Deploying Win 32 Apps with Miradore

I recently got a chance to try out the Advanced Application Deployment feature of Miradore MDM for the Windows 10 clients that we are managing for a customer. I was originally going to use the MSI Application Deployment feature, but then I realized that while the application is packaged as an MSI, the MSI does not install correctly if the MSI is renamed prior to installation. Before I dive into the details, let me provide some background about how application deployment works with MDM on Windows 10.

EnterpriseDesktopAppManagement CSP

If you are familiar with Microsoft CSPs for Windows 10 client management, then you may already know about the EnterpriseDesktopAppManagement CSP. The EnterpriseDesktopAppManagement CSP is great in that it allows you to deploy MSI applications to Windows 10 using the built-in MDM capability and does not require a separate client. If you are interested in staying MDM agnostic as much as I am, then you will understand why MDM deployment is desirable.

Here’s the problem…the EnterpriseDesktopAppManagement CSP actually renames the MSI as part of the download and installation process. If your app package doesn’t depend on the name, then it’s no big deal. But if your app package does depend on the name then it’s a deal breaker.

Of course, the app that I needed to deploy does not install correctly if it gets renamed during deployment so I needed to leverage a client-dependent solution.

Miradore Client

The Miradore Client is a component of the Miradore MDM solution that is leveraged when you use the Advanced Application Deployment feature. The client allows you to do more than you can do with the EnterpriseDesktopAppManagement CSP alone. In this case, I needed a way to deploy the MSI without it being renamed. This is where the Miradore Client shined. The Miradore Client allowed me to do the one thing that makes it possible to install literally any app on Windows 10 — you can upload an install using a ZIP file format. This capability saved the day for me because otherwise I would have probably had to manually install that application on every computer in the environment because they are all Workgroup computers and not Domain-joined.

Create an Application Package in the ZIP File Format

Just in case you are wondering how to easily use ZIP file format for your MSI apps, here is the basic formula:

  1. Create a Powershell script that calls the MSI installation and waits for the exit code
  2. ZIP the Powershell script and the MSI
  3. Upload the ZIP to Miradore MDM for deployment

The Miradore Advanced Application Deployment feature does ask for an Exit Code and the Command Line to run the installation so you want to install this manually before loading it to Miradore so that you can gather this information.

Here is the example of the Command Line and Exit Code for my example:

Why Miradore is still my favorite MDM for very small businesses?

It is probably worth noting that VMWare Workspace One has this same Application Deployment functionality available thru its client, but unfortunately it has a minimum requirement of 25 users/devices in order to setup an environment. In contrast, Miradore MDM only requires a $10 minimum credit card charge each month for an environment with Enterprise Licenses (there is a free version if you don’t need to install apps).

Add Physical Room Participants to your Zoom Meeting using Zoom Rooms

Would you like to add physical room participants to your virtual Zoom Meetings for training, conferences, board meetings, and more? It can be done by installing special hardware and by adding a Zoom Room license to your Zoom account.

The process takes about three weeks from start to finish.

This is an example of a Zoom meeting which has been augmenting by adding a Zoom Room to create a seamless experience for both virtual and physical participants.

Here’s a video clip that shows the installation in progress and that gives an idea of what the Zoom Room hardware looks like in person:

If you have additional questions or are interested in adding a Zoom Room for your organization, don’t hesitate to contact us at itpro@bluemavenit.com.

Helping Seniors to connect with technology.

Helping Seniors to connect with technology.

Older Americans are utilizing technology more than ever before. Whether you are connecting with loved ones, staying up-to-date on world news, or researching topics of interest, you need someone that you can trust that is ready and able to solve technology problems as they arise.

At Blue Maven IT our goal is to support you as you work to stay connected in this wonderful world of technology.

Ultimate Computer Buying Guide

Looking for a new computer? Follow this simple and easy guide

When selecting a computer for your small business your goal is to get adequate performance at the lowest possible price point. With so many options to choose from, making the right decision can be downright perplexing. At the Blue Maven IT, our goal is to make IT easier for you. We have developed this guide to provide you with information that makes selecting a computer for the typical business user simple and easy.


