You have some times a tool that it freaky handy. Google Keep. It works every. Where i loggon i have my to do list with mee. I do not have to sync them manually. It works from Windows 10, Andriod, iOS, Webbrowser.
It keeps my head empty
VMware has released VMware Horizon 7.3.1 and Horizon Client 4.6! With this new release, Horizon 7.3 enhances key platform features, including Horizon Virtualization Pack for Skype for Business, VMware Instant Clone Technology and the Horizon Help Desk Tool.
Many new items have been introduced, such as HTML5 video redirection support for the Chrome browser and the ability to configure Windows Start menu shortcuts for desktop and application pools using the Horizon Administrator console. As always, you can count on increased operating system support for virtual desktops and clients.
Here is an overview of the new features:
VMware Horizon 7.3 Server Enhancements
Horizon Help Desk Tool
Instant Clone Technology
Windows Start Menu Shortcuts Created Using the Admin Console
Cloud Pod Architecture Scale
VMware Horizon Apps
Resiliency for Monitoring
Database Support
ADMX Templates
Remote Experience
Horizon Virtualization Pack for Skype for Business
Additional NVIDIA GRID vGPU Support
HTML5 Video Redirection
Performance Counter Improvements
Linux Virtual Desktops
USB Redirection
ThinPrint Filtering
Horizon Client 4.6 Updates
Security Update
Session Pre-launch
Apteligent
Blast Extreme
Horizon Client 4.6 for Windows
Horizon Client 4.6 for macOS
Horizon Client 4.6 for iOS
Horizon Client 4.6 for Android
Horizon Client 4.6 for Linux
Horizon Client 4.6 for Windows 10 UWP
Horizon HTML Access 4.6
The Horizon Help Desk Tool provides a troubleshooting interface for the help desk that is installed by default on Connection Servers. To access the Horizon Help Desk Tool, navigate to https://<CS_FQDN>/helpdesk, where <CS_FQDN> is the fully qualified domain name of the Connection Server, or click the Help Desk button in the Horizon Administrator console.
The Help Desk Tool was introduced in Horizon 7.2 and has been greatly expanded upon in the Horizon 7.3 release.
Help Desktop Tool features with Horizon 7.2:
Additional features with Horizon 7.3:
The user session details appear on the Details tab when you click a user name in the Computer Name option on the Sessions tab. You can view details for Horizon Client, the VDI desktop or RDSH-published desktop, CPU and memory stats, and many other details.
Blast extreme metrics that have been added include estimated bandwidth (uplink), packet loss, and transmitted and received traffic counters for imaging, audio, and CDR.
Note the following behavior:
Blast Extreme Metrics for a Windows 10 Virtual Desktop Session
This new feature provides help desk staff with a granular option to resolve problematic processes without affecting the entire user session, similar to Windows Task Manager. The session processes appear on the Processes tab when you click a user name in the Computer Name option on the Sessions tab. For each user session, you can view additional details about CPU- and memory-related processes to diagnose issues.
You can assign the following predefined administrator roles to Horizon Help Desk Tool administrators to delegate the troubleshooting tasks between administrator users:
You can also create custom roles by assigning the Manage Help Desk (Read Only) privilege along with any other privileges based on the Help Desk Administrator role or Help Desk Administrator (Read Only) role.
Members of the Help Desk Administrators (Read Only) role do not have access to following controls; in fact, functions such as Log Off and Reset are not presented in the user interface.
Watch this brief demonstration video of the Horizon Help Desk Tool to see it in action:
You can now make optimized audio and video calls with Skype for Business inside a virtual desktop without negatively affecting the virtual infrastructure and overloading the network.
All media processing takes place on the client machine instead of in the virtual desktop during a Skype audio and video call.
New support with many expanded features for the Horizon Virtualization Pack for Skype for Business can be found in Horizon 7.3 and Client 4.6.
Horizon Virtualization Pack for Skype for Business offers the following supported features:
The following table outlines the system requirements for the new release:
The following table provides the list of support Horizon clients:
This feature improves the user experience by adding desktop and application shortcuts to the Start menu of Windows client devices.
You can use Horizon Administrator to create shortcuts for the following types of Horizon 7 resources:
Shortcuts appear in the Windows Start menu and are configured by IT. Shortcuts can be categorized into folders.
Users can choose at login whether to have shortcuts added to the Start menu on their Windows endpoint device.
