Skip to main content

Posts

Showing posts from July, 2011

What does HVCONFIG do?

On Windows Server 2008 R2 Hyper-V server, HVCONFIG serves the same purpose as SCONFIG does on server core.  Below are links to a couple of SCONFIG blog posts that I have written.   How to add a user the the Local Administrators group in Server Core 2008 R2 How to move a Server Core 2008 R2 from a Domain to a Workgroup Using SConfig to set IP address on Server Core 2008 R2 Change Server Core 2008 R2 Windows Update Settings Rename a Server Core 2008 R2 Server How to Add Server Core 2008 R2 to a domain Enabling Remote Desktop on Server Core 2008 R2

Install NAVFit98A on Windows 7 64-bit or 32-bit

NAVFIT98a Version 28 Installation instructions for Windows 7 Author: IT1 J. Yoder Microsoft Certified Trainer NR Chinhae HQ NOSC Indianapolis This instruction is provided without warranty or support. Propose: This document will explain how to get NAVFIT98A to work on all editions of the Windows 7 operating system without using virtualization. This procedure should work on both home and business editions of Windows 7. Last fall I published an article on how to get NavFIT98A to install on Windows 7 using Windows XP mode .  To this day it is one of the most popular articles on my blog.  At the request of many, I am providing instructions below on how to get NavFIT98A to work on Windows 7 64-bit (or 32-bit) without using virtualization.  I was happy to find a test deployment of NAVFIT98A using App-V at Microsoft .  Application virtualization is one of the methods at our disposal for handling application compatibility problems that often arise during an operating syst

Scope issue with Windows PowerShell ISE

Although I like the Windows PowerShell ISE, I came across a problem related to scope.  For many months, I’ve been fighting issues of elements in my scripts not clearing out between runs.  What I have come to find out is that when you run a  script in the ISE and the script completes, its scope is not destroyed.  Here is an example.     In the above example, in the shell, I set a variable to the value of 100.  Since this is done in the shell, this variable is stored in the global scope.  By executing Get-Variable , I can see the value of a is 100 .   Now let’s do the same thing in the ISE.   If I run Get-Variable in the ISE, I receive this:   So far, all is as expected.  Now let’s execute a script in the ISE that changes the value of $a to 500 and then displays it:   Now let’s run Get-Variable again inside the ISE.   The Value of $a is still 500 .  I suspect this behavior is what has caused me a lot of head aches over the past few months.  I n

Some notes about Hyper-V Snapshots

Snapshots allow you to capture the current state of a VM, and return it to that point-in-time at your convenience. Snapshots are the closest thing that we have to the Restore Points we had in Windows XP. There are a few things that you need to know about snapshots. They do not affect a running virtual machine. If a snapshot is taken and a change to the state of the VMs memory is made, Hyper-V will intercept that change and hold it until the snapshot is complete. The virtual machine cannot be in a paused state. If you take a snapshot while logged in, when you return to that snapshot, it will be right were you took it. This includes being logged in and applications running. Here is the snapshot process: 1. Pauses the virtual machine. 2. Creates differencing disks associated with all VHDs configured in the virtual machine, and then associates them with the virtual machine. 3. Makes a copy of the virtual machine’s configuration file. 4. Resumes the running of the virtual mach

Minimum Forest Functional Level for AD Recycle Bin

In class, I discovered the hard way, that we not only need our Domain functional at Windows 2008 R2, but also the forest functional level to use the AD Recycle Bin.  In raising our 2003 forest function level to 2008, we gain no new functionality.  We do however gain the AD Recycle bin when raising our forest from 2008 to 2008 R2.  Below is a list of the features that are enable with each domain and forest level from Microsoft . Domain Functional Levels Windows 2000 native All default Active Directory features and the following features: Universal groups are enabled for both distribution groups and security groups. Group nesting. Group conversion is enabled, which makes conversion between security groups and distribution groups possible. Security identifier (SID) history. Windows Server 2003 All default Active Directory features, all features from the Windows 2000 native domain functional level, and the following features: The availability of the domain management tool, Net

Can a user use an old copy of their registry to override Group Policy?

