Archive for the ‘Windows 10’ Category

Journal, a Microsoft Garage project #Windows10 #Journal #Garage #Wimvp #WindowsInsiders @MSFTGarage   Leave a comment

What is the Journal app ? it is a Windows  10 app helping people who love to journal to evolve their ideas and express themselves quickly with the power of their digital pen.

Description

Journal, a Microsoft Garage project, is an app for Windows that invites people who love to journal to pick up their digital pen, express themselves quickly, and evolve their ideas. Of all the different methods of device interaction, digital ink is unique in the speed and degree of natural expression and in aiding memory. With Journal, disparate ideas can be connected, drawings can be sketched, annotations can be freely inserted, information can be located with search, and you can easily connect your ink across other apps to grow your best ideas. Journal provides an ink-first solution that delivers new AI, intuitive gestures, and connected experiences for Microsoft 365 for work and school (subscription required, sold separately) . It’s designed for people who thrive when writing out their ideas, notes, and sketches. The Microsoft Garage is an outlet for experimental projects for you to try. Learn more at https://garage.microsoft.com

https://garage.microsoft.com

Download the Journal tool from the Store

https://garage.microsoft.com

There is a quick introduction play guide.

Features

  • An ink-first experience for those who write with a digital pen
  • A page-based canvas for easy scrolling, optimized for tablet and 2-in-1 devices
  • New intuitive Ink Gestures that don’t require mode switches
  • Drag and drop your content between pages, or to your favorite applications
  • Microsoft 365 Integration to access your Calendar for faster meeting notes (Subscription required, sold separately)
  • Import and markup PDF documents and images
  • Search using keywords or filters

https://garage.microsoft.com

What’s new in this version

Improved ability to open journals from Documents folders stored on networks – Fixed issue with sending email for M365 Work and School users – Improvements to Scratch Out – Improvements for signing in with Microsoft 365 Work or School account – General bug and performance tweaks with ink AI, undo, and opening/closing journals

image

Try it out https://aka.ms/TryJRNL
Learn more https://aka.ms/JRNLblog

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Posted February 25, 2021 by Robert Smit [MVP] in Windows 10

Tagged with

Windows 10 tips and tricks #windows10 #ITPRO #Assist #keyboard #tricks   Leave a comment

Now days I hardly see Windows 7 or older in the wild anymore. It’s all Windows 10 but in that I see all builds around from 1511 to the latest build. And I must say a lot is changed and it is almost hard to keep up with all the new stuff. If you are part of the Windows insiders you can already test the next version or update. this time it is just a short blog post about some handy windows 10 tricks and tips

The current Windows 10 versions can be found here

image

Me personally I’m a mouse fan or command line I hardly use the Windows key +   guess my left hand is to lazy but once you use the Windows key + X  or R  P L it is super handy.  and yes the most used short cut is probably ctrl+a ,ctrl+c ,ctrl+v

But did you know there is a big list there is a key for almost everything Cool

Take a look at this site for your shortcut

Keyboard shortcuts in Windows

and if you need help you can always ask someone you know did you know there is a quick assist option in Windows 10

 image 

Quick assist is a simple tool to view the screen and help the other and view the issue they have

 

image

So how to start with this in the windows menu type quick or assist you will see the app.

windows quick assist

When opening there are two options give or receive support.

 

windows quick assist

So contact the person that will help you and he need to open quick assist and  open  assist another person

image

The assiter need to login with a microsoft passport.

The number is for the receiver.

windows quick assistwindows quick assist

 

On the helper sider there is a question view or full access ?

windows quick assist When approved the show can start windows quick assist

 

below an overview on helper and receiver.

windows quick assist

Closing the quick assist program will disconnect the session or press stop.

Quick tool no install needed and super handy  and the above steps are just showing the connection but if you have a high secure desktop you might need some extra settings.

