Office 365 – Creating Custom SKUs

If you are working with Office 365, one of the things you may need to do is provision an account with a subset of the Office 365 plans. For example, I have an E3 plan but I don’t want Skype for business or Exchange email, just Office 365 Pro Plus. (Why you would buy E3 when there is a ProPlus SKU, I don’t know but I’ve had to do this twice this month).

Making a custom plan is pretty straight forward.

First you need to get the account SKUs.

Get-MsolAccountSKu | fl

From there you will see all your SKUs. Use this to get its components:

$ServicePlans = Get-MsolAccountSku | Where {$_.SkuPartNumber -eq "{SkuPartNumber}"}

List the components using $ServicePlans.

Finally make your custom SKU by running:


(In case it doesn’t wrap)


Replace company:EnterprisePack with your own SKU and you are off to the races. Final command is to assign it.

Set-MsolUserLicense -UserPrincipalName $upn -AddLicenses company:EnterprisePack -LicenseOptions $MyO365SKU

Set-MsolUserLicense -UserPrincipalName $upn -AddLicenses company:EnterprisePack -LicenseOptions $MyO365SKU

A great walk through can be found at


Deploying Windows to the Correct Drive in Configuration Manager

I was helping a customer deploy Windows 7 to a bunch of workstations recently. Yes, some customers continue to use it. One of the weird things you will have happen when installing Windows 7 from retail media to a machine in a System Center Configuration Manager deployment task sequence is the operating system (OS) drive will be D: instead of C:. It can very odd when you encounter it and if you have Line Of Business software that needs C: drive then you could be in trouble. Besides, who wants their OS on Drive D:? That’s just silly.

This is a known issue which is caused when the operating system was captured from the D: drive originally. In the case of the RTM Windows 7, it was captured from drive D:. Fortunately the fix is very simple when using System Center Configuration Manager 2012.

In System Center Configuration Manager, add a task variable called OSDPreserveDriveLetter and set the value to false. I’ll add a screenshot when I can to this. (Note to self, ask Garth for a screenshot. 😉 )

If you’ve used Microsoft Deployment Toolkit, you never had to do this as MDT just works properly. Its one of the reason’s you will see people use MDT to capture their image and then they import it over to System Center Configuration Manager environment.

Surface Pro 4, Surface Dock and DVI Problems

I’ve been working at a customer back in the fall who was were planning to deploy 60 Surface Pro 3 devices running Windows 8.1 Enterprise (they had been sitting on them a bit) along with the Surface dock and external monitors and network connections. We had some issues to work through and here is my learning.

When unboxing the current round of Surface Pro 4, they don’t detect the Surface Dock. It flashes on the power adapter and then turns off. I created a guide for those setting these devices up.

First you want to boot into Windows on the device. Adjust the date and time, especially if you are using System Center Configuration Manager to deploy the operating system to the tablet. Next, you should have downloaded the drivers for the tablets from Microsoft. If you haven’t here is the link to the Surface Drivers

Next install the firmware updater and and the drivers. Don’t worry that you are going to be reloading the operating system on it. Once this is complete, reboot and go into the BIOS. You can now change the boot order so the the USB device is first in boot order (or PXE if you use that instead). Select this save, and with your boot stick plugged in, reboot.

You don’t have a boot stick? No worries, go into configuration manager, add the Surface Pro 3 drivers and create a boot stick. I make sure all surface drivers (not just network and storage) are on the stick as it seems to do more and work better for these tablets. The experience around Surface Pro 4 drivers seems to be better. (I just use Network and Storage on Surface Pro 4 with Windows 10, no issues)

Using the boot stick, boot up and the machine will reboot on its own a couple of times, but now the new surface dock will work with the device. It won’t recognize the dock before the firmware is updated. The docking station does seem to work fine.

The next issue we found was not all cables are the same. The mini display port to DVI cables didn’t work with the dock but do work with the Surface Pro 3. Apparently there is an active cable or passive cable. We had passive and the dock didn’t work with them but it works fine with an active cable.

For those of you deploying Surface Pro devices, I hope this helps if you are stuck. Feel free to reach out if stuck.

Enabling UEV in Windows 10 1607

Something new in Anniversary Update is UEV. Microsoft has moved it out of MDOP and put it into the operating system. Enabling and configuring it is pretty straight forward.

