Category Archives: Windows 10

Download Windows 10 Insider Program ISO files

Posted on by
Reply

If you are in the Windows Insider Program (you really should be! More info here) then you can switch from a regular Windows 7, 8, 8.1 or 10 installation to a Windows 10 Insider Preview installation.

But if you do not want to go that way or if you want to test Deployment for instance 😉 then you need an ISO for that. And the good news is Microsoft provides these. Ok not for all the Builds, but they appear regularly!

The latest Build available is Build #18290. This build is from December, so you are pretty close to the latetst one.

Get your Windows 10 Insider Preview Build now:

https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewadvanced

Here you can choose which version you would like:

2019-01-12 11_25_37

And the language:

2019-01-12 11_27_02

2019-01-12 11_26_50

Happy Download!

Expose virtualization extensions to Hyper-V Virtual Machine

Posted on by
Reply

HOW-TO: Expose virtualization extensions to Hyper-V Virtual Machine

In the current world of virtualization it is possible to run Virtualization solutions inside a virtual machine.

So it is possible to run Hyper-V inside a Hyper-V virtual machine, or maybe you want to play around with one of the competitors like VMware ESX of Citrix Hyperviser (the former XenServer!). Microsoft, of course does not support these OSes, but you can always try 🙂

To do so you need a PowerShell line, because it is not (yet) possible for the GUI.

From the Microsoft Docs pages (VERY good info there!) you find the Prerequisites:

Prerequisites

  • The Hyper-V host and guest must both be Windows Server 2016/Windows 10 Anniversary Update or later.
  • VM configuration version 8.0 or greater.
  • An Intel processor with VT-x and EPT technology — nesting is currently Intel-only.

To enable Nested Virtualization use:

Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true

To disable Nested Virtualization use:

Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $false

And because it is PowerShell you can do nice things in scripts for instance,

Get-VM | where state -eq ‘Off’ | Set-VMProcessor -ExposeVirtualizationExtensions $true

This enables the virtulization extension on all virtual machines which do not have it enabeld already.

 

HOW-TO: Enroll in the Windows Insider Program!

Posted on by
Reply

HOW-TO: Enroll in the Windows Insider Program!

Just a short blog on how to enroll yourself in the Windows Insider Program.

At the moment there are 2 Rings in which you can enter, the Slow or Fast ring.

In the Fast ring you are at the front edge of the development of the Windows client OS. You get the new features first and can participate in discussions with the developers. In the Slow ring the new features are already tested and you can get a glimpse on what will be delivered with the new feature update on you production or home device!

Get participating because: Sharing is Caring!

The Windows Insider settings can be found in the Windows Settings. That is in the Start Menu the little ‘Wheel’

clip_image002_thumb.gif

Then go to ‘Update & Security’

clip_image004.gif

010819_2142_3.png

Click ‘Windows Insider Program’

010819_2142_4.png

Of course we want to ‘Get Started’

010819_2142_5.png

1

Pick an account with which you want to participate in the Windows Insider Program

2

I use my account 😉

And then you have to make some choices. Like I said there are a few Rings in which you can enter. But also the level of content.

‘Just fixes, apps and drivers’

This gives you no new Windows features to test!

3

4

Then there is the ‘Active development of Windows’

Here you get to test the new features of Windows.

5

That can be in the Fast or Slow Ring!

6

7

As said, in the Slow Ring you get a more Stable Build, in the Fast Ring more new features!

Keep in mind that this is DEVELOPMENT! So no guarantees here!!

8

I go for FAST!

And there is/was a third option, ‘Skip ahead to the next Windows release’.

I say WAS, because this program is closed at the moment! (So Microsoft why is the option still here??)

9

And some disclaimers

10

11

A restart.

And here we are!

12

After the restart you can monitor the download and installation status in the Windows Update tab of the Settings page!

13

No not yet ;-( (Click ‘Check for updates’)

Ow yeah, there it is J

14

PLEASE keep in mind:

REMINDER: As is normal with builds early in the development cycle, builds may contain bugs that might be painful for some. If this makes you uncomfortable, you may want to consider switching to the Slow ring. Slow ring builds will continue to be higher quality.

Introducing Windows Sandbox!

Posted on by
Reply 
So this little gem was on the #WindowsInsider Blog (here). 
And this is a big one, at least for me. 
I always spin up a VM to test untested and possible malicious software. 
But I have tested this new and latest addition, and only one word, WOW.
It just works, and OK there are a few glitches, right now, but that will be sorted out!
This is a keeper!!

Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.

How many times have you downloaded an executable file, but were afraid to run it? Have you ever been in a situation which required a clean installation of Windows, but didn’t want to set up a virtual machine?

At Microsoft, we regularly encounter these situations, so this resulted in the development of the Windows Sandbox: an isolated desktop environment where you can run untrusted software without the fear of lasting impact to your device. Any software installed in Windows Sandbox stays only in the sandbox and cannot affect your host – ever. Once Windows Sandbox is closed, all the software with all of its files and state are permanently deleted.

