Benefits of Using Microsoft FastTrack

Benefits of Using Microsoft FastTrack

Cloud technology has grown significantly in importance in recent years. Not only has the technology brought great convenience but it’s also available to everyone. From Fortune 500 companies to small startup businesses, there are options for everyone. As is often the case, the challenge comes with making the change to using cloud resources. Lack of knowledge and a fear of the unknown can make a lot of people hesitant. Consequently, making that transition can be very challenging. And so to deal with this issue, Microsoft offers us FastTrack. It’s a solution that will help clients to deploy Microsoft cloud solutions. There are some great benefits that come with that and we shall be going over them below.   

Get expert guidance

Microsoft FastTrack is a service that helps clients onboard Microsoft Cloud solutions. It also helps to drive user adoption. So who exactly is doing the assisting? Microsoft has FastTrack specialists who are responsible for your overall onboarding experience. Because of the very different situations that clients may need to deal with, FastTrack provides you with several specialists for specific topics. Therefore, you’ll have the necessary expertise for your particular situation. Included among these specialists are Microsoft personnel, vendors, and approved partners. Specialists will help you with: recommended onboarding processes and guidance, understanding key success adoption factors, conducting technical workshops and providing specific guidance, as well as serving as subject matter experts on various technologies.

Solve compatibility issues

New products can at times come with compatibility problems. As well as the frustrations that would cause, it’s likely to affect business operations. Fortunately, with FastTrack, there are specialists on hand to provide the necessary guidance when you are facing such issues. All you need to do is complete the App Assure service request. In addition, partners can also process these requests for their clients. By enabling this feature, FastTrack offers clients even greater convenience. Remediation assistance is available for apps deployed on Windows 10, Microsoft 365 Apps, the new Microsoft Edge, and Windows Virtual Desktop.  

Plan ahead

The transition to using cloud resources is a process that involves plenty of stages. And if you don’t plan adequately, a lot can go wrong. FastTrack deals with this during the envisioning phase. Here you get to go over all the details of what needs to be done before setting the plan in motion. This is something that you can discuss with your Microsoft partner and thus work out a comprehensive plan that caters to your vision. Microsoft also provides optimization and feedback assistance to make sure that all your goals are met. Instead of just plowing ahead and potentially falling into issues later on, the envisioning phase gives you the confidence to transition without fear.

Data migration

Data migration can be a labor-intensive and tedious task to carry out. In other words, it costs a lot of time and money. With FastTrack, you will get help with migrating the mail and file data in your source environments to Office 365. Although, for Office 365 tenants with 150 to 499 licenses, you still need to perform the data migration yourself. However, FastTrack provides the necessary guidance to help you carry out the process.  As a result, clients get to benefit from a smooth data migration process that makes the transition extremely efficient.

Drive user adoption

People don’t always welcome new technology with open arms. Regardless of how brilliant certain solutions may be, it’s equally important to get people on board. So instead of just accelerating deployment, FastTrack also plays a crucial role in increasing user adoption. By increasing awareness among end-users, FastTrack can help them to appreciate the solutions on offer. In addition, the end-users can also receive training to prepare them for all the various cloud solutions they will use. That way, FastTrack can drive user adoption and thus ensure that your investment is well worth it.     

Cost-free assistance

FastTrack has a lot of advantages for companies and the fact that you get it for free is massive. Of course, this is for clients who have already purchased an eligible plan. These include plans under Microsoft 365, Office 365, Enterprise Mobility + Security, and OneDrive for Business among others. Because Microsoft tries to cater to everyone, the plans can cover individual products or a suite of products. So you get FastTrack services with a new or existing subscription. Clients will receive great assistance to enable them to take full advantage of their purchases.  And getting that help at no extra cost makes it even better.

Availability

As some people would say, the internet makes the world one global village. Thus services like FastTrack need to be easily available across borders. Microsoft addresses that need by availing FastTrack in all markets. It offers remote assistance in several languages namely: Chinese Simplified (Mandarin dialect), Chinese Traditional (Mandarin dialect), English, French, German, Italian, Japanese, Korean, Portuguese (Brazilian), Spanish, Thai, and Vietnamese. Furthermore, FastTrack.microsoft.com is also available in the 12 languages above plus 15 others. This availability means great things for businesses all across the globe. Not only will it improve efficiency but it increases the appeal of the product even more.

Keeping up with technology

Technology is constantly evolving and keeping up with all the developments can be challenging. Especially when it comes to transitioning to the cloud. This can be a very daunting task for most businesses. Needless to say, Microsoft FastTrack is a solution that businesses can benefit immensely from. Being able to migrate rapidly, effectively, and securely is fantastic for all parties. Any time you need assistance with deployment and enhancing adoption, you’ll have a specialist ready to assist. The expertise on offer and the simplicity of the process makes keeping up with technology a lot easier. With the use of best practices in your business, success becomes the expectation.

List Packages that run in user context (Run with user’s rights)

Introduction

After last weeks post with the script sample to list Packages that run in user context, there where some good feedback from people still using packages, and requiring a list of packages that install within the user context (Run with user’s rights / Execution mode as user)

It seemed that many was still using Packages, either as a result of legacy migration or to avoid some application re-packaging.

So here is the followup post, with a new script to list all packages and package with programs that run in user context.

From my point of view, its still the same; Using PSADT pretty much any package can be converted to be installed as system, and the needed stuff (registry keys, files etc) in the user context can be added in a structured and controlled way.

I do still come across some applications that i would prefer to have in MSI with all settings etc added, at least for simplicity, for those packages I still prefer to use Advanced Installer.
When talking Advanced Installer, they also have a great support for MSIX, that makes to process so much easier and cost efficient.

This script will list all packages with programs, that is configured to install as user (within the user context)

All you need to do is configure the path to your import module and set the site code.

A file will be created in “C:\TEMP\Packages_and_Programs_Run_Mode_List.csv” with the following format:

“Package Name”,”Package ID”,”Program Name”,”Run with USER’s right”
“My Application”,”BB10001D”,”execute”,”TRUE

With the example above we have a package ‘My Application’ that has a run mode configured: Run with user’s rights

Properties on the program, where the program run enviroment is configured to Run with Users’s rights


Download the script from TechNet Galleryhttps://gallery.technet.microsoft.com/Generate-a-list-of-d8778d4c?redir=0



MSiX Insider Preview Build 1.2019.402.0

Yet another release of the MSIX Packaging tool (1904) is nearing general public release.

Here is the list of features and fixes

  1. Ability to convert on a remote machine.
    1. We talked about that earlier here
  2. Improved management experience in package editor.
    1. Auto versioning recommendations when saving in package editor.
    2. Now supports existing folder addition to package in VFS.
  3. User can specify known valid exit codes for CLI conversions.
  4. Added the ability to time stamp your signed package in all of the workflows where signing is currently available.
    1. You can specify your default time stamp URL and type of time stamp server in the tool Settings page.
  5. Updated AppID generation logic, and added additional validation fro package name and app.
  6. Bug fixes and performance improvements

The detailed history for the app release can be found here


Cleaning up shortcuts

So the issue at hand;
I was replacing a Office application on Windows systems, where i noticed that shortcuts created by the users, was not upgraded/removed when the new office version was installed.

The issue seems to be related to users creating custom shortcuts, directly to exe files.
I some cases the shortcut name was clear, but in other cases the users had chosen something they found fit.

The following PowerShell script was created to remove shortcuts (lnk files) based on the executable. This means you can specific the exe or use a wildcard if there is multiple executable files releated to an application.

$ShortcutLocations = Get-ChildItem -Recurse (“C:\Users”,”C:\ProgramData\Microsoft\Windows\Start Menu”) -Include *.lnk -Force -ErrorAction SilentlyContinue

########
# This script searches for all *.lnk files to "C:\Program files (x86)\App\My Application.exe" or "C:\Program Files\App\My Application.exe"
# It searches in C:\users\* profiles paths, including Users Desktops, %AppData%\Microsoft\Internet Explorer\Quick Launch and in ProgramData...StartMenu
# The name of the link file can have many different names, therefore we must find each shortcut based on path to target exectuable and not on lnk name.
# Then the lnk file must be deleted.
#
# The script should be run with admin rights, otherwise shortcuts will only be deleted for the user running the script.
########

### Specify shortcut's target executable here.
$AppExecutable = "C:\Program files*\Microsoft Office\Office15\*.exe"
# * Due to mask it contains "Program files" and "Program files (x86)" paths both.
###

### Paths to browse and search for shortcuts.
$ShortcutLocations = Get-ChildItem -Recurse ("C:\Users","C:\ProgramData\Microsoft\Windows\Start Menu") -Include *.lnk -Force -ErrorAction SilentlyContinue
# * -Recurse = Includes all subdirectories.
###


### Get properties for shortcuts in the locations

Function Get-ShortcutsProperties {
$Shell = New-Object -ComObject WScript.Shell 
Foreach ($Shortcut in $ShortcutLocations)
{
$Properties = @{
ShortcutName = $Shortcut.Name;
ShortcutFullName = $Shortcut.FullName;
ShortcutLocation = $shortcut.DirectoryName
ShortcutTarget = $Shell.CreateShortcut($Shortcut).targetpath
}
New-Object PSObject -Property $Properties
}
[Runtime.InteropServices.Marshal]::ReleaseComObject($Shell) | Out-Null
}
###

$ShortcutsList = Get-ShortcutsProperties

### Compare shortcut's target path with $AppExecutable and delete it in case of corresponding one
Foreach ($item in $ShortcutsList) {

if ($item.ShortcutTarget -like $AppExecutable) {

Remove-Item -Path $item.ShortcutFullName -Force -ErrorAction SilentlyContinue
 }
}
######## End of the script

Download the PowersShell Script here: DeleteApplicationShortcuts

MSiX – Remote machine conversions

The MSiX Packaging Tool (1.2019.226.0) Preview now has the ability to connect to a remote machine, where you can run the conversion.
This is great news, and solves the normal issue with contamination on “non-sanitised” machines.

I have always preferred to do my packaging and re-packaging on Hyper-V Virtual Machines
This gives a total control and clean enviroment, with easy ability to get back to a controlled point of reference, using checkpoints.

Getting started with remote machine conversions? Fear not! It is quite simple to get started.

– PowerShell remoting must be enabled for secure access to the remote machine.
– You must be logged on with administrative privileges on the machine.

To enable PowersShell remoting on the machine, run the following command in an elevated PowerShell prompt: Enable-PSRemoting -Force -SkipNetworkProfileCheck

If network/firewall restrictions are in place, remember to allow inbound traffic on port 1599 (MSiX Packaging Tool default port, it can be changed with the settings tab)

If you are connecting using a non-domain joined machine, you must use a certificate to connect over https.
To enable PowerShell remoting and allowing WinRM over https run the following commands in an elevated PowerShell prompt

Enable-PSRemoting -Force -SkipNetworkProfileCheck

New-NetFirewallRule -Name "Allow WinRM HTTPS" -DisplayName "WinRM HTTPS" -Enabled True -Profile Any -Action Allow -Direction Inbound -LocalPort 5986 -Protocol TCP

To generate a self-signed certificate, configure WinRM secure configuration and export the certificate, you can run this script: (or download: GenerateSelfsignedWinRMHTTPS)

$thumbprint = (New-SelfSignedCertificate -DnsName $env:COMPUTERNAME -CertStoreLocation Cert:\LocalMachine\My -KeyExportPolicy NonExportable).Thumbprint
$command = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=""$env:computername"";CertificateThumbprint=""$thumbprint""}"
cmd.exe /C $command
Export-Certificate -Cert Cert:\LocalMachine\My\$thumbprint -FilePath <path_to_cer_file>

On your locale Machine, copy the exported certificate and install it into the Trusted Root Store.
It can be imported with the following command: Import-Certificate -FilePath <path> -CertStoreLocation Cert:\LocalMachine\Root





Windows 10 Registry tweak to disable Microsoft Edge Icon for MDT or ConfigMgr

The icon for Microsoft Edge is now placed by default in every user profile.
It is not placed in Public Desktop, but created for each user at logon (DOH!)

Thank god there is way to stop this behavior.

You can simple add the following registry key:
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
Value: DisableEdgeDesktopShortcutCreation
Data: 1
Type: REG_DWORD

If your using MDT (Microsoft Deployment Toolkit) or ConfigMgr (System Center Configuration Manager)
You can add the following oneliner task sequence step, to stop the creation of the Microsoft Edge icon.
Commandline: reg.exe add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer /v DisableEdgeDesktopShortcutCreation /t REG_DWORD /d 1

In case your wondering what i have in the steps to disable Cortana, let me share them:

Registry tweaks for Build and Capture or Windows 10 Deployment task sequences

Disable Cortana Voice:
reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v DisableVoice /t REG_DWORD /d 1

Disable Cortana Search:
reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search” /v “AllowCortana” /t REG_DWORD /d 0 /f

Disable Cortana Search Box:
reg add “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search” /v “SearchboxTaskbarMode” /t REG_DWORD /d 0 /f

Smart Card device integration into Windows 10

All the joys of Windows 10….. now on 1709

Last week after upgrading Windows 10, I came a cross this nice new integration for Smart Cards. (tokens)

 

 

 

 

 

 

 

Windows 10 new has support for eTokens (SafeNet Tokens)
I was very pleased with this update, it will save me yet another application to install.
I’ve been using the SafeNet Application from Gemalto and it has served me well for several years. So time for a changes, the integrated Smart Card application in Windows 10 works perfect for me.

I am using the following it with:

and my tokens? I ALWAYS use digicert for codesigning certificates:)

ps. A new version of Access Director Enterprise is on its way, signed and released to web.

Stay tuned!

Bad Rabbit Ransomware

A new ransomware has seen the light.

Bad Rabbit ransomware is currently roaming Eastern European countries.

Bad Rabbit is mainly delivered using a fake Flash Update.
This means we a looking a regular drive-by-attack and fake updates/malicious software from websites to get it started.

Secure you clients now!
1. Blacklist the hashes
2. Block the files
3. Lock the registry entries.
4. Remove your local administrative privileges, if you can’t? Limit them and monitor using: Access Director Enterprise

Bad Rabbit IOCs:

Hashes:

install_flash_player.exe: 630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da
infpub.dat: 579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648
cscc.dat (dcrypt.sys): 0b2f863f4119dc88a22cc97c0a136c88a0127cb026751303b045f7322a8972f6 
dispci.exe: 8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93

Files:

C:\Windows\infpub.dat
C:\Windows\System32\Tasks\drogon
C:\Windows\System32\Tasks\rhaegal
C:\Windows\cscc.dat
C:\Windows\dispci.exe

Registry entries:

HKLM\SYSTEM\CurrentControlSet\services\cscc
HKLM\SYSTEM\CurrentControlSet\services\cscc\Type	1
HKLM\SYSTEM\CurrentControlSet\services\cscc\Start	0
HKLM\SYSTEM\CurrentControlSet\services\cscc\ErrorControl	3
HKLM\SYSTEM\CurrentControlSet\services\cscc\ImagePath	cscc.dat
HKLM\SYSTEM\CurrentControlSet\services\cscc\DisplayName	Windows Client Side Caching DDriver
HKLM\SYSTEM\CurrentControlSet\services\cscc\Group	Filter
HKLM\SYSTEM\CurrentControlSet\services\cscc\DependOnService	FltMgr
HKLM\SYSTEM\CurrentControlSet\services\cscc\WOW64	1

Network Activity:

Local & Remote SMB Traffic on ports 137, 139, 445
caforssztxqzf2nm.onion

Files extensions targeted for encryption:

.3ds .7z .accdb .ai .asm .asp .aspx .avhd .back .bak .bmp .brw .c .cab .cc .cer .cfg .conf .cpp .crt .cs .ctl .cxx .dbf .der .dib .disk .djvu .doc .docx .dwg .eml .fdb .gz .h .hdd .hpp .hxx .iso .java .jfif .jpe .jpeg .jpg .js .kdbx .key .mail .mdb .msg .nrg .odc .odf .odg .odi .odm .odp .ods .odt .ora .ost .ova .ovf .p12 .p7b .p7c .pdf .pem .pfx .php .pmf .png .ppt .pptx .ps1 .pst .pvi .py .pyc .pyw .qcow .qcow2 .rar .rb .rtf .scm .sln .sql .tar .tib .tif .tiff .vb .vbox .vbs .vcb .vdi .vfd .vhd .vhdx .vmc .vmdk .vmsd .vmtm .vmx .vsdx .vsv .work .xls .xlsx .xml .xvd .zip

 

Enrique Lima Community Contribution Award – Submissions open until July 30, 2017

Submitting Nominations: If you know someone who is deserving of this Award, please send an email to mctaward@microsoft.com and please cover the following criteria in your message:

  • Active MCT or MCT Alumni
  • Is the person actively teaching Microsoft technologies? How often?
  • Active in the MCT community
  • Demonstrates enthusiasm and a positive attitude with regards to the program and the community
  • Demonstrates passion for mentoring new and existing MCTs as well as others in the technical community
  • Willingness to volunteer within and outside of the MCT community. Examples could include the following:
    • Volunteering at a school for Hour of Code
    • Local code camps, user groups
    • Regional events
    • Large events, like Ignite and Build, Envision and WPC
    • Online engagements (blogs, forums, etc.)

About the Award:

The Enrique Lima Award is designed to recognize and celebrate the outstanding work of Microsoft Certified Trainers in the MCT Community, being awarded to only those who show knowledge, passion, and commitment to the Microsoft community as a whole, and specifically to the MCT program. This Award was established in memory of Enrique Lima; a husband, a father of two, a Microsoft Certified Trainer (MCT) and Regional Lead, Microsoft Valued Professional (MVP), Krewe member , SharePoint Community leader, and member of the Learn on Demand Systems (LODS) team.  Enrique always went above and beyond what was expected, building up both local, regional and international communities and everyday showed us all what the spirit of the MCT community was all about