MDT silent install.

Posted on March 15, 2012 by Christoffer Steding

To speed up the installation of Microsoft Deployment Toolkit (MDT) and Windows Automated Installation Kit (WAIK) and to get the same setup at all customers I use this PowerShell script to install the programs needed and to setup and configure the Deployment Share.

Thanks to Brandon Linton for the MDT Deployment Share Creator Powershell Script that I have modified to work for me, myself and I.

Thanks to Yannick Plavonil for the MST files to the silent WAIK installation.

The Script:

  • Installs .NET Framework 3.5.1
  • Installs Windows Deployment Services.
  • Installs Windows Automated Installation Kit.
  • Installs Microsoft Deployment Toolkit.
  • Configures the Deploymetshare.
  • Restarts the server.

Download:

Save the script in your setup folder (d:\source) together with
MicrosoftDeploymentToolkit2012_x64 .MSI and the extracted KB3AIK_EN.iso (extract to KB3AIK_EN) copy the mst files to the KB3AIK_EN folder.

Run the script and go and take a coffe.

Happy Deploying!

Posted in Deployment, Scripting | Tagged , , | 1 Comment

SYSTEM writer is missing in Windows 2008 and 2008 R2

Posted on February 28, 2012 by Christoffer Steding

Does your system state backup fail?

I have a couple of time seen that the system writer is missing in VSSadmin when the system state backup has failed.

To get the System writer back start a command prompt and write one row at a time and press enter.

Takeown /f %windir%\winsxs\filemaps\* /a
icacls %windir%\winsxs\filemaps\*.* /grant “NT AUTHORITY\SYSTEM:(RX)”
icacls %windir%\winsxs\filemaps\*.* /grant “NT Service\trustedinstaller:(F)”
icacls %windir%\winsxs\filemaps\*.* /grant “BUILTIN\Users:(RX)”

Then type vssadmin list writers in a command prompt to check that you have the system writer back.

Posted in Windows Server | Tagged , , | Leave a comment

Help Stop SOPA/PIPA

Posted on January 17, 2012 by Christoffer Steding

PROTECT IP / SOPA Breaks The Internet from Fight for the Future on Vimeo.

Posted in Uncategorized | Leave a comment

Configure Windows 2008 / 2008 R2 core

Posted on January 14, 2012 by Christoffer Steding

Why should I run server core?

It is a minimal Windows Installation that can run specific server roles. This reduces the attack surface on the server. Windows 2008 and 2008 R2 core consumes less memory and CPU than a “regular” Windows 2008 installation does. And yes you can install antivirus software and other programs as long as you can install them silent.

How do I configure the server?

In 2008 R2 you can use the command sconfig to do basic configuration. This is the easiest way to configure the server.

 

In the 2008 version of server core you need to configure the server using script or third party software.
I like Core Configuration Console (CCC) that can be downloaded from http://www.nullsession.com/downloads
If you don’t want to use CCC you have some commands below to configure your server.

Configure Static IP address:

The following command configures the interface named Local Area Connection with the static IP address 192.168.0.19, the subnet mask of 255.255.255.0, and a default gateway of 192.168.0.1:

“Local Area Connection” is the name of the network connection that you want to configure.
To find the name of your connection you can use ipconfig.

netsh interface ipv4 set address name=”Local Area Connection” static 192.168.0.19 255.255.255.0 192.168.0.1

netsh interface ipv4 add dnsserver name=”Local Area Connection” address=192.168.0.11

netsh interface ipv4 add dnsserver name=”Local Area Connection” address=192.168.0.19 index=2

Disable Firewall:

netsh advfirewall set AllProfiles state off

Rename Server:
To find the current name of your server type hostname.

netdom renamecomputer server_name /newname:dc02

Restart Server:

shutdown /r /t 0

Join domain:

netdom join /d:compit.local dc02 /ud:compit\administrator /pd:password

Now when you have configured your server it’s time to start adding roles that you want on your server.

 

 

 

 

Posted in Core, Windows Server | Tagged , , | Leave a comment

Update Username, time and computer model in the computer description field when user logon.

