First look at the new #OneDrive Admin Center (Preview)

The new OneDrive Admin Center Preview  is now available since a few days. During the past it was just a pain in the a** for admins to manage the OneDrive for Business settings. This has pretty changed a with the new portal which is not yet GA.

If your tenant already has been upgraded then you will be able to access your portal with a Global Admin account using the URL https://admin.onedrive.com

Let’s have a look on the settings.

Home Tab
The home tabs shows just the welcome message.

2017-01-09-11_38_02-onedrive-for-business-admin-preview-internet-explorer

Sharing Tab
On the sharing tab you find all the settings for sharing files outside of your organization. Let them share files outside the company using OneDrive or SharePoint, setting up sharing links, anonymous accces, limiting sharing to a sepzific domainand also what external users can do.

onedrive-for-business-admin-preview-sharing

Sync
The sync tab allows the admin to have control over the syncing settings. Also you have a link for downloading always the latest and newest OneDrive Client and another link to the support.office.com website to see the latest syncing issues.

Following options can be configured:

  • let users install the sync client from the OneDrive website
  • Allow syncing onlx PCs joined to specific domain
    • Enter a GUID for your domain(s)
  • Block syncing of specific file types
    • Enter file extentions you don’t want. For example mp3

onedrive-for-business-admin-preview-sync

Storage
Use the storage tab to configure the limits of the users storage. Default OneDrive value is 1024 MB. In here you can also set the retention time for accounts that have been marked as deleted.

Device Access
These settings applies to OneDrive an SharePoint.

  • Control Access based on a network location
    • Enter here your IP addresses or ranges for access to OneDrive. IPv4 & IPv6 is supported.
  • Mobile Application Management trough Intune is supported. You need an Intune license to use this option.

onedrive-for-business-admin-preview-intune

After assigning an Intune license to your GA Account you will be able to modify the settings for device management. This is an disadvantage in my point of view. It should be possible to change settings as admin without having any licenses applied.

Compliance
A few regulatory, legal and technical standards for OneDrive can be set here. This part helps to protect your data and preform security standard settings.

  • Auditing
    • View users activities related to OneDrive – deleted, shared, moved files
    • DLP – Data loss prevention, protect your organizations sensitive data
    • Configure retention policies
    • eDiscovery for emails, documents an Skype for Business conversations
    • Alerting, user and admin logs will be created

Note also the title of the page which gives you a hint to the Security and Compliance Center of Office 365.

I’m pretty sure that the new portal will be integrated into the Office 365 Admin Center. Until then, the admin portal is a good way to manage your OneDrive settings. Try it out today.

 

 

 

 

An easy way to add Langauge Packs to Windows 10 1511

Today I would like to show you how you can add Language Packs to Windows 10 Current Branch 1511 with using the Windows Imaging and Configuration Designer. This nice tool is a part of the new ADK’s and available since a while.

With the Windows Imaging and Configuration Designer, short WICD, you’re able to create pkkg Files. This files can be deployed to Windows Desktops or even Windows Mobile Devices.

First make sure you have the right ADK installed. Download it from here. It is still recommended to use the “older” version instead of the 1511 ADK. For more details check this links:
https://blogs.technet.microsoft.com/configmgrteam/2015/11/20/issue-with-the-windows-adk-for-windows-10-version-1511/

Also download the correct version of the Language packs. There is dedicated ISO available for Windows 10 1511 which contains x86 and x64 LPs. Mount the ISO and copy the required lp.cab files to a shared folder. You can use a single folder and rename the LPs instead of using subfolders. (Just rename each cab so they can all exist in the same folder e.g. de-de.cab for German etc…).

This could look like this:

0.1

Start the WICD and create a new provisioning package and save the project to a share.

1

2

Hit next for the “Next” options

3
Select “Common to all Windows desktop editions” and click “Next”

4.PNG
Leave this blank and click “Finish”

5.PNG

On the newly created project expand the Deployment assets – Language packages and browse to your LP cab files. You have to select each LP for import. in my case I only use one single LP – German. Name it and click Add at the bottom.

Now you can create the PPKG file. On the Menu select Export and then “Provision package”. On the “Build” windows click Next (or change the settings if you like).

7.PNG

Do not encrypt the ppkg file for now. Select where to save the ppkg package
8

Hit Build to build the package
9
10

 

 

 

 

 

 

 

 

October security #updates causing #SCOM 2012 R2 console #crash

Microsoft releasd last week two new updates during the newly announced servicing model.

This updates, named”October, 2016 Security Only Quality Update for Windows Server 2012 R2 (KB3192392)” and “October, 2016 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB3185331)” causing the System Center Operation Manager Console crashing when tying to use the Windows Computers view.

crash

Solution
Currently there is no other way as removing the update from your management servers where the SCOM console is installed.

Let me know if you have a better solution!

 

ConfigMgr 1606 – Configure Office 365 Client Agent Settings(Configuration Manager Current Branch)

Hi reader,

The newest Version of System Center Configuration Manager Current Branch (1606) is rolling out these days with a lot of new features and opportunities.

As the update is rolled out globally in the coming weeks, it will be automatically downloaded and you will be notified when it is ready to install from the “Updates and Servicing” node in your Configuration Manager console. If you can’t wait to try these new features, this PowerShell script can be used to ensure that you are in the first wave of customers getting the update.

