Sunday, August 20, 2017

Tips&Tricks – Trace and Analyze Windows Boot and Shutdown with Windows Performance Toolkit

Although most of us know Windows Assessment and Deployment Kit (ADK) for the..Deployment part, there is another great tool there called Windows Performance Toolkit.

This tool can help IT Administrators to analyze performance data in a very practical way using a graphical user interface that really simplifies reading the collected traces.

It’s specially useful when we need to troubleshooting boot or shutdown times.

After installing the tool it’s super easy to start using it to analyze a machine.

Here are some simple command-lines to startup (attention that all commands are case sensitive):

Boot Tracing
xbootmgr –trace boot –traceFlags BASE+CSWITCH+DRIVERS+POWER –resultPath C:\YourPath

Shutdown Tracing
xbootmgr –trace shutdown –noPrepReboot –traceFlags BASE+CSWITCH+DRIVERS+POWER –resultPath C:\YourPath

The above command will generate a the trace files that you can analyze to troubleshoot for example a long boot, and see if the issue is caused by any driver, software, service, etc.

For a very nice, complete and very very informative article about Windows Performance Toolkit please read the following post from MSFN website:
MSFN - Trace Windows 7 boot/shutdown/hibernate/standby/resume issues

Tips&Tricks – Protect Domain Joined Machines w/ Random Local Administrator Passwords and LAPS

It’s fairly usual on any kind middle/large sized enterprise, that the IT Department creates a local administrator to manage their domain joined machines. This could happen for example to make sure that even if there’s an issue with a machine that gets out of domain, the IT guy can still try to recover the machine, or for example if there’s any kind of suspicious activity from a virus for example, this can be useful to login on a machine disconnected from the network.

There’s a clear issue with this. Without the proper tools, the local administrator password will probably be the same on all machines, which it’s an obvious security issue.

With this in mind, Microsoft created a tool called “Local Administrator Password Solution” or…LAPS.

This effective and very useful tool provides a centralized storage of passwords in Active Directory (AD).
You don’t need any additional machines and domain admins can determine which users can read the passwords.

So, the main advantages of using LAPS are:

  • Periodically randomizing local administrator passwords
  • Centrally store passwords in AD
  • Control access to this passwords with AD ACL permissions
  • Transmit encrypted passwords from clients to AD (using Kerberos encryption, AES cypher)

Here’s also a diagram of the solution:

After LAPS is configured in your environment you just need a LAPS tool to get the passwords for a machine or use powershell cmd-lets to get them.

You can learn more about Microsoft LAPS on Technet:
Microsoft TechNet - Local Administrator Password Solution

Tuesday, August 8, 2017

Windows 10 – KB4034674 - Cumulative Update – August, 8 2017


It’s now available the Microsoft Windows 10 Cumulative Update August,8 2017.
The quality update KB4032188 sets Windows 10 build to version 15063.540.

Improvements and Fixes

  • Addressed issue where the policies provisioned using Mobile Device Management (MDM) should take precedence over policies set by provisioning packages.
  • Addressed issue where the Site to Zone Assignment List group policy (GPO) was not set on machines when it was enabled.
  • Addressed issue where the AppLocker rules wizard crashes when selecting accounts.
  • Addressed issue where the primary computer relationship is not determined when you have a disjoint NetBIOS domain name for your DNS Name. This prevents folder redirection and roaming profiles from successfully blocking your profile or redirects folders to a non-primary computer.
  • Addressed issue where an access violation in the Mobile Device Manager Enterprise feature causes stop errors.
  • Security updates to Microsoft Edge, Microsoft Windows Search Component, Microsoft Scripting Engine, Microsoft Windows PDF Library, Windows Hyper-V, Windows Server, Windows kernel-mode drivers, Windows Subsystem for Linux, Windows shell, Common Log File System Driver, Internet Explorer, and the Microsoft JET Database Engine.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

You can download this cumulative update from Microsoft Update Catalog

Tips and Tricks – Activating Windows 10 in 2 Different Ways


If for some reason you’re having trouble to activate Windows 10 (it also works for previous versions) here’s 2 different ways to do it:

Launch Activation GUI

  • Click Start
  • Type slui 3 and press Enter
  • On the Windows Activation window type your product key and you’re done

Command Line Activation

  • Launch command-line (cmd) as Administrator
  • Type slmgr.vbs /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx (where xxxxxx it’s your product key)
  • Press Enter and wait for the confirmation dialog box
  • Done

Friday, August 4, 2017

Windows 10 – KB4032188 - Cumulative Update – July, 31 2017

It’s now available the Microsoft Windows 10 Cumulative Update July,31 2017.
The quality update KB4032188 sets Windows 10 build to version 15063.502.

Improvements and Fixes
  • Addressed issue that causes a Microsoft Installer (MSI) application to fail for standard (non-admin) users when installed on a per user basis.
  • Addressed issue to enable support in the DevDetail Configuration Service Provider (CSP) to return the UBR number in the D part of the SwV node. 
  • Addressed issue where NTFS sparse files were unexpectedly truncated (NTFS sparse files are used by Data Deduplication—deduplicated files may be unexpectedly corrupted as a result). Also updated chkdsk to detect which files are corrupted.
  • Addressed issue where the IME pad was not launching correctly in the Microsoft Edge browser for certain markets. 
  • Addressed issue to allow Win32 applications to work with various Bluetooth LE devices including head tracking devices.
  • Addressed issue in the Mobile Device Manager Enterprise feature to allow headsets to work correctly. 
  • Addressed issue where device drivers are not loading.
  • Addressed a reliability issue when playing specific types of spatial sound content.
  • Addressed issue with a dropped key on Microsoft Surface Keyboard and Microsoft Surface Ergo Keyboard, and addressed Wacom active pen connection failures. 
  • Addressed issue to improve stability for USB type C during device arrival and removal during system power changes. 
  • Addressed USB host controller issue where the host controller no longer responds to the attached peripherals. 
  • Addressed MP4 compatibility issue while playing content from a social media site in Microsoft Edge. 
  • Addressed issue with audio headsets connected to a PC through Xbox 360 controllers.
  • Addressed a reliability issue with launching a Settings app while another application is using the camera device concurrently.
  • Addressed issue with notifications (SMS, Calendar) for an activity tracker. 
  • Addressed issue with video playback artifacts during transitions from portrait to landscape on mobile devices.
  • Addressed issue with Skype calls becoming unresponsive after about 20 minutes when using Bluetooth headsets with Hands-Free Profile (HFP) connections with negotiated mSBC codec (Wideband Speech). 
  • Addressed issue where a service using a Managed Service Account (MSA) fails to connect to the domain after an automatic password update. 
  • Addressed issue where, in some cases, a drive that utilizes on-drive hardware encryption would not automatically unlock at system startup. 
  • Addressed issue where “cipher.exe /u” fails on client machines that are deployed with InTune, Windows Information Protection (WIP), and an updated Data Recovery Agent (DRA) certificate. Cipher.exe will fail with one of the following errors: “The request is not supported" or "The system cannot find the file specified”. 
  • Addressed issue where a memory leak occurs in a nonpaged pool with the “NDnd” memory tag when you have a network bridge set up. 
  • Addressed issue where you cannot add Work and School accounts in Windows Store, and you may get an error that reads, “We encountered an error; please try signing in again later.” 
  • Addressed issue issue where if a Surface Hub enters Sleep mode and then resumes, it may require the user to sign in to Skype again. 
  • Addressed issue where some Windows Forms (WinForms) applications that use DataGridView, Menu controls, or call a constructor for a Screen object experienced performance regressions in .NET 4.7. This was caused by additional Garbage Collections. In some cases, there was an empty UI because of a lack of GDI+ handles.Addressed issue where Magnifier Lens users cannot click on buttons or select web content in Microsoft Edge or Cortana results.
  • Addressed issue introduced in the June updates where some applications may not launch when a device resumes from Connected Standby mode.
You can download this cumulative update from Microsoft Update Catalog