Windows 10 Build – Feature Reference

This article goal is to list all new feature per Windows 10 Build



Build 16226 – 22 June 2017

Build 16215 – 8 June 2017

– Edge : X always available to close a tab (16226)

– Edge : Cookie and setting more easy to migrate from another browser like Chrome (16226)

– Edge : Now allow copy and ask in Cortana (16226)

– Edge : Favorite handling improved, gooing back to IE look and now allow easy editing like IE. Now allow pushing favorite for IT Admin, likein IE. (16226)

– Emoji 5.0 added (16226)

– OneDrive : Added setting Settings > Privacy > App-requested downloads (16226)

– OneDrive : File on demand feature added with a new onedrive client (On the Settings tab, select the Save space and download files as you use them box.) (16215)

– Touch Keyboard : Multiple tweak (16226)

– Core : GPU tab in taskmgr.exe added and you can display the process grouped per apps. (16226)

– Core : SMB1 removal for enterprise edition, depriciated for home edition (16226)

– Settings : Added Delete your previous versions of Windows straight from Storage Sense (16226)

– Settings : Remote Desktop new settings tab (16226)

– File Explorer : Share with update to Give access to (16226)

– Calculator : Added currency converter (16226)

– HyperV : VM Share option added, new file formt to support the feature ; .vmcz (16226)

Posted in microsoft | Leave a comment

Windows Server 2016 RS3 stop FRS support

Hi everyone

A small update, now we must be sure FRS SYSVOL share are migrated to DFRS to allow a 2016 DC RS3 to be able to dcpromo.


https://support.microsoft.com/en-us/help/4025991/windows-server-2016-rs3-no-longer-supports-frs

Windows Server 2016 RS3 can no longer be added as an Active Directory domain controller (DC) to an existing domain that is still using File Replication Service (FRS) for replication of the SYSVOL share.

Posted in microsoft | Leave a comment

Hard Exchange Migration (2007 to 2016)

Hi everyone

Today I will discuss a nonstandard way to migrate a Exchange 2007 to a Exchange 2016.

As we know it, we must say goodbye to Exchange 2007 because it mo longer receive support

The bestpractice is to install a 2010 to do a two step migration, but in some case if you can’t, you could do a one step migration (for small customer)

That imply this;

You have to save all users email in PST. 

  • On the server by exporting all data via the Exchange CLI.
  • or, PC by PC by exporting each account. 

I suggest to go PC by PC if you want to backup the Outlook autocomplete cache

There will be a downtime in the email flow.

The step;

  1. Do a good backup
  2. Redirect the SMTP port to the new server, even if it does bot exist yet. The goal is to stop new email receiving.
  3. Backup all users email, don’t forget shared room/ressource mailbox.
  4. Uninstall Exchange 2007
  5. Install Exchange 2016
  6. Re-add all user to the new server from Exchange ECP
  7. Enable circular logging. (for the restoration step)
  8. Restore all user email by importing their PST.

The good side;

  • Uninstalling the Exchange does not remove the user email alias, thus its easy to readd all user back if you happen to not have a name policy for the alias.
  • Mailing list and contact stay in your Active Dirwctory after the uninstall.

The bad side;

  • To unistall I had to flush the public database link from adsiedit, as you can’t uninstall even if the public database is empty.
  • For all my contact and mailing list I had to take back the ownership of those object in the Active Directory to see them back in Exchange.

Thanks, that resume how to do 🙂
Picture took from; https://www.codetwo.com/admins-blog/time-to-say-goodbye-to-exchange-2007/

    Posted in microsoft | Leave a comment

    New baby !

    Hi everyone

    I wanted to share a good new. Iam now a father of twin 🙂 !

    All went good, now you can wish me good luck for my night! hehe

    Posted in Uncategorized | Leave a comment

    Force a user logout when a machine has been locked for a specified period of time

    Hi, today I will talk a small tip to force a user logout when a machine has been locked for a specified period of time.

    The specific question I seen that I want to answer was;

    There are machines in a shared lab. Sometimes someone will lock the machine with the intention of coming back, but for whatever reason they do not. Currently the machine is powered off so another user can use it.

    What would be nice would be to set a timer, say 20 minutes, then have a button display that could allow the next user to claim the machine. It should logout the current user and present the login screen to the next user.

    Is there a Group Policy setting or perhaps some other means (Windows Credential Provider) to force a user logoff when a machine has been locked for a specified period of time?

    That small tip is handy for internet cafe or in any case where there is shared computer.

