The Deployment Bunny

Just because it is possible – Converged Hypervisor with Storage Spaces Direct on HP ProLiant Microserver

Posted by Mikael Nystrom on September 27, 2016

Earlier today at Microsoft Ignite, Microsoft announced Windows Server 2016 (see earlier posts). I was curies to see if it was possible to install Windows Server 2016 Datacenter, using Hyper-V and Storage Spaces direct to build an Converged Hypervisor based solution on 2 HP ProLiant Microservers and it did work. It is not usably in reality, since the servers are not suitable as Converged Hypervisors, but it works, and it is so fun to play with.

Storage Spaces Direct in Server Manager.

The Enclosure View from Failover-Cluster manager.

The highly available virtual machine in the converged hypervisor cluster

/mike

Posted in Storage Spaces, Windows Server 2016 | Tagged: Storage Spaces, Windows Server 2016 | Leave a Comment »

Nice to Know – Free Windows Server 2016 Datacenter licenses for retired “vSphare hosts”

Posted by Mikael Nystrom on September 26, 2016

Microsoft is really trying to get customers to give up on VMWare. If you change from VMware to Hyper-V your Windows Server 2016 Datacenter licenses are for free. But as always, you need to read all the fine print.

/mike

Posted in Windows Server 2016 | Tagged: Windows Server 2016 | 2 Comments »

Nice to know -System Center 2016 is GA – Download Evaluation

Posted by Mikael Nystrom on September 26, 2016

Today at Microsoft Ignite System Center 2016 was announced. You can download it here to start the evaluation process.

https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-2016

/mike

Posted in System Center 2016 | Tagged: System Center 2016 | Leave a Comment »

Nice to Know – The Ultimate Guide to Windows Server 2016

Posted by Mikael Nystrom on September 26, 2016

If you want to know more about Windows Server 2016, Microsoft has created a eBook as .pdf that you can download.

Go to https://info.microsoft.com/TheUltimateGuideToWindowsServer2016.html and fill out the form, download and learn.

There is also an other e-book that you can download from here: https://blogs.msdn.microsoft.com/microsoft_press/2016/09/26/free-ebook-introducing-windows-server-2016/

and here is the What’s New in Windows Server 2016, it has not been updated today so it still points to TP5 https://technet.microsoft.com/windows-server-docs/get-started/what-s-new-in-windows-server-2016-technical-preview-5

/mike

Posted in Windows Server 2016 | Tagged: Windows Server 2016 | 2 Comments »

Nice to know – Windows Server 2016 is GA – Download Evaluation

Posted by Mikael Nystrom on September 26, 2016

Today at Microsoft Ignite Windows Server 2016 was announced. You can download it here to start the evaluation process.

https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016

/mike

Posted in Windows Server 2016 | Tagged: Windows Server 2016 | Leave a Comment »

OSD – BIOS upgrade during OS Deployment in MDT/ConfigMgr (v3)

Posted by Mikael Nystrom on July 20, 2016

This is the third version of the script solution; it is very simple. You detect make/model in any way you would like to, create a rule based on BIOS version, if the rule match, nothing happens, otherwise it runs any command you want. That said, you could use this for other task as well. Most common question is “does it work with any Make/Model”`No, there are some vendors that does not provide the ability to run a BIOS upgrade silently without reboot without control, that is, the darn thing reboots immediately and that usually breaks the Task Sequence. I have one thing for those vendors to say “Shame on you!”

here are older posts on the subject

https://deploymentbunny.com/2011/05/20/step-by-step-upgrading-bios-during-litetouch-deployment-for-dell-hewlett-packard-and-lenovo/

https://deploymentbunny.com/2013/12/16/step-by-step-upgrading-bios-during-litetouchzerotouch-deployment-for-dell-hewlett-packard-and-lenovo-v2/