 

 

 

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Posted February 5, 2021 by Robert Smit [MVP] in Windows 10

Tagged with

Step By Step Azure Files share SMB with native AD support and more #Microsoft #AzureFiles #SMB #SnapshotManagement #Azure #Cloud #MVPBuzz #WiMVP   10 comments

For some time I see all kinds of options to use Azure files, have some great ideas and thoughts. Connecting this over the vpn of use the azure files with a dfs. Useful maybe ? fun absolutely building things just a way that is maybe a bit different is fun and you may see other opportunities on how to use the resources. 

Using Azure Files is not new, But using Azure files with Active directory Authentication is a long waited feature and now that it is GA we can use this.

Azure Files is a shared storage service that lets you access files via the Server Message Block (SMB) protocol, and mount file shares on Windows, Linux or Mac machines in the Azure cloud.
Azure Files supports identity-based authentication over Server Message Block (SMB) through two types of Domain Services: Azure Active Directory Domain Services (Azure AD DS) (GA) and Active Directory (AD).
Azure file shares only support authentication against one domain service, either Azure Active Directory Domain Service (Azure AD DS) or Active Directory (AD).

image

AD identities used for Azure file share authentication must be synced to Azure AD. Password hash synchronization is optional.
AD authentication does not support authentication against Computer accounts created in AD.

So what would be the option to use this, As a Cloud file share, in WVD or RDS, you can connect this directly to your clients if needed.

image

image

AD authentication can only be supported against one AD forest where the storage account is registered to. You can only access Azure file shares with the AD credentials from a single AD forest by default. If you need to access your Azure file share from a different forest
Azure Files supports Kerberos authentication with AD with RC4-HMAC encryption. AES Kerberos encryption is not yet supported.

 

So how to start with Azure Files. In this blog post I created a Powershell script that does the most of the Config to get you started with Azure Files.

First we need to address some parameters

#ResourceGroup name and location
$RG="rsg-blog-fileshare20"
$Location="eastus2"  
$storageaccount="storfileserver20"
$shareName = "blogshare01"

These basis are needed to create the Azure resources but there is also a Special PowerShell module needed AzFilesHybrid Download and unzip the AzFilesHybrid PowerShell module

This module can be download from github and extracted on your machine

image

You may need to set the executionPolicy

#Azure file modules
#Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Currentuser
cd c:\AzFilesHybrid
Unblock-File .\CopyToPSPath.ps1
.\CopyToPSPath.ps1

The CopyToPSPath.ps1 will load the modules that are needed for this.

Our next step is importing the module AzFilesHybrid

Import-Module -name AzFilesHybrid -Force

image

Our next step is connect to our Azure subscription

#Connect to Azure
Connect-AzAccount

#Select the target subscription for the current session use your subscription ID
Get-AzSubscription
Select-AzSubscription –SubscriptionId  11111111-1111111111-111111111-11111-1

image

Now that the Azure subscription is connected we make a resource group and the storage account with the share.
#create Rsource group
New-AzResourceGroup -Name $RG -Location $Location

image

#create storage account
New-AzStorageAccount -ResourceGroupName $RG -Location $Location -Name $storageaccount -SkuName Standard_LRS -AccessTier Hot

image

#create storage Fileshare
New-AzRmStorageShare -ResourceGroupName $RG -StorageAccountName $storageaccount -Name $shareName -QuotaGiB 1024  #| Out-Null

image

Now that the storage account is created and the share we make a computer account for the AD rights, optional is the OU location where the computer account is stored.

Important action het is that this should run on a domain joined computer, as it needs to have access to the domain to create the computer account. Needless to say but you need a proper AD account to create the Computer account.

#join azure files to AD
Join-AzStorageAccount -ResourceGroupName $RG -Name $storageaccount -DomainAccountType "ComputerAccount" -OrganizationalUnitName "File Servers"

image

Now that the computer account is created we can move to the next steps, As I want to add a privatepoint and make sure my local DNS can find the fileshare.

image

So how does this look like in the Azure portal.

image

Here is the fileshare and file server with all the configuration options

image

The share is AD ready. The Option is enabled and ready to use

Now that we have the share in place we can configure the share. First we test the Connection from the Server to the Azure file share.

