today we are pleased to release a new build of the next Windows Server Long-Term Servicing Channel (LTSC) Preview that contains both the Desktop Experience and Server Core installation options for Datacenter and Standard editions and Azure Edition (for VM evaluation only). Branding remains Windows Server 2025 in this preview - when reporting issues please refer to Windows Server vNext preview. Build 29531 established a new Server preview baseline build. Please perform a clean install of Build 29531 (or later) using the installation media linked below. Please note: Upgrades from Windows Server vNext preview builds older than 29531 are not supported. We encourage all Windows Server vNext preview users to perform a clean install using 29531 or later to successfully upgrade to future Windows Server vNext preview builds. While upgrades from earlier Windows Server previews (Build 26525 and older) are not technically blocked by setup.exe, a number of known issues have been identified related to upgrades necessitating the establishment of a new baseline build for our Server vNext Preview Program. The new baseline build (29531) will not be Flighted due to upgrade issues. Flighting support resumed with preview build 29550 or later. What's New [NEW] We're excited to announce Trusted Launch for virtual machines (TVMs) on Windows Server—a security feature you can enable when creating Generation 2 VMs. This initial preview supports TVMs with Secure Boot, vTPM, and vTPM state protection (at rest), managed via PowerShell. ⚠ Not supported in this release: Moving TVMs to another server TVMs in failover clusters or Hyper-V Replica Boot integrity verification TVMs in Windows Admin Center (WAC) Instructions 1. Install the latest ServerInsider preview build. 2. Enable Hyper-V (restarts the server): Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart 3. Set the registry keys: New-Item -Path "HKLM:\SOFTWARE\Microsoft\AszIgvmAgent" -Force New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\AszIgvmAgent" -Name "TvmWinServer" -Value 1 -PropertyType DWord -Force 4. Enable Trusted Launch: Enable-WindowsOptionalFeature -Online -FeatureName "IsolatedGuestVm" -NoRestart 5. Verify IGVmAgent is running (should show Running): Get-Service -Name "IGVmAgent" If it isn't running, report the issue with the IGVmAgent and IGVmSystem Operational logs (Event Viewer → Applications and Services Logs → Microsoft → Windows). 6. Create an external virtual switch (if needed): (Get-VMSwitch | Where-Object { $_.SwitchType -eq "External" }).Name 7. Create the TVM. With an existing Gen 2 VHDX: New-VM -Name <VMName> -Generation 2 -GuestStateIsolationType TrustedLaunch -SwitchName <switch> -VHDPath <path to vhdx> -Path <config path> Or with a new VHD, then attach a Gen 2–compatible guest OS ISO: New-VM -Name <VMName> -SwitchName <switch> -NewVHDPath <new VHD path> -NewVHDSizeBytes 40GB -Generation 2 -GuestStateIsolationType TrustedLaunch -Path <config path> Add-VMDvdDrive -VMName <VMName> -Path <Guest OS ISO path> Ensure the DVD drive is first in the firmware boot order so the VM boots from it. 8. Verify isolation type (should return TrustedLaunch): (Get-VM -Name <VMName>).GuestStateIsolationType 9. Verify guest state protection: Stop the IGVmAgent service and restart the VM—without IGVmAgent running, a Trusted launch VM with guest state protection won't start. For more information, please review our blog post: Announcing Trusted Launch for Virtual Machines for Windows Server Insiders | Microsoft Community Hub Quick Machine Recovery available in Windows Server vNext Insider Previews. Quick machine recovery (QMR) is now available for Server vNext Insiders to test. This feature enables the recovery of Windows Server devices when they encounter boot critical errors that prevent them from booting. QMR can automatically search for cloud‑based remediations to recover from widespread boot failures significantly reducing the burden on IT administrators when multiple devices are impacted. This supports the goals of the Windows Resiliency Initiative by enabling applicable fixes to be delivered through trusted Windows Update to restore affected devices, helping reduce downtime and minimize manual recovery efforts across enterprise environments. This feature is currently enabled in the latest Server vNext Insider builds for customers to experience test mode. A Group Policy option to enable or disable the feature will be introduced in upcoming builds to provide additional administrative control. To simulate the quick machine recovery experience, use the following commands from an elevated command prompt: Enable test mode: reagentc.exe /SetRecoveryTestmode Configure Windows to boot to Windows Recovery