microsoft windows powershell

Automating changes with powershell is your goal.   You should be able to do this on local and cloud datacenters, like azure.  Azure is something you are studying right?  Taking the azure test 70-533?  Read here for azure test guide:

https://docs.google.com/document/d/1kt7drQtvMHk8nmgHj94lZLPWglT78hKrwvpFcqMTmEU/edit?usp=sharing

You should be able to run powershell commands locally and remotely.  You will need to master access control to do this well.  Administrator rights and UAC will put hurdles in your plan (or is that painful pitfalls?).  Using batch files to launch PS files will help.

Use “Invoke-Command” powershell cmd to run powershell commands on remote computers (like ones in azure).

Need to change network settings?   There are commands to change ip address in powershell, often interface index is needed.  The interface index is often difficult to validate.  For example, msinfo32.exe will show different network interface indexes than other windows commands!   I find this frustrating.  Netshell (netsh.exe) maybe more reliable way to change ip address settings on NICs. Interfacealias is availabe via get-netipinterface command.  Example:

PS C:\Windows\system32> Get-NetIPInterface
ifIndex InterfaceAlias                  AddressFamily NlMtu(Bytes) InterfaceMetric Dhcp     ConnectionState PolicyStore
——- ————–                  ————- ———— ————— —-     ————— ———–
21      Local Area Connection* 12       IPv6                  1500               5 Disabled Disconnected    ActiveStore
19      Ethernet 2                      IPv6                  1500               5 Disabled Disconnected    ActiveStore
14      isatap.home                     IPv6                  1280              50 Disabled Disconnected    ActiveStore
20      Wi-Fi 2                         IPv6                  1500              25 Enabled  Connected       ActiveStore
1       Loopback Pseudo-Interface 1     IPv6            4294967295              50 Disabled Connected       ActiveStore
21      Local Area Connection* 12       IPv4                  1500               5 Enabled  Disconnected    ActiveStore
19      Ethernet 2                      IPv4                  1500               5 Enabled  Disconnected    ActiveStore
20      Wi-Fi 2                         IPv4                  1500              25 Enabled  Connected       ActiveStore
1       Loopback Pseudo-Interface 1     IPv4            4294967295              50 Disabled Connected       ActiveStore

With this, we see ifIndex 20 = our wireless.  To change dns settings only for wireless,  at powershell prompt type:

Set-DnsClientServerAddress -InterfaceIndex 20 -ServerAddresses “8.8.8.8”

How do you set back to normal DHCP provided dns?  Use reset command:

Set-DnsClientServerAddress -InterfaceIndex 20 -ResetServerAddresses

How do you set the IP address with powershell, once you have the interface index?

Use this command:

New-NetIPAddress -InterfaceIndex 2 -IPAddress 200.100.10.1 -PrefixLength 24 -DefaultGateway 200.100.10.10

Interface indexes are not all the same. For example, msinfo32.exe will give a different interface index than “Get-NetIPInterface”

Copyright 2016 Rod Deluhery

azure and windows on-site

Need azure?  Need identity for your apps?  Microsoft is working on getting apps to work with your users identities.  And connection, latency?  They have that covered, with ExpressRoute.  A point – point layer 3 connection from your servers to Azure.

https://azure.microsoft.com/en-us/documentation/articles/expressroute-howto-circuit-classic/

Get a list of providers:

PS C:\Users\elr2> Get-AzureDedicatedCircuitServiceProvider

Name                 DedicatedCircuitLocations      DedicatedCircuitBandwidths
—-                 ————————-      ————————–
AARNet               Melbourne,Sydney               50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Airtel               Mumbai,Chennai                 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Aryaka Networks      Amsterdam,Dallas,Silicon Valle 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
y,Singapore,Tokyo,Washington   2Gbps:2000, 5Gbps:5000, 10Gbps:10000
DC
AT&T                 Silicon Valley,Washington DC   50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
AT&T Netbond         Amsterdam,Chicago,Dallas,Londo 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
n,Silicon Valley,Singapore,Syd 2Gbps:2000, 5Gbps:5000, 10Gbps:10000
ney,Toronto,Washington DC
British Telecom      Amsterdam,London,Hong          50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
Kong,Silicon Valley,Singapore, 2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Sydney,Tokyo,Washington DC
CenturyLink          Silicon Valley                 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
China Telecom Global Hong Kong                      50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Cologix              Dallas,Toronto                 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Colt Ethernet        Amsterdam,Dublin,London,Tokyo  50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Colt IPVPN           Amsterdam,London               50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Comcast              Chicago,Silicon                50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
Valley,Washington DC           2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Console              Los Angeles                    50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Coresite             Los Angeles                    50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Equinix              Amsterdam,Atlanta,Chicago,Dall 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
as,Hong Kong,London,Los        2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Angeles,Melbourne,New
York,Osaka,Sao
Paulo,Seattle,Silicon Valley,S
ingapore,Sydney,Tokyo,Toronto,
Washington DC
euNetworks           Amsterdam                      50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
GEANT                Amsterdam                      50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
IIJ                  Osaka,Tokyo                    50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
InterCloud           London,Singapore,Washington    50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
DC,Amsterdam                   2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Internet Solutions   Amsterdam,London               50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
– Cloud Connect                                     2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Interxion            Amsterdam,London,Paris         50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Jisc                 London                         50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
KPN                  Amsterdam                      50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Level 3              Amsterdam,Chicago,Dallas,Londo 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
Communications –     n,Seattle,Silicon              2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Exchange             Valley,Washington DC
Level 3              Amsterdam,Chicago,Dallas,Londo 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
Communications –     n,Seattle,Silicon              2Gbps:2000, 5Gbps:5000, 10Gbps:10000
IPVPN                Valley,Washington DC
Megaport             Dallas,Hong Kong,Las           50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
Vegas,London,Los               2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Angeles,Melbourne,New York,Sea
ttle,Singapore,Sydney,Washingt
on DC
MTN                  London                         50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Next Generation Data Newport                        50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
NEXTDC               Melbourne,Sydney               50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
NTT Communications   London,Los Angeles,Osaka,Tokyo 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
,Washington DC                 2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Orange               Amsterdam,Hong                 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
Kong,London,Silicon Valley,Sin 2Gbps:2000, 5Gbps:5000, 10Gbps:10000
gapore,Sydney,Washington DC
PCCW Global Limited  Hong Kong                      50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
SIFY                 Chennai                        50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
SingTel Domestic     Singapore                      50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
SingTel              Singapore                      50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
International                                       2Gbps:2000, 5Gbps:5000, 10Gbps:10000
SoftBank             Osaka,Tokyo                    50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Tata Communications  Amsterdam,Chennai,Hong         50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
Kong,London,Mumbai,Silicon     2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Valley,Singapore,Washington DC
TeleCity Group       Amsterdam,Dublin,London        50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Telefonica           Sao Paulo                      50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Telenor              Amsterdam,London               50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Telstra Corporation  Melbourne,Sydney               50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Verizon              Amsterdam,Chicago,Dallas,Hong  50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
Kong,London,Silicon Valley,Sin 2Gbps:2000, 5Gbps:5000, 10Gbps:10000
gapore,Sydney,Tokyo,Washington
DC
Vodafone             London                         50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Zayo Group           Chicago,Los Angeles,New        50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
York,Silicon                   2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Valley,Toronto,Washington DC
PS C:\Users\>

tcp window size – wireshark and windows

Below

 This could be clients, or servers, or netscalers, any of one them, are breaking tcp windowing and causing TCP to think the receive window/buffers are low.   But for this one, its not good!   That means you need to check client settings, netscaler settings, and server settings.  All three are important.

Server/ Client settings here:

https://support.microsoft.com/en-us/kb/934430

 Make sure you understand “bandwidth delay product”.    You may notice a small 10 millisecond RTT can cause serious slowness.  Using calculations of bandwidth delay product, you can find out how slow an app will be (true bandwidth).

Sometime this results in a really SLOW data transfer, even on high speed links.   Read about it here and do some sample calculations.   Receive buffer size on both ends must be set high and our network has to allow selective acks.  

 

It’s crazy important to get this right, or it causes our networks to function very slow.

https://en.wikipedia.org/wiki/Bandwidth-delay_product

 

 

As part of the three way handshake, both sides agree on a window scale factor.  We might be able to tell by checking the SYN packets from both sides, and figure out,  who is telling who not to use TCP scaling. 

Here is some explanation

https://www.wireshark.org/lists/wireshark-users/200903/msg00217.html

  

Netscaler TCP window scaling:

http://support.citrix.com/article/CTX113656#Configuring the TCP Window Scaling on a NetScaler Appliance. 

Below is some screenshots of wireshark captures.  Notice the red color bitmap shows NO window scaling used.

 

clicked – hijacked

You have a nice windows 2012 server, running all your IIS pages.  You think you are secure.  Well have you had a security audit?  You might see this in a good website audit.  It’s not a common attack, but it is easy enough to do for average hacker/phisher.  Here a attacker takes parts of your website, and puts them in a ‘web frame’ so that malicious parts of the site are delivered from a DIFFERENT website,  sometimes impossible to tell the good from the bad.  By not having certain HTTP options, your content is easier to hijack.  Read Acunetix write up here:

https://www.acunetix.com/vulnerabilities/web/clickjacking–x-frame-options-header-missing

Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.

The server didn’t return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page inside a frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.

tcp offload

I  like tcp offload NICs.   These NIC (network interface card) do the tcp processing in the card itself, leaving the server CPU free to do other things.  Windows 2008 started having this feature, it was around before that with specialized drivers.

