Microsoft steigert Gewinn und Umsatz dank Cloud-Boom kräftig
Microsoft steigert Gewinn und Umsatz dank Cloud-Boom kräftig – heise online
Microsoft steigert Gewinn und Umsatz dank Cloud-Boom kräftig – heise online
Microsoft: Upgrade von Windows 10 1803 auf 1903 und neue Installationsmedien – heise online
Windows 10 1903: Updates verursachen Neustart-Hinweisschleifen – heise online
Patchday: Angreifer attackieren Windows und Windows Server – heise online
Before
you start reading this, you should be familiar with the DualScan Feature of
Windows 10. Find more information on the following blog posts.
If
you decided to disable DualScan (Do not allow update deferral policies to
cause scan against Windows Update – Enabled) this post is for
you.
To
check if dualscan is disabled. Simple run the following PowerShell commands on
your target machines.
$MUSM = New-Object
-ComObject "Microsoft.Update.ServiceManager"
$MUSM.Services | select Name,
IsDefaultAUService
Verify
that DefaultAUService is WSUS. Also make sure that you have the following reg
key set to
1.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\
DisableDualScan REG_DWORD 1
Note:
The recent SCCM Client configures a local policy if Software Updates are enabled
via Client settings.
Let’s
assume you want to control:
then
find your scenario in the following table:
Notes*dis = disabled, *rem = removed, *SUP = SCCM’s Software
|
Change |
|
No change |
|
Not a Win10 |
Remove
access to use all Windows Update features
GPO:
Computer Configuration\Administrative Templates\Windows Components\Windows
Updates\
Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\
SetDisableUXWUAccess REG_DWORD
Do
not connect to any Windows Update Internet locations
GPO:
Computer Configuration\Administrative Templates\Windows Components\Windows
Updates\
Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\
DoNotConnectToWindowsUpdateInternetLocations REG_DWORD
Turn
Off Access to all Windows Update Feature
GPO:
Computer Configuration\Administrative Templates\System\Internet Communication
Management\Internet Communication settings\
Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\
DisableWindowsUpdateAccess REG_DWORD
Do
not include drivers with Windows Update
GPO:
Computer Configuration\Administrative Templates\Windows Components\Windows
Updates\
Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\
ExcludeWUDriversInQualityUpdate
REG_DWORD
Specify
the search server for device driver updates
GPO:
Computer Configuration\Administrative Templates\System\Device
Installation\
Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DriverSearching\
DriverServerSelection REG_DWORD
Specify
search order for device driver source locations
GPO:
Computer Configuration\Administrative Templates\System\Device
Installation\
Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DriverSearching\
SearchOrderConfig REG_DWORD
there
are many more GPOs related to Windows Update. In the SCCM/SUP & dualscan
disabled scenario these should fulfil most of your basic needs.
You
may have your own requirements on how you want to configure the Microsoft Store
and its App Updates. Let me show you what and how you can do that.
Some might
not know, but it’s the Microsoft Store App that updates Apps, including calc,
photos, etc.. So if you have removed it, which I do not recommend, there is not
much to configure nor are you getting any updates.
Let’s
see what these Microsoft Store GPOs do…
This policy setting
specifies whether to use the Store service for finding an application to open a
file with an unhandled file type or protocol association. When a user opens a
file type or protocol that is not associated with any applications on the
computer, the user is given the choice to select a local application or use the
Store service to find an application. If you enable this policy setting, the
„Look for an app in the Store“ item in the Open With dialog is removed. If you
disable or do not configure this policy setting, the user is allowed to use the
Store service and the Store item is available in the Open With
dialog.
GPO:
Computer Configuration\Administrative Templates\System\Internet Communication
Management\Internet Communication
settings\
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer
NoUseStoreOpenWith REG_DWORD
App
Updates: not affected
One might think
this is the GPO to disable the Microsoft Store, this is what is really
does:
Your users won’t be asked to find a app in the store if they try to
open an unknown file extension.
