Tag: Server 2016

Microsoft Deployment Toolkit (MDT) build 8443

The Microsoft Deployment Toolkit (MDT), build 8443, is now available on the Microsoft Download Center. This update requires the Windows Assessment and Deployment Kit (ADK) for Windows 10, version 1607, available on the Microsoft Hardware Dev Center (adksetup.exe file version 10.1.14393.0).

You may notice that we are not tagging this release with a year or update version. To better align with the current branches of Windows 10 and Configuration Manager, and to simplify the branding and release process, we are now just referring to it as the “Microsoft Deployment Toolkit”, using the build number to distinguish each release. This is not necessarily a “current branch” of MDT; we are committed to updating MDT as needed with revisions to Windows, the Windows ADK, and Configuration Manager.

Here is a summary of the significant changes in this build of MDT:

  • Supported configuration updates
    • Windows ADK for Windows 10, version 1607
    • Windows 10, version 1607
    • Windows Server 2016
    • Configuration Manager, version 1606
  • Quality updates
    • Deployment Wizard scaling on high DPI devices
    • Johan’s “uber bug” for computer replace scenario
    • Multiple fixes for the Windows 10 in-place upgrade scenario
    • Several fixes to Configure ADDS step
    • Removed imagex/ocsetup dependencies, rely solely on DISM
    • Includes the latest Configuration Manager task sequence binaries (version 1606)

Update to apply MessageCopyForSentAsEnabled to any type of mailbox in Exchange Server 2016

Update to apply MessageCopyForSentAsEnabled to any type of mailbox in Exchange Server 2016

This update describes a change in which the MessageCopyForSentAsEnabled and MessageCopyForSendOnBehalfEnabled settings to save sent messages into a different mailbox can be applied to any type of mailbox with the Set-Mailbox cmdlet, not just shared mailboxes. This feature keeps a copy of the email in the Sent Items folder of the alternative mailbox.

Install Cumulative Update 4 for Exchange Server 2016 or a later cumulative update for Exchange Server 2016.

Exchange Team has released Quarterly Exchange Updates

– A new Outlook on the web compose experience
– Support for .Net 4.6.2
– Change to Pre-Requisites installed by Setup
– Update on Windows Server 2016 support KB3206632
– Latest time zone updates
– Important Public Folder fix included in these releases

Exchange Server 2016 Cumulative Update 4 (KB3177106), Download, UM Lang Packs
Exchange Server 2013 Cumulative Update 15 (KB3197044), Download, UM Lang Packs
Exchange Server 2010 Service Pack 3 Update Rollup 16 (KB3184730), Download
Exchange Server 2007 Service Pack 3 Update Rollup 22 (KB3184712), Download

IIS Crypto the best tool to configure SSL/TLS cipher suites

IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012 and 2016. It also lets you reorder SSL/TLS cipher suites offered by IIS, implement best practices with a single click, create custom templates and test your website.

Features

– Single click to secure your website using best practices
– Create custom templates that can be saved and run on multiple servers
– Stop DROWN, logjam, FREAK, POODLE and BEAST attacks
– Disable weak protocols and ciphers such as SSL 2.0, 3.0 and MD5
– Enable TLS 1.1 and 1.2
– Enable forward secrecy
– Reorder cipher suites
– Built in Best Practices, PCI, PCI 3.1 and FIPS 140-2 templates
– Site scanner to test your configuration
– Command line version

Screenshot1

WMI Filters for OS version

DESKTOPS

ANY WINDOWS DESKTOP OS

  • Any Windows Desktop OS – 32-bit
    select * from Win32_OperatingSystem WHERE ProductType = “1” AND NOT OSArchitecture = “64-bit”
  • Any Windows Desktop OS – 64-bit
    select * from Win32_OperatingSystem WHERE ProductType = “1” AND OSArchitecture = “64-bit”

WINDOWS 7

  • Windows 7
    select * from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”1″
  • Windows 7 – 32-bit
    select * from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit”
  • Windows 7 – 64-bit
    select * from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”1″ AND OSArchitecture = “64-bit”

WINDOWS 8.1

  • Windows 8.1
    select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″
  • Windows 8.1 – 32-bit
    select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit”
  • Windows 8.1 – 64-bit
    select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″ AND OSArchitecture = “64-bit”

WINDOWS 8.1

  • Windows 8.1
    select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″
  • Windows 8.1 – 32-bit
    select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit”
  • Windows 8.1 – 64-bit
    select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″ AND OSArchitecture = “64-bit”

WINDOWS 10

  • Windows 10
    select * from Win32_OperatingSystem WHERE ‘Version like ‘10.0.%’ AND ProductType=”1″
  • Windows 10 – 32-bit
    select * from Win32_OperatingSystem WHERE Version like “10.0.% AND ProductType=”1” AND NOT OSArchitecture = “64-bit”
  • Windows 10 – 64-bit
    select * from Win32_OperatingSystem WHERE Version like “10.0.%””6.3%” AND ProductType=”1″ AND OSArchitecture = “64-bit”

