Save yourself from insanity – MDT, ZCM Agent and Windows 10…

Following on from previous posts this summer marked the end of an era with Windows 10 finally usurping it’s predecessor on our network. With 2500+ machines to deploy over the summer break the process had to be slick and for 90% of the summer it was… however something changed right at the end and it nearly sent me insane. Not quite though so here’s a post to save anyone else the fun and games (!)

ZCM Agent deployment via MDT

During all our test runs we had the ZCM Agent deployed via a Powershell script in the MDT Task Sequence. It went somewhere in the middle of the TS as per the Microsoft default template along with all the usual suspects (Chrome, Office and so on) and we didn’t need to think anything more of it.

All our pilot machines deployed beautifully, as did the first 2000 devices over our summer, registering neatly into ZCM as you’d expect it to.

The script we use can be found here:

Ref: https://www.novell.com/communities/coolsolutions/cool_tools/installing-zenworks-agent-microsoft-deployment-toolkit-mdt/

Looking back at the webpage now I can actually see another user in the comments describing the situation we encountered, around the same time too so onward to the next part of the post…

Breaking the law (of logon)

However around the end of August our technicians started reporting images failing part way through. At first it was one or two machines out of 15-20 in a classroom but over the course of a week or so it was becoming worse to the point where most were failing and successes were the exception rather than the rule.

The failure occurred within the autologon process that takes place as MDT reboots between deployment stages using the local administrator credentials defined in the Deployment Share.

The logon screen appeared to be corrupted as it was a hybrid mix of the Microsoft Account login screen (with an email address input box) mixed with local login (username and password fields below).

Once the failure occurred there was no way to rescue the image, in fact the only way to restart deployment was to boot into WinPE, bring up command prompt (F8) then clean the drive using

diskpart > select disk 0 > clean

A reboot is then required to start a fresh deployment attempt.

Troubleshooting

Given that a Microsoft Account screen was appearing the first thing I tried was a registry hack to disable that feature entirely

Ref: https://www.top-password.com/blog/block-or-disable-microsoft-account-in-windows-10-8/

Putting this in the TS and running again disabled the Microsoft Account login but gave us a different failure, this time a completely blank login screen with just the lock screen wallpaper showing as per the image below:

If you stood and watched for long enough there was a subtle flash on the screen every couple of minutes, as MDT presumably tried (in vain) to enter the autologon credentials.

Reviewing deployment logs (BDD.log for the in-progress machines) didn’t show any failures, just a nice series of applications deploying, a clean reboot and then… nothing. Looking at where we’d got to in the TS it became clear the failure occurred between Windows Updates (Pre Application Install) and finishing the Applications stage.

At this point I started thinking of what may have changed, given we hadn’t modified the TS since the start of summer. The only two things that sprang to mind were

1. a new version of the Impero client that we use for classroom management (adds a helper application on the login screen for users to request remote assistance)
2. a new cycle of Windows Cumulative Updates (2018-08 vs 2018-07)

It was simple enough to absolve the Impero client of blame – we disabled it in the TS with no change to the failures.

The second point is a bit harder to isolate. Initially I declined the 2018-08 Cumulative Update for Windows 10 but that had no effect either.

In desperation I also completely rebuilt the Boot Images and upgraded MDT from 8443 to 8450, as there were some notes about additional compatibility for Windows 10 1709 (which we’d decided to stick with as our standard build some time back).

At this point the imaging failures were threatening to put us behind schedule so one Sunday in the peace and quiet at home I fired up the VPN, deployed 3 blank Hyper-V VMs on my work desktop and decided to keep testing, imaging and re-imaging until I’d cracked it.

The fix (TL;DR people scroll to here 😉 )

Once I’d got the test VMs set up I started to work through some theories of what could be happening to break autologon all of a sudden. Removing some of the Reboot steps in the TS delayed the failure but didn’t prevent it from happening.

