Windows 10 – Technology News and Information by SeniorDBA

Disabling or Uninstalling Unnecessary Services and Apps in Windows 10

Windows 10 is a powerful and versatile operating system that offers many features and functionalities. However, not all of them are necessary or useful for every user. In fact, some of the services and apps that come preinstalled or run in the background can pose security risks or slow down your system performance.

In this blog post, we will describe which unnecessary services and apps you should disable or remove from Windows 10 for security reasons. We will also explain how to do it safely and easily.

What Are Windows Services?

Windows services are programs that run in the background and provide essential functions for the operating system, such as networking, security, printing, etc. They usually start automatically when you boot up your computer and run until you shut it down.

What Are Windows Apps?

Windows apps are applications that you can install from the Microsoft Store or other sources. They are designed to work with the modern user interface of Windows 10 and offer various functionalities, such as games, productivity tools, social media, etc.

Why Should You Disable or Remove Unnecessary Services and Apps?

There are several reasons why you may want to disable or remove unnecessary services and apps from Windows 10:

Security – Some services and apps may have vulnerabilities that can be exploited by hackers or malware. For example, the Remote Desktop service can allow remote access to your computer if it is not configured properly. The Bluetooth service can expose your device to wireless attacks if you don’t use it. Some apps may also collect your personal data or display unwanted ads.
Performance – Some services and apps may consume a lot of system resources, such as CPU, RAM, disk space, etc. This can affect your system speed and responsiveness, especially if you have a low-end device or multiple programs running at the same time.
Privacy – Some services and apps may send your data to Microsoft or other third-party servers for various purposes, such as diagnostics, feedback, advertising, etc. This can compromise your privacy and expose your online activities to others.
Storage – Some services and apps may take up a lot of disk space on your device, especially if they are rarely used or updated. This can limit your available storage space for other files and programs.

Which Services and Apps Should You Disable or Remove?

Continue reading “Disabling or Uninstalling Unnecessary Services and Apps in Windows 10”

10 Steps to Securely Configuring Windows 10

Windows 10 is the most popular operating system in the world, but it also comes with some security risks. If you want to protect your data and privacy, you need to configure Windows 10 for security. Here are 10 steps you can follow to make your Windows 10 more secure.

Update Windows 10 regularly – Windows 10 updates often include security patches and bug fixes that can prevent hackers from exploiting vulnerabilities in your system. To check for updates, go to Settings > Update & Security > Windows Update and click on Check for updates. If there are any available updates, install them as soon as possible.
Use a strong password and a PIN – A strong password is one that is long, complex, and unique. It should include a mix of uppercase and lowercase letters, numbers, and symbols. A PIN is a four-digit code that you can use to unlock your device instead of typing your password. To set up a password and a PIN, go to Settings > Accounts > Sign-in options and choose Password and PIN. Make sure you don’t use the same password or PIN for other accounts or devices.
Enable BitLocker encryption – BitLocker is a feature that encrypts your hard drive, making it unreadable to anyone who doesn’t have the right key. This can protect your data in case your device is lost, stolen, or hacked. To enable BitLocker, go to Settings > System > About and click on Device encryption. If your device supports BitLocker, you will see a Turn on button. Click on it and follow the instructions.
Use Windows Defender Firewall and antivirus – Windows Defender Firewall is a feature that blocks unauthorized network connections, preventing hackers from accessing your device or data. Windows Defender antivirus is a feature that scans your device for malware and removes any threats. To use Windows Defender Firewall and antivirus, go to Settings > Update & Security > Windows Security and click on Firewall & network protection and Virus & threat protection. Make sure they are both turned on and up to date.
Enable two-factor authentication – Two-factor authentication is a feature that adds an extra layer of security to your online accounts. It requires you to enter a code or use an app on your phone after entering your password, verifying your identity. To enable two-factor authentication, go to Settings > Accounts > Sign-in options and click on Security key or Windows Hello. Follow the instructions to set up your preferred method of two-factor authentication.
Use a VPN service – A VPN service is a feature that encrypts your internet traffic, hiding your IP address and location from prying eyes. This can protect your privacy and security when you use public Wi-Fi or access geo-restricted content. To use a VPN service, you need to download and install a VPN app from the Microsoft Store or a trusted website. Then, launch the app and connect to a server of your choice.
Disable unnecessary services and apps – Some services and apps that come with Windows 10 may not be essential for your needs, but they can consume resources and pose security risks. To disable unnecessary services and apps, go to Settings > Apps > Apps & features and click on the service or app you want to uninstall or modify. You can also go to Settings > Privacy and review the permissions that each app has access to.
Use a secure browser and extensions – A secure browser is one that protects your online activity from trackers, ads, and malicious websites. A secure extension is one that enhances the functionality of your browser without compromising your security or privacy. To use a secure browser and extensions, you can choose one of the following options:
- Use Microsoft Edge, which is the default browser for Windows 10. It has features like SmartScreen, Tracking Prevention, InPrivate mode, and Password Monitor that can improve your security and privacy.
- Use Google Chrome, which is the most popular browser in the world. It has features like Safe Browsing, Incognito mode, Password Checkup, and Sync that can improve your security and privacy.
- Use Mozilla Firefox, which is the most privacy-focused browser in the world. It has features like Enhanced Tracking Protection, Private Browsing mode, Lockwise, and Monitor that can improve your security and privacy.
Backup your data regularly – Backing up your data is a feature that copies your files to another location, such as an external hard drive or a cloud service. This can protect your data from accidental deletion, corruption, or ransomware attacks. To protect your data regularly, go to Settings > Update & Security > Backup and click on Add a drive or Backup options. Choose where you want to store your backup files and how often you want to backup.
Educate yourself on cyber threats and best practices – The most important feature for securing your Windows 10 is your own knowledge and awareness. You need to learn how to recognize and avoid common cyber threats, such as phishing, malware, or social engineering. You also need to follow best practices, such as using strong passwords, updating your software, and locking your device when not in use. You can find more information and tips on how to secure your Windows 10 on the Microsoft website or other reputable sources.