This is a real interesting one from my 6419B class in May.  During our discussion on Group Policy, I was asked a “hacking question” as it was put.  If the user had a copy of their registry before a GPO was applied, can they import that copy and override the GPO? To test this one out I exported a copy of a client GPO that had a standard user logged in on it and saved it to the desktop.  I then created and applied a GPO the removed the Recycle Bin from the desktop.  Once applied, the Recycle Bin was removed from the desktop.  We then imported the backed up registry and received this error: Cannot import C:\Users\adam\Desktop\MyReg.reg: Not all data was successfully written to the registry.  Some keys are open by the system or other processes. The GPO held and the registry was unaltered.

PowerShell function to confirm if a module is present on a client.

PowerShell is designed to be expanded.  For example, by adding the Group Policy module, you can utilize PowerShell to help manage the GPOs in your environment.  Not all modules are installed on every Windows client/server.   The function below is designed to help you determine if a module is present.  To use it, simply call the Confirm-Module cmdlet with the name of the module as the parameter.  The function will return a $TRUE if the module is present and a $FALSE if it is not. <# .SYNOPSIS Confirms if a module is available. .DESCRIPTION Confirms if the provided parameter is available on the local client. .PARAMETER ModuleName The name of the module who’s presence is being checked. .EXAMPLE Confirm-Module ActiveDirectory Checks to see if the ActiveDirectory module is present on the local machine Returns True is present and False if not. .OUTPUTS Boolean .Link Get-Module .NOTES ============================================ Author: Jason A. Yoder, MCT WebSite: www.MCTExpert.

Error when enabling Active Directory Recycle Bin

While attempting to access the Active Directory Recycle Bin, I received the following error:   Enable-ADOptionalFeature: The specified method is not supported. At line:1 char:25 +Enable-ADOptionalFeature <<<<  -Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service, CN=Windows NT,CN=Services,CN=Configuration,DC=contoso,DC=com’ –Scope ForestorConfigurationSet –Target ‘contoso.com’   +CategoryInfo          : NotSpecified: (CN=Recycle Bin ..=contoso,DC=com:ADOptionalFeature) [Enable-ADOptionalFeature], ADException   + FullyQualifiedErrorID : The specified method is not supported,Microsoft.ActiveDirectory.Manegment.Commands.EnableADOptionalFeature This is caused by either your domain or forest functional level not being set to WIndows2008R2Domain or Windows2008R2Forest or higher.   To determine your current levels, type the following commands in PowerShell. Import-Module ActiveDirectory (Get-ADDomain).DomainMode (Get-ADForest).Fores

How to change the Default RemoteInstall folder for Windows Deployment Services

While reconfiguring my WDS servers storage, I inadvertently changed a drive letter that contained my RemoteInstall folder.  This prevented the WDS service from starting.  Below is the event log error that I received:   Log Name: Application Source: ESENT Date: 6/23/2011 12:07:13 PM Event ID: 494 Task Category: Logging/Recovery Level: Error Keywords: Classic User: N/A Computer: Description: svchost (1116) DDP: Database recovery failed with error -1216 because it encountered references to a database, I:\RemoteInstall\Stores\Drivers\Metadata\DdpDb.mdb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by

Can a local RODC administrator add another user as a local administrator?

For this test I created an RODC.  I added a user named Adam.Carter to the local administrators group using this procedure. Log on with an administrator account Open a command prompt. Type Dsmgmt and press Enter . Type Local Roles and press Enter . Type Add <UserName> Administrators where <UserName> is the name of the domain account that you want to assign as a local administrator on the RODC. Once Adam was logged in I repeated the process by trying to add a user named Aaron.Lee.  Aaron was added to the local administrators group.  I was also able to still log on locally with both accounts and use AD Users and Computers with both.  This is in contrast to Microsoft's Documentation on the topic. Remember, an RODC local administrator cannot manage other DCs or Active Directory.  They can: Install hardware devices, such as network adapters and disk drives Manage disk drives and other devices Install software updates and drivers Stop and start Active Dir

P2V online conversion with VMM 2008

One of the processes you will undertake in virtualizing your environment is the conversion of a physical machine to a virtual machine.  There are many considerations that you must research prior to executing a P2V conversion.  This article deals with the actual process. We are going to use a VMM server named 2008Server to do an physical to virtual conversion of a Windows Server 2008 R2 machine called Lab1 . First off, open the System Center Virtual Machine Manager Administrator Console. Next, click Convert physical server in the Actions pane. In the Select Source window, provide the name or IP address of the server or client that you want to run the conversion on.  I find that I have more success using the IP address. Also, you need to provide local administrative credentials.  Click Next once you have entered the proper information. In the Virtual Machine Identity window, provide a name for the VM to be created.  Also, provide a description if you wish.  Click Next to

What Architecture will Windows 8 Support?

In my 6294 class from Portland, ME, we had a individual concerned about Windows 8 and their investment in the 32 bit architecture.  I still advise organizations to purchase the 64 bit platforms.  The 32 bit architecture is next on the technology chopping block.    At the Consumer Electronics Show (CES) in Las Vegas, Microsoft demonstrated their work on Windows 8. They also announced support for Intel, AMD, and ARM chips. This included the x86 architecture. That means 32 bit will be around for another edition of windows. Below are two articles from Microsoft that talks about the platforms that Windows 8 will run on.   http://www.microsoft.com/presspass/press/2011/jan11/01-05socsupport.mspx http://www.microsoft.com/presspass/features/2011/jan11/01-05sinofskysoc.mspx

Delegate Administration of Hyper-V

In small environments, one individual may be charged with managing your Hyper-V environment.  In larger organizations, the tasks of maintaining Hyper-V may need to be distributed.  In order to stick to the Principal of Least Privilege, you have the ability to delegate out the management tasks of Hyper-V to multiple users.   To do this log into your 2008 server that is hosting Hyper-V.   · Click Start , type MMC and press Enter   · Click File and then click Add/Remove Snap-in…   · In the Available snap-ins: list, click Authorization Manager .   · Click Add and then OK .   · In the MMC console, right click Authorization Manager and select Open Authorization Store…   · Verify that XML file is select and type %programdata%\Microsoft\Windows\Hyper-V\InitialStore.xml in the Store name:   · Click OK   From here we can define scopes to limit the Hyper-V servers that users can manage.  We can also define roles that users can participate in and what t

Understanding NTFS and Share permissions

Recently, I instructed a Microsoft Class (6292: Installing and Configuring Windows 7 Client).  During a presentation about the effective permissions of a user when considering NTFS and Share permissions, one student sat up and said "I finally understand that concept.  Nobody has been able to explain that to me before." I decided to put a little bit of that presentation here for everyone's benefit. We use the security model of Microsoft NTFS format to determine what a user is able to do with a file or folder.  We have several different permissions to choose from: Full Control : Users can do anything to the resource. Modify : Users can modify the files and their properties.  Users cannot take ownership or change permissions. Read & Execute : Users can run executable files and scripts. List Folder Contents : Users can view a list of a folder’s contents. Write : Users can write to a file. Read : Users can view files and the files properties. Deny : Absolutely

DHCP Renewal Interval

In class we had a discussion on a slide that seems to present the time when a DHCP client at 87.5% of the lease period instead of 50%.  Below is an excerpt for TechNet that should help clear up the confusion.   Renewing a lease The DHCP client first attempts to renew its lease when 50 percent of the original lease time, known as T1, has passed. At this point, the DHCP client sends a unicast DHCPRequest message to the DHCP server that originally granted its lease. If the server is available, and the lease is still available, the server responds with a unicast DHCPAck message, and the lease is renewed. If the original DHCP server is available, but the client’s current lease is no longer available, the DHCP server responds with a DHCPNack message, and the client immediately starts the process to obtain a new lease. This can happen if the client has changed subnets or if the DHCP server cannot fulfill the lease request for some other reason. If there is no response from the DHCP

Create a Self-Service User in VMM

A self-service user role enables users to create and manage their own virtual machines within a controlled environment by using the VMM Self-Service Portal or the Windows PowerShell VMM command shell. A self-service user cannot create or modify user roles and cannot perform administrative functions on hosts and library servers.   To create a Self-Service User, open System Center Virtual Machine Manager .   In the menu bar, click Go \ Administration .   In the menu bar, click Actions \ User Role \ New user role   Provide a name and a description for the user role.   In the User role profile: drop down menu, choose Self-Service User   Click Next   In the Add Members window, click Add…   Add in the users or groups that will be part of this role.   Click Next .   In the Select Scope window, select the host group that these users will be able to utilize for their virtual machines.   Click Next   In the Virtual Machine Permissions window,

How make sure the Firewall rules for both Public and Private networks are the same

Originally this question was “How to force all new wireless networks to be Public.”  I had very little luck with this one.  I started looking into a PowerShell option for this, but that code was turning into a complex process.  It then hit me, just make the two profiles the same in the firewall.   To do this, we are going to use the firewall on a Windows 7 client.    Open the Windows Firewall with Advanced Security . Right click Windows Firewall with Advanced Security and then click Export Policy .   Save the policy to a network location.   Open Group Policy Management on a Windows 2008 R2 server or a Windows 7 Client with RSAT installed.   Create a new GPO, or used one that is scoped to reach all of your clients.  I named my GPO Firewall .   Edit the GPO and expand Computer Configuration / Policies / Windows Settings / Security Settings / Windows Firewall with Advanced Security / Windows Firewall with Advanced Security .   Right click Windows Firewall

Create a Delegated Administrator in VMM

A Delegated Administrator has the ability to perform all the functions of an administrator in VMM, but is limited to only certain groups of hosts or library servers.   To create a Delegated Administrator, open System Center Virtual Machine Manager .   In the menu bar, click Go \ Administration .   In the menu bar, click Actions \ User Role \ New user role   Provide a name and a description for the user role.   In the User role profile: drop down menu, choose Delegated Administrator   Click Next     In the Add Members window, click Add…   Add in the users or groups that will be part of this role.   Click Next .   In the Select Scope window, check the hosts, hosts groups, and library servers that this group will have administrative control over for VMM.   Click Next .     In the Summary window, click Create .

On the printer sharing properties, what does Render Print Jobs on Client Computers do?

While in class, a student noticed the Render Print Jobs on Client Computers while we were discussing shared printers.     On legacy versions of Windows, it was assumed that the print server would have more processing capability than the clients. For this reason, print jobs were processed on the print server. Now that we have faster, multi-core processors, clients are just as powerful as most print servers. This option is the default setting on Vista and Windows 7.   Some other advantages are CSR (Client Side Rendering) such as the elimination of driver mismatches and better support for Offline Printing. Since the same computer that spooled the print job also rendered the EMF-format data, there are no inconsistences between the client and server print drivers. Also, the print out can be spooled even if there is not a connection to the computer that is hosting the printer. The print job is automatically transmitted when a connection is established.

What is the WINSXS folder?

The WINSxS folder (also known as Windows Side by Side) holds the code for installing the roles and features of Windows and the installation files for other applications that you install on your client.  This folder allows you to install additional components without asking you for the installation media.  This is a good thing as we move closer to the day when DVD drives will be found only in museums. The big thing here if the number of GB that this folder consumes.  Microsoft suggest not deleting anything from this folder as it could hinder your ability to add additional functionality. The following link to the blog site for Microsoft Enterprise Platforms Support: Windows Server Core Team will give you some options on how to possibly reduce the size of the WinSxS folder safely. As always, backup and test before putting their procedure into production.