Detect the Model

The detection in the script is actually whatever you want, it is just a “If-then” here are two sample lines detection that you will find in the script

if($((Get-WmiObject Win32_ComputerSystem).model) -eq 'HP EliteBook 8560w'){}
if($ModelAlias -eq 'HP EliteBook 8460p'){}

Use the detection method for each model you like, very simple

Detect the BIOS version

This is also not that hard, here are 2 sample lines from the script

if($((Get-WmiObject Win32_Bios).SMBIOSBIOSVersion) -ne '68SCF Ver. F.63'){}
if($((Get-WmiObject Win32_Bios).SMBIOSBIOSVersion) -ne '786G1 v01.27'){}

Store the upgrade files

The upgrade files are stored with the model name, like this:

The Silent Command

You also need to figure out the command, not really hard, download the bios upgrade, read how to run it from a command line, update the script and you are done, here is a sample of one of those sections.

$Exe = 'hpqflash.exe'
$Location = "$SCRIPTDIR\Source\HP EliteBook 8460p"
$Executable = $Location + "\" + $exe
Set-Location -Path $Location
Invoke-Exe -Executable "$Executable" -Arguments "/s /f 68SCE.CAB" –Verbose

Run the script

in MDT you can import the folder with the script as a application and set this as the command line:

PowerShell.exe -ExecutionPolicy Bypass -File Install-BIOSUpgrade.ps1

In ConfigMgr you can import this as a Package and then run the command line the same way

It is also possible to run this outside of a task sequence if you like, it works as a stand alone script, however, you cannot use the integration with MDT of course.

If you want it is possible to add a custom property in customsettings.ini, something like “NeedReboot”, then you can add the following to happen if the BIOS has been upgraded

$tsenv.Value(“NeedReboot”) = “YES”

If you then in the step after this, set a condition on a reboot step, well then it will reboot when needed, otherwise not, you can read about that in one of my old postings here

https://deploymentbunny.com/2013/12/16/step-by-step-upgrading-bios-during-litetouchzerotouch-deployment-for-dell-hewlett-packard-and-lenovo-v2/

The result

It was needed.

It was not needed.

The Script


Function Import-SMSTSENV{
    try
    {
        $tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
        Write-Output "$ScriptName - tsenv is $tsenv "
        $MDTIntegration = "YES"
        
        #$tsenv.GetVariables() | % { Write-Output "$ScriptName - $_ = $($tsenv.Value($_))" }
    }
    catch
    {
        Write-Output "$ScriptName - Unable to load Microsoft.SMS.TSEnvironment"
        Write-Output "$ScriptName - Running in standalonemode"
        $MDTIntegration = "NO"
    }
    Finally
    {
    if ($MDTIntegration -eq "YES"){
        $Logpath = $tsenv.Value("LogPath")
        $LogFile = $Logpath + "\" + "$ScriptName.log"

    }
    Else{
        $Logpath = $env:TEMP
        $LogFile = $Logpath + "\" + "$ScriptName.log"
    }
    }
}
Function Start-Logging{
    start-transcript -path $LogFile -Force
}
Function Stop-Logging{
    Stop-Transcript
}
Function Invoke-Exe{
    [CmdletBinding(SupportsShouldProcess=$true)]
 
    param(
        [parameter(mandatory=$true,position=0)]
        [ValidateNotNullOrEmpty()]
        [string]
        $Executable,
 
        [parameter(mandatory=$false,position=1)]
        [string]
        $Arguments
    )
 
    if($Arguments -eq "")
    {
        Write-Verbose "Running $ReturnFromEXE = Start-Process -FilePath $Executable -ArgumentList $Arguments -NoNewWindow -Wait -Passthru"
        $ReturnFromEXE = Start-Process -FilePath $Executable -NoNewWindow -Wait -Passthru
    }else{
        Write-Verbose "Running $ReturnFromEXE = Start-Process -FilePath $Executable -ArgumentList $Arguments -NoNewWindow -Wait -Passthru"
        $ReturnFromEXE = Start-Process -FilePath $Executable -ArgumentList $Arguments -NoNewWindow -Wait -Passthru
    }
    Write-Verbose "Returncode is $($ReturnFromEXE.ExitCode)"
    Return $ReturnFromEXE.ExitCode
}