Different Ways to Reboot Windows 10 Computer

Rebooting a Windows 10 computer is a common and simple operation that can help you fix some software issues or apply the changes you have made to your computer. However, do you know how to reboot Windows 10 properly? In this blog post, I will show you four different ways to restart your Windows 10 computer in a professional and safe manner.

Many might find these instructions too simple or too well known to even list, but some users are just learning how to use Windows 10 and might find these instructions useful.

Method 1: Reboot in a Normal Way

This is the conventional and most widely used method. You can follow these steps to reboot your Windows 10 computer in a normal way:

Open Start on Windows 10.
Press the Power button and select Restart from the popup menu.
Wait for your computer to restart.

Alternatively, you can also use the Power User Menu to perform a normal restart of Windows 10. Here are the steps:

Right-click on the Start button or press the Windows key and the X key at the same time to open the Power User Menu.
Go to Shut down or sign out.
Select Restart from the popup sub-menu of Shut down or sign out.
Wait for your computer to restart.

Method 2: Reboot using Ctrl+Alt+Del

You can also use the keyboard shortcut Ctrl+Alt+Del to restart your Windows 10 computer. This method works on all Windows 10 computers. Here is how to do it:

Press Ctrl+Alt+Del at the same time on your keyboard to open the shutdown dialog box.
Click on the Power button that is on the lower-right side of your computer screen.
Select Restart from the pop-out menu.
Wait for your computer to restart.

Method 3: Restart from Command Prompt

The third method is to restart your Windows 10 computer from Command Prompt. This method requires you to use the shutdown command to reboot Windows 10. You can follow these steps to do it:

Open Command Prompt as an administrator. You can do this by typing cmd in the Start menu, right-clicking on Command Prompt, and selecting Run as Administrator.
In the Command Prompt window, type “shutdown /r” (without the quotes) and press Enter. This will initiate a restart of your computer.
Wait for your computer to restart.

Continue reading “Different Ways to Reboot Windows 10 Computer”

How to Create a Secure Windows 10 Workstation for Beginners

If you are new to Windows 10 and want to create a secure workstation for your personal or professional use, this blog post is for you. In this post, I will show you how to set up a Windows 10 workstation with some basic security features that will help you protect your data and privacy. Here are the steps you need to follow:

Continue reading “How to Create a Secure Windows 10 Workstation for Beginners”

Windows 10 Security Overview

Windows 10 is the most popular operating system in the world, powering millions of devices from desktops to laptops to tablets to smartphones. Windows 10 offers many features and functionalities that enhance the user experience and productivity. However, Windows 10 also faces many security challenges and threats from hackers, malware, ransomware, phishing, and other cyberattacks.

Windows 10 security settings are the policies and configurations that define how Windows 10 devices are protected from unauthorized access or modification. Windows 10 security settings are important for several reasons. First, they help ensure the confidentiality, integrity, and availability of the device and the data. By applying appropriate security settings, users can control who can access their device and data and monitor any changes or activities. This prevents data breaches, identity theft, or sabotage by malicious actors.

Second, they help maintain compliance with various regulations and standards, such as HIPAA, PCI DSS, GDPR, and NIST. These regulations and standards require organizations and individuals to implement certain security measures to protect the personal or sensitive information of their customers, employees, or partners. By following the best practices for Windows 10 security settings, users can avoid fines, lawsuits, or reputational damage.

Third, they help improve the performance and efficiency of the device and the IT staff. By using Windows 10 security settings to enforce password policies, firewall rules, antivirus software, encryption methods, and other settings, users can reduce the risk of human errors, virus infections, network attacks, or data loss. This also reduces the workload and costs of managing and troubleshooting the device.

In this post, we’ll discuss the importance of the top 5 security settings in Windows 10:

BitLocker
Windows Defender
Windows Firewall
User Account Control
Windows Update

Continue reading “Windows 10 Security Overview”

Windows Sandbox in Windows 10

Added to Windows 10 version 1903 (May 2019 Update), Microsoft introduced the Windows Sandbox feature. Windows Sandbox feature helps you run programs in isolation without affecting your Windows 10 host. The Sandbox feature is designed to allow you to test unknown or suspicious programs in an environment that cannot make changes to the Windows 10 host or the data on that host machine.

Using the Sandbox

Step 1: Launch typing “Windows Sandbox” in the Start/Taskbar search field and then hitting the Enter key.

Step 2: After the Sandbox is launched, copy and paste the program setup file that you want to run into Sandbox. You can also use the Edge browser in the Sandbox to download the program you want to test.

Step 3: Run the setup file and install any program. Use the Start menu in the Sandbox to launch any program. Use any program like you would do in the regular desktop environment.

