Monday, December 31, 2012
Happy 2013!
Hello and greetings to everyone!
Because of lack of time, it was difficult to me to update this blog at the end of this year.
With Windows 8 launch I would love to get you more info about it but one of my resolutions for 2013 will be to spend/win more time here.
So... Have an excellent 2013!
Friday, October 26, 2012
Windows 8 – Launch Event Webcast
It’s official!
It was yesterday the official worldwide launch of Windows 8!
Here’s the on-demand webcast:
Wednesday, October 24, 2012
Windows 8 – Mail App – Configure Multiple Accounts
Because I think this isn’t very clear on the default interface, here’s a tip to setup multiple e-mail accounts for Windows 8 Mail App.
.: Open Windows 8 Mail app.
.: Launch the charm bar moving your mouse to the upper corner on the display or with windowskey + c
.: Click Accounts and your ready to go!
Sunday, October 7, 2012
Technet Radio – “3-2-1” Deploy! Part 2
How you should prepare for and deploy
Technet Radio – “3-2-1” Deploy! Part 1
Microsoft Hardware – News for Windows 8 Devices
More 30 years to come!
Although not very recognizable in the overall hardware scene, I must confess that I’m a big fan of the Microsoft’s hardware division.
Great mice and keyboards and of course Microsoft’s Kinect.
As it celebrates it’s 30-year anniversary, Microsoft Hardware announces the launch of several new devices, and a lot of them are tuned for use with Windows 8.
Most of the mice and keyboards and bluetooth-enabled devices and we already know their name:
.: Wedge Touch Mouse
.: Wedge Mobile Keyboard
.: Sculpt Touch Mouse
.: Sculpt Mobile Keyboard
To take a look to the new devices go to:
Microsoft News Center - Microsoft Hardware Delivers on Windows 8, Good Looks and Mobility
TechNet Radio Community Corner - Deploying Windows Server 2012 with the Microsoft Deployment Toolkit
Just to post a quick chat between John Weston and Michael ‘The Deployment Guru’ Niehaus about Microsoft Deployment Toolkit 2012 Update 1
Wednesday, October 3, 2012
Troubleshooting – TechEd 2012 - How Many Coffees Can You Drink While Windows 7 Boots
Directly from TechEd 2012, here’s a very nice session where it was demoed how the new Microsoft Windows Assessment and Deployment Kit (ADK) can help to troubleshoot performance issues, with a special focus on boot times.
Monday, October 1, 2012
Outlook.com – How Microsoft Sees the Future of Email
Just to show an inspiring video about the new Outlook.com website, the future of Hotmail and the future Microsoft’s webmail.
To start using Outlook.com just go to:
http://www.outlookpreview.com
Friday, September 14, 2012
MDT 2012 – Hide Shell
Now, a very very nice new feature added to MDT 2012 that really makes your life easier and secure!
Have you ever had the funny guy that messed up a machine during deployment and ever since your never put your eyes anywhere else until the deployment finishes?
Now, in MDT 2012, just had the parameter HIDESHELL=YES to your customsettings.ini what and the explorer shell you’ll be hidden until the end!
Simple, easy and clean feature! :)
MDT 2012 – GPO Packs
I new nice feature of MDT 2012 it’s the GPO Packs features.
This feature add the ability to apply GPO Packs previously created using Microsoft Security Configuration Manager (SCM).
MDT already provides 4 default GPO packs that are applied by default during deployment. The correct GPO will be applied based on the operating system that is deployed.
All this GPO Packs are stored in the Templates folder within the Distribution Share.
If you don’t want to apply any GPO Pack just edit your customsettings.ini and add the parameter ApplyGPOPack=NO
To know more about the GPO Packs just go here:
The Deployment Guys - MDT 2012: New Features - GPO Packs
Thursday, September 13, 2012
W8TS – Tip 001 – Keyboard Shortcuts
This is finally the first tip on Windows 8 Tips Series!
It seems that everyone using Windows 8 on a desktop will use more keyboard shortcuts than before.