# Set vars
$SCRIPTDIR = split-path -parent $MyInvocation.MyCommand.Path
$SCRIPTNAME = split-path -leaf $MyInvocation.MyCommand.Path
$SOURCEROOT = "$SCRIPTDIR\Source"
$SettingsFile = $SCRIPTDIR + "\" + $SettingsName
$LANG = (Get-Culture).Name
$OSV = $Null
$ARCHITECTURE = $env:PROCESSOR_ARCHITECTURE

#Try to Import SMSTSEnv
. Import-SMSTSENV

# Set more vars
$Make = $tsenv.Value("Make")
$Model = $tsenv.Value("Model")
$ModelAlias = $tsenv.Value("ModelAlias")
$MakeAlias = $tsenv.Value("MakeAlias")

#Start Transcript Logging
. Start-Logging

#Output base info
Write-Output ""
Write-Output "$ScriptName - ScriptDir: $ScriptDir"
Write-Output "$ScriptName - SourceRoot: $SOURCEROOT"
Write-Output "$ScriptName - ScriptName: $ScriptName"
Write-Output "$ScriptName - Current Culture: $LANG"
Write-Output "$ScriptName - Integration with MDT(LTI/ZTI): $MDTIntegration"
Write-Output "$ScriptName - Log: $LogFile"
Write-Output "$ScriptName - Model (win32_computersystem): $((Get-WmiObject Win32_ComputerSystem).model)"
Write-Output "$ScriptName - Name (Win32_ComputerSystemProduct): $((Get-WmiObject Win32_ComputerSystemProduct).Name)"
Write-Output "$ScriptName - Version (Win32_ComputerSystemProduct): $((Get-WmiObject Win32_ComputerSystemProduct).Version)"
Write-Output "$ScriptName - Model (from TSENV): $Model"
Write-Output "$ScriptName - ModelAlias (from TSENV): $ModelAlias"