Step 4: Once you are done testing the program, just close the Sandbox to delete any program installed in the Sandbox. This will also delete any data from the Sandbox. Any program or file that you downloaded during the Sandbox session will be removed permanently.

Note: If you cannot find the Windows Sandbox, it’s likely because the feature is turned off or you don’t have a version of Windows 10 that includes this feature.

Helping Prevent Mimikatz Attacks

Mimikatz is a hacking tool that can be used to attack your endpoint in an attempt to “steal” any passwords that may exist on your Windows device. It can also play a role in internal penetration testing or red team exercises to test an attack on your network devices. Mimikatz is very effective and in a lot of cases it can lead to lateral movement and eventual escalation to domain control.

You should also consider that Mimikatz can only dump credentials and password hashes if it is executed as a privilege user like the built-in local administrator account. If you are logged into your Windows device as a local administrator, Mimikatz can be run and it probably will disclose your password.

Once of the things Mimikatz requires to run successfully is the debug privilege. The “Debug Privilege” is a permission that determines which users can attach a debugger to any process or to the kernel. By default this privilege is given to Local Administrators, but it is highly unlikely that a Local Administrator will need this privilege unless you are a programmer or have a specific reason to need this permission.

To help prevent Mimikatz from running successfully, just remove this “Debug Privilege” permission from all users. Mimikatz requires this privilege as it interacts with processes such as LSASS. It is important to set this privilege only to the specific group of people that will need this permission and remove it from the Local Administrators. The SeDebugPrivilege can be disabled by defining the policy to contain no users or groups.

Enable Reserved Storage Using DISM or PowerShell on Windows 10

How to Enable Reserved Storage on Windows 10

Windows Updates will fail to install if your PC doesn’t have enough free disk space. Before reserved space, the only workaround is to free up some storage space before continuing with your update effort. With the May 2019 Update to Windows 10, Microsoft fixed this problem by reserving disk space for future updates.

With “reserved storage,” Microsoft sets aside at least 7 gigabytes of space on your hard drive to ensure updates can download—regardless of how much normal disk space you have.

When not being used by update files, Reserved Storage will be used for apps, temporary files, and system caches, improving the day-to-day function of your PC.

When enabled, it keeps some disk space for Windows Update, apps, temporary files, and system caches because without enough disk space Windows and applications may stop working properly.

Users installing a fresh copy of Windows 10 1903 or later, or receiving a device with the OS preinstalled, should see Reserved Storage enabled out-of-the-box. Some device manufacturers choose not to enable Reserved Storage because it reduces the available disk space to users.

Those upgrading from a previous version of Windows don’t get Reserved Storage, unless the ShippedWithReserves registry key is set to 1 before the upgrade. You can find the key under:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager

Windows Update and Reserved Storage

Windows Update gives priority access to Reserved Storage. Before an update, temporary files that are no longer needed in Reserved Storage are deleted and the remaining space is then given exclusively to Windows Update. If Reserved Storage still doesn’t have enough space, Windows Update can also spill into free disk space that is available to the user. On systems where disk space is severely limited, Windows Update might also prompt to attach external storage to complete the update process.

DISM updated with new Reserved Storage options

Admins are able to query the amount of space reserved and even disable Reserved Storage. The state of Reserved Storage is preserved across OS upgrades once it has been enabled or disabled using DISM. The following DISM command enables Reserved Storage for the online Windows image:

PowerShell

DISM /Online /Set-ReservedStorageState /State:Enabled

Changing the /State parameter to Disabled turns off Reserved Storage. Running DISM /Online /Get-ReservedStorageState shows whether the online Windows image has Reserved Storage enabled.

Enable or Disable Reserved Storage using PowerShell

If you don’t want to mess around with DISM, Windows 10 version 2004 supports a new PowerShell cmdlet that will let you enable or disable Reserved Storage for online images.

Continue reading “Enable Reserved Storage Using DISM or PowerShell on Windows 10”

Deciding on Microsoft Intune

Many companies are trying to figure out how to handle their mobile device management at their business. Many will buy a product that performs some or all of the functions they need, or at least they think they need. As their needs mature or as requirements change, they may need to change the solution to a different product. I think the full-featured product that many companies need is Microsoft Endpoint Management, also known as Microsoft Intune. Intune is Microsoft’s answer to mobile-device management for Windows centric companies, and it is so very simple to use.

Intune will allow you to enroll all your Windows 10, macOS, iPadOS, and Android devices. Once a device is enrolled, it can be configured, applications can be installed, and devices can be wiped when they no longer need to be managed.

As you can imagine, effective configuration and application management across all business devices, including advanced security settings on multiple operating systems, using one powerful and easy-to-use interface will make support and training much easier, and your business will save money and time.

It is a popular and cost effective cloud-based tool that gives all employees access to corporate applications on their assigned endpoint, along with conditional access to corporate data, and is simplifies the deployment of those settings, applications, and access to sensitive data to easily support hundreds or even thousands of employees with very little hands-on work by your technology team.

If you have your technology team buying and manually building laptops as you hire new employees you already know how difficult, time consuming, and manual that process can be, even if you have automated some of those steps. You need to deploy a new application to all employees? Simple, just send someone to all your users and they can install the software from a network share or flash drive. Maybe you have automated some of these steps and you deploy the new software via GPO? How long does it take for your remote workforce to finally make a VPN connection to the corporate network to get the new software? How easy is it to determine who is still missing the new software package or has installation errors?