Watch this brief demonstration video of the new Desktop and Apps Shortcuts feature to see it in action:
Upon the initial release of instant clones in Horizon 7, we supported floating desktop pools and assignments only. Further investments have been made to Instant Clone Technology that add support for dedicated desktop pools. Fixed assignments and entitlements of users to instant-clone machines is now provided as part of Horizon 7.3.
Dedicated instant-clone desktop assignment means that there is a 1:1 relationship between users and desktops. Once an end user is assigned to a desktop, they will consistently receive access to the same desktop and corresponding virtual machine. This feature is important for apps that require a consistent hostname, IP address, or MAC address to function properly.
Note: Persistent disks are not supported. Fixed assignments to desktops does not mean persistence for changes. Any changes that the user makes to the desktop while in-session will not be preserved after logoff, which is similar to how a floating desktop pool works. With dedicated assignment, when the user logs out, a resync operation on the master image retains the VM name, IP address, and MAC address.
VMware has expanded NVIDIA GRID support with Tesla P40 GPU cards in Horizon 7.3.
This feature provides the ability to take the HTML5 video from a Chrome (version 58 or higher) browser inside a Windows VDI or RDSH system and redirect it to Windows clients. This feature uses Blast Extreme or PCoIP side channels along with a Chrome extension.
The redirected video is overlaid on the client and is enabled as well as managed using GPO settings.
Benefits include:
The default User Environment Manager timeout value has been increased. This change ensures that the USB redirection Smart Policy takes effect even when the login process takes longer than expected.
With Horizon Client 4.6, the User Environment Manager timeout value is configured only on the agent and is sent from the agent to the client.
You can now bypass User Environment Manager control of USB redirection by setting a registry key on the agent machine (VDI desktop or RDSH server). This change ensures that smart card SSO works on Teradici zero clients. Note: Requires a restart.
HKLM\Software\VMware, Inc.\VMware VDM\Agent\USB uemFlags (REG_DWORD 1)
The Windows Agent PerfMon counters for the Blast Extreme protocol have been improved to update at a constant rate and to be even more accurate.
Counters include:
Features and functions for Horizon 7 for Linux virtual desktops have been expanded:
The USB redirection feature is now supported when you use Horizon Client in nested mode. When using nesting–for example, when opening RDSH applications from a VDI desktop–you can now redirect USB devices from the client device to the first virtualization layer and then redirect the same USB device to the second virtualization layer (that is, nested session).
You can now create a filter to specify the printers that should not be redirected with ThinPrint. A new GPO ADMX template (vmd_printing_agent.admx) has been added to enable this functionality.
By default, the rule permits all client printers to be redirected.
Now even lower CPU usage is achieved with adaptive Forward Error Correction algorithms. This clever mechanism decides how to handle error correction, lowering CPU usage within virtual desktop machines as well as on client endpoint devices.
New support has been added for Blast Extreme Adaptive Transport side channels for USB and CDR communications. Once enabled, TCP port 32111 for USB traffic does not need to be opened, and USB traffic uses a side channel. This feature is supported for both virtual desktops and RDS hosts.
This feature allows IT administrators to restrict access to published applications and desktops based on both client computer and user. With client restrictions for RDSH, it is now possible to check AD security groups for specific computer names. Users only have access to desktops and apps when both the user and the client machine are entitled. For this release, the feature is supported only for Windows clients and works with global entitlements.
Pre-launch provides the ability to launch an empty (application-less) session when connecting to the Connection Server. The feature is now also available to Windows clients, in addition to macOS.
Also, it is no longer necessary to manually make changes to the client settings. You can configure automatic reconnection.
With prior client releases, users were required to configure their Blast Extreme settings before they connected to the Connection Server. After a connection was established, the options to change the Blast Extreme setting—which included H.264, Poor, Typical, and Excellent—were unavailable.
With this release, users can change the network condition setting from Excellent to Typical or the reverse while inflight to sessions. Doing so also changes the protocol connection type between TCP (for Excellent) and UDP (for Typical).
Note: End users will not be able to change the network condition setting if Poor is selected before establishing a session connection.
Horizon Client 4.6 updates include:
Horizon Client 4.6 updates include:
Horizon Client 4.6 updates include:
Horizon Client 4.6 updates include:
Horizon Client 4.6 for Android and Horizon Client 4.6 for Chrome OS updates include:
HTML Access 4.6 updates include:
Horizon Client 4.6 updates include:
Horizon Client 4.6 updates include:
We are excited about these new features in Horizon 7.3.1 and the Horizon Client 4.6. We hope that you will give them a try.