Environment on the next boot: reagentc.exe /BootToRe Reboot your device. The system goes through autoremediation of a simulated crash safely and reboots back to Windows Server. For more information, please review Quick machine recovery (QMR) and Windows Resiliency Initiative. When providing feedback using Feedback hub, please select QMR from the Recovery and Uninstall category in the app. NVMe-over-Fabrics (NVMe-oF) extends the NVMe protocol—originally designed for local PCIe-attached SSDs—across a network fabric. Instead of using legacy SCSI-based protocols such as iSCSI or Fibre Channel, NVMe-oF allows a host to communicate directly with remote NVMe controllers using the same NVMe command set used for local devices. In this Insider build, Windows Server supports: NVMe-oF over TCP (NVMe/TCP), allowing NVMe-oF to run over standard Ethernet networks without specialized hardware. NVMe-oF over RDMA (NVMe/RDMA), enabling low-latency, high-throughput NVMe access over RDMA-capable networks (for example, RoCE or iWARP) using supported RDMA NICs. For more information, please visit: Introducing the Windows NVMe-oF Initiator Preview in Windows Server Insiders Builds | Microsoft Community Hub ReFS Boot is enabled for Windows Server vNext preview builds. Known Limitations ReFS Boot systems create a minimum 2GB WinRE partition. When WinRE cannot be updated due to space constraints, the system may disable WinRE. Disabling WinRE does not remove the partition. If the WinRE partition is deleted and the boot volume is extended over it, this operation is unrecoverable without a clean install. For more information, please visit: Resilient File System (ReFS) overview | Microsoft Learn Feedback Hub app is available for Server Desktop users! The app should automatically update with the latest version, but if it does not, simply Check for updates in the app’s settings tab. Known Issues A race condition in the TLS hybrid key exchange implementation may cause the LSASS service to crash when hybrid groups are negotiated by a TLS server. To avoid this issue until the fix is released, please disable hybrid groups (X25519_MLKEM768, SecP256r1_MLKEM768, SecP384r1_MLKEM1024) using TLS cmdlets or Group Policy, as outlined here. Server Core Upgrades and AppCompat FOD: Enabling AppCompat FOD after reinstall may fail due to legacy 3rd-party license compatibility issues on Server Core devices. Server Core users may be unable to install the latest AppCompat FOD after upgrading to build 29574. This appears to be limited to Server Core installations with 3rd-party application licenses that fail compatibility checks after upgrade. This will be addressed in a future build. Upgrading from older builds of Windows Server vNext previews (26525 or older) are not supported. Please perform a clean install of build 29531 or later. Users may experience failures when attempting to upgrade from earlier previews (build 26525 and older). VMs may fail to upgrade or start after upgrade from older preview builds impacting live migration and failover cluster scenarios. Download Windows Server Insider Preview (microsoft.com) Flighting: The label for this flight may incorrectly reference Windows 11. However, when selected, the package installed is the Windows Server vNext update. Please ignore the label and proceed with installing your flight. This issue will be addressed in a future release. Available Downloads Downloads to certain countries may not be available. See Microsoft suspends new sales in Russia - Microsoft On the Issues. Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only. Windows Server Datacenter Azure Edition Preview in ISO and VHDX format, English only. Microsoft Server Languages and Optional Features Preview Keys: Keys are valid for preview builds only Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67 Azure Edition does not accept a key. Symbols: Available on the public symbol server – see Using the Microsoft Symbol Server. Expiration: This Windows Server Preview will expire September 15, 2026. How to Download Registered Insiders may navigate directly to the Windows Server Insider Preview download page. If you have not yet registered as an Insider, see GETTING STARTED WITH SERVER on the Windows Insiders for Business portal. We value your feedback! The most important part of the release cycle is to hear what's working and what needs to be improved, so your feedback is extremely valued. Please use the new Feedback Hub app for Windows Server if you are running a Desktop version of Server. If you are using a Core edition, or if you are unable to use the Feedback Hub app, you can use your registered Windows 10 or Windows 11 Insider device and use the Feedback Hub application. In the