Specifications

When selecting a computer, the following four components are the essential attributes that should be listed in the specifications of the computer that you select:

  • Solid State Drive (SSD) – Performance will be cripplingly slow if it has a spinning hard drive (HDD).
  • Processor (CPU) – Intel Core i5 chips will provide you with solid performance for most use cases.
  • Memory (RAM) – Given the typical level of use, 8GB should be sufficient for most users.
  • Operating System (OS) – Most software is compatible with Windows. Pro indicates business grade.

You will notice that the price point for computers without some of these components may be lower. We recommend that you don’t cut corners on this minimum list of specifications. A productive business cannot be run efficiently on a slow performing computer. We will share some alternative recommendations for cost cutting later in this guide.

Supportability

As a small business owner, you will expend valuable resources dealing with hardware issues if you don’t consider the long-term supportability of the computer during your initial purchase. The manufacturer of the computer that you select should provide special software to maintain the hardware components automatically. This will help to prevent common issues with your computer. We also recommend purchasing a multi-year extended warranty directly from the manufacturer. An extended warranty may seem like an unnecessary cost, but it will save you both time and complexity in the event that a hardware component breaks. It will also provide better visibility to the total cost of ownership for your computer assets.

Where to Buy

We do not recommend purchasing business computers from big box stores. Computers sold at these types of stores are designed for personal use, not for business use. Purchase computers for your small business directly from the manufacturer’s website to access business grade computers and to avoid reseller markups. Examples of manufacturers of business grade computers who sell their products on their own websites include Dell, Lenovo, and HP. Business grade computers are designed to be repaired and upgraded easily. This helps you to get the maximum life out of your investment. Your goal is to get approximately 3-4 years of use for a laptop prior to replacing it.

Ways to Save

You may be tempted to purchase lower grade hardware components to save money. Instead, we encourage you to consider some alternative cost cutting options.

  • Consider a Desktop – Consider purchasing a desktop instead of a laptop if cost is a significant concern. Not every computer in your fleet needs to be mobile. Desktop computers are typically cheaper and last longer than laptops (~4-5 years)
  • Ignore Trends – Ignore popular trends (for example – touchscreens) unless you have a specific business need to include this feature. These added features come at a higher price point and increase the likelihood of future repairs.
  • Late Model – Purchasing a computer model from a previous generation is a great way to trim costs. Each January, manufacturers introduce new models. You can get great deals at year end as manufacturers attempt to unload their previous generation stock.

We hope that you have found this guide helpful and we wish you the best of luck in buying your next computer. Don’t forget to download our Ultimate Computer Buying Guide to use or share with a friend!

Still have questions? We’d love to help! Call us at (317)210-1199 or send us an email at itpro@bluemavenit.com.

Review: Scalefusion

I am on the hunt for a mobile device management solution (MDM) that can manage Windows 10 devices for free or for a low cost with little or no minimums.

If I can find this type of MDM solution, then I will use it to improve our ability to support client hardware for our small businesses customers.


The basic features that I’m most interested are pretty simplistic:

  • Profiles – manage Windows Updates settings you force auto installation of updates
  • Applications – inventory including version and the ability to remotely install an MSI (because I want to be able to remotely install teamviewer)
  • Updates – ability to view which OS updates have been installed
  • Antivirus – ability to view antivirus status
  • Encryption – ability to view encryption status
  • Organizational Groups – ability to establish a hierarchy for managing multiple customers

Nice to have would be:

  • Profiles – ability to push Custom XML settings (to configure any available CSP)
  • Scripting – ability to run a powershell script
  • Encryption – ability to enforce encryption and harvest keys

Today, I signed up for a free trial of Scalefusion. Scalefusion has a low per device fee ($2 – $4 per device per month), no minimums, and allows for a 14 day free trial.

First Impressions

My device enrolled in Scalefusion MDM

I’ll admit that I’m not a huge fan of the UI. I’d rather see all of my device details on the main screen and a listing of installed apps. I don’t want to be too much of a princess about it so I’ll say that the UI is sufficient enough that it wouldn’t stop me from using this MDM especially since the developers just added an amazing new feature, the ability to deploy Custom XML.