#Check Model
if($((Get-WmiObject Win32_ComputerSystem).model) -eq 'HP EliteBook 8560w'){
    Write-Output "Model is $((Get-WmiObject Win32_ComputerSystem).model)"
    Write-Output "Checking BIOS Version"
    Write-Output "Version is $((Get-WmiObject Win32_Bios).SMBIOSBIOSVersion)"
    if($((Get-WmiObject Win32_Bios).SMBIOSBIOSVersion) -ne '68SVD Ver. F.50'){
        Write-Output "Needs upgrade"
        $Exe = 'hpqflash.exe'
        $Location = "$SCRIPTDIR\Source\HP EliteBook 8560w"
        $Executable = $Location + "\" + $exe
        Set-Location -Path $Location
        Invoke-Exe -Executable "$Executable" -Arguments "/s /p LCadmin1.bin" -Verbose
    }
    else
    {
        Write-Output "No Need to upgrade"
    }
}
if($((Get-WmiObject Win32_ComputerSystem).model) -eq 'HP ProBook 6570b'){
    Write-Output "Model is $((Get-WmiObject Win32_ComputerSystem).model)"
    Write-Output "Checking BIOS Version"
    Write-Output "Version is $((Get-WmiObject Win32_Bios).SMBIOSBIOSVersion)"
    if($((Get-WmiObject Win32_Bios).SMBIOSBIOSVersion) -Like '*ICE*'){
        if($((Get-WmiObject Win32_Bios).SMBIOSBIOSVersion) -ne '68ICE Ver. F.62'){
            Write-Output "Needs upgrade"
            $Exe = 'hpqflash.exe'
            $Location = "$SCRIPTDIR\Source\HP ProBook 6570b"
            $Executable = $Location + "\" + $exe
            Set-Location -Path $Location
            Invoke-Exe -Executable "$Executable" -Arguments "/s /f 68ICE.cab" -Verbose
        }
        else
        {
            Write-Output "No Need to upgrade"
        }
    }
    if($((Get-WmiObject Win32_Bios).SMBIOSBIOSVersion) -Like '*ICF*'){
        if($((Get-WmiObject Win32_Bios).SMBIOSBIOSVersion) -ne '68ICF Ver. F.62'){
            Write-Output "Needs upgrade"
            $Exe = 'hpqflash.exe'
            $Location = "$SCRIPTDIR\Source\HP ProBook 6570b"
            $Executable = $Location + "\" + $exe
            Set-Location -Path $Location
            Invoke-Exe -Executable "$Executable" -Arguments "/s /f 68ICF.cab" -Verbose
        }
        else
        {
            Write-Output "No Need to upgrade"
        }
    }
}
if($ModelAlias -eq 'HP EliteBook 8460p'){
    Write-Output "Model is $((Get-WmiObject Win32_ComputerSystem).model)"
    Write-Output "Checking BIOS Version"
    Write-Output "Version is $((Get-WmiObject Win32_Bios).SMBIOSBIOSVersion)"
    if($((Get-WmiObject Win32_Bios).SMBIOSBIOSVersion) -Like '*SCF*'){
        if($((Get-WmiObject Win32_Bios).SMBIOSBIOSVersion) -ne '68SCF Ver. F.63'){
            Write-Output "Needs upgrade"
            $Exe = 'hpqflash.exe'
            $Location = "$SCRIPTDIR\Source\HP EliteBook 8460p"
            $Executable = $Location + "\" + $exe
            Set-Location -Path $Location
            Invoke-Exe -Executable "$Executable" -Arguments "/s /f 68SCF.CAB" -Verbose
            }
        else
            {
            Write-Output "No Need to upgrade"
        }
    }
    if($((Get-WmiObject Win32_Bios).SMBIOSBIOSVersion) -Like '*SCE*'){
        if($((Get-WmiObject Win32_Bios).SMBIOSBIOSVersion) -ne '68SCE Ver. F.63'){
            Write-Output "Needs upgrade"
            $Exe = 'hpqflash.exe'
            $Location = "$SCRIPTDIR\Source\HP EliteBook 8460p"
            $Executable = $Location + "\" + $exe
            Set-Location -Path $Location
            Invoke-Exe -Executable "$Executable" -Arguments "/s /f 68SCE.CAB" -Verbose
            }
        else
            {
            Write-Output "No Need to upgrade"
        }
    }
}
if($((Get-WmiObject Win32_ComputerSystem).model) -eq 'HP Compaq dc7900 Small Form Factor'){
    Write-Output "Model is $((Get-WmiObject Win32_ComputerSystem).model)"
    Write-Output "Checking BIOS Version"
    Write-Output "Version is $((Get-WmiObject Win32_Bios).SMBIOSBIOSVersion)"
    if($((Get-WmiObject Win32_Bios).SMBIOSBIOSVersion) -ne '786G1 v01.27'){
        Write-Output "Needs upgrade"
        $Exe = 'hpqflash.exe'
        $Location = "$SCRIPTDIR\Source\HP Compaq dc7900 Small Form Factor\HPQFlash"
        $Executable = $Location + "\" + $exe
        $SourceFile = $Location + "\" + "Password01.bin"
        $Destination = $env:TEMP
        $DestinationFile = $Destination + "\" + "Password01.bin"
        Copy-Item -Path $SourceFile -Destination $DestinationFile -Force -Verbose 
        Set-Location -Path $Location
        Invoke-Exe -Executable $Executable -Arguments "/s /p $DestinationFile"
    }
    else
    {
        Write-Output "No Need to upgrade"
    }
}

#Stop Logging
. Stop-Logging

/mike

Posted in BIOS, ConfigMgr, MDT, OS Deployment, OSD, PowerShell | Tagged: BIOS, ConfigMgr, MDT, OS Deployment, OSD, PowerShell | 3 Comments »

Just for fun–Converting a Laptop to a Tablet

Posted by Mikael Nystrom on July 12, 2016

very long time ago I did a teaser for a event, it was a joke on how to convert a Laptop computer into a Tablet PC. It turns out that for some reason a lot of people are searching for that video on my blog (I have no idea why), but here it is.

