Cloud, humor, Personal, Scripting, Technology, Uncategorized, windows

Skattered Thoughts – Episode 4

5 Questions about: MMS MOA 2022

(1) “My employer won’t pay for me to attend. What should I do?”

Quit! You don’t need that stinking employer anyway. Your future is worth more than they’re willing to invest. Find someone willing to invest in you, or do a bikini carwash.

(2) “I don’t like imaging computers. Why should I go?”

Silly nerd. There’s more to nerd life, and MMS, than imaging machines. Scripting. Automation. Cloud stuff. More Automation. Security stuff. Scripting Stuff. Stuff stuff. Even beer stuff. It’s all here! You’ll see people demonstrating some of the craziest nerd stuff ever. And some sessions on imaging too.

(3) “Where is Mall of America?”

It’s Mall that’s in America. More specifically, in the Minnesota area.”

(4) “Will any cool people be there?”

All the cool people will be there. I’m not sure how I get accepted, but my grandkids think I’m cool, so I’ll go with that. Check out the list of the coolest presenters here!

(5) “What am I waiting for?!”

Yeah. What are you waiting for?! Register here!

Nerd Stuff

Microsoft made some significant announcements this week regarding MEM (mostly around Intune).

  • The new Remote Help feature is GA and cost is around $3.50 per user per month. Word has it that every user has to be licensed in order to use the service (not just administrators or help desk staff). Some are upset at the price, while others say it’s cheaper than the TeamViewer option.
  • I’m gonna party like it’s….

Buried deep inside the Windows 11 registry, you can still find nuggets of past treasure, buried like a dog hides a bone. Keys for “Skype”, “Netscape”, “Wordpad”, and “SkyDrive”, as well as “SoftGrid” and one of my personal favorite keys: HKLM:\SOFTWARE\Microsoft\Wow64\x86. Because WOW6432Node wasn’t good enough.

PowerShell Tune-Ups

Do you get frustrated with frequent errors/warnings when you run scripts? Quite often it’s from really simple things that can be addressed with very little change. Let’s take a look at a few examples.

Remove-AppxPackage -Package "fubar"

You can replace this with Remove-Item, Stop-Service, and so on. Basically, issuing a command to do something to a target that may not exist (or can’t be accessed). You’ll know because it throw more red on the screen than the last Rambo movie (towards the end when they invade his quiet, relaxing farm, and he goes on a butchering spree). Anyhow, a slightly cleaner approach would be to leverage the pipeline AND the ErrorAction parameter.

Get-AppxPackage -Package "fubar" -ErrorAction SilentlyContinue | Remove-AppxPackage

Now, this will make sure you can get the target item (i.e. AppxPackage named “fubar”), and only if it finds it, will it send it to Remove-AppxPackage to try to delete it. You may still get an error when trying to delete it (permissions, resource contention, etc.), so you could still wrap this in a try/catch block to handle that.

However…

This is all predicated on you not caring if the package/thing doesn’t exist. If you want to know that doesn’t exist (or is not accessible) that’s a different thing. There are quite a few ways to address this scenario, but one of the simplest is combining If/Else with ErrorAction.

if ($pkg = Get-AppxPackage -Package "fubar" -ErrorAction SilentlyContinue) {
  $pkg | Remove-AppxPackage
} else {
  Write-Output "Who names a package 'fubar' anyway?!"
}

Adding another teaspoon of code to address the possibility that the Remove-AppxPackage statement explodes for some reason…

if ($pkg = Get-AppxPackage -Package "fubar" -ErrorAction SilentlyContinue) {
  try {
    $pkg | Remove-AppxPackage -ErrorAction Stop
    Write-Output "phew! It actually worked!"
  }
  catch {
    Write-Output "Boom! $($_.Exception.Message -join ';')"
  }
} else {
  Write-Output "Who names a package 'fubar' anyway?!"
}

As I mentioned already, there are other ways to do something like this. Play around with it and see what you like best.

YouTube Surfing

Some recent (or recently discovered by me) clips and sessions worthy of watching:

Kim Oppalfens – Windows Defender Application Guard – on WPNinjas

Nico Kanakos – Setting Local Time Zone using PowerShell – RTPSUG / Mike’s son (so unfair, 11 yrs old, I feel even older now)

Microsoft Teams – Meeting Tips

If you’re still getting used to Microsoft Teams and conference calling, and maybe looking for some tips for making your conference calls more productive, fear not.

  • Remember to mute and unmute yourself every 2-3 minutes
  • When you want to stop sharing your screen, make sure to click the “leave” button instead
  • People love the echo effect. It reminds them of stadium movies like Rudy and The Replacements
  • Stop and ask “can you guys hear me?” every 30 seconds
  • Wait at least 3 minutes after sharing your screen before asking if anyone can see what you want them to see.
  • Ask half of the attendees to join using the web app, instead of the desktop app
  • Switch between tenants as often as possible. It’s like moving working loose a rusted bolt
  • When you dial in, give your name as “wanted fugitive
  • At a random time during a conference call, unmute while yelling at your dog/spouse/kids/neighbor/dishwasher/TV/ or call out to Alexa, Google or Siri, then go back on mute
  • Point your camera at your mid-section.
  • Sit uncomfortably close to the camera.
  • When someone is sharing an emotional story, come off of mute while laughing hysterically, then go back on mute

More YouTube Surfing

I go in and out of channel surfing, but these are some of the ones I visit most often. My tastes are weird, like me, but don’t be hatin’. If you like any of them, great. If you don’t, that’s great too.

Sade Day, not a Sad Day

One of the clients I did some work for had this thing they did on Tuesdays or Wednesdays, I forget which, where they expected everyone to pronounce every word with an interim “A” as “ar” and a trailing “A” like, well, “aye”, the same way Sade pronounces her name (spoiler, it’s “shar-day”).

So “I made some coffee” turned into “I mar-day some coffee” (they actually said “I mar-day sar-may car-fay“), and so on. It was a lot of fun. Staff meetings were actually kind of fun. Let me know how this works in your staff meetings?

Twilight Zone

Speaking of consulting gigs… Back in 2015, I was working with a client in the food processing industry. Obviously I can’t say their name or provide too many specifics, but they worked with pork and name began with an “S”. Their naming convention for tech stuff (networks, routers, DNS zones, machines, service accounts, blah blah blah) was “SF”+whatever. Pretty boring, yes.

A month later, I was sent to a different (US) state to work with yet another food processing client, who does chicken. Well, they don’t really “do” chicken, because that would be weird. Or maybe not, since I’m old and can’t keep up with social trends. But this client worked with processing of chicken products, and their name also began with an “S”, and their naming convention was also “SF”+whatever, and almost exactly parallel in so many respects, that I thought maybe someone was playing a joke on me.

