When creating a master Windows 10, it is common to remove part or all of universal apps Windows Update. During the update of 10 Windows Builds with WSUS or SCCM, previously deleted applications are installed again.
To avoid the problem, it is necessary to use the Setupconfig.ini file
Windows Upgrade Analytics
Windows Upgrade Analytics is part of Operation Management Suite and provided assistance to the migration of workstations to Windows 10.
It is necessary at first to create a Workspace who using the following link.
Create Windows OMS Workspace
For those with SCCM, it is possible to integrate it with SCCM. The following link will be useful
Integrate to SCCM
Windows Hello Feature
Windows Hello is a feature of Windows 10. She is use to open a session using facial recognition (face recognition) to open a session.
Solution that complements the different ways to open a session with Windows 10 (password and Pin Code). For its activation, it is necessary firstly to enable and configure the PIN code authentication.
cannot activate Windows Hello
One of my customers wanted on these Windows 10 computer, activate Windows Hello. We have initially enable and configure the Pin Code authentication. However the activation of Windows Hello was not working.
The button to activate was gray. The computer was in 1607 version, we conducted a test with the version of Windows 10 1511. With this final no activation problem.
Nano Server Image Builder
With Windows Server 2016, Microsoft has implemented a new feature called Nano Server. Very light operating system, just a few mega bytes to make it work. This “mini operating system” allows to install roles such as HyperV, Server DNS, web server,…
He have no shell, no Internet explore so this images reduces the risk of attack as well as the number of patch to install. However creating a Nano Server image requires command line execution. To simplify this step Microsoft has made available tool Nano Server Image Builder that allows the creation of the image in a graphic way.
As a first step, it is necessary to download the Nano Server Image Builder tool. You can download it here.
Why set up a subscription ?
If you have computer in workgroup, it may be interesting to centralize events in the event logs. This allows to facilitate the analysis of different events log. The computer being in workgroup, we use authentication based on certificates. In order to secure exchange, we will proceed to the use of the HTTPS protocol.
How to manage machines in a workgroup
If you have machines in a domain, it is easy to execute remote administration (through gpo, script,…). Regarding the positions in workgroup, the task turns out to be more complex. Indeed, the latter only contain their own GPOs and their account base.
Thus it is possible to use winrm to perform remote administration. In order to secure the communications betweens the two computers (or computer and server) it is possible to encrypt exchanges using the ssl Protocol.
Windows 10 and WSUS Server
After you implement WIndows 10 on your workstations, it is necessary to manage the deployment of Builds. Thus three different management have emerged (CB, CBB and LTSB).
Management and deployment can be operate by Windows Update / Windows Update for Business, SCCM or WSUS.
His support for the deployment of 10 Windows Builds by the WSUS or SCCM and WSUS server, can be done only in certain conditions.
Indeed, it is necessary to have a WSUS server installed under Windows Server 2012 or 2012 R2 Server. The activation of the feature cannot be and must not be made until after the installation of the KB3095113. Where type Upgrade in WSUS before installing the update, it will be necessary to proceed to a cleaning of the base (see below in this article).
Why manually delete a PKI?
When you remove a pki since the wizards Windows will scavenge records in Active Directory. However if the server is reinstalled or the VM deleted unless the certification authority role is deleted beforehand, these records remain present in the Active Directory directory. It is therefore necessary to carry out the cleaning of it before any new installation of an enterprise certification authority.
This article details the different steps for cleaning of the Active Directory.
Rename AD Domain
It is sometimes necessary to change the name of the Active Directory domain. This operation is delicate to perform mainly if exchange or sql servers are present. After verifying the good state of health of the Active Directory, the change can be performed using the rendom command. The latter is present in the domain controller as a builtin.
Fix KB3148812 problem
The KB3148812 update installation problems. In fact after installing the administration console WSUS becomes inaccessible. Moreover customers no longer have the opportunities to contact the WSUS server. Initially Microsoft recommended not to install or remove it for those who carry out the installation of the update.