Understand that this “might” render the functionality of the computer… In other words, don’t do this…

/mike

Posted in Fun | Tagged: Fun | Leave a Comment »

OSD–Customizing Images and deployment, think about that for a second

Posted by Mikael Nystrom on July 12, 2016

This is one of those blogposts that tries to answer lost of question and and the same time create new questions, but I get a lot of questions regarding the topic of “Image Customization”, and mainly about how-to, but

Why?

Before you even consider doing this, you need to understand why. The reason “we have always done that” is not really a great answer. There are basically to kinds of devices. The device is either going to be used as a “normal” computer by a user or it is a “thing” or in other words a task-oriented computer, like a teller machine, a kiosk machine. The later type needs heavy modifications to be adjusted, but spending the same effort a a regular computer is just waste of time.

But my users are idiots?

No, they are not. There will always be a few percent that don’t want to learn or actually have a hard time figuring out how to perform certain operations. But modifying every car on the planet so that every person can drive them is not really a smart thing, if a few percent of the org cannot select to add an application from ConfigMgr, why would you make it impossible for others do to so. Help them few percent that cannot do it and ask yourself the following?

– Do you reimage the phone for them?

– Do you reimage the TV set for them?

– Do you reimage the car stereo for them?

Windows 10 is different in more ways you can imagine

First, the operating system is “serviced”, that means that you will receive a new version approximately 2 times every year and that will be a upgrade, meaning it will fall back to the same apps you spent so many hours to remove, so that was just a waste of time.

Windows 10 will stick around for a while and it will not change much over the next 9 years (I’ll guess), so it is better that users learn it, they will have it at home and having a look and feel that is similar make sense for most users, but by trying to make Windows 10 look like Windows 7 does not really help people, it just prolong the learning that they need.

If you need to redo the work every time there is a new version, you will spend the rest of the Windows 10 era to find new ways to do these modifications, since the solution that worked in one version most likely will be broken in the next, we can see that happen over and over again.

My users should not be able to run “that”

Ok, so you want to remove the Xbox application, because? What is the danger? What could possible happen. Users are usually afraid of everything, so they don’t click at all when they have no idea what it is, and even if they do, running the Xbox app does not really do any harm. There are Security Baseline Policy’s that include the possibility to turn of many of those settings (not all) but this one will fix a lot of those “consumer” things.

“Enabled "Turn off Microsoft consumer experiences," – https://blogs.technet.microsoft.com/secguide/2016/01/22/security-baseline-for-windows-10-v1511-threshold-2-final/

Maybe there are other tasks that are more important then to make sure that it “looks” like Windows 7?

There are a lot of new security features that are very important, maybe it is better to think of a way to shift from BIOS to UEFI. That makes it possible to take advantage of many things, like Secure Boot and one of the most important features in Windows 10, Credential Guard.

Supported?

If you really want to do image-hacking, maybe you should consider if it is supported. Just because you can make it work today, it might render the possibility to deploy upgrades and updates when the next version comes around?

Yes, I do lost of modifications!

But I also have a long conversation with the customer before we go ahead and do it, i always check with friends inside Microsoft to see if it is kind of “ok”, before we do that.

What could be ok?

That is kind of easy, everything you can modify using GPO, GPP’s is usually perfectly fine to do, in most cases using PowerShell is also fine.

