Anton Romanyuk

Anton Romanyuk

Monday, 17 September 2018 10:59

Windows 10 1809 Built-In Apps: What to Keep

image

The development of the Windows 10 October 2018 Update (version 1809, codenamed "Redstone 5") is now heading towards the finishing line. We can assume that Windows 10, version 1809 is now feature-complete and as such, I can't stress it highly enough that you should start testing the newest features and functionality in this Semi-Annual Channel release as soon as possible in preparation for broad deployment to the devices in your organization. As part of this process, you should take a look at provisioned apps - most likely you want to ensure that only a choice selection of apps is being installed, whenever a user logs on either for the first time or after installing a feature update on a Windows 10 computer, because app installation directly impacts logon times.

Thursday, 06 September 2018 11:24

Group Policy Changes in Windows 10 1809 Preview

image

As Windows 10 Redstone 5 Update (1809) development winds down and Microsoft is now beginning the phase of checking in final code to prepare for the final release of the Windows 10 October 2018 Update, it’s that time again to examine updated and new Group Policy settings. There is (obviously) no official documentation from the Group Policy team at this point. However, since the Windows 10 October 2018 Update is pretty much feature complete and is undergoing the final round of testing, it can't hurt to poke around ADMX files because there are truly several things duller in our line of work than comparing thousands of lines of text. Right?

image

As a reminder, Microsoft will be ending support for Windows 7 SP1 on January 14, 2020. I've had multiple enterprise customer engagements over the past several months and with less than two years left, I wanted to take a look at how you can potentially optimize your OS image and successfully transition to a Windows 10 environment. The clock is ticking!

The topic of Windows 10 optimizations comes up often enough, so I figured I should address it in a separate blog post. There are a lot of customers I've worked with who have heard "somewhere" (not sure where) that they should be optimizing their operating system by minimizing connections from Windows to Microsoft services and by disabling unnecessary services and features to improve performance. Now, I've seen a few optimization scripts on the net that will reduce the functionality and security configuration of your devices and may also put you into an untested and unsupported configuration. Consequently, I thought I would share the Windows 10 optimization script that I put together based on my conversations with enterprise customers. Several organizations used this script as part of their deployment to rapidly drive successful Windows 10 adoption and to thrive within a Windows as a Service environment.

image

It’s been a busy couple of weeks for me, so I’m slowly going through a backlog of things to cover. The push to get modern continues with the third part of my series on automating the process of transitioning from BIOS to UEFI using MDT. Today's blog post discusses the process of configuring BIOS settings on supported Dell Inc. enterprise systems.

Tuesday, 19 June 2018 09:54

Configuring HP BIOS Using MDT

image

This is the second post in my series that explores one of the most common questions I’ve been asked from folks who are migrating to Windows 10: "How do I go about transitioning from BIOS to UEFI?". So naturally, I’m addressing this question. This time, I am going to discuss automating firmware configuration on supported HP (Hewlett-Packard) notebook, desktop, and workstation models. Now, it's not as if it's been no-man's-land before. I am fully aware that there are blogs out there that talk about doing this kind of thing and I’ve tried a few of the solutions with various rates of success. Still, the feedback I've been getting over the past few weeks has been that I should share my approach when working with the Microsoft Deployment Toolkit (MDT), so, here's my attempt to do precisely that.

Monday, 11 June 2018 17:08

BIOS to UEFI - The Easy Way: MBR2GPT

image

This article is the first blog post in a series I'll write over the coming days that will provide a comprehensive overview that explains how you can automate the process of transitioning from BIOS to UEFI during "wipe-and-load" OS deployment scenario. To be able to migrate from BIOS to UEFI effectively you need to understand how to configure firmware settings, such as secure boot, legacy support, and TPM device configuration, as well as how to use the MBR2GPT tool. Unfortunately, though it seems like a relatively straightforward process when using Microsoft Deployment Toolkit, based on questions I received as well as threads posted on TechNet over the past few weeks, there is still some confusion around this in the Windows technical community. Converting a device to UEFI comes with quite a few benefits including the ability to make full use of Windows 10 modern security features, so I thought it would be worth taking a few minutes to share my approach to dealing with BIOS to UEFI conversions.

image

My customers often send me exciting cases. This particular one is especially interesting because it is common in infrastructures that use "Local Administrator Password Solution" (LAPS) for password management. LAPS, which I can't recommend highly enough, provides management of common local administrator account by setting a different, random password on every managed domain-joined computer. The case opened when a customer contacted me a few weeks ago reporting that they experienced issues when re-installing computers using Microsoft Deployment Toolkit: after OS deployment, LAPS didn't update the local administrator password which in turn significantly increased the risk of lateral escalation (Pass-the-Hash (PtH)) that results when the same administrative local account and password combination is used. Given the importance of the customer, I immediately sat down to investigate.

Monday, 04 June 2018 18:18

Localizing Inbox Apps during OSD

image

As a reader of this blog, I suspect that most of you, like me, are frequenting Twitter. And I bet many of you picked up useful information shared by other IT Pros. Every day when I wake up, I typically spend a few minutes going through my feed, to stay current by consuming small bits of information on a daily basis.

image

Continuing the theme of focusing on disk-related cases (yesterday I posted an article detailing how to fix the "Verify BCDBootEx" step failing on HP ProDesk 600 MT G3 systems), this post showcases yet another reason why you should stop deploying systems in Legacy mode. It also shows how a little time spent on reviewing log files to get a couple of clues can quickly lead to a solution.

image

If you’ve read any of my tweets, you know that I emphasize how Microsoft Deployment Toolkit and ConfigMgr are powerful OS deployment tools which allow a high grade of customization. This blog post is another demonstration of MDT flexibility. It also shows how a PowerShell script can quickly lead to a solution.

Page 1 of 6

Recent Posts