I’ve notice that the new UI its faster to use this shortcuts than using your mouse so, here are some of the keyboard shortcuts, some of them already used on previous Windows editions:
Keys(s) | Function |
Windows Key + Spacebar | Switch input language and keyboard layout |
Windows Key + O | Locks device orientation |
Windows Key + Y | Temporarily peeks at the desktop |
Windows Key + V | Cycles through toasts |
Windows Key + Shift + V | Cycle through toast in reverse order |
Windows Key + Enter | Launches Narrator |
Windows Key + PgUp | Moves Metro style apps to the monitor on the left |
Windows Key + PgDown | Moves Metro style apps to the monitor on the right |
Windows Key + Shift + . | Moves the gutter to the left (snaps an application) |
Windows Key + . | Movers the gutter to the right (snaps an applications) |
Windows Key + C | Opens Charms bar |
Windows Key + I | Opens Settings charm |
Windows Key + K | Opens Connect charm |
Windows Key + H | Opens Share charm |
Windows Key + Q | Opens Search pane |
Windows Key + W | Opens Settings Search app |
Windows Key + F | Opens File Search app |
Windows Key + Tab | Cycles through Metro style apps |
Windows Key + Shift + Tab | Cycles through Metro style apps in reverse order |
Windows Key + Ctrl + Tab | Cycles through Metro style apps and snaps them as they are cycled |
Windows Key + Z | Opens App Bar |
Tuesday, September 11, 2012
MDT 2012 – Enabling LTI Deployment Process Monitoring
A new nice feature on Microsoft Deployment Toolkit 2012 (MDT) it’s the LTI Deployment Process Monitoring.
This allows administrators to remotely monitor a LTI deployment through the Deployment Workbench console.
To enable the LTI Deployment Process Monitoring follow these steps:
- Open the Deployment Workbench
- In the Deployment Workbench tree, go to the Deployment Shares
- Select the Deployment Share you would like to monitor, right-click and select Properties
- Click on the Monitoring tab and select Enable monitoring for this deployment share and click Apply
The monitoring it’s now enable. If you go again to the Deployment Share properties and select the Rules tab, you’ll notice that EventService property has been added to the CustomSettings.ini file.
Friday, September 7, 2012
Microsoft Deployment Toolkit 2012 Update 1
Microsoft launched at 18/06/2012 an updated Microsoft Deployment Toolkit version.
This solution accelerator has the following changes:
- Support for Microsoft Windows 8 and Windows Server 2012
- Support for Microsoft SCCM 2012 SP1 CTP
- Support for DaRT 8 Beta
- The new “Build Your Own Pages” feature, which allows IT Pros to design deployment wizards with little effort
- New SCCM 2012 Orchestrator support
- Support for Windows PowerShell 3.0
To get more info and download this new version of MDT go to:
Microsoft Downloads - Microsoft Deployment Toolkit (MDT) 2012 Update 1
Thursday, September 6, 2012
Windows Deployment Services 2012 – Getting Start Guide
Sooner or later you’ll start to install your Windows Server 2012 and start deployment Windows 8 images for your clients. So…it’s important to know what’s new in WDS 2012, but it’s also important for new people that starts now their incursion through deployment, to have a little help.
Microsoft published a new “Getting Start Guide” for WDS 2012:
Technet - Windows Deployment Services Getting Started Guide for Windows Server 2012
Saturday, September 1, 2012
Follow Me!!!
Well, it’s now available to everyone my own hash tag for twitter.
To follow my tweets and all the FrontSlash blog posts just click on ‘Follow’ button on the right menu of the blog or click here: Follow@DiogoCSousa
Windows Deployment Services 2012 – What’s New!
4th September it’s the scheduled date for the official launch of Windows Server 2012. With a lot of new things and a more “cloud base” O.S., today I would like to focus a little bit in one of the features that I used a lot on Windows Server 2008 R2.
Windows Deployment Services (WDS) it’s one a product that helps IT Administrators to deploy Microsoft Windows and got a real boost with Windows Server 2008 where the product really got better and easy to use.
There are a lot of new things on the 2012 version and I’ve choose some of the has the “most important”:
ARM Architecture Support
Has expected, WDS 2012 will now support the image deployment for ARM clients which is an improvement in addiction to x86 and x64 architectures.
Standalone Server Mode
This one it’s a GREAT improvement. Finally the dependency on Active Directory was removed!
It still requires DHCP and DNS services but AD DS it’s over!
Expected Deployment Results Wizard
This is a modeling model that enables users to predict the results of a configuration change and how it impacts deployments.
Troubleshooting Enhancements
This on it’s also really welcome! The tracing with plain text it’s over and has now passed to ETW logging which enables a really better and efficient logging.
To know more detailed information about what’s new in Windows Deployment Services 2012 visit:
Technet - What's New for Windows Deployment Services
Friday, August 31, 2012
Windows 8 Introduction and Tips Series Annoucement
Starting the new road…
So I’ve finally had some time and installed Windows 8 Consumer Preview on my home machine.
And…well, although I’ve installed some very early version of this new Microsoft’s O.S. I never tried it on a really deep way.
So, after installing it (which is very simple by the way…) there are no major differences for a user when comparing the setup process with Windows 7, just if you get a little advanced or custom setup, you’ll get some more information to fill in.