Looking through the list of Applications most are pretty benign in terms of how they affect Windows but the ZCM Agent stood out to me, knowing it hooks into the Windows GINA to obtain Passive Login credentials. It was a bit of a hunch but a logical one given most other options had been exhausted by this point.

I decided to move it right to the end of the TS, with only installing AV and Join Domain after it. Voila, success!

At this point I then had a search around for anything pertaining to this behaviour to try and explain the root cause and found something very, very similar…

Zenworks Passive Mode login stops working after upgrade to Windows v1709 or v1803

Ref: https://www.novell.com/support/kb/doc.php?id=7022478

It would appear Windows Updates can trigger the same behaviour (and issues) on the ZCM Agent, perhaps not entirely surprising given the final line

“The exact conditions on when it may or may not occur are not fully known since it is the Windows Update, not ZENworks Code, that is removing these keys.”

There is also this issue as well, which we configure via GPO once the machine has joined to the domain but also exhibits Passive Mode login issues. However it never caused us problems prior to the August updates:

Ref: https://www.novell.com/support/kb/doc.php?id=7022379

However I also wondered why this didn’t happen consistently on every machine, given they all should’ve been installing the same updates? Looking at our WSUS server it was getting worked hard, despite having had a memory upgrade and IIS pool increase a while back.

Pushing the WSUS server up to 4 vCPU / 16GB RAM / IIS pool increased to 8GB (who said WSUS doesn’t need much resource?!) seems to have made the update installation process quicker.  That makes me wonder if some machines weren’t picking up all the updates and thus the failure didn’t occur every time.

The story does come with a happy ending, after finding the fix (plus an early start the following Monday) the remaining machines were imaged in time for our new classrooms to be brought online at the start of term.

The moral of the story

Keep your ZCM Agent install step as close to the end of your TS as possible and definitely after all Windows Update steps have already ran!

(also VMs on a fast Samsung Evo SSD are a lifesaver for troubleshooting!)

 

MDT – Windows 10 deployment watch

With our MDT environment up and running we’ve been refining our Windows 10 build over the past couple of months, sending out pilot builds to specific areas so we’re confident in the process when it comes to large-scale deployment over summer.#

This post focuses on a few Windows 10-specific tweaks that we’ve made to the Task Sequence that may be of interest…

Thin image approach

In the past I was a fan of what could be called a Hybrid image model in as much that I’d create a “Base” Reference image in a VM, usually comprised of Windows + Office + Updates. That would get captured and become the WIM file that goes into the Task Sequence.

However with Windows 10 I’ve decided to go down the completely thin approach that’s best represented as either a sandwich or hamburger depending on your culinary preference (!) Effectively the deployment gets built from its component parts, starting from an unaltered source Windows 10 WIM file extracted from its parent ISO image.

In our case we’ve settled on Education 1709 x64 as the build to deploy, due to some useful features such as OneDrive Files on Demand and Windows Defender Exploit Prevention. Along the way we’ve also used the 1607 and 1703 builds. The advantage of using the Thin image method is that we can swap the OS out at will with two clicks, rather than having to go through a Capture process that seems to have the potential for error.

Secure Boot validation

Windows 10 1709 brought in some new security features which benefit from machines being converted to UEFI rather than BIOS mode and in some cases (Windows Defender Credential Guard) needs Secure Boot too. Seeing as we need to update the BIOS > UEFI on older machines anyway it made sense to enable Secure Boot at the same time.

Ref: https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1709

The question was how to ensure that a machine is correctly configured before starting the imaging process (as converting later on is far from ideal).

The answer is to run cmd.exe to send a non-zero return code if specific requirements are met:

1. Task Sequence variable isUEFI is false and \ or
2. UEFISecureBootEnabled registry key is 0

If the machine is configured incorrectly the Task Sequence will fail before it even starts to pull down the image. To ensure you catch it early enough add the step here:

Putting the two together looks like this:

  

Removing the cruft

Sadly despite Microsoft giving Education our very own specific build of Windows they didn’t extend the effort into cleaning up the junk that gets pushed down with a standard Windows 10 installation. Seriously who wants Candy Crush on their business machines?!

