Archive for May, 2014

UE-V 2.1 provides the following new features and functionality.

Office 2013 Settings Location Template

UE-V 2.1 includes the Microsoft Office 2013 settings location template. It also includes improved Outlook signature support. In UE-V 2.1, only the signature data synchronizes between user devices. and synchronization of default signature settings for new, reply, and forwarded emails is added. Customers no longer have to choose the default signature settings.

Previously UE-V included Microsoft Office 2010 settings location templates that were automatically distributed and registered with the UE-V agent. UE-V 2.1 works with Office 365 to determine whether Office 2013 settings are roamed by Office 365. If settings are roamed by Office 365 they are not roamed by UE-V. To enable settings synchronization using UE-V 2.1, do one of the following:

• Use Group Policy to disable Office 365 synchronization
• Do not enable the Office 365 synchronization experience during Office 2013 installation.

UE-V 2.1 ships Office 2013 and Office 2010 templates. This release removes the Office 2007 templates. Users can still use Office 207 templates from UE-V 2.0 or earlier.

Fix for Distributed File System Namespace Users

UE-V has improved Distributed File System Namespace (DFSN) support by adding a UE-V configuration called SyncProviderPingEnabled. Disabling this configuration using PowerShell or WMI allows users to disable the UE-V ping. The UE-V ping causes an error when using DFSN servers because these servers do not respond to pings. The non-response prevents UE-V from synchronizing settings. Disabling the UE-V ping allows UE-V synchronization to work normally.

To disable UE-V ping use the following PowerShell cmdlet:

 Set-UevConfiguration -DisableSyncProviderPing

Additional Windows Settings

UE-V 2.1 lets customers with the ability to synchronize credentials and certificates stored in the Windows Credential Manager. This component is disabled by default. Enabling this component helps users keep their domain credentials and certificates in sync. Users can sign in one time on a device, and these credentials will roam for that user across all of their UE-V enabled devices.

UE-V detects if “Sync settings with OneDrive”, also known as Microsoft Account synchronization, is on. If the Microsoft Account is not configured to synchronize settings, UE-V synchronizes Windows 8 apps, AppX packages, and Windows desktop settings between devices. This lets users access their Store apps, music, pictures and other Microsoft Account-enabled applications without syncing outside of the enterprise firewall. UE-V checks whether Group Policy will stop synchronizing settings with OneDrive or if the user turns off the Sync your settings on this computer in the user controls.

UE-V now synchronizes touch keyboard personalization, the spelling dictionary, and enables the App Switching for recent apps and screen edge settings to synchronize between Windows 8 and Windows 8.1 Devices.

Administrative Backup and Restore

Administrators can restore additional settings when a user adopts a new device. Administrators can put a settings location template in “backup” or “roam (default)” profile using the Set-UevTemplateProfile PowerShell cmdlet. This lets computer settings in addition to user settings sync to the new computer. Templates assigned to the backup profile are backed up for that device and configured on a per-device basis.

You can download the UE-V 2.1 Beta her;


In the May update of Office Deployment tool and Office 365 ProPlus (15.0.4615.1001) an option that provides IT admins installing Office 365 ProPlus using the Office Deployment Tool for Click-to-Run the ability to exclude components of the Office suite, such as Access or InfoPath has been added. This is done with the ExcludeApp attribute as I’ll show you below.

This update was released after my previous blogposting on how to customize the Office 365 ProPlus installation, so this posting will only highlight the new way todo this. All other steps can be followed in my previous posting.

  1. I’ll edit my existing Install.xml and adjust it so it looks like this;1


In this posting I will walk through deploying and configuring the Enhanced Mitigation Experience Toolkit (EMET) 4.1 Update 1 with System Center Configuration Manager 2012 R2.

Last week EMET 4.1 Update 1 was released and included new functionality and updates, such as:

• Updated default protection profiles, Certificate Trust rules, and Group Policy Object configuration.
• Shared remote desktop environments are now supported on Windows servers where EMET is installed.
• Windows Event logging mechanism allows for more accurate reporting in multi-user scenarios.
• Addressed several application-compatibility enhancements and mitigation false positive reporting

There is also a Technical Preview 2 of EMET 5.0 released, but since in a preview it’s not recommended for production deployment at the moment.

I also encourage you to read the following articles before deploying in a production environment EMET mitigations guidelines & The Enhanced Mitigation Experience Toolkit, these articles covers application-compatibility risks and other things to think about before rolling out in wide-scale. I also encourage you to read the EMET User’s Guide that it’s part of the download to get familiar with the mitigation technologies, configuration options and application compatibility testing results.avatar (more…)


MDOP 2014 includes Microsoft BitLocker Administration and Monitoring tool (MBAM) 2.5, which represents a substantial update to our BitLocker management solution. MBAM is leveraged by organizations to simplify BitLocker deployment, key recovery, and compliance reporting. With this version, MBAM offers a series of improvements that will give businesses better control and help them achieve the highest level of compliance.2 (more…)