Since Windows 10, OneDrive is an built-in application. But hopefully, for enterprise administrator, you can disable this functionality with Group Policy (GPO). But even disabled, the OneDrive shortcut in the start menu still exists.
OneDrive shortcut in start menu
Let’s see how to remove this shortcut easily with Group Policy Preference (GPP):
With Windows Server 2016, Microsoft integrated the Microsoft Defender service into the operating system. This built-in antivirus is now running constantly but it does not have the Defender GUI installed by default. If you want to activate the graphical user interface on the server, this can be done using Windows Server Manager or Powershell cmdlet.
Windows Defender GUI
Let’s see how to activate or disable the Windows Defender Graphical interface:
During an Active Directory migration, I needed to do an inventory of the computers to migrate. Because some computers do not exist anymore but not removed from Active Directory. I created a Powershell script based on the Last Logon Timestamp property.
CSV file from the script
This powershell script creates a CSV file with the computer name, the last logon property and the operating system. Some domains were based on Windows Server 2003 or 2008, I could not use Active Directory commandlets, so I used the LDAP Search.
For each product, like Windows or Office, Microsoft introduces new features or new configuration options. All of these can be managed using Group Policy Object (GPO) but you must get the latest policy definitions if you want set the new options. For exemple, with Windows Server 2012 R2, you need to import Windows 10 ADMX in order to manage it by GPO.
Windows 10 ADMX with Server 2012
Let’s see how to import ADMX file for Group Policy Object.
With Windows 8.1 and previous operating systems when you want to change the priority of a network card, you could change the Network Bindings using Advanced Settings in Network center.
This interface always exists in Windows 10 but this function was deprecated. Changes in “Connections” are no more applied. You can tell me that on a workstation, we don’t use this feature, and it is true. But I faced an issue with Windows 10, VMware Workstation and OpenVPN client.
When my LAB is up and running (Host-Only network), host connected to internet using OpenVPN Client, sometime the host loses access to internet. After troubleshooting, my host queries the DNS in my LAB and not the DNS of OpenVPN interface, and so the query failed because the DNS server does not have access to internet.
Let’s see how to solve this minor issue.
If you manage one or several file servers in your infrastructure, you may have the will to prevent users to paste files with specific extensions. This behavior can be motivated because you don’t have enough storage for big files or for security reasons. Moreover, if you use DFSR to replicate shared folder to another site, you don’t want to block the bandwidth with a movie replication.
Microsoft Windows Server included a role which provide us the ability to manage files on shared folder: File Server Resource Manager (FSRM).
File Server Resource Manager FSRM
In order to block, deny some file extensions, we need to install and configure this role. Let’s see how to do that with Server 2012 R2.
With Windows 10, Microsoft integrated an existing feature of Windows Phone 8.1: Wifi Sense. It lets you to share your Wifi passcode with your friends in Facebook, Skype or Outlook.
This feature can be friendly for public people but if you are more concerned about your security network, you may want to disable this feature.
Wifi Sense new network
In the first time, Microsoft says that information sent between you, Microsoft and your friend are fully encrypted. And in second time, a person who got access to your Wifi with Wifi Sense will only have access to internet, and not your internal network. If he needs to access a share or your printer, he needs to enter the passphrase.
Let’s see how to disable this feature.
With Windows 10, Microsoft introduces a new method to get Windows Update. Before it, you can only download update from the Microsoft servers, but with Windows 10 you can also get update from computers already updated. It uses a technology like peer to peer (P2P).
By default, Windows tries to get update from Microsoft server, computer in your local network or from others computers on the internet. This new method speeds up the update download but it means that you can also send data to computers on internet. Depends on your upload rate, this can slow your internet navigation.
Let’s see how to disable this function:
If you try to setup IPAM, you can get an error during the provisioning IPAM server step.
“Provisioning IPAM has failed. Check inner exception for more details. Some or all identity references could not be translated”
IPAM Provisioning failed
This error is raised because you try to provision it on a Domain Controller. By design IPAM can not be installed on a DC.
On Technet, Microsoft writes:
An IPAM server is a domain member computer.
|You cannot install the IPAM feature on an Active Directory domain controller.
You could get more information here.
When you deploy Windows 8.1 in your environnement, you may define a strategy to force all users to have the same Start Menu Layout. This layout was defined by IT Team and will be provide to all computers.
For example, I set a custom layout: I added some tools and application groups:
Windows 8.1 Custom Start Menu
If you want to deploy this Start Menu Layout, you can do it with:
- Powershell cmdlet on the computer
- ConfigMgr (SCCM)
- Group Policy