The most basic information that you would need to know about a device that you are managing is available in this system (e.g.- Antivirus Status, Firewall Status, OS Build Version, Drive Space, RAM, BIOS version). I would have loved to be able to see which Win-32 applications are installed too, but you win some you lose some, right?

Can it do what I need it to do?

Here are the results for each task that I attempted:

Policies – Scalefusion now supports Custom XML policies so you can literally apply any Microsoft CSP that you need to. I’ve been concerned that I need to manage WiFi, Windows Updates, Firewall, and Defender and no other products seem to be able to do that.

Applications – This tool can only deploy MSIX and APPX so special packaging will be required. I don’t see this as a showstopper though I would love to see this added in the future.

Updates – Given my previous statements about Customer XML, it’s no surprise that I was able to push the settings that I needed to configure updates.

Antivirus – I was able to see the antivirus status but I can’t see the definitions status for Defender so that is the only thing missing that is a bit of a gap for AV.

Encryption – I could see the encryption status. I could force encryption, but I could not escrow the key into Scalefusion. I can escrow the key into O365, but a lot of small business customers are using G-suite instead of O365 so we would not be able to escrow Bitlocker keys for the most part.

Scripting – There was no scripting option so I would have to find another way to do troubleshooting (for example – renaming the software distribution folder) but again if this means that we don’t have to manage an agent then I’m still happy without this particular feature.

Organizational Groups – There is a way to establish an organizational hierarchy which would conceivably allow management of multiple organizations within the same environment.

In Summary

If I haven’t made it clear yet in my previous statements, I absolutely love the fact that this solution includes Custom XML and the 0 minimums for enrollment. There is a strong possibility that this will be my choice of MDM for Windows 10.


Has anyone else tried this tool yet? Let me know what you think about it…

Review: Hexnode MDM

I am on the hunt for a mobile device management solution (MDM) that can manage Windows 10 devices for free or for a low cost with little or no minimums.

If I can find this type of MDM solution, then I will use it to improve our ability to support client hardware for our small businesses customers.


The basic features that I’m most interested are pretty simplistic:

  • Profiles – allow for custom XML policies
  • Applications – inventory including version and the ability to remotely install an MSI (because I want to be able to remotely install teamviewer)
  • Updates – ability to view which OS updates have been installed
  • Antivirus – ability to view antivirus status
  • Encryption – ability to view encryption status
  • Organizational Groups – ability to establish a hierarchy for managing multiple customers

Nice to have would be:

  • Scripting – ability to run a powershell script
  • Encryption – ability to enforce encryption and harvest keys

Today, I signed up for a free trial of Hexnode. Hexnode has a low per device fee, fairly low minimums (15 devices per month), and allows for a 30 day free trial.

First Impressions

My device enrolled into Hexnode MDM

The UI is not my favorite, but that really wouldn’t make or break my opinion of a tool. My real complaint is that there isn’t as much device information available as I would have liked. On the good side, I could see the version of the build that is on the device including monthly patch. On the bad side, I couldn’t see simple things like drive space and importantly I couldn’t see whether or not the Defender AV was up to date.

I don’t need a fabulous UI, but I do need to see a minimal amount of information about the device in order to provide adequate management.

Can it do what I need it to do?

Here are the results for each task that I attempted:

Policies – There are quite a few Windows 10 policies available but unfortunately this didn’t include Windows Update or Microsoft Defender Settings. That is a non-starter.

Applications – This tool was great for deploying a simple MSI but the inventory didn’t show everything that was installed on the device which is a big issue.

Updates – I was not able to push any update settings. I could see the build version, but without the ability to force the clients to install updates automatically it would be difficult to manage a fleet.

Antivirus – I was not able to see the antivirus or definitions status for Defender and I couldn’t push any settings so it would be difficult to manage a fleet with this tool.

Encryption – I could see the encryption status which is great. I could also push encryption policies, however I could not escrow the key.

