Category Archives: Technology

General post about technology.

Office 365 – Creating Custom SKUs

If you are working with Office 365, one of the things you may need to do is provision an account with a subset of the Office 365 plans. For example, I have an E3 plan but I don’t want Skype for business or Exchange email, just Office 365 Pro Plus. (Why you would buy E3 when there is a ProPlus SKU, I don’t know but I’ve had to do this twice this month).

Making a custom plan is pretty straight forward.

First you need to get the account SKUs.

Get-MsolAccountSKu | fl

From there you will see all your SKUs. Use this to get its components:

$ServicePlans = Get-MsolAccountSku | Where {$_.SkuPartNumber -eq "{SkuPartNumber}"}

List the components using $ServicePlans.

Finally make your custom SKU by running:

$MyO365SKU = New-MsolLicenseOptions -AccountSkuId company:EnterprisePack -DisabledPlans Exchange_S_Enterprise,FLOW_O365_P2,POWERAPPS_O365_P2,TEAMS1,PROJECTWORKMANAGEMENT,INTUNE_O365,YAMMER_ENTERPRISE,RMS_S_ENTERPRISE,MCOSTANDARD,SHAREPOINTWAC,SHAREPOINTENTERPRISE,SWAY,Deskless

(In case it doesn’t wrap)

$MyO365SKU = New-MsolLicenseOptions -AccountSkuId company:EnterprisePack -DisabledPlans Exchange_S_Enterprise,FLOW_O365_P2,POWERAPPS_O365_P2,TEAMS1,PROJECTWORKMANAGEMENT,INTUNE_O365,YAMMER_ENTERPRISE,RMS_S_ENTERPRISE,MCOSTANDARD,SHAREPOINTWAC,SHAREPOINTENTERPRISE,SWAY,Deskless

Replace company:EnterprisePack with your own SKU and you are off to the races. Final command is to assign it.

Set-MsolUserLicense -UserPrincipalName $upn -AddLicenses company:EnterprisePack -LicenseOptions $MyO365SKU

Set-MsolUserLicense -UserPrincipalName $upn -AddLicenses company:EnterprisePack -LicenseOptions $MyO365SKU

A great walk through can be found at http://exitcodezero.wordpress.com/2013/03/14/how-to-assign-selective-office-365-license-options/comment-page-1/

 

Deploying Windows to the Correct Drive in Configuration Manager

I was helping a customer deploy Windows 7 to a bunch of workstations recently. Yes, some customers continue to use it. One of the weird things you will have happen when installing Windows 7 from retail media to a machine in a System Center Configuration Manager deployment task sequence is the operating system (OS) drive will be D: instead of C:. It can very odd when you encounter it and if you have Line Of Business software that needs C: drive then you could be in trouble. Besides, who wants their OS on Drive D:? That’s just silly.

This is a known issue which is caused when the operating system was captured from the D: drive originally. In the case of the RTM Windows 7, it was captured from drive D:. Fortunately the fix is very simple when using System Center Configuration Manager 2012.

In System Center Configuration Manager, add a task variable called OSDPreserveDriveLetter and set the value to false. I’ll add a screenshot when I can to this. (Note to self, ask Garth for a screenshot. 😉 )

If you’ve used Microsoft Deployment Toolkit, you never had to do this as MDT just works properly. Its one of the reason’s you will see people use MDT to capture their image and then they import it over to System Center Configuration Manager environment.

Surface Pro 4, Surface Dock and DVI Problems

I’ve been working at a customer back in the fall who was were planning to deploy 60 Surface Pro 3 devices running Windows 8.1 Enterprise (they had been sitting on them a bit) along with the Surface dock and external monitors and network connections. We had some issues to work through and here is my learning.

When unboxing the current round of Surface Pro 4, they don’t detect the Surface Dock. It flashes on the power adapter and then turns off. I created a guide for those setting these devices up.

First you want to boot into Windows on the device. Adjust the date and time, especially if you are using System Center Configuration Manager to deploy the operating system to the tablet. Next, you should have downloaded the drivers for the tablets from Microsoft. If you haven’t here is the link to the Surface Drivers https://www.microsoft.com/en-ca/download/details.aspx?id=38826

Next install the firmware updater and and the drivers. Don’t worry that you are going to be reloading the operating system on it. Once this is complete, reboot and go into the BIOS. You can now change the boot order so the the USB device is first in boot order (or PXE if you use that instead). Select this save, and with your boot stick plugged in, reboot.

You don’t have a boot stick? No worries, go into configuration manager, add the Surface Pro 3 drivers and create a boot stick. I make sure all surface drivers (not just network and storage) are on the stick as it seems to do more and work better for these tablets. The experience around Surface Pro 4 drivers seems to be better. (I just use Network and Storage on Surface Pro 4 with Windows 10, no issues)

Using the boot stick, boot up and the machine will reboot on its own a couple of times, but now the new surface dock will work with the device. It won’t recognize the dock before the firmware is updated. The docking station does seem to work fine.

