Microsoft Policy Analyzer 3.0 Update available

WARNING: THIS link will download Policy Analyzer 3.0 and samples in a safe zip file from Microsoft:

Microsoft Policy Analyzer 3.0 is now available  and according to Aaron Margosis: “Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs).”  There is a pdf file that is included with the download that explains how to use the application. The new updated 3.0 version also includes several PolicyRules files that can be imported into the Policy Analyzer application and used to compare to the computer’s policies or any imported GPO backup files.

The best use of this software in my opinion is to use it in a domain to analyze your organization’s Group Policy Objects and to look for conflicts with Local Policies or within all the GPOs. You can point it to the SYSVOL folder and import the group policy objects that are being used in the domain. Then by comparing them, you will be alerted to any conflicts and you can export the results to an Excel spreadsheet. It is an excellent tool that will take some time to get used to, but it is extremely important for any security professional to do an analysis of an organization’s policies.



Shop Amazon Gift Cards. Any Occasion. No Expiration.

Microsoft Security Compliance Manager 4.0, Policy Analyzer, and LGPO – Security Admin Tools


(Microsoft’s Channel 9 Podcast – Defrag Tools)

I recently installed the Security Compliance Manager 4.0 using and already installed version of SQL Server 2016 express. This is how you need to install SCM 4.0 on windows 10, since SQL Server 2008 is no longer compatible with Windows 10. If you do not already have SQL Server Express installed, then you need to download and install SQL Server express 2014 or 2016 and install just the engine. Then you can install Security Compliance Manager 4.0 and it will ask for an installed instance of SQL Server and you must choose the name of the instance that you just installed. Then SCM4.0 will install successfully on Windows 10. Although Petri.com has posted a review of Microsoft Security Compliance Manager in 2014, there is now a new version available and this post will discuss Version 4.0. Security Compliance Manager will allow you to download Microsoft recommended Security Baselines for Windows 7,8, and 10, and for Windows Server 2012, 2016, and SQL Server 2012. These baselines contain group policies and settings that are recommended by Microsoft to secure your Active Directory domains.

Also available now is Policy Analyzer.

Policy Analyzer

Photo of Policy Analyzer from Microsoft Security Guidance blog on Microsoft TechNet.



The most interesting of the new baselines is perhaps the Windows 10 1607 Security Baseline, and it is available to download after you install Security Compliance Manager 4.0. This baseline can be exported to an Excel spreadsheet that separates the settings and configurations into different tabs. For some reason I am not able to preview this page anymore as I type it, I think adding Google tag manager has screwed it up. So I’m going to post this and then investigate what happened, and I might have to remove the Google Tag Manager. Hopefully I will continue this post later, if you have any questions about these two security software applications from Microsoft feel free to email me at james at jgnetworksecurity.com.

Use the Nano Server Image Builder to build your Nano Server vhdx files for Hyper-V

Nano Server image builder Create New Image

Nano Server Image Builder Select Scenario page

The Nano Server Image Builder is a simple GUI tool that helps create a Virtual Hard Disk of a Nano Server image for a Virtual Machine, or it can create a bootable Usb drive for a physical installation. You can download the tool from the Microsoft Download Center.

Image Builder page two

NanoServer Page Two

Page 3

Nano Server Image Builder page 3

The first thing you want to do before you start creating a nano server image, is to mount a Windows Server 2016 ISO. This will cause a drive letter to be created with the Windows Server 2016 Image mounted, which is required for the application because the Nano Server media folder needs to be available for the application. This application is basically a front end for the PowerShell script New-NanoServerImage. Now go through the wizard and be sure to create a name for the Virtual Hard Disk, by entering Name.vhdx. If you are going to want to join this nano server to a domain before starting it, you will have to provision a djoin.exe blob. When the wizard completes and you create the NanoServer vhd or vhdx file, now you need to create a new virtual machine and use this vhdx as the hard drive for the new Hyper-V virtual machine.

Wizard Page 4

Nano Server Image Builder Wizard Page 4

Nano Server Image Builder pg 5

NanoServer Image Builder Page 5

Image Builder Page 6

Nano Server Image Builder Page 6

Nano Server Image Builder page 7

Nano server image builder page 7

Page 8 on nano server image builder

Nano server image builder page 8

Nano Server Image Builder page 9

Page 9 of the Nano Server Image Builder

Advanced Configuration

Nano Server Image Builder Page 10 – Advanced Configuration

Add Servicing Packages

Page 11 – Add Servicing Packages

Add Scripts and Binaries

Page 12 – Add Scripts and Binaries

Developer Mode

Turn on Debugging Mode and Developer mode

Final Page of Wizard

Final Page of Nano Server Image Builder

Windows Server 2016 Finally Available. Here’s the links to evaluate it:

Windows Server 2016 Evaluate Windows Server 2016” Evaluation Version of Windows Server 2016 and Nano Server VHD

After downloading Windows Server 2016, which is build number 14393.0.160715.1616.RS1-Release (Redstone 1 Release), you can download an 18 page PDF guide called “The Ultimate Guide to Windows Server 2016”

Microsoft Ignite is underway in Atlanta Georgia, and you can watch the keynotes and sessions all week at the https://ignite.microsoft.com/ website which is sure to have some interesting sessions all week long from September 26-September 30.

Update on OneNote update KB2760600 problem still waiting for response.

I have notified Microsoft about this issue and it is being investigated internally. They have kept it pretty quiet so far, but I am sure there will be a response eventually. In case anyone doesn’t know what the problem is, it goes like this… After a Windows 8 Pro computer with Microsoft Office 2010 32 bit installed, the Windows Update from March 2013 KB2760600 is attempted and the user is asked to reboot. Upon rebooting, all other updates install smoothly, yet there is one last update that refuses to install and reboot the computer. The screen looks like this:

OneNote update KB2760600 hangs on restart

KB2760600 hangs on restart

. In fact, this has happened everytime I reboot my computer even after hiding the update, and if I check installed updates, this update is listed as installed, but I know this is the problem, because if I unhide the update and check for updates again, this is the only update that shows up.

Some users on the Microsoft Community forum have suggested that turning off the Print Spooler Service has fixed this problem for them, unfortunately this has not eradicated the problem on my system. (I have tried it twice). Now my system may not be normal because I have Microsoft Office Home Premium 2013 also installed alongside Office 2010, but this should not be an issue. I have not had much time to really dive into this problem yet, as I am currently enrolled in WGU and have been spending all my time studying for exams and trying to swiftly move along in my studies.

Here are some links that reference people also having this problem…
1.http://answers.microsoft.com/en-us/windows/forum/windows_8-windows_update/update-failure-issue-for-kb2760600-fail-code/46055317-4068-4189-8a0a-fc88190a66d4

2.http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/security-update-kb2760600-for-onenote-2010-hangs/05b201c4-b040-40bd-8403-68c576aaaa79

3.http://answers.microsoft.com/en-us/office/forum/office_2010-onenote/kb2760600-not-installing/811842f5-6a58-40e1-a107-7303ddc4dcdf

If any of the solutions here work for you, then you are lucky. I have tried them all and everytime I reboot I have to forcefully shutdown the computer again. Anyway, hopefully this may be answered on a future episode of Defrag on Microsoft’s Ch.9 since I have forwarded the issue to Gov Maharaj and Larry Larsen.

EDIT: Apparently, it has come to light that many of the people reporting this issue actually have HP printers installed. I have not confirmed this yet, but some people have said that they uninstalled their HP Printers / HP software and then the update installed. Updates will come as soon as we verify this after testing.