Scripting – There was no scripting option so I would have to find another way to do troubleshooting (for example – renaming the software distribution folder)

Organizational Groups – There wasn’t a way to establish an organizational hierarchy, but you could use dynamic groups to allow for management of multiple organizations within the same environment.

In Summary

My favorite thing about this solution is how quickly you can spin up a new environment. However, the minimum of 15 devices along with the missing management capabilities for Windows 10 makes this tool not a very good fit for managing small business. As always, my suggestion to MDM providers is that they should provide the ability to use Custom XML for robust policies management without the need for policy UI development.


Has anyone else tried this tool yet? Let me know what you think about it…

Configuring the LanmanWorkstation Policy CSP

I got a great question this week.

Just wondering how you got the LanmanWorkstation\EnableInsecureGuestLogons policy working. For the OMA-UTI I put ./Device/Vendor/MSFT/Policy/Config/LanmanWorkstation/EnableInsecureGuestLogons with the string <enable/> and it doesn’t seem to work

Anonymous Contributor

I went directly to the Microsoft website to see what it says about setting the policy.

https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-lanmanworkstation

Indeed, the documentation is rather misleading. It references ADMX even though this is not implemented as an ADMX policy.

Photo by Oladimeji Ajegbile on Pexels.com

Expected values for this policy are 0 or 1 and are of the type Integer.


That answer was enough for the Anonymous Contributor to get the policy working.

I hope that you find this helpful as well!

Review: Miradore MDM

I am on the hunt for a mobile device management solution (MDM) that can manage Windows 10 devices for free or for a low cost with little or no minimums.

If I can find this type of MDM solution, then I will use it to improve our ability to support client hardware for our small businesses customers.


The basic features that I’m most interested are pretty simplistic:

  • Profiles – manage Windows Updates settings you force auto installation of updates
  • Applications – inventory including version and the ability to remotely install an MSI (because I want to be able to remotely install teamviewer)
  • Updates – ability to view which OS updates have been installed
  • Antivirus – ability to view antivirus status
  • Encryption – ability to view encryption status
  • Organizational Groups – ability to establish a hierarchy for managing multiple customers

Nice to have would be:

  • Profiles – ability to push Custom XML settings (to configure any available CSP)
  • Scripting – ability to run a powershell script
  • Encryption – ability to enforce encryption and harvest keys

Today, I signed up for a free trial of Miradore. Miradore has a low per device fee, extremely low minimums ($10 per month), and allows for a 14 day free trial.

First Impressions

My device enrolled in Miradore MDM

I really like the simple, easy to navigate and understand UI. I was really excited at how easy it was to create a profile, deploy an MSI, and view detailed information about my device.

There is a LOT of information about the device in this system which I really fell in love with immediately. Everything that I could possibly want to know was at my fingertips with this solution.

Can it do what I need it to do?

Here are the results for each task that I attempted:

Policies – There are only 3 Windows 10 policies available – Windows Update, Exchange Email, and Passcode. This works as a bare minimum but would need to be built out to allow for more advanced configurations.

Applications – This tool was great for deploying a simple MSI and the inventory showed everything that was installed except for Universal Windows Platform applications. It can’t do more complicated application deployments and it can’t do UWP application deployments.

Updates – I was able to push the settings that I needed to configure updates though there was one thing broken in the UI (a drop-down list selection that showed Semi-Annual as an option for Branch Readiness which no longer exists so the policy failed to deploy until I changed it to Semi-Annual Targeted).

Antivirus – I was able to see the antivirus status and definitions status for Defender which is exactly what I need to see.

Encryption – I could see the encryption status. I could not enforce encryption or escrow the key.

Scripting – There was no scripting option so I would have to find another way to do troubleshooting (for example – renaming the software distribution folder)

Organizational Groups – There is a way to establish an organizational hierarchy which would allow management of multiple organizations within the same environment.

In Summary

I loved navigating this solution and the ideal pricing. This will likely be my choice of MDM for Windows 10. If Mirador adds the ability to use Custom XML for robust policies this tool will be unstoppable in the small business MDM space.


Has anyone else tried this tool yet? Let me know what you think about it…