The next issue we found was not all cables are the same. The mini display port to DVI cables didn’t work with the dock but do work with the Surface Pro 3. Apparently there is an active cable or passive cable. We had passive and the dock didn’t work with them but it works fine with an active cable.

For those of you deploying Surface Pro devices, I hope this helps if you are stuck. Feel free to reach out if stuck.

Enabling UEV in Windows 10 1607

Something new in Anniversary Update is UEV. Microsoft has moved it out of MDOP and put it into the operating system. Enabling and configuring it is pretty straight forward.

First you need Enterprise edition to make it work. Don’t have it, don’t even try this, it won’t work. If you have the MDOP version installed on Pro, upgrading it disables it. Word of warning.

Second you can use PowerShell and run:

Enable-UEV

You might think you are done. You are not, you have to enable the default templates.

Command for that is pretty straight forward:

Register-UevTemplate -Path C:\ProgramData\Microsoft\UEV\InboxTemplates\nameoftemplate.xml

That’s all there is to getting this going. Default save location is the home drive for the user. So if that is defined in AD, you are all set. If not, you can use GPO to set the storage location. Your choice on how you do this.

WiFi disappearing from Windows 10 Laptop

I’ve been running Windows 10 on my laptop since I got it 4 or 5 months ago. It’s a Lenovo X230 i5 12″. Nice and light and pretty decent. I picked it up used off of eBay from a refurbishing company. It’s been doing well but lately I’ve noticed that my WiFi just disappears after sleep or hibernation. A reboot brought it back until recently then nothing would bring it back. My LTE connection works though but WiFi was grayed out. Not sure why, but I figured this had to be a Windows 10 issue and not a flaky hardware issue.

I guess when checking the network connections I was seeing it up and active, but I just couldn’t connect. Here is a lovely screen shot. You can see, I can still enable mobile hotspot, but WiFi is gray which made me wonder just what the Whiskey Tango Foxtrot was going on.

Network-Connections

The Fix

I do what most IT people do now, Google for the answer. You will find quite a few hits on the issue http://bit.ly/2aE0rKE was the link I thought closely resembled my deal and it had a couple of suggestions.

One suggestion is to run a reg delete which when ran just said the registry key couldn’t be found.

The next step is to run netcfg, which again after running from the command prompt as admin, did nothing. Both commands just threw errors.  I also disabled my firewall’s VPN software as the article indicated issues with older VPN client. I disabled the VPN client and rebooted. One of these two things fixed it up and allowed me to get WiFi fired up again.

I don’t know which of the two things fixed it but I’ll update this post as I learn more about the solution. I am glad to have my WiFi back but I also want to ensure that I know what the root cause is for this problem.

 

Real Time Block Lists with Palo Alto Firewalls

If you use a Palo Alto firewall, a new feature since PanOS 5.0 is the real time block lists. I’ve had a few people ask me how to set them up so here is the instructions.

To know what the max number of IPs that your firewall can handle in the RBL, run the following command from the CLI.

show system state | match cfg.general.max-address

This will give you the maximum number of IPs you can have in the list.

Next in the gui on your Palo Alto device, head to objects and then in the left, go to Dynamic Block Lists.

PaloAlto-RealTime-Block-Lists-1

Here is the list of block lists that I’ve configured. To create a new one, click on the add button and give the list a name and a web source for the list. Decide how often you want it to update.

PaloAlto-RealTime-Block-Lists-2

Finally you need to create a deny rule blocking these sites inbound.

PaloAlto-Deny-Policy

Commit the changes and you are off to the races. I often will leave logging on for a bit to see what is being blocked, but eventually, I turn it off because I don’t really care what traffic I am dropping.

Here is a list of sites I pull in. It appears some of these might be managed by a Palo Alto engineer, but I am not certain about this.

  • DSheild Top 20 – https://panwdbl.appspot.com/lists/dshieldbl.txt
  • https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt
  • SpamHaus – https://panwdbl.appspot.com/lists/shdrop.txt (Spam list)
  • Zues Tracker – https://panwdbl.appspot.com/lists/zeustrackerbadips.txt
  • Malware Domain List – https://panwdbl.appspot.com/lists/mdl.txt
  • Openblock List – http://panwdbl.appspot.com/lists/openbl.txt

 

 

 

Canadian MVPDays East – Toronto, Ottawa, and Montreal

I’m happy to announce that I will be presenting at all of the MVPDays Community Roadshows in Toronto, Ottawa and Montreal. Its a great training opportunity for IT professionals who are looking to sharpen their skills. You’ll find the style very similar to the Microsoft TechDays which ran a few years back.
This community initiative is the result of hard work by several of Microsoft Canada’s Top MVPs (Most Valuable Professionals). It is our pleasure to be able to share our knowledge locally allowing the IT communities to learn and advance their technical knowledge base. You can follow Canadian MVPs on Twitter using the hashtags #CDNMVP and #MVPHour.

Expert Speakers will present topics based on their real world experience in short action packed sessions. Content will focus on the following topics:

    · Cloud
    · IT PRO
    · SharePoint / Office 365
    · Development

I will be presenting a session on migrating from on-premise Exchange to Office 365.
To register for any of the Roadshows, select the appropriate city below. Use code UGPROMO to save on your registration.

