The Deployment Bunny

OS Deployment, Virtualization, Microsoft based Infrastructure…

  • Archives

  • Meta

PowerShell is King – Test-NetConnection is annoying, gives me warnings, I don’t want that

Posted by Mikael Nystrom on December 7, 2017

During a conversation someone told me that Test-NetConnection is kind of annoying when scanning for systems and some of them are not online, or missing from