    First of all, in a case of shared computer, a local administrator can force a logoff or a normal user can switch the user in that windows with the option switch user

    For it’s a workaround, but it would be to create a local planned task with a on idle trigger with a 30 minute condition and the task will run shutdown /l

    1

     

    2

     

    3

     

    If someone wonder if the tip will happen if someone watch a movie, and the computer is not locked, then we can validate on technet, and no, as;

    Task Scheduler checks for an idle state using two criteria: user absence, and a lack of resource consumption. The user is considered absent if there is no keyboard or mouse input during this period of time. The computer is considered idle if all the processors and all the disks were idle for more than 90% of the last detection interval.

    Posted in microsoft | Leave a comment

    Windows Server – Prevent users from changing printer preferences for color

    This post is created because I see a lot of demand on the forum to be able to block the color usage of some printers by blocking the user to change the printer preference.

    At first I will tell that the driver make a huge difference, any option available in the preference’s windows are available to the user, as they are mapped under the HCU of the user.

    Sadly, but necessary to tell it, the easiest way to block that is to buy a printer that got the accounting module in it to be able to ask for a PIN for the color’s usage. The driver is usually wrote to allow the user to enter the PIN when it detect that it’s a color printout. Some model will ask the PIN locally on the touch screen.

    Now some workaround:

    First, we block the color usage in the printer’s configuration.

    Now if we use GPP in example to deploy the printer, please set it to replace. It will replace existing setting at each GPO refresh’s interval. (by default 90 minutes)

    Delete and recreate the shared printer connection. The net result of the Replace action overwrites all existing settings associated with the shared printer connection. If the shared printer connection does not exist, then the Replace action creates a new shared printer connection.

    We could add the Printer only at each logon too in replace’s mode.

    I suggest that GPO below. That will prevent any user to manually add a printer into their computer to bypass our restriction. That will force the user to use published printer. As when the printer got connected the computer, the print driver got pushed, thus it open a door to allow a non-admin user to add the printer.

    User Configuration–> Administrative Templates –> Control Panel –> Printers –> Prevent addition of printers –> Enable

    Last workaround, block the color usage in the printer itself if you can.

    As you can see there is not much tip to prevent the user, but as said it exist some workaround.

     

    Thanks

     

    Posted in Uncategorized | Leave a comment

    Windows Server 2012 R2 – Firewall Logging for RDP (or any other service!)

    Want to restrict a public service in your server ?

    Today I’am giving a small tip if your router does not allow access-list, so we will do it at 100% from the server’s side.

    Let’s start with an example with RDP.

    We start by forwarding the port 3389 to our server. An example below with a small Linksys.

    rdp.png

    In the Windows Firewall we check if RDP is Allowed and we can click to allow only the specified IP’s range.

    rdp2.png

    In the screen below we enter the wanted IP’s group. (For me it was my local ISP range (pic source)

    rdp4.png

    Now the more obscure step, we gonna configure our firewall to log blocked entry. The firewall’s log is found there by default:  %windir%\system32\logfiles\firewall\pfirewall.log.

    We execute that query to allow the log be be fill with DROP’ed connection attempt.

    netsh advfirewall set allprofiles logging droppedconnections enable

    After a while if our rule work correctly, our log should show some blocked attempt.

    2016-10-22 10:02:35 DROP TCP 179.43.149.5 192.168.1.10 26286 3389 52 S 2834367233 0 8192 – – – RECEIVE
    2016-10-22 11:34:48 DROP TCP 185.93.185.7 192.168.1.10 45610 3389 40 S 3512451859 0 1024 – – – RECEIVE
    2016-10-22 11:44:54 DROP TCP 47.18.154.28 192.168.1.10 48447 3389 40 S 763731365 0 1024 – – – RECEIVE
    2016-10-22 12:03:24 DROP TCP 171.8.0.87 192.168.1.10 30612 3389 40 S 1989410816 0 16384 – – – RECEIVE
    2016-10-22 12:42:31 DROP TCP 104.223.180.20 192.168.1.10 60328 3389 40 S 3936878592 0 16384 – – – RECEIVE
    2016-10-22 14:04:36 DROP TCP 183.60.48.25 192.168.1.10 12213 3389 40 S 62195378 0 8192 – – – RECEIVE
    2016-10-22 15:02:26 DROP TCP 61.240.144.65 192.168.1.10 42805 3389 40 S 2066287928 0 1024 – – – RECEIVE

    At this step if our IP’s range is correctly setupped, we can be more secure on the internet, and don’t worry to see connection attempt, a lot of bot/robot try to scan well know port.

     

    Thanks !

     

    Posted in Uncategorized | Leave a comment