app, choose the Windows Server category and then the appropriate subcategory for your feedback. In the title of the Feedback, please indicate the build number you are providing feedback on as shown below to ensure that your issue is attributed to the right version: [Server #####] Title of my feedback See Give Feedback on Windows Server via Feedback Hub for specifics. The Windows Server Insiders space on the Microsoft Tech Communities supports preview builds of the next version of Windows Server. Use the forum to collaborate, share and learn from experts. For versions that have been released to general availability in market, try the Windows Server for IT Pro forum or contact Support for Business. Diagnostic and Usage Information Microsoft collects this information over the internet to help keep Windows secure and up to date, troubleshoot problems, and make product improvements. Microsoft server operating systems can be configured to turn diagnostic data off, send Required diagnostic data, or send Optional diagnostic data. During previews, Microsoft asks that you change the default setting to Optional to provide the best automatic feedback and help us improve the final product. Administrators can change the level of information collection through Settings. For details, see http://aka.ms/winserverdata. Also see the Microsoft Privacy Statement. Terms of Use This is pre-release software - it is provided for use "as-is" and is not supported in production environments. Users are responsible for installing any updates that may be made available from Windows Update. All pre-release software made available to you via the Windows Server Insider program is governed by the Insider Terms of Use.507Views1like0CommentsHow to check RDP access to the server
Hello, I have a virtual machine running Windows Server 2019 Datacenter with Active Directory, and all users access it via RDP. No specific access configurations have been set up; I wanted to know if it is possible to check how many times a specific user has connected and from which IP address—is that possible? Also, I wanted to ask if it is possible to determine whether a specific user copied files to their local PC using copy/paste during a session. Thank you24Views0likes1Commentntoskrnl.exe and build version not getting updated after applying KB5078740 on server 2025
I have installed the latest March patch kb5078740 on server 2025 which was upgraded from server 2022. the patch is showing installed but the ntoskrnl.exe and build version is still showing 10.0.26100.4652. Qualys is detecting it as patch not installed based on file version which should be 10.0.21600.32522. Please let me know how to fix this issue.587Views1like1CommentSecure Boot update still pending on deadline day
After checking the registry keys on 2x VMs which run services for a number of important customers I found they both have: UEFICA2023Error 2147942750 Apparently this means they're pending a reboot. https://blog.mindcore.dk/2026/04/secure-boot-certificate-update-intune/ I can't reboot the VM inside working hours, can they be rebooted after the deadline or do I need to disable Secure Boot on the VMs? I'm concerned I'll have to disable Secure Boot before they're next rebooted for Windows updates.53Views0likes1CommentBLOG: Windows Insiders - State of vbscript deprecation June 2026
While I greatly appreciate the decision of vbscript / cscript / wscript removal, with security and hardening in mind – I would also appreciate if Microsoft could be actively using the vNext release channel, preparing for feature removal. With this blogpost, I am sharing my point of view on the state of dependencies I am seeing in this regard, focusing on a way forward towards the full removal of vbscript. My findings show, that there is a quite some action required, and this stands a bit contrary to the announcement, Microsoft intends removing the optional feature of vbscript by default with the upcoming release - anticipated by fall 2027. Given my lessons learned from Secure Boot CA2023 exchange initiative, Microsoft guidance, foremost PowerShell based scripts, tooling and dashboards have been released quite late, looking at the timeline, considering the impact and scale customers had to deal with, and consequences for their security posture if they are not ready and done, with first certificates to expire soon. Taking this learning into account and and projecting it to vbscript deprecration I come to the following conclusion: SMB customers, enterprises, Microsoft Products, see below, are required to be updated or replaced, in order of adopting this change. I believe there is quite some communication and learning curve required for users, admins, enterprises