Fortunately scripts exist to assist with cleaning up the junk shipped with the OS so it’s suitable for deployment. Now we can do this with DISM at image level but again my aim is to avoid tinkering with the Microsoft media if possible so I prefer the following PowerShell method…

https://gal.vin/2017/04/06/removing-uwp-apps-mdt/

Disable Refresh \ Reset

Another Windows 10-specific tweak is to disable the Refresh \ Reset menu that users can access either by using the Settings app or by holding shift while a machine reboots. In our case we don’t want users to wipe their machine clean of provisioned applications and it appears that this functionality will work even without local admin rights (!)

The solution to this one came via the EduGeek forums courtesy of ErVaDy using bcdedit commands:

Ref: http://www.edugeek.net/forums/windows-10/164236-preventing-shift-restart-into-recovery-mode-5.html

Place the commands below into a batch file and run as an Application or Task Sequence step:

reagentc /disable
bcdedit /deletevalue {current} recoverysequence
bcdedit /set {bootmgr} bootems off
bcdedit /set {bootmgr} advancedoptions off
bcdedit /set {bootmgr} optionsedit off
bcdedit /set {bootmgr} recoveryenabled off
bcdedit /set {current} bootems off
bcdedit /set {current} advancedoptions off
bcdedit /set {current} optionsedit off
bcdedit /set {current} bootstatuspolicy IgnoreAllFailures
bcdedit /set {current} recoveryenabled off

Updating OneDrive Files on Demand Client

In a way that only Microsoft can Windows 1709 shipped with an old version of the OneDrive client that doesn’t work with the much-anticipated Files on Demand feature straight out the box 😦

Although the client does auto-update we didn’t want any automatic sync starting without the placeholder functionality being in place so I’ve scripted an Application in the MDT Task Sequence to take ownership of the file on the newly deployed image, copy the latest version of the client over and then set everything back as it was.

For more details and the script itself please see my previous post OneDrive Files on Demand – update!

Pre-staging printer drivers

During our Windows 10 deployment we’re also migrating to a new set of Windows Print Servers, along with new GPOs to map them. However in initial testing I noted the first user to log in had a long wait whilst drivers were copied down from the server and installed.

Although subsequent logins won’t get this issue it doesn’t give a good first impression to the initial user so I wanted to find a way around it.

Step forward the very useful printui.dll 🙂

Ref: https://larslohmann.blogspot.co.uk/2013/12/install-printer-driver.html

Because we’ve rationalised our print fleet over the past few years in a move towards MFDs I only have 3 drivers to cover the entire range of hardware. By using a script method I can then pre-stage the drivers onto the machine at image time and speed up that first logon significantly!

Again paste this into a batch file and call as an Application (use an Application step instead of  Run Command Line as you want the driver files copied into the Deployment Share)

cscript "prndrvr.vbs" -a -m "HP Universal Printing PCL 6" -i "%CD%\HP Universal Print Driver\pcl6-x64-6.4.x.xxxxx\hpcu196u.inf"

Note the use of %CD% to ensure the path to the driver file is resolved correctly!

WSUS resources

Although there’s nothing special about running Windows Updates in MDT (use the built-in Task Sequence steps) we noticed that our WSUS server was struggling and sometimes hung the “Install Updates” step of the Sequence. The WSUS console then become unresponsive on the server end too.

After further research it turns out our increasing number of machines needs more resource than the default WSUS limit of 2GB  in the IIS Application Pool to handle the connections. Upon making the change below it’s back to being stable again.

