Join Microsoft for four days of demos, deep dives, and live Ask Microsoft Anything (AMA) sessions from October 24-27, 2022, led by Microsoft engineering and designed to get you up to speed on the latest features, capabilities, and scenarios for Windows11 and Microsoft Intune, including Windows 365 and much more. There will be experts from the engineering and product teams ready to answer your questions during each session.
How do you participate? Go to https://aka.ms/TechnicalTakeoff and select the sessions you want to attend, and then click on RSVP to save your spot, receive event reminders, and have the ability to post your questions in advance and also during the event. (Note: You must be signed in to the Tech Community to RSVP and participate in the live Q&A, but sessions can be viewed without signing in). See the video below for a quick tutorial on how to sign up.
The tweet below has been liked, shared, and retweeted by IT pros with lots of excitement for this awesome event. Follow me on Twitter and help amplify this message. Thanks.
See below for a listing of the deep dive sessions, demos, AMAs, and the Office Hours.
All times below listed for Pacific Daylight Time (PDT)
As of Sunday, October 23, 2022, we have added a Microsoft Edge AMA on Wednesday, October 26th at 12PM PT. Check it out: https://aka.ms/TTAMA/MicrosoftEdge.
I’m excited for this event which a handful of us at Microsoft helped organize, planned and produced this amazing technical event for IT pros. Looking forward to seeing you at Microsoft Technical event, for you learning, and engagements.
On January 12, 2021 (Pacific Time), Microsoft released security updates affecting the following Microsoft products:
Product Family
Maximum Severity
Maximum Impact
Associated KB Articles and/or Support Webpages
Windows 10 v20H2, v2004, v1909, v1809, and v1803
Critical
Remote Code Execution
Windows 10 v2004 and Windows 10 v20H2: 4598242 Windows 10 v1909: 4598229 Windows 10 v1809: 4598230 Windows 10 v1803: 4598245
Windows Server 2019, Windows Server 2016, and Server Core installations (2019, 2016, v20H2, v2004, v1909)
Critical
Remote Code Execution
Windows Server 2019: 4598230 Windows Server 2016: 4598243 Windows Server v2004 and Windows Server v20H2: 4598242 Windows Server v1909: 4598229
Windows 8.1, Windows Server 2012 R2, and Windows Server 2012
Critical
Remote Code Execution
Windows 8.1 and Windows Server 2012 R2 Monthly Rollup: 4598285 Windows 8.1 and Windows Server 2012 R2 Security Only: 4598275 Windows Server 2012 Monthly Rollup: 4598278 Windows Server 2012 Security Only: 4598297
Resources for deploying updates to remote devices:
With so many people working remotely, it is a good time to review guidance on deploying security updates to remote devices, such as desktops, laptops, and tablets. Here are some resources to answer questions pertaining to deploying updates to remote devices.
Below are summaries for some of the security vulnerabilities in this release. These specific vulnerabilities were selected from the larger set of vulnerabilities in the release for one or more of the following reasons: 1) We received inquiries regarding the vulnerability; 2) the vulnerability may have received attention in the trade press; or 3) the vulnerability is potentially more impactful than others in the release. Because we do not provide summaries for every vulnerability in the release, you should review the content in the Security Update Guide for information not provided in these summaries.
Notes on details in the vulnerability summaries:
Attack Vector
This metric reflects the context by which vulnerability exploitation is possible. The Base Score increases the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable component.
Attack Complexity
This metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Such conditions may require the collection of more information about the target or computational exceptions. The assessment of this metric excludes any requirements for user interaction in order to exploit the vulnerability. If a specific configuration is required for an attack to succeed, the Base metrics should be scored assuming the vulnerable component is in that configuration.
Privileges Required
This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
User Interaction
This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise the vulnerable component. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.
CVE-2021-1674
Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
Microsoft Word Remote Code Execution Vulnerability
Impact
Remote Code Execution
Severity
Important
Publicly Disclosed?
No
Known Exploits?
No
Exploitability
Exploitation less likely
CVSS Base Score
7.8
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Software
Microsoft Excel 365 Apps for Enterprise, Word 2010, Word 2013, Word 2016, Office 2010, Office 2019, Office 2019 for Mac, Office Online Server, Office Web Apps 2010, Office Web Apps Server 2013, Office SharePoint Enterprise Server 2013, SharePoint Enterprise Server 2016, SharePoint Server 2010, and SharePoint Server 2019
Office security updates published as part of the January 2021 Patch Tuesday address bugs exposing Windows systems running vulnerable Click to Run and Microsoft Installer (.msi)-based editions of Microsoft Office products to remote code execution (RCE) attacks.
Microsoft rated the six RCE bugs patched this month as Important severity issues since they could enable attackers to execute arbitrary code in the context of the currently logged-in user.
Further information about each of them is available within the knowledge base articles linked below.
To download the January 2021 Microsoft Office security updates, you have to click on the corresponding knowledge base article below and then scroll down to the ‘How to download and install the update‘ section.
I recently switched to using my new-ish laptop (Lenovo P1) for my day-to-day technical work and decided I should redo my test lab in Hyper-V, particularly for my ConfigMgr / MEMCM / Intune testing and troubleshooting stuff. While I have been actively using my ConfigMgr site in my lab, I didn’t pay much attention to the built-in reports until very recently, when I discovered I had an issue as all the reports produced an error.
The Component Status in the Monitoring node of the ConfigMgr console indicated no issues with the Reporting Services Point Role.
The Site Status was lit up nice and green and indicated all was working fine with my ConfigMgr site.
When a report is run from the ConfigMgr console or SSRS, the following error is produced (see image above):
The DefaultValue expression for the report parameter ‘UserTokenSIDs’ contains an error: The LDAP server is unavailable. (rsRuntimeErrorInExpression)
The full error is provided below:
System.Web.Services.Protocols.SoapException: The DefaultValue expression for the report parameter ‘UserTokenSIDs’ contains an error: The LDAP server is unavailable. at Microsoft.ReportingServices.Library.ReportingService2005Impl.GetReportParameters(String Report, String HistoryID, Boolean ForRendering, ParameterValue[] Values, DataSourceCredentials[] Credentials, ParameterInfoCollection& Parameters) at Microsoft.ReportingServices.WebServer.ReportingService2005.GetReportParameters(String Report, String HistoryID, Boolean ForRendering, ParameterValue[] Values, DataSourceCredentials[] Credentials, ReportParameter[]& Parameters)
Microsoft.ConfigurationManagement.ManagementProvider.SmsException The DefaultValue expression for the report parameter ‘UserTokenSIDs’ contains an error: The LDAP server is unavailable.
Stack Trace: at Microsoft.ConfigurationManagement.AdminConsole.SrsReporting.ParameterPresenter.GetParameters() at Microsoft.ConfigurationManagement.AdminConsole.SrsReporting.ParameterPresenter.LoadParameters(IReport report, Collection`1 navigationParameters, IResultObject resultObject) at Microsoft.ConfigurationManagement.AdminConsole.SrsReporting.ReportViewerPresenter.Worker_DoWork(Object sender, DoWorkEventArgs e) at System.ComponentModel.BackgroundWorker.OnDoWork(DoWorkEventArgs e) at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)
I tried several troubleshooting steps including the following:
1. Uninstalled the Reporting role from ConfigMgr 2. Uninstalled the SQL Reporting Services 3. Reinstalled SQL Reporting Services 4. Reinstalled the Reporting role in ConfigMgr 5. Changed the registry key: “HKEY_LOCAL_MACHINE/SOFTWARE/Wow6432Node/Microsoft/ConfigMgr10/ AdminUI/Reporting/ReportBuilderApplicationManifestName” from the value “ReportBuilder_2_0_0_0.application” to “ReportBuilder_3_0_0_0.application” 6. Edited the file: “C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\Microsoft.ConfigurationManagement.exe.config” and changed the 2 to a 3 in the two locations: <add key=”10.0″ value=”ReportBuilder_3_0_0_0.application”/> <add key=”DEFAULT” value=”ReportBuilder_3_0_0_0.application”/> 7. Checked accounts including the service account for SQL reporting
None of the above steps helped fix the UserTokenSIDs issue. I searched high and low on Google / Bing and did not discover anything regarding “LDAP server is unavailable” specifically relating to UserTokenSIDs. I finally got the big guns out and contacted my close friend, Garth Jones, who is a known industry expert with SQL and SSRS. He is a Microsoft MVP and also owns a company called Enhansoft which provides a subscription service for all things reports, which extends the reporting capabilities in ConfigMgr. Enhansoft also provides a free report as a giveaway each month.
RESOLUTION:
With Garth’s help, the issue was quickly discovered and fixed quite easily. Bottom line is that I was using a local administrator account (CM01\Administrator) to login to my ConfigMgr server as opposed to using a Domain account (Dhalico\Harjit) with the necessary privileges. FYI, “Dhalico” is my domain. 1. Added the Dhalico\Harjit account in the ConfigMgr console under Administration > Overview > Security > Administrative Users (see image below) 2. Provided “Full Administrator” security role 3. Logged on to the ConfigMgr server as “Harjit” and tested running reports 4. Success! And Thank you Garth! 🙂
The installation of the ConfigMgr client on workstations and servers is pretty straight forward, and can be done manually, with Client Push, and Software Update Based client installation to name a few. However, it is not as simple when dealing with Windows VDI systems, where extra steps need to be taken to avoid duplicate ConfigMgr client GUIDs and certificates on cloned VDI systems. Below are the steps to follow.
On the master or template system:
Install the ConfigMgr client. Ensure it is properly functioning and has all the necessary components and actions.
Stop the SMS Host Service. This can be done by launching the Command Prompt (CMD) as Administrator and running the following command: net stop ccmexec
Delete the SMSCFG.ini file from the Windows folder location. In Administrator CMD, run the following command: del %WINDIR%\SMSCFG.ini
Delete the SMS Certificates. To do this, launch PowerShell as Administrator and run the following command: Remove-Item -Path HKLM:\Software\Microsoft\SystemCertificates\SMS\Certificates\* -Force
Remove the Inventory Action ID 1 in WMI. You can run the following command: wmic /namespace:\root\ccm\invagt path inventoryActionStatus where InventoryActionID=”{00000000-0000-0000-0000-000000000001}” DELETE /NOINTERACTIVE
Once the above steps have been completed, shutdown the master template, capture a snapshot, and provision the VDI systems. At this point, each VDI system will generate a unique ConfigMgr GUID and will function as expected.
For step number 5, this can be achieved by using the wbemtest tool with the following steps:
Launch wbemtest as Administrator
Click Connect
Change the Namespace field as root\ccm\invagt, and click Connect
Click on Enum Classes
Select Recursive and click Ok
Scroll down and locate InventoryActionStatus, and double click