How easy would it be to implement 10-20 new security settings to all your users laptops overnight?
How easy will it be to remove software they aren’t supposed to have installed, even if you can detect it exists on their laptop?
Do you have an accurate and up-to-date asset inventory of user laptops and what software is actually installed?
Are you able to detect missing patches to the OS and all the installed software for every user?
Can you make sure users are even trying to install patches on their laptops?

Remote workers that never connect to the corporate network make this management process even more difficult.

Do you have a solution to this issue? I think Microsoft Intune may be the solution to your problem, and it may already be included in your O365 licensing.

Let’s talk about some of the reasons I like Microsoft Intune.

Continue reading “Deciding on Microsoft Intune”

Using Microsoft Endpoint Manager (Intune) and Windows 10 templates to configure policy settings

Photo by Andrea Piacquadio on Pexels.com

Introduction

Successfully configuring a variety of Group Policy settings has been a thing for millions of domain-joined Windows devices for many years, and the future of configuration options has expanded with the addition of many of these settings in Microsoft’s cloud endpoint management tool called Endpoint Manager (aka Intune).

Many of the same settings that businesses are accustomed to configuring today, using the traditional Group Policy settings, are also available by using the cloud management tool various Configuration Policy settings. They work in much the same way, using the new cloud interface from you browser.

The beauty of the new cloud interface is the ease in which Microsoft can add, change, and remove settings overnight. The worst part of the cloud interface is Microsoft can add, change, and remove settings overnight. Gone are the days of writing a GPO and it is good for many years. Now you can easily create a new Configuration Policy that does exactly what you need it to do, and it may last many years or it may be obsolete in a few months. That means you life is potentially just as easy, but you have to monitor the news feed from Microsoft to keep apprised of changes before they impact you production systems.

10 Tips for Securing Windows 10

The current Microsoft Windows is the most popular operating system in the world, which also makes it the primary target for hackers and malicious actors attempting to gain access to your computer so they can steal your data. While most software vendors regularly correct security issues, Microsoft is constantly updating it’s software to help protect it’s users from potential compromise. They provide monthly updates and special patches as issues are discovered, but with constant improvements and the addition of new features also brings the possibility of new bugs and vulnerabilities.

While some people might just throw up their hands and decide there isn’t much a typical user can do to adequately secure their systems, there are simple things you can do that will help prevent a successful attack. Let’s look at some simple tips that you should follow to make Windows 10 more secure.

1. Update Windows and Other Programs

Microsoft has an entire team of people that help make Windows 10 as secure as possible, and when they find a problem they issue a fix to help remediate the issue before hackers can take advantage of the flaw. This only works if you actually patch your software to add the fix onto your system.

Allowing your computer to become outdated will eventually cause an issue that could lead to a successful attack on your computer. Hackers and other malicious actors are actively looking for systems with known vulnerabilities, so to help prevent your computer from being on their attack list, frequently patch your system.

Make sure that you enable Windows updates, that you check occasionally to make sure your system isn’t missing any updates, and that you verify all the software on your computer is also getting updates. Some people worry that installing a patch will break something, but that is easily corrected by simply removing the patch if that happens to your computer.

2. Enable System Restore

System restore is an option built into Windows 10 that allows you to set the system back to the previous date whenever there are problems. By default, “System Restore” is disabled in Windows 10. If you want to be able to quickly undo any problem that happen on your system, simply restore back to a previous restore point, and any changes to your system after that date and time are removed.

System Restore does not restore user data or documents, so it will not cause users to lose their files, e-mail, browsing history, or favorites.

You can find instructions on how to use this feature here.

3. Use Drive Encryption

Unless BitLocker is enabled on your Windows 10 computer, your drive contents are stored in “Plain Text”. This means if your laptop is stolen, the drive can be removed and the contents can be read from another computer. Encryption is essential if you are keeping critical information in your laptop. By enabling BitLocker, a feature already available on your computer, Windows will encrypt the contents of your hard drive, making it very difficult for an unauthorized person to view the contents of your hard drive.

You can find instructions on how to use this feature here.

4. Use Anti-Virus Tools

Windows 10 has a built-in protection feature to stop viruses and malware called Microsoft Defender and the Windows Security Center. By enabling Microsoft Defender you get built-in protection from most virus and malware programs. The Windows Security Center is were you go to modify and customize your Defender settings and check on the overall security status of your computer. Check the home screen from the Windows Security Center and ensure all systems are showing in green.

If malware gets onto your computer, one of the first things it will attempt is to programmatically disable Microsoft Defender. The best feature you can enable is Tamper Protection. This feature makes it very difficult to disable Microsoft Defender protection without your approval. You can find instructions on how to enable this feature here. Continue reading “10 Tips for Securing Windows 10”

How to Avoid Ransomware

Ransomware is malware installed on your machine intended deny access to your critical files. Once you can’t access you documents, pictures, and music the attacker offers to release the files back to you for a fee. Sometimes the fee might be several hundred dollars, but for businesses the fee might be in the millions.

The attacker uses fairly standard attack methods to install software on your computer that scans your system for specific file types, then encrypts the files using a method that is usually not recoverable. Then the malware will present you with a key value to redeem for a decryption key. If you present your key and the appropriate fee, the cyber criminals provide you with a decryption key that makes you files available again. Usually. Sometimes you pay and they don’t respond or the key that is provided doesn’t work correctly.