Ref: https://sysadminplus.blogspot.co.uk/2016/11/wsus-console-crashed-after-running-some.html

Ref: https://www.saotn.org/wsuspool-keeps-crashing-stops

Ref: https://blogs.technet.microsoft.com/configurationmgr/2017/08/18/high-cpuhigh-memory-in-wsus-following-update-tuesdays

Run WinSAT

An oldie-but-goodie; running the WinSAT assessment tool at the end of setup will make sure your machine is properly benchmarked and appropriate performance tuning is performed by Windows. It doesn’t take long so I thought it worth continuing with:

Ref: https://deploymentresearch.com/Research/Post/624/Why-adding-WinSAT-formal-to-your-task-sequence-can-be-a-shiny-thing-to-do

Just add a Run Command Line step with the following in the box:

winsat.exe formal

OneDrive Files on Demand – update!

After our initial post getting the new Windows 10 1709 OneDrive client up and running with Files on Demand we had one or two little snags left to fix. Both of which are now resolved so thought I’d make a quick ICYMI post to cover the final pieces of the puzzle to getting everything up and running perfectly 🙂

Outdated client on the image

In true MS fashion the 1709 ISO ships with the old OneDrive client (epic fail) which means users have an annoying wait while it updates. There’s also the possibility to start off with the wrong client and therefore syncing files down by mistake.

I was trying out an updater script that would copy over the new client but didn’t have much success in MDT. After looking more closely at the logs with CMTrace I could see it failing on the copy operation so I added a Suspend action and tried each step manually. That flagged up an access denied error.

I then realised that MDT runs its scripts as the local Administrator user rather than SYSTEM as SCCM would, therefore the script’s permissions need tweaking for MDT use:

%SYSTEMROOT%\system32\takeown /f %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe >> %SYSTEMROOT%\logs\Onedrive.log
%SYSTEMROOT%\system32\icacls %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe /Grant Administrator:(F) >> %SYSTEMROOT%\logs\Onedrive.log
Copy OneDriveSetup.exe %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe >> %SYSTEMROOT%\logs\Onedrive.log /Y
%SYSTEMROOT%\system32\icacls %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe /Remove Administrator:(F) >> %SYSTEMROOT%\logs\Onedrive.log

This works like a charm! The updated client is installed during the Task Sequence and the first run as a user now begins with the 2017 client.

I’m also thinking of setting up a scheduled task on the MDT server to pull down the latest OneDrive client at regular intervals so the Task Sequence always deploys the latest version. That should do the trick until Microsoft see sense and push it out properly via WSUS.

Silently configure OneDrive using the primary Windows account

The final piece of the puzzle is to make the client log in via SSO so users have a fully configured OneDrive without any additional login prompts. I was puzzled by this not working initially as the GPO looks straightforward but it didn’t seem to do anything.

I’d read that the SSO relies on ADAL (aka modern authentication) so I initially wondered if our SSO provider hadn’t implemented that yet. That didn’t seem to make much sense as ADAL has been out for a while now so I hit Google a bit more deeply to try and find some further detail.

Soon came to this page, which I’m sure I’ve seen before:

Ref: https://support.office.com/en-gb/article/Use-Group-Policy-to-control-OneDrive-sync-client-settings-0ecb2cf5-8882-42b3-a6e9-be6bda30899c#silentconfig

The key (pun not intended, honest!) is the EnableADAL.reg file that’s squirrelled away at the bottom of the page. Deploy that via GPP et voila, one perfect blue OneDrive icon without any user interaction 🙂

What next?

Having got Files on Demand working how we want with minimal cache, SSO and the latest client we can now move onto piloting it with our users. I’ve been tweaking Windows 10 GPOs today for some of the newer features such as Windows Defender Security Center, Exploit Protection etc. so the configuration is looking good enough for some early adoption!

OneDrive Files on Demand – first steps

After much anticipation and playing with Windows Insider previews OneDrive Files on Demand finally hit general release alongside Windows 10 1709 (Fall Creators Update) the other week. I’ve been giving it a test drive over the past week or two along with fellow Network tech Matt Stevens – here’s a few of our observations so far along with workarounds for a couple of teething issues.

Windows 10 build

There is one pretty important requirement to bear in mind with the new Files on Demand feature; it’s only available in build 1709 and above. That means you need to be on the semi-annual (aka CB) branch rather than the LTSB route that some people have taken.