Denies or allows
access to the Store application.If you enable this setting, access to the Store
application is denied. Access to the Store is required for installing app
updates. If you disable or don’t configure this setting, access to the Store
application is allowed.
GPO:
Computer Configuration\Administrative
Templates\Windows Components\Store
or
User Configuration\Administrative
Templates\Windows
Components\Store
Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore
RemoveWindowsStore REG_DWORD
or
HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsStore
RemoveWindowsStore REG_DWORD
App Updates: If
configured in the computer context, it turns off app updates
Blocks the
Microsoft Store app, with the following message
Denies access to
the retail catalog in the Windows Store app, but displays the private store. If
you enable this setting, users will not be able to view the retail catalog in
the Windows Store app, but they will be able to view apps in the private store.
If you disable or don’t configure this setting, users can access the retail
catalog in the Windows Store app
GPO:
Computer Configuration\Administrative
Templates\Windows Components\Store
or
User Configuration\Administrative
Templates\Windows
Components\Store
Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore
RequirePrivateStoreOnly REG_DWORD
or
HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsStore
RequirePrivateStoreOnly REG_DWORD
App Updates: not
affected
Users will only be
presented with the Apps you have added into the Store for Business
Disable turns off
the launch of all apps from the Windows Store that came pre-installed or were
downloaded. Apps will not be updated. Your Store will also be disabled. Enable
turns all of it back on. This setting applies only to Enterprise and Education
editions of Windows.
GPO:
Computer Configuration\Administrative Templates\Windows
Components\Store
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore
DisableStoreApps REG_DWORD (Note: disable = 1 = apps
disabled)
App Updates: not affected
Apps cannot be
started and you will be presented witht this message
Note:
Does include Calculator, Maps, Photos, Camera, etc. Does not affect
Edge.
Enables or disables
the automatic download and installation of app updates. If you enable this
setting, the automatic download and installation of app updates is turned off.
If you disable this setting, the automatic download and installation of app
updates is turned on. If you don’t configure this setting, the automatic
download and installation of app updates is determined by a registry setting
that the user can change using Settings in the Windows
Store.
GPO:
Computer Configuration\Administrative Templates\Windows
Components\Store
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore
AutoDownload REG_DWORD (NB: enable = 2 = apps will not be updated, disable
= 4 = app will be automatically updated)
App Update: Yes and
No, Keyword here is automatic, the “Get Updates” button in the store app will
not be disabled.
Automatic App
updates can be locked to be on or off, again „Get Updates“ in the Download and
Updates Menu would still download and update apps
Werbung für meine super tolle Ehefrau Mrs.Dunistyle – Einfach mal vorbei schauen und tolle Produkte einkaufen.
Es lohnt Sich auf alle Fälle.
Auf der jährlichen Entwicklerkonferenz Microsoft Build (#MSBuild) hat Microsoft heute neue Technologien vorgestellt, mit denen Entwickler noch leichter intelligente, kollaborative Lösungen erstellen können. Dazu gehören KI-Funktionen in Microsoft 365 sowie plattformübergreifende Dienste für bessere Zusammenarbeit und höhere Produktivität. Zusätzlich hat das Unternehmen neue Open-Source-Technologien und Entwicklertools in Azure und Windows angekündigt.
Neuerungen für Microsoft Edge
Mehr Informationen zu den heutigen Neuigkeiten rund um Microsoft 365 sowie Details zu den Entwicklertools aus Windows, Office und Microsoft Teams gibt es hier. Entwicklertools für intelligente Apps in Cloud- und Edge-Szenarien
Außerdem hat Microsoft angekündigt, dass Q# Compiler und Simulatoren als Open Source verfügbar sind, Azure Active Directory (Azure AD) in GitHub integriert wird und die neue Hyperscale (Citus)-Option in Azure Database für PostgreSQL in Azure SQL Database Hyperscale integriert wird. |
Microsoft-Patchday: Updates legen Windows lahm – t3n