Posted on January 7, 2012 by Christoffer Steding

This script is good when you want to know who is using a specific computer and the model of the computer. The description is updated every time a user logs on to a computer.

To use the script create a new GPO or use an existing GPO and add the VB script as a logon script.
Link the GPO to the computers OU.
For the users to be able to update the description field you need to delegate the control to the users to do so. Follow the guide below.

You can download the script from this link.

http://www.compit.se/download/script/SetCompDesc.zip

Delegate control to users to write in the computer description field

Right click on the OU that you want to give the users the right to update the description field.
Choose the Delegate Control…

  1. Delegation of Control wizard will start .
  2. Add the Group that you want to give the right to.
  3. Choose to Create a custom task to delegate.
  4. Select Only the following objects in the folder
    Then select Computer objects
  5. Choose Property-specific and then select Write Description
  6. Read the summary box so that everything is correct and press Finish

 

Now you have Delegated the rights to the users to update the description field in the OU that you selected.

Posted in Active Directory, Scripting | Tagged | Leave a comment

Managing HP drivers in SCCM and MDT.

Posted on December 5, 2011 by Christoffer Steding

Everybody that is working with deployment loves drivers and new computer models.
One good thing is that more and more PC manufacture is making it easier to handle drivers for their models.

To manage drivers for HP you can use HP SoftPaq Download Manager and HP System Software Manager.

* SoftPaqs = Applications and Drivers for HP Computers and Servers.

How does SDM and SSM work together?

  1. HP SDM connects to Internet to download the desired SoftPaqs for the computers.
  2. The SoftPaqs are saved in a shared folder on for example the server where you have your deployment share.
  3. SSM connects to the shared folder and checks for available SoftPaqs for the system that is being deployed and Installs the SoftPaqs.

 

HP SoftPaq Download Manager (SDM) – Lets you easy download drivers from HP.
http://www.hp.com/go/SDM

 

HP System Software Manager (SSM)– Installs the drivers on your computer during the Task Sequences.
http://www.hp.com/go/SSM

 

Configure SSM.

To run and setup SSM in admin mode, perform the following steps:

  1. Navigate to Hewlett-Packard\SSM in the Program Files directory (or Program Files (x86) if running 64-bit Windows), and then run SSM.exe
  2. When prompted for the location of the file share, navigate to the SDM download directory. Type the name you want to use for the file share, and then click Next.
  3. If you are presented with a message about SSM.CAB being missing, double-click on the specified text to copy the file to the file store, and then click Next until you reach client options.
  4. Select Reboot client upon completion of upgrades, and then click Next.
  5. Click Next until you reach the Build Database window.
  6. Select Check ftp.hp.com for CVA file updates first. This causes SSM to update the specification file for each SoftPaq, which may include bug fixes and expanded coverage.
  7. Click Build Database, and wait for the build process to finish.
  8. Click Finish to complete the process.
  9. Copy ssm.exe to the root of the SDM download directory. This allows easier execution of SSM from the network.

Configure SSM for use with a Task Sequences.

  1. Create a new application in MDT. Select Application without source files …..
  2. Enter HP SSM for application name.
  3. Enter the Command line \\server-name\share\ssm.exe . /install
  4. Press next a couple of times.
  5. Go to your Task Sequence and take properties.
  6. Add the application HP SSM

When HP SSM is executed it will check in the drivers folder for missing drivers and applications for the machine.

 

For more information you can read the following white papers from HP.

http://www.compit.se/download/deployment/system_software_mgr.pdf

http://www.compit.se/download/deployment/HP_drivers_MDT_SDM_SSM.pdf

Posted in Deployment | Tagged , , , , | Leave a comment

ISA Server 2004 and Gzip Compression.

Posted on October 28, 2011 by Christoffer Steding

I know that ISA 2004 is a really old but still there is a lot of them out there.
I came to a customer that had problems to get the compression from their webserver
to work.