I was interested in the the new login system (using a Windows Live account) and it’s really really nice to use it.
All your preferences are saved so you can login in another Windows 8 machine and all your experience can be the same including favorites, lock screen, background, etc.
After the first login…well…after the first login some “user interface” problems started.
Years and years of a Start Button can really mess your head in Windows 8.
The UI it’s completely different from what everyone it’s used about so you’ll need to get around the system a couple of hours to get used to it.
Just to give you an idea, I had to Google to know how to shutdown/restart the system!
I really don’t know if Microsoft shouldn’t think about to include a feature on the O.S. to allow the return of the Start Button…
Because I add some first issues I’ve decided to create a new Tips Series to help people like me that are starting to use this new O.S.
Hope to help someone to get working smooth and fast in Windows 8!
Friday, August 24, 2012
Adobe Reader – Latest Versions (offline installers) Download
After yesterday’s post about how to download the latest versions of Adobe Flash Player so you can distribute them over your enterprise environment, here’s the way to download another piece of software that is installed at a very large scale worldwide, called Adobe Reader.
This time, to download the offline installers, we have a FTP address:
ftp://ftp.adobe.com/pub/adobe/reader/
Enjoy it!
Thursday, August 23, 2012
Adobe Flash Player – Latest Versions (offline installers) Download
If you work on a medium-large enterprise and your responsible for the users desktops, I believe that one of your main concerns its that your environment it’s controlled and the installed programs are as much as possible almost the same in all machines. You also want to have your core applications or utilities up-to-date.
Nowadays, and although HTML5 starts to get some terrain, Adobe Flash Player it’s one of the most installed applications/plugins in the world. Because you’ve a controlled environment you want to decide when to install the new version of the plugin and you’ll need to use a standalone/offline installer instead of the default way where you go to Adobe website and download a web installer.
To get the latest versions (in exe or msi format, or even SCCM format) go to the Adobe website below:
Adobe Flash Player Distribution
Friday, August 10, 2012
Microsoft Deployment Toolkit – Task Sequence Has Been Suspended Error
This one made me go crazy!
So, today I went to my MDT because I needed to generate a new base image.
Power on machine; F12 to network boot; select Generate x86 image; Windows PE boot and…the error shown bellow:
After some search the root cause and solution where really easy.
Root Cause
I’ve previously generated another base image on this same machine, but…after the wim was saved to \\mdtserver\deploymentshare$\captures I didn’t click the Finish button. Instead, I just turned the machine off. Well…the root cause was exactly that!
Solution
This one it’s really really easy!
When you get the error above, press F8 to get the command prompt.
Now at the command prompt, type the following commands:
.: Diskpart
.: select disk 0
.: clean
.: exit
Now, reboot the machine and you are able again to generate images!
Hope this helps anyone with the same issues
Wednesday, August 8, 2012
MDT Wizard Editor
Nice tool for those who need something more from the Microsoft Deployment Toolkit wizards
Have you ever been using the default MDT wizards and thought that: “It could be useful to have ‘this’ feature here!”.
Well, now you can let your imagination drive you through what you thought it was useful and take control of the MDT Wizard.
The MDT Wizard Editor makes it easy to edit the XML/HTML files you see during the WinPE phases.
To test it and, who knows, to give new ideas, visit the CodePlex website where the latest versions are available:
CodePlex - MDT Wizard Editor
Wednesday, August 1, 2012
Windows 8 – Windows Store – Managing Client Access
One of the new big things on Microsoft Windows 8 it’s definitely the new Windows Store.
Although this isn’t a new concept, it’s a major step for all the upcoming Windows ecosystem (Windows; Windows Phone; Live Services; etc.)
If this new feature it’s great for home users, fortunately Microsoft understood that this could be a big headache for IT Administrators, since on an enterprise environment there’s a lot of restrictions about what users install.
Group Policy
First of all…YES, there a Group Policy Object (GPO) that allows IT Administrators to completely disable the Windows Store for managed computers, users or groups. You can also just disable the auto-download of updates for installed applications.
Access Permission Considerations
Windows 8 Metro style applications run with a very limited privileges when compared to a non-metro style application that usually run with standard user privileges.
Metro style application can only access to resources (files, folders, registry keys and DCOM interfaces) to which they have been explicitly granted access.
This permissions are not given by default, so for example, if you create a new folder (C:\NewFolder) a metro style application will not access it unless you specifically give permissions to do so using Access Permissions (ACLs).
Availability of Metro Style Applications for “Internal/Enterprise” Applications
Microsoft offers support for enterprises that what to deploy their internal application in a metro style way.
