Advanced Windows PowerShell Scripting Video Training

Advanced Windows PowerShell Scripting Video Training
Advanced Windows PowerShell Scripting Video Training

Friday, September 30, 2011

Deadline greyed out in WSUS

When approving an update in an environment where the users have control over when an updated is applied, you will often find users who are unwilling to update their clients.  Fortunately for the update administrator, Microsoft included a Deadline feature in WSUS to force an update through should a user decide to not bother with the required updates.


When you attempt to approve the update, our group of updates, you may noticed that the Deadline option is not available.



Simply approve the updates normally.


Now, right click the update again and select Approve.  This time the Deadline option is available to you.


Setting Deadlines is a good practice in that you will be assured that updates are applied in a reasonable time and users will have the flexibility to delay an update until a time that is convenient to them.  Make sure you communicate to your users any implementation of deadlines so they are not caught off guard.  A standard period of time will for every deadline should be considered. Should a high priority update be forced on the users with a shorter than usual deadline, make sure you communicate this to them in a timely fashion to help avoid unnecessary interruptions to your organizations workflow.

Thursday, September 29, 2011

How to force a DNS zone to replicate with PowerShell

For many implementations of DNS in a Windows environment, DNS is configured as being Active Directory integrated. In other words, the DNS zone information is actually stored as a partition in the active directory database. When Active Directory replicates, the zone data transfers. For standard DNS deployments, the data is stored in a file. You have to configure zone transfers manually in the DNS console.

The question in class was how to initiate replication manually. Once you have properly configured a Primary and secondary DNS server and configured the Primary server to allow zone transfers, you can manually initiate a zone transfer.

Below you can see our test environment. The image is of to RDP sessions to two different servers. The DNS console on the left is the primary. You can see and entry for Test2 that is not in the secondary database. The servers are named NYC-DC2 (Primary DNS) and NYC-DC1 (Secondary DNS). The DNS zone is named


Now, open PowerShell

We are going to need to call on WMI to help us with this one. 


Get-WMIObject –namespace “Root\MicrosoftDNS” –class MicrosoftDNS_Zone | Format-List Name


We can see the names of the zones on this DNS server.  Next we filter the query so only the zone we are interested in is left.

Get-WMIObject –namespace “Root\MicrosoftDNS” –class MicrosoftDNS_Zone | Where-Object {$_.Name –eq “Test.Contoso.Com”}


We are now going to execute the ForceRefresh method on this server.  Remember, we are on the secondary server.  You can look up more methods that are available through the MicrosoftDNS_Zone class here.


(Get-WMIObject –namespace “Root\MicrosoftDNS” –class MicrosoftDNS_Zone | Where-Object {$_.Name –eq “Test.Contoso.Com”}).ForceRefresh()


After a refresh of the DNS console on the secondary server, the data should now be transferred.  Notice that in the above command that there are two parenthesis.  Careful when you type.

Wednesday, September 28, 2011

How to get to the Windows 8 Search from the start screen

By and far, one of my favorite features of Windows 7 was the search feature.  I am not a fan of the control panel and the search feature kept me from going in there.  With the new Windows 8 interface, called “Metro”, it may be a bit hard at first to find the search feature.


To open Search. take your pointing device to the lower left hand corner and move it into the grey area pointed out below.  Once there, move it to the lower right hand corner.



Click Search from the menu that appears.


The new search feature appears.


You can click on one of the icons under search to go to that site or browse the list of applications behind the Search window.  You can also type your query in the Search field. 

In the below example, I typed in Firewall.  This is how I would normally get to the Windows Advanced Firewall.  Notice how the results are displayed/





Under Settings there are now 4 objects listed.  Once I clicked on Settings, the objects the search found are listed to the left and I can click (or tap) on the one that I want to open.



Tuesday, September 27, 2011

Can you force and RDP sessions Experience Level?

Remote Desktop has allowed network administrators to remotely manage servers for years.  While studying Remote Desktop settings this past week, we were looking at the possible experience settings below.


From these settings, you can control how much visual data is set from the target server to your remote session on your computer.  The question was is there a way to set the experience level on the target server and override what the user wants?  Using group policy, you can.  Take a look at the settings below that can be found at Computer Configuration \ Policies \ Administrative Templates \ Windows Components \ Remote Desktop Services \ Remote Desktop Session Host \ Remote Session Environment


To demo the target override, I set the GPO to Enforce Removal of Remote Desktop Wallpaper. Here is a very annoying desktop background that I put on my server while logged in locally.


Below is the same view while logged in using RDP.



My RDP settings were set to Allow Desktop, but the GPO enforced on the target was set to Enforce Removal of Remote Desktop Wallpaper.

Monday, September 26, 2011

Rapidly switch between running apps in Windows 8

All of us know about the Alt-Tab combination to move between programs.  In college we used this functionality to play video games in class and then switch back to the application when the professor walked by.


In windows 8, you can cycle through running apps by moving your pointing device to the left edge monitor.  A preview image will pop up.  Clicking on this image will bring that application to the front.