There are some specific things you can do to make the risk much smaller of a successful attack on your computer, as well as ways to make the impact smaller so you might not have to pay the ransom. Some of these are easy for a non-technical user to tackle, but others are better suited for technical personnel at a business or government agency.

Inexpensive Ways to Reduce Ransomware Attack Success

Backup Your Important Data – If you have a backup of your data that hasn’t been encrypted, you probably won’t have to pay the attacker a fee. Depending on how often your data changes, you might be able to perform a weekly backup (there is a utility built into Windows 10, or you can buy a program that doesn’t a backup either to an external hard drive or the cloud). Keep backups separate from your computer so that a successful attack won’t have access to the backup files. If your files get encrypted, you can safely reload Windows 10 onto your computer and copy your files from the backup to the clean laptop.
Enable Microsoft Defender – Microsoft Defender is included with Windows 10. It has some powerful feature to protect your computer from malicious attacks, but only if they are enabled and properly configured. Enable controlled folder access to prevent unauthorized applications from modifying protected files, turn on cloud-delivered protection and automatic sample submission for better protection, and enable tamper protection to prevent the protection from being disabled when you need it the most. You should also enable the attack surface reduction rules in Defender, including rules that block ransomware activity and other activities associated with and attack.
Protect Systems – Don’t have anything directly on the internet that isn’t correctly hardened and patched to prevent an easy attack surface. If you don’t know how to properly configure a server or other infrastructure item, don’t guess because the hackers know what they are looking for when they stage an attack.
Use MFA – Enable Multi-Factor Authentication (MFA) when possible. Many online sites now allow you to enable this extra protection that requires you to know your standard account password as well as have possession of a specific device to successfully log into their systems. This can be really handy to prevent someone guessing your password and accessing your Facebook, Twitter, or O365 account from anywhere in the world.
Education – Educate yourself on how to detect and avoid phishing emails and potentially malicious websites.

Continue reading “How to Avoid Ransomware”

Enable Reserved Storage Using DISM or PowerShell on Windows 10

How to Enable Reserved Storage on Windows 10

With “reserved storage,” Microsoft sets aside at least 7 gigabytes of space on your hard drive to ensure updates can download—regardless of how much normal disk space you have.

When not being used by update files, Reserved Storage will be used for apps, temporary files, and system caches, improving the day-to-day function of your PC.

When enabled, it keeps some disk space for Windows Update, apps, temporary files, and system caches because without enough disk space Windows and applications may stop working properly.

Those upgrading from a previous version of Windows don’t get Reserved Storage, unless the ShippedWithReserves registry key is set to 1 before the upgrade. You can find the key under:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager.

Windows Update and Reserved Storage

DISM updated with new Reserved Storage options

PowerShell

DISM /Online /Set-ReservedStorageState /State:Enabled

Changing the /State parameter to Disabled turns off Reserved Storage. Running DISM /Online /Get-ReservedStorageState shows whether the online Windows image has Reserved Storage enabled.

Enable or Disable Reserved Storage using PowerShell

If you don’t want to mess around with DISM, Windows 10 version 2004 supports a new PowerShell cmdlet that will let you enable or disable Reserved Storage for online images.

Continue reading “Enable Reserved Storage Using DISM or PowerShell on Windows 10”

Automating Lenovo System Updates with Azure Intune

One of the challenges of automating system management with Azure Intune is modifying the typical GPO procedures to work within the limitations of Azure Intune. One of the things you may have automated today is the management of your Lenovo endpoints using system images and GPO to manage the automation settings for your enterprise.

This article will attempt to help you automate those processes with Azure Intune.

We assume you have access to Azure Intune, and a Lenovo laptop or desktop already enrolled in Azure Intune to test this configuration. You will also need the System Update Administrator Tools downloaded from Lenovo, and already have the Lenovo System Update utility installed on the endpoints.

If you assume that in a production environment, the endpoint is coming right out of the box and is directly connected to Azure AD. You will have met the normal requirements for the device to be enrolled in Azure Intune and it should pickup all the profiles and policies assigned, including this new profile. Now the device is enrolled in Azure AD, managed with Azure Intune, and it will automatically get updates from Lenovo.

We are now going to create a profile to properly configure Lenovo System Update using the profile settings in Azure Intune.

1. Consume the TVSU ADMX file

Download the System Update Administrator Tools from Lenovo.
Run the executable to install the ADMX file onto you local computer. By default, the contents are extracted to C:\SWTOOLS\TOOLS\Admin folder.
Navigate to the installation folder and copy the contents of the tvsu.admx file into your clipboard for the next step.

2. Create a Custom Azure Intune Profile

Sign in to the Azure Device Management portal
Navigate to Device Configuration > Profiles > Click Create Profile
Enter the required information for the new profile, for example:
- Name: Lenovo System Update Automation
- Description: Lenovo System Update Automation
- Platform: Windows 10 and later
- Profile Type: Custom
In the Custom OMA-URI Settings menu, click Add and enter the following
- Name: TVSU ADMX Ingestion
- Description: (Optional)
- OMA-URI: ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Lenovo/Policy/TVSU
- Data Type: String
- Value: Copy the contents of the tvsu.admx into this text field
Click OK to complete adding the new OMA-URI row
Click Create to create the new profile
Assign the profile to a group. This group should only include the test devices that have System Update utility installed.