You can download it here.
You might not be able to send email with an Outlook.com, Office 365, or Exchange account until you update to iOS 11.0.1.
If your email account is hosted by Microsoft on Outlook.com or Office 365, or an Exchange Server 2016 running on Windows Server 2016, you might see this error message when you try to send an email with iOS 11: “Cannot Send Mail. The message was rejected by the server.”
To fix the issue, update to iOS 11.0.1 or later.
On June 27, 2017 Microsoft has released its quarterly updates for Exchange 2013 and Exchange 2016. The current version is now at Exchange 2013 CU17 (15.0.1320.4) and Exchange 2016 CU6(15.1.1034.26) . But this time there are some interesting things I’d like to point out.
A couple of days before the release of Exchange 2016 CU6 (15.1.1034.26)
Microsoft blogged about Sent Items Behavior Control and Original Folder Item Recovery. With the Sent Items Behavior Control, a message that’s sent using the Send As or Send on behalf of permission is not only stored in the mailbox of the user that actually sent the message, but a copy is also stored in the delegator mailbox sent items. This was already possible for shared mailboxes, but now it’s also possible for regular mailboxes (like manager/assistant scenarios).
The Original Folder Item Recovery feature is I guess on of the most requested features. In the past (before Exchange 2010) when items were restored after they were deleted, they were restored to their original location. With the Dumpster 2.0 that was introduced with Exchange 2010 this was no longer possible, and items were restored to the deleted items folder. In this case the items had to be moved manually to their original location. With the introduction of the Original Folder Item Recovery the restore of deleted items again takes place in the original folder.
Unfortunately, both Sent Items Behavior Control and Original Folder Item Recovery are only available in Exchange 2016 CU6 (and NOT in Exchange 2013 CU17).
When it comes to security TLS 1.2 is a hot topic. Microsoft is aware of this and working hard towards an Exchange environment that only uses TLS 1.2 (so that TLS 1.1 and TLS 1.0 can be disabled). We are not yet at that stage. Exchange 2016 CU6 does have improved support for TLS 1.2, but Microsoft is not encouraging customers to move to a TLS 1.2 environment only.
.NET Framework and Exchange server continues to be a difficult scenario. This is understandable, Exchange is just a consumer of Windows and .NET so the Exchange Product Group does not have much influence on the .NET (and Windows) Product Group.
Exchange 2016 CU6 does NOT support.NET Framework 4.7 at this moment, and you should NOT install .NET Framework on a server running Exchange 2016. Not before and not after the installation of Exchange 2016 CU6. This is also true for Exchange Server 2013 CU17. More information regarding .NET Framework and Exchange server can be found here: https://blogs.technet.microsoft.com/exchange/2017/06/13/net-framework-4-7-and-exchange-server/.
The .NET Framework 4.6.2 is supported by Exchange 2016 CU3 and higher and Exchange 2013 CU15 and higher. For a complete overview of which scenarios are supported, navigate to the Exchange Server Supportability Matrix on https://technet.microsoft.com/en-us/library/ff728623(v=exchg.150).aspx.
KB articles that describe the fixes, features and information in each release are available as follows:
Version |
Build |
KB Article |
Download |
UMLP |
Schema Changes |
Exchange 2016 CU6 |
15.1.1034.26 |
Yes |
|||
Exchange 2013 CU17 |
15.0.1320.4 |
No |
Source: jaapwesselius
The most used device these days is a mobile phone. Malware/Spyware/Hacking is everywhere, anytime,anywhere See: Update: Lookout re-airing on 60 Minutes
Some latest news about Mobile Security Alerts:
Hundreds of millions of devices potentially affected by first major iOS malware outbreak
Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire
Soo what can you do about it:
Install Security app on your device: So i installed the free version of lookout on my phone.
It works great so far: Testing it.
On Aug. 25, 2016, Apple announced updates to address security vulnerabilities in iOS version 9.3.4 and earlier. The affected components include the iOS kernel and WebKit.
The vulnerabilities can result in jailbreak, remote code execution, and memory corruption. Security researchers at Lookout, Inc. have identified a high risk malware application, called “Pegasus”, that uses the vulnerabilities to compromise user devices.