Ref: https://blog.juriba.com/windows-10-branching-timeline

It’s new features like Files on Demand that make the additional work of staying up-to-date worthwhile; so far we have a couple of hundred laptops running 1703 without too much fuss so 1709 should slot in fairly smoothly as we build our images layer-by-layer now using only the pure Microsoft WIM as a starting point.

We tamed (nuked) the built-in apps via a very handy Powershell script we found online (also see alternative version here) that runs during MDT deployment and the Start Menu default tiles are cleaned up via a GPO layout file. Configure your Windows Store for Business (or Education as case would have it), tweak a few more policies for Cortana, Telemetry etc. and Windows 10 becomes much more manageable even on the latest build.

Why Files on Demand?

If you don’t know what all the fuss is about check out the initial Insider announcement:

Ref: https://blogs.windows.com/windowsexperience/2017/06/13/onedrive-files-demand-now-available-windows-insiders/#kwLbqguOTefId6pv.97

Ref: https://blogs.office.com/en-us/2017/05/11/introducing-onedrive-files-on-demand-and-additional-features-making-it-easier-to-access-and-share-files/?eu=true

What it basically means is that we can finally integrate (huge amounts of) cloud storage with our on-premise desktops in a much tighter fashion and dispense with (unsupported) scripts or (expensive) third party tools to access OneDrive on a Windows desktop using File Explorer. It also means not having to deal with WebDAV, which always felt a horribly dated and clunky protocol to use for accessing cloud storage.

As soon as the 1709 ISO hit VLSC I grabbed it from Microsoft, slotted the new WIM into one of my MDT Task Sequences and deployed a VM to give the production version a try. It shows much promise but as always there’s some gotchas that mean nothing is ever quite straightforward.

Client version

Microsoft being Microsoft always have one shoot-self-in-foot moment whenever a new product comes out and this release was no exception. Despite having the freshly downloaded 1709 ISO I noticed that on first launch the client was showing up as 2016 and not the latest 2017 (17.3.7076.1026) that brings in Files on Demand

https://support.office.com/en-gb/article/New-OneDrive-sync-client-release-notes-845dcf18-f921-435e-bf28-4e24b95e5fc0

that’s the one that you want…

There’s a useful summary of the client install \ update process below. It does strike me as odd that the client self-updates and installs from appdata rather than being managed by WSUS.

Ref: http://deploynovellas.com/2016/05/25/install-onedrive-ngsc-update-windows-10-osd

Similarly it also takes a while to update when deployed on a clean 1709 build due to the initial client being out-of-date. This also means if a user is a bit too quick off the mark they can end up with an old-school full sync rather than Files on Demand.

I’ve been trying to replace the client during the deployment Task Sequence but more testing is required as my initial attempt failed with “Application Microsoft OneDrive 17.3.7073.1013 returned an unexpected return code: 1”.

Ref: http://model-technology.com/next-gen-onedrive-deployment-during-sccm-osd

I’ve added a Suspend action to the Task Sequence and will examine the logs to see what’s going on as the script tries to run…

Group Policy

To get more control over how the client is used grab the updated Group Policy templates from the local installation folder %localappdata%\Microsoft\OneDrive\BuildNumber\adm\

Ref: https://support.office.com/en-gb/article/Use-Group-Policy-to-control-OneDrive-sync-client-settings-0ecb2cf5-8882-42b3-a6e9-be6bda30899c

We force Files on Demand to be enabled as we don’t want sync cache eating up drive space on machines. We also configure our tenant ID (found via the Azure AD portal) so only Office 365 accounts can be used.

Configure these under Computer Settings > Administrative Templates > OneDrive

• Allow syncing OneDrive accounts for only specific organizations > Enabled (using Tenant ID)
• Enable OneDrive Files On-Demand > Enabled
• Silently configure OneDrive using the primary Windows account > Enabled

I need to check if our third-party identity provider supports ADAL to make sure that last GPO setting works correctly. In the future we may well move to Azure AD Connect Passthrough authentication instead.

