Download Windows 10 Insider Program ISO files

Posted on by
Reply

If you are in the Windows Insider Program (you really should be! More info here) then you can switch from a regular Windows 7, 8, 8.1 or 10 installation to a Windows 10 Insider Preview installation.

But if you do not want to go that way or if you want to test Deployment for instance 😉 then you need an ISO for that. And the good news is Microsoft provides these. Ok not for all the Builds, but they appear regularly!

The latest Build available is Build #18290. This build is from December, so you are pretty close to the latetst one.

Get your Windows 10 Insider Preview Build now:

https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewadvanced

Here you can choose which version you would like:

2019-01-12 11_25_37

And the language:

2019-01-12 11_27_02

2019-01-12 11_26_50

Happy Download!

Expose virtualization extensions to Hyper-V Virtual Machine

Posted on by
Reply

HOW-TO: Expose virtualization extensions to Hyper-V Virtual Machine

In the current world of virtualization it is possible to run Virtualization solutions inside a virtual machine.

So it is possible to run Hyper-V inside a Hyper-V virtual machine, or maybe you want to play around with one of the competitors like VMware ESX of Citrix Hyperviser (the former XenServer!). Microsoft, of course does not support these OSes, but you can always try 🙂

To do so you need a PowerShell line, because it is not (yet) possible for the GUI.

From the Microsoft Docs pages (VERY good info there!) you find the Prerequisites:

Prerequisites

  • The Hyper-V host and guest must both be Windows Server 2016/Windows 10 Anniversary Update or later.
  • VM configuration version 8.0 or greater.
  • An Intel processor with VT-x and EPT technology — nesting is currently Intel-only.

To enable Nested Virtualization use:

Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true

To disable Nested Virtualization use:

Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $false

And because it is PowerShell you can do nice things in scripts for instance,

Get-VM | where state -eq ‘Off’ | Set-VMProcessor -ExposeVirtualizationExtensions $true

This enables the virtulization extension on all virtual machines which do not have it enabeld already.

 

HOW-TO: Enroll in the Windows Insider Program!

Posted on by
Reply

HOW-TO: Enroll in the Windows Insider Program!

Just a short blog on how to enroll yourself in the Windows Insider Program.

At the moment there are 2 Rings in which you can enter, the Slow or Fast ring.

In the Fast ring you are at the front edge of the development of the Windows client OS. You get the new features first and can participate in discussions with the developers. In the Slow ring the new features are already tested and you can get a glimpse on what will be delivered with the new feature update on you production or home device!

Get participating because: Sharing is Caring!

The Windows Insider settings can be found in the Windows Settings. That is in the Start Menu the little ‘Wheel’

clip_image002_thumb.gif

Then go to ‘Update & Security’

clip_image004.gif

010819_2142_3.png

Click ‘Windows Insider Program’

010819_2142_4.png

Of course we want to ‘Get Started’

010819_2142_5.png

1

Pick an account with which you want to participate in the Windows Insider Program

2

I use my account 😉

And then you have to make some choices. Like I said there are a few Rings in which you can enter. But also the level of content.

‘Just fixes, apps and drivers’

This gives you no new Windows features to test!

3

4

Then there is the ‘Active development of Windows’

Here you get to test the new features of Windows.

5

That can be in the Fast or Slow Ring!

6

7

As said, in the Slow Ring you get a more Stable Build, in the Fast Ring more new features!

Keep in mind that this is DEVELOPMENT! So no guarantees here!!

8

I go for FAST!

And there is/was a third option, ‘Skip ahead to the next Windows release’.

I say WAS, because this program is closed at the moment! (So Microsoft why is the option still here??)

9

And some disclaimers

10

11

A restart.

And here we are!

12

After the restart you can monitor the download and installation status in the Windows Update tab of the Settings page!

13

No not yet ;-( (Click ‘Check for updates’)

Ow yeah, there it is J

14

PLEASE keep in mind:

REMINDER: As is normal with builds early in the development cycle, builds may contain bugs that might be painful for some. If this makes you uncomfortable, you may want to consider switching to the Slow ring. Slow ring builds will continue to be higher quality.