and OEMs in adopting the implicated change and including changed workflows and automation processes. Looking forward to the next Windows Insider and esp. Windows Server Insider vNext builds! Both Windows Insiders and Windows Server Insiders, also including ISV and OEMs may assist in reviewing and validating the new workflows required - assuming vbscript deprecation is in effect, as planned. Without further ado, I am sharing my observations in regard to VBScript deprecation. I will try to keep this blogpost updated as soon I am aware about public facing changes. Third-Party AMD Chipset drivers so far is one of the major non MSFT related blockers. Suggestions: Microsoft should initiate talks with AMD and other ISV and OEMs fixing their dependencies, also offering other solutions, see below. Currently AMD Chipset drivers silently using vbscript calls checking for OS and HW platform compatibility. The installer fails when vbscript optional feature is removed. OEM, ISV and Enterprise Potentially affected: expected dependencies for imaging, deployment and management workflows. Related or unrelated to Microsoft products. LOB apps custom Office Integration logon and logoff scripts setup and installers Recommendation: Please observe vbscript related events in Windows Event Viewer at scale using PowerShell, Remoting or Windows Event Subscriptions: VBScriptDeprecationAlert Event ID 4096 VBScript is scheduled for deprecation. Our telemetry indicates that your system is currently utilizing VBScript. We strongly recommend identifying and migrating away from any VBScript dependencies at the earliest. The following process has been detected as using VBScript. The associated process tree and call stack are provided below to assist in identifying the scenario in which VBScript was invoked. Microsoft Windows Server and Client OS affected: slmgr.vbs / printer management vbscripts / product activation logic and UX, setup.exe, slui.exe Office 2024 LTSC affected: slmgr.vbs / ospp.vbs / Office deployment toolkit / product activation logic Microsoft has placed a new PowerShell based script into the respective OSPP folder. This script however is rather offering on checking licensing and cannot activate the Office product at this time. Microsoft 365 Business, Enterprise, Home, Family Affected: ospp.vbs despite being subscription based will also trouble with activation once vbscript is removed Sconfig Related to product activation. no changes so far, relies on external changes. The script itself is safe to comply with the change, now it has been reworked and updated using PowerShell , starting Windows Server 2022. WinRM Affected: the whole WinRM configuration command, e.g. winrm qc Windows Server Roles and Features: KMS / ADBA Potentially affected as they rely on slmgr for adding and removing CSVLK keys. Windows Server Roles and Features: IIS legacy IIS extension management. Windows Server Roles and Features: WSUS related deployment and configuration scripts. System Center Products incl. ConfigMgr there might be depencendies for OS deployments in regard to OS imaging. ADK, esp. Windows Imaging Tools and VAMT 3 potentially affected. Need to adopt changes in regard to activation and other operations. Suggestions: Recommending all these scripts being converted using Claude or Copilot from vbscript to PowerShell. Providing a serviceable PS modules, especially for printer management, product activation, which enables enterprises to automate their activations and printers, even though Microsoft is going to remove vbscript. The modules should be improved for existing day two adminstration tasks and workflows. slmgr, in particular, had some nuances that were tedious such as identifying and removing (stale) activation keys. Existing tools like slmgr and other will not work well in remoting. They do something but their interactive parts and outputs are reserved for interactive user sessions. Example: you can use slmgr in a remote PowerShell session for installing and activating a key but therer is no result return to the shell. Combining slui.exe and slmgr.vbs into aforementioned improvements in functionality and syntax. Consider support for PowerShell 7 in WinRE and Offline Setup phase. Many thanks for your consideration! Directory: C:\Windows\System32\Printing_Admin_Scripts\en-US Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 4/16/2026 10:43 AM 98756 prncnfg.vbs -a--- 4/16/2026 10:43 AM 66172 prndrvr.vbs -a--- 4/16/2026 10:43 AM 62698 prnjobs.vbs -a--- 4/16/2026 10:43 AM 95908 prnmngr.vbs -a--- 4/16/2026 10:43 AM 71616 prnport.vbs -a--- 4/16/2026 10:43 AM 44278 prnqctl.vbs -a--- 4/16/2026 10:43 AM 22612 pubprn.vbs Directory: C:\Windows\System32 Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 4/16/2026 9:14 AM 4119 CallUxxProvider.vbs -a--- 4/16/2026 9:14 AM 145712 slmgr.vbs -a--- 4/16/2026 9:14 AM 1720 SyncAppvPublishingServer.vbs -a--- 4/16/2026 9:14 AM 204072 winrm.vbs Directory: C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 4/16/2026 10:43 AM 98756 prncnfg.vbs -a--- 4/16/2026 10:43 AM 66172 prndrvr.vbs -a--- 4/16/2026 10:43 AM 62698 prnjobs.vbs -a--- 4/16/2026 10:43 AM 95908 prnmngr.vbs -a--- 4/16/2026 10:43 AM 71616 prnport.vbs -a--- 4/16/2026 10:43 AM 44278 prnqctl.vbs -a--- 4/16/2026 10:43 AM 22612 pubprn.vbs Directory: C:\Windows\SysWOW64 Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 4/16/2026 9:14 AM 145712 slmgr.vbs -a--- 4/16/2026 9:14 AM 204072 winrm.vbs Directory: C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.29574.1000_none_0895f7c27f109b8a Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 4/16/2026 9:14 AM 1720 SyncAppvPublishingServer.vbs Directory: C:\Windows\WinSxS\amd64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_10.0.29574.1000_none_ba69ed912e209e30 Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 4/16/2026 9:14 AM 98133 adsutil.vbs -a--- 4/16/2026 9:14 AM 41401 IIsExt.vbs Directory: C:\Windows\WinSxS\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_10.0.29574.1000_en-us_ 4ad0e09e0339f1ef Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 4/16/2026 10:43 AM 98756 prncnfg.vbs -a--- 4/16/2026 10:43 AM 66172 prndrvr.vbs -a--- 4/16/2026 10:43 AM 62698 prnjobs.vbs -a--- 4/16/2026 10:43 AM 95908 prnmngr.vbs -a--- 4/16/2026 10:43 AM 71616 prnport.vbs -a--- 4/16/2026 10:43 AM 44278 prnqctl.vbs -a--- 4/16/2026 10:43 AM 22612 pubprn.vbs Directory: C:\Windows\WinSxS\amd64_microsoft-windows-s..r-core-mgmtprovider_31bf3856ad364e35_10.0.29574.1000_none_62cec50667f8da2a Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 4/16/2026 9:14 AM 4119 CallUxxProvider.vbs Directory: C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-tools_31bf3856ad364e35_10.0.29574.1000_none_81bcc6c67609fdb9 Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 4/16/2026 9:14 AM 145712 slmgr.vbs Directory: C:\Windows\WinSxS\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.29574.1000_none_0688f60763f16bc8 Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 4/16/2026 9:14 AM 204072 winrm.vbs Directory: C:\Windows\WinSxS\amd64_updateservices-services_31bf3856ad364e35_10.0.29574.1000_none_bae89f3176313538 Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 4/16/2026 9:14 AM 8332 DynamicCompression.vbs -a--- 4/16/2026 9:14 AM 4289 SetAppPool.vbs -a--- 4/16/2026 9:14 AM 5813 SetMimeMap.vbs Directory: C:\Windows\WinSxS\wow64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_10.0.29574.1000_none_c4be97e36281602b Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 4/16/2026 9:14 AM 41401 IIsExt.vbs Directory: C:\Windows\WinSxS\wow64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_10.0.29574.1000_en-us_ 55258af0379ab3ea Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 4/16/2026 10:43 AM 98756 prncnfg.vbs -a--- 4/16/2026 10:43 AM 66172 prndrvr.vbs -a--- 4/16/2026 10:43 AM 62698 prnjobs.vbs -a--- 4/16/2026 10:43 AM 95908 prnmngr.vbs -a--- 4/16/2026 10:43 AM 71616 prnport.vbs -a--- 4/16/2026 10:43 AM 44278 prnqctl.vbs -a--- 4/16/2026 10:43 AM 22612 pubprn.vbs Directory: C:\Windows\WinSxS\wow64_microsoft-windows-security-spp-tools_31bf3856ad364e35_10.0.29574.1000_none_8c117118aa6abfb4 Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 4/16/2026 9:14 AM 145712 slmgr.vbs Directory: C:\Windows\WinSxS\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.29574.1000_none_10dda05998522dc3 Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 4/16/2026 9:14 AM 204072 winrm.vbs related announcements: https://techcommunity.microsoft.com/blog/Windows-ITPro-blog/vbscript-deprecation-timelines-and-next-steps/4148301895Views3likes5CommentsSave the date: Secure Boot Q&A in July
To help, Microsoft is continuing its Q&A series with several opportunities to connect directly with Microsoft experts. Whether you're managing physical servers, virtualized workloads, or working with your hardware partners on firmware readiness, you can get answers to the questions that matter most to your environment. Learn more and add the events to your calendar: 8:00 AM PDT July 1 - Windows Server Secure Boot AMA 8:00 AM PDT July 8 - Secure Boot Office Hours for virtualized environments 7:00 AM - 7:00 PM PDT July 15 - OEM Secure Boot Office Hours If there's a question that's been holding up your rollout—or one you simply want to validate before moving forward—this is a great opportunity to ask. Feel free to post questions ahead of time or join the conversation live. We look forward to seeing you there.129Views1like0CommentsAnnouncing Windows Server vNext Preview Build 29602