Chelsea IO sells these NICs to boost your server speed.

How to determine whether TCP Chimney Offload is working

When TCP Chimney Offload is enabled in the operating system and in the network adapter, the TCP/IP stack tries to offload suitable TCP connections to the network adapter. To find out which of the currently established TCP connections on the system are offloaded, follow these steps:

  1. Use administrative credentials to open a command prompt.
  2. Type the following command, and then press ENTER:
    netstat –t

    You receive output that resembles the following:

    Active Connections
    
      Proto  Local Address          Foreign Address        State           Offload State
    
      TCP    127.0.0.1:52613        computer_name:52614       ESTABLISHED     InHost
      TCP    192.168.1.103:52614        computer_name:52613       ESTABLISHED     Offloaded
    

    In this output, the second connection is offloaded.

For more information about TCP Chimney offload in Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:

perfmon

Windows 2012 has an improved performance monitor (perfmon).  The feature that I like the best is the quick and handy way to find current DISK QUEUE.  Disk queue is a performance indicator of your disk speed.  Slow disk speed can make your virtual machines crawl, and your server in general to perform like a drunk pianist. . .it will sound horrible!  Perfmon can check for disk queue length easily!  See screen shot below, to see where the easy to find disk queue is at!

Oh and to improve disk speed (and reduce disk queue), use a RAID disk array and/or use SSD solid state drives.

copyright 2016 Rod Deluhery

disk_queue

 

winsat disk test

I was talking to a coworker about some performance problem with her laptop, and I was telling her about the upgrade I did to my laptop at home.  After a certain amount of frustration dealing with windows slowness and crashes, I put a SSD hard drive in my laptop.  The difference was amazing.  The laptop performed so much better and almost never slowed down after installing the SSD drive. (hehe I sound like a infor-commercial!)

 

A SSD is a solid state hard drive, uses no moving parts.  To test how fast your drive is, use winsat.  This is one part of the group of performance tools that comes with windows 7, that give an overall indication of performance of the computer.  But winsat can be used by itself to look at the disk speed.   You can use winsat (winsat.exe) on windows server platforms also. (see the winsat technote on Microsoft.com)

 

To take an objective look into this, here is the data from winsat.  I grabbed winsat from a regular laptop and my laptop after the SSD drive.  Where the SSD drive really does a good job is random data reads.  I simply blows the traditional hard drive out of the water, over 100 x faster at getting the data back to the computer.  The winsat data is below for you to look and analyze.   I offer you to run the tool yourself and see how your drive compares.

reasons why I bought a 840 EVO solid state drive.

1. Affordable now. 80 dollars for a small drive.
2. Should extend battery life of the laptop.
3. Performance should be better on multi-tasking, also virtual systems should run faster.
4. Software encryption. If you use software encryption, this can seriously slow down your drive. Make up for lost speed, with a SSD disk.

Interesting is when I use a tool like DBAN to format the HHD drive, it shows 120-100 megabytes per second write speed, which is sequential writes. Compare that to below numbers of winsat. That means that the windows operating system (and software encryption) puts a large load, or burden on the ability to write data to the drive sequentially. Its 20 megabytes per second of sequential write to NTFS disk, versus the hardware maximum of 100 megabytes per second.? Really? I need to find out how much of that is encryption overhead. Or, maybe not.

The files system, NTFS, and the operating system puts a large burden on the hardware. I wonder if windows 8 has improved this at all? Really does windows slow down the disk system that much? I know Linux and other systems were faster, but that much faster? Wow.
Google uses a custom (fast) operating system for their search engine. These are cache servers, and with NO file security it is supposedly wicked fast.

Use Microsoft WinSAT tool to show speed of random disk access, also sequential disk access. Below is example from a ATA laptop disk drive, using windows 7, i5 quad core CPU, AND using spinning rotor HDD laptop drive in AHCI mode.

C:\Windows\system32>winsat disk -drive c
Windows System Assessment Tool
>> Running: Storage Assessment ‘-drive c -hybrid -ran -read -ransize 4096’
NV Cache not present.
> Run Time 00:00:00.06
> Running: Storage Assessment ‘-drive c -hybrid -ran -read -ransize 16384’
NV Cache not present.
> Run Time 00:00:00.05
> Disk Sequential 64.0 Read 19.31 MB/s 3.6
> Disk Random 16.0 Read 1.42 MB/s 3.8
> Responsiveness: Average IO Rate 3.49 ms/IO 6.1
> Responsiveness: Grouped IOs 11.22 units 6.9
> Responsiveness: Long IOs 8.68 units 7.5
> Responsiveness: Overall 97.38 units 6.8
> Responsiveness: PenaltyFactor 0.0
> Disk Sequential 64.0 Write 20.74 MB/s 3.7
> Average Read Time with Sequential Writes 7.122 ms 5.3
> Latency: 95th Percentile 76.952 ms 1.9
> Latency: Maximum 134.813 ms 7.6
> Average Read Time with Random Writes 16.069 ms 3.2
> Total Run Time 00:02:42.04

