A lot of my work recently has been working with Microsoft Intune to utilise Microsoft Modern Management constructs and principles to deliver a cloud first approach to provisioning new Windows 10 endpoints for an organisation.

Since Microsoft has migrated Intune management from the classic interface to the Azure Portal, the ability to execute installers for legacy line of business applications has been reduced. The idea is that the modern workplace is consuming data via apps from an app store and this is evident in Microsoft’s support for the Microsoft Store for Business and Universal Windows Platform .appx package support in Intune however this is not always feasible in most workplaces. There are still legacy line of business applications that require an MSI or EXE based installer and whilst Intune will support Line of Business installers that are MSI based there is again a limitation that the MSI must contain all the code required to install the application. There is currently no support for EXE based installers in the Azure Portal for Intune.

Back at Microsoft Ignite 2017, Microsoft announced the availability of the Intune Management Extension and the support to execute PowerShell scripts on Windows 10 Endpoints via Microsoft Intune (Read More). This got me thinking about how to extend the functionality of Microsoft Intune to deliver a more traditional (MDT / SCCM) provisioning process for legacy applications on modern managed Windows 10 devices.

If you could store your legacy line of business applications in a web accessible location (with appropriate security controls to prevent unauthorised access) you could then utilise the Intune Management Extension and PowerShell scripts to download the application install payload to a temporary location and then execute the payload to overcome the limitation of the Intune portal.

Looking around the Internet I came across this blog post by MVP Peter van der Woude which integrates the Chocolatey package manager and Intune. With a bit of reworking I amended the PowerShell code to download and install the AEM agent onto a target machine.

Save the PowerShell script and then add to Intune as outlined in Peter’s blog post and wait for the code to execute on your endpoint. The process can be extended to run any executable based installer.

Whilst this is a fairly simplistic example, the concept could be extended to download a compressed archive, extract and then execute the installer as required.

As I deploy more and more instances of Microsoft Intune I am having to  onfigure managed applications for Android and iOS enrolled devices. Whilst the iOS app store has been neatly integrated into the Azure portal, Android apps need to be added by their relevant App URL (frustrating and something I hope that Microsoft / Google can fix in the near future).

When configuring the mobile app and app protection policies it can be useful to have the correct Microsoft suite (Outlook, Word, Excel, PowerPoint, OneDrive, Skype for Business etc.) installed automatically on the end user device. The list below is hopefully a time saver to get to each of the applications without having to click through or search the Google Play store manually:

I’ve passed

Following a long break from completing my MCSA: Messaging in Server 2003 I have finally got round to updating this for the modern era and upgraded this first to MCTS in Windows Server 2008 and finally this afternoon completed my 70-647 exam to attain the qualification of Microsoft Certified IT Professional: Enterprise Administrator.

For those of you with an MCSA in Windows Server 2003 the upgrade is done with the following exams:

  • 70-648 – TS: Upgrading from Windows Server 2003 MCSA to, Windows Server 2008, Technology Specializations. This is equivalent to completing the following two exams 70-640 and 70-642
  • 70-680 – TS: Windows 7, Configuring. This is the client exam required as part of the qualification
  • 70-643 – TS: Windows Server 2008 Applications Infrastructure, Configuring
  • 70-647 – Pro: Windows Server 2008, Enterprise Administrator

Once Microsoft confirm it on the MCP site I will update the qualifications links on the left with the new logo.

Following on from my post last night about the Windows Updates check on MonitoringExchange a colleague reminded me that we acutally modified the script from there as we weren’t looking for the names of updates to be listed but simply to get the total number of updates that are outstanding. The modified version of the script is listed below for reference and the source for this is at the following URL: https://www.monitoringexchange.org/inventory/Check-Plugins/Operating-Systems/Windows-NRPE/Check-Windows-Updates

I realise this is has been around for a while now but until a few weeks ago I never really appreciated the Group Policy Preferences and the simplicity they offer.

Back in the days of Windows NT, Server 2000 and Server 2003 server administrators would create login scripts to perform a number of commands such as mapping network drives, installing printers, creating shortcuts and folders… I could go on but you get the idea. In Server 2008 Microsoft introduced the Group Policy Preferences to allow you to use Group Policy to natively configure a whole host of setting in Group Policy that would otherwise be a number of lines of batch/kix/vb script.

As you can see from the image to the left there are a vast number of options that can be configured for a user when they login.  For most of the items there are four options: Create, Delete, Update and Replace which will let you make changes to the Drive Mappings, Folders etc. The difference between Update and Replace can vary from item to item but my general understanding is that the Update will attempt to modify the existing item to match what is in the Preference whereas the Replace option will remove what is there and recreate the new object (smilar to a net use P: /DELETE /Y followed by net use P: \ServerUsers%USERNAME%)

Another benefit is that in a single GPO you can define a number of different Preferences and then filter these around Group Membership.

This should all work Out of the Box with Windows Vista and above so for any legacy clients and servers (Windows XP, Server 2003) you will need to download the appropriate updates from Microsoft http://support.microsoft.com/kb/943729.

All in all this should save time and administrative overhead when they are fully adopted. The only problem is getting the legacy scripts switched over to the new Preferences.

I thought that this deserves a special mention.

