Monthly Archives: August 2017

Enable Strict Transport Security on IIS

The following is a guide to enable Strict Transport Security on IIS (Internet Information Server).

Open up IIS Manager and navigate to the the Server Name

Select HTTP Responce

Click on Add, and enter the values as follows

Click ok and then click on the server name again, select the restart option from the actions pane.

You server should now pass Qualys SSL Test for Strict Transport Security.

Provision Windows Store Apps for Windows 10 Imaging

When building fat Windows 10 Images it is necessary to sometimes install Windows Store apps, however you can’t just install them from the standard Windows Store, doing so will cause sysprep to fail. At no point should you try to run any Windows store apps when building an image.

DISM can be used to provision the app for all users in your image. The following is an example command using Microsoft Reader, it’s dependance of Microsoft VCLibs and finally it’s licence file:

Dism /Online /Add-ProvisionedAppxPackage /PackagePath:Microsoft.Reader_2017.612.315.3642_neutral_~_8wekyb3d8bbwe.AppxBundle /DependencyPackagePath:Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe.Appx /LicensePath:Microsoft.Reader_8wekyb3d8bbwe_e5086f30-ff13-cf16-91fb-0cc6ed9c5613.xml

To obtain the app files you must download them from the Microsoft Windows Store for Business. Sign in with a user account and find the package you are looking for.

Once you have found the app you’re looking for select offline for the licence type.

Click Manager, then no the next screen click Get App.

Now Select your Processor architecture, if 32 bit windows select x86, for 64 bit select X64, Finally select your language. Ignore the Download button at the end of the line this will download a JSON file not required for this process.

Scroll down and click the Download link under “Download the package for offline use”, this will download the Package for Reader.

The next link down the page is the licensing file for Offline install, download this preferably to the same location.

Finally after the licence link you will see “Required frameworks”, this of course depends on the app you are trying to download, these may be architecture dependent also. Download these files into the same location as well.

Once you have all the files in a single folder or location open a command prompt or powershell window with administrator privileges and change directory to the location of your downloaded files from the Windows Store.

Execute the DSIM command like the following:

Dism /Online /Add-ProvisionedAppxPackage /PackagePath:PackageFileName /DependencyPackagePath:DependencyPackageFileName /LicensePath:LicenceFilename

Once this as executed the package will install for all users, and your windows image will seal correctly.

TechNet – DISM App Package (.appx or .appxbundle) Servicing Command-Line Options