Windows PXE Boot Issues – KB4493467 (April 9, 2019)

Microsoft has acknowledged an issue with PXE boot affecting Windows 8.1 and Windows Server 2012 R2 systems caused by a Security-Only update (KB4493467) released on April 9, 2019.

The Issue:

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

The Workaround:

To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:
Open an Administrator Command prompt and type the following:

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:
Use the Windows Deployment Services UI.

  1. Open Windows Deployment Services from Windows Administrative Tools.
  2. Expand Servers and right-click a WDS server.
  3. Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.

Option 3:
Set the following registry value to 0:

HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDSServer service after disabling the Variable Window Extension.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Windows 10 Automatically Uninstalls Problematic Software Updates

Patch Management is an important role of a Sysadmin in the Enterprise, because securing endpoints with security updates to keep systems secure and functional, receive fixes that resolve issues, and patch security holes is highly important. However, with the frequency of security updates which are released these days, patch management tasks feels like a full-time job!

For the most part, monthly patches are straight forward, however in recent months, they have been problematic where they have caused system crashes, blue screens, application functionality issues, and introduced other bugs. Some faulty patches are quickly reversed or rectified by Microsoft, while others go unfixed for a longer duration causing further duress and downtime in many organizations. This has been a major pain point for Sysadmins in the field.

Well, we may have some reprieve from these buggy patches. Microsoft has announced that it will start uninstalling problematic patches automatically from Windows 10 systems when it detects a startup issue due to incompatibility or issues stemming from a recently installed patch. The following notification will be presented:
“We removed some recently installed updates to recover your device from a startup failure.”

According to this KB4492307 posted by Microsoft, the problematic patch will not be reinstalled for 30 days to allow Microsoft and it’s partners to investigate and fix the issues. This process seems like a good proactive approach by Microsoft to get a handle of buggy patches, however more information is needed in terms of how this will work with detection, deployments, and compliance of these patches using ConfigMgr and WSUS as mechanisms for patch management in the enterprise. Time will tell, we hope!

Enable Windows 10 Administrator Account

This post is not to emphasize or promote the use of the local administrator account or provide such level of access to your users. IT Professionals and security experts will tell you that providing local administrator account privileges for end users is risky as it can introduce lots of issues such as ransomware attacks, malware infections, risk of compromised systems, and Pass-the-Hash attacks to name a few.

The local administrator account on a Windows 10 system is disabled by default. If you need to enable it for troubleshooting purposes or for some management tasks, you can do so in 3 ways.

Option 1: Computer Management

  • Click Start > search for Computer Management
  • Expand Local Users and Groups
  • Expand Users
  • Right-click on Administrator account
  • Uncheck Account is disabled box > click Apply and OK
  • Right-click Administrator account
  • Click on Set Password
  • Click on Proceed
  • Enter new password as desired
  • Confirm password > click OK

Option 2: Command Prompt

  • Click on Start > search for Command Prompt
  • Right-click and Run as Administrator
  • Type the following command and press enter:

net user “Administrator” /active:yes

Option 3: PowerShell

  • Click on Start > search for PowerShell
  • Right-click and Run as Administrator
  • Type the following command and press enter:

Get-LocalUser -Name “Administrator” | Enable-LocalUser

To disable the local Administrator account:

Get-LocalUser -Name “Administrator” | Disable-LocalUser

PowerShell – Random Password Generator

ps-random-password

Generate random passwords using PowerShell.

Found this method from https://www.scriptjunkie.us/2013/09/secure-random-password-generation/ and modified by Sean Martin (myITforum.com PowerShell usergroup).

Microsoft Deployment Toolkit (MDT 8456) Released

The Microsoft Deployment Toolkit (MDT) has been released and the most current build (8456) which can be downloaded from the Microsoft Download Center. This update requires the Windows Assessment and Deployment Kit (ADK) for Windows 10 version 1809 (10.1.17763.1) which is available for download on the Microsoft Hardware Dev Center.

The official MDT release note are available here:
https://docs.microsoft.com/en-us/sccm/mdt/release-notes

Some of the significant changes in this update include:

  • Supported configuration updates
    • Windows ADK for Windows 10, version 1809
    • Windows 10, version 1809
    • Configuration Manager, version 1810
  • Major changes
    • Nested task sequence support for LTI scenario
    • Modern language pack supportNote 1
    • Support for Configuration Manager version 1810Note 2
    • IsVM evaluates to False on Parallels VMs
    • IsVM = False when VMware VM is configured with EFI boot firmware
    • Gather doesn’t recognize All-in-One chassis type
    • MDT doesn’t automatically install BitLocker on Windows Server 2016
    • BDEDisablePreProvisioning typo in ZTIGather.xml

Check out Johan Arwidmark’s “A Geeks Guide for upgrading to MDT 8456” blog post for steps to upgrade MDT as a standalone and in ConfigMgr.

The following post provides some information on How to get help with MDT, in case you need it.

Windows Server 2019 Now Available

The ISO download for Windows Server 2019 has been released and is now available from the Microsoft Volume Licensing Service Center (VLSC) portal. You’ll find the 64-bit ISO file with a download size of 4351 MB.


Here’s a short description of Windows Server as seen in the VLSC portal. To learn more about Windows Server 2019, such as features, deployment, management, system requirements, and more, read HERE!

Windows 10 October 2018 Update (v1809) Available in VLSC

The ISO download for Windows 10 October 2018 Update edition (version 1809) has been released and is now available from the Microsoft Volume Licensing Service Center (VLSC) portal. You’ll find the 64-bit ISO file with a download size of 4505 MB. The 32-bit version is also available for download (3278MB).

Here is a good article on “How to verify if you have downloaded or installed the latest version of Windows 10”. I would recommend that you check out Michael Niehaus’ blog post where he shares some important information regarding the changes with the volume license media and upgrade packages with Windows 10, starting with v1709. There is only one ISO with a single WIM (Windows Image) file that contains all the volume license images as listed below:

Here’s what’s new in Windows 10 October 2018 Update and Office. And here’s some additional information on how to get Windows 10 October 2018 Update.

You can check out the known issues HERE!

Windows ADK 1809 For Windows 10 Now Available with Add-On

With the release of Windows 10 version 1809, the following tool to support this latest Windows 10 build, Windows Assessment and Deployment Kit (ADK) version 1809 is now available.
You can download it from: Windows 10 Assessment and Deployment Kit (ADK).

NOTE: There is a new change with this ADK which requires an add-on installation to include Windows PE.

Starting with Windows 10, version 1809, Windows Preinstallation Environment (PE) is released separately from the Assessment and Deployment Kit (ADK). To add Windows PE to your ADK installation, download the Windows PE Addon and run the included installer after installing the ADK. This change enables post-RTM updates to tools in the ADK. After running the installer for the WinPE add-on, the WinPE files will be in the same location as they were in previous installs of the ADK.

See Download and install the Windows ADK and ADK tools to get the ADK and WinPE add-on.

Johan Arwidmark has written a nice PowerShell script to automate the installation of the Windows ADK and Windows PE Add-On. You can grab it from his script repository on GitHub. This is very useful.

The Windows ADK is also available to Windows Insiders. Join the Windows Insider Program to get the Windows ADK Insider Preview.

The latest version of the Windows ADK includes:

  • The Windows Assessment Toolkit and the Windows Performance Toolkit to assess the quality and performance of systems or components.
  • Deployment tools such as WinPE, Sysprep, DISM and other tools that you can use to customize and deploy Windows 10 images.

Learn more about Windows ADK v1809 for Windows 10.

Windows 7 Network Controller Issues – KB4338818 (July 2018)

The July 2018 Windows Updates for Windows 7 SP1 and Windows Server 2008 R2 SP1 introduces a bug that could cause the network interface controller to stop working. The update referenced is KB4338818.

In case your systems run into this issue, the workaround from Microsoft is to do the following:

Please use your best judgement and evaluate the risks of applying this update to your Windows 7 SP1 and Windows Server 2008 R2 systems.

** Update **
According to an IT Pro who opened a support case with Microsoft, this is the information provided at this time:

“Regarding the known issue in the July monthly rollup about the network interface controller that will stop working. We are still looking at the data gathered from multiple customers and we do not have a list third party software that is causing the issue. What we do know until now, is that the issue is reproducing mainly on VM over VMware.”

ADMX Template For Windows 10 April 2018 Update (1803) Now Available

On April 30, 2018, Microsoft released the Windows 10 April 2018 Update (1803) build to customers worldwide. The following tools to support this latest release has been made available, which includes Windows 10 Administrative Templates (.ADMX), Windows Assessment and Deployment Kit (ADK), and the Remote Server Administration Tools (RSAT) for Windows 10 April 2018 Update.

Windows 10 Administrative Template (.ADMX)

Remote Server Administration Tools for Windows 10 (RSAT)

Windows 10 Assessment and Deployment Kit (ADK)

Microsoft Office 2016 Administrative Templates and Office Customization Tool is also available for download.

Follow @Hoorge on Twitter and join Tech Konnect on Facebook and Twitter to stay current on technology related matters.