First you need Enterprise edition to make it work. Don’t have it, don’t even try this, it won’t work. If you have the MDOP version installed on Pro, upgrading it disables it. Word of warning.

Second you can use PowerShell and run:


You might think you are done. You are not, you have to enable the default templates.

Command for that is pretty straight forward:

Register-UevTemplate -Path C:\ProgramData\Microsoft\UEV\InboxTemplates\nameoftemplate.xml

That’s all there is to getting this going. Default save location is the home drive for the user. So if that is defined in AD, you are all set. If not, you can use GPO to set the storage location. Your choice on how you do this.

WiFi disappearing from Windows 10 Laptop

I’ve been running Windows 10 on my laptop since I got it 4 or 5 months ago. It’s a Lenovo X230 i5 12″. Nice and light and pretty decent. I picked it up used off of eBay from a refurbishing company. It’s been doing well but lately I’ve noticed that my WiFi just disappears after sleep or hibernation. A reboot brought it back until recently then nothing would bring it back. My LTE connection works though but WiFi was grayed out. Not sure why, but I figured this had to be a Windows 10 issue and not a flaky hardware issue.

I guess when checking the network connections I was seeing it up and active, but I just couldn’t connect. Here is a lovely screen shot. You can see, I can still enable mobile hotspot, but WiFi is gray which made me wonder just what the Whiskey Tango Foxtrot was going on.


The Fix

I do what most IT people do now, Google for the answer. You will find quite a few hits on the issue was the link I thought closely resembled my deal and it had a couple of suggestions.

One suggestion is to run a reg delete which when ran just said the registry key couldn’t be found.

The next step is to run netcfg, which again after running from the command prompt as admin, did nothing. Both commands just threw errors.  I also disabled my firewall’s VPN software as the article indicated issues with older VPN client. I disabled the VPN client and rebooted. One of these two things fixed it up and allowed me to get WiFi fired up again.

I don’t know which of the two things fixed it but I’ll update this post as I learn more about the solution. I am glad to have my WiFi back but I also want to ensure that I know what the root cause is for this problem.


Real Time Block Lists with Palo Alto Firewalls

If you use a Palo Alto firewall, a new feature since PanOS 5.0 is the real time block lists. I’ve had a few people ask me how to set them up so here is the instructions.

To know what the max number of IPs that your firewall can handle in the RBL, run the following command from the CLI.

show system state | match cfg.general.max-address

This will give you the maximum number of IPs you can have in the list.

Next in the gui on your Palo Alto device, head to objects and then in the left, go to Dynamic Block Lists.


Here is the list of block lists that I’ve configured. To create a new one, click on the add button and give the list a name and a web source for the list. Decide how often you want it to update.


Finally you need to create a deny rule blocking these sites inbound.


Commit the changes and you are off to the races. I often will leave logging on for a bit to see what is being blocked, but eventually, I turn it off because I don’t really care what traffic I am dropping.

Here is a list of sites I pull in. It appears some of these might be managed by a Palo Alto engineer, but I am not certain about this.

  • DSheild Top 20 –
  • SpamHaus – (Spam list)
  • Zues Tracker –
  • Malware Domain List –
  • Openblock List –




Canadian MVPDays East – Toronto, Ottawa, and Montreal

I’m happy to announce that I will be presenting at all of the MVPDays Community Roadshows in Toronto, Ottawa and Montreal. Its a great training opportunity for IT professionals who are looking to sharpen their skills. You’ll find the style very similar to the Microsoft TechDays which ran a few years back.
This community initiative is the result of hard work by several of Microsoft Canada’s Top MVPs (Most Valuable Professionals). It is our pleasure to be able to share our knowledge locally allowing the IT communities to learn and advance their technical knowledge base. You can follow Canadian MVPs on Twitter using the hashtags #CDNMVP and #MVPHour.

Expert Speakers will present topics based on their real world experience in short action packed sessions. Content will focus on the following topics:

    · Cloud
    · IT PRO
    · SharePoint / Office 365
    · Development

I will be presenting a session on migrating from on-premise Exchange to Office 365.
To register for any of the Roadshows, select the appropriate city below. Use code UGPROMO to save on your registration.