#test SMB connection
Test-NetConnection -ComputerName storfileserver20.file.core.windows.net -CommonTCPPort SMB

image

The file share can be used, but wait there is more, it al depends on your configuration. If you use the share only in Azure then DNS forwarders are not need, but just in case.

This works but we will create an endpoint now to make sure the share is not listening to all requests

image

You can use private endpoints for your Azure Storage accounts to allow clients on a virtual network (VNet) to securely access data over a Private Link. The private endpoint uses an IP address from the VNet address space for your storage account service. Network traffic between the clients on the VNet and the storage account traverses over the VNet and a private link on the Microsoft backbone network, eliminating exposure from the public internet.

Using private endpoints for your storage account enables you to:

  • Secure your storage account by configuring the storage firewall to block all connections on the public endpoint for the storage service.
  • Increase security for the virtual network (VNet), by enabling you to block exfiltration of data from the VNet.
  • Securely connect to storage accounts from on-premises networks that connect to the VNet using VPN or ExpressRoutes with private-peering.

 

Creating the Private endpoint is a bit tricky in PowerShell and quicker in the GUI if you do this in several steps as in the blog post.

image

So we give the Connection a name and place it in a region

image

Selecting the Resource that we want to point, in this case it is the Files server and I bind this to the Network

imageimage

All the steps are completed.

image image

Now that the PrivateLink is created We add the DNS zone if not already done. this is needed when local Clients “on-premises” want to connect to the share   

This DNS zone is needed as we want to access from the on-premises Machine to the Azure share. connected over the VPN tunnel. You can also choose to connect over the internet, Or have the option to add the Azure file share to the DFS

First we are making a DNS forwarder rule that is needed for the creating DNS forwarding rule set, which defines which Azure services you want to forward requests.

$ruleset=New-AzDnsForwardingRuleSet -AzureEndpoints StorageAccountEndpoint
$ruleset.DnsForwardingRules

image

image

The Core.windows.net forwarder is needed. the IP 168.63.129.16 is the Microsoft DNS

# Deploy and configure DNS forwarders
New-AzDnsForwarder -DnsForwardingRuleSet $ruleSet -VirtualNetworkResourceGroupName "rsg-vnet-sponsor01" -VirtualNetworkName "Azure-vnet-sponsor01" -VirtualNetworkSubnetName "Management"

image

Confirm DNS forwarders:

Resolve-DnsName -Name storfileserver20.file.core.windows.net

image

Make sure you configure on the on-premises DNS the Forwarder to the Azure DNS, in this case to my Azure AD VM that runs also DNS

image

image

Now that the DNS is in place we can connect to the Azure files share in the cloud but also on premises with the connection routed to the VPN tunnel instead of direct to the internet.

 

Setting Permissions on the Azure Files Shares is not complicated.

With the general availability of AADDS authentication for Azure Files, Microsoft introduced three Azure built-in roles for granting share-level permissions to users:

•Storage File Data SMB Share Reader allows read access in Azure Storage file shares over SMB.

•Storage File Data SMB Share Contributor allows read, write, and delete access in Azure Storage file shares over SMB.

•Storage File Data SMB Share Elevated Contributor allows read, write, delete and modify NTFS permissions in Azure Storage file shares over SMB.

 

Azure Files supports the full set of NTFS basic and advanced permissions. You can view and configure NTFS permissions on directories and files in an Azure file share by mounting the share and then using Windows File Explorer or running the Windows icacls or Set-ACL command.

To configure NTFS with Admin permissions, you must mount the share by using your storage account key from your domain-joined VM.