For example, their IT department office layout was identical. Same Steelcase model cubes, and desks, arranged very similar. The only difference was the shape of the buildings and parking lots. As I said, I really thought I was being pranked. But I wasn’t. These just happened to be similar, and happened to be lined up in my work queue. If you eat anything with chicken or pork, you’re probably enjoying one of their products. In fact, I learned how many things come from those two animals that are vital to other industries which I never expected. Medical supplies, cosmetics, fabrics and textiles, and so on. And now you know.

Questions? Comments? Abusive hateful thoughts? Kind and loving thoughts? Leave a comment below.

I hope you have an awesome weekend! Remember, making someone else smile, makes you smile too.

BitBucket, Cloud, conferences, Devices, Personal, Scripting, Society, Technology, windows

Skattered Thoughts – Episode 3

Random Search History

My search phrases over the past week are like an exercise in how to confuse psychoanalysts:

  • Japanese toilets
  • Chysanthemums
  • What happened to Bryan Ferry?
  • 14 inch band saws
  • Outdoor solar lighting
  • 250 technical searches from Azure, m365, to PowerShell, REST, Terraform and Kusto
  • Ikea store hours
  • Dog harnesses for a 100lbs dog
  • Definition of egalitarian
  • Definition of tantamount
  • who is Ron DeSanitize guy?
  • ViveTool no longer enables explorer tabs windows 11
  • What happened to Fabio?
  • Estimate shingle roofing materials for barn roof
  • why does my OnePlus 9 Pro suck so bad?

Is Apple a Slowly-Crashing Airplane?

After watching a few product reviews and the Apple March Event review by Marques Brownlee (highly recommended, even if you don’t use Apple products), I had some discussions with my son, who is a big Apple fan. Not so much because of the name itself, but because he works in the music production world, and that’s heavily tied to Apple products.

During that discussion, a vision popped into my head that seems like a very good metaphor/analogy for how Apple seems to be performing over the past few years: In war movies, especially those from WWII era, there were often air battle scenes where one pilot would be talking with another pilot on their team, and suddenly the other pilot wouldn’t respond. Then pilot one would look over and see pilot two’s plane slowly veering off towards the ground/ocean, obviously due to the pilot (two) being no longer living. That’s what Apple seems like to me.

It’s mostly incremental changes now. Not even incremental innovation. The innovation once famous from Apple, as a whole, seems to be gone. I wonder if that’s really true, and if so, is it really tied to Jobs being gone, or is there a bigger issue? But regardless, to me at least, Apple seems to be a pilotless plane, slowly heading for an eventual bad ending. I don’t even use Apple products, but to me that would be a very bad thing. Their innovation is what pushed the entire industry, in fact, multiple industries, to push harder than they ever would have otherwise. Desktops, laptops, tablets, TV interfaces, and of course: phones.

Cool Stuff and Events

  • MMS MOA 2022 is coming like a freight train! May 2 to 5 at Mall of America. Get your tickets now!
    • I’m doing a session on ConfigMgr health check automation using Azure Automation and 2 sessions where I’m co-presenting. If you’re coming to MMS MOA tap me on the shoulder and say hello!
  • Chapter 9 of “Practical Automation with PowerShell” by Matthew Dowst, is out now!

Query Azure Automation Hybrid Worker Status

If you have more than a few hybrid workers, and want a quick view in Log Analytics of how they’re doing, here’s a Kusto query that might help. Special thanks to MVP Cameron Fuller (@cfuller) for showing me how to use summarize. For me, this comes in handy with a particular tenant that seems to have issues where one of their hybrid workers doesn’t report in because their IT folks like to shut down VM’s without asking who uses them (thinking about cost savings only).

Heartbeat 
| summarize arg_max(TimeGenerated, *) by Computer
| extend Elapsed = now() - TimeGenerated
| extend hours   = datetime_diff('hour', now(), TimeGenerated)
| extend seconds = datetime_diff('second', now(), TimeGenerated)
| extend minutes = datetime_diff('minute', now(), TimeGenerated)
| project Computer, TimeGenerated, Elapsed, hours, minutes, seconds
| order by Computer

Example output…

Time for a Date?

I was exploring some Date/Time calculations with PowerShell for a recent case I was working on. Just sharing a few snippets in case they’re helpful to anyone else. That’s not a typo below, “.value__” has 2 underscores at the end.

$StartOfWeek = (Get-Date).AddDays(-(Get-Date).DayOfWeek.value__)
$NextFriday = (Get-Date).Date.AddDays(5-(Get-Date).DayOfWeek.value__)
$DaysToXmas = (New-TimeSpan -Start (Get-Date) -End "12/25/$((Get-Date).Year)").Days
$DaysToIRS = (New-TimeSpan -Start (Get-Date) -End "4/15/$((Get-Date).Year)").Days

# Compare current time between two timezones using GridView selections

[array]$zones = Get-TimeZone -ListAvailable | Select Id,DisplayName | Out-GridView -Title "Select 2 Time Zones" -OutputMode Multiple
if ($zones.Count -eq 2) {
  $tz1 = Get-TimeZone -Id $zones[0].Id
  $tz2 = Get-TimeZone -Id $zones[1].Id

  $offset1 = $tz1.BaseUtcOffset
  $offset2 = $tz2.BaseUtcOffset

  $utc = [datetime]::UtcNow
  $time1 = (Get-Date $utc).AddHours($offset1.Hours)
  $time2 = (Get-Date $utc).AddHours($offset2.Hours)

  Write-Output "$(($zones[0].DisplayName).PadRight(42,'.')) $time1"
  Write-Output "$(($zones[1].DisplayName).PadRight(42,'.')) $time2"
} else {
  Write-Warning "you need to select 2 time zones"
}

Now I’ve got to get back to exam study. Until next time! (pardon the pun)

conferences, Scripting, Society, Technology, windows

Skattered Thoughts – Episode 2

Let’s see if anyone is still reading this.

Windows Terminal with Fries

If you’re like me (I seriously hope not), and you (A) love Windows Terminal, and (B) forget to right-click to launch it with “Run as administrator” more times than you’d like to admit, here’s one trick:

  1. Create a new desktop shortcut, and paste in your favorite wt.exe command line stuff. Click Next
  2. Enter a name for the shortcut. Click Finish
  3. Right-click on the new shortcut, and click Properties.
  4. Click Advanced, check the “Run as administrator” box, click OK, click OK again

For a nice added touch, go back into the shortcut properties, and click Change Icon and choose a real icon, rather than using that Walmart dumpster box clearance icon. Shell32 still has some decent icons to choose from. Screen shots taken below while inhaling coffee that was brewed way too strong.