MVPDays Community Roadshow Toronto
Date: February 29, 2016
Hilton Garden Inn Toronto/Vaughan
3201 Highway 7
Vaughan, ON,  L4K 5Z7
Registration Link

MVPDays Community Roadshow Ottawa
Date: March 2, 2016
Ottawa Conference and Event Centre
200 Coventry Road
Ottawa, ON, K1K 4S3
Registration Link

MVPDays Community Roadshow Montreal
Date: March 4, 2016
Delta Montreal
475 Avenue du Président-Kennedy
Montreal, QC, H3A 1J7
Registration Link

We look forward to seeing you there.

Drivers Showing as Unsigned in Configuration Manager 2012 R2

A customer has a problem with importing drivers for their Surface Pro 3 devices in System Center Configuration Manager 2012 R2.

We keep noticing some of the drivers are unsigned. I immediately realized something is up as Microsoft releasing unsigned drivers isn’t going to happen. So I started digging and immediately came to KB3025419 which seems to cover my situation. My customer uses Windows 2008 R2 as the Host operating system for the Configuration Manager server and so this KB is relevant. Basically, Microsoft changed the way they signed drivers and now use a different method. This new method is different than what Server 2008 R2 recognizes and thus the change.

It affect Configuration Manager 2007, 2012 and 2012 R2 so you might see this as well down the road once hardware vendors use the new method.

Install the patches and don’t forget to reboot. A reboot is required even if it doesn’t prompt for a reboot. How do I know this, experience. Our server was patched by a different team but they didn’t reboot. The problem still persisted until the reboot.

Another thing you have to do is remove the “unsigned drivers”. This means delete the drivers that are showing unsigned before re-importing the drivers again. Once these two steps were performed we were back in business.

If you are running Windows Server 2008 R2 for your System Center Configuration Manager install you might just want to install this patch during your next maintenance schedule. As more vendors sign their drivers in the new method, you might start to see issues even if you don’t deploy Surface Pro. Of course, if you are running Windows Server 2012 R2 you probably have never saw this issue and the patches are not required.


Problems Deploying Apps with System Center 2012 R2 in an OSD Task Sequence

Onsite at one of my customer’s sites we are deploying operating systems with a Config Manager 2012 R2 task sequence (TS). The issue I was having was the applications were not installing. They were set to deploy in a task sequence without deployment so that wasn’t the issue. Looking at the log, (logs are your friend, use them) and I discovered this:

Unknown operating system build number 9600 found, setting OSVersion to 'Other'.

Ouch, what does this mean. It means my CM12 deployment has something not right with it. I don’t what the issue is but I will bring it up with Garth of Enhansoft who is an Enterprise Client Management MVP. He might have an idea on how to fix this.

In the meantime, I just changed the settings so that the software doesn’t have an OS requirement to install it. Basically I can set the package so it only installs on Windows 7 or Windows 8.1. In this case we can’t use that as we don’t know the OS.

Just change the package or app and allow it to be installed on all operating systems and it will deploy fine. Not a great solution for those trying to lock down apps to specific operating systems but it works.

Once I figure out why 9600 is not being recognized, I’ll update the post and we can all fix.


Fixing Errors with Windows Updates

Updates are important to apply and should be done regularly. I’ve had a couple of customers who have had Windows update issues. Basically the machine was spitting errors at the users. The error code they were seeing on a few machines was 0x87D00668. I did some poking around. Thankfully I have a quick and dirty way to fix this issue which is pretty much my go to when these issues crop up.

Windows updates are important to apply on a regular basis. You really don’t want to miss patching machines. In fact you should have a process in place to ensure you update all your computers regardless of the flavour of Operating System (OS) on a regular basis.

Microsoft FixIt Tool

On the machine you are having the problem, go to the Microsoft page where you can download the Windows Update Troubleshooter. Download it, and then run the application using Admin credentials.

It will go and basically clean up the folder where Windows updates are. That file location is C:\WINDOWS\SoftwareDistribution\Download. Then the tool restarts the Windows update service.
I suggest a reboot at this point although it is not indicated it is needed.

With Configuration Manager 2012 R2 the updates, which were pushed as required, automatically started again and installed without troubles.

You can also do this manually.

Stop the Windows Update service.
net stop wuauserv
Rename the Software Distribution folder.
Then start the Windows Update service.
net start wuauserv

This should work for those who use WSUS, manual updates or something like Configuration Manager.

*Update – This works great for those trying the Windows 10 Beta and finding things getting stuck.