Beginning in Configuration Manager version 1606, you can use the Configuration Manager client setting to manage the Office 365 client agent. Configure your Client Settings \ Software Updates Settings. There you can find now a new option called “Enable management of the Office 365 Client Agent“.

Capture

After you configure this setting and deploy Office 365 updates, the Configuration Manager client agent communicates with the Office 365 client agent to download Office 365 updates from a distribution point and install them. Configuration Manager takes inventory of Office 365 ProPlus Client settings.

Find more details on TechNet: https://technet.microsoft.com/en-us/library/mt741983.aspx

Configuration Manager 1602- backup your CD.Latest folder

Today I got a support case where I had to restore my first ConfigMgr Current Branch 1602.

No prob, we do have a nice SQL DB backup of the ConfigMgr database.

Let’s do the following:

  1. Close all consoles
  2. Stop all SMS Services (will also be done by the recovery wizard)
  3. Start the setup.exe from the CD.Latest (“Your Install Directory”\Microsoft Configuration Manager\cd.latest\SMSSETUP\BIN\X64)

But here I got stock. The “Recovery Site” option was greyed out. Of course I tried different ways to start the splash.hta or the setup.exe using admin rights. No way. The option was never available.

123

During research I found that the Site Maintenance job in ConfigMgr is also creating a folder called CD.Latest. But the customer did never activate the Site Maintenance job as they use a third party backup solution to backup the SQL Databases.

However, I configured the Site Maintenance Task and started the SMS_SITE_BACKUP service. This was creating the CD.Latest folder under my backup folder.

124

With this version of the setup.exe file could restore the database .

What we did:

–          Stopped all services
–          Detached the no longer needed CM_”SiteCode” database from the SQL Server using the SQL Server Management Studio
–          Restored the good database from Sunday (used the SQL option “override existing files”)
–          Started CD.Latest from the newly created backup folder (F:\Backup\W01Backup\CD.Latest)
–          Used “Site Database that has manually recovered” as we restored it in SQL

125

Conclusion

Please be aware of a very important change required to your backup strategy in Configuration Manager 1511, 1602 (and later). As you know regular upgrades will be available for the product (every 4 months or so) and you will be able to upgrade using update packages in the “Updates and Servicing” node of the Administration > Cloud Services workspace.

–          Make sure you enable the “Site Maintenance” Job for the site.
–          Backup the Backup folder as this will allow you to restore the ConfigMgr 1602 server in case of a bare metal restore

This folder will be required when you are recovering a failed site so it must be included in a backup strategy. Note that the built in backup maintenance task will back up this folder automatically. Also note that there is no point in backing up this folder once. It must be ongoing because, when upgrades are installed, Configuration Manager also updates the CD.Latest folder with the current files.

Find more informations on TechNet:
https://technet.microsoft.com/en-us/library/mt703293.aspx

 

Hyper-V error during RDS VDI collection creation

For a RDS VDI test environment we decided to use an internal switch on the Hyper-V server. This is not working.

As a consequence, in Hyper-V the external network was not up. This resulted in the following error during the creation of a VDI collection:

D90C3088

 

Server computer.domain.com either does not have a virtual switch configured or none of the configured virtual switches have an IP address assigned

This is unlikely to be a concern in any type of real life environment because those will have the external NIC connected at all times. However, it may occur when you are in a test environment and are trying to isolate from the production environment.

Conclusion: You have to configure an external switch which is connected to a physical LAN cable. DHCP is enough but of course you can also set a static IP on the NIC.

Issue removing old SQL Server from ConfigMgr

Situation before migration:

1x Primary Site ConfigMgr 2012 R2 no CU (OS Win 2008 R2) – no OS upgrade Support (*)
2x Secondary Sites 2012 R2 no CU
1x SQL Server 2008 R2 SP2 no CU
2’500 Clients worldwide

Goal:

1 Primary Site Current Branch 1511
New OS Windows Server 2012 R2
1 local installed SQL Server
no more Secondary Sites
several DP’s around the world

Most of the things went smoothly but at one point for now we stuck. We’re not able to remove the old remote SQL Server. The Server still appears in the Site System Roles and if we try to remove the Site Database server role (remove is not greyed out) we recieve the error: “The Server cannot be deleted because it contains the following roles:”

811577

We also tried to change the reg keys under SMS_Site_Componets_Manager\Multisite Componet Server\”Name of remote SQL”\Deinstallation Start Time\ set to 1.

811594

 

Solution

Run the following Query in SQL Management Studio in order to find and replace the orphaned relationships.

Change with the corresponding names in < > and run against the SCCM DB :

 *************************************************************

use CM_<sitecode>
declare @ServerName varchar(15)
set @ServerName=’<orphanFQDN>

delete from statusmessages where machinename=@ServerName
delete from Summarizer_Components where MachineName like ‘%’+@ServerName+’%’
delete from summarizer_sitesystem where sitesystem like ‘%’+@ServerName+’%’
delete from statusmessageinsstrs where insstrvalue like ‘%’+@ServerName+’%’
delete from sysreslist where servername=@ServerName
delete from sc_sysresuse where nalpath like ‘%’+@ServerName+’%’

 *************************************************************

After that, reboot the Primary Site. This will remove the server from your Management Console and ConfigMgr Database.

(*)
ConfigMgr CB 1602 no supports OS Upgrade from 2008 R2 to 2012 R2. Make sure you uninstall WSUS first.

https://technet.microsoft.com/en-us/library/mt622084.aspx?f=255&MSPPError=-2147217396

Cheers, Al