The following sets of permissions are supported on the root directory of a file share:

  • BUILTIN\Administrators:(OI)(CI)(F)
  • NT AUTHORITY\SYSTEM:(OI)(CI)(F)
  • BUILTIN\Users:(RX)
  • BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
  • NT AUTHORITY\Authenticated Users:(OI)(CI)(M)
  • NT AUTHORITY\SYSTEM:(F)
  • CREATOR OWNER:(OI)(CI)(IO)(F)
Mount a file share from the command prompt

Use the Windows net use command to mount the Azure file share. Remember to replace the placeholder values in the following example with your own values. For more information about mounting file shares, see Use an Azure file share with Windows.

net use <desired-drive-letter>: \\<storage-account-name>.file.core.windows.net\<share-name> /user:Azure\<storage-account-name> <storage-account-key>

Configure NTFS permissions with icacls

Use the following Windows command to grant full permissions to all directories and files under the file share, including the root directory. Remember to replace the placeholder values in the example with your own values.

icacls <mounted-drive-letter>: /grant <user-email>:(f)

 

An other option with Azure files is Connect your Azure files to the DFS server

First I had to play a bit with the naming convention as the root of the file is not the share.

Below is the azure folder. so the share name would be \\storfileserver20.file.core.windows.net\blogshare03

image

As I use now the internal DNS and with the DFSN link 

image

I can do domain name \ share and the files are being placed on the Azure file share. here you can also see that the naming is one step deeper. in the domain share name then there is the linked folder to the Azure Files.

On the time that I wrote this blog the Azure files snapshots came also GA.

image

there is no scheduled counter behind this. just press and shoot but with an script or automation account you can create  nice solutions to keep your files save.

Hope this blog is helpful, It helped me to play with this and got some other ideas than just pasting the net use command  to a device and then place the files. still there is nothing wrong with that.

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Posted May 11, 2020 by Robert Smit [MVP] in Azure, Windows 10

Tagged with , ,

Installing tenant attach with Microsoft Endpoint Configuration Manager Update 2002 #MEMCM #MEMAC #ConfigMgr   Leave a comment

At MSIgnite 2019 was announced that SCCM is now MEMCM and that Intune and MEMCM can be managed in one portal. With the update 2002 this option is finally there.  Microsoft Endpoint Manager is an integrated solution for managing all of your devices. Microsoft brings together Configuration Manager and Intune into a single console called Microsoft Endpoint Manager admin center.

Where to start with Microsoft Endpoint Configuration Manager for this update.

Installing tenant attach with Microsoft Endpoint Configuration Manager Update 2002

http://endpoint.microsoft.com/

When opening the Microsoft Endpoint Configuration Manager console the update is not there. this is the update is released in Rings and I want to download this update from the fast ring. When starting this make sure your servers are healthy and are patched. If you run a tight virus scanner on the MEMCM then you may need to disable this during the install

Installing tenant attach with Microsoft Endpoint Configuration Manager Update 2002

 

Microsoft Endpoint Configuration Manager

 

As the update is rolled out globally in the coming weeks, it will be automatically downloaded, and you’ll be notified when it’s ready to install from the “Updates and Servicing” node in your Configuration Manager console. If you can’t wait to try these new features, see these instructions on how to use the PowerShell script to ensure that you are in the first wave of customers getting the update. By running this script, you’ll see the update available in your console right away. 

https://download.microsoft.com/download/7/c/4/7c48f2c7-f433-414b-a901-753a61c7956d/EnableEarlyUpdateRing2002.exe

Microsoft Endpoint Configuration Manager

After downloading and extracting the file we have a PowerShell script

image

Running this Powershell script in Admin Mode. With the Server name and I do a verbose to see a bit more output.

C:\EnableEarlyUpdateRing2002> .\EnableEarlyUpdateRing2002.ps1 -siteServer mvpsccm17 -Verbose

Microsoft Endpoint Configuration Manager

C:\EnableEarlyUpdateRing2002> .\EnableEarlyUpdateRing2002.ps1 -siteServer mvpsccm17 –Verbose

Now that the Script has run the Update services will trigger the fast ring to get the update

image

Press check for updates and do a refresh.

Microsoft Endpoint Configuration Manager

The Microsoft Endpoint Configuration Manager update 2002 is now available for download.