What I’m really try to say is

Think for a while, is that really, REALLY needed? or is it just “something we have always done”

Where can i find Information about this stuff?

https://blogs.technet.microsoft.com/secguide/2016/01/22/security-baseline-for-windows-10-v1511-threshold-2-final/

https://blogs.technet.microsoft.com/mniehaus/2015/12/31/updated-remove-apps-script-and-a-workaround/

http://ccmexec.com/

https://blogs.technet.microsoft.com/deploymentguys/

http://garytown.com/

/mike

Posted in OSD | Tagged: OSD | 7 Comments »

PowerShell is King – Getting a massive amount of hotfixes from the Windows Update Site

Posted by Mikael Nystrom on June 30, 2016

Working for a customer in Norway, I received a list of “hotfixes” that needs to be downloaded and imported into WSUS for distribution, number of patches was 90. I have not found any great way to automate download from the Update Catalog into WSUS (there must be). So the here is the ugly version:

The ugly PowerShell script that starts Internet Explorer and add every patch to a separate tab

$Urls = Get-Content -Path C:\Temp\hotfixes.txt

$TabSettings = 0x1000;
$ie = New-Object -ComObject InternetExplorer.Application
$ie.Navigate2("http://www.microsoft.com");
foreach($Url in $Urls){
$ie.Navigate2("$Url", $TabSettings);
}
$ie.Visible = $true;

The content of hotfixes.txt

Posted in PowerShell | Tagged: PowerShell | Leave a Comment »

PowerShell is King – Simple function to test a VMSwitch is present

Posted by Mikael Nystrom on May 27, 2016

When building VM’s, they are usually connected to a Hyper-V switch, so when working for a customer I suddenly needed to verify that the switch actually exists before building the VM. One way to solve this is of course to use Get-VMSwitch –Name, but if it cant find it, it blows up and turns red and angry, the other way is to use “Count”, that way I can return whatever I need, in this case I Return True or False.

Usage:

Create a .psm1 file, copy the content, paste into the file, save the file and use the Import-Module function. After that you can test it by running commands similar to this.

Using the function to test a VMswitch is present on the local machine.

The Function:

Function Test-FAVMSwitchexistence
{
    Param(
        [string]$VMSwitchname
    )
        $Item = (Get-VMSwitch | Where-Object -Property Name -EQ -Value $VMSwitchname).count
        If($Item -eq '1'){Return $true}else{Return $false}
}

Mike

Posted in Hyper-V, PowerShell | Tagged: Hyper-V, PowerShell | Leave a Comment »

« Previous Entries

The Deployment Bunny

OS Deployment, Virtualization, Microsoft based Infrastructure…

Me On Twitter

about.me

about.me/mikaelnystrom

Archives

Blogroll

Meta

Just because it is possible – Converged Hypervisor with Storage Spaces Direct on HP ProLiant Microserver

Nice to Know – Free Windows Server 2016 Datacenter licenses for retired “vSphare hosts”

Nice to know -System Center 2016 is GA – Download Evaluation

Nice to Know – The Ultimate Guide to Windows Server 2016

Nice to know – Windows Server 2016 is GA – Download Evaluation

OSD – BIOS upgrade during OS Deployment in MDT/ConfigMgr (v3)

Detect the BIOS version

Store the upgrade files

The Silent Command

Run the script

The result

Just for fun–Converting a Laptop to a Tablet

OSD–Customizing Images and deployment, think about that for a second

Why?

But my users are idiots?

Windows 10 is different in more ways you can imagine

My users should not be able to run “that”

Maybe there are other tasks that are more important then to make sure that it “looks” like Windows 7?

Supported?

Yes, I do lost of modifications!

What could be ok?

What I’m really try to say is

Where can i find Information about this stuff?

PowerShell is King – Getting a massive amount of hotfixes from the Windows Update Site

The ugly PowerShell script that starts Internet Explorer and add every patch to a separate tab

The content of hotfixes.txt

PowerShell is King – Simple function to test a VMSwitch is present