Skip to main content

Posts

Showing posts from August, 2011

Installing the Virtual Machine Servicing Tool 3.0

The Virtual Machine Servicing Tool 3.0 is the upgrade to Offline Virtual Machine Servicing Tool.  VMST allows you to keep VMs stored in your System Center Virtual Machine Manager library up to date when the are not in use.  You can download the VMST from Microsoft .   Once downloaded, Extract and open the folder on your VMM server.     Select the correct processor platform for your environment. Click Run Click Next   Accept the license agreement and click Next Click Next and then Install . Click Yes or enter your local/domain administrative credentials if you receive a UAC prompt. Click Finish when the installation is completed. The installation is now complete.

How to make a Windows VPN connection FIPS compliant

FIPS stands for Federal Information Processing Standards.  FIPS defines how federal computers systems will be secured and how they will talk to each other.  Windows XP and later can be configured for FIPS compliance.  In my 6416C class in New York, this question came from a room full of government employees.  They had an obvious interest in making sure what they had just learned on Network Policy Server could be considered for usage in their organizations.  The two TechNet articles below outline how to do this and some considerations to follow. Configure Wireless Clients running Windows 7 and Windows Vista for PEAP-MS-CHAP v2 Authentication The effects of enabling the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security setting in Windows XP and in later versions of Windows

Virtual Hardware Choices for adding VHD files.

You have 2 choices when it comes to configuring your VHD files. You can connect them via IDE or SCSI controllers in your virtual machines.   IDE: The IDE allows you to connect 2 drives. You are allowed 2 IDE controllers which allow for up to 4 drives. You must have the boot drive for the VM on the IDE controller. You will be limited to 2,048 GB per IDE hard disk. Pass-Through, Fixed-disk, and Dynamic VHD type are all allowed on the IDE controller.   SCSI: You are allowed to have 4 SCSI controllers on your virtual machine. Each SCSI controller can host 64 VHD files with give you a total of 256 disks. There is not a limit to the size of the SCSI drives except the hardware that is actually hosting the VHD file. You can also add and remove SCSI disks from the VM while the VM is running if you are running the host of Windows Server 2008 R2.

How to use the System Center Virtual Machine Module cmdlets in your scripts.

This took a little research.  You need to use the Add-PSSnapin cmdlet.   Add-PSSnapin Microsoft.SystemCenter.VirtualMachineManager   This snapin is available on a client that has the VMM Administrator Console installed on it.  Once you execute the above command, the VMM cmdlets should be available to you.

Forcing a Windows 7 client to create a Shadow Copy

Windows 7 has the ability to support Previous Versions lust like Windows XP and Vista did on a share hosted on a 2003 or 2008 server.  The difference is that the shadow copy can now be a local drive.  Thanks to a little help from Thomas Lee and a posting on the Win32_ShadowCopy from MSDN, you can force a Windows 7 to create a shadow copy.  The actual lines of PowerShell code are below. # get static method $class = [ WMICLASS ] "root\cimv2:win32_shadowcopy" # create a new shadow copy "Creating a new shadow copy" $class . create ( "C:\" , "ClientAccessible" ) You can attempt to run this remotely by using PowerShell V2 remoting capability

Configuring VM Storage in Hyper-V

The Default location for storing Hyper-V Virtual Machine files is:   .vhd: C:\Users\Public\Public Documents\Hyper-V\virtual hard disks   Configuration files: C:\Program Files\Microsoft\Windows\Hyper-V   It is OK to leave them there in a test environment, but in practice, you will want to move them to different physical drives simply for the sake of better performance. Here are a few considerations.   Move them off the partition that holds the host’s operating system Move them off the disk that is used by the parent for paging. If using multiple VMs on the same server, distribute the VM files across as many disks as possible. If stored on a SAN, ensure reliability and performance will meet expectations. Make sure the location will not only have enough space for data, but also snapshots. Restrict access to the storage locations to only those who need to copy and paste files in that location. If on a failover cluster, store the files on the share

Migrating virtual machines between Hyper-V hosts using the Export/Import feature in Hyper-V

One of the benefits of virtualization is your ability to migrate a VM to another host. Whereas with a physical server, you would have to install the OS, applications, drivers, and then migrate the data, you can simply migrate the VM in the virtual world.   To begin the migration, shut down the virtual machine.   Access the Hyper-V Manager that controls the VM.   Right click the VM that you want to export and click Export.   Provide a path to save the VM. Remember, if this VM has snap shots, all that data will be exported as well. Make sure you have sufficient disk space.   Click Export .   While the VM is exporting, you will see the Cancel Exporting option in the Actions pane of the VM.     You will also see the Cancel Exporting option if you right mouse click the VM.     Once Exporting is complete, these options will go away.   Transfer the exported files to their new home.   One Hyper-V Manager, in the Actions pane, click Import Vir

Configuring Hyper-V Virtual Networks

  The Virtual Network Manager in Hyper-V allows you to create several types of virtual networks inside your virtual environment. This allows you to create isolated networks inside the same server. Click Virtual Network Manager in the Actions pane to access the Virtual Network Manager.     In the left hand pane is a listing of all the virtual networks currently programed in on this Hyper-V server. Be default, New virtual network is selected. Be clicking on any of the other already configured networks will allow us to make changes to each profile.   Types of virtual networks.   In the Create virtual network area, we see three types of networks that we can create. External :   An External network creates a virtual network that you bind to a physical network adapter. This allows the VMs in that virtual network to access your physical network. They will be able to talk with each other, get DHCP addresses, and access the internet if those services are provided.

How to reserve resources for a VMM host

  To prevent virtual machines from being placed on a server that the VM will overwhelm, you can use the Reserves feature of VMM.    Open up System Center Virtual Machine Manager   Browse to the host that you want to manage the reserves on.   Right click it and select Properties     Click the Reserves tab.   Here you can set the minimum resources that host can run on.  A VM cannot take these resources away from the host.  

What's the difference between Microsoft Security Essentials and Windows Defender?

Below is the official word from Microsoft . Security Essentials is antimalware software, which means that it's designed to detect and help protect your computer against a wide range of malicious software, including viruses, spyware, and other potentially unwanted software. Windows Defender, which is automatically installed with your Windows operating system, is software that detects and stops spyware. To learn more about Windows Defender, visit the Windows Defender Web site .

Hardware Requirements for Hyper-V 2008 R2

Below is a list of the hardware requirements for Hyper-V 2008 R2. You can find the original information from Microsoft here .   · Supported Operating Systems: A list of supported guest operating systems can be found here .   · Processor: x64 compatible processor with Intel VT or AMD-V technology enabled. Hardware Data Execution Prevention (DEP), specifically Intel XD bit (execute disable bit) or AMD NX bit (no execute bit), must be available and enabled.   · Minimum CPU speed: 1.4 GHz; Recommended: 2 GHz or faster.   · RAM: Minimum: 1 GB RAM; Recommended: 2 GB RAM or greater (additional RAM is required for each running guest operating system); Maximum 1 TB.   · Available disk space: Minimum: 8 GB; Recommended: 20 GB or greater (additional disk space needed for each guest operating system).   · DVD ROM drive   · Display: Super VGA (800 × 600) or higher resolution monitor.   · Other: Keyboard and Microsoft Mouse or compatible pointing device. Note:

Does a Computer Object SID do anything?

This one through me for a loop in class.  While talking about what SYSPREP does to a client, one of the members of the class pointed me to a very interesting article.  I have always been taught that the SID of the computer account is what Windows looks at for assigning security access.  Well, take a minute to read this blog post from Mark Russinovich at Microsoft.   OK, let’s put this to the test.  I took a VM from class and created an image of it.  I then deployed this non syspreped image to another VM and started it up in the same environment as the original.  The original was logged off and I had no trouble logging in.  After taking snapshots of the new VM and the DC, I went ahead and renamed the VM to LON-CL3.  In AD Users and Computers, the account associated with the original was renamed.   OK, I reapplied the snap shots and brought both identical VMs online.  I was able to log in on both.  On the original, I’m renamed the client and allowed it to reboot.    In the image

Configuring settings for Hyper-V R2

Once the Hyper-V server has been installed, you can configure it. Open the Hyper-V Manager console.   Click Hyper-V Settings from the Actions pane.   There are two sections to the Hyper-V Settings, Server and User . The Server settings control the default locations for the VM files. Keyboard Settings     This is where you decide when the “Window” key will be used on the host, and on the child. The default setting is to use it on the host, unless the VM is running in full-screen mode. Mouse Release Key     For older operating systems, you may not be able to click in and outside the VM window as easily as you can for Windows 2008 and Windows 7 virtual machines. In that case, the mouse is captured and you will not be able to click on the host desktop. The Mouse Release Key is the key combination that you will use to release the mouse back to the parent operating system. User Credentials   Click this if you want to use your login credentials to g

Cloning virtual machines using Virtual Machine Manager

Cloning allows you to take a virtual machine and make a copy of it. This is a good way to test a new configuration or software installation on a VM without risking taking the VM down. When you create your clone of a VM, it is not generalized. That means it holds the same SID, and all other settings, as the original. For this reason, you will not be able to run this VM in the same network while the original is running. You can transfer the cloned VM to an isolated virtual network for testing. In the isolated network, it will not have contact with the original.   To clone a virtual machine, open Virtual Machine Manager .   Make sure the VM is turned off. The cloning option will not be available if the VM is turned on.   Click Virtual Machines in the lower left hand menu.   Right click the VM that you want to clone and click Clone .     In the Virtual Machine Identity window, you can change the name, description, and owner of this cloned VM.   Click Next  

Managing Snapshots in Hyper-V

Taking snapshots Taking a snapshot is a very easy process. Just remember a few considerations first. 1. Make sure the disk that is holding the virtual machine (VM) folder has the disk space for a snapshot. 2. Make sure the VM is either running, or shutdown. You cannot take a snapshot while the VM is paused. 3. Snapshots are not supported in a production environment. Snapshots are good for lab or test environments. 4. Snapshots are not a replacement for regular backups. You can take a snapshot in one of two ways; you can right click a VM in Hyper-V Manager and select Snapshot . Your other option is to click on the VM in Hyper-V Manager and click Snapshot from the VM specific menu in the lower left hand corner of the Hyper-V Manager. It will take several seconds for the snapshot to appear in the Snapshots window.     Reverting snapshots Snapshots make it very easy to go back to a point-in-time. You can easily reset a VM back to its current snapshot by doing a Revert.

Install Hyper-V on Server Core

Server Core is an excellent platform for running Hyper-V. Because of its minimal installed code, you will have greatly reduced maintenance and reduced attack footprint on the host system. Since Server Core is a minimal installation of Windows Server 2008, you will be working with a text based environment similar to Unix. Also with the minimal code, more of the servers resources can be dedicated to the VMs, and less to the parent OS.   Log into your Server Core with an account that has local administrative rights.   Let’s get a listing of what roles and features have been installed on this server   Type Dism /online /get-features /Format:table and press Enter .   We will see a nicely formatted table of what is on installed, and what is not.     If you scroll down the list you will see Microsoft-Hyper-V is disabled. Let’s enable it.   Type Dism /online /enable-feature /featurename:Microsoft-Hyper-V and press Enter . This command is case sensitive.    

list wmi namespace

Last week I published an article about how to set your host reserves in VMM Manager.  I deliberately left off with a manual task.  Changing the host reserves only affects new hosts added to your VMM environment. What about the ones that are already there?  You had to manually change them. Using PowerShell on a client that has VMM Manager installed on it, you can change the Host Reserves of all Hosts that are already on the system Open PowerShell (You must do this on a client that has VMM Manager installed on it) Type Add-PSSnapin Microsoft.SystemCenter.VirtualMachineManager and press Enter . This adds in cmdlets that are specific to Virtual Machine Manager. Now type Get-VMHost | Select-Object ComputerName, CPUPercentageReserve, NetworkPercentageReserve, DiskSpaceReserveMB, MaxDiskIOReservation, MemoryReservationMB and press Enter . This will show you the current Host Reserves on each host. We can use the 5 reservation properties to change the host reservations.  For simplici

Verify DEP BIOS setting without rebooting your server

If you find that you need to verify your DEP (Data Execution Prevention) BIOS settings, here is a simpler way to do it without rebooting your server. Type this command in a DOS command window. WMIC OS Get DataExecutionPrevention_SupportPolicy It will return back one of the following: 0 - DEP is disabled for all processes. 1 - DEP is enabled for all processes. 2 - DEP is enabled for only Windows system components and services. (Default) 3 - DEP is enabled for all processes.

Can you exclude certain files from UAC?

User Access Control is an all or nothing feature. It is either on or off. I personally like to keep it on. On my servers, I have UAC prompt for consent for administrators. I know when I’m going to set off UAC. This keeps it in place and still helps to provide protection. For my clients, it keeps technical support cost down by helping to prevent users from damaging the clients they use. Some applications do not like to use UAC. To date, you can not exclude certain applications of OS functionality from UAC. I found a possible work around on Martin Zugec’s blog . Give it a through testing prior to use.

Do you have to use the free VM license with Server 2008 on the same physical host that you installed 2008 on?

Yes you do.  If you by a copy of Windows Server 2008 R2 Enterprise, you must use those virtual license on the machine that you assigned the physical license to. I’m not a licensing expert, so I’m going to direct you to a blog article by Matt McSpirit to explain the details.

How to Cascade Host Group Reserve Settings in VMM Manager.

Configuring resource reserves for a Host in VMM is a good idea.  This prevents the VMs running on the host from consuming all the resources of that host and rendering it unusable.  There are two ways of setting up host reserves, manually and through inheritance.   Let’s first look at the inheritance method.  Below is a screen shot of my VMM host groups.   Currently, I have the default host reserves set on them. The image below is from the All Hosts properties.   I’m going to change the CPU percentage from 20 to 25 and then click OK . When I did this, I received the options below. I’m going to select Apply changes to this host group and its children and click OK Once completed, the host reserves for the host currently on that host group did not change.  This is for new hosts added to VMM.  This is not the true inheritance that we use with technologies such as NTFS.  The Host Reserves in the Host Groups should be considered more as templates for new hosts as oppo

How to prevent USB memory devices from being used through Group Policy

USB devices have made transporting data extremely fast and easy.  The down side is that they also have the potential of spreading computer viruses just as fast and easy.  For this reason, you may want to restrict a computers ability to read data and execute programs from a USB drive.  Also potentially damaging is the ability for a user to remove large amounts of data for your networks.  You may also want to restrict the writing of data to these drives.  Group Policy provides you with options to help manage USB memory device usage.   This first option is for users of Vista.  You can scope this one to either a computer or to a user.  In your GPO, expand. Policies \  Administrative Templates \ System \ Removable Storage Access .  There you will find 4 GPO settings to help you deny read, write, and execution from USB devices.   For Windows 7 clients, you can also set a condition based on Windows BitLocker.  In your Group Policy, expand Computer Configuration \ Administrative Temp