Enterprises can choose to deploy metro style applications without going through the Windows Store infrastructure.
To get a more detailed info about Windows Store for IT Administrators take a look at:
Microsoft Technet - Managing Client Access to the Windows Store
Windows Server 2012 – File and Storage Services Overview
What’s new on the upcoming Microsoft’s O.S. for servers
So, there’s not an enormous list of news but some (like Data Deduplication) seems to promise a lot:
Feature | Description |
Data Deduplication | Saves disk space by storing a single copy of identical data on the volume |
iSCSI Target Server | Provides block storage to other servers and applications on the network by using the Internet SCSI (iSCSI) standard |
Storage Spaces and Storage Pools | Enables you to virtualize storage by grouping industry-standard disk into storage pools, and then create storage spaces from the available capacity in the storage pools |
Unified remote management of File and Storage Services in Server Manager | Enables you to remotely manage multiple file servers, including their role services and storage, all from a single window |
Windows Powershell cmdlets for Files and Storage Services | Provides Windows Powershell cmdlets for performing the majority of administration tasks for file and storage servers |
To get a more detailed info about what’s new in Windows Server 2012 concerning File and Storage Services take a look at:
Microsoft Technet - File and Storage Services Overview
Tuesday, July 31, 2012
Windows 8 – Mobile Network Engineering
Has we already knew, the future it’s all connected
On this post at Building Windows 8 Blog, Steven Sinofsky explains how Microsoft developed Windows 8 with the purpose to give the end users a better mobile experience, with special focus on the mobile broadband connections.
One of the great improvements it’s that now Windows 8 brings a layer that controls the mobile broadband interface (Mobile Broadband Interface Model, or MBIM). This removes from the end users path, the hurdles that everyone knows about installing the third-party drives and software from the OEMs that normally gives a lot of headaches.
This means, an unique interface to control all your networks, with no issues about turning on and off radio antennas, put pin codes in another place, etc..
With a mobile broadband, it’s now even possible to see on the new user interface the data plans you have contracted with your provider, the consumptions, etc.
Because Microsoft want’s everyone developing to Windows 8, they now provide a new set of developer APIs so developers can take advantage of this nice new features.
Also, the new Windows 8 Task Manager provides a more granular information about the broadband usage. For example, you can know exactly how much network bandwidth an application has consumed.
To read the complete article and to see a short video demonstration just go to:
Building Windows 8 - Engineering Windows 8 for mobile networks
Friday, July 27, 2012
Microsoft Windows Server 2012 – VDI Presentation on Edge Show
The count down for Microsoft Windows 8 and Microsoft Windows Server 2012 has already started and the news are coming in a daily basis.
Since a couple of years, specifically since Microsoft Windows Server 2008 R2, the boom of virtualization has come to stay. We need to agree that Microsoft was a step behind it’s major competitors like VMware and Citrix.
With Windows Server 2012, Microsoft seems to have learned what the other were than great and add it to its operating system. I’m particularly interested in testing the new RDS Broker to see it’s capabilities when compared to VMware View.
So, here a nice introduction video from Microsoft’s Edge Show, about the new VDI on Windows Server 2012:
Monday, July 16, 2012
Windows 7 Deployment – Back to Basics
Although a lot of this blog readers have some good deployment experience, I believe it’s always good to get back to basics and remember some things about Windows 7 deployment because this can refresh our memory and sometimes realize that what we thought we were doing right can be done in a different way or with a different approach to a given problem or objective.
So, here are some videos I believe are the basic to remember and for those who are starting in the marvelous world of automated deployment:
- Exploring the Windows Automate Installation Kit (Windows AIK 2.0)
- Exploring the User State Migration Toolkit (USMT 4.0)
- Exploring the Application Compatibility Toolkit (ACT 5.5)
- Deploying Office System 2007
- Windows 7 Image Creation and Litetouch Deployment using MDT 2010
- Image Servicing with DISM
- Windows 7 Zerotouch Image Deployment with Configuration Manager and MDT 2010
Tuesday, July 10, 2012
Automating Drivers Installation and Availability in Your Enterprise
So, we have a central store for our group policies (ADMX files), a network share for our software, a SharePoint for our documents and…what about device drivers?
That thing that gives all IT departments headaches. All that helpdesk calls from annoyed users that want to install they’re scanner or printer but the drivers simply don’t install or the user must be a member of the local administrators to do so.
With this in mind, Microsoft since Windows Vista created a very nice way to solve this issue in a very easy setup that really addresses this problem.
It’s called Central Driver Store, and gets you in the control, of that users that want to bring some kind of device to the enterprise that needs a driver and: The users don’t have admin rights to install them or the driver isn’t on the base image.
In other words, amongst other things, this helps your enterprise to get in track with the ‘next big thing’ called IT Consumerization.
Configuring everything right
Setting up the Drive Store
Well, this one is the simplest step. Just find a place where you want to put all the drivers and create a network share. Everyone need to have access to this share so “Everyone” or “Authenticated Users” should have “Read” permission on the share and “Read/Execute” on the folder.
For the purposes of this article, the network share name will be CentralDrivers.
Under the CentralDrivers folder you can create sub-folders that matches the drivers inside them. For example: LAN; Video; Audio; etc. Off course this is just an example and you can setup your share as you want it.
Putting the Drivers in the Central Driver Store
Since Windows Vista Microsoft created a Local Driver Store where the entire drivers packages are located. This can be found at C:\Windows\System32\DriverStore\FileRepository\.
Now, let’s use as an example a scanner driver you want to make available on your Central Driver Store:
- Install the scanner on a clean machine (usually a test machine on lab)
- Navigate to the Local Driver Store
- Here, you’ll find that the drivers aren’t named in a “user friendly” way but just order the folder sorting for modified data and you should easily get the recently installed scanner drivers
- Just copy the “not user friendly” folder to your Central Driver Store and then rename it as you like it most
You now have that scanner drivers available on your Central Driver Store if someone need them.
Making the Client Know About the Central Driver Store
Now that our scanner driver is on the Central Driver Store, we need to setup the client machines so they could have a new place to look for drivers.
Using your “standard deployment software” or a GPO or a startupscript/logonscript, deploy the following registry key, customizing it to match the network share previously created:
Key: HKLM\Software\Microsoft\Windows\CurrentVersion\DevicePath
Value: %SystemRoot%\Inf;\\SERVERNAME\SHARE
Allowing a Standard User to Install a Driver from the Central Driver Store
On a perfect world or a very nice managed enterprise ordinary users shouldn’t be prompted for elevated credentials when installing managed hardware.
To achieve this objective 3 items must be met:
- The driver must be in the Central Driver Store
- The driver setup class must be allowed
- The driver publisher must be trusted
Well, the item 1 it’s done. to meet the item 2 you need to find out the driver setup class.
So, you should do has following:
- Go to the folder of your previously copied driver on the Central Driver Store
- Open the *.inf file with notepad (or other text editor)
- At the top of the file you should fine a line named ClassGUID with a GUID inside brackets like the example below:
ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318} - On a GPO linked to your managed computers navigate to:
Computer Configuration | Administrative Templates | System | Driver Installation - Now, enable the GPO called “Allow non-administrators to install drivers for these device setup classes”
- Click on the “Show” button and past the previously found GUID (just from the start to the end of the brackets) like the example below:
The item 3 should only be necessary if in your test machine where you extract the drivers from the Local Driver Store, you get a message similar to the example below:
If so…you need to:
- Select the option “Always trust software from “DMITest” and press Install
- When the installation finishes go to Start –> Run and execute certmgr.msc
- Navigate to “Trusted Publisher” and the select “Certificates”
- Right click on the certificate (in this example it’s something like DMI Test Team Sound) and export it
This certificate now needs to be deployed on all your computers. An easy way it’s using GPOs.
The End
And finally it’s all done! You can now have a centralized store for all your hardware drivers and they can be automatically installed on all machines when a device it’s connected to a managed computer on your network.
Sunday, July 1, 2012
Remote Monitoring an MDT Deployment
Although I’ve been using MDT for years, incredibly I’ve just put my MDT server available on the network 2 weeks ago!
This happened for the simple reason that over the years our MDT server, and the rest of our lab, was really near our team so…there was no really a need to access the server from my confortable workplace.
Well, but things change…
Starting Monday, we are moving to a new place and our lab it’s going way from us, 1 floor below. So, since the server has two NICs, one was configured to server MDT deployments (giving DHCP, etc,) and the other one to remote access.
Some time ago I saw a great article at The Deployment Guys blog written by Daniel Oxley. He made up an HTA script that gives me now a great flexibility and it’s really a time saver because now that the lab it’s away, I don’t need to go a lot of times to the 1st floor to see if the deployment it’s done.
The script uses a MDT property called EventShare that basically indicates the task sequence where it should write it’s events. In this case, to a UNC share path.
For me the best of this HTA it’s the simplicity to configure and use. It’s really really simple and really, it’s a wonderful time saver for everyone.