MobileIron recommends that users update to iOS version 9.3.5 or later to obtain the necessary security patches. The security researchers have confirmed that the iOS patches prevent the vulnerabilities from being exploited.
Three vulnerabilities were patched in iOS 9.3.5. The vulnerabilities are referred to collectively as “Trident”. The reported CVE identifiers include:
Detection of Pegasus Jailbreak:
According to the security researchers at Lookout, EMM vendors cannot currently detect the Pegasus jailbreak. At this time, the only known method to detect Pegasus is to use products from Lookout.
Source: http://blaud.com/blog/pegasus-malware-ios-9-3-5-security-update_lookout_mobileiron
This will show you how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT. BitLocker in Windows 10 has two requirements in regard to an operating system deployment:
Configure Active Directory for BitLocker
To enable BitLocker to store the recovery key and TPM information in Active Directory, you need to create a Group Policy for it in Active Directory. For this section, we are running Windows Server 2012 R2, so you do not need to extend the Schema. You do, however, need to set the appropriate permissions in Active Directory.
Note
Depending on the Active Directory Schema version, you might need to update the Schema before you can store BitLocker information in Active Directory.
In Windows Server 2012 R2 (as well as in Windows Server 2008 R2 and Windows Server 2012), you have access to the BitLocker Drive Encryption Administration Utilities features, which will help you manage BitLocker. When you install the features, the BitLocker Active Directory Recovery Password Viewer is included, and it extends Active Directory Users and Computers with BitLocker Recovery information.
Figure 2. The BitLocker Recovery information on a computer object in the contoso.com domain.
The BitLocker Drive Encryption Administration Utilities are added as features via Server Manager (or Windows PowerShell):
Figure 3. Selecting the BitLocker Drive Encryption Administration Utilities.
Following these steps, you enable the backup of BitLocker and TPM recovery information to Active Directory. You also enable the policy for the TPM validation profile.
Computer Configuration / Policies / Administrative Templates / Windows Components / BitLocker Drive Encryption / Operating System Drives
Computer Configuration / Policies / Administrative Templates / System / Trusted Platform Module Services
(Don’t forget to disable Secure Boot & Enable the secure boot again after deployment is succes vol!!)
In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you have downloaded the Add-TPMSelfWriteACE.vbs script from Microsoft to C:\Setup\Scripts on DC01.
cscript C:\Setup\Scripts\Add-TPMSelfWriteACE.vbs
Figure 4. Running the Add-TPMSelfWriteACE.vbs script on DC01.
If you want to automate enabling the TPM chip as part of the deployment process, you need to download the vendor tools and add them to your task sequences, either directly or in a script wrapper.
The Dell tools are available via the Dell Client Configuration Toolkit (CCTK). The executable file from Dell is named cctk.exe. Here is a sample command to enable TPM and set a BIOS password using the cctk.exe tool:
cctk.exe --tpm=on --valsetuppwd=Password1234
The HP tools are part of HP System Software Manager. The executable file from HP is named BiosConfigUtility.exe. This utility uses a configuration file for the BIOS settings. Here is a sample command to enable TPM and set a BIOS password using the BiosConfigUtility.exe tool:
BIOSConfigUtility.EXE /SetConfig:TPMEnable.REPSET /NewAdminPassword:Password1234
And the sample content of the TPMEnable.REPSET file:
English
Activate Embedded Security On Next Boot
*Enable
Embedded Security Activation Policy
*No prompts
F1 to Boot
Allow user to reject
Embedded Security Device Availability
*Available
The Lenovo tools are a set of VBScripts available as part of the Lenovo BIOS Setup using Windows Management Instrumentation Deployment Guide. Lenovo also provides a separate download of the scripts. Here is a sample command to enable TPM using the Lenovo tools:
cscript.exe SetConfig.vbs SecurityChip Active
CustomSettings.ini
[Default]
SkipBitLocker=YES
[LAPTOP]
TaskSequenceID=LAPTOP
MachineObjectOU=OU=Bitlocker,OU=LAPTOPS,OU=Clients,DC=wardvissers,DC=local
BDEKeyLocation=\\mdt01.wardvissers.local\Bitlocker$
If you want to use EUFI Boot with MDT 2013 Update X.
Don’t use DHCP Option 60/66/67!!!