Hello Windows Server Insiders! Today we are pleased to release a new build of the next Windows Server Long-Term Servicing Channel (LTSC) Preview that contains both the Desktop Experience and Server Core installation options for Datacenter and Standard editions and Azure Edition (for VM evaluation only). Branding remains Windows Server 2025 in this preview - when reporting issues please refer to Windows Server vNext preview. Build 29531 established a new Server preview baseline build. Please perform a clean install of Build 29531 (or later) using the installation media linked below. Please note: Upgrades from Windows Server vNext preview builds older than 29531 are not supported. We encourage all Windows Server vNext preview users to perform a clean install using 29531 or later to successfully upgrade to future Windows Server vNext preview builds. While upgrades from earlier Windows Server previews (Build 26525 and older) are not technically blocked by setup.exe, a number of known issues have been identified related to upgrades necessitating the establishment of a new baseline build for our Server vNext Preview Program. The new baseline build (29531) will not be Flighted due to upgrade issues. Flighting support resumed with preview build 29550 or later. What's New Quick Machine Recovery available in Windows Server vNext Insider Previews. Quick machine recovery (QMR) is now available for Server vNext Insiders to test. This feature enables the recovery of Windows Server devices when they encounter boot critical errors that prevent them from booting. QMR can automatically search for cloud‑based remediations to recover from widespread boot failures significantly reducing the burden on IT administrators when multiple devices are impacted. This supports the goals of the Windows Resiliency Initiative by enabling applicable fixes to be delivered through trusted Windows Update to restore affected devices, helping reduce downtime and minimize manual recovery efforts across enterprise environments. This feature is currently enabled in the latest Server vNext Insider builds for customers to experience test mode. A Group Policy option to enable or disable the feature will be introduced in upcoming builds to provide additional administrative control. To simulate the quick machine recovery experience, use the following commands from an elevated command prompt: 1. Enable test mode: reagentc.exe /SetRecoveryTestmode 2. Configure Windows to boot to Windows Recovery Environment on the next boot: reagentc.exe /BootToRe 3. Reboot your device.The system goes through autoremediation of a simulated crash safely and reboots back to Windows Server. For more information, please review Quick machine recovery (QMR) and Windows Resiliency Initiative. When providing feedback using Feedback hub, please select QMR from the Recovery and Uninstall category in the app. NVMe-over-Fabrics (NVMe-oF) extends the NVMe protocol—originally designed for local PCIe-attached SSDs—across a network fabric. Instead of using legacy SCSI-based protocols such as iSCSI or Fibre Channel, NVMe-oF allows a host to communicate directly with remote NVMe controllers using the same NVMe command set used for local devices. In this Insider build, Windows Server supports: NVMe-oF over TCP (NVMe/TCP), allowing NVMe-oF to run over standard Ethernet networks without specialized hardware. NVMe-oF over RDMA (NVMe/RDMA), enabling low-latency, high-throughput NVMe access over RDMA-capable networks (for example, RoCE or iWARP) using supported RDMA NICs. For more information, please visit: Introducing the Windows NVMe-oF Initiator Preview in Windows Server Insiders Builds | Microsoft Community Hub ReFS Boot is enabled for Windows Server vNext preview builds. Known Limitations ReFS Boot systems create a minimum 2GB WinRE partition. When WinRE cannot be updated due to space constraints, the system may disable WinRE. Disabling WinRE does not remove the partition. If the WinRE partition is deleted and the boot volume is extended over it, this operation is unrecoverable without a clean install. For more information, please visit: Resilient File System (ReFS) overview | Microsoft Learn Feedback Hub app is available for Server Desktop users! The app should automatically update with the latest version, but if it does not, simply Check for updates in the app’s settings tab. Known Issues [NEW] A race condition in the TLS hybrid key exchange implementation may cause the LSASS service to crash when hybrid groups are negotiated by a TLS server. To avoid this issue until the fix is released, please disable hybrid groups (X25519_MLKEM768, SecP256r1_MLKEM768, SecP384r1_MLKEM1024) using TLS cmdlets or Group Policy, as outlined here. Server Core Upgrades and AppCompat FOD: Enabling AppCompat FOD after reinstall may fail due to legacy 3rd-party license compatibility issues on Server Core devices. Server Core users may be unable to install the latest AppCompat FOD after upgrading to build 29574. This appears to be limited to Server Core installations with 3rd-party application licenses that fail compatibility checks after upgrade. This will be addressed in a future build. Upgrading from older builds of Windows Server vNext previews (26525 or older) are not supported. Please perform a clean install of build 29531 or later. Users may experience failures when attempting to upgrade from earlier previews (build 26525 and older). VMs may fail to upgrade or start after upgrade from older preview builds impacting live migration and failover cluster scenarios. Download Windows Server Insider Preview (microsoft.com) Flighting: The label for this flight may incorrectly reference Windows 11. However, when selected, the package installed is the Windows Server vNext update. Please ignore the label and proceed with installing your flight. This issue will be addressed in a future release. Available Downloads Downloads to certain countries may not be available. See Microsoft suspends new sales in Russia - Microsoft On the Issues. Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only. Windows Server Datacenter Azure Edition Preview in ISO and VHDX format, English only. Microsoft Server Languages and Optional Features Preview Keys: Keys are valid for preview builds only Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67 Azure Edition does not accept a key. Symbols: Available on the public symbol server – see Using the Microsoft Symbol Server. Expiration: This Windows Server Preview will expire September 15, 2026. How to Download Registered Insiders may navigate directly to the Windows Server Insider Preview download page. If you have not yet registered as an Insider, see GETTING STARTED WITH SERVER on the Windows Insiders for Business portal. We value your feedback! The most important part of the release cycle is to hear what's working and what needs to be improved, so your feedback is extremely valued. Please use the new Feedback Hub app for Windows Server if you are running a Desktop version of Server. If you are using a Core edition, or if you are unable to use the Feedback Hub app, you can use your registered Windows 10 or Windows 11 Insider device and use the Feedback Hub application. In the app, choose the Windows Server category and then the appropriate subcategory for your feedback. In the title of the Feedback, please indicate the build number you are providing feedback on as shown below to ensure that your issue is attributed to the right version: [Server #####] Title of my feedback See Give Feedback on Windows Server via Feedback Hub for specifics. The Windows Server Insiders space on the Microsoft Tech Communities supports preview builds of the next version of Windows Server. Use the forum to collaborate, share and learn from experts. For versions that have been released to general availability in market, try the Windows Server for IT Pro forum or contact Support for Business. Diagnostic and Usage Information Microsoft collects this information over the internet to help keep Windows secure and up to date, troubleshoot problems, and make product improvements. Microsoft server operating systems can be configured to turn diagnostic data off, send Required diagnostic data, or send Optional diagnostic data. During previews, Microsoft asks that you change the default setting to Optional to provide the best automatic feedback and help us improve the final product. Administrators can change the level of information collection through Settings. For details, see http://aka.ms/winserverdata. Also see the Microsoft Privacy Statement. Terms of Use This is pre-release software - it is provided for use "as-is" and is not supported in production environments. Users are responsible for installing any updates that may be made available from Windows Update. All pre-release software made available to you via the Windows Server Insider program is governed by the Insider Terms of Use.1.2KViews2likes0CommentsWindows Server 2025 update with error 0x80073712
Hello Can I have some help? Windows Server 2025 Std, V 24H2, OS build: 26100.32522 The 2026-04 Security Update (KB5082063) (26100.32690) fails with the following error: Installation failed: Windows failed to install the following update with error 0x80073712: 2026-04 Security Update (KB5082063) (26100.32690). Thanks in advance MadUrantia245Views0likes2Comments