They had a web publishing rule that published their web pages to the internet.
The web server was configured to use compression but it never did.
The reason for that is that the webserver doesn’t receives the accept-encoding header
from the browser and assumes that the browser doesn’t support compression.

To get this to work you have to change the web publishing rule to send accept encoding header
this is set to false by default in ISA 2004 and you can’t change this in the GUI.

If you change this to TRUE it will work for you. The way to change it is buy using a script below.

ruleName = WScript.Arguments(0)
Set FW = CreateObject (“FPC.Root”)
Set myRule = FW.GetContainingArray.ArrayPolicy.PolicyRules.Item (ruleName)
myRule.WebPublishingProperties.SendAcceptEncodingHeader = True
myRule.Save
WScript.Echo “Settings changed for ” & ruleName

Run it from the commandline:
WScript yourScriptName.vbs YourRule-Name

Posted in Scripting | Tagged | Leave a comment

Warning: Attribute userAccountControl is: 0×82020

Posted on September 2, 2011 by Christoffer Steding

New customer New problem do I need to say more?

Starting test: MachineAccount

Warning: Attribute userAccountControl of DC01 is:

0×82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION )

Typical setting for a DC is

0×82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION )

This may be affecting replication?

……………………. DC01 passed test MachineAccount

To change the value to the correct value (532480) open ADSI Edit and go to OU=Domain Controllers and choose Properties on the Domain Controller where you have the problem.

In the Attribute Editor look for userAccountControl and click on Edit. Change the Value to 532480 with is the same as 0×82000 and click OK twice.

Run a new DCdiag to check that the problem is solved.

Starting test: MachineAccount

……………………. DC01 passed test MachineAccount

Posted in Active Directory | Tagged , , | Leave a comment

DCdiag – Got error while checking LDAP and RPC connectivity.

Posted on August 23, 2011 by Christoffer Steding

When running DCdiag on an Windows 2008 server i received the error:

Message 0×621 not found.

         Got error while checking LDAP and RPC connectivity. Please check your

         firewall settings.

         ……………………. DC01 failed test Connectivity

After checking my firewall I when ‘t on to Google to ask, I found some suggestions to check the cables, switch and network teaming. After dissolving the network teaming on the server the server passed the connectivity test, another solution could be to update to the latest Nic teaming software.

Testing server: Default-First-Site-Name\DC01

      Starting test: Connectivity

         ……………………. DC01 passed test Connectivity

Microsoft has now released a patch to correct this problem. You can find more info here http://support.microsoft.com/kb/978387

Posted in Active Directory | Tagged , | Leave a comment

Migrating client computers using a computer start up script.

Posted on August 15, 2011 by Christoffer Steding

What is the easy way to migrate computers to a new domain? Running around to every single computer or have a computer start up script do the job for you? Since I get enough training on the gym I decided to go with the script.

My mission was to migrate 120 client computers running Windows XP, Windows 7 and Vista. The computers where going to get new computer names and the users was getting new logon names.
The user was going to keep the old profile with the new username.

I used ForensIT User Profile Wizard and a GPO to migrate the computers. You can read more about ForensIT here http://www.forensit.com/domain-migration.html

When I bought it the price was 2$ / PC so it was worth every cent.

After the program is installed you start User Profile Wizard Deployment Kit and just follow the wizard and set the settings that you want to use.

By default the log file is saved on the client computer, I changed it to a server share where all computers have write access. So I could see witch computers was migrated.

When you are done with the wizard there is some tweaks you can do in the profwiz.xml file.
I changed the ProtocolPriority to LDAP otherwise it is using NETBIOS to AD the computer to Active Directory. For more info read the Administration Guide.

Migration flag:
When a computer is successfully migrated the script create a migration flag so you need to delete this flag if you are going to migrate a computer more than one time in you test environment. The flag file is written to C:\Documents and Settings\All Users\Application Data (on XP) if the migration is successful. By default this is called “ForensiTMigrated”

More tools:
You can download sample scripts and other good tools from
http://www.forensit.com/support-downloads.html


Posted in Active Directory, Scripting, Windows 7 | Leave a comment