Microsoft Endpoint Configuration Manager

imageimage

Now that the Update is downloaded we can trigger the Install.

Microsoft Endpoint Configuration Manager

This Process is a Next Next Close wizard and the only choice you need to make is run the agent in a test collection or strait into production

imageMicrosoft Endpoint Configuration Manager

Here you have the option to test this update in an isolated Collection.

image

In this case I go strait into the production as this is my demo lab server

imageMicrosoft Endpoint Configuration Manager

I Accept and my end date of the SA.

Microsoft Endpoint Configuration Manager Microsoft Endpoint Configuration Manager

Well this was a pretty strait forward process now in the back ground Microsoft Endpoint Configuration Manager is updating the servers.

image

The progress can be followed in the log files when go to status the logs will be opened.

image

when the preparations are done Microsoft Endpoint Configuration Manager will start the installation. This can take some time so be patient. Don’t do a sudden reboot etc.

image

If you had a pending reboot the installation will fail, Reboot the server first then do the update.

image

Or check the Task Manger when the update is finished.

image

When the Update is Finished and opening the Microsoft Endpoint Configuration Manager Admin Console The update of the console is triggered and need to install.

 image

image

image

The update is installed. and we can configure Co-Management

imageimage

The default setting for device upload is All my devices managed by Microsoft Endpoint Configuration Manager. If needed, you can limit upload to a single device collection.

image I choose Allimage

imageimageimageimageimage

Now that the installation is finished we can see the connector.

image

You can verify this in the Azure AD there is an app registration called ConfigMgrSvc

image

 

  1. Open CMGatewaySyncUploadWorker.log from <ConfigMgr install directory>\Logs.
  2. The next sync time is noted by log entries similar to Next run time will be at approximately: 04/02/2020 11:45:05

image

  1. For device uploads, look for log entries similar to Batching N records. N is the number of devices uploaded to the cloud.
  2. The upload occurs every 15 minutes for changes. Once changes are uploaded, it may take an additional 5 to 10 minutes for client changes to appear in Microsoft Endpoint Manager admin center. http://endpoint.microsoft.com/

In a browser, navigate to http://endpoint.microsoft.com/  or https://aka.ms/memac

below You see only MEMAC

image

When the Machines are Hybrid AD joined you can see both devices. the sync take some time.

image

This is the start to manage the devices from MEMAC. In the next blog I’ll show you more on the management.

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

#windows10 is here but what if you are still waiting? force Windows 10 #upgrade with the Media Creation Tool or Windows Update   Leave a comment

Download Windows 10

Still waiting for Windows 10 you can download an ISO and place it on a USB Stick or force it by poking Windows Update.

To get the media direct from Microsoft download the tool and create an ISO easy and handy.

http://www.microsoft.com/en-us/software-download/windows10

Create a stick get the Download Tool Now (64-bit version)

if you want the X32 version it is also there.

image Download Windows 10

Choose what to do Upgrade now or create stick. and Pick the Language and edition you want. There is no enterprise edition here you need to get this from the SA site and or if you test the Windows 10 version and runs no production get this from the MSDN site.

Download Windows 10Download Windows 10

Pick the media and choose ISO of USB

imageimage

The download is in progress and will do a verify just to make sure the Stick is OK.

Download Windows 10

 

But if you want to use Windows Updates to poke a bit to get the Windows 10 bits.

Type the following command in the Windows 10 task bar search field and press enter:

wuauclt.exe /updatenow

Want to make sure that your free Windows 10 update gets detected for download use this command:

wuauclt.exe /detectnow

 

Resetauthorization Option

WSUS uses a cookie on client computers to store various types of information, including computer group membership when client-side targeting is used.

In this case you should use this command:

wuauclt.exe /resetauthorization /detectnow

 

 

http://www.microsoft.com/en-us/software-download/windows10

 

Download Windows 10

Posted July 29, 2015 by Robert Smit [MVP] in Windows 10

Tagged with

  • Twitter

  • RSS Azure and Microsoft Windows Server Blog

  • %d bloggers like this: