Wednesday, September 27, 2017

Change Windows 10 Edition with ConfigMgr

I dont know how I missed this recently, but this a great feature that I have history around. Simply put, ConfigMgr lets you change the Windows 10 Edition. This is pretty exciting for those of us with Software Assurance for the Workstation OS.

Around the Vista and 7 timeframe, my firm renewed our EA to include Enterprise Edition so I of course wanted to change from Professional to Enterprise on the existing systems to use those features. Easier said then done. On the consumer side, Microsoft had Windows Anytime Upgrade where you can go from Home all the way up to Ultimate, however on the corporate side not anything easy. A software refresh was the official solution after several conversations including with Michael Niehaus. While the pirates figured it out, but I could not really use that process at my firm. So we used attrition to get us over to Enterprise back then.

Fast forward to today and it is so much easier. Much work has been done by Microsoft to allow easier switching of corporate editions starting in Windows 8 with yet more improvements in Windows 10 today. With Windows 10 (1607) you can change the (KMS) key of a Professional install to Enterprise and without restarting your instance it is now Enterprise with all those features. Future changes look to change the edition when you first log in to the system!

They took it one step further by having ConfigMgr do this for you in at least 1606 Current Branch via a compliance setting. You can uplift to several higher editions.

In my environment we track everything via SCCM and have all sorts of Windows 10 collections and we actually have a few Professional Editions for whatever reason. So this will be deployed to that Professional Collection only.

Setup is simple, just navigate to \Assets and Compliance\Overview\Compliance Settings\Windows 10 Edition Upgrade in the SCCM console. Right click and select Create Edition Upgrade Policy.

Being a large Enterprise, we use ADBA for license provisioning so I entered a KMS key but you can use your firms MAK if you prefer. Microsoft provides the KMS client keys here. The screenshot is the Enterprise KMS so steal away.

After selecting Next you deploy this like any other complance setting by right clicking it and selecting Deploy.

All Done. I went from a few dozen Professional down to 1 quickly. I'll have to look at the one at some point.


Saturday, September 23, 2017

Domain re-join shortcut trick

We've all had it. A system with domain authentication issues. Usually it's the Secure Channel.

or way back

 but sometimes it's worse like the machine object being "accidentally" deleted.

For me to resolve these, I just log in with cached credentials and run some PowerShell like

 Test-ComputerSecureChannel -repair  

You can add "-cred "MYCOMPANY\username" if your password changed by then or if you have to use a different one that has rights.

or in the worse case when the object is not present

 add-computer -Domainname –cred “MYCOMPANY\kevin.fason”  

Many of my techs do not like CLI and have to use the mouse.  The accepted way is to remove it from the domain and make it a member of a workgroup, then join back to the domain with reboots in between and enabling a local admin account etc.

Instead of going through all that, did you know you can just enter the NetBIOS name of the domain? The system perceives this as you moving the system from one domain to another, even though its technically the same one, your just using the legacy NetBIOS name vs the FQDN of the domain.

Here is an example normally showing the FQDN of the domain:

Just change it to the NetBIOS and select OK. One reboot. all done. After the reboot it will revert to the FQDN domain name.

If you do not know what it is you can open a command/powershell prompt and type 'set USER' and it will tell both names via the USERDNSDOMAIN (FQDN)and USERDOMAIN (NetBIOS) variables. 

Or if you must use that mouse, you can open ADUC, right-click the domain, and select properties. Right on the general tab you will see it listed under 'Domain name (pre-Windows 2000).

Who knows how long this will work as forest/domain functional levels are uplifted.