Introducing Windows Sandbox!

Posted on by
Reply 
So this little gem was on the #WindowsInsider Blog (here). 
And this is a big one, at least for me. 
I always spin up a VM to test untested and possible malicious software. 
But I have tested this new and latest addition, and only one word, WOW.
It just works, and OK there are a few glitches, right now, but that will be sorted out!
This is a keeper!!

Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.

How many times have you downloaded an executable file, but were afraid to run it? Have you ever been in a situation which required a clean installation of Windows, but didn’t want to set up a virtual machine?

At Microsoft, we regularly encounter these situations, so this resulted in the development of the Windows Sandbox: an isolated desktop environment where you can run untrusted software without the fear of lasting impact to your device. Any software installed in Windows Sandbox stays only in the sandbox and cannot affect your host – ever. Once Windows Sandbox is closed, all the software with all of its files and state are permanently deleted.

Windows Sandbox has the following properties:

  • Part of Windows – everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
  • Pristine – every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows
  • Disposable – nothing persists on the device; everything is discarded after you close the application
  • Secure – uses hardware-based virtualization for kernel isolation, which relies on the Microsoft Hypervisor to run a separate kernel which isolates Windows Sandbox from the host
  • Efficient – uses integrated kernel scheduler, smart memory management, and virtual GPU

To install Windows Sandbox, go to Settings > Apps > Apps & Features > Programs and Features > Turn Windows Features on or off, and then select Enable Windows Sandbox.

To start Windows Sandbox, open the Start menu, enter Windows Sandbox and then select it.

We are excited to learn how you use Windows Sandbox! As we continue to add new functionality, your feedback is crucial in shaping the direction of this feature, so share your thoughts with us at Feedback Hub.


Windows Sandbox respects the host diagnostic data settings. All other privacy settings are set to their default values.

For more information, please visit Windows Sandbox at Windows Kernel Internals.

Known issues

  • When Windows Sandbox is first installed and on every servicing event a setup process will run and trigger significant CPU and disk activity for a minute or so.
  • Opening the Start menu in Windows Sandbox takes some time and some Start Menu apps will not run.
  • The time zone is not synchronized between Windows Sandbox and the host.
  • Windows Sandbox does not support installers which require reboot.
  • The Microsoft Store is not supported in Windows Sandbox.
  • Windows Sandbox does not support high dpi displays very well.
  • Windows Sandbox does not fully support multi-monitor configurations.

Microsoft Certificate Authority (CA) won’t start

Posted on by
Reply

Sometimes strange things can happen in an IT environment.

For example, you want to (re)start your CA and you get the message:

Or maybe you get:

Active Directory Certificate Services did not start: Could not load or verify the current CA certificate: LAB-CA Object was not found. 0x80090011 (-2146893807)

Well, what’s next? New CA?

The problem here is that the private key for the CA certificate is gone (deleted) or corrupted!

So, grab your backup (you do make backups, do you?!)

The private key is stored in:

%systemdrive%\ProgramData\Microsoft\Crypto\Keys

Restore the key(s) and you will have a happy CA again!

Happy certificate issuing!

 

Azure Active Directory Connect – High Availability

Posted on by
3

When working in Enterprise environments the High Availability (HA) question is often raised. (Azure Active Directory Connect – High Availability)
Also for the new and shining Azure Active Directory Connect (AADConnect) tool.

The tool itself is the successor of DirSync, with a lot of new features. For instance Password Write Back. Get the tool here: https://www.microsoft.com/en-us/download/details.aspx?id=47594

But back to the question:
NO there is no possibility for HA of the AADConnect tool.

But there is a nice solution, Staging Mode.

But what is this staging mode?

In a Staging Mode scenario you install 1 server with AADConnect, which will be the active server, and a second server with AADConnect, which will be the ‘Standby’ server. Because that’s what it essentially is.