Windows Sandbox has the following properties:

  • Part of Windows – everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
  • Pristine – every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows
  • Disposable – nothing persists on the device; everything is discarded after you close the application
  • Secure – uses hardware-based virtualization for kernel isolation, which relies on the Microsoft Hypervisor to run a separate kernel which isolates Windows Sandbox from the host
  • Efficient – uses integrated kernel scheduler, smart memory management, and virtual GPU

To install Windows Sandbox, go to Settings > Apps > Apps & Features > Programs and Features > Turn Windows Features on or off, and then select Enable Windows Sandbox.

To start Windows Sandbox, open the Start menu, enter Windows Sandbox and then select it.

We are excited to learn how you use Windows Sandbox! As we continue to add new functionality, your feedback is crucial in shaping the direction of this feature, so share your thoughts with us at Feedback Hub.


Windows Sandbox respects the host diagnostic data settings. All other privacy settings are set to their default values.

For more information, please visit Windows Sandbox at Windows Kernel Internals.

Known issues

  • When Windows Sandbox is first installed and on every servicing event a setup process will run and trigger significant CPU and disk activity for a minute or so.
  • Opening the Start menu in Windows Sandbox takes some time and some Start Menu apps will not run.
  • The time zone is not synchronized between Windows Sandbox and the host.
  • Windows Sandbox does not support installers which require reboot.
  • The Microsoft Store is not supported in Windows Sandbox.
  • Windows Sandbox does not support high dpi displays very well.
  • Windows Sandbox does not fully support multi-monitor configurations.

Windows 10 – Group Policy Objects (GPO) not applied

Posted on by
Reply

I was working with Windows 10 (1511 version), fully patched the client and to my surprise on some Windows 10 machines the Group Policy Objects (GPO) were not applied.

I did a little search and it seems that Microsoft has pushed 2 updates (MS15-011 and MS15-014) that harden the Group Policy process. Well actually they harden the Kerberos authentication to Network Shares. And the NETLOGON and SYSVOL folders are network shares.

The updates are described by the PFE team here.

But why is it working on Windows 7, 8 and 8.1 and NOT on Windows 10?

First of all UNC Hardening is standard disabled in Windows 7, 8 and 8.1 and enabled in Windows 10!

Furthermore Microsoft Support confirmed that there is a bug in Windows 10 and they will provide a hotfix one day they have fixed it.

Until now the only Workaround is to disable the UNC hardening for netlogon and sysvol Shares in the registry.

And it can be done this way:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths
“\\*\SYSVOL”
“RequireMutualAuthentication=0”

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths “\\*\NETLOGON”
“RequireMutualAuthentication=0”

And the Windows 10 machines start talking to the logon shares again 😉

Follow the Microsoft thread here.

WSUS Server 2012 R2 Windows 10 Feature Updates not found

Posted on by
Reply

So you are on Server 2012 R2 and have a WSUS server to serve your updates to your Windows 10 clients. Perfect!
But now you need to deploy the upgrade features (i.e. version 1511).

Well first you have to deploy a hotfix to your WSUS server (https://support.microsoft.com/en-us/kb/3095113).

About this hotfix:

This hotfix enables Windows Server Update Services (WSUS) on a Windows Server 2012-based or a Windows Server 2012 R2-based server to sync and distribute feature upgrades for Windows 10. This hotfix is not required to enable WSUS to sync and distribute servicing updates for Windows 10.

And here it comes:

This update must be installed before you sync the upgrades classification. Otherwise, you might encounter issues when you synchronize and distribute feature upgrades for Windows 10. For more information, see the Important update for WSUS 4.0 (KB 3095113).

Uhhh wait, I did not RTFM…..

At least I can see the updates:


But when I deploy them my clients all come with the message ‘File not found’ (or WSUS error 0x8024200D or 0x80246007). And of course they all report failure back. Nice now everything is Red.

But the fix is easy. The new feature updates are delivered as .esd files. And the IIS instance of WSUS doesn’t know what to do with them. So they are not downloaded!

See in the WSUS console under ‘File Information’


Just go to the WSUS console and add the right MIME-type for .esd.

This is application/octet-stream

Just the Content directory will suffice.


Not even a reboot or anything is needed.

And now the clients are downloading the feature update and installing them!

LayoutModification.xml file not working for customizing StartMenu Windows 10

Posted on by
39

So you are in the process of developing a Windows 10 image, nice!

You want de customize your StartMenu, nice!

You have built a reference machine, and exported the StartMenu file.
https://msdn.microsoft.com/en-us/library/windows/hardware/mt171092(v=vs.85).aspx

We know how to do that with PowerShell:

Export-StartLayout – Path C:\Export\MyStartMenu.xml

And in your task sequence you import the file again with PowerShell:

Import-StartLayout C:\Import\MyStartMenu.xml –MountPath $env:SystemDrive\

(or you can rename your MyStartMenu.xml file to LayoutModification.xml and do a xcopy to C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\)

xcopy /e /s /y /h /i “%~dp0LayoutModification.xml” “C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\LayoutModification.xml”

Ok you do a deployment, log on with a new user who has no profile on the computer, open up the startmenu and……Nothing, still the default startmenu!

Like this:

Windows 10 Original StartMenu - LayoutModification.xml

Windows 10 Original StartMenu

But I wanted this:

Windows 10 Wanted StartMenu - LayoutModification.xml

Windows 10 Wanted StartMenu

Well I found a nasty line in the generated XML file while exporting with PowerShell

Export:

And with this it is NOT working.

Just remove the line and things will start to work! Nice!