Blocking Windows 10 From PCs

windNOws-10-logoSo there are a lot of ways to block the Windows 10 utility (GWX) from installing through Windows Update. Microsoft is getting more persistent with their update and it’s starting to make a lot of people angry. They want the world on Windows 10 but sometimes you don’t want or can’t upgrade. This is a simple fix to block GWX from installing – even if Microsoft tries to slipstream it into other updates like Internet Explorer (which they’ve recently done).

Open Explorer and go to C:\Windows\System32 and find or create a folder called GWX. Right click on the folder and go to Properties. Click on the Security tab and then click on Advanced to access special permissions and advanced settings.

Remove all inherited permissions. Deny all permissions to SYSTEM and Deny all permissions to Administrators group. Click Apply and OK. Windows will pop a warning about changing permissions on system files and directories. Yes, you want to do this. And that’s it. No registry settings, no firewall rules – just good old NTFS permissions. Since no one can access this folder, it will prevent GWX from installing, even if it’s slipstreamed in a IE update.

Remote access without headache

gI_84401_googleplusRemote access tools – there are quite a number of them: TeamViewer, LogMeIn, Bomgar, ScreenConnect… and the list goes on and on but which one do you use? I was researching remote access tools the other day as I needed a new solution to use for work. At work, we use LogMeIn. The problem? LogMeIn has a terrible display driver that actually locks my remote workstation! I might be able to use it for a few seconds – just enough time to login – and then, I see a balloon saying that my display driver crashed and shortly after, that’s it. LMI complains it can’t connect and my computer shows offline. I tried fixing the issue without any success so my option was to find another product to use. But what?

Continue reading

Windows Server 2012 R2 Update (Windows 8.1 too)

Windows-Flat-Logo-8So I have been using Windows Server 2012 R2 Standard out in a limited production role. Yes, Microsoft doesn’t like this, and yes, it’s risky, but I simply cannot generate enough usage in my lab environment to break it in so I’ve stuck it in limited production use. So far, I must say that running it is great. It causes less headaches than Server 2008 R2 but the only issue I’m still having is Internet Explorer 11 not playing nicely with our existing GPOs. Same goes with Windows 8.1.

From a resource perspective, Server 2012 R2 is snappy just like Server 2012, and just like in Windows 8.1, yes the Start button is back. Otherwise, the interface is still clumsy and a pain, but I’m sure if I used my Windows 7 tablet to RDP into the server, it would be easier to administrate, but I don’t see myself using my tablet for administration unless I’m away from desk or out of the office and don’t have my laptop with me.

I know, this is a quick update, but I just wanted to feed you useful information. We all need an honest and trustworthy opinion and it seems a lot of the big tech blogs might be feeding you wrong information or are being paid off by Microsoft. I want to promise all the readers that I am not and I am providing this information independently.

Windows 8 in the Enterprise

windows8_broken_glass

First, Happy New Year from the Cave! One of the projects I am working on is a test of Windows 8 in an enterprise setting. Let me tell you from my own opinion after using it for a couple weeks daily – it’s not “enterprise grade”. The IFKAM (interface-formerly-known-as-Metro) interface isn’t too bad, but it’s a pain. Yes, you get used to it. Yes, customization is limited (25 color combos, really?! We have millions of colors available and the best you can let me choose are 25 of your own combos?) and the wallpapers are hideous (alright, some of you might like them, but they’re not my cup of tea). But there are some things I like about it… specifically, the Desktop App. Yep, classic Windows all rolled up into a handy app. Launch that baby and you’re good to go. Alright, maybe a few extra tweaks… Classic S

hell, the free and open source start menu replacement. This handy program ensures I rarely see the IFKAM start screen and deal with that antagonizing mess and it’s brings back a clam feeling of Windows 7.

Booting is much faster, though in an enterprise environment, who cares? Your users are used to waiting for their machines to boot (and all of mine boot in 15 seconds or less, minus some XP machines which are being replaced soon anyways) and there is no difference between 8 seconds and 15 seconds. When my machine boots, I’m making coffee anyways.

Logging in has become… interesting. Click the “lock screen”, select your network username, type your password, and you’re in. The lock screen concept used is perfect for tablets, but the whole Ctrl+Alt+Esc thing was to ensure you weren’t logging into a fake login screen setup to capture your network credentials. Well, I guess that doesn’t matter anymore.

What’s with the random Aero icons still in place? You know, the recycle bin, Windows Explorer (and the icons in the explorer shell) and I’m sure there’s more in some other locations. Microsoft, this is being lazy. This is putting more effort into an interface no one wants to use then making a new major OS. Better yet, why is Aero still in place during installation? Why do I see this beautiful glass, but then Windows installs and I’m greeted with a boring, dull, flat interface?

And why do you let me set my Active Directory logon server but not actually let me pull updates from it?! This is my biggest gripe. As a Network Administrator, I usually make configuration changes on my head honcho Domain Controller and I want to make sure that updates will be pushed out successfully – but sometimes I’m not in the same site as the primary DC. In Windows 7, you open up command prompt, set logonserver=\\SERVER-NAME and good to go. Windows 8 will do the same thing, and if you run set logonserver it’ll even show you what you set it as, but run a gpupdate /force and it’ll pull GPOs from your site’s DC! Why even bother leaving that functionality in Windows if you’re not going to let me use it?!

That’s all my gripes on Windows 8 in the Enterprise for now.