There. Now every time you launch that new shortcut, UAC will pop up and punch you right in the face. It’s going to be a good day!

PowerShell Split-OU

I’ve had to split OU paths for various reasons many times, and decided to make a little wrapper function for it. I’m sure someone else has done this, but my Google kung fu matrix master jedi skills came up short. Anyhow, if you know of a better version of this idea elsewhere, please let me know? Otherwise, I hope this is helpful:

UPDATE: Added -Suffix and condition checks for when $Path starts with “OU=”

function Split-OU {
    [CmdletBinding()]
    [OutputType([string])]
    param (
        [parameter(Mandatory=$True)][ValidateNotNullOrEmpty()][string]$Path,
        [parameter(Mandatory=$False)][switch]$Leaf,
        [parameter(Mandatory=$False)][switch]$Suffix
    )
    if ($Suffix -ne $True) {
        if ($Leaf -ne $True) {
            if ($Path.IndexOf('OU=') -eq 0) {
                $Path.Substring($Path.Substring(3).IndexOf('OU=')+3)
            } elseif ($Path.IndexOf('OU=') -gt 0) {
                $Path.Substring($Path.IndexOf('OU='))
            } else {
                $($Path -split ',')[1..50] -join ','
            }
        } else {
            if ($Path.IndexOf('OU=') -eq 0) {
                $($Path -split ',OU=')[0]
            } elseif ($Path.IndexOf('OU=') -gt 0) {
                $($Path -split 'OU=')[0].Trim(',')
            } else {
                $($Path -split ',')[0]
            }
        }
    } else {
        if ($Leaf -ne $True) {
            $Path.Substring($Path.IndexOf(',DC=')+1)
        } else {
            $Path.Substring(0,$Path.IndexOf(',DC='))
        }
    }
}

Here are some test examples.

Again, if there’s a better option out there in the world, let me know? I’d rather use that than invent another wheel.

Random Memories – Microsoft Ignite 2017 (Atlanta)

In October 2016, I hadn’t been with my employer a full year yet, when they decided to send about 12 of us to the Microsoft Ignite conference in Atlanta. I remember lots of walking, meeting dozens of new friends, insane beer and food consumption, and trying to comprehend Andreas explaining BranchCache and BITS to us at 8:00 AM in the morning.

I remember thinking “This guy is amazing! Why are we all so hung over?“. It seemed like everyone in attendance was struggling, but we were (are) really fortunate that his session was recorded. I learned a ton of information from that over the following week or two.

On the last night of the conference, six of us tried to form an ad hoc Entourage-ish gang, and go adventure-seeking. Most of this “gang” were either old, or out of shape, okay both, so the mission ran out of steam after an hour. The guys pealed off gradually, and headed back to their hotels to crash. But for some reason, I still had a lot of energy at midnight, so I went on a walkabout through downtown Atlanta.

I didn’t realize until later that I had covered an area roughly from the GWCC to Central Park, and from Five Points to Tech Square. When I traveled more often, my favorite thing was to walk around and explore on foot, if possible.

Anyhow, I noticed how many of the North/South cross streets were poorly lit, like between the Aquarium and Central Park. I would discover later on that these poorly-lit streets had the highest rate of violent crime, particularly against idiots like me. Anyhow, each time I would emerge onto a street with lighting, I noticed more and more strange zombies slowly following me. Eventually, I out-walked most of them. As it turns out, heroin isn’t a performance-enhancing drug.

I was still over-dressed and toting a “Microsoft” backpack with a ton of lanyards and badges and buttons, look like a nerd version of Mardi Gras. The message I probably gave off: “Please beat me and rob me!“.

Sometime around 2 AM, I ended up talking to an elderly homeless guy (probably in his 40’s but looked like in his 70’s or 80’s). I don’t remember the details, but we covered topics from the concept of money to failed family relationships and weather. I offered him a vendor t-shirt from my backpack. Soon, another person approached, and I handed out another t-shirt. Then another, and so on.

I figured, well, I’m about to be murdered on the streets of Atlanta, at least I can distribute some good will and free advertisement.

The next day I headed back home. But, while standing in line waiting to be cavity-searched by TSA, I kept thinking of what it might look like driving around that area in the morning. Unconscious homeless people strewn about on park benches, sidewalks, alleys, wearing brightly colored vendor shirts and ball caps.

From the poorest laborers in the sweatshops of China and Vietnam, through the distribution channels of EU and US, to the booths on the expo floor at the Microsoft Ignite conference, ultimately onto the bodies of the poorest people of Atlanta. Hopefully, I was a value-add step in the process.

Pest Control Knocking

I may have found a bug in Azure AD audit logging. May have. Maybe. Possibly. Here’s the Twitter thread. Hopefully it can be fixed soon and with little effort. Basically, when modifying an Azure AD user to change their “usagelocation” property, the audit log doesn’t show any details. It just shows “Member”, which is kind of odd. What it should show (I think) are the old and new values, and who made the change. Or I’m completely wrong and ignorant. Stay tuned.

Controversial Thoughts: CI/CD

CI/CD, or Continuous Integration / Continuous Delivery (or “Deployment”, but feel free to pick your own “D” meaning), went from being the “buzz” to becoming an accepted daily thing. Many developers I’ve spoken with seem to believe it emerged around 2018, but is that really accurate? By the way, this isn’t really the focus of what I’m diving into here. More of a side note.

The CI/CD concept seems rational: release changes (implied: improvements) as they’re ready, not based on a periodic calendar table, as had been the norm for decades. But the practice of CI/CD dates much farther back, possibly to the beginnings of software development, and especially with regards to in-house development.

If you think back to many “in-house” projects from the 1980’s to even now, there was a lot of releasing going on that didn’t fall into a yearly/quarterly/monthly cadence. This is particularly more common in the early phases of a project, when feature changes and bug fixes more frequent.

Releasing things to the public, especially when a contract of some sort is involved, incurs a more rigorous set of controls. This is even more relevant when it comes to larger vendors. So, as far as I can tell, the idea of CI/CD is really only “new” to commercial and government/defense software; it’s been the “norm” for in-house projects since Grace Hopper gave birth to most of what most of us take for granted now.

I believe that the biggest problem with CI/CD is the implied “improvement” aspect. There seems to be a collective confusion about the definition of words today, and it applies to this word as well. According to Merriam-Webster’s dictionary, it means “an instance of such improvement something that enhances value or excellence” (2b). I would argue that patching a broken feature, fixing a “bug”, is not an improvement, but this is obviously semantics.

If you pay for a new house, after being sold on the presentation which clearly shows features you wanted, but then find out after moving in that many are not installed or finished, do you label the finishing of those incomplete features an “improvement”? Maybe. But when you’re in debt to the mortgager for $XXX,000 USD, I doubt you’re in a mood to call that as such.

“See? We improved your house by installing the front door you were expecting!”

With CI/CD, the term improvement appears to have a subtle new meaning. For example, which of these is more of an “improvement”?

A. Finishing the stated/promised capabilities of a recently-added feature.

B. Adding another new feature, knowing it will be incomplete for some time.

Many would argue A has a higher value. But vendors are influenced by budgets, which are influenced by revenue, which is influenced by sales, which is heavily influenced by impressing customers. They would argue B has a higher value.

For many technology vendors up until around 2010, the customers were often technical. Convincing them to buy new products meant selling them on capabilities being ready for production. Since then, the customer focus has shifted more to the decision-makers, or purchasers. Selling them on new products leans more on promised features than proving their immediate readiness. It’s more about vision, direction, strategy, and less on the short-term.

The net result is an endless gyration of new features which remain incomplete for longer than expected, while newer features are continuously added, which are also incomplete. Some of these new features remain incomplete for months or years. There are many examples of this, but you probably can think of a few.

But do I think that CI/CD is bad? No. The concept of CI/CD makes sense to me, but the practice of it isn’t what I’d hoped for. Software makes it generally less of a challenge to complete features after release than can be done with physical products. So there’s less concern/care about releasing unfinished software products and services than there was a few decades ago. We’ve traded speed for fit-and-finish.

In short: I think CI/CD, as practiced, means: Continuously Incomplete / Continuously Disrupting. But I also think it’s here to stay for a long time.

What do you think? Leave a comment below.

Cloud, Devices, Scripting, System Center, Technology, windows

Skattered Thoughts – Episode 1

I haven’t had many concise thoughts lately about things to complain about, so I thought I’d just share some semi-arranged meanderings of a quasi-organized set of “recent” experiences. If it works, great. If not, it’ll join a long list of composted material feeding stray animals somewhere.

Using PowerShell to Improve M365 License Descriptions

UPDATE 3/29/22 – The CSV file was updated on 3/23/22, so the previous URL is no longer valid. This will happen each time the file is updated/replaced by Microsoft. The URL in the code example below has been updated.

This came from a client request where we had already set up a daily report showing their various license counts, so they can start begging, oops, I mean, requesting purchase of more licenses to stay ahead of new hires. Getting purchases approved is super easy these days.

The interesting thing is that, as of today at least, the mapping of SKU data to descriptive names is maintained in a CSV file posted here. If you’re reading this later, and Microsoft moved the file, don’t hate me for the broken link. Anyhow, I ended up shoving it into a function to be a little easier to reuse. More information on M365 licensing service plans can be found here.

function Get-M365LicenseFriendlyName {
  [CmdletBinding()]
  [OutputType()]
  param (
    [parameter(Mandatory=$False)][string]$LicenseSku = ""
  )
  try {
    if ([string]::IsNullOrEmpty($LicenseSku)) { throw "LicenseSku was not provided" }
    [string]$url = "https://download.microsoft.com/download/e/3/e/e3e9faf2-f28b-490a-9ada-c6089a1fc5b0/Product%20names%20and%20service%20plan%20identifiers%20for%20licensing.csv"
    [string]$csvFile = "$env:TEMP\m365licensedata.csv"
    if (Test-Path $csvFile) {
      Remove-Item -Path $csvFile -Force | Out-Null
    }
    (New-Object system.net.webclient).DownloadFile($url, $csvFile) | Out-Null
    if (Test-Path $csvFile) {
      $csvData = Import-Csv -Path $csvFile -Encoding ASCII
      $result = $(($csvdata | Where-Object {$_.'String_ Id' -eq $LicenseSku} | Select-Object -ExpandProperty "Service_Plans_Included_Friendly_Names") -join ';')
      $result = $result -replace '\?', '-' # replace smart-hyphens with regular boring dumb hyphens that require special training and feeding
      Get-Item -Path $csvFile | Remove-Item -Force -ErrorAction SilentlyContinue | Out-Null
    } else {
      throw "Failed to download file to $csvFile"
    }
  }
  catch {
    $result = "error: $($_.Exception.Message -join ';')"
  }
  finally {
    $result
  }
}

Hopefully, the code example above is easy enough to follow. To use it, just pass in the SKU name, for example…

$FriendlyName = Get-M365LicenseFriendlyName -LicenseSku "AAD_PREMIUM"

The “friendly” name will often return as a list of subordinate, glued-together, micro-products, which collectively add up to a frightening bill, if you’re not careful. But I took a few extra minutes to provide an artisan-quality, hand-crafted, dove-tailed, smooth-finish concatenated result. So AAD_PREMIUM returns the following…

"AZURE ACTIVE DIRECTORY PREMIUM P1;CLOUD APP SECURITY DISCOVERY;EXCHANGE FOUNDATION;MICROSOFT AZURE MULTI-FACTOR AUTHENTICATION"

I’d rather they (yes, Microsoft) will merge this into Graph, so that makes it prettier to get. Maybe this script is helpful, maybe not.

Duct-Taping Azure AD Connect

I got a call today to take a look at why a client’s Azure AD Connect service had not been synchronizing to AzureAD for over a week. We got on a Teams call, joked about shitty weather, shitty applications, shitty contracts, shitty drivers in shitty traffic, and then got to work. I like this guy already.

We took a quick tour of the AADC sync settings, then the sync service UI, and then the connectors. Then popped open a cold PowerShell console and ran Get-ADSyncScheduler. It puked all over the screen something about the account being blocked by, guess what? MFA.

Turned out his colleague went into AzureAD, found the sync service account and beat it with a per-user MFA hammer. We removed the duct tape and set it free. 10 minutes later (because nothing in Azure is instantaneous) everything was fine.

The takeaway: Don’t put MFA on your AADC sync accounts.

New Tools

I bought a Ryobi 9-inch bandsaw recently. I’ll be tweeting pictures of whatever I build with it, as long as I don’t cut my fingers off.

Books / EBooks

Non-Physical Tools

Speaking of tools, but in a metaphysical ethereal quasi-abstract sense, there’s been some recent updates worth noting:

Online Events

Upcoming meetings and meet-ups…

Other Stuff

Until next time…

Devices, System Center, Technology, windows

Expert Guide to Microsoft January 2022 OOB Patches with WSUS and Configuration Manager

(because blog post title’s can never be long enough) Warning, snarky comments may border on NSFW.

If you’re one of those who worry about keeping Microsoft Windows devices up to date, you may have heard that the monthly patch release for January 2022 had some issues. The best explanation can be found in this video presentation, provided by the Microsoft Update Quality Assurance and Control Team.

Many administrators have been stressed out over how to get their organization’s computers updated quickly and efficiently. Well, you can relax now. I’ll show you how to deploy these Out-of-Band updates in just 12 easy steps.

Preparation

You will need to have the following in order to perform the steps required to make sense of this:

  • WSUS
  • A bunch of Windows computers you bitch about
  • Nothing better to do

Procedure

  1. Log onto the machine that hosts your Microsoft Defender for Non-Productivity, formerly known as WSUS. If you don’t have WSUS, skip to step 15.
  2. If your WSUS host machine is older than what Microsoft supports (without a paid extension), skip to step 16.
  3. Open the WSUS console and connect to your WSUS instance.
  4. Right-click on “Updates“, and click ‘Import Updates…”
  5. If you don’t have Microsoft Edge (Chromium version) or Google Chrome installed, you should be okay when it opens Internet Explorer. Although, you might think you’re having a bad dream and need to wake up, it’s actually nothing to worry about: It’s not like Microsoft has ever said users should be concerned with Internet Explorer. If this is you, skip to step 7. However, if you do have a “modern” web browser installed, the kind recommended by every security expert on planet Earth, you’ll only get options to “Download” rather than “Import“, which is less than satisfying. If this is you, please proceed to step 6.
  6. This step is for you unlucky folks with a modern browser, where the WSUS import option doesn’t typically open with Internet Explorer. To revert your machine back to an unsafe, insecure and non-recommended configuration, navigate to Settings > Apps > and change the default application for Web to Internet Explorer. Remember to set this back to your modern browser so your machine isn’t a blinking security hole to hackers, but you’ll have to do this again the next time OOB updates are needed. After you’ve emptied your bottle of whisky, proceed to step 7.
  7. This step is for those who either sorted out their nightmares with Internet Explorer, or didn’t need to. If you didn’t need to, it’s possible that your WSUS machine has already been compromised by Chinese or North Korean hackers. In the WSUS admin console, right-click on the “Updates” node in the left panel, and select “Import Updates”. Hopefully, your Internet Explorer browser opens to the Microsoft Update Catalog site, in all it’s 1990’s awesomeness. From here, you may want to work faster, to complete the task before the server is converted into a Bitcoin mining bot.
  8. Enter the KB number in that big search box, for example KB5010794, and click Search.
  9. Select the updates you wish to import by clicking “Add” next to each one. Note the incrementing number next to “view basket” at the upper right. You kids have no idea how much code was required to make that thing increment numbers back in 1982.
  10. When you’re done searching and adding updates, click the “view basket” link at the upper right. This opens the “basket” (today it would be called Microsoft Defender for Shopping)
  11. Make sure the checkbox “Import directly into Windows Server Update Services” is checked (I figured you knew that, but just making sure), then click the blue “Import” button, and wait for all the “Wait” indicators to turn over to “Done“. It’s like watching cookies bake.
  12. Now you can find and approve the updates in WSUS (or ConfigMgr) and go back to sleep.

UPDATE 1/19/21 – Suggestion from Mick Talbot…

That’s it! You’ve imported out-of-band updates to deploy out-of-band in your environment. What could possibly go wrong? Enjoy these gluten-free screen captures at no extra charge, and thanks for stopping by!

The End (until next time)

Uncategorized

When Unstoppable Optimism meets Immovable Stupidity

Side note: I started working on this in September 2021, but got sidetracked by some unexpected things. Hopefully it was worth the wait. If this sucks, head over to Reddit and dive in for more fun.

Every science fiction movie I’ve seen tends to paint the future as either a Utopian dream, or a post-Armageddon shithole. Travel is free, fast, and unbounded (except to the enemy territories). Communication is fast, real-time, and holographic. Or… It’s a perpetual rainy night, with homeless people huddling under soggy boxes in rat-infested alleys, while man-hunting robots lurk overhead.

Regardless of whether it’s happy or depressing, they almost always depict a universe in which all of the other mindlessly stupid ritual of “today” are a thing of the distant past. Humans have somehow magically fixed all the idiocy from centuries of repetition. I call bullshit.

If even one human is part of the future, human stupidity is required by law. And I guarantee that even CRISPR can’t help with that. That means things like contracts, terms of use, binding arbitration clauses, limited warranties, early termination fees (ETFs), subscriptions, and licensing, will likely persist well into the very end of human existence. Not a single sci-fi movie I’ve seen incorporates this crap into their plot, except for maybe Idiocracy.

Where are all the scenes of people standing in long lines for Black Friday sales? Or the scenes of people getting into fist fights in check-out lines at Walmart (or whatever replaces them by 2090), along with a dozen bystanders streaming the video feed to social media? Or the scenes of angry neighbors ignoring each other while wheeling out their trash cans? All the wonderful annoyances we enjoy today, and have for many years. It’s as if society has corrected all these human problems, and replaced them with fixing warp drives and hiding from droids. I don’t buy it.

Imagine The Matrix series, but with a dose of human reality applied. All those phone calls and data transfers between the Matrix and the “real” world would get smacked with a data cap. The first few to make it through would be standing around waiting for the others to finish downloading. And one might not ever make it, because they reached the limit on their Matrix transfer subscription.

Superheros? Let’s see how contemporary social interaction would treat them:

  • Batman – massive protests would erupt across Gotham because the Batmobile runs on gasoline or jet fuel (?), not electric power. And bats obviously spread COVID, so Bruce Wayne will need to reconsider his whole identity.
  • The Avengers would have a really hard time fighting evil as a team, when they have to remain 6 feet apart at all times.
  • Spiderman – failing to obtain permits for shooting webs onto private property (office buildings) lands him in court. And the America Society of Housefly Preservationists protests every day outside the Daily Bugle to remind the public he represents unfair glorification of spiders and ignores the important contributions of the great American housefly.

And other sci-fi characters?

  • Boba Fett might have problems trying to launch from a space port when his credit card is denied, or his warranty runs out, or they cancel his spaceship insurance policy for unsafe flying.
  • Storm Troopers might be required to go on administrative leave every time they fire their laser gun, appearing in court to provide bodycam recordings showing how they used excessive force (but missed almost every time).
  • Guardians of the Galaxy would have to take a day off to stand line to get a Racoon permit.

You get the idea. Yeah.

This only the tip of the stupidity that will come. Sci-fi movies need to include the following if they want me to even try to believe in their story:

  • Standing in Line for Permits
  • HOA’s
  • Expired Coupons
  • Hidden Fees
  • Blocked Payments
  • Spam Calls
  • Missed putting the cans out for trash pick-up day
  • Ads everywhere (and probably mixed with real-time communications)

I can’t even imagine how much stupidity will be transposed to, or invented for people eventually living on Mars. Pretty much all the above, and more. Wherever humans go, the same stupid rituals and habits will be right there with them. And just wait until they try to establish a calendar/time sync standard between Earth and Mars when planning a Teams or Zoom call.

“The two most abundant elements in the universe are hydrogen and stupidity.” – Frank Zappa

“Hydrogen is a lot harder to obtain” – Me

Devices, Scripting, Technology, windows

Inventory Queries with PowerShell and WSUS

Getting inventory data from remote computers is always fun and exciting. Most people can’t get enough of it. I’ve been told people will forego silly things like food, water or sex, just to have more fulfilling time with inventory reporting. Wars have been fought over it; cultures have formed religious rituals; all focused on the glory of the almighty inventory report.

(actual photo I took of Lesner bridge construction in Virginia Beach, VA back in 1642)

There are many ways to confine inventory queries to a specific subset of all devices. If you have an endpoint management product like MEM/MECM/MEMCM/ConfigMgr/Intune/WhateverMicrosoftRenamesThem, or some other (third-party) tool, it’s usually built-in somewhere. Otherwise, you can often filter the devices using script (PowerShell, etc.) against some data source like AD, Azure AD, SQL, or even flat files (.txt, .csv, etc.).

But let’s just say, for the sake of mindless rambling, you have an environment without the benefit of an endpoint management product (yes, some of you will gasp in horror and shock, but these do exist), and maybe you happen to use WSUS to patch your Windows devices. And let’s just suppose that you need to quickly search for a particular registry value across all of the computers in a given WSUS computer group, for instance, your boss says something like “I need to know which machines in Patching Group 1 have VMware Tools, so I can find out how many Dwayne installed and go kick his ass!“.

The steps, in order, would look like the following:

  • Get the members of the WSUS computer group
  • Query the members (computers) for a particular registry key/value

You might think this would require a lot of code (and a lot of me blabbering some mindless gibberish about why, and whatever) but it actually doesn’t require a lot of code. Here’s one example…

[CmdletBinding()]
param (
  [parameter()][string] $TargetGroupName = 'Patching Group 1',
  [parameter()][string] $ProductName = 'VMware Tools*',
  [parameter()][switch] $x86
)

Import-Module UpdateServices
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer()
$groups = $wsus.GetComputerTargetGroups()
Write-Verbose "$($groups.Count) groups returned"
$mygroup = $groups | Where-Object {$_.Name -eq "$TargetGroupName"}
$computers = $mygroup.GetComputerTargets() | Select-Object -ExpandProperty FullDomainName
Write-Verbose "$($members.Count) members returned"
if (!$x86) {
  $RegKey = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
} else {
  $RegKey = 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall'
}
Write-Verbose "querying remote registry key: $RegKey"
Invoke-Command -ComputerName ($computers) -ErrorAction SilentlyContinue -ScriptBlock {
  $x = Get-ChildItem $Using:RegKey -ErrorAction SilentlyContinue |
    Where-Object {$_.GetValue('DisplayName') -like $Using:ProductName}
  $n = $x | ForEach-Object {$_.GetValue('DisplayName')}
  $v = $x | ForEach-Object {$_.GetValue('DisplayVersion')}
  [pscustomobject]@{
    Computer = $env:COMPUTERNAME
    Product = $n
    Version = $v
  }
}

Requirements / Caveats:

  • A real, working WSUS environment, with at least one (1) computer group, that has at least one (1) computer in it, and real computers that you can connect to over your network
  • This script is intended to be executed on the WSUS host, or a machine with the WSUS console installed (and the associated “UpdateServices” module), and MUST be executed within an elevated (aka “Administrator”) PowerShell session.
  • The -ProductName parameter is intended to be a wildcard match string. If you wish to search for exact matches, remove the “*” and change the ScriptBlock line to use -eq instead of -like
  • Exception handling? That’s funny.
BitBucket, business, Uncategorized

The Only Constant is Constantly Changing

“Welcome aboard! We’re so glad to have you join Macroswift! We want to make you feel comfortable and help you get up to speed with our organization and culture so you can be productive as soon as possible. First off, let’s introduce you to the team…”

“At the far left we have Jim Jockholder, our Senior VP of Research…”

“It’s Chief Research Associate, or CRA now. We’re focusing on the team culture now, rather than on a hierarchy. We are all part of one team here at Macroswift.”

“That’s right, and thank you Jim! I almost forgot. Next to Jim is Susan Catnipper. She’s our director of Human Resources and…”

“It’s Human Capital Management, Bill. It was renamed last week.”

“Oh yeah, sorry about that. Human Capital Management. And next we have Tom Flusher, our director of Technology Services, and…”

“Umm, hey Bill, it’s actually Data and Information Services. Please, continue?”

“Thanks Tom! Sorry about that. So much is changing here, as we continue to push the envelope. Next, we have Betty Bottleneck, who is our senior VP of Financial Services, last I checked that is…”

“Thanks Bill. We’re now called Financial and Accountability Services. And my new title is Senior Executive Primary Associate, or just SEPA for short. Thank you.”

“Okay. Well, thanks again Betty! And this is our Executive Leadership Team, or ELT, and…”

“Hey Bill, it’s the Managing Associate Team, or MAT now.”

“Right. Managing Associate Team.” (points to PowerPoint slide) “Let’s take a look at our products and services! As you may already know, our flagship product is called Shwindows, and…”

“It’s now Shwindows 365”

“Oh, darn it. I’m still using the deck from this morning, which is obviously out of date. I’ll get that fixed ASAP.”

“You might want to hold off until after today’s marketing team meeting.”

“You mean the Strategy and Marketing Team.”

“No. They announced 5 minutes ago it’s now the Marketing and Strategy Team.”

“Actually, that was 15 minutes ago. They announced 3 minutes ago it’s now the Predictive Analytics Team.”

“Right, the SMT, I mean PAT. Because they’re looking to rename it to Shwindows 720”

“I heard it was going to be Shwindows 2022”

“That was an hour ago. The new name hasn’t been announced yet. The Product Naming Team is out at lunch right now.”

“You mean the Branding Team.”

“Oh, yeah, Branding Team.”

“Well, whatever. The name will be changing again.”

“Didn’t they just rename it on Tuesday?”

“Yes. Every Tuesday.”

“Oh. Right.”

“Well, lets’ move on to Offender for Endpoint 365”

“Bill. That was renamed this morning. It’s now Prefender 720 for Endpoint and Analytics”

“Right.”

“Prefender 7210 for Endpoint and Analytics is our security suite for all platforms and form factors. Which compliments our productivity suite famously known as Workplace 365.”

“That’s Apps for Workplace 365 now.”

“Right.”

“Oh, and Bill?”

“Yes?”

“You were renamed this morning to Presenter 365.”

Technology, windows

Windows 11 – Part 2. The Electric Boogaloo

I’ve already shared my thoughts on Windows 11, but that was pre-release. This is now.

WARNING: May contain language not suitable for intelligent people.

copyright 2017 skatterbrainz

What I like about Windows 11

Pretty much the same as my previous post. The user interface is nice. It’s clean. It’s refined. It’s fresh. It’s a lot like MacOS, and I don’t even use a Mac (my son uses Mac exclusively, and loves to joke about Windows 11 now).

The new Settings app is finally what it should’ve been from day one with Windows 10. It looks like it was kidnapped in a white van from camp Linux, but it’s really nice. I like it.

The centered taskbar is not really a deal-breaker for me. I know some people hate it, but I just don’t care if the icons are in the middle or to the left/right/top/bottom, etc. But if you want some (really nice) PowerShell help with the UI, check out CustomizeWindows11 by Jaap Brasser. (Install-Module CustomizeWindows11).

“Windows Terminal” has replaced “Windows PowerShell” as the default Start menu right-click option. I like Terminal a lot.

Finally! The “Enterprise” SKU doesn’t install a bunch of stupid games like Windows 10 did early on (Candy Crush, etc.) Someone finally listened to the business customers.

What I don’t like about it

It’s still version 10.x (10.0.22000 to be exact). As if vendors can’t do the ($version -ge 10.0) math? Why?

PowerShell 5.1 is the only version installed by default. Why?

The same old prompt to run “Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force”. I tweeted that this is like selling cars with 1 lug nut missing on each wheel, every single year, and requiring buyers to install the nuts themselves. This is approaching government-level stupidity. Why?

TLS is still “SystemDefault”, not 1.2. Shouldn’t it default to 1.2 and let customers downgrade if needed? I thought “security” is a major selling point of this version.

PowerShell still isn’t woven into the fabric of the UX, it’s still an add-on. For example, in some apps like SSMS, you can right-click and generate a script of a desired action (create, delete, etc.), but why not in Explorer, REGEDIT, or Event Viewer? Frivolous? Maybe. But still… aside from die-hard PowerShell geeks, how much cumulative time is spent every year by users Google searching how to update a registry value, or export event log search results.

WinGet is flaky. Yes, flaky. Consider item 1, your honor:

winget install --name notepad++ 

This did not work.

This returns an error that there are “Multiple packages found matching input criteria”. No, there are not. There is only one with name “Notepad++”. The other is “Notepad+” (one plus sign). You have to use –id notepad++.notepad++ (kind of like Little Caesar’s pizza pizza) for this one. This tells me that the input filter handler is flawed (defaulting to regex or something that’s not swallowing the “++” properly).

Also, silent installs are NOT the default. You will need to be careful to add –silent, and possibly –accept-package-agreements, and –accept-source-agreements. The default appears to be what MSI folks would use as /qb! (basic w/no cancel).

The winget silent install command that worked for me

winget install --id notepad++.notepad++ --silent --accept-package-agreements

I’m aware this is nit-picky, but Chocolatey (my favorite package manager so far) doesn’t have this issue. The corresponding command to run a silent install of Notepad++ with Chocolatey is

cinst notepad++ -y

The other complaints I mentioned in the previous blog post still stand. For example,

  • No “Edit” option on right-click menus for PowerShell scripts. Why?
  • File extensions are still hidden by default. Why?

And speaking of hidden file extensions: It’s time once again for…

Exam Question of the Day

You call a (non-technical) user to advise them to perform certain actions while troubleshooting an issue on their shiny-new Windows 11 laptop. You have to speak loudly to overcome the sounds of cats on their end.

You: “I need you to edit the PowerShell script I just copied to your Documents folder. It’s named ‘Sample.ps1′” (see Figure 1)

Them: “Ok, How do I edit it?”

You: “Right-click on it and choose ‘Edit'”

Them: “There is no ‘Edit’. Should I use ‘Open’?”

You: “No!!!!!!!!! It’s got to be modified before you run it!”

Them: “I don’t like your tone. I’m hanging up and calling HR.”

You: (starts working on resume and updating LinkedIn profile)

Try this again…

You: “No. Just right-click on the one without an extension on the name.”

Them: “What’s an extension?”

You: (rubbing your temples with a 9mm and a glass of whiskey) “It’s…. uhhh…. hold on (sips, clicking sound)…. “okay, happy thoughts…”

Them: “What? Are you okay?”

You: “Yeah, I’m fine. It’s just, oh, never mind. So, I’ll need to ask you to click on “View” at the top of the Explorer window, then click on “Show” at the bottom of that popup menu, then click on “File name extensions”.

Them: “That’s dumb. So many clicks? Why aren’t these extensions turned on by default?”

You: “YES!!!! OMG! OMFG!! I love you!!!” (drops headset, and knocks over shot glass)

Them: “I’m married! You need to calm down!”

You: “Yes, I apologize. All good. Let’s continue…”

Which of the following will satisfy the requirement

A. Quit this IT job and pursue woodworking or guitar playing

B. Ask the user to marry you

C. Continue drinking and playing with your gun

D. Use a GPO or MDM policy to show file extensions, because they should have been displayed by default, from the very first version of Windows to contain Explorer. Then complain to everyone else on StackOverflow, Slack, Discord, Twitter, Reddit, Facebook, Twitch and maybe even LinkedIn, then post on your blog about it.

(figures)

Figure 1
Figure 2
Figure 3
Figure 4

As with everything software, it’s never done. Windows 11 will continue to evolve, like all other software products. So I would expect some of these complaints to be remediated over time. It’s just annoying that some of these complaints have been around for a very long time (file extensions, PowerShell version), and some appear to be regressions (right-click menus). That’s a sign of one of two possible things going on:

  • Internal knowledge sharing is broken (old team to new team, or product1-team to product2-team)
  • The customer feedback system is broken (user feedback is not being collected and/or assessed properly)

Maybe Windows 11 22H1 or 22H2 will take care of this.

Uncategorized

My Windows 11 Score Card

Updated: 2021-09-30 (see PS at the end)

Windows 11 is actually 10.0.22449. If Steve Ballmer was still doing the monkey dance, it would most likely be named “Windows 10 Ultimate Extras Edition”. Software versioning has always had a weird, glue-sniffing history. IBM’s OS/2 Warp was 3.x then 4.x before being left on the roadside. How is (or was) an “OS/2” not automatically a version 2.x?

When Windows 8.1 skipped over 9.x to 10.x, the excuse was third party crackhead developers were too dumb or lazy to differentiate 9 from 95 or 98. Because strings are tough, but version numbers are tougher? Autodesk was one of the few companies I can think of who stuck to a consistent version sequence, at least for most of their products. And they weren’t scared of using the superstitious 13 in a version (AutoCAD R13).

For decades, a “major” upgrade meant breaking changes. Significant things were added, removed or modified. But, as with IT job titles, the labels aren’t what they used to be. An “analyst” used to analyze things. Today, it’s just a title and the duties are anything but. The same seems to be true for version numbering. Office 2019 is 16.x, and Windows 11 is 10.x). The marketing folks have taken control of the spaceship.

Anyhow, I digress. Let’s dive into my meaningless list of meaninglessness…

Background

As shocking as it may be: Windows 11 is the next version after Windows 10. It’s supposed to be 1 better, but (so far, to me anyway) it’s about 0.25 better. The most significant changes appear to be in two general areas:

  • Security
  • Comfort

The security improvements in Windows 11 are generally based on a higher bar for hardware compatibility (TPM 2.0, SecureBoot, Intel 8th gen processor, etc.). As far as I can tell, there aren’t any major replacements to the Defender stack that ships in the OS, nor to things like ACLs or accounts.

The comfort improvements in Windows 11 are mostly lipstick, and a spandex girdle, but some of the body parts are in better shape.

What it is

So far anyway, because it’s not scheduled for release until October 5, 2021 (roughly 28 days from now) Windows 11 is an incremental update to Windows 10. It still includes all the legacy stuff that you loved from Windows (pick any version), with some new adjustments. Windows Scripting Host (and VBScript, etc.) are alive and well. Control Panel and MMC are still sitting on the sofa watching TV. Third party apps can still smash your configuration and leave it in a back alley if you allow it.

However, it’s not all doom and gloom. The Settings app has been overhauled, and finally where it should’ve been in Windows 10. I don’t really consider that a “new” feature, but more of a “late” feature. Even though Control Panel is still hiding under the bed. Another nice change is Windows Terminal being the default for the right-click Start menu.

What is isn’t

What it is not… a true “major” upgrade release (IMHO). A major upgrade (IMHO) would be changing major things, like Program Files (x86) and WOW6432Node, start with modern baselines (PowerShell), remove legacy stuff like Silverlight, Windows Scripting Host, and Internet Explorer components. COM and DCOM are still there. The same REGEDIT, CMD, MMC, and related MSC things like EVENTVWR, CERTIFICATES, are all there. To me, 11.0 should bring 100% parity between GUI and CLI (or .NET/PowerShell), but it still hasn’t reached that point.

What I like

  • The Settings app is finally what I had expected Windows 10 to get to, but never did
  • Terminal replaces PowerShell on the (right-click) Start menu
  • The icon themes are cleaner (generally speaking)
  • “Copy as Path” on the main right-click menu (no need to hold Shift, etc.)

What I Don’t Like

  • Right-click menus are weird. I can’t think of a better word
  • PowerShell 5.1 is the default
  • TLS 1.2 is still not the default
  • Taskbar right-click is USELESS unless you’re within the icon stack area (wasted potential)
  • It still relies on Windows Scripting Host for things like slmgr.vbs and ospp.vbs (Office) among other things
  • Control Panel is still hiding under the bed
  • Internet Explorer is deprecated, sort of, but also hiding under the bed with Control Panel, sort of
Pop-up: 3 main items, with 3 child items? Why not 6 on one menu?

Right-click taskbar could show what Windows 10 does, but doesn’t.

Right-click: Copy as path is nice. But no “Edit” on the right-click pop-up menus? That seems risky with script files. (the icon strip is “cut”, “copy”, “rename”, “share” and “delete”)
Start menu right-click: Nothing surprising, but I’d still like to see “Windows Update” included.
The overall UI theme is starting to look a bit Gnome-ish to me. Nothing wrong/bad about that, just an observation.

What I was hoping for

The following items are still on my wish list for an imaginary real major upgrade, if it happens in my lifetime:

  • Start with latest/current API items:
    • .NET, PowerShell, Nuget, PowerShellGet, etc.
  • Remove 32/64-bit distinctions
  • Remove spaces in core folder names: “Program Files” –> “ProgramFiles” or just “Apps”
  • Update basic apps like:
    • Notepad: line numbers, circular find/replace
    • REGEDIT: “Script As” > “Create”, “Delete”, etc. (using PowerShell, a la SSMS)
    • Explorer: Move Defrag, CheckDisk, Sharing, Permissions to the right-click menu
    • Mail: Yes, the weird store app, doesn’t follow the same UI motif as anything else. Maybe it should look a little bit like Outlook.com? I know, that’s a dumb thought.

Conclusions

I respect the complexity of both Windows as a product, and the Windows platform as an ecosystem, present themselves to Microsoft when it comes to steering that ship. The impact it has on customers, partners, vendors, developers, and more, has to be challenging. Kind of like Justin Bieber trying to go shopping at a downtown mall without any bodyguards.

However, when I watched Panos deliver that heartfelt monologue, sans John Williams music score, I expected a tectonic shift would be coming. This is more like a table bump. Why not just call it “Windows 10+” or “Windows 10.1”? It’s about as significant of a change as Windows XP going to SP2 (remember the firewall changes?) This feels, to me at least, more like a service pack combined with a feature pack, than a “major” upgrade.

I’m admittedly sounding a bit negative, I admit, even though I already admitted that. But, I need to be clear about why. It’s not the product itself, it’s the expectation vs. delivery. The product itself looks and feels rock solid, to me. The marketing hype always makes me cringe, because (and I’m no Apple fan) it seems like the trend is to position every new announcement like Steve Jobs would have done it, maybe with some orchestral string swells to add some drama. But there’s more to that than just playing the part, you have to clear the checklist too. I just hope that the next incremental update (which is what this really is) isn’t going to be called Windows 12, but 11.x (if the version number ever gets to 11.x).

PS (Sept 30, 2021)

I’ve heard some feedback on specific problems with various device models, but I would caution to check if it’s vendor-specific, rather than Microsoft. For example, I have a Lenovo P50 in my lab which keeps installing a stupid crappy Lenovo driver that breaks the fingerprint reader. At first it seemed like a Windows 11 feature/setting was disabling it, but removing the stupid crappy Lenovo driver, and a restart fixed it. So, I would recommend confirming the actual source of issues if/when you encounter them.