A lot of company applications are actually using the Java Runtime Environment (JRE) and a lot of them are integrated in the Internet Explorer using local adresses. When you open these kind of applications you will receive an error message that the application can not be trusted eventhough you provided your own root certificates by group policies. One big problem of the JRE is that it completelly ignores the Windows certificate stores. Instead of using the windows certificate store it uses its own implementation. Java certificates are stored in a file called cacerts located at C:\Program Files (x86)\Java\jre1.x.x_xxx\lib\security\ You can open javacpl.exe to get a graphical overview about the content:Read more
Even if you start installing a Windows 10 Enterprise (SAC) operating system there is still a bunch of applications installed you really don’t need in an enterprise environment. There are two ways of getting rid of these. First thing you can do is to disable the “Microsoft Consumer Experiences” (Application Set) that are automatically installed during the system deployment. That is the easiest way to get rid of apps like “Candy Crush” or “Xing”. To get rid of the rest of applications like “Weather” & “Xbox” there is only one way to do that. You need to build a PowerShell script that is executed during your OS deployment. Eventhough the removing commands for appx packages are supported by Microsoft some applications are still not removed from the user interface completelly. I recommend to run the script during the OS deployment to avoid these kind of problems. If you start removing appx packages after the first user login sometimes the app will be removed completelly but the icon will stay in the start menu as long as you delete the user profile.
1. Hide Applications by Group Policy Settings
- Open/Create a new group policy object in the “Group Policy Management Editor”
- Navigate to Computer Configuration > Administrative Templates > Windows Components > Cloud Content
- Click on “Turn off Microsoft consumer experience“
- Switch the status of the policy to enabled.
Sometimes it’s good to know which updates are installed on your client. Of course you can choose the regular way via the GUI elements of Windows but than you have no possibilities to export your result for filtering or reporting. There are different ways to achieve that
- Option 1 – CMD WMI querry
- Option 2 – PowerShell
- Option 3 – DISM
Required Windows Server UpdatesThe following update is required for Windows 10 activation:
- Windows Server 2012 R2 / KB3173424 – https://support.microsoft.com/kb/3173424
- Windows Server 2012 / KB3173426 – https://support.microsoft.com/kb/3173426
- Microsoft Office 2016 Volume License Pack – https://www.microsoft.com/en-us/download/details.aspx?id=49164&751be11f-ede8-5a0c-058c-2ee190a24fa6
Windows 10 / Server 2016 requires at least a KMS server based on Windows Server 2012. Activation via Windows Server 2008 R2 is not possible!
Activation by Command LineStep 1 Type the following command to integrate your volume license key to the KMS server.
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
For Windows 10 LTSB 1607 the Licence key “Windows Server 2016 Datacenter” is valid.Read more
Working in enterprise environments always requires a confidential log for scripting actions implemented in productive stages and even for testing it could be a great advantage. PowerShell offers a great possibility to log every action executed by a script. The CMDlets Start-Transcript & Stop-Transcript will help you to achieve a successful logging script.
Result Read more
This will be just an example how you can easyly create a logging script. There are thousands of different ways to solve this. The Microsoft documentation can be found in the following link https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.host/start-transcript?view=powershell-5.1The following script will write a general log file to C:\temp\logging.log containing all relevant basis information about the script execution.
Start-Transcript -path "C:\temp\logging.log" -Force
your CODE here