Clearing local cache (Free up space)

One important thing to remember about using Files on Demand is that when a file is either downloaded from the cloud, or freshly uploaded to it a cached copy will be kept on the local machine.

Over time (or with a large upload) this cache could grow and cause similar issues to what we were trying to avoid, especially with a shared machine and large volumes of users (pretty much the case for all our classroom machines)

At present it seems that no policies exist to force the “Free up space” option that removes the cached copies of files. However the article below suggests that using the new file attributes that have been brought in with 1709 can automate the process.

“Attrib.exe enables 2 core scenarios.  “attrib -U +P /s”, makes a set of files or folders always available and “attrib +U -P /s”, makes a set of files or folders online only.”

https://techcommunity.microsoft.com/t5/OneDrive-Blog/OneDrive-Files-On-Demand-For-The-Enterprise/ba-p/117234

We tried a script that runs on the root OneDrive folder and sure enough it resets all files back to Online only and reduces the space used down to a megabyte or so 🙂

cd "%userprofile%\Onedrive - Name of your Organisation"
attrib +U -P /s

Running this script on Logoff should in theory keep the cache files down to the bare minimum.

Disclaimer: we only just figured this one out today so again caveat emptor if you go and run this in production without testing it first!!!

Future Decoded 2017 highlights

Today I took a trip down to ExCeL London for Microsoft’s annual Future Decoded conference. As always it proved an interesting showcase of their future vision and gain technical insights into current and future projects. Here’s a few of my take-aways from the day…

Deploying Windows 10 with Autopilot

Although I’d read a bit about this a while back it was useful to see the Windows 10 Autopilot deployment process in action and the rationale behind using it. Given that we have been deploying some pilot Windows 10 devices to staff it does in theory help speed up that initial out-of-box process for devices that we predominantly see as cloud-managed and want to hand out without too much fuss.

Future Decoded slides: https://www.futuredecoded.com/session/fd76e051-a6a9-e711-80c2-000d3a2269dd

Ref: https://docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot

For me this method will be applied to devices that will spend more time off the main AD network than on it and likely have a fairly simple requirements for pre-installed software. My colleagues in the office will also be pleased to hear Autopilot helps to skip the initial talking Cortana screen that’s been heard many a time so far during testing (!)

However the next part and real power of the “Modern” deployment method being showcased requires InTune in order to set up full profiles with customisable apps, settings etc. Although an MDM solution is on my wish list to get more control over roaming mobile devices it’s another software subscription bolt-on so making it an almost-necessary part of the Modern deployment experience sits a bit uneasy with me.

Another useful piece of advice was to check out Windows Analytics to help prepare for our Win10 migration project, which I need to have a proper look at tomorrow.

Ref: https://www.microsoft.com/en-us/WindowsForBusiness/windows-analytics

Microsoft Hands On labs

During the break out sessions there were plenty of Surfaces put out on the 3rd floor running “Hands On” lab training materials. These looked like they’d be perfect for students in IT courses to use for trying out Azure etc. rather than needing access to a physical lab or trial accounts in a live environment.

The content covers Windows 10, Office 365 and Azure so it’s perfect for either keeping your own skills up to date or providing students with a good few hours’ worth of e-learning material, which is interactive because you actually configure VMs rather than just watching videos.

Check them out at https://www.microsoft.com/handsonlabs

All you need is some form of Microsoft account to log in with and away you go 🙂

here’s one I made earlier…

Security & ATP

One thing 2017 will certainly be remembered for in the tech world is the high profile ransomware attacks that have brought home the realities of modern malware threats to a much broader audience than perhaps ever before. As such the session on Advanced Threat Protection was particularly interesting.

