Tag: Microsoft

Windows 10 Roll-out: WSUS, Group Policy and Installation

As a software development company we need to be a little ahead of the curve when it comes to our adoption of new releases of Windows Server and Desktop environments as we need to ensure that our software will continue to function when our clients decide to upgrade to the latest technologies. However until recently due to our customers being large enterprises, which traditionally are slow to adopt new technology, we didn’t need to jump in immediately when a new OS was released. That has changed since we started to gain clients in emerging markets, Kenya and Nigeria specifically, who appear to be quicker to adopt the latest OS as they are experiencing rapid expansion and growth of their infrastructure.

So just over two months since the release of Windows 10 I undertook a pilot program to roll it out to a limited number of developers and create a small number of virtual machines for testing.

Edit: Since first writing this up the number of people that I have rolled Windows 10 out to now encompasses almost a third of the company.

But prior to the actual roll-out there are a couple of tasks that need to be done to ensure that the infrastructure for managing Windows 10 is in place namely WSUS (Windows Server Update Services) and Group Policy.

WSUS was pretty simple as the product list it uses is updated automatically with new entries so it is just a matter of ticking the boxes to receive updates for those products. Open up the WSUS console, click on Options and then Products and Classifications. Tick all the relevant boxes to receive the Windows 10 updates.

WSUS_windows10

Installing the Group Policy Administrative Templates (admx files) was more involved but again was pretty straightforward. I downloaded the ADMX files Microsoft Administrative Templates for Windows 10 I also downloaded the ones for Windows 8.1 and Windows Server 2012 R2 as I’d realized that I’d somehow overlooked these previously.

Logged into one of the Domain Controllers and found the path to the SYSVOL folders location in the Central Store. Please note if you’re following these instructions and do not have a central store in your domain then the SYSVOL location will have different path.

Then opened the msi installer to start the installation of the Administrative Templates. At the Select Installation Folder window I changed the folder from the default to the folder of the SYSVOL folder in the central store that I found previously.

Windows-10-admx-installation

If you have a Central Store for ADMX files, the location should be the same or similar to the path below, just replace with your domain name (domain.com).

C:\Windows\SYSVOL\sysvol\\Policies\PolicyDefinitions

Installed both sets of templates and then took a quick look at the Group Policy Settings reference spreadsheet to see what new settings have been added, the total number of settings is now over 3700!

The actual installs of Windows 10 have all gone very smoothly so far. As well as the relatively new developer PCs (1-2 years old) I have carried out Windows 10 upgrades on a variety of different older systems including a 5 year old desktop PC and a 4 year old laptop.



Microsoft’s Windows 10 hardware event in 9 minutes

Microsoft’s Windows 10 hardware event in 9 minutes.

The Verge have produced a video highlighting the best bits of Microsoft’s hardware presentation.



Introducing the new Office 365 Admin Center Preview

The Office 365 Admin Center is being updated with the new visual style that Microsoft has adopted for the Microsoft Azure admin center.

We haven’t received the update yet on our subscription, but I like the look of it and so long as it is as easy for me to administer our company’s subscription I’ll be happy.



How to download the Windows 10 ISO

It is July 29th 2015 and Windows 10 has been released. If you have reserved your copy it will probably have downloaded by now and is ready for you to install it.

However

  • If you reserved your copy and it hasn’t downloaded yet.
  • You didn’t reserve your copy and you’ve found that you can’t download and install it yet due to Microsoft’s staggered roll-out.
  • You wish to do a fresh install.
  • You have multiple machines to upgrade and you don’t want to download the installation files many times.

Then what are your options?

You can jump the queue and do an in place install or download an ISO file of Windows 10 via a handy little tool that Microsoft has published called the Media creation tool.

The Media creation tool is a small EXE file that you just need to download and run to start the process. It comes in 32-bit and 64-bit versions and both will allow you to create 32-bit and 64-bit ISO files.

When you run it you’ll be given the option to either perform an upgrade of the PC you run it on or to create installation media for another PC. Choose the latter option, click Next, then choose the language, Windows version, and whether you want 32- or 64-bit architecture, or both.

You will then get the option to either download and create a bootable USB medium or to download and create an ISO file. select the ISO file radio button, click Next yet again and choose a location to save it to.

The tool will download the files, verify them and then create the ISO file.



Introducing Windows 10

Official announcement from Microsoft that the release date for Windows 10 will be July 29th.

Learn about all the reasons you’ll love the new Windows 10 – available as a free upgrade on July 29th. It’s familiar, comes with exciting new innovations like Cortana and the brand new Microsoft Edge browser, plus apps, Xbox and more. Learn more and reserve your free upgrade at windows.com.



Moving TempDB to a new location.

We had a process running on a particular SQL server virtual machine which was causing the TempDB file to grow exponentially and as a result caused the C: drive to run out of space. In this case the best solution was to move the location of the TempDB from the default location to a new location on the very large second Virtual drive.

The process is pretty straightforward.
[via]

Firstly locate the current file path of TempDB.
SELECT name, physical_name AS CurrentLocation
FROM sys.master_files
WHERE database_id = DB_ID(N'tempdb');
GO

Secondly perform the actual move with the following code. Modify it to choose new locations appropriate to your system.
USE master;
GO
ALTER DATABASE tempdb
MODIFY FILE (NAME = tempdev, FILENAME = 'E:\TempDB\tempdb.mdf');
GO
ALTER DATABASE tempdb
MODIFY FILE (NAME = templog, FILENAME = 'E:\TempDB\templog.ldf');
GO



Cannot RDP to a Windows Server 2008 R2 virtual machine

A quite mystifying issue with one of Citrix test machines was escalated to me this morning. The member of staff whose role it is to configure new test environments on the Citrix servers Skyped me to say that he couldn’t RDP to the machine but could access it via the vSphere client and could I please take a look at it and see if I could work out what was going on.

It was in a hell of state and I suspect that he’d had a good go at fixing things himself but had made matters much worse. The Remote Desktop Services role had been uninstalled for a start! Not that that would have actually made much of a difference as RDP for Administration would still be available without that role installed.

From the command line I ran the following two commands.

netstat -a -o | findstr 3389
and
qwinsta

The first was to display all the active TCP and UDP ports on which the computer was listening and then find the string 3389 which is the default RDP port number, the second command displays information about Remote Desktop sessions on a server. Neither returned any result.

I then restarted the Remote Desktop Services service.

Checked Remote Desktop Session Host and then at that point realised that RDS was no longer there. Reinstalled RDS and configured it to point at the license server again. A redundant step in terms of resolving the issue, but an important one in restoring the server back to full functionality.

Disabled the Windows Firewall completely.

From elevated command prompt I ran the following two commands.
sfc /scannow
regsvr32 remotepg.dll

I thought about checking Group Policy to ensure that nothing silly had been configured that would have denied RDP connections.

To do so would involve opening up the Group Policy Editor locally and then expanding the following.
Computer Configuration – Administrative Templates – Windows Components – Remote Desktop Services – Remote Desktop Session Host – Connections.
Allow users to connect remotely using Remote Desktop Services (enable or disable)

But the issue was more fundamental than that as I could see that the port itself wasn’t open.

Then decided to check whether the correct port number was assigned to the Remote Desktop Services and using information from this knowledge base article http://support.microsoft.com/kb/2477176 I checked the port number associated with RDP in the registry.

  • Ran regedit and opened the following registry subkey:
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Remote Desktop server\WinStations
  • Located the PortNumber registry entry.
  • Saw that the port number 3390 had been assigned.
  • Changed the port back from 3390 to 3389.
  • Saved the change, and then closed Registry Editor.

Tested RDP from my laptop and it worked.

Job done.

This strikes me as being a deliberate change . There is security advice out there that suggests changing the default port to something else, but I don’t believe that it offers a great deal of security and in this case was a massive pain. Also I can’t think who would have made this change.



How to whitelist a domain in Office 365 Exchange online

We receive automated emails from a domain other than the one we use for staff and some of these emails were getting misidentified as spam and moved to people’s Junk Email folders in Outlook. So we needed to white list the domain so that any emails originating from there would bypass the spam filter.

  1. In the Exchange admin center click on Mail Flow.
    exchange_mail_flow
  2. Next create a new rule by clicking on the + icon and click Bypass spam filtering…
    new_rule
  3. Select on the *Apply this rule if… for The sender… domain is
  4. Add the domain you wish to whitelist plus any additional domains you also wish to whitelist.
  5. Select Stop Processing more rules and then click save.

Learn more about Office 365 and Exchange Online with my TechSnips screencasts.

Or read the definitive guide to Microsoft Office 365 Administration


Ready to stop reading and start learning about PowerShell, DSC, Windows Server, Sharepoint, IIS and dozens of other categories? If so, check out the hundreds of free technical demo screencasts available on the new, IT career development platform TechSnips.




Microsoft renames SkyDrive to OneDrive

Following the threat of legal action from BSkyB for trademark infringement for the use of the name SkyDrive Microsoft came to a settlement whereby they agreed to change the name of the service.

I speculated at the time that Microsoft might have been thinking about rebranding the service anyway as they didn’t seek to fight the case at all. It’s been a while but they have announced that they are changing the name of the service to OneDrive.

I think that it is a very good change particularly the tag line ‘OneDrive for Everything in Your Life’. Because it is true that as the number of devices a person has increases the more necessary a single repository for important files which can be seamlessly accessed from any of the devices becomes.

I’ve already started the process of storing all my photographs online in SkyDrive as a backup for my home PC, but being able to access them on my phone is great and will likely become something that I’ll be wanting to do more often once I become a father this April.



Surface Pro deployment in retail

MQ Retail AB deploys Surface Pro in their brick and mortar stores