Friday, September 23, 2011

Configuring Computer for WSUS with Group Policy

Windows Server Update Services (WSUS) is a valuable free tool from Microsoft that allows for organizations of any size to manage the updating of their Microsoft products from a central location.  One of the challenges that Network Administrators face is a controlled rollout of updates in a manner that allows problems to be addressed without risking the availability of all the clients and servers on the network.  WSUS allows for the creation of computer groups.  Technically these groups are not Active Directory Groups.  In this article, we will see how to target computers in Active Directory groups so they fall into a specified WSUS group.

In the image below, you can see the default WSUS groups.


We have a group called All Computers and Unassigned Computers.  All Computers is a catch all for all computers.  Both those assigned to a group and those that are not are contained in this group.  This group allows you to approved updates for all computers in your organization that is managed by WSUS. Unassigned Computers is the catch all for any computer that has not been assigned into a group.


If you want to do staged rollouts of updates, the default configuration will not work.  Let’s take a look at how to fix this with Active Directory, Group Policy and WSUS.


First in the WSUS manager, expand Computers.

Right click All Computers and select Add Computer Group.


In the Add Computer Group window, add the name of the WSUS group that you want to have clients placed in via Group Policy.  Click Add.


In the WSUS Console, select Options.

Click Computers.

Select Use Group Policy or registry settings on computers.


Click OK


In Active Directory Users and Computers, I have an OU named Groups. Inside this OU I have a group called HyperV_Servers.  I have three serves that are a part of this group.  Next I’m going to open Group Policy Management Console and create a new GPO called WSUS_HyperV_Servers. 


Edit this policy and expand Computer Configureation / Administrative Templates / Windows Components / Windows Update.  We are interested in the GPO setting of Enable client-side targeting.



Selected Enabled

Type the name of the WSUS group that you want clients assigned to this policy to be in.  This name must match the name of a group that you created in WSUS.

Click OK.



Close the Group Policy Management Editor.

In the Group Policy Management console, make sure your new GPO is selected.  Under Security Filtering, remove Authenticated Users and add HyperV_Servers to the group listing.



Now, we need to link this to the Domain.  Simply drag and drop the GPO onto the domain (in this case MCTEXPERT.COM) in Group Policy Manager


Click OK



To speed up the process, run the following commands on the clients.

Gpupdate /force

wuauclt.exe /detectnow

Even after doing this, it may take a few reboots or a couple of hours for everything to start working.  The image below has two of the three servers now populating the group.



An alternative method would be to not use security group filtering, but to apply the GPO on an organizational unit that contains the clients that you want to be mapped to a specific WSUS group.

Thursday, September 22, 2011

How to Change IE 10 into desktop mode.

The new IE interface takes a little getting used to.  I can see it’s value for the slate market, but for the desktop market it is a little hard to get out of.  Take a look below.


It is not obvious how to get out of this mode in a desktop.

Click the page icon at the bottom of the browser and then click Use Desktop View.
Windows 8 will switch to the Desktop and place the webpage you were on in the windows mode you are accustomed to.

Wednesday, September 21, 2011

Getting the Start Menu back in Windows 8

Finally, a taste of Windows 8.  Today I installed the Windows 8 Developer preview.  My first impression, once I got to the desktop, was “Where is my search bar?”  For those of you who have attended one of my classes, you know how much I like that search bar.  Here is how you get it back.


Get to the run command by pressing the Windows key + R.  If you are experimenting with Windows 8 in a virtual machine, open the task manager.  Under File click New Task (Run…)


Type Regedit.

Browse to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer

Change the value of RPEnabled from 1 to 0.

Close the Registry Editor and you should have you Windows 7 Start menu back.  Perform a reboot when you get a chance.


(Note: This was tested on the Developer Preview)

Tuesday, September 20, 2011

How to expand all subtrees in a tree

We have all seen a subtree before.  Those items in a trees pane in an MMC for example.  The question that came about in class was is there a way to expand them all at once?  Take a look at the Windows Server 2008 Server Manager.




To expand all the sub trees just click on the root of the tree that you want to fully expand and then press the asterisk (*) key.



Pressing the left arrow will close them back up.  The right arrow will them open them on level at a time.

Monday, September 19, 2011

RemoteApp Problem: The Connection was denied because the user account is not authorized for remote login

While attempting to connect to a RemoteApp with a standard user account, you may receive this message:



This can be caused by not having the logged on user as a member of the Remote Desktop Users group on the Remote Desktop Server.  Another reason why you may experience this issue is if you are still on the 180 grace period for RDS licensing.  To clear up this problem, reboot the RDS server.


if this still does not work while you are in the grace period add the users, or preferably a group, to the allowed list of users who can log into the RDS server.

On the RDS server, Click Start.

Right click Computer and select Properties

Click Remote Settings



Click Select Users



Click Add.


Add in the User or groups that you want to be able to log in through Remote Desktop Services to this server.

You should be able to access your RemoteApp now.

