A very helpful course from Christopher Chapman and Yuri Diogenes. Must see if you want to learn more about Microsoft Advanced Threat Analytics (ATA) and best of all: it’s a free course from the Microsoft Virtual Academy!
When you enable Device Guard or Credential Guard with Hyper-V on your system, your screen will blink every X seconds. This is a really annoying bug and has been fixed by Intel.
Upgrade your Intel(R) HD Graphics driver to version 18.104.22.16852.
Because I wanted to configure Device Guard with Windows 10, I need the Hyper-V Hypervisor to be enabled on Windows 10. I tried to do this with DISM and an answer file, but it’s not possible to enable Hyper-V during the Task Sequence Deployment because Hyper-V requires a couple of reboots.
Create a new “Set Task Sequence Variable” task in your Task Sequence. This will run the PowerShell command after the Task Sequence ends. I’ve set this task before enabling the Driver Package, but it should be possible to place this task anywhere you like.
Task Sequence Variable: SMSTSPostAction
Value: powershell -ExecutionPolicy ByPass -Command “Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Hypervisor -all -NoRestart;Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Tools-All,Microsoft-Hyper-V-Services -NoRestart”
This will do the following:
- Enable all the Hyper-V Features after the deployment
- Remove the Hyper-V Tools and Services (Management Tools) afterwards. I found out that this is the best way to only add the Hyper-V Hypervisor.
You still need to reboot the system a few times to enable this feature. Because I enabled the BitLocker PIN, I can’t reboot the machine because it will ask for a PIN a few times.
This video, presented by Mark Russinovich and Matt McSpirit, gives you a great overview about the design and architecture of containers. Mark will show you how to create and use the containers.
Don’t forget to subscribe to the Microsoft Mechanics YouTube Channel.
Recently I connected System Center – Virtual Machine Manager with WSUS. The WSUS server is installed on the primary site server of my SCCM 2012 R2 SP1 CU2 installation. After I configured my SCCM WSUS server as an update server for VMM, the distribution point in the office stopped working. You will see HTTP ERROR “12030” in your logs and the PXE request on a client will fail. Browsing to the website of the SCCM Primary Site server will fail too.
I found out that the certificate of IIS on my primary site was gone. There was no certificate selected for the Default Website. After adding the certificate again and restarting IIS, PXE started to work again.
Recently I found the following error in the SMSPXE.log log file on my newly created distribution point:
CryptVerifySignature failed, 80090006 SMSPXE <REMOVED TIME> 2500 (0x09C4)
untrusted certificate: <REMOVED CERTIFICATE> SMSPXE <REMOVED TIME> 2500 (0x09C4)
Failed to get information for MP: https://SCCMPRIMARY.DOMAIN.TLD. 80090006. SMSPXE <REMOVED TIME> 2500 (0x09C4)
After recreating my certificate template for the IIS Service on the primary site server, it fixed the problem. Check the online documentation of SCCM for the details of this certificate template.
I had a problem with Spotify on my notebook, connected with HDMI to my Pioneer receiver. I’m using Windows 10 with the 10586 Build. When I wanted to play music after I paused Spotify for a couple of minutes, the music doesn’t play again.