The Staging server is a fully functional AADConnect server, with a fully populated Metaverse, BUT there are a few thing is does not do:

  • No exports occur to your on-premise Active Directory;
  • No exports occur to Azure Active Directory;
  • Password synchronization and password write-back are disabled.

In case the primary server goes offline (for whatever reason) you can manually disable the Staging Mode on the second server and this one will do the synchronization!

Azure Active Directory Connect - High Availability

Azure Active Directory Connect - High Availability

Windows 10 – Group Policy Objects (GPO) not applied

Posted on by
Reply

I was working with Windows 10 (1511 version), fully patched the client and to my surprise on some Windows 10 machines the Group Policy Objects (GPO) were not applied.

I did a little search and it seems that Microsoft has pushed 2 updates (MS15-011 and MS15-014) that harden the Group Policy process. Well actually they harden the Kerberos authentication to Network Shares. And the NETLOGON and SYSVOL folders are network shares.

The updates are described by the PFE team here.

But why is it working on Windows 7, 8 and 8.1 and NOT on Windows 10?

First of all UNC Hardening is standard disabled in Windows 7, 8 and 8.1 and enabled in Windows 10!

Furthermore Microsoft Support confirmed that there is a bug in Windows 10 and they will provide a hotfix one day they have fixed it.

Until now the only Workaround is to disable the UNC hardening for netlogon and sysvol Shares in the registry.

And it can be done this way:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths
“\\*\SYSVOL”
“RequireMutualAuthentication=0”

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths “\\*\NETLOGON”
“RequireMutualAuthentication=0”

And the Windows 10 machines start talking to the logon shares again 😉

Follow the Microsoft thread here.

Microsoft Failover Cluster – Requested resource is in use – Disk Manager

Posted on by
Reply

So I made the ‘mistake’ of destroying a Microsoft Failover Cluster and thinking Windows would release my disks. Well I was wrong!

I went to Disk Manager and saw my disks as ‘Online’, ‘Primary’ and ‘RAW‘.

And off course I could not access the disks from the Explorer, giving me a nice Error.
OK to Disk Manager and wipe the disk.

No Go:

But wait, in USE??

So there must have gone something wrong.
Technet search gave me this: http://technet.microsoft.com/en-us/library/ee461016.aspx

There is a command for releasing the disks that need releasing after a Cluster destroy, or even an ungraceful shutdown!

Powershell and give in:

Clear-ClusterDiskReservation –Disk <DiskNumber>

A Refresh of Disk Manager showed my disk again and it became visible in Explorer, yeah!

WSUS Server 2012 R2 Windows 10 Feature Updates not found

Posted on by
Reply

So you are on Server 2012 R2 and have a WSUS server to serve your updates to your Windows 10 clients. Perfect!
But now you need to deploy the upgrade features (i.e. version 1511).

Well first you have to deploy a hotfix to your WSUS server (https://support.microsoft.com/en-us/kb/3095113).

About this hotfix:

This hotfix enables Windows Server Update Services (WSUS) on a Windows Server 2012-based or a Windows Server 2012 R2-based server to sync and distribute feature upgrades for Windows 10. This hotfix is not required to enable WSUS to sync and distribute servicing updates for Windows 10.

And here it comes:

This update must be installed before you sync the upgrades classification. Otherwise, you might encounter issues when you synchronize and distribute feature upgrades for Windows 10. For more information, see the Important update for WSUS 4.0 (KB 3095113).

Uhhh wait, I did not RTFM…..

At least I can see the updates:


But when I deploy them my clients all come with the message ‘File not found’ (or WSUS error 0x8024200D or 0x80246007). And of course they all report failure back. Nice now everything is Red.

But the fix is easy. The new feature updates are delivered as .esd files. And the IIS instance of WSUS doesn’t know what to do with them. So they are not downloaded!

See in the WSUS console under ‘File Information’


Just go to the WSUS console and add the right MIME-type for .esd.

This is application/octet-stream

Just the Content directory will suffice.


Not even a reboot or anything is needed.

And now the clients are downloading the feature update and installing them!