Friday, September 16, 2011

How to manage drivers with PowerShell

Natively PowerShell does not have any cmdlets that let you manage a device driver.  You an use the Win32_pnpSignedDriver WMI class to enumerate the device drivers on your system.  There are two methods present; StartService and StopService.  At the very lest you can start and stop them.  Looking around MSDN, I was not able to find any addition methods for rolling back or disabling a driver which would be a nice feature to have.  In conclusion, you have some limited management functionality of device drivers using PowerShell

Thursday, September 15, 2011

MCTExpert is now ROWE certified

For many of you whom have taken my classes over years may recall one of the stories that I bring up about supporting our mobile users.  I use an example of the Results Only Work Environment created at Best Buy as an example of the environments that many of us will be supporting over the years.  Yesterday I had the opportunity for MCTExpert to receive training on how to build a ROWE company from the people that created ROWE at CultureRX. 

The idea behind ROWE is that instead of basing an employee’s productivity on time or how long they are in the office, you base it on the actual work they performed.  You trust your employee to work when they want, where they want, as long as the work gets done.  I encourage any company out there who wants to filter out the non-contributors and keep the talent to give the people at CultureRX a call.  Our trainer was Christy and she was outstanding.  She really was able to drive home the different between the 1950’s time monitoring method and the 21 century technology benefits of actually doing work.  I’ll be using the knowledge gained not only to build a better company, but to deliver better information in my course presentations.

Wednesday, September 14, 2011

How to uninstall System Center Virtual Machine Manager

Should you have the need to uninstall SCVMM, or on of its components, the process is very easy.  You simply need to determine if you want to retain the database or not.


The below instructions were provided by Microsoft.  You can see how simple each one is.  Below is a screen shot of my VMM server’s Programs and Features before the uninstallation.


Below is the uninstallation screen for the Administration console.



This one is for the removal of the VMM Server.  Remember that if you delete the database, you lose everything.  Do this only if you do not plan on continuing to utilizes your current VMM configuration.

To uninstall the VMM Server
  1. In Control Panel, double-click Programs and Features, select Microsoft System Center Virtual Machine Manager 2008 Server (x64), and then click Uninstall.

  2. On the Uninstallation Options page, do one of the following:

    • Select Retain data if you plan to reinstall VMM server and want to resume managing virtual machines in the same host environment.
    • Select Remove data if you do not plan to reinstall VMM server and want to permanently remove the VMM database.

To uninstall the VMM Administrator Console

    1. In Control Panel, double-click Programs and Features for Windows Server 2008 or Windows Vista, or Add or Remove Programs for all other supported operating systems.

    2. Click Microsoft System Center Virtual Machine Manager 2008 Administrator Console (x64) for 64-bit operating systems orMicrosoft System Center Virtual Machine Manager 2008 Administrator Console for 32-bit operating systems, and then clickUninstall or Remove, depending on the operating system.

    3. On the Confirmation page, click Uninstall.

To uninstall the VMM Self-Service Portal
  1. In Control Panel, double-click Programs and Features for Windows Server 2008 or Add or Remove Programs for Windows Server 2003.

  2. Click Microsoft System Center Virtual Machine Manager 2008 Self-Service Portal (x64) for 64-bit operating systems or Microsoft System Center Virtual Machine Manager 2008 Self-Service Portal for 32-bit operating systems, and then click Uninstall or Remove, depending on the operating system.

  3. On the Confirmation page, click Uninstall.

To manually uninstall the VMM agent
  1. In Control Panel, double-click Programs and Features for Windows Server 2008 or Add or Remove Programs for Windows Server 2003.

  2. Click Microsoft System Center Virtual Machine Agent (x64) for 64-bit operating systems or Microsoft System Center Virtual Machine Manager Agent for 32-bit operating systems, and then click Uninstall or Remove, depending on the operating system.

  3. In the Confirmation dialog box, click Yes.

Tuesday, September 13, 2011

Where are starter GPOs stored?

A starter GPO allows you to create a template of GPO settings that can be used as a base for new GPOs.  Starter GPOs are stored in a slightly different location.  Group Polices are stored in the SYSVOL folder on a domain controller in domainname\Policies\{GUID}



When you create the Start GPO folder in Group Policy Manager, the StarterGPOs folder is create in the SYSVOL.  Here is where you will find the starter GPOs.


Monday, September 12, 2011

Installing Windows Thin Client

Windows Thin Client allows you to take legacy hardware and continue to utilize it using modern operating systems.  This is done through the usage of Remote Desktop Services in Windows Server 2008 R2.

When booting the ISO file for Windows Thin Client, you will get the usual imagery.


Select the language of your choice and click Next



Click Install Now



Check I accept the license terms and click Next



Select the drive that you want to install Windows Thin Client on.

If this is an unformatted drive, click Drive options (advanced).



Click New



Determine how much of the hard drive that you want to format and click Apply.



Click OK at the message below.



Click Next



The installation will now run.


Provide a name for the first account on this system and a name for this PC.  Remember, this is a local administrator for this client.



Provide and confirm a password for this account.   Also provide a hint for this password.  Click Next when completed.



Select the update policy that is appropriate for your environment.



Select to appropriate time and date settings.



Configure the appropriate firewall policy for the connection this thin client is on.




Let Setup complete.



The thin client is now installed.



This installation of Windows Thin Client consumed only 2.98 GB.  Below is a snap shot of the thin clients memory without any applications running.