SERVERS

ANY WINDOWS SERVER OS

  • Any Windows Server OS
    select * from Win32_OperatingSystem where (ProductType = “2”) OR (ProductType = “3”)
  • Any Windows Server OS – 32-bit
    select * from Win32_OperatingSystem where (ProductType = “2”) OR (ProductType = “3”) AND NOT OSArchitecture = “64-bit”
  • Any Windows Server OS – 64-bit
    select * from Win32_OperatingSystem where (ProductType = “2”) OR (ProductType = “3”) AND OSArchitecture = “64-bit”
  • Any Windows Server – Domain Controller
    select * from Win32_OperatingSystem where (ProductType = “2”)
  • Any Windows Server – Domain Controller – 32-bit
    select * from Win32_OperatingSystem where (ProductType = “2”) AND NOT OSArchitecture = “64-bit”
  • Any Windows Server – Domain Controller – 64-bit
    select * from Win32_OperatingSystem where (ProductType = “2”) AND OSArchitecture = “64-bit”
  • Any Windows Server – Non-Domain Controller
    select * from Win32_OperatingSystem where (ProductType = “3”)
  • Any Windows Server – Non- Domain Controller – 32-bit
    select * from Win32_OperatingSystem where (ProductType = “3”) AND NOT OSArchitecture = “64-bit”
  • Any Windows Server – Non-Domain Controller – 64-bit
    select * from Win32_OperatingSystem where (ProductType = “3”) AND OSArchitecture = “64-bit”

WINDOWS SERVER 2008 R2

  • Windows Server 2008 R2 – 64-bit – DC
    select * from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”2″
  • Windows Server 2008 R2 – 64-bit – non-DC
    select * from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”3″

WINDOWS SERVER 2012 R2

  • Windows Server 2012 R2 – 64-bit – DC
    select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”2″
  • Windows Server 2012 R2 – 64-bit – non-DC
    select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”3″

WINDOWS SERVER 2016

Don’t Deploy Exchange Server 2016 on Windows Server 2016 For Now Due to Stability Issues

Since the release of Exchange Server 2016 Cumulative Update 3 (CU3), which added support for installing Exchange 2016 onto Windows Server 2016 servers, there’s been a series of reports in support forums and blog comments about errors that customers are seeing.

Now Microsoft has acknowledged that there is in fact a known issue, and there is no current workaround for it.

If you attempt to run Microsoft Exchange 2016 CU3 on Windows Server 2016, you will experience errors in the IIS host process W3WP.exe. There is no workaround at this time. You should postpone deployment of Exchange 2016 CU3 on Windows Server 2016 until a supported fix is available.

That’s all the detail that has been publicly released by Microsoft at this time, but the guidance is clear. You should deploy Exchange 2016 only on Windows Server 2012 R2 until further notice.

Source: https://exchangeserverpro.com/dont-deploy-exchange-server-2016-windows-server-2016-now-due-stability-issues/

MS16-108: Security update for Exchange Server 2007/2010/2013/2016

Summary

This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow remote code execution in some Oracle Outside In Libraries that are built into Exchange Server. This issue might occur if an attacker sends an email message with a specially crafted attachment to a vulnerable Exchange Server computer. To learn more about this vulnerability, see Microsoft Security Bulletin MS16-108.

More information about this security update

The following articles contain more information about this security update as it relates to individual product versions.

  • 3184736 MS16-108: Description of the security update for Exchange Server 2016 and Exchange Server 2013: September 13, 2016
  • 3184728 MS16-108: Update Rollup 15 for Exchange Server 2010 Service Pack 3: September 13, 2016
  • 3184711 MS16-108: Update Rollup 21 for Exchange Server 2007 Service Pack 3: September 13, 2016

Windows 10 1607 Windows Update Change

For those of you who have started deploying Windows 10 1607, you might notice a change in the behavior of the Windows Update agent for PCs that are configured to pull updates from WSUS.  Instead of pulling the updates from WSUS, PCs may start grabbing them from peers on your network, leveraging the Delivery Optimization service for referrals to other PCs that have already obtained the content.  This change should generally help reduce the amount of network traffic being generated for both quality (monthly) updates and feature updates, offloading that traffic from the WSUS server.  It will add some additional traffic between each client PC and the Delivery Optimization service on the internet, as it has to talk to this internet-only service in order to get a list of peers.

If the Windows Update agent can’t talk to the Delivery Optimization service (due to firewall or proxy configurations), or if there are no peers able to provide the content, it will then go ahead and grab the content from the WSUS server.

There is a new Group Policy setting available if you want to disable this behavior, e.g. because you are already using BranchCache for peer-to-peer sharing.  To do this, you need to set the “Download Mode” policy under “Computer Configuration –> Administrative Templates –> Windows Components –> Delivery Optimization” to specify “Bypass” mode, which will result in the client always using BITS to transfer the content from WSUS (with BranchCache jumping in to provide the peer-to-peer capabilities through its integration with BITS):

image291

Of course to set this policy, you need the latest ADMX files, which can be downloaded from https://www.microsoft.com/en-us/download/details.aspx?id=53430 and are also included in Windows 10 1607 and Windows Server 2016.  (The “Bypass” setting wasn’t available in previous versions.)  See https://support.microsoft.com/en-us/kb/3087759 for details on how to update the Group Policy central store with these latest ADMX files, if you are using a central store.

Source: https://blogs.technet.microsoft.com/mniehaus/2016/08/08/using-wsus-with-windows-10-1607/

Windows Server 2016 certification

Microsoft is pleased to announce the release of the new MCSA: Windows Server 2016 certification.

The new MCSA can be earned by taking and passing the following three exams:

  • 70-740 – Installation, Storage, and Compute with Windows Server 2016
  • 70-741 – Networking with Windows Server 2016
  • 70-742 – Identity with Windows Server 2016

Exam 740 is scheduled for beta release in early October 2016, with the other exams following soon after.

Individuals who currently hold either an MCSA: Windows Server 2012 or MCSA: Windows Server 2008 certification will be able to upgrade to the new 2016 certification through a single, upgrade exam:

  • 70-743 – Upgrade Your Skills to MCSA: Windows Server 2016

Exam 743 is scheduled for beta release in late July 2016. 

MOC courses corresponding to all four Windows Server 2016 exams are scheduled for release in September 2016, while practice tests will be available shortly after each exam beta period ends.

New options for specialization and continuing education through the MCSE program will be announced later this summer.

Translate »