One of our customers reported that they intermittently lost access to the Office Templates directory.
Sometimes it worked well, and sometimes “it was gone!”.
The environment was Windows 10, with Office 2016. The Office Templates were located on DFS shares (ie. the location was \\ALargecustomer\DFS\OurTemplates)
What could it possibly be???
The initial thought was “it’s another ‘SMB1 is disabled’ causing connectivity problems” problem.
Except it wasn’t.
The issue was that our customer reported that they could no longer connect to their NAS device.
With Windows 10 v1709, Microsoft disabled Guest Access. In their words:
Cause
This change in default behavior is by design and is recommended by Microsoft for security.
A malicious computer that impersonates a legitimate file server could allow users to connect as guests without their knowledge. Microsoft recommends that you do not change this default setting. If a remote device is configured to use guest credentials, an administrator should disable guest access to that remote device and configure correct authentication and authorization.
Windows and Windows Server have not enabled guest access or allowed remote users to connect as guest or anonymous users since Windows 2000. Only third-party remote devices might require guest access by default. Microsoft-provided operating systems do not.
For the small number of end users who will need to connect to a third-party NAS, we’ll probably manage it via exception.
The following are sites are where Microsoft list changes to Windows 10 & Office 365
Office 365
Windows 10
We had a bunch of newly built Windows 10, version 1607, PCs where App-V 4.6 failed to start.
It was our own fault, App-V 4.6 is not supported on Windows 10.
It did work, until we started using Windows 10 v1607. An upgrade to v1607 worked fine. It was a new build where App-V 4.6 didn’t work.
It’s not as if we could ask Microsoft. Unsupported product is unsupported.
Much Googling occurred to dig up this article
Driver Signing changes in Windows 10, version 1607.
Starting with new installations of Windows 10, version 1607, the previously defined driver signing rules will be enforced by the Operating System, and Windows 10, version 1607 will not load any new kernel mode drivers which are not signed by the Dev Portal. OS signing enforcement is only for new OS installations; systems upgraded from an earlier OS to Windows 10, version 1607 will not be affected by this change.
Existing drivers do not need to be re-signed. To ensure backwards compatibility, drivers which are properly signed by a valid cross-signing certificate issued prior to July 29th, 2015 will continue to pass signing checks on Windows 10, version 1607.
So there is the answer. We were using App-V 4.6 SP3 HF05. The sftplaywin81.sys file was signed on 22 September 2016. Which is later than July 29th, 2015.
We downgraded to HF03, as sftplaywin81.sys was signed on the 16th August, 2014.
Which fixed the problem of App-V not working.
Quick answer:
In Windows 7/8/10, we use a third-party Credential Provider, and it was blocking LOCAL (ie. not Domain) accounts from logging on. Removing the third-party CP resolved the issue. (we have logged a fault with the vendor).
Detailed answer follows:
I thought I’d have to do this for the Surface Pro 4 “Pen” application, but Microsoft has bundled the Pen application into Windows 10 Anniversary Version (Build 1607).
The Windows OS Hub has written a comprehensive guide on how to do this.
Modern Windows 8 apps (APPX Metro apps) are mostly designed to be installed online from Windows Store. Despite Windows allows to install Metro apps from APPX files offline, you can’t download a Metro app distribution from Windows Store. In this article, we’ll show how to download an APPX file of any Modern App using Fiddler and install it on the systems with no access to Windows Store (offline systems or corporate computers).
So, our task is to get an archive with an APPX file of any Windows 8 Metro app to install it manually on an offline system. As it has already been told, you can’t directly download an APPX file from Windows Store. However, during the installation of any app, at a certain moment a client gets a generated link to download its APPX file. Let’s try to trace the link, by which Windows Store downloads an installation file.
Further details here: How to Download APPX Installation File for any Windows Store App
To back up TPM owner information from a computer running Windows 10, version 1507, Windows 10, version 1511, Windows 8.1, or Windows 8, you might need to first set up appropriate schema extensions and access control settings on the domain so that the AD DS backup can succeed. … . This functionality is discontinued starting with Windows 10, version 1607.
– Microsoft: TPM Group Policy Settings.
Those Microsoft folk give with one hand and take with the other. No explanation for the removal.
Microsoft offer an alternative, the Microsoft BitLocker Administration and Monitoring (MBAM) product. MBAM allows you to centrally manage Bitlocker and Bitlocker to Go. Which is good, but comes at a cost. From what I can see, you need several SQL Servers (Recovery Database, Compliance and Audit Database, Reporting Server, Administration and Monitoring Server)
Ok, so how does the removal of TPM Backup effect workstations which currently store their Bitlocker Recovery Key into Active Directory? It doesn’t as far as I can see. My Windows 10 1607 workstation is still happily storing it’s Recovery Key into AD.
But knowing Microsoft, eventually the Bitlocker Recovery Key storage feature will break and they won’t fix it.
References:
A script to push the Bitlocker Recovery Key to AD
Microsoft BitLocker Administration and Monitoring 2.5
With Microsoft Windows XP, Microsoft introduced customisable user account pictures. This then led to some issues.
“Windows XP is racist. It put a picture of a kung fu fighter next to my name – just because my name is Chinese. This is an insult!”
– The Old New thing blog: The martial arts logon picture
So with Windows Vista, the kung fu fighter was gone. To be replaced with fairly innocuous images.
Windows 7 is released, and the flower is replaced by an androgynous user picture.
Which then led to complaints about gender and racial diversity. “It’s a male!” “It’s a person of colour!” “It’s ageist”.
Fixed in Windows 8 and later. Microsoft went bland.
After the read more, there is a list of images from each Windows release; from Windows XP to Windows 10.
A work in progress …
Well our first issue is “Cortana is disabled by company policy”.
We MAY need to update our group policy files to the latest Windows 10 Threshold 2 version. All 195 ADMX files.
We needed to download the English (Australia) speech pack. We can do that for one computer, but it doesn’t scale out to 500+ Windows 10 computers.
Apparently you need to download the ‘Windows 10 Features on Demand’ iso. Then grab the CAB files from the ISO and apply the files to our system image.
References:
Windows 10 Speech language missing
Hey Cortana! How do I add additional speeches during OSD so you work?
There’s a bug with Windows 10 which prevents you from seeing the properties for a folder. To trigger it, you need to do the following:
“The properties for this item are not available” occurs.
The fix
Apply March 2016 Cumulative Update for Windows 10 for x64-based Systems (KB3140745), or later
The workaround
The “Interactive User” value needs to be removed form the the Runas registry key under [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{448aee3b-dc65-4af6-bf5f-dce86d62b6c7}]
You may need to take ownership of the key in order to change it.