MVPDays Community Roadshow Toronto
Date: February 29, 2016
Location:
Hilton Garden Inn Toronto/Vaughan
3201 Highway 7
Vaughan, ON,  L4K 5Z7
Registration Link

MVPDays Community Roadshow Ottawa
Date: March 2, 2016
Location:
Ottawa Conference and Event Centre
200 Coventry Road
Ottawa, ON, K1K 4S3
Registration Link

MVPDays Community Roadshow Montreal
Date: March 4, 2016
Location:
Delta Montreal
475 Avenue du Président-Kennedy
Montreal, QC, H3A 1J7
Registration Link

We look forward to seeing you there.

Fixing Errors with Windows Updates

Updates are important to apply and should be done regularly. I’ve had a couple of customers who have had Windows update issues. Basically the machine was spitting errors at the users. The error code they were seeing on a few machines was 0x87D00668. I did some poking around. Thankfully I have a quick and dirty way to fix this issue which is pretty much my go to when these issues crop up.

Windows updates are important to apply on a regular basis. You really don’t want to miss patching machines. In fact you should have a process in place to ensure you update all your computers regardless of the flavour of Operating System (OS) on a regular basis.

Microsoft FixIt Tool

On the machine you are having the problem, go to the Microsoft page where you can download the Windows Update Troubleshooter. Download it, and then run the application using Admin credentials.

It will go and basically clean up the folder where Windows updates are. That file location is C:\WINDOWS\SoftwareDistribution\Download. Then the tool restarts the Windows update service.
I suggest a reboot at this point although it is not indicated it is needed.

With Configuration Manager 2012 R2 the updates, which were pushed as required, automatically started again and installed without troubles.

You can also do this manually.

Stop the Windows Update service.
net stop wuauserv
Rename the Software Distribution folder.
Then start the Windows Update service.
net start wuauserv

This should work for those who use WSUS, manual updates or something like Configuration Manager.

*Update – This works great for those trying the Windows 10 Beta and finding things getting stuck.

 

Setting up Quickbooks as an Application in Azure AD

Adding applications to your Active Directory implementation in Azure AD is fairly straight forward. Let me walk you through a setup and show you what you’ll need to do.

First you need sign up for Windows Azure. This part is free, just go to your free azure trial.  Note that having an Active Directory in Azure does not cost anything. You can add a limited number of applications under the free version as well but can’t use two-factor authentication.

Next you need to create a directory. The Microsoft MVA I recorded with Anthony Bartolo covers this off way better then I can do here. So go on and watch it, follow along and once you are familiar with that, come on back.

You should now have an Active Directory in Azure. Here is a screenshot of my directories.

Azure-Active-Directory-Screen-1

Once your users are created and working properly, head over to the applications.

Azure-Active-Directory-Screen-2

In the applications area, click add in the lower bar on the screen.

Azure-Active-Directory-Screen-3

 

Click on Add an application from the gallery

Azure-Active-Directory-Screen-6

Next search for the application you want. In my case I entered in Quickbooks and searched for it. Find the app, click on it and click the check mark.

Azure-Active-Directory-Screen-7

Now that you’ve added the application, you need to assign it to the user. The wizard will bring you to this screen. First click on Configure single-sign on.

Azure-Active-Directory-Screen-8

Here you are going to select Password Single Sign-On then click the check mark.

Azure-Active-Directory-Screen-9

Next you will go back to the Your app has been added! screen. Click Assign users

Azure-Active-Directory-Screen-10

Change the sort to users (or if you want to assign to a group, leave it as is). Find the group or user you want, select it and then click ASSIGN.

Azure-Active-Directory-Screen-11

You will get a warning screen. You have the option of putting in credentials in for the user (great if you don’t want the user to know the underlying password for the application) or the user will be prompted for them first time if you do not.

Next direct the user to myapps.microsoft.com and have the user log in. If you have two-factor authentication on then you will be challenged for the second piece of authentication. Two-factor authentication is available on Azure AD, but it has a cost for each user who needs it. Having two-factor authentication is a great way to lock down your system though.

Once the user logs in you will screen like the following.

Azure-Active-Directory-Screen-12

Click on the application, in this case Quickbooks and then you will be prompted for Quickbooks credentials if the admin didn’t enter them in and you have not done so yet.Azure-Active-Directory-Screen-13

Once you do this, you’ll be good to go.

 

Clearing the Windows Update Cache

I’ve been seeing issues with Windows updates where computers are getting errors checking in with WSUS. Out of 250 computers I have half a dozen that have update errors. The fix for these is to clear the Windows update cache.

Clearing the cache is straight forward.

  1. Open a command prompt as administrator
  2. run “net stop wuauserv”
  3. go to the windows folder and delete the SoftwareDistribution folder.
  4. run net start wuauserv

There is a Microsoft fixit you can use as well. Check out this link http://support.microsoft.com/Default.aspx?kbid=971058 for more information.