How to set “Use cellular instead of wi-fi” with Group Policy.

Recently, a couple of clients had this issue with their Windows 10 notebooks. They were automatically switching over to mobile broadband/WWAN network in locations where wifi reception was poor. This was not the preferred option for their office environment because staff were familiar with controlling mobile broadband manually (and the associated costs!).

We found the option: Settings > Network & Internet > Cellular > Use cellular instead of Wi-Fi (shown below) – Disabling this setting had the desired outcome. But there was no matching group policy.

UseCellularInsteadOfWifi - How to set "Use cellular instead of wi-fi" with Group Policy.
Windows 10 1809 options under Settings > Network & Internet > Cellular

A little time with procmon highlighted that it’s controlled via the following registry setting:

AllowFailover (REG_DWORD)
0 = Never
1 = When wifi is poor
2 = Always

You can apply this across your fleet by using a custom Group Policy Preference.

ConfigMgr OSD taking hours to complete due to LEDBAT misconfiguration

Hi All

I recently had a customer report that their Windows 10 deployment was taking 7+ hours to complete at one of their remote sites. After confirming that the machine was pulling content from it’s local Distribution Point, I started looking at the server itself, which is running Windows Server 2016.

The customer mentioned to me that they had enabled LEDBAT on this Distribution Point via the ConfigMgr console, and had then disabled it after hearing reports of OSD issues at this site.

I came across this article which stated that a misconfiguration of LEDBAT could cause slow download speeds when pulling content from a Distribution Point, so I decided to double check that this wasn’t the case. Instead I found that there were still traces of incorrect LEDBAT configuration on this server even though it had been disabled via the ConfigMgr console.

LEDBAT - ConfigMgr OSD taking hours to complete due to LEDBAT misconfiguration
LEDBAT misconfiguration

After running the following PowerShell command to remove this configuration, and then confirming it no longer existed, build times returned to normal!

Remove-NetTransportFilter -SettingName DatacenterCustom

Note that the Primary Site server has the latest 1806 update rollup installed which has fixes for LEDBAT configuration issues, however I am not sure if it was installed after LEDBAT had been enabled on this Distribution Point.

So if you hear that deployments are taking a long time to complete, check that LEDBAT misconfiguration isn’t causing the problem!

Hope this helps!



ConfigMgr Software Center crashing with “SCClient has stopped working” on Windows 10

During a recent Windows 10 SOE engagement, our customer reported that the ConfigMgr Software Center would crash a few minutes after opening it with the error “SCClient has stopped working”.

SCClient 300x148 - ConfigMgr Software Center crashing with "SCClient has stopped working" on Windows 10
“SCClient has stopped working” would appear several minutes after launching Software Center

Upon investigation it turns out that other applications, such as the PowerShell ISE, were also randomly crashing with the same issue. The Application Event Log pointed towards .NET Runtime, however the issue was only happening on a specific model (the HP EliteDesk 800 G1) – other hardware models running the same Windows 10 SOE were fine.

eventvwr 300x232 - ConfigMgr Software Center crashing with "SCClient has stopped working" on Windows 10
Application log was showing .NET Runtime errors

So it was a hardware specific issue and fortunately it turned out to be a simple solution – the ‘latest’ graphics provided by HP for the Intel HD Graphics 4600 graphics card, which was several years old, was causing the issue. Updating the driver to the latest release from Intel’s website, which had been released in early this year, fixed the problem!

Hope this helps!



Microsoft security updates you need to deploy now

Microsoft issued for what was described as the “worst Windows remote code exec (execution exploit) in recent memory.” The severe vulnerability in Windows Defender allows an attacker to take over an entire machine without  any user interaction.

Hours after this out-of-band emergency patch, Microsoft released its monthly “Patch Tuesday” updates.

The remote code execution flaw (assigned as CVE-2017-0290 by Microsoft in its security advisory) could allow an attacker to remotely execute malicious code and take over an entire machine.

May’s updates also include three other zero-day fixes. It’s important that you update your Windows machines as soon as you can.

Other Zero-day fixes

The first vulnerability (CVE-2017-0261) is a remote code bug that affects Microsoft Office. With this exploit, an attacker can send or trick victims into viewing a poisoned graphics file to take over their machines. Microsoft stated that they have received reports of limited targeted attacks using this flaw.

The next vulnerability (CVE-2017-0263) is an elevation of privilege flaw that allows any logged-in user to take control of a machine by running a specially crafted application. According to Microsoft, this flaw was exploited in the wild.

The third vulnerability (CVE-2017-0222) is another remote code execution weakness, this time in Internet Explorer. This flaw can be triggered with a specially crafted website causing Internet Explorer to improperly access objects in memory. Microsoft stated that this issue was also exploited in the wild.


WannaCry ransomware & SecurityUpdate for Microsoft Windows SMB Server (4013389)

WannaCry ransomware outbreak as of 13/05/2017

For organisations around the world that have been hit with the WannaCry ransomware,  its leveraging a flaw in Microsoft’s Windows SMB service. The critical vulnerability was patched by Microsoft on March 14, MS17-010.