Verify the settings have pushed to a device by launching Regedit and navigating to

HKLM\SOFTWARE\Microsoft\PolicyManager\AdmxDefault

3. Create a TVSU Policy

Step 1

Sign in to the Azure Device Management portal
Navigate to Device Configuration > Profiles >
click the Lenovo System Update Automation profile that was created above, then Properties > Settings
In the Custom OMA-URI Settings menu, click Add and enter the following
- - Name: Admin Command Line
  - Description: Installs Critical and Recommended packages with a reboot type 3 (requires reboot)
  - OMA-URI:
    ./Device/Vendor/MSFT/Policy/Config/Lenovo~Policy~Cat_ThinkVantage_61~Cat_System_Update_63~Cat_UserSettings_74~Cat_General_78/Policy_Admin_CommandLine_154
  - Data Type: String
  - Value:

<enabled/><data id="Policy_TextBox_Element_Admin_CommandLine_155" value="/CM -search R -action INSTALL -includerebootpackages 3 -noicon -noreboot -nolicense -defaultupdate"/>

- Click OK to complete adding the new OMA-URI row
- Make sure you save any changes to this profile.

Apply the profile to a Windows 10 endpoint, then verify the policies have applied to the client by launching Regedit and navigate to

HKLM\SOFTWARE\Policies\Lenovo\System Update\UserSettings\General

Note: You can choose to direct your endpoints to a custom location to download all updates from your file server, but I find it helpful to allow my remote users to download updates directly from Lenovo. The link to Lenovo below shows you how to configure your users to download updates from your custom file server.

4. Test your new Azure Intune Profile

Once you have finished adding these settings to an Azure Intune profile and assigning it to your test endpoints, you can sync your test endpoint and verify the settings are applied correctly. You can even execute the Lenovo System Update utility to verify it works correctly. It will now automatically download and apply most updates without warning the user, unless a reboot is required. Once you are finished testing you can assign it to all Lenovo endpoints managed with Azure Intune.

You can read the Lenovo instruction here.

Microsoft Product Roadmap for 2019

There has been several recent announcements from Microsoft, outlining there proposed product releases for 2019. There has been so many announcements it might be difficult for you to keep track of them all, but the good news is there are people tracking the announcements for you. In this article from Gladys Rama, we get an easy to follow list of announcements from Microsoft.

Windows 10 ’19H1′ and Beyond (UPDATED: 8/7) Spring update: Released Fall update: Fourth quarter of 2019	Windows Server ‘vNext’ (UPDATED: 7/31) Spring update: Released
System Center 2019 (UPDATED: 3/29) Released	Dynamics 365 (UPDATED: 8/2) April ’19 update: Released “Release Wave 2”: October 2019
BizTalk Server ‘vNext’ Anticipated release: Second half of 2019	Visual Studio 2019 (UPDATED: 7/29) Released
Azure DevOps Server 2019 (UPDATED: 3/5) Released	HoloLens 2 (UPDATED: 2/24) Anticipated release: First half of 2019
SQL Server 2019 (UPDATED: 5/22) Anticipated release: Second half of 2019	Roadmap Archives: 2018 \| 2017 \| 2016 \| 2015 \| 2014 \| 2013 \| 2012 \| 2011

Windows Sandbox In Windows 10

Using the Sandbox

Step 1: Launch typing “Windows Sandbox” in the Start/Taskbar search field and then hitting the Enter key.

Step 3: Run the setup file and install any program. Use the Start menu in the Sandbox to launch any program. Use any program like you would do in the regular desktop environment.

Step 4: Once you are done testing the program, just close the Sandbox to delete any program installed in the Sandbox . This will also delete any data from the Sandbox. Any program or file that you downloaded during the Sandbox session will be removed permanently.

Note: If you cannot find the Windows Sandbox, it’s likely because the feature is turned off or you don’t have a version of Windows 10 that includes this new feature.

Microsoft Product Roadmap for 2018

There has been several recent announcements from Microsoft, outlining there proposed product releases for 2018. There has been so many announcements it might be difficult for you to keep track ofthem all, but the good news is there are people tracking the announcements for you. In this article from Gladys Rama, we get an easy to follow list of announcements from Microsoft.

Windows 10 (UPDATED: 5/29) “Redstone 4”: Released “Redstone 5”: Fall 2018	Teams and Skype for Business (UPDATED: 5/17) Anticipated release: Teams updates throughout 2018, with Skype for Business Server 2019 coming in the second half of the year
Office 2019 (UPDATED: 4/27) Anticipated release: Preview in Q2 2018, with general availability in the second half of the year	SharePoint Server 2019 (UPDATED: 5/21) Anticipated release: Preview in June 2018, with general availability in the second half of the year
Exchange Server 2019 Anticipated release: Preview in Q2 2018, with general availability in the second half of the year	Dynamics 365 (UPDATED: 4/12) Anticipated release: Updates throughout 2018, with a model revamp being implemented in spring
Windows Server and “Project Honolulu” (UPDATED: 5/30) Anticipated release: Windows Server “semiannual channel” release in May 7, 2018 and in the fall, with Windows Server 2019 coming in the second half of 2018 Project Honolulu: Released	Roadmap Archives 2017 \| 2016 \| 2015 \| 2014 \| 2013 \| 2012 \| 2011

Enabling Windows Defender Application Guard in Windows 10

On Windows 10, a relatively new feature called Windows Defender Application Guard (WDAG) allows the user to isolate Microsoft Edge browser at the hardware level using Hyper-V technology. This allows the user to protect the device and data from many malware and zero-day attacks.