DC01 = Windows Server 2008 R2 SP1
DC02 = Windows Server 2012
MDT01 = Windows Server 2012 R2
UEFI Client: Dell Laptop E5450
BIOS Client: HyperV Virtual machine with Legacy network adapert
DC1; MDT01 and DHCPServer all in Subnet1.
(IP Helper is set for DHCPServer for DHCP and for DC01 & MDT01 for DHCP and BootP – I checked serveral times if everything is right here)
UEFI Client and BIOS Client in Subnet2.
Situation1 — Using no DHCP Options and WDS running (IP HELPER-ADDRESS):
UEFI Client – Boots perfectly (contacting Server MDT01)
BIOS Client – Boots perfectly (contacting Server MDT01)
Situaion2 — Using no DHCP Options and WDS just running on MDT01:
UEFI Client – Does not boot (no error information is provided)
BIOS Client – Does not boot (no Bootfilename recieved)
Situation3 — Using DHCP Options(Option 66=”IP of MDT01″ Option 67=”\x86\wdsnbp.com”) and WDS just running on MDT01:
UEFI Client – Does not boot (no error information is provided)
BIOS Client – Boots perfectly (contacting Server DP1)
Situation4 — Using DHCP Options(Option 60=”PXEClient” Option 66=”IP of MDT01″ Option 67=”\x86\wdsnbp.com”) and WDS just running on MDT01:
UEFI Client – Boots perfectly (contacting Server DP1)
BIOS Client – Does not boot (taking hours to recieve dhcp options..)
Solution:
On most switches you can configure ip helper-addresses. This is most time al ready configured for the use of DHCP.
Add the IP of the MDT server als ip helper-address:
Example:
interface Vlan100
description GEBRUIKERS VLAN
ip address 192.168.101.254 255.255.254.0 show
ip helper-address 192.168.25.6 (DC01)
ip helper-address 192.168.25.7 (DC02)
ip helper-address 192.168.25.30 (MDT01)
end
The Microsoft Deployment Toolkit (MDT) 2013 Update 2 (6.3.8330) is now available on the Microsoft Download Center. This update requires the Windows Assessment and Deployment Kit (ADK) for Windows 10, available on the Microsoft Hardware Dev Center. (Note that there are known issues with the v1511 release of the Windows 10 ADK and System Center Configuration Manager; these issues do not directly affect MDT although may still impact ZTI or UDI scenarios.)
MDT 2013 Update 2 is primarily a quality release; there are no new major features. The following is a summary of the significant changes in this update:
There are no other new release notes or significant known issues. See the previous post for more information as much of it is still applicable (other than the fix list above).
See the following post on How to get help with MDT.
Frequently Asked Questions
In anticipation of some questions that you may have about this release (or MDT in general):
Q: Should I expect a release of MDT with every new Windows 10 and/or Configuration Manager build release?
No. We shipped multiple MDT releases this year due to the timing of Windows 10 and Configuration Manager releases, but do not intend to keep that same cadence going forward.
Q: What branches of Windows 10 does MDT support?
MDT supports both the current branch of Windows 10 as well as the long-term servicing branch.
Q: What branches of System Center Configuration Manager does MDT support?
For ZTI and UDI scenarios MDT 2013 Update 2 supports the current branch of System Center Configuration Manager (currently version 1511) for an integrated solution for deploying Windows 10 current branch as well as prior Windows versions.
Q: When is the next planned release of MDT?
We do not currently have a timeframe. We will release any tactical changes as needed which may be required to support new builds of Windows 10 or Configuration Manager, but do not currently expect this to be needed.
Q: Is this the last release of MDT?
No, we will continue to iterate and invest in the product.
Q: Why is it still “MDT 2013” when the year is almost 2016?
Two primary reasons. First, we have only made minor changes to MDT which in our opinion does not constitute a major version revision. Second, per the MDT support lifecycle, a new major version will drop support for MDT2012 Update 1 which still supports legacy platforms.
Cumulative Update 11 for Microsoft Exchange Server 2013 was released on December 15, 2015. Several nonsecurity issues are fixed in this cumulative update or a later cumulative update for Exchange Server 2013.
This cumulative update fixes the issues that are described in the following Microsoft Knowledge Base articles:
This update also includes new daylight saving time (DST) updates for Exchange Server 2013. For more information about DST, go to Daylight Saving Time Help and Support Center.
Download Cumulative Update 11 for Exchange Server 2013 (KB3099522) now.