Future Decoded slides: https://www.futuredecoded.com/session/f6204a3e-e5a8-e711-80c2-000d3a2269dd

We were also recommended to check out the NCSC presentation from yesterday, another one for tomorrow’s reading list:

NCSC slides: https://www.futuredecoded.com/session/e1382eb1-01a9-e711-80c2-000d3a2269dd

The ATP offering now covers email, endpoint and Azure-based analytics. Moving to Windows 10 (1709) brings additional security and exploit protection such as:

• Windows Defender Application Guard
• Windows Defender Exploit Guard (aka EMET for those who remember it from Windows 7 days)

Ref: https://www.microsoft.com/en-us/windowsforbusiness/windows-atp

All of this sounds great until the dreaded “l” word comes around… yup, it’s licensing. Although none of these services grow on trees there’s only so far budgets can stretch, particularly for us Education users. One thing that’s a real problem for Education in particular is that all the new cloud-first offerings are being sold solely on a per-user basis rather than the fairer per-FTE staff method for our on-prem EES-licensed products. Costs can soon spiral upwards and make some of these offerings (Azure AD Premium I’m looking at you!) almost unobtanium

A small plea to the powers that be…

If someone from Microsoft happens to end up reading this just think of it this way… in Edu we want to make use of these new solutions and embrace the tech that’s on offer to help provide the best environment we can for users.

I’m not saying we expect Microsoft to give it all away for free (although we’d be more than happy if you’re feeling generous!) but realise that we need to protect student accounts and machines as much as we do staff and paying for a 5000-seat EMS or ATP setup is just impossible. The end result, everyone loses (well perhaps not if you’re Google, who are working hard to take that Edu market if Microsoft don’t want it for some reason) so please rethink these pricing models and help make them work for non-profits as well.

Windows Mixed Reality

Towards the end of the day I went to the Mixed Reality stand to try out the new headsets, which sit in a much more affordable price range than the incredibly-cool-but-very-pricey HoloLens. We’re currently building a new campus for construction and engineering so I was interested to see if Mixed Reality could fit in there.

https://www.microsoft.com/en-us/store/collections/vrandmixedrealityheadsets

Having tried a Lenovo headset with its associated controllers I’m impressed! Whilst VR headsets \ Google Cardboard made that first step there still felt a disconnect in terms of interacting with the world you were immersed in but the hand-held controllers help take this a step further and bring you more into the 3D virtual environment.

The out-the-box demo of walking around a house picking up and manipulating objects showed potential for me as I can imagine students being able to design in 3D using something like Maya then showcase those objects in a virtual environment using Mixed Reality.

The idea of pinning multiple virtual screens, opening Windows apps and working through the headset is also intriguing, although I suspect it needs 4K lenses for longer periods of use than the 2K ones being fitted into the kit at present.

The demo finished off with a rather addictive space invaders-style game using the VR controllers. Anyone with a Playstation VR or similar has no doubt already experienced something similar and more but it’s good to see an attempt to bring the technology into productivity tools as well. One of the opening keynotes focused heavily on HoloLens and Mixed Reality so it does seem Microsoft are really going for this area of the market.

It’s also another reason to go down the Windows 10 (1709) route as these features are only available on the new Fall Creators Update.

Fail of the day

However Microsoft wouldn’t be Microsoft if they didn’t shoot themselves in the foot from time to time. At the first Future Decoded it was the irony of queuing at a tech event to collect a piece of aper but today’s award moves the bar up a notch… step forward the Future Decoded app!

At an event where you spend the whole day watching cutting-edge Azure cloud technology Microsoft hired an external company to make possibly the worst conference app I’ve ever used…

• slow to load and required registration to view even basic content, why MS would need that data is beyond me as they spend all day scanning your badge as you move between rooms
• website scraping to populate the app content, if I wanted a web page I’d open it directly
• seminar sessions list that had to be manually filtered per day (looks like a GETDATE function was too difficult to implement?)
• but the worst & most irritating was the “My Agenda” planner that didn’t generate a personal agenda at all and just scraped the keynote details from the website… hopeless

Maybe next year get some of your in-house people to showcase some of those cutting-edge Azure technologies via the app,but whatever you do don’t bring this one back!