Microsoft Edge running in WDAG should provide enterprises the maximum level of protection from malware and zero day attacks. WDAG for Microsoft Edge is a lightweight virtual machine that helps isolate potentially malicious website activity from reaching your operating system, applications, and critical data.

Isolated Browsing – WDAG uses the latest virtualization technology to help protect your operating system by creating an isolated environment for your Microsoft Edge session.
Help Safeguard your PC – WDAG starts up every time you visit an internet site to help keep potentially malicious attacks away from your PC.
Malware Removal – Any websites you visit, files you download, or settings you change while in this isolated environment are deleted when you sign out of Windows, wiping out any potential malware.

Continue reading “Enabling Windows Defender Application Guard in Windows 10”

Create Bootable USB Drive Using Windows 10

Creating a bootable USB may allow you to boot your computer even if the internal hard drive has stopped working. It is also very useful to create a bootable USB drive so you can copy the Windows 10 ISO image onto the USB drive and install Windows 10 with ease. With a new major version of Windows 10 available, maybe now is a good time to review these steps. We have shown you how to create a Kali Linux boot USB using your Mac in a previous post.

If you don’t want to use any special software there is a way to create a bootable USB drive from you Windows 10 Command Prompt, but it can be a bit tricky. Here’s how to do it step-by-step on your computer:

Continue reading “Create Bootable USB Drive Using Windows 10”

Microsoft Plans Office 365 Upgrades

A few months ag0 Microsoft announced that Windows 10 would receive major updates just twice a year, scheduled for September and March. Based on feedback from enterprise customers wanting a more tolerable schedule, Microsoft moved to make their release schedule more predictable.

What some people missed is that they also announced an identical schedule for corporate subscribers to Office 365. They aligned the update schedule with Windows 10. Microsoft says they plan to deliver and support Office 365 ProPlus updates, starting in September.

Microsoft also extended support 50% from 12 months per update to 18 months. The additional six months means your IT team can choose to push updates just once or twice a year.

The twice-a-year feature updates will be named Semi-annual Channel (Pilot) and Semi-annual Channel (Broad), each describing how Microsoft envisions them being deployed in the enterprise. Most people will probably just refer to them as simply “Pilot” and “Broad”.

You can get more information here.

Installing the Linux Bash Shell on Windows 10

Windows 10’s Anniversary Update offered a new feature for developers: A full Ubuntu-based Bash shell that can run Linux commands on a Windows 10 client. This is possible by using the new “Windows Subsystem for Linux” Microsoft added to Windows 10.

This isn’t a virtual machine or Linux software compiled for Windows. Microsoft worked with Canonical to offer a full Ubuntu-based Bash shell. This isn’t Linux, it is just the Bash shell and the exact same binaries you’d normally run on Ubuntu Linux.

It’s intended for developers who want to run Linux command-line utilities on Windows. They’ll get access to the Windows file system, but you can’t use Bash commands to automate normal Windows programs, or launch Bash commands from the standard Windows command-line.

How to Install Bash on Windows 10

To get started, make sure you have installed the Windows 10 Anniversary Update (build 14316 or higher). This also only works on 64-bit builds of Windows 10.

Once you’re sure you’re using the correct version of Windows 10, open the Settings app and go to Update & Security > For Developers. Activate the “Developer Mode” switch here to enable Developer Mode.

Next, open the Control Panel, click “Programs,” and click “Turn Windows Features On or Off” under Programs and Features. Enable the “Windows Subsystem for Linux (Beta)” option in the list here and click “OK.”

After you do, you’ll be prompted to reboot your computer. Click “Restart Now” to reboot your computer and Windows 10 will install the new feature.

After your computer restarts, click the Start button (or press the Windows key), type “bash”, and press “Enter.”

The first time you run the bash.exe file, you’ll be prompted to accept the terms of service. The command will then download the “Bash on Ubuntu on Windows” application from the Windows Store. You’ll be asked to create a user account and password for use in the Bash environment.

If you’d like to automate the installation of Bash instead, you can run the following command in a Command Prompt window. This will automatically agree to all prompts and set the default user to “root” with no password:

lxrun /install /y

Using Ubuntu’s Bash Shell

You now have a full command-line bash shell based on Ubuntu, which means you can use Ubuntu’s apt-get command to install software from Ubuntu’s repositories. You’ll have access to all the Linux command line software out there.

To open the Bash shell, just open your Start menu and search for “bash” or “Ubuntu.” You’ll see a “Bash on Ubuntu on Windows” application. You can pin this application shortcut to your Start menu, taskbar, or desktop for easier access.

If you’re experienced using a Bash shell on Linux, Mac OS X, or other platforms, you’ll be right at home. You don’t need to use sudo, as you’re given a root shell. The “root” user on UNIX platforms has full system access, like the “Administrator” user on Windows. Your Windows file system is located at /mnt/c in the Bash shell environment.

Use the same Linux terminal commands you’d use to get around. If you’re used to the standard Windows Command Prompt with its DOS commands, here are a few basic commands on both Bash and Windows:

Change Directory: cd in Bash, cd or chdir in DOS
List Contents of Directory: ls in Bash, dir in DOS
Move or Rename a File: mv in Bash, move and rename in DOS
Copy a File: cp in Bash, copy in DOS
Delete a File: rm in Bash, del or erase in DOS
Create a Directory: mkdir in Bash, mkdir in DOS
Use a Text Editor: vi or nano in Bash, edit in DOS

It’s also important to remember that the Bash shell and its Linux-imitating environment are case-sensitive. Unlike Windows, “MyFileName.txt” is different from “myfilename.txt”, just because of the use of capital letters in the name.

