*driver* did not meet the Store signing level requirements – Windows 10 Code Integrity

This error message is related to Device Guard Code Integrity in Windows 10 and shows up in the Event Viewer under the Code Integrity folder. As of writing this article, the error message is not described in online documentation of Microsoft.

Continue reading “*driver* did not meet the Store signing level requirements – Windows 10 Code Integrity”

Stable Windows Builds or Yearly Releases

With Windows Servicing, Microsoft is forcing consumers and businesses to upgrade to a Windows 10 Build twice a year. Theoretically you could go for one build per year, but that forces you to upgrade to a new build within 6 months. Otherwise you will end up without support for the old build.

This introduces quite some issues within both SMBs and large organizations. Recently a friend asked me about a recent printer that stopped working. The printer was 2 months old and from a large vendor. I directly checked the build of the machine and yes, it was recently upgraded to the Fall Creators Update. The printer was identified as an “Unknown USB Device”. Updating the driver of the printer didn’t help. Luckily the Technical Support was responding quickly to help, but this means manual processing of orders for the next couple of weeks. Yes I can revert the machine back to the old build, but will that fix the issue or create more issues? And because it’s not a Windows 10 Enterprise machine, Microsoft will try to update the machine later on.

Continue reading “Stable Windows Builds or Yearly Releases”

Latest naming for Windows/Office Servicing channels

Lost track of the service channel naming of Windows and Office Servicing? Is it “Current Branch” or “Semi-Annual Channel” now?! Or Standard Release?!

Windows 10:

Ready: Semi-Annual Channel (Targeted)

Ready for Business: Semi-Annual Channel

Office 365:

Ready: Semi-Annual Channel (Targeted) (Or Targeted Release)

Ready for Business: Semi-Annual Channel (Or Standard Release)

Last update: recently… 🙂

Every day is a new day to change these again, so stay tuned!

NAT Switch now built into Hyper-V! – Windows 10 Fall Creators Update

With the new Windows 10 Fall Creators Update, Microsoft finally added a built-in NAT Switch into Hyper-V! This gives Hyper-V Virtual Machines access to the computer’s network. The new switch automatically assigns IP address to your Virtual Machines, so no need to run your own DHCP server anymore!

In older versions of Windows 10, it was still required to create the Virtual Switch yourself, but this required static IP address assignment in the OS or the installation of a DHCP server. Not the most elegant option.

The switch is named “Default Switch” and cannot be changed in the Hyper-V Virtual Switch Manager:

The Default Switch Virtual Network in the Hyper-V Virtual Switch Manager
The Default Switch Virtual Network in the Hyper-V Virtual Switch Manager

According to the info message: “The Default Network switch automatically gives virtual machines access to the computer’s network using NAT (network address translation).”

I’m happy that Microsoft finally introduced this as it was already available in other 3rd Party solutions and a good argument why some people didn’t want to migrate to Hyper-V. Now they can! I wasn’t able to find an official statement of Microsoft on this new feature, but I’m sure it will be published soon.

What do you think of this new feature? Are you going to migrate from VMware or other solutions to Hyper-V? Let me know in the comments section!

Cheers,

Jean-Paul

Microsoft Ignite – Day 04 – 29-09-2016

Today I met Jeffrey Snover and had a lot of conversations with new IT Pro’s. That’s what I like about Ignite: connecting with Microsoft Experts and other IT Pro’s! Tonight is the Attendee Celebration at the Olympic Park. Tomorrow is the last day at Ignite and the conference will end at 14:00.

Below are the sessions I can recommend and followed today:

  • Understand Credential Security by Paula Januszkiewicz
    • If you can attend a session of Paula, always do it because she has interesting sessions about security.
    • She will demo how cached credentials work and will show you how to get the users credentials with Classic Data Protection API.
    • Paula will demo how to decrypt KeePass if you use Windows User Authentication with the Data Protection API.
    • Paula will show you how to extract credentials from a Windows service. You need access to the registry for this hack.
    • She will show you how you get access to the password in a SID-protected PFX certificate file and how to access Windows with smart card authentication turned on, without a smart card.
    • ProTip from the session: know and limit your domain admins! Domain admins can also do tricks as other users from the domain.
  • Conduct a successful pilot deployment of Microsoft Intune
    • You’ll learn how to start a successful pilot and get tips from the field.

Follow me on Twitter for live news from Ignite!

Microsoft Ignite – Day 03 – 28-09-2016

Yes, a new day at the Microsoft Ignite conference! All the sessions are spread across 3 buildings (A, B, C) and I must say that this keeps you fit during the conference. On Monday, my iPhone showed me the following stats for the day:

ignite-health-stats

18.8 kilometers is around 11.6 miles!

Today I really enjoyed the session with Jeffrey Snover and Don Jones about PowerShell. I don’t know if it was recorded and will be available later, but I can highly recommend it. In the afternoon I met Jason Helmick, which is a really great guy who learned me (with Jeffrey Snover) what PowerShell is and how it can be used. One of the greatest courses you can find on the internet today, is an MVA course with Jeffrey and Jason.

Continue reading “Microsoft Ignite – Day 03 – 28-09-2016”

Microsoft Ignite – Day 02 – 27-09-2016

Day 2 of the Microsoft Ignite conference at Atlanta started early for us at 9:00. We had breakfast at 8:00 and where travelling by metro which costs us probably 30 minutes.

Below are the sessions I followed today and recommend:

  • Explore Microsoft Azure Stack “State of the Union” – Foundation 1
    • This was a presentation with a high overview of Azure Stack. Didn’t learn a lot about the technology, but some announcements where quite interesting:
      • Azure Stack will be General Available in Mid-CY17.
      • From the template deployment blade in Azure Stack, you can now easily select a QuickStart template from the GitHub QuickStart Template repo.
      • Azure RM Template Validator and Azure RM Policy for Azure Stack can be downloaded from the Azure GitHub repo.
      • You can manage Azure Pack from Azure Stack with an extension.
      • You can download images directly from Azure to Azure Stack. For example, you want the SQL Server image in Azure Stack. Now you can go to the “Marketplace” blade in Azure Stack and download the bits.
      • Key Vault, Queue Storage and the VPN Gateway features are added to Azure Stack.
  • Discover what’s new in device management
    • New lockdown capabilities for kiosk PC’s.
      • Create read-only devices.
      • Only allow specific approved USB devices.
      • Block Edge swipe gestures.
  • Learn about Windows 10 Secure Kernel
    • The presenter (Sami Laiho) takes you into a deep-dive about the secure kernel of Windows 10. Very interesting but difficult session.
  • Master Windows 10 Deployments – Expert Level
    • Interesting session with lots of deployment tips and tricks.
  • Windows Containers
    • Containers are slowly introduced to the public with Windows Server 2016. This is definitely something that I’ll work on in my home lab shortly.
    • Docker Images can be found at hub.docker.com. E.g. use the Microsoft/IIS docker image to create container with IIS.
    • The presentation slides are shared with docs.com.

Between all the sessions I took some time to work with my home lab in Azure and get some hands-on experience with all the new features. You can sit outside in the sun in comfortable seats if you want. I also took some time to visit all the stands in the expo.

Tip: getting ‘free’ goodies is nice, but understand that by scanning your badge (which is needed), this company will know your first name, last name and your unique number. This can probably be used to send you information (also known as spam :)) by checking your ID with the Ignite database to get your email address. So don’t let them scan your badge too often!

Looking forward to Day 3 tomorrow! Cheers!