Blocking Windows 10 From PCs

windNOws-10-logoSo there are a lot of ways to block the Windows 10 utility (GWX) from installing through Windows Update. Microsoft is getting more persistent with their update and it’s starting to make a lot of people angry. They want the world on Windows 10 but sometimes you don’t want or can’t upgrade. This is a simple fix to block GWX from installing – even if Microsoft tries to slipstream it into other updates like Internet Explorer (which they’ve recently done).

Open Explorer and go to C:\Windows\System32 and find or create a folder called GWX. Right click on the folder and go to Properties. Click on the Security tab and then click on Advanced to access special permissions and advanced settings.

Remove all inherited permissions. Deny all permissions to SYSTEM and Deny all permissions to Administrators group. Click Apply and OK. Windows will pop a warning about changing permissions on system files and directories. Yes, you want to do this. And that’s it. No registry settings, no firewall rules – just good old NTFS permissions. Since no one can access this folder, it will prevent GWX from installing, even if it’s slipstreamed in a IE update.

Hey, it’s Windows Server 2012…. R2?

Windows-Flat-Logo-8Yes, you read the title right… Microsoft is releasing Windows Server codename “Blue”, now officially Windows Server 2012 R2 very soon. I was able to get my hands on a pre-release copy and I have been slowly making my way through it. The biggest change: Viva La Start Button! Yes, the Start button is back, but it just links you to the new Start screen. The other improvements are the same that are in Windows 8.1, pending public preview release on June 26th (tomorrow). Another change is “Computer” is now “This PC”, again minor cosmetic changes. Just like the consumer version, Server 2012 R2 ships with Internet Explorer 11. Shipping with Server 2012 R2 as well is IIS 8.5. If you recall, all the default start pages for IIS have been hideous. IIS 8 was an improvement, but the 8.5 default start page is beautiful comparing next to any other version. In addition, it also ships with PowerShell 4.0 (I know – I haven’t even started on 3.0 yet!)

I’ll be working with the OS a bit more side by side with Windows 8.1 so check for more updates from The Cave!

Mass Removal of Microsoft Security Essentials

DANGER, WILL ROBINSON! DANGER! THIS ARTICLE IS OVER A YEAR OLD AND IS POSSIBLY OUT OF DATE! THE INFORMATION CONTAINED WITHIN MAY NOT BE ACCURATE ANYMORE! PROCEED WITH CAUTION!

Microsoft_Security_Essentials_icon

At work, we have finally grown up. By that, I mean we finally have a centralized antivirus product that is actually up to date and doesn’t suck as bad as the old Symantec antivirus we were using. As a replacement, we used Security Essentials and the only thing that moved us to a new platform was the fact that we were technically out of compliance with the MSE license. In a business environment, Microsoft allows you to have only 10 copies installed on computers. We were past that. By like a lot.

One of the challenges of moving to our new AV solution was removing this program from our computers en masse. With several sites and many versions of MSE, you can bet that this was no easy task. Well, since I’m your typical lazy network administrator, I don’t have the time to sit there and manually remove every installation… so I automated it with a shut down script!

This script is a batch file that runs on shut down (or you could run it on start up if you really wanted). Originally, I found a VBS script that caused the computers to hang for about 10 minutes or so on shutdown every time. I’m not a VBS person at all… I love batch files and Powershell, and since I couldn’t Powershell this, I batched it!

The code to use:

@echo off

if exist "%ProgramFiles%/Microsoft Security Essentials" (
START /wait "Uninstalling MSE" "%ProgramFiles%/Microsoft Security Essentials/setup.exe" /x 

/s
) else (
if exist "%ProgramFiles%/Microsoft Security Client" (
START /wait "Uninstalling MSE" "%ProgramFiles%/Microsoft Security Client/setup.exe" /x /s
) else (
exit
)
)
)

Save this as a batch file and create a shutdown (or startup) GPO and have it run this batch file.

Here’s what it does:

  1. Does the path %ProgramFiles%/Microsoft Security Essentials exist? Yes? Run Setup.exe with silent parameters and uninstall parameters. No? Go on to the next line.
  2. Does the path %ProgramFiles%/Microsoft Security Client exist? Yes? Run Setup.exe with silent parameters and uninstall parameters. No? Go on to the next line.
  3. Exit.

This way there is an escape clause and there is no hang up and if there’s an older version of MSE installed, it’s removed as well.