11 Hidden Windows 10 Tips and Tweaks

All the features of Windows 10 aren’t as obvious as they should be, and that includes the tips and tweaks that make the powerful operating system easier to use. In this article by Howard Wen, we learn the details of 11 lesser-known ways to make Windows 10 better.

1. Delete your previous Windows version installation

2. Know how to sign out of Windows 10

3. Pick whatever accent color you want

4. Use the new delay timer in the Snipping Tool

5. Change Edge’s default search engine from Bing to another one

6. Delay automatic updates over Wi-Fi

7. Record video clips using the Xbox app

8. Remove the OneDrive folder from File Explorer

9. Pin Windows apps to the desktop

10. Access all Windows 10 settings under one user interface

11. Uninstall default Windows apps

You can read the entire article to see all the details.

Microsoft Replaces Command Prompt with PowerShell in Windows 10

The Command Prompt has been part of Windows for a very long time, but it is being replaced starting with Windows 10 build 14971. It looks like Microsoft is trying to make PowerShell the main command shell in their latest update to their premier operating system.

In this build, PowerShell will officially replace the traditional Command Prompt in most any way you used to run the utility. Even typing cmd in the run dialog will launch PowerShell.

The 5 Coolest Features Coming to Windows 10

With the recent Microsoft event, we know that there will be many new features coming from Microsoft’s flagship operating system in the upcoming Windows refresh. The free Windows 10 Creators Update will arrive on all Windows 10 devices in Spring 2017. This is a list of the top 5 best things about the new Windows:

Office Apps Supporting 3D – In a Microsoft demo, they showed 3D objects being dropped into a PowerPoint presentation. They spun the objects and and moved from slide to slide at amazing speeds.
Virtual Reality – While Microsoft still have the HoloLens for augmented reality, they also have hardware partners like Lenovo, Asus, Acer, HP, and Dell making VR headsets for bringing 3D experiences to Windows. With pricing that starts at $300, we may be seeing VR going mainstream.
Built-in Sharing – Windows will allow you to instantly send content it to all of the important people in your contacts (that group of friends and coworkers in the toolbar at the bottom of the screen Windows 10, with just a few clicks.
Paint 3D – A new version of the classic Paint app that allows you to build virtual models from 2D images. Using existing photographs, by creating new images with the Surface Pen, or scanning a real life object with your smartphone’s camera you can import 3D images into Paint 3D and save them for use in other tools or print them out to your 3D printer.
Free – All the updates and improvements will be free to existing Windows 10 users.

Microsoft’s Latest Windows 10 (Build 14951) Released to Insiders

Windows 10 Redstone 2 build 14951 has been released to the Fast Ring of the Windows Insiders Program with photo additions, Windows Ink features, and an update for the Linux subsystem.

Windows Ink is getting enhancements for PC users as build 14951 adds stencils and a protractor tool. This release also makes it possible for users to ink within photos.

Windows Subsystem for Linux: Today we are happy to announce two large updates to WSL!

Official Ubuntu 16.04 support. Ubuntu 16.04 (Xenial) is installed for all new Bash on Ubuntu on Windows instances starting in build 14951. This replaces Ubuntu 14.04 (Trusty). Existing user instances will not be upgraded automatically. Users on the Windows Insider program can upgrade manually from 14.04 to 16.04 using the do-release-upgrade command.
Windows / WSL interoperability. Users can now launch Windows binaries directly from a WSL command prompt. This is the number one request from our users on the WSL User Voice page. Some examples include:

$ export PATH=$PATH:/mnt/c/Windows/System32
$ notepad.exe
$ ipconfig.exe | grep IPv4 | cut -d: -f2
$ ls -la | findstr.exe foo.txt
$ cmd.exe /c dir

More information can be found on the WSL Blog and the WSL MSDN page. Other changes and more information can be found on the WSL Release Notes page.

What Are Windows Services?

What Are Windows Apps?

Why Should You Disable or Remove Unnecessary Services and Apps?

Which Services and Apps Should You Disable or Remove?

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Using the Sandbox

Share this:

Like this:

Share this:

Like this:

How to Enable Reserved Storage on Windows 10

Windows Update and Reserved Storage

DISM updated with new Reserved Storage options

Enable or Disable Reserved Storage using PowerShell

Share this:

Like this:

Share this:

Like this:

Introduction

Share this:

Like this:

1. Update Windows and Other Programs

2. Enable System Restore

3. Use Drive Encryption

4. Use Anti-Virus Tools

Share this:

Like this:

Inexpensive Ways to Reduce Ransomware Attack Success

Share this:

Like this:

How to Enable Reserved Storage on Windows 10

Windows Update and Reserved Storage

DISM updated with new Reserved Storage options

Enable or Disable Reserved Storage using PowerShell

Share this:

Like this:

1. Consume the TVSU ADMX file

2. Create a Custom Azure Intune Profile

3. Create a TVSU Policy

Step 1

4. Test your new Azure Intune Profile

Share this:

Like this:

Share this:

Like this:

Using the Sandbox

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

How to Install Bash on Windows 10

Using Ubuntu’s Bash Shell

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: