Month: October 2018

Nice to Know – Defender Sandbox

So another step in the right direction for Windows Defender, it can now run in sandboxed mode. For now you have to turn it on but in the future that will be default.

If you want to read more about the release of this check out the cloudblog from MS here https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/?fbclid=IwAR1BX92wvaqmse7bgucQtPbi_Si6XY1cMfIec9JW1XttX-4wqttIU39mokM

So lets assume you also run ConfigMgr, now this is where its gets intreseting. We can then use a CI to track if it has been turned on!

This is done using a very simple detection script.

image

Here is the small code snippet used to track compliance.

if ($env:MP_FORCE_USE_SANDBOX -eq 1) {
  return $true
}
else {
  return $false
}

Now two things remain, set the data type to boolean and as compliance set to “True”.

All set to measure this. Of course a simple script or package can now be used to force the setting of this, just remeber that its only supported on Windows 10 1703 and later and will require a reboot before taking effect.

Happy deploymnet!

/Peter

Windows Server 2019 Server Manager

We all like the new admin center, right? But logging on to a new shiny Windows Server 2019 and getting a popup saying “hey you know about Windows Admin Center” thats not my idea of nice server management. Pops ups should be killed with fire! So when I first saw the box below well that got me thinking, how do we get rid of it before I even log on?

image

Answer to this is simple, this is controlled by a registry value and as such subject to the power of group policy preferences. Create a new GPO and create a new registry item following these settings

Hive: HKEY_LOCAL_MACHINE
Key Path: SOFTWARE\Microsoft\ServerManager
Value name: DoNotPopWACConsoleAtSMLaunch
Value type: REG_DWORD
Value data: 00000001

image

Now hit ok and then link the policy to you server OU/OUs. Done, no more annoying popup!

/Peter