Intune – Configure “Fast startup” (HiberBoot) for Windows 10

Since I changed my clients from GPO managed to Intune controlled, not all settings from GPO, but some of them needs to be set through Intune as well. As outlined in my previous blog, I tried to disable the Fast Startup Option on Windows 10 through a CSP. And I did not even found a CSP supporting this setting. Within this blog, I would like to show, how you can configure the fast startup (“Turn on fast startup (recommended)”) setting in Windows 10 through Microsoft Intune:

You may ask, why I want to disable this? My reason: I don’t want to reuse a desktop session which was hibernated. And only a reboot will force the client to create a new desktop session, if fast startup is enabled.
Continue reading

Windows 10 settings management with Intune

When a journey ends, a new journey will begin. My journey with the old school domain joined and GPO managed devices within my LAB ended, and I finally conquer new areas with Azure AD join and Intune controlled devices. Due to the lack of opportunities, I still waited so long, because a lot of settings were not possible to set. And some of them are still not that simple to set through Intune, but there is a solution for, I would like to say, most of the requirements.

So within this blog post, I would like to document my current knowledge of Windows 10 settings management through Intune. As today, we have the following options to configure GPO alike settings through Microsoft Intune:

  • Intune Windows Enrollment settings
  • Intune Portal blade settings
  • Intune Portal Custom CSP settings
  • Intune ADMX-backed administrative template settings (Preview)
  • PowerShell Script
  • Let’s have a closer look to the different options.
    Continue reading

    I have configured “Network Security: Restrict NTLM: NTLM authentication in this domain” months ago, here is why it catched me

    Today I would like to share my experience with troubleshooting a overcommitted security admin with less knowledge than it would be required (In fact, I’m talking about me here). Some month ago, I read about NTLM (v2 as well), and I decided to restrict NTLM in my LAB, to check what is working afterwards, and what stops working. To my surprise, everything went smooth, and I could not find an issue. So I forgot about this setting, everything seems to work, and it did.

    Lastly I decided to cut off Direct Access, since Microsoft does not invest in its future, and for other reasons, I’m not required to have a permanent connection to the LAB from remote, a VPN would be sufficient. I’m using WorkFolders as well, and secured it with Azure MFA, the same should apply to my VPN connection, the authentication should be not only be covered by Username and Password. With this, the goal was set, and I built up the LAB. Everything went nice, until the first VPN client wanted to connect. The NPS Server gave me the error:
    “The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.”

    Continue reading

    RMS Sharing App Error 0x800704cf

    Hi Reader,

    this is a small one: I had an issue when I tried to use the RMS Sharing app. Always when I used the Sharing application, I got the following error:
    0x800704cf the network location cannot be reached
    —–
    Unfortunately I haven’t saved a Screenshot of the error Message. But I could not find any information on this topic. The only thing I was thinking about was: Why does the error tell me, that the sharing app can’t connect to a network location. Continue reading

    ConfigMgr – In-Place Upgrade of SQL from 2012 to 2016

    Hi,
    today I did an In-Place Upgrade of my SQL Installation from SQL 2012 to the 2016 Release which is also supported by System Center Configuration Manager Current Branch (1606).
    Everything went fine except the Report Service, I received the following errors within the upgrade:
    Action required:
    The upgrade process for SQL Server failed. Use the following information to resolve the error, and then repair your installation by using this command line: setup /action=repair /instancename=MSSQLSERVER

    Feature failure reason:
    An error occurred during the setup process of the feature.

    Error details:
    § Error installing SQL Server Reporting Services
    A HTTPS sertificate is not configured on the Web site.
    Error code: 0x80131500
    Visit http://go.microsoft.com/fwlink?LinkId=20476&ProdName=Microsoft+SQL+Server&EvtSrc=setup.rll&EvtID=50000&ProdVer=13.0.1601.5&EvtType=0x589E8944%400x8285294C&EvtType=0x589E8944%400x8285294C to get help on troubleshooting.

    TITLE: Microsoft SQL Server 2016 Setup
    ------------------------------

    The following error has occurred:

    The Report Server WMI provider cannot create the virtual directory. This error occurs when you call SetVirtualDirectory and the UrlString is already reserved. To continue, clear all URL reservations by calling RemoveURL and then try again.

    For help, click: http://go.microsoft.com/fwlink?LinkID=20476&ProdName=Microsoft%20SQL%20Server&EvtSrc=setup.rll&EvtID=50000&ProdVer=13.0.1601.5&EvtType=0x589E8944%25400x9A8ECB73

    And within ConfigMgr, the srsrp.log showed up with the following errors:
    sql_update01
    Continue reading

    iSCSI over Internet with Server 2012 R2 and an Encrypted Bitlocker Volume

    In this blog post I would like to describe an opportunity to use Bitlocker for an easy Backup Solution on a Server, where you may not want to save Data without any encryption. In my case, I have one virtual Machine on a Hoster of my choice (of course, it would be Azure), where I do have a lot of storage unused, but paying for it. Currently more than 80GB is free space and I would be able to use it, and it would be more than I need for the data I want to backup. So lets go on to the virtual Server and install the iSCSI Target Role:
    Install iSCSI Target Role Continue reading