Click here to read this mailing online.

Your email updates, powered by FeedBlitz

 
Here is a sample subscription for you. Click here to start your FREE subscription


"Small Business Susan" - 5 new articles

  1. Not so fast, some of us need EMET
  2. Three posts of interest to those managing SMB servers
  3. Windows 10 and CIFS/SMB/Samba issues
  4. So what about the other SBS’s with Windows 10?
  5. Introducing Windows 10 into your SBS 2011 Essentials
  6. More Recent Articles
  7. Search Small Business Susan
  8. Prior Mailing Archive

Not so fast, some of us need EMET

http://www.zdnet.com/article/microsoft-windows-10-edge-so-secure-they-dont-need-our-emet-anti-zero-day-shield/

Posts like these make me angry.  Don’t get me wrong there are some key things I like about Windows 10.  The security enhancements are key.  But what makes me angry is that the key features they are pointing out here – Device Guard and Applocker are not available on the Pro or Home skus.  They are only available on the Enterprise sku.  Then if you want to use group policy to limit access to Windows store, a feature that used to be able to be controlled with Windows 8 pro, now you have to have Enterprise in order for the group policy to be enforced.
https://support.microsoft.com/en-us/kb/3135657

These decisions disappoint me.

    

Three posts of interest to those managing SMB servers

WSUS folks have finally published their WSUS 3.2 guidance – bottom line you won’t be able to manage the “build to build” upgrades via WSUS.  You will have to manually do the update or point the workstations to Microsoft update.

http://blogs.technet.com/b/wsus/archive/2016/01/22/what-to-do-if-you-re-on-wsus-3-0-sp2-or-sbs-2011.aspx

Then review this post about issues with the connector and how it has to be reinstalled each build to build process (for the time being)

http://blogs.technet.com/b/sbs/archive/2016/01/22/windows-10-feature-upgrade-breaks-client-connector-for-window-server-2012-r2-essentials-windows-server-2012-essentials-and-windows-small-business-server-2011-essentials.aspx

and finally check out

http://blogs.technet.com/b/sbs/archive/2016/01/22/wmi-group-policy-filter-issue-on-windows-10-breaks-folder-redirection-windows-server-2012-r2-essentials-windows-server-2012-essentials-and-windows-small-business-server-2011-essentials.aspx

 

    

Windows 10 and CIFS/SMB/Samba issues

Found a couple of posts indicating that 1511 is having issues with network discovery:

Synology Forum • View topic – Windows 10 Version 1511 and SMB3:
http://forum.synology.com/enu/viewtopic.php?f=49&t=106924

 

https://social.technet.microsoft.com/Forums/en-US/2131750e-d589-41f0-b6a3-1c7dac2361d9/cannot-connect-to-cifs-smb-samba-network-shares-shared-folders-in-windows-10-after-update

Hi All,

I wanted to provide an update on this thread to let you know that we are currently investigating this issue and I am working with the product group to determine root cause. The issue we are investigating is in regards to ‘Network Discovery’ not locating devices on the network.

The issue appears that Windows 10 is not broadcasting out an NetBT or RAP requests when searching for the devices on the network and only uses WSD protocol. If you navigate to Explorer > Network and changed to Details view and then add ‘Discovery Method’ to the column bar you should see that if you are discovering any devices they are more than likely only being found via WSD. 

    

So what about the other SBS’s with Windows 10?

I bet you are wondering what about the OTHER SBS releases and their interaction with windows 10, right?

AH HA I have them over on the Thirdtier.net blog

Introducing Windows 10 into your SBS 2011 Standard Network

Introducing Windows 10 SBS 2011 Essentials Networks

Introducing Windows 10 into your Essentials 2012 Networks

 

 

    

Introducing Windows 10 into your SBS 2011 Essentials

NEEDED FIXES FOR SBS 2011 ESSENTIALS

Adjust the group policy wmi filter to fix the issue where folder redirection does not work:

Instead of the WMI filter included in Essentials R2, please adjust it as follows:

Instead of select * from Win32_OperatingSystem where (Version >= “6.1%”) and ProductType= “1”

Change it to select * from Win32_OperatingSystem where Version like “10.%” or Version >=”6.1″

Go to start box, type in gpedit.msc. Once you launch the group policy editor, scroll to the bottom where the wmi filters reside. Right mouse click and click edit, and bring up the filter. Now click on edit and adjust it as noted.

wmi1

Alternatively remember that if you want to set up a unique wmi filter just for Windows 10 you can use to select * from Win32_OperatingSystem where Version like “10.%”

Note that you may have to edit the quotes and retype them as cut and pasting from this document may not copy over the right formatting.

 

Adjust the group policy to allow RDP access to Windows 10 machines

As noted in http://windowsserveressentials.com/2015/08/06/sbs-2011-essentials-windows-10/ SBS 2011 Essentials (and standard) need an adjustment to allow for remote desktop and also RWA into these workstations. To add this ability a new policy and ensure it has a wmi filter so that it applies to Windows 10. Go into the WMI section, right mouse click on new. Add a new WMI filter.   Call it Windows 10, For the filter value click add and merely use select * from Win32_OperatingSystem where Version like “10.%”

Click to save the filter.

sbe2

 

Now build a new policy. Go up to the policy settings and add a new policy. Right mouse click and click on create a GPO in this domain and link it here. Name your policy. Windows 10 computers (or something equality descriptive).

The policy setting is found at :

Computer Configuration > Policies> Administrative Templates > Windows components> Remote Desktop Services> Remote Desktop Session Host > Connections >

‘Allow users to connect remotely using Remote Desktop Services’

sbe3

Also set

Computer Configuration > Policies> Administrative Templates > Windows components> Remote Desktop Services> Remote Desktop Session Host > Security >

‘Set Client Encryption Level’

To Enabled and High.

sbe4

As the final step, change the wmi filter to be the Windows 10 filter you set up before

sbe5

For more discussion and testing with SBS 2011 essentials see http://windowsserveressentials.com/2015/08/06/sbs-2011-essentials-windows-10/

Change Windows 10’s default printer changes.

Due to a change in Windows 10 Build 1511, each time you select a new printer it will make that the default printer. To adjust this perform the following:

  1. Click on Windows icon (lower left) then click Settings
  2. From the Settings window, click Devices
  3. From the Devices window, click Printers & scanners
  4. From the Printers & scanners window, scroll down and locate the section Let Windows manage my default printer
  5. You can click on the toggle button to turn the option on or off, as desired.

See here for more details: http://kwsupport.com/2015/12/windows-10-new-feature-changes-your-default-printer-to-the-last-printer-used/

RWA functionality:

No issues reported with RWA. You can use the Edge browser to connect to the remote web access.

For a post regarding all tests made to ensure functionality see http://windowsserveressentials.com/2015/08/06/windows-server-2012-essentialswindows-10/

    

More Recent Articles


You Might Like

Click here to safely unsubscribe from "Small Business Susan."
Click here to view mailing archives, here to change your preferences, or here to subscribePrivacy