SSD winsat results:
In summary, disk writes are around 10 times faster, and random disk reads are over 100 times faster. Nice. 🙂

ssd drive

C:\Users\>winsat disk -drive c
Windows System Assessment Tool
> Running: Feature Enumeration ”
> Run Time 00:00:00.00
> Running: Storage Assessment ‘-drive c -seq -read’
> Run Time 00:00:07.07
> Running: Storage Assessment ‘-drive c -ran -read’
> Run Time 00:00:00.67
> Running: Storage Assessment ‘-drive c -scen 2009’
> Run Time 00:00:52.51
> Running: Storage Assessment ‘-drive c -seq -write’
> Run Time 00:00:07.07
> Running: Storage Assessment ‘-drive c -flush -seq’
> Run Time 00:00:01.62
> Running: Storage Assessment ‘-drive c -flush -ran’
> Run Time 00:00:01.51
> Running: Storage Assessment ‘-drive c -hybrid -ran -read -ransize 4096’
NV Cache not present.
> Run Time 00:00:00.02
> Running: Storage Assessment ‘-drive c -hybrid -ran -read -ransize 16384’
NV Cache not present.
> Run Time 00:00:00.01
> Disk Sequential 64.0 Read 203.38 MB/s 7.3
> Disk Random 16.0 Read 168.36 MB/s 7.6
> Responsiveness: Average IO Rate 0.87 ms/IO 7.9
> Responsiveness: Grouped IOs 8.87 units 7.4
> Responsiveness: Long IOs 1.73 units 7.9
> Responsiveness: Overall 15.32 units 7.9
> Responsiveness: PenaltyFactor 0.0
> Disk Sequential 64.0 Write 200.39 MB/s 7.3
> Average Read Time with Sequential Writes 0.350 ms 7.9
> Latency: 95th Percentile 0.648 ms 7.9
> Latency: Maximum 6.747 ms 7.9
> Average Read Time with Random Writes 0.341 ms 7.9
> Total Run Time 00:01:11.43

window 2012 security updates

If you just installed Microsoft Windows 2012, you might find that there are some updates you need.  Yeah, some updates.  So there are 100 updates.  Lets break them down.  100 updates, 15 updates for the operating system.  83 security updates to the operating system, various things that will keep your system from getting hacked into.  These are important.  Get them downloaded.  Then there are 1 update to the malicious removal tool, which is a handy tool for finding and removing virus type files on your server, if you get them.  and one update to internet explorer.  So there you go, as of 7/28/2015, there are 100 updates to the windows 2012 image.

windows xp – end of life

Microsoft is burying the windows XP product.   Last year sometime windows the free windows security antivirus stopped getting updates. . . soon the enterprise antivirus update will stop getting updates.

They call this “stage 3”.   The last stage of the product.  Stage two is the grace period. . .the soft warning, then boom, stage 3 cancer dead.  There is probably some type of legal issue here where they have to give some final warning to the government or something, some customer who has serious weight to sue them or something.  Anyway. . . So if you see ANY company running windows XP after July 14th 2015, they need to have it seriously hardened on not on

http://blogs.technet.com/b/configmgrteam/archive/2014/03/27/fep-and-scep-anti-malware-protection-support-after-oses-reach-end-of-life.aspx

Stage 3: Anti-malware service stopped. You can no longer start the anti-malware service, and your computer will not receive anti-malware definition updates. Thus FEP/SCEP will no longer help to protect your computer. For example, for Windows XP, this stage starts on July 14th, 2015.

In a controlled enterprise environment, it’s the IT administrator that controls the OS upgrade and platform updates, and end users have no control over their OS. So, for FEP and SCEP customers, we will not expose the warning UI for Stage 1 or 2 to the end users, by default. End users will only receive the error when Stage 3 starts. They will have the exact same behavior/Client UI as usual during Stage 1 &2.

For the IT administrator, FEP/SCEP will generate event errors for each of the 3 stages. FEP/SCEP also provides a registry key to show the current end-of-life status of the current OS if it’s near end-of-life: HKLM\Software\Microsoft\Microsoft Antimalware\EndOfLifeState:

  • 1 means Stage 1 – OS is approaching end-of-life
  • 2 means Stage 2 – Grace period, OS has reached end-of-life
  • 3 means Stage 3 – Anti-malware service stopped

Note:This registry key state applies to all operating systems when they approach end-of-life in the future. If the current OS is not approaching end-of-life, you will not see the registry key value.

Configuration Manger users can use DCM configuration items to monitor the end-of life-state of their computers.