Backup Exec backs up the DFSr Replicated Folders using the shadow copy components and in the past to perform a restore you were unable to redirect the files to an alternate location. This could cause issues if you wanted to keep both versions of the file as Backup Exec would overwrite the file and then perform an inital replication of that DFSr folder to the other servers in its replication group.

Whilst you could also perform an Authoritative restore of the DFSr folder this has recently caused me even more issues which resulted in support calls to Symantec and Microsoft to follow up on why this happens and what state my DFS is now in as a result of these restores.

During the inital support call to Symantec they advised me that for the first time in Backup Exec you can redirect the files you restore from the Volume Shadow Copy of the DFSr folders. Simply select the server and location in the File Redirection tab in Backup Exec and you will be able to dump the folder structure to whereever you want it and then copy the relevant files back into your DFS structure as you want it.

Daniel Petri comes up with another great tip and insight into the way Microsoft’s software can be manipulated to do things you want to do. In this case how to trial different versions of Windows Vista. Once the activation deadline is reached you must put your legal key in for the version you installed to continue but… it does let you try the different versions first!

read more | digg story

https://www.youtube.com/watch?v=C5oGaZIKYvo

Having seen and commented on the iPhone earlier this week I am happy to see that Microsoft have come back and agreed with my opinions that they have already got a number of devices that can do this and don’t cost an absolute fortune to buy.

I also loved the comment from Steve

“£500 dollars…. that’s the most expensive phone in the world and it doesn’t appeal to business customers because it doesn’t have a keyboard”

Great comeback.

Source [ Gizmodo ]

A couple of weeks ago I decided that I would like to try the Windows Vista RC1 release to see whether it is going to be worth my while reformatting my PC again to get it up to date with the latest Windows OS. I currently run Windows Server 2003 and find that it is much nicer, and more stable, than Windows XP and thought that it would be an interesting time to compare the old with the new to see what Microsoft has managed to develop this time.

Microsoft seem to have once more lifted the basic UI from the latest OS X and then applied a paint brush to it is evident. Just go to your My Documents and see how you navigate through it. There are also a new set of icons that are bigger and take up more of your desktop as a result. The Sidebar is another OS X rip off – Apple introduced the widgets idea a couple of years ago and suddenly it has appeared in the latest version of Windows!
The Start Menu has been upgraded and now sports a built in find/run bar at the bottom making it even quicker to load a command prompt or notepad or…. It has however put a button that “looks like” the Shutdown button in the corner but is actually a standby/sleep button instead. In order to shut down your computer you need to click the arrow to the right and then click shut down from there. This is incredibly annoying!

Adding further to this annoyance is that the computer automatically protects your system from anything you try to change. “Windows has detected that you are trying to open the Device Manager. Are you sure?” Of course I’m sure – I just clicked on it!!!! This happens all over the system wherever you see a little shield next to an option Windows will ask you for permission to use it. Well why not just disable it? I did and for about 20 minutes I had a more relaxed time looking around the computer. Then I had to reboot. When Vista started back up again a nice red warning was sitting in my system tray. “You have turned off the features you just disabled. Im going to tell you about it with this annoying balloon popup” There seems to be no “I’ll monitor it myself” option as per Windows XP SP2 Security Centre and this became even more irritating.

The aforementioned reboot had been due to the installation of GriSoft’s free AVG – a really quite useful alternative to McAfee, Norton or Sophos. This however brought about my next grievance. The idea of automatically updating your anti-virus when you log on is a fairly standard practice. Vista is now so paranoid that when AVG is trying to update in the background it stops you from what you were doing to alert you to the fact that “A program is running in the background. Do you want to check what it’s doing?” NO ITS MY ANTI VIRUS LET IT RUN IN PEACE. I can see the use of this however – it can help people to see when malicious programs are running in the background that shouldn’t be there but I didnt feel that i needed it running and I didnt want to face a barrage of “Do you want to do….” as I searched for a way to turn it off.

One of the more positive things that I had noticed about Vista a while ago was that if you setup user accounts for children then you could stop them having access to system functionality (like Device Manager) and as an administrator you would need to enter your password to give them access. I didnt get a chance to test if this was still a feature but I am fairly sure that it is which means that this new OS will become a success with the home users who want to make sure that their precious little children arent looking at the latest erotic website or buying viagra off ths internet.

Vista doesn’t strike me however as an instantaneous replacement for Windows XP in the workplace. XP & Server2003 work well together and I can see that for the larger corporations to shell out on site licenses for Vista to install on all their workstations is a while off because they will need to trial it on a small group first to check for teething problems. After which they will probably keep to the old WinXP because the process of upgrading an entire workplace would be more trouble than it’s worth.

After a week of using it I have decided that IE7 is no improvement on IE except for the addition of tabbed browsing which isn’t as nice as Firefox anyway so no need for that. WMP 11 is nasty and so completly different from WMP10 that it’s hard to understand where half the options have gone to so I wont be using it anyway.

Windows Vista does make a lot of improvements over the WinXP interface but at the end of the day I still like to be in control of my computer and when I give it an instruction it shouldn’t question me about it. Amazon have been listing the different variants on its website for a couple of months now and the Ultimate version which I was testing comes in at £325 which is an insane amount of money to spend for a very small upgrade.

If you really want that Vista look download a visual style that has been made to look the part and use that – it then gives you £325 to spend on something more useful!