Unable to open Microsoft Edge in Windows 10

I had an issue for a customer this week where Microsoft Edge had suddenly disappeared from their machine.

Running the Get-AppxPackage PowerShell cmdlet confirmed that the universal application was still installed on the machine:

Get-AppxPackage | where Name -like *MicrosoftEdge*

msedge 1 - Unable to open Microsoft Edge in Windows 10

So Microsoft Edge was still on the machine and fortunately PowerShell came to the rescue.

Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" -Verbose}

msedge 2 1024x249 - Unable to open Microsoft Edge in Windows 10

This successfully reinstalled Microsoft Edge and restored it’s functionality!



When does a Windows 10 release reach end of life?

Earlier this year I spoke at the inaugural System Center Universe Australia event on managing Windows 10 servicing with ConfigMgr. At that time, we only had two releases of Windows 10 and Microsoft had not been exactly clear when a release would reach end of life and stop receiving updates and support. We knew that there was minimum support of a year for each release, so what would happen to the initial 1507 build after this milestone had passed? How much longer were Microsoft planning on supporting it?

Quick recap of Windows 10 Servicing

To provide a more agile release cycle of new operating system features and improvements, Microsoft moved to a servicing model with the release of Windows 10. The model allows Microsoft to introduce new features, take advantage of new hardware innovations and provide security improvements without having to release service packs or entirely new versions. Remember, as Terry Myerson stated “there’s no one working on a Windows 11” (for now!)

To manage this release life cycle, Microsoft introduced the concept of ‘branches’ where each release would be staged and promoted from one branch to another once it had been deemed ‘ready’ for consumers and the enterprise. The release branches are as follows:

  • Windows Insider Program
  • Current Branch (CB)
  • Current Branch for Business (CBB)
  • Long Term Servicing Branch (LTSB)

By default, Windows 10 Home, Pro and Enterprise are on the Current Branch release schedule, and only Pro and Enterprise editions can join the Current Branch for Business cycle. LTSB does not receive operating system feature updates however it still receives monthly cumulative updates like the CB and CBB releases. The Windows Insider Program is an opt-in release schedule which receives early preview builds of Windows 10 and once a release is deemed release ready, it is promoted to Current Branch. This post will focus on the CB and CBB servicing branches.

Windows 10 Code Base


Current Windows 10 Releases

So far, we have had three releases of Windows 10 (excluding the Windows Insider Program and LTSB):

  • Windows 10 1507 (CB and CBB released July 2015)
  • Windows 10 1511 (CB released November 2015, CBB released April 2016)
  • Windows 10 1607 (CB released August 2016)

Windows 10 current versions by service option

When Microsoft released Windows 10 1507 in July 2015, it was the first Current Branch release of the operating system. Microsoft also released it to the Current Branch for Business branch as it was first time a Windows 10 build had been promoted to Current Branch. Microsoft’s goal with Current Branch for Business releases is to ensure that they are ‘enterprise ready’ by delaying the Current Branch release by at least 4 months to ensure that any major issues can be identified and resolved quickly. The Current Branch for Business release is the same as the Current Branch release however the latest cumulative update release is also included.

Support model for Windows 10 CBB releases

Microsoft have stated that they will only ever support two CBB releases at a time which at this stage are builds 1507 and 1511. Build 1607 is only a month old and will not be promoted to CBB for at least another 3 months.

Microsoft also recently announced that support for an expiring CBB release will be extended by 2 months to give organisations more time to plan and migrate to a newer CBB release. So therefore two months after 1607 is promoted to CBB, release 1507 will reach end of life and will no longer receive support or updates, which will be around February or March 2017.

Windows 10 Servicing

It’s also important to note that the LTSB has 10 years of support and updates (5 years support + 5 years extended support) so upgrading to newer LTSB releases such as the August 2016 version is optional.

Windows 10 releases moving forward

This year we are only receiving 1 new Current Branch release even though the frequency of Windows Insider Program releases has increased, as Microsoft has received feedback from the enterprise market stating that their initial intention of 3 to 4 CB releases a year was too aggressive and difficult to manage. Additionally Microsoft have stated that they are expecting to release only two more CB releases in 2017.


So to summarise:

  • Microsoft will only ever support two CBB releases at a time
  • After a third CBB release, the oldest CBB release will expire 2 months later (so really, Microsoft are supporting 3 releases for a short period of time!)

If you are currently running Windows 10 1507, you have approximately 5 to 6 months to migrate to a newer release, assuming that 1607 will be promoted to CBB in 3 to 4 months time (around December 2016 to January 2017) which includes the additional 2 months support. We recommend that you plan to do this as soon as possible to ensure that you have enough time to move to a supported release. If you are still evaluating Windows 10 or are about you, we recommend that you consider starting with build 1607 so that you receive the new benefits and longevity of this release.

If you have any questions or would like to discuss your Windows 10 servicing strategy further, feel free to leave a comment below or get in contact with us via our website