Analysing BSOD Memory Dumps

Oh no! If you are able to catch it in action it might tell you the driver at fault, but how often do you get to see a reported BSOD in action?

We had re-imaged all devices to Win 10 Edu 2004, after testing everything worked in a couple of rooms. All good, then the first day with teachers back and we get multiple calls about computers crashing with BSOD while the interactive whiteboards are being used.

Whilst the user reported multiple crashes, when I went in person I wasn’t able to cause it to crash so couldn’t just look at the “What failed” bit on the Win 10 BSOD screen.

A quick look at the system event log on one of the computers in question shows nothing useful – just “the computer has rebooted from a bugcheck”. You can get the error code here too but no pointer as to what actually caused this.

In my case, the error was 0xA which we can look up here to see it’s the dreaded IRQL_NOT_LESS_OR_EQUAL which is something to do with drivers and memory. Continue reading “Analysing BSOD Memory Dumps”

Deploying Apps from the Windows Store

There’s a lot of apps in the Windows Store, and one of the best bits about them is we don’t have to worry about managing their updates. Luckily we can deploy these through MEMCM and it is fairly easy to do.

You will need a subscription which creates an Azure tenancy (e.g. Office 365) to link MEMCM with the Microsoft Store for Business (or Microsoft Store for Education) – the Business and Education versions are pretty much the same just with different phrasing in places. Continue reading “Deploying Apps from the Windows Store”

Edge Chromium (almost) perfect configuration

The only prompt on browser launch is to sync or not.

So I’ve been trying to get the new Edge to open, sign in automatically with the current user’s Azure AD credentials and then turn on sync, without any screens to click through or anything like that.

I’ve got about as close as is possible – user opens the browser, it signs them in and asks if they want to sync or not.

To get this to work we have the UserPrincipalName of all our accounts identical to the Office 365 primary email address (and sign-in name). The devices are all hybrid Azure AD domain joined (see here if you thought you couldn’t set this up as it wants a forest level SCP) Continue reading “Edge Chromium (almost) perfect configuration”

Hybrid Azure AD Domain Join Without an SCP

The standard method to configure hybrid domain join is to open up Azure AD Connector and follow the wizard. However this isn’t suitable for every environment – for a start it needs to write forest-level configuration data, create a Service Connection Point (SCP), and if you want to link multiple tenancies to a single AD forest you’re in for a hard time.

Luckily we can hybrid join with some registry settings on the client devices, and don’t need to set up an SCP. Here’s how I’ve managed it on my network.

Continue reading “Hybrid Azure AD Domain Join Without an SCP”

Enabling BitLocker with MEMCM

Enable BitLocker to protect your data in case of device theft.

MEMCM comes with a Bitlocker Management section (under Endpoint Protection), however as far as I can tell this just allows you to set the Bitlocker policy but not force drives to be encrypted – at least I couldn’t get it to do anything on devices it claimed were compliant.

I’ve got an OS deployment task sequence which installs Windows, and has a few BitLocker steps – however I forgot to set a variable telling it to use the TPM chips without additional PIN/password/keys for Bitlocker – so my computers built without Bitlocker being enabled.

Not wanting to go through the build process again for all these devices, I decided to push it out to existing devices through MEMCM. Continue reading “Enabling BitLocker with MEMCM”

Wake on LAN revisited

If only it were as simple as a BIOS setting any more!

A couple of years ago I wrote about the pain of getting Wake on LAN to work on HP switches. While this got some of my machines to work, there was still quite a large proportion (about 60%) that weren’t playing ball.

I’ve finally had a bit of time to look into this, so here’s everything I’ve gone through to get a lot more of the PCs powering up on command. Of course there will always be some PCs which just refuse to work (we have some Gigabyte H81M based machines where they just don’t Wake on LAN – whatever you do the LAN link drops when the power is turned off), and some older H61M based machines that are a bit hit and miss. Continue reading “Wake on LAN revisited”

Environment variables

Environment variables are really useful when doing scripts, folder redirection or GPP items

As I’ve been configuring a bit of folder redirection in group policies, I often forget what environment variables there are (there’s a lot more than you ever realise!) So I thought I’d list some environment variables that may be useful when editing GPOs or registry settings, and what they resolve to by default (assuming I’m logged in to the domain contoso.com as CONTOSO\Katy from contoso-wk-1), with my home drive set to map N: to \\file.contoso.com\users\katy

You can view the full list of environment variables for the currently logged on user on your system by opening a command prompt and running “set”. You can also see them by going into System Properties -> Advanced -> Environment Variables however this will show you the variables in the SYSTEM context, i.e. %USERNAME% will show as SYSTEM. Continue reading “Environment variables”

Automated shutdown of devices

Scheduled Tasks to shutdown pushed out through Group Policy Preferences

In a drive to reduce power usage, I’ve tried a few times over the years at a way to shutdown computers but not if they are in use. I’ve tried using scheduled tasks set to only run when idle – in reality this doesn’t really work as we tend to have quite a lot of mice that move ever so slightly on their own, so the PCs never think they are idle. Even wrote a client/server application where the client reports when someone logs on, logs off, or switches user and when prompted to shutdown by the server, the client asks the logged on user if they want to go a head or cancel. This worked fine for a while but when we updated to Windows 10 it stopped working and needed a lot of time spent on working out what had changed. So I moved away from that method. Continue reading “Automated shutdown of devices”

Locking down the Win+X menu

The WinX menu displayed for teachers and pupils

Whilst the Win+X menu is really useful for sys admins, there’s quite a lot of items on there that I’d rather not have pupils clicking on (even if they’d not get anywhere due to not having access rights). It’s possible to customise this menu and remove items you don’t want from it.

The shortcuts are stored (per user) in %LOCALAPPDATA%\Microsoft\Windows\WinX in three folders – Group1, Group2 and Group3. I don’t think it’s possible to add custom shortcuts however deleting them will remove the corresponding item from the WinX menu. Continue reading “Locking down the Win+X menu”

Deploying the new Edge (Edgium!)

Microsoft Edge (based on Chromium)’s shiny new logo

I’ve been following the new Edge browser for a while, using the Dev version as my main browser for almost a year now. Now that it’s been released I want to update my network to replace the old Edge with the new one – which I call Edgium. What better way to do this than using the built in Edge management section which appeared recently when I updated my¬† MEMCM installation?

If you’re just looking for Edge MSI installer it’s available from https://www.microsoft.com/en-us/edge/business/download however we don’t need this if doing the deployment through MEMCM. Continue reading “Deploying the new Edge (Edgium!)”