Our specialists continue to successfully pass the Microsoft certification exams

We are proud to congratulate our colleagues – programmers Sergii and Ivan on the successful passing of Microsoft certification exams.

Developing Microsoft SharePoint Server 2013 Advanced Solutions (70-489) – exam to test the usage skills of SharePoint, web development experience, experience in designing custom code for projects that are deployed to or interact with SharePoint environments.

Microsoft certifications

Developing ASP.NET MVC Web Applications (70-486) – confirms knowledge in the field of developing Microsoft ASP.NET web applications, including developing MVC-based solutions.

Microsoft certifications

Our specialist successfully passed the Microsoft certification exam

We are proud to congratulate our colleague-system administrator Daria on successful passing of one more Microsoft certification exam.

Administering Windows Server 2012 (70-411) – the second of three required exams for the MCSA Windows Server 2012. It confirms the availability of skills and knowledge necessary to implement, manage, maintain and provision services and infrastructure in a Windows Server 2012 environment.

certificat microsoft

Microsoft Edge vulnerable to cookie and password theft

The Microsoft Edge browser seems to have a severe password vulnerability. Recent reports reveal that attackers or hackers could easily obtain user password and cookie files for online accounts, a vulnerability that was discovered by security expert Manuel Caballero, someone with vast experience of unearthing Edge and Internet Explorer bugs and flaws. It also seems that attacks can be customized to dump the passwords or cookies of more online services such as Amazon, Facebook, and more.

Microsoft cloud TITSUP: Skype, Outlook, Xbox, OneDrive, Hotmail down

The problems appear to have started on Tuesday, March 21, 2017 morning Pacific Time, although systems could have started to wobble earlier: basically, people were and still are unable to log into their Microsoft-hosted services.

So, it sounds like someone broke something within Microsoft’s account authentication systems, locking millions out of their services for several hours.

Gmail will stop working in Chrome browser for Windows XP and Vista

Gmail online service will show a message warning about the termination of support for Chrome browser older versions. Due to significant changes relating to safety you have to download the 55-th Chrome update to continue using mail services.

Unfortunately, the above solution is not suitable for users of Windows XP and Vista because Microsoft has stopped the support for these operating systems and Chrome updates for them was stopped after version 49.

Gmail services would work till the end of the year in case you won’t update OS and browser. However, service will begin to redirect Windows XP and Vista users to the basic HTML version of the interface with a lower level of functionality and protection.

Ferma VDI

Installing a white certificate on a Microsoft VDI farm

Many companies using VDI infrastructure for remote work from the uncontrolled personal workstations of the company’s employees. External users face the problem of distrusting the certificate issued by the corporate certifying authority when publishing a VDI farm to the Internet. As a result, security warnings appear when connecting remotely.

RD Connection

In this case, the warning appears twice: at the first connection the broker server is untrusted; at the second connection, the VDI farm virtual machine is untrusted.

To resolve this problem, many system administrators suggest either checking the “Don’t ask me again” checkbox and ignoring this message, or “whitelisting” the root certificate on user’s remote computer and publishing the corporate CA’s CRL. However, such methods don’t work if users connect from different locations each time or connect to different virtual machines.

Solving this problem requires you to use a “white” certificate issued for the VDI farm by the trusted certificate authority. The names of the external certificate and the VDI computers must match.

The solution

First of all, we need a wildcard certificate (*.yourcompany.com) issued by the trusted certificate authority.

Add a new DNS suffix to the domain:

Add a new Active Directory Integrated zone (yourcompany.com) to serve internal requests for new server names and VDI farm virtual machines on a domain controller in DNS.

To have an additional domain suffix in a domain you have to edit the msDS-AllowedDNSSuffixes attribute at the domain level. You must add the internal and external domain names as the attribute value. For example, yourcompany.local and yourcompany.com. Create a new group policy at the domain level to specify the DNS suffixes that can be added to short names in DNS queries.

edit msDS-AllowedDNSSuffixes attribute

Enable the following policy: Computer Configuration \ Policies \ Administrative Templates \ Network \ DNS Client\ DNS suffix search list. Then add the internal and external domain name values, separated by commas.

DNS suffix search list

Setup certificate for RD server

You also have to change the DNS suffix of the planned RD servers to the external domain name before creating the VDI farm. Go to system properties and click “Change…”. Click “More…” on the “Computer Name/Domain Changes” tab and enter the new primary DNS suffix – yourcompany.com.

Computer Name/Domain Changes

Next create a new VDI farm based on the selected Microsoft Windows Server 2012 R2 servers. You can easily find information online about how to do this.

After you receive the certificate’s pfx file, you can install it on the new VDI farm. On the RD Connection Broker server, go to Server Manager > Remote Desktop Services > Overview. In the Deployment Overview field, select Edit Deployment Properties in the Tasks dropdown list.

RD Connection Broker server edit

Open the Certificates tab and set up the necessary *.yourcompany.com certificate for each farm service.

Add the certificate for each service role. Click “Select an existing certificate…”, then specify its file path and password.

RD Connection Broker server

In the end, the following certificates will be installed on the VDI servers, but not on virtual machines. The SSLCertificateSHA1Hash REG_BINARY parameter appears with the thumbprint certificate value in the registry on Connection Broker server at the following path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp.

This parameter determines which certificate will be used while the RDP session is being established. Add it to the registry on the client machine as well.

SSLCertificateSHA1Hash REG_BINARY

Installing the certificate on virtual machines

The following are required when using a white certificate on virtual machines:

  • Install the certificate in the personal certificate store on every machine.
  • Set the certificate key read permissions for each machine’s Network Service.
  • The SSLCertificateSHA1Hash REG_BINARY certificate parameter must have the thumbprint value.
  • Virtual machines names must match the certificate name (have the yourcompany.com suffix)

Create a new group policy at the Organizational Unit level, dedicated to the VDI farm’s virtual machines’ accounts.

This policy must run Startup Script ExportVDICert.bat on the virtual machines.

Startup Script ExportVDICert.bat

The script below uses the Microsoft Certutil and FindPrivateKey utilities. Certutil is a built-in utility. FindPrivateKey is provided as a Sample tool for developers and can be compiled independently. The script must be added to the policy.

The certificate and FindPrivateKey utility must be placed in the network folder where the script will grab the installation files. Here’s the script:

certutil -f -p “” -importpfx “” NoExport

c:

mkdir “c:\TempCertSecurity”

cd c:\TempCertSecurity”

xcopy “” “c:\TempCertSecurity”

FindPrivateKey.exe My LocalMachine -t

-a > tmp.txt

set /p myvar= < tmp.txt del tmp.txt del FindPrivateKey.exe cd \

rd “c:\TempCertSecurity”

cacls.exe %myvar% /E /G “NETWORK SERVICE”:R”

This script will install the new certificate with permissions after the virtual machine is rebooted.

The next part of the policy has to do with the SSLCertificateSHA1Hash installation option. The required key is configured via Preferences \ Windows Settings \ Registry

SSLCertificateSHA1Hash installation option

To change virtual machines’ Primary DNS Suffix in the policy in a central way, enable the Primary DNS Suffix and set yourcompany.com as the external domain name.

Primary DNS Suffix

The machine will receive the new FQDN and corresponding white certificate after being rebooted. After you perform all these operations, your users will no longer see the annoying security alerts.

Vulnerability Review 2016

New security vulnerability research realeased by Flexera. There were over 2,000 number of vulnerabilities across the top 20 software products, many of which you are using right now.

According to Flexera, the largest instances of vulnerabilities were attributed to Microsoft with 518 across its Windows 10, Windows Server 2012, Windows 8 and Windows RT operating systems.

Read more…

Deleting / restoring Metro apps in Windows 10

Deleting / restoring Metro apps in Windows 10

No matter how many supporters of the old version of the OS exist at present, it’s high time to turn to Windows 10. Accordingly, I invite you to take a closer look at the preloaded Metro apps. You will agree with me that very few people use absolutely every application forced upon us by Microsoft. Most of them just take up space, and are sometimes even annoying. In this article I will share with you a way to “clean” the system of such needless apps on Windows 10.

Deleting

So let’s discuss deleting needless apps. I suggest you use a PowerShell script to display all installed Metro apps. Then it’s up to you whether to delete all or just some of them.

 

 

The script is as follows:

Function PSCustomErrorRecord
{
Param
(
[Parameter(Mandatory=$true,Position=1)][String]$ExceptionString,
[Parameter(Mandatory=$true,Position=2)][String]$ErrorID,
[Parameter(Mandatory=$true,Position=3)][System.Management.Automation.ErrorCategory]$ErrorCategory,
[Parameter(Mandatory=$true,Position=4)][PSObject]$TargetObject
)
Process
{
$exception = New-Object System.Management.Automation.RuntimeException($ExceptionString)
$customError = New-Object System.Management.Automation.ErrorRecord($exception,$ErrorID,$ErrorCategory,$TargetObject)
return $customError
}
}

Function RemoveAppxPackage
{
$index=1
$apps=Get-AppxPackage
Write-Host “ID`t App name”
foreach ($app in $apps)
{
Write-Host ” $index`t $($app.name)”
$index++
}

Do
{
$IDs=Read-Host -Prompt “Which Apps do you want to remove? `nInput their IDs by space (e.g. 5 12 17). `nIf you want to remove every possible apps, enter ‘all'”
}

While($IDs -eq “”)

if ($IDs -eq “all”) {Get-AppXPackage -All | Remove-AppxPackage -ErrorAction SilentlyContinue –confirm

$AppName=($ID -ge 1 -and $ID -le $apps.name)

if (-not(Get-AppxPackage -Name $AppName))
{
Write-host “Apps has been removed successfully”
}
else
{
Write-Warning “Remove ‘$AppName’ failed! This app is part of Windows and cannot be uninstalled on a per-user basis.”
}

}

else {

try
{
[int[]]$IDs=$IDs -split ” ”

}

catch
{
$errorMsg = $Messages.IncorrectInput
$errorMsg = $errorMsg -replace “Placeholder01”,$IDs
$customError = PSCustomErrorRecord `
-ExceptionString $errorMsg `
-ErrorCategory NotSpecified -ErrorID 1 -TargetObject $pscmdlet
$pscmdlet.WriteError($customError)
return
}

foreach ($ID in $IDs)
{
#check id is in the range
if ($ID -ge 1 -and $ID -le $apps.count)
{
$ID–
#Remove each app
$AppName=$apps[$ID].name

Remove-AppxPackage -Package $apps[$ID] -ErrorAction SilentlyContinue –confirm
if (-not(Get-AppxPackage -Name $AppName))
{
Write-host “$AppName has been removed successfully”
}
else
{
Write-Warning “Remove ‘$AppName’ failed! This app is part of Windows and cannot be uninstalled on a per-user basis.”
}
}
else
{
$errorMsg = $Messages.WrongID
$errorMsg = $errorMsg -replace “Placeholder01”,$ID
$customError = PSCustomErrorRecord `
-ExceptionString $errorMsg `
-ErrorCategory NotSpecified -ErrorID 1 -TargetObject $pscmdlet
$pscmdlet.WriteError($customError)
}
}
}
}

$result = 0;

while ($result -eq 0) {

RemoveAppxPackage

$title = “Delete Apps”
$message = “Do you want to continue?”

$yes = New-Object System.Management.Automation.Host.ChoiceDescription “&Yes”, `
“Yes, I want to remove another application.”

$no = New-Object System.Management.Automation.Host.ChoiceDescription “&No”, `
“No, all unnecessary applications are removed.”

$options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)

$result = $host.ui.PromptForChoice($title, $message, $options, 0)

}

 

 

Save the script in .ps1 format or download it. I recommend creating a batch file for the script below in order to simplify running as an administrator (save it in .bat format and UAC will automatically request confirmation):

 

 

.bat script

@echo off
cls

echo Apps
echo.
echo press any key to continue…

pause > NUL

echo
echo.

PowerShell -NoProfile -ExecutionPolicy Bypass -Command “& {Start-Process PowerShell -ArgumentList ‘-NoProfile -ExecutionPolicy Bypass -File “”%~dp0.\app.ps1″”‘ -Verb RunAs}”

echo You deleted apps…
echo.
pause

Где app.ps1 – имя сохраненного power shell скрипта.

 

 

Note: When the script is run that way you may see a warning message: “Execution Policy Change”.

PowerShell Execution Policy Change

Choose “Yes” to make the change.

You will then see the following:

list of installed apps PowerShell

There is a list of installed apps on the screen. And asked to list (separated by spaces) the ones that you want to delete.

Let’s say you decide to delete Microsoft.BingNews. In that case, type in the corresponding application number. If the operation succeeds, you should get the following:

PowerShell operation succeeds

Please note that you can’t remove system apps. If you attempt to do so, you will receive the following message:

PowerShell administrator warning

This applies to applications such as:
• Microsoft.Windows.Cortana
• MicrosoftEdge
• ContactSupport
• PrintDialog, etc.
The screenshot below features a more detailed list of “immortal” apps:

list of

There is a way to remove all apps at once (except the “immortal” apps described above). To do so, type “all” instead of a specific app’s number, and confirm removal of all apps (Yes to All) or confirm each removal individually (Yes).

list of

Restoring

If you accidentally delete or subsequently decide you want to use a particular app, you can restore it through the Windows Store or use the following suggestions.

For example, if you want to restore the Store app, which happened to be deleted by the script above, you should run the following command in PowerShell with administrator permissions:

Add-AppxPackage -register "C:\Program Files\WindowsApps\*Store*\AppxManifest.xml" -DisableDevelopmentMode

You can restore other applications in a similar manner by putting their names between asterisks. If you need to restore a large number of apps, it’s better to use a script (add / remove lines as needed).

 

 

Script to restore apps:

Add-AppxPackage -register “C:\Program Files\WindowsApps\*Weather*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Finance*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Maps*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*News*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Sports*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Travel*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Camera*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Reader*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Xbox*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Alarms*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Calculator*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*OneNote*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*People*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*SoundRecoder*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*3dbuilder*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Store*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Photos*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Phone*\AppxManifest.xml” -DisableDevelopmentMode

 

 

As before, save and, if necessary, edit the script and run it.

Alternatively, if you want to restore the entire set of pre-installed utilities, type the following line in PowerShell with administrative permissions. This means you don’t need to be afraid to experiment. Restoring the previous state is easy:

Get-AppxPackage -AllUsers| Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}

You may see warning messages while restoring apps. They refer to apps that are currently running.

Restoring Photo Viewer in Windows 10
Most users who install Windows 10 are dissatisfied with the lack of the photo viewing app – Windows Photo Viewer.
To restore Photo Viewer, you need to add some keys in the registry. To do this, save the following script with the .reg extension and run it. Then set the app as the default app for opening images: Settings – Default apps – Photo – Windows Photo Viewer:

Default apps Windows 10

 

 

Script to add keys to the registry

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations]
“.jpg”=”PhotoViewer.FileAssoc.Jpeg”
“.wdp”=”PhotoViewer.FileAssoc.Wdp”
“.jfif”=”PhotoViewer.FileAssoc.JFIF”
“.dib”=”PhotoViewer.FileAssoc.Bitmap”
“.png”=”PhotoViewer.FileAssoc.Png”
“.jxr”=”PhotoViewer.FileAssoc.Wdp”
“.bmp”=”PhotoViewer.FileAssoc.Bitmap”
“.jpe”=”PhotoViewer.FileAssoc.Jpeg”
“.jpeg”=”PhotoViewer.FileAssoc.Jpeg”
“.gif”=”PhotoViewer.FileAssoc.Gif”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap]
“ImageOptionFlags”=dword:00000001
“FriendlyTypeName”=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,36,00,00,\
00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\DefaultIcon]
@=”%SystemRoot%\\System32\\imageres.dll,-70”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\shell]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\shell\open]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\shell\open\DropTarget]
“Clsid”=”{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF]
“EditFlags”=dword:00010000
“ImageOptionFlags”=dword:00000001
“FriendlyTypeName”=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,35,00,00,\
00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\DefaultIcon]
@=”%SystemRoot%\\System32\\imageres.dll,-72”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\shell]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\shell\open]
“MuiVerb”=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,\
72,00,5c,00,70,00,68,00,6f,00,74,00,6f,00,76,00,69,00,65,00,77,00,65,00,72,\
00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,34,00,33,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\shell\open\DropTarget]
“Clsid”=”{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg]
“EditFlags”=dword:00010000
“ImageOptionFlags”=dword:00000001
“FriendlyTypeName”=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,35,00,00,\
00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\DefaultIcon]
@=”%SystemRoot%\\System32\\imageres.dll,-72”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\shell]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\shell\open]
“MuiVerb”=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,\
72,00,5c,00,70,00,68,00,6f,00,74,00,6f,00,76,00,69,00,65,00,77,00,65,00,72,\
00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,34,00,33,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\shell\open\DropTarget]
“Clsid”=”{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif]
“ImageOptionFlags”=dword:00000001
“FriendlyTypeName”=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,37,00,00,\
00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\DefaultIcon]
@=”%SystemRoot%\\System32\\imageres.dll,-83”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\shell]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\shell\open]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\shell\open\DropTarget]
“Clsid”=”{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png]
“ImageOptionFlags”=dword:00000001
“FriendlyTypeName”=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,37,00,00,\
00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\DefaultIcon]
@=”%SystemRoot%\\System32\\imageres.dll,-71”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\shell]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\shell\open]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\shell\open\DropTarget]
“Clsid”=”{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp]
“EditFlags”=dword:00010000
“ImageOptionFlags”=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\DefaultIcon]
@=”%SystemRoot%\\System32\\wmphoto.dll,-400”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\shell]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\shell\open]
“MuiVerb”=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,\
72,00,5c,00,70,00,68,00,6f,00,74,00,6f,00,76,00,69,00,65,00,77,00,65,00,72,\
00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,34,00,33,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\shell\open\DropTarget]
“Clsid”=”{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities]
“ApplicationDescription”=”@%ProgramFiles%\\Windows Photo Viewer\\photoviewer.dll,-3069”
“ApplicationName”=”@%ProgramFiles%\\Windows Photo Viewer\\photoviewer.dll,-3009”

 

 

Saving the results

To ensure that all this effort is not in vain, I recommend that you edit the registry to disable automatic installation of apps.
To do this, log in under an administrator account. In the registry, go to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ WindowsStore \ WindowsUpdate.
And change the value of the setting (default 4):
2 – turn off automatic updates of user apps,
4 – turn on automatic updating of custom apps.

WindowsUpdate

Or you can use the following script to change the registry (save as a .reg file and run):
Here is a script to disable automatic updates when installing applications:

 

 

Here is a script to disable automatic updates when installing applications:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate]

“AutoDownload”=dword:00000002

 

 

P.S. I hope the proposed method of removing / restoring apps will make it easier for you to adjust Windows 10 on your PC. After making all of your changes, I also recommend that you reboot your PC.

More articles about OS WINDOWS 10

SharePoint + Office Online

Collaborate on documents: SharePoint 2016. Part 2. Configure external access

This post continues the series of articles about SharePoint Server. In the first part, we looked at features for collaborating using Office Online and the desktop version of MS Office programs. This article will show you how to start and publish using SharePoint + Office Online.

We consider the case when it is important for the company to keep all the infrastructure and data stored in it under their control. In other words, with an extensive on-premise SharePoint 2016 farm.

Let’s get started.

DNS

In our case, we use Split DNS where the names for internal and external areas are the same.

For example: External domain servilon.com, external names: sp2016.servilon.com and oos2016.servilon.com.

Solution: On the internal DNS, add two new Forward Lookup Zones with the corresponding names: sp2016.servilon.com and oos2016.servilon.com.

add two new Forward Lookup Zones internal DNS

Add an A amount of records indicating the local address of the server in each zone:

internal DNS new host

internal DNS new host

Certificate

Issue a certificate for both services right away. We added both names to the subject alternative name (SAN): sp2016.servilon.com and oos2016.servilon.com. To avoid problems on devices outside of the domain, you need to issue your certificate by a trusted certification authority.

Certificate

We will mention this certification three more times. It will be used on the SharePoint Server (in IIS), on the Office Online Server, and for Application Request Routing (ARR) for publishing sites.

 SP Settings

Here we will skip the SharePoint Server installation process, because this topic has been covered in numerous articles, walkthroughs, and TechNet. Note that Microsoft is pushing us to cooperate and communicate in its Windows 2016 Server – versioning settings are already configured to work together by default for a document’s library (Library> Library Settings> Versioning Settings)
Document Version History is set to “Create major versions”;

Require Check Out is set to “NO”.

SharePoint Server settings

It’s time to remember security and our certificate, so we specify it in the Bindings for our SP site.

Bindings for SP site

OOS Settings

MS says the minimum hardware requirements are identical to the requirements for SharePoint Server 2016:

  • RAM: 12GB
  • Processor: 64-bit, quad
  • HDD: 80GB

In reality, the test environment RAM can be significantly cut back.

  1. Install the .NET Framework 4.5.2 on the server;
  1. Install the necessary components by OS command below:

Install-WindowsFeature Web-Server, Web-Mgmt-Tools, Web-Mgmt-Console, Web-WebServer, Web-Common-Http, Web-Default-Doc, Web-Static-Content, Web-Performance, Web-Stat-Compression, Web-Dyn-Compression, Web-Security, Web-Filtering, Web-Windows-Auth, Web-App-Dev, Web-Net-Ext45, Web-Asp-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Includes, InkandHandwritingServices, Windows-Identity-Foundation

  1. After installation is finished, reboot the system;
  2. Run the OOS installation, the installation wizard only asks to specify the installation path;
  3. Configure the OOS farm (using a secure connection – https):
    • Import the previously issued certificate.
    • Create the OOS farm using a PS command:

New-OfficeWebAppsFarm -InternalURL “https://oos.contoso.com” -ExternalURL “https://oos.contoso.com” -CertificateName “Certificate Friendly Name”

create the OOS farm

To enable editing mode on OOS, use the following PS command:

Set-OfficeWebAppsFarm -EditingEnabled

InternalURL and ExternalURL are identical as configured by Split DNS.

Back on the SharePoint server, there are just two commands:

1. In SharePoint 2016 Management Shell run the following command as an administrator:

New-SPWOPIBinding -ServerName “OOS server name”

SharePoint 2016 Management Shell administrator

2. Since our SharePoint is used both internally and externally, you should change the infrastructure zone to external-https:

Set-SPWOPIZone -zone “external-https”

SharePoint 2016 Management Shell administrator

Configure publishing on ARR

  1. Import our certificate in IIS.
  1. Specify its other Bindings.

Configure publishing on ARR

Configure publishing on ARR

Create 2 farms for sp2016.servilon.com and oos2016.servilon.com.

Edit URL Rewrite at the server level

Configure publishing on ARR

Configure publishing on ARR

For SP:

  1. Add a Condition

add a condition SP

  1. Paste https:// in Action Properties

Repeat the same actions for OOS.

As a result, we get the following settings:

After editing IIS, restart the service using the following command – iisreset.

You’re done! Now you have oos2016.servilon.com server as a server used for running in a browser and on mobile devices, and sp2016.servilon.com as a connection point to the SharePoint site.

In the next part, I will try to answer questions asked about OneDrive for Business.

More articles about SharePoint

SharePoint 2016

Collaborate on documents with Microsoft: SharePoint 2016, Office Online and everything else. Part 1: What is it?

But Microsoft has been unfailingly persistent – they continue to improve their products all the time, on multiple levels as a result, now we can talk about the established infrastructure of document collaboration offered by Microsoft. It has two classes of software:

  1. Means of public access to documents, including cataloging, version control, distribution of rights and other similar server features. These tools are divided into cloud solutions (OneDriveSharePoint Online) and on-premise – the SharePoint 2016 Server – deployed in the infrastructure of the customer.
  2. Document editing tools. These include the desktop suite of Microsoft Office application (which was also updated recently), newly-minted mobile versions of Office, initially focused on co-authoring documents, and, the cherry on the cake – its own implementation of server online editing Office Online apps documents (previously known under the name of Office Web Apps).

All this splendor probably does not make Microsoft quite the “Google Docs killer” of so much repute among tech-journalists, but provides a good alternative to the consumer. This is especially true of corporate customers who, already have the MS infrastructure (AD, Exchange, Skype for Business), and those who need, for security-purposes, to store all or part of their information locally. For such customers, new opportunities to work with documents from Microsoft look particularly attractive.

As a result, we thought that we should inform our prospective clients and the general public about these developments, and how to install and configure all this stuff. We’ll also try to get to a comparison with alternative services. Not everybody has time for such a long read, so we’ve decided to split this post into several articles. This is the first one. Here, we’ll go through the MS features in each of the Microsoft products that enable document co-editing: Office Online, MS Office for desktop and also for mobile devices. It is at this point that we warn you – there will be a lot of attention to the finer points of this, so an impatient reader can go directly to “conclusions” at the end of the post. For everybody else, fasten your seat-belts!

Office Online

Office Online Server is quite an interesting application, not yet well known to everyone. Firstly, it allows users to reduce the number of licenses and MS Office installations. Secondly, it enables more ways to access and edit documents – in a nutshell, you only need a browser. Thirdly, it features the best suite of Microsoft collaboration tools to date. Let’s take a closer look.

Word Online

Word Online

Editing of the document in Office Online can be done by multiple users at the same time, with the changes and the username corresponding to each edit appearing instantly to the other co-authors. Users can simultaneously edit the same section of text, even in one paragraph.

see when someone changing data the same time

Excel Online

Edit in Exel Online icon

In Excel Online, changes in the cell will be displayed to the other co-authors only after an author moves to the next cell. In the meantime, this cell remains active and can be changed by multiple users.

Co-authoring in Exel Online

PowerPoint Online

Edit in PowerPoint Online icon

PowerPoint Online allows you to work simultaneously on one slide, but it is better to work on different elements, otherwise users will not see each other’s real time changes.

PowerPoint Online allows you to work simultaneously on one slide

Office Desktop Version

Working with documents through Office Online is a pleasant experience, except when it comes to significant changes to the formatting. If you want to insert a chart, smart art, table of contents, macros, format tables, use a formula, etc. then you have to use the desktop version of the software. We could write a separate article about the difference between desktop and online functionality. Here, we will review the differences related to the co-authored work.

MS Word

In this application, it is not possible for two different people to edit the same paragraph of text simultaneously.

co-autoring word 2016

The changes will be visible to the other co-authors only after the author saves them and other users update the document.

Save and update is integrated into the Save icon  (Ctrl + S)f315bee01822438387a5e08b0ba77f6f. Available updates are displayed in an icon next to the author’s name.

co-autoring word online 2016

MS Excel

In Excel, simultaneous editing of the same document is not possible. Two options are possible – use the online version,

Someone else has this workbook locked error

or get in line.

File in use by someone else

MS PowerPoint

On the contrary, in PowerPoint, simultaneous co-editing is possible. Co-editors can see that someone else is working on a presentation through the “Share” panel.

PowerPoint co-editing is possible

Available updates are signaled by the inconspicuous ‘Updates Available” status. The status appears only after the author saves changes, while the changes themselves appear after a document has been updated using the Save icon (Ctrl + S).

Status of co-editing of file

Mobile devices

Microsoft Word App and Microsoft PowerPoint App

When working on Android, a paragraph or element on which you are working is not blocked, and two co-editors can simultaneously work with it – edits are publicly displayed a very short time later. The fact that someone else is working on the same element, can be seen in the “Share” menu.

The fact that someone else is working on the same element on Android

In the case of the IPhone with changes in the message about the updates to the proposal Apply / Cancel. It would be interesting to test more on Windows Phone with Windows 10.

Microsoft Excel App

Real time collaboration in Excel App is not supported.

File has locked by someone

Conclusions

In general, co-editing tools from Microsoft can be considered functional, although different components implement it differently. The process of co-editing is best implemented in Office Online as it represents real co-working. You can add a feature which displays the names of simultaneous co-editors of documents (moving across your screen). But, unfortunately, for full editing functionality you’d still have to resort to the desktop version of the program, which still needs a “save” button. In addition, the process of working together is not made so user-friendly (Excel suffers most, where things remain all at check-in and check-out level).

In the next post, we’ll show you how to deploy on-premise components for co-authoring and sharing within an enterprise infrastructure. SharePoint 2016 Farm, Office Online Server, the publication – that will all be discussed. Stay tuned.

More articles about SharePoint