Take a look to the script and know more about Daniel Oxley at:
The Deployment Guys - Simple Deployment Monitoring
Saturday, June 30, 2012
The New Microsoft SkyDrive
Today cloud computing it’s not that possible future way of getting things done. Cloud computing it’s nowadays something that a lot of times we use almost without noticing that. We use it by checking our e-mail, when viewing family pictures on Facebook, at work when we share a excel file on our Sharepoint and a lot more.
Maybe one of the last “features” of cloud computing that still needs a little push, specially on enterprises, it’s a cloud based operating system like Microsoft Windows Azure for example.
I think that Microsoft was not at the top line for a long time but this time they woke up on time and are now getting to the top and it’s now discussing the first place with Google.
After a huge revolution with Windows Live Services (special focus to Hotmail) they’ve launched a first version of SkyDrive, a solution that looked a lot to a previous thing called Live Mesh, and put the cloud services as an internal top priority.
This year Microsoft launched the new Microsoft SkyDrive. With Windows 8 coming soon and a lot of cloud based services directly embedded with it, this new SkyDrive it’s really the next step on a technological world without devices barriers.
I believe that this new era that’s knocking our doors it’s Bill Gate’s, and Steve Jobs, vision about the future of IT.
A future without barriers, where we can get access to information anytime and anywhere. Where the important it’s the “magic of software development” and not the device used to get to it.
Now…Let’s finally get going to the new Microsoft SkyDrive.
SkyDrive has now passed from a concept or something that we could access by going to a website, for some kind of installed “agent” that makes really easy the access the information that we have on our “private cloud”.
The top 3 features or concepts are:
- Syncing
The machines with the SkyDrive “agent” installed, we can get them all synced and have automatic access to the latest version of your files wherever you are, whatever device you’re using, including a PC or a MAC. - File Sharing
It’s possible to share photos or even large files with anyone and all they need it’s a browser and and internet connection. - Mobile Access
All photos and files in the SkyDrive folder are automatically available on your phone installing an app or simply using the phone’s browser.
You can fine more info about the present and future of Microsoft’s SkyDrive at:
Microsoft's SkyDrive Home
The Windows Blog - SkyDrive - designing personal cloud storage for billions of people
Tuesday, June 26, 2012
Using Command Shell (CMD) Scripts with MDT
Although command shell it’s not much times used on MDT, that really possible and sometimes this could be useful to someone.
Thinking on this, Michael Murgolo, from “The Deployment Guys” blog wrote an article explaining what can be done with command shell scripts and how to give them the elasticity we have when using a normal command line during a task sequence or a powershell script for example.
Here’s the article, enjoy it:
The Deployment Guys - Using Command Shell Scripts with MDT
Monday, June 25, 2012
How Microsoft Deployment Toolkit (MDT) Does Application Installation
Continuing today on the basics for understating Windows 7 deployment using official Microsoft software, here’s a nice article from the guys at Xtreme Consulting where they explain how applications installation works on MDT.
The article written by Keith Garner explains the good and bads of using MSIs and how MDT translate and look to that kind of installer.
To read the full article:
How MDT does application installation
Deploying Windows 7 - Concepts
This is a little bit old post from TechNet about Microsoft Windows 7 deployment, but I believe it’s always good to remember the principal concepts about the main deployment options being that:
- Media
- Network
- Server
So take a look at this post from Microsoft’s Alan Le Marquand:
Deploying WIndows 7
Sunday, June 17, 2012
Microsoft Touch Mouse – Unboxing by Brandon LeBlanc
Along the last years Microsoft didn’t create a lot of hardware but I’m a real fan of Microsoft Hardware Group since their first natural ergonomic keyboard launched years ago.
Last year Microsoft launched the Touch Mouse. An Windows 7 exclusive mouse that has a touch surf where you can use a combination of 3 fingers at the same time to work with.
Although this is not even near the fantastic Apple Magic Trackpad, it’s a ‘nice to have’ gadget that really can make you work faster.
Microsoft’s Brandon LeBlanc from the Windows Experience Blog received a the mouse and documented the unboxing on the blog.
So take a look at:
Unboxing the Touch Mouse & Announcing the Touch Mouse Artist Edition
Windows Deployment Services – Moving RemoteInstall to another location
For a bunch of reason, like disk space for example, you may need to move your RemoteInstall folder from one location to another.
Since Microsoft Windows 2008 R2, this task is very easy. So, just follow this steps:
- Launch a command prompt with elevated privileges
- Then, run the command: WDSUTIL /uninitialize-server
- Cut and paste your RemoteInstall to the new location (D:\ for example)
- At the command prompt again, run the command: WDSUTIL /Initialize-Server /RemInst: D:\RemoteInstall
Wednesday, May 30, 2012
Windows 7 – User always login with a temporary profile
Sometimes in Windows 7 it may happen for some reason (like accidentally delete a user profile) that a user starts to login with a temporary profile.
If this happens, you may follow this steps to resolve the issue:
- Logon to the machine with the issue with an administrative account
- Open the registry editor (start –> run –> regedit)
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
- Under the ProfileList subkey, search for a SID that end with .bak
Now just restart the machine and everything should be fine.
Administrative shares on Windows 7
This one it’s just a small tip for everyone using a Windows 7 machine on as a standalone machine and not in a domain environment.
In Windows 7 the administrative shares (like C$ or ADMIN$) are still created, but they're not available out of the box for a standalone machine. To activate the administrative shares you need to:
Enable File and Print Sharing
- Open Control Panel
- Go to Network and Internet
- Click on Network and Sharing Center
- In the left column, click on Change Advanced sharing settings
- Here you should have 2 network profiles. On the network profile you want select Turn On under the header File and Print Sharing
I believe you can also achieve this by going to Windows Firewall with Advanced Security and changing the File and Print Sharing rule to enable or allow.
Now…you still need to do a little tweak:
Registry Tweak
- Open the registry editor (start –> run –> regedit)
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
- Right-click on the right pane and create a new DWORD (32bits)
- Give the new DWORD the name LocalAccountTokenFilterPolicy and give it the value 1
Now you just need to restart you machine and your are now able to access the machine administrative shares.
Saturday, May 26, 2012
MDOP - Microsoft BitLocker Administration and Monitoring Overview
Simplifying BitLocker management
BitLocker it’s a feature introduced by Microsoft since Windows Vista as a free alternative to other disk encryption software on the market.
In Windows 7 just the Enterprise and Ultimate flavors of the O.S. has the option to active BitLocker and this happens mainly because it’s the enterprises that use it most.
Although a lot of configurations regarding BitLocker can easily be done using Local/Domain Group Policies there’s a wide lack of options that can just be done directly on a machine.
Also, the task regarding to passwords recoveries, resets, are also a huge problem for everyone except domain administrators on a enterprise environment.
With all this in mind, Microsoft decided to create a new product that unfortunately, I may say, it’s only available through Microsoft Desktop Optimization Pack (MDOP).
As you may know, MDOP it’s only available for enterprises that has a Software Assurance agreement with Microsoft which although has a lot of good things, it’s still a bit expensive in this complicated times we’re living.
Now…about Microsoft BitLocker Administration and Monitoring that I’ll call MBAM from now on, it really is a ‘nice to have’ feature on a corporation.
Well, first things first. One of the best additions to an enterprise using MBAM it’s the ability have a webpage where the Helpdesk Department can go and do most the the work that otherwise could only be accomplished using Active Directory or an MMC, like password recovery, reset TPM, etc.
MBAM Agent
GPO Extensions
- MBAM extends the group policies and adds features to control the MBAM agent installed on the machines.
- One of the nice things is that you can configure the policy in such manner that if there’s a drive that is not encrypted and it should, during boot, a popup appears to the user to encrypt the drive. The encryption in this case can be made using standard user privileges.
Compliance Reports
- Through the Enterprise Compliance Report you can have a view of all the machines on the organization and if they are compliance or not with the defined policy for BitLocker,
- There also a view to a single PC where you can get the information about its compliance with the Bitlocker GPO; the main user of the PC; Manufacturer/Model; and also the last time the computer communicated with the Compliance Server
- It’s also possible to create custom reports the SQL Reporting Services tool
Key Recovery Website
- This is one of my favorite tool in MBAM. You can give the Key Recovery Website to your helpdesk which allows them to give the recovery password to users with no need to have “special permissions” to read from the Active Directory
- After give a recovery key to the user, the MBAM Agent contacts the MBAM server and generates a new recovery key. This enhances the security of Bitlocker because, even if the user writes down the recovery password on a paper and put it on his bag, and the bag gets stolen, that recovery password is no more helpful.
So, this is a really nice tool and a one more good reason to get Microsoft Desktop Optimization Pack (MDOP) in your enterprise.
To learn more about Microsoft Bitlocker Administration and Monitoring take a look at:
Microsoft Desktop Optimization Pack
Monday, May 21, 2012
ReFS – The next generation file system for Windows
First things first. ReFS stands for Resilient File System and it’s the next generation file system for Windows. Like NTFS, this new technology will only be available for the new Server edition of Windows 8 but of course, machines using NTFS will obviously get access to stored data on ReFS.
The main goals of the new FS are:
- Maintain a high degree of compatibility with a subset of NTFS features that are widely adopted while deprecating others that provide limited value at the cost of system complexity and footprint
- Verify and auto-correct data. Data can get corrupted due to a number of reasons and therefore must be verified and, when possible corrected automatically. Metadata must not be written in place to avoid the possibility of “torn writes”.
- Optimize for extreme scale. Use scalable structures for everything. Don’t assume that disk-checking algorithms, in particular, can scale to the size of the entire file system.
- Never take the file system offline. Assume that in the event of corruptions, it is advantageous to isolate the fault while allowing access to the rest of the volume. This is done while salvaging the maximum amount of data possible, all done live.
- Provide a full end-to-end resiliency architecture when used in conjunction with the Storage Spaces feature, which was co-designed and built in conjunction with ReFS.
The key features of ReFS are the following (some with conjunction with Storage Spaces)
- Metadata integrity with checksums
- Integrity streams providing optional user data integrity
- Allocate on write transactional model for robust disk updates
- Large volume, file and directory sizes
- Storage pooling and virtualization makes file system creation and management easy
- Data striping for performance (bandwidth can be managed) and redundancy for fault tolerance
- Disk scrubbing for protection against latent disk errors
- Resiliency to corruptions with “salvage” for maximum volume availability in all cases
- Shared storage pools across machines for additional failure tolerance and load balancing
ReFS, of course, also inherits a lot of features from NTFS and you can get a lot more info about this new file system directly from Building Windows 8 blog:
Building the next generation file system for Windows: ReFS
Tuesday, May 15, 2012
Windows 8 – All Editions Announced!
Back in April, Microsoft has finally announced all the Windows 8 flavors that we’ll have available next year and their targets.
First of all, like stated by Brandon LeBlanc on the “more-or-less” official Microsoft’s blog “Blogging Windows”, the official product name for the next operating system will in fact be…Windows 8!
So, the next-gen O.S. will have 3 versions:
.: Windows 8
.: Windows 8 Pro
.: Windows RT
Windows 8
This should be the most used version worldwide.It’s the base version but it should have plenty of features like the new Windows Explorer, Task Manager and a better multi-monitor support.
Windows 8 Pro
Windows 8 Pro can be called the “geek” or the “professional/enterprise” flavor of Windows 8.
It will include all the Windows 8 features, plus encryption (assumedly Bitlocker), virtualization features (Hyper-V), PC management and domain connectivity.
Reasonably Windows Media Center should be available for Windows 8 Pro has an media-pack add-on that will be available for download on Windows Store.
Windows RT
Windows RT it’s the ‘new kid on the block’. Windows 8 (RT) will be the first version of Microsoft’s well succeeded O.S. to run on ARM or WOA architecture. This version will only be available on pre-installed PCs and, most commonly, on tablets/slates with ARM processors. It will be optimized for the touch experience for the new Microsoft Office Suite to come.´
The chart bellow shows the features available for the different versions:
Feature name | Windows 8 | Windows 8 Pro | Windows RT |
Upgrades from Windows 7 Starter, Home Basic, Home Premium | x | x | |
Upgrades from Windows 7 Professional, Ultimate | x | ||
Start screen, Semantic Zoom, Live Tiles | x | x | x |
Windows Store | x | x | x |
Apps (Mail, Calendar, People, Messaging, Photos, SkyDrive, Reader, Music, Video) | x | x | x |
Microsoft Office (Word, Excel, PowerPoint, OneNote) | x | ||
Internet Explorer 10 | x | x | x |
Device encryption | x | ||
Connected standby | x | x | x |
Microsoft account | x | x | x |
Desktop | x | x | x |
Installation of x86/64 and desktop software | x | x | |
Updated Windows Explorer | x | x | x |
Windows Defender | x | x | x |
SmartScreen | x | x | x |
Windows Update | x | x | x |
Enhanced Task Manager | x | x | x |
Switch languages on the fly (Language Packs) | x | x | x |
Better multiple monitor support | x | x | x |
Storage Spaces | x | x | |
Windows Media Player | x | x | |
Exchange ActiveSync | x | x | x |
File history | x | x | x |
ISO / VHD mount | x | x | x |
Mobile broadband features | x | x | x |
Picture password | x | x | x |
Play To | x | x | x |
Remote Desktop (client) | x | x | x |
Reset and refresh your PC | x | x | x |
Snap | x | x | x |
Touch and Thumb keyboard | x | x | x |
Trusted boot | x | x | x |
VPN client | x | x | x |
BitLocker and BitLocker To Go | x | ||
Boot from VHD | x | ||
Client Hyper-V | x | ||
Domain Join | x | ||
Encrypting File System | x | ||
Group Policy | x | ||
Remote Desktop (host) | x |
|