Upgrading Windows 10 for Domain joined PC's
It's worth noting the text just above the download buttons:
TextIf you’re on an Enterprise edition, the media creation tool won’t work for an upgrade. Please see the Volume Licensing Service Center for more information.
Sorry if this has already been posted but I thought this may help some people
https://www.microsoft.com/en-us/software-download/windows10
This topic first appeared in the Spiceworks Community
Similar Messages
-
No windows identity for Domain Name\User
I have recently upgraded SharePoint 2013 farm from RTM to SP1. I am repeatedly getting errors No windows
identity for Domain Name\User in ULS log. Some users who was earlier able to access to site is not able to access site.
Please remember to mark the replies as answers or vote as helpful if they help.Few questions to quickly check with you..
1. Have you re-run your SharePoint Configuration Wizard after you upgraded from RTM to SP1? Its very important to re-run SharePoint Configuration Wizard to ensure SharePoint Config DB is updated with latest changes in the farm.
2. If you have performed the above step but still face issues, have you restarted your SharePoint Server after re-running your SharePoint Configuration Wizard? If not please restart the server.
3. If not anyone of the above, then have you changed your authentication type for your web application in Central Admin. Example, from Classic Authentication to Claim Based Authentication?
Please remember to click 'Mark as Answer' if the reply answers your query or 'Upvote' if it helps you. -
Hi,
We get plenty of error messages:
SPSecurityContext.WindowsIdentity: Could not retrieve a valid windows identity.
No windows identity for domain\user.
Our SharePoint 2010 environment consists of 2 app and 2 front end servers. We have plenty of SPSecurityContext.WindowsIdentity errors in our SharePoint logs. I found that this is related to C2WTS service. We have this service running under Local System account
and only running on both Front-end servers. We are not using Kerberos in our environment.
My question is should this service be configured with domain account even we are not using Kerberos?
Also should this server be started on App sharepoint servers?
Is any other way to prevent those errors?
Thank you,Since local accounts are unable to query the domain, and I suspect that the Local System account uses a virtual local account (as opposed to the computer's domain account), then the same would apply to your C2WTS.
Yes, configure a domain account (DEDICATED, since C2WTS requires some VERY elevated privileges), and the C2WTS will be able to do all of its domain lookups.
Scott Brickey
MCTS, MCPD, MCITP
www.sbrickey.com
Strategic Data Systems - for all your SharePoint needs -
Upgrading windows server 2003 domain controller to windows server 2008
Hello friedns :
We have a company with about 2000 users , and two windows server 2003 domain controllers , one of them acts as a primary domain controller , and the other acts as secondary domain controller , all the FSMO s are on the primary DC ,we have decided to upgrade all of our servers from windows server 2003 to windows server 2008 , the first step is to upgrade the domain controllers to windows server 2008 , our domain controllers are so sensitive and has to be active 24 hours a day , i have stress upgrading it to windows server 2008 , what is the best solution to upgrade it with no risk ?
( i have an opinion but i am not sure and i dont have any guide about it , i want to install a windows server 2008 and promote it as an additional domain controller to the windows server 2003 DC and the transfer all the FSMOs to it , and then promote the first domain controller !!! is that possible ? if yes , is there any guide about it? )
If there is a guide available for it please let me know . (Specially if there is a tip & trick)
thank you guys.
Network is my LOVEHi,
This TechNet online article might be helpful for you.
How to Upgrade Domain Controllers to Windows Server 2008 or Windows Server 2008 R2
http://technet.microsoft.com/en-us/library/ee522994(WS.10).aspx
For your convenience, I have list some general steps for your reference.
Since the following operation have potential damage to Active Directory database, it is highly suggested that you'd better perform a full backup of Active Directory (System State) firstly. Also it is better to test the following procedure in a similar lab environment first.
General Steps:
=============
1. Verify the new server's TCP/IP configuration has been pointed to the current DNS server.
2. Make the new server become a member server of the current Windows Server 2003 domain first.
3. Upgrade the Windows Server 2003 forest schema to Windows Server 2008 schema with the "adprep /forestprep" command on old server.
Please run the "adprep.exe /forestprep" command from the Windows Server 2008 installation disk on the schema master. To do this, insert the Windows Server 2008 installation disk, and then type the following command:
Drive:\sources\ADPREP\adprep.exe /forestprep
4. Upgrade the Windows 2003 domain schema with the "adprep /domainprep" command on old server.
Please run the "adprep.exe /domainprep" command from the Windows Server 2008 installation disk on the infrastructure master. To do this, insert the Windows Server 2008 installation disk, and then type the following command:
Drive:\sources\ADPREP \adprep.exe /domainprep
5. Insert Windows Server 2008 Installation Disc in the new server.
6. Run "dcpromo" on new server to promote it as an additional domain controller in existing Windows 2003 domain, afterwards you may verify the installation of Active Directory.
Please refer to:
How to Verify an Active Directory Installation in Windows Server 2003
http://support.microsoft.com/kb/816106
7. Verify the new server's TCP/IP configuration has been pointed to current DNS server.
8. Enable Global Catalog on new server and manually Check Replication Topology and afterwards manually trigger replication (Replicate Now) to synchronize Active Directory database between 2 replicas.
Please note: It will some time to replicate GC between DC, please wait some time with patience.
9. Disable Global Catalog on the old DC.
10. Transfer all the FSMO roles from the old DC to the new DC.
Please refer to:
How to view and transfer FSMO roles in Windows Server 2003
http://support.microsoft.com/kb/324801
11. Verify that the old DNS Server Zone type is Active Directory-Integrated. If not, please refer to:
How To: Convert DNS Primary Server to Active Directory Integrated
http://support.microsoft.com/kb/816101
Note: Active Directory Integrated-Zone is available only if DNS server is a domain controller.
12. Install DNS component on new server and configure it as a new DNS Server (Active Directory Integrated-Zone is preferred). All the DNS configuration should be replicated to the new DNS server with Active Directory Replication.
13. Make all the clients change TCP/IP configuration to point to new server as DNS.
14. You may configure TCP/IP on all the clients, or adjust DHCP scope settings to make them use the new DNS server.
Please note: It is a good practice to make the old DC offline for several days and check whether everything works normally with the new server online. If so, you may let the old DC online and run DCPROMO to demote it.
Hope it helps.
Regards,
Wilson Jia
This posting is provided "AS IS" with no warranties, and confers no rights. -
I want to use SCCM 2012 R2 and OSD, to boot a bare metal machine, install and OS, and bind it to Active Directory. The catch is that I want the deployment process in SCCM to prompt for the following pieces of information, and then use that information to
bind the computer to Active Directory (W/O using MDT) instead of supply the data in the task sequence.
Computer Name
Domain
Domain OU
Domain Join Account
I am approaching this in a similar fashion as stated in this blog.
http://osdblog.com/2013/06/26/add-a-prompt-for-a-computer-name-in-your-sccm-deployment/
I have added the following collection variables to the unknown computers collection:
When I launch the task sequence, I am prompted as I would expect. I input the desired information, the deployment competes, but it does not bind to the domain. Here is what my TS looks like. I intentally disabbled the apply Network Settings step
because it forces you to enter specific information if it enabled. I don't want to that, thus why I am trying to use the variables.
My SMSTS log does not have a whole lot of meaningfull data, but I can post it if someone wants to see it. The only possible thing I could think of would be drivers, their are some driver errors in the log. However, if I turn on the Apply Networking setting
process in the task sequence and turn off the variables, the machines bind fine. With that in mind, I would not think my problem would be driver related. Anyone out there have expertise in using a process like this, that could assist?
--TonyAwesome! Thanks. One more thing, how should I supply the OSDJoinPassword variable? Should I just enter %OSDJoinPassword%
for Password and Confirm Password? I can not tell if it will actually read it as a variable or try to use "%OSDJoinPassword%" for
the actual password.
--Tony -
Deploy Consumer Grade Windows Laptops On Domain?
We are considering purchasing some low end laptops that will be used for the main purpose of users accessing their primary workstation remotely from home.
HP Stream 14 looks like a candidate.
It comes with 8.1 "home" edition OEM. So, we would need to upgrade to Pro for domain join (so they can use their normal domain user id and password to log in and so we can manage the accounts) either by purchasing Pro Packs for each
laptop or via Volume licensing upgrades. Can VL be used to upgrade 8.1 OEM to 8.1 Pro VL?
Does anyone have experience with managing these types of devices. I'm not sure we would need to bother with creating a corporate image for these laptops. We could just add the Pro Pack, join the domain and then manage settings and install required
software (VPN, disk encryption and managed antivirus) using Group Policy.
PC Reset or factory restore could be used as needed when reassigning to new users or if there is a major software issue.
I assume the Windows keys are embedded so we can reinstall Windows 8.1 without having to keep track of and manually type in software keys after a restore.
Anyone have experience with this type of use case?Hi,
Regarding the license related issue, we'd better make a contact with the Microsoft local license team for support.
http://support.microsoft.com/contactus/
If we purchased the "Home" edition, then the embedded key should be this edition, if we want to reinstall with Windows 8 professional edition, we need to enter the professional edition license key again.
For Windows 8.1 deployment, here is some information for reference:
Windows 8 Deployment Strategies
Step-by-Step: Windows 8 Deployment for IT Professionals
Best regards
Michael Shao
TechNet Community Support -
DNS working intermittently for non-domain joined machines
I have a small single Server 2012 based network, with about 90% windows clients. DNS is running on the Windows Server 2008 machine, but DHCP is provided via a unix based firewall machine. Within the DNS configuration I have all of my windows
clients (mostly Windows 8.x clients, but there are a few Windows 7 ones as well) and a few *nix ones as well. All of the Windows clients are domain joined, except for one machine which is currently running Windows 10 preview, though it was a Windows
7 machine originally. In the DNS configuration I have a number of statically entered A records, used to give my *nix machines a name on the local network.
When trying to access systems by name (via ping or by other services), there is a very consistent behavior - my domain joined machines are able to resolve all names 100% of the time without any issues. However, the non-domain joined machines, both
Windows and not, are consistently inconsistent. To be more precise, when I try to resolve a name it will randomly work and randomly not. IP setup and configuration looks correct, meaning they have valid IP, DNS is set to my Windows Server,
default gateway, etc. are all correct. Pinging external machines (ie google.com, etc.) works 100% of the time, but trying to ping any internal machine is a total crap shoot. The only exception to this is the Windows Server 2012 machine itself,
which always works.
From past experience I know that the moment I join a machine to the domain all of the DNS issues goes away, which is fine for the Windows boxes but not so much for the rest. I also have visitors occasionally come by, who I cannot expect to join my
domain just to make things work normally.
This network originally started life out as Windows Server 2003 domain, but was upgraded to 2012 about two months ago. I have been seeing this problem for years, but have always assumed it to be a Server 2003 issue and figured it would go away when
I upgraded. Nope...
Any ideas as to the cause of this and what I can do about it?
Thanks,
peterIts really weird - I can ping an address and not have it work, then do a NSLookup of the same address against my DNS server and it resolves just fine. Take a look at this screen copy below:
C:\Users\Peter>ping apollo.bakonet.local
Ping request could not find host apollo.bakonet.local. Please check the name and try again.
C:\Users\Peter>nslookup apollo.bakonet.local 192.168.124.9
Server: orac.bakonet.local
Address: 192.168.124.9
Name: apollo.bakonet.local
Address: 192.168.124.27
C:\Users\Peter>ping apollo.bakonet.local
Ping request could not find host apollo.bakonet.local. Please check the name and try again.
C:\Users\Peter>ipconfig /all |more
Windows IP Configuration
Host Name . . . . . . . . . . . . : Win10
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : bakonet.local
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-21-CC-65-1B-8F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : A0-88-B4-A2-41-81
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : bakonet.local
Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6205
Physical Address. . . . . . . . . : A0-88-B4-A2-41-80
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fc47:8a91:6b25:bd0e%2(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.124.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, January 5, 2015 7:34:47 PM
Lease Expires . . . . . . . . . . : Tuesday, February 3, 2015 7:15:20 PM
Default Gateway . . . . . . . . . : 192.168.124.1
DHCP Server . . . . . . . . . . . : 192.168.124.1
DHCPv6 IAID . . . . . . . . . . . : 60852404
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-C6-18-82-00-21-CC-65-1B-8F
DNS Servers . . . . . . . . . . . : 192.168.124.9
24.229.54.212
216.144.187.199
Primary WINS Server . . . . . . . : 192.168.124.9
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : EC-55-F9-F5-14-76
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Does this actually make sense? Obviously the DNS server is online, it works and when a lookup is requested directly it works, and the DNS server is listed as first in the IP configuration. So why would it not work?! -
Sideloading on domain joined Windows 8.1 Professional Update Tablets
Hi folks,
first, I want to apologize for my bad English. I'm out of practice since several years and Google Translator is not the best assistance.
We are developing a Windows 8 LOB App for our customer. This App shall only be available for the employees of this customer. Therefore, releasing the App in the Windows Store is not an option.
As far as I understand the announcements by Microsoft, it is now possible to sideload Windows Store Apps on devices where Windows 8.1 Pro Update is installed. The requirements are the app has to be signed, the group policy "Allow all trusted apps to install"
has to be enabled and the devices must be part of a domain. A sideloading key is not required anymore.
At the moment I try to sideload an app to an Windows 8.1 Pro lenovo tablet. The System is up to date and the device is part of an AD-Domain.
To sideload the app, I've done the following:
-> First I deleted the developer license from my testing device.
-> Then I've created a code signing certificate with mkcert and Pvk2Pfx according to.
-> Creating and signing the App package with Visual Studio 2013 worked without problems.
-> I activated the local GP "Allow all trusted apps to install" and installed the certificate under the local machine\Trusted Root Certification Authority certificate store.
But when I try to install the app with Add-AppPackage, the process abort with an error. The error message says, that a developer license or a sideloading key is required.
What do I wrong? Has someone managed to sideload an App to a domain joined Windows 8.1 Pro device and can give me some advice?
Many thanks in advance.
TobiasHello,
though, I have not updated this thread in the last days, I'm still not sure, whether sideloading keys are necessary to successfully sideload apps to domain joined Windows 8.1 Pro devices.
To make sure that I have got you right: Might someone confirm to me, that even for domain joined devices with Windows 8.1 Pro Update installed, sideloading keys are necessary, because these devices are only ready to, but not yet enabled for sideloading.
If no sideloading keys are necessary, is it required, for successful sideloading, that the devices are logged into the domain network and connected with the domain controller, for a successful deployment? My test device is domain joined but at the moment it
is not logged into that domain network.
Thanks.
Tobias
I'm unable to confirm myself, since I don't use Pro edition in my organisation (we use Enterprise edition because we purchased that in our agreement).
It might be possible, that the MSFT statements for Pro (does not require sideloading key), might only be functional when using the Volume Licensing channel product for Pro. i.e. maybe the OEM channel and Retail channel of Pro might not be enabled for sideloading?
It sounds like you are using an OEM or Retail channel Pro (i.e. that OS shipped on the Lenovo device).
This is my observation from your symptoms. I'm not sure how to validate that, without trying each case.
It may be necessary to raise a support call with MSFT to validate that.
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
Windows 7 domain joined getting Windows 10 upgrade!!
I was building a reference image the other day for Windows 7 (we still want to use Windows 7 for "legacy" P4 machines) and it had activated itself via our KMS server and for some reason it would still show the Windows 10 Upgrade notification even though the upgrade doesn't (apparently) support KMS so it does seem there are some glitches with the update.
Also, I could understand not using WSUS in that case if its only a small collection of computers and it seems they do most work inside the XenApp server which I would hope. Although, it does sound like you have a server over there so it might be worth implementing if you ever make the move to Windows 10 as they are creating some sort of new solution that I believe is called "Windows Update for Business."Hi,
We have several computers that are not using WSUS and are Domain Joined that are trying to upgrade to Windows 10 automatically. Luckily they are failing but it has downloaded Windows 10 into the $Windows.~BT folder.
I checked the GWX event logs and says they are Domain Joined and I know they are not suppose to get Windows 10.
I think it is to do with KB2952664 as the computers that got the Windows 10 upgrade seem to have not restarted since this re-released patch was out.
Has anyone else had this happen? I've tried search with no joy.
Even though it is failing to preform the Upgrade now we are worried that Microsoft will make a change or something will happen and the upgrade will complete...
Aaron
This topic first appeared in the Spiceworks Community -
Do SCCM clients need to be domain joined for Windows Patch Deployments
Hi,
We have SCCM 2012 R2 deployed in an environment with both workgroup and domain joined machines. Currently only the domained joined machines have the SCCM client installed. We were thinking of bringing patching into SCCM rather than WSUS but were wondering
if we install the SCCM client on workgroup machines do they need to be domain mebers to work or do they just need to be able to resolve the SCCM server?BAsically, I'm looking for confimation that we can patch non-domain joined machines via SCCM.
Thanks,
SimonHere's a nice blog post that adds some gotcha and additional detail:
http://blogs.technet.com/b/configurationmgr/archive/2014/07/01/managing-workgroup-clients-in-system-center-2012-configuration-manager.aspx
Ultimately, ConfigMgr doesn't care if systems are domain joined or not but there are some nuances and caveats that must be accounted for.
Jason | http://blog.configmgrftw.com | @jasonsandys -
Hi,
Windows 7 or Windows Server 2008 R2 domain join displays error "Changing the Primary Domain DNS name of this computer to "" failed...."
DC:windows Server 2008 R2
Domain functional level:Windows Server 2003
When Winxp join domain, have no this error message.
I checked http://support.microsoft.com/kb/2018583?wa=wsignin1.0 does't work.
There have 3 suggestion in this article:
1.The "Disable NetBIOS over TCP/IP" checkbox has been disabled in the IPv4 properties of the computer being joined.
Doesnt's work.
2.Connectivity over UDP port 137 is blocked between client and the helper DC servicing the join operation in the target domain.
On my DC, I run netstat -an, reslut as below:
UDP 192.168.20.3:137 *:*
3.The TCP/IPv4 protocol has been disabled so that the client being joined or the DC in the destination domain targeted by the LDAP BIND is running TCP/IPv6 only.
We are not using IPV6.
This server recently updated from Windows Server 2003 to Windows Server 2008 R2. Before upgrade, when Win7 and Win2008 join this domain, also have the same error message.
Please help to check this issue.
Thank you very much.
BR
Guo YingHuiHi Guo Ying,
I have faced this critical error which makes over-writes the host names in the domain when you join.
For example: Already you had a host name called as PC.domain.com in the domain.com Domain.
When you try to add the another host name called as PC in the domain.com Domain, it doesn't give you the duplicate name error on the network it does over-write the existing host name called as PC.domain.com & it will add the new host name into the domain.
Host name which got over-written will get removed from the domain. I faced this issue in my project. My DPM host name got removed from the Domain & new host name got joined into the domain which halted my backups for one day.
Final Resolution is as follows:
You need to start the dns console on the DC & drop down the domain name.
Select the _msdcs when you click on _msdcs it will show the Name Server's list on the right hand side.
You need to add the Domain Naming Master under the _msdcs or add all the domain controllers which you had.
After you add the Name server's try joining the PC OR Laptop to the domain which is successfully joins it.
Regards
Anand S
Thanks & Regards Anand Sunka MCSA+CCNA+MCTS -
Windows 8.1 Pro join to domain issues....
We bought some Windows 8.1 laptops and purchased the upgrade to the Pro version. When I attempt to join the laptops to the domain, it prompts me for domain credentials, I enter them, and I get an error....
Changing the Primary Domain DNS name of this computer to "mydomain.com" failed.
The name will remain "mydomain.com". The error was:
The specified domain either does not exist or could not be contacted.
Of course, the domain DOES exist and we have plenty of Windows 7 workstations signed into it just fine. I hit OK then login to the laptop using a domain account. At this point, I get an error telling me that no logon servers are available to authenticate.
This is a Windows 2008 domain controlled environment. Everything works fine otherwise for the Windows 7 systems, only these Windows 8.1 systems are having any issues. The new laptops are even showing up in DNS on the domain controller.
Any ideas what I might be missing? Is there something special about joining Windows 8.1 Pro systems to a domain?OK; took a couple of more days than planned to get back on site. We're continuing to do testing, but here's the IPConfig /ALL that was requested. 10.0.0.1 is the gateway, 10.0.0.10 is the DC. The laptop is "Me-L" and the domain is "mydomain.com".
The below was pulled after getting IP information assigned via DHCP. The laptop is not joined to the domain at the moment and login is a local account.
Windows IP Configuration
Host Name . . . . . . . . . . . . : Me-L
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com
Wireless LAN adapter Local Area Connection* 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : A0-88-69-46-A4-CF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : A0-88-69-46-A4-D2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : mydomain.com
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : EC-F4-BB-9C-36-56
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.0.0.108(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, August 21, 2014 11:29:52 AM
Lease Expires . . . . . . . . . . : Wednesday, August 27, 2014 11:29:50 AM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.10
DNS Servers . . . . . . . . . . . : 10.0.0.10
10.0.0.10
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wi-Fi:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 3160
Physical Address. . . . . . . . . : A0-88-69-46-A4-CE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes -
Domain joined Windows 8.1 using OneDrive to sync passwords across devices
Background : Domain joined Windows 8.1 devices using OneDrive to sync settings across devices, including "Passwords" under Other Settings. Domain user accounts are NOT local administrators.
Issue : When one drive goes to sync Wireless network security settings (passphrases etc...), a User Account Control (UAC) dialogue pops up from "Program Name : Networks" to enter administrator credentials. Domain users do not have administrator access
to local computers by strict policy.
The only way identified so far to stop the dialogue pop-up is to disable the password sync by group policy. However, that turns off ALL password syncing, including passwords desired to be sync'd, that do not encounter this issue.
Can the UAC be suppressed? Is there a way to NOT sync the wireless password settings?
Welcome any thoughts, direction, assistance, etc... :) Thanks much and have a good day!Hi,
I searched around but haven't find one way to achieve this, thus I'm afraid that we're unable to prevent the specific network password setting. the syncing settings for all passwords are combined together.
To suppress UAC, we can turn off the UAC under control panel\User Account or via GP Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options ,but we don't recommend this.
Yolanda Zhu
TechNet Community Support -
ModernUI app fail to install from Intune Company Portal on Windows 8.1 Enteprise domain joined
i know that using sideloading keys are required in all scenario's whenever i want to deploy modernUI apps to windows 8.1 devices. Using a domain joined enterprise Windows 8.1 device it should be required as i've heard. However, i'm looking for the exact
technical requirements to be able to deploy a modernUI app through the company portal from Intune. So far i know the following requirements:
device must be domain joined enterprise version OR use sideloading keys;
the device must be joined to the domain that is dirsynced with the Intune subscription;
AllowAllTrustedApps reg key must be set to 1 OR configure the corresponding GPO;
a Microsoft account is required to access the Windows Store;
a Windows Intune subscription user account is required to enroll the device into Windows Intune;
the modernUI (demo) app must be visible in the company portal;
app must be signed and the device must trust the corresponding cert OR use a developer sideloading key: Show-WindowsDeveloperLicenseRegistration;
does someone have a good overview of all requirements in relation to deploying modernUI apps?
I find it very confusing when to determine which requirements apply. thanks in advance!i know that using sideloading keys are required in all scenario's whenever i want to deploy modernUI apps to windows 8.1 devices. Using a domain joined enterprise Windows 8.1 device it should be required as i've heard. However, i'm looking for the exact
technical requirements to be able to deploy a modernUI app through the company portal from Intune. So far i know the following requirements:
device must be domain joined enterprise version OR use sideloading keys;
the device must be joined to the domain that is dirsynced with the Intune subscription;
AllowAllTrustedApps reg key must be set to 1 OR configure the corresponding GPO;
a Microsoft account is required to access the Windows Store;
a Windows Intune subscription user account is required to enroll the device into Windows Intune;
the modernUI (demo) app must be visible in the company portal;
app must be signed and the device must trust the corresponding cert OR use a developer sideloading key: Show-WindowsDeveloperLicenseRegistration;
does someone have a good overview of all requirements in relation to deploying modernUI apps?
I find it very confusing when to determine which requirements apply. thanks in advance!
If you have a domain joined Windows 8.x Enterprise workstation, you do not need the sideloading keys. You only need sideloading keys for Windows 8 Pro, RT etc.
It will install as long as:
Domain joined
AllowAllTrustedApps - GPO or Local Policy enabled
Signed by a trusted certificate -
Windows 7 MDT Offline Domain Join
In a scenario where a user does not have access to the corporate network, a mostly automated media-based refresh is implemented.
- Refresh laptops from Windows XP/Vista to Windows 7
- MDT task sequence, OS, drivers, apps, contained on a supplied DVD
- User needs only to select the task sequence from the Wizard menu, all else is automated
- Hardlink user state capture and migration
The problem exists with joining the offline computer to the corporate domain. If the domain join fails, the user can't log on to his/her restored domain user profile.
Does anyone have any experience or tips related to using the Win7/2008 djoin.exe utility with an automated MDT task sequence? I can't find much information on it, and it's new to me.
I gather that you have to join the object at the domain first, then extract the required metadata, and somehow inject this individual computer data (aka Base64 blob) in the 'Microsoft-Windows-UnattendJoin/Identification/Provisioning' section of the unattend.xml
... but how to do that with some type of variable? I'd like to avoid creating a customized DVD for every single computer in the field.
I'll keep searching, but if anyone has done this before please let me know your experiences.Appreciate the reply, but I've already read through that. I'm looking for information specific to MDT and suggestion on how to include the process in a [semi] automated task sequence in a media-based offline scenario.
A general idea would be to compile a text file of target computer names, run a script to execute djoin.exe against the list to provision all the computers, generating a base64 blob text file for each. Then, store that repository of files in the deployment
share so it is included on the MDT media. Call the file as a Run Command step using the computer name variable during the task sequence State Restore phase to execute the offline join. eg:
cmd.exe /c djoin.exe /requestODJ /loadfile %ScriptRoot%\Blobs\%OSDComputerName%.txt /windowspath %windir% /localos
In testing, provisioning an existing computer on the DC breaks any domain relationship because the computer account is reset by the /reuse parameter. The relationship can be fixed by running the /requestODJ command on the computer - essentially 'rejoining'
the machine to the domain - but it presents a problem for the time lapse between pre-staging computers and distributing the media. Since the users are all currently running XP or Vista, it doesn't make sense to explore a theory of re-using the same blob
data multiple times, such as immediately after provisioning and then again during the reimage.
I'm opening a call with MS support, but still interested to hear if anyone has used this utility with MDT at all.
Maybe you are looking for
-
Spry Menu rendering improperly in Firefox - PLEASE HELP
Hello: I have searched the forums and the web and can't find the solution to the following problem. I have a vertical spray menu with flyouts (CS3). Works great in IE, in Firefox, the flyouts go to the far right of the page. They used to be OFF the p
-
Problems with office after upgrade to ERP 6.0
After upgrade from R3 46c to ERP 6.0 , we installed sap gui 710 with patch 14 and in many frontends a new version of Microsoft Office 2003 SP3. In many PCs now we have a problem with macros and templates from PA20 transacction with Documents Manageme
-
Running Windows Vista 32 bit
-
Whenever i make any new calendar entries on iPad and then sync with my MacBook via a USB cable, the new entries are promptly transferred to the MacBook. But after disconnecting the entries disappear from the iPad. The new entries made on the MacBook
-
Standard BW Report for Purchase Requisitions
Hi All, My client is looking for some requisition based report (besides the standard SAP MM reports). Are there any BW reports that will provide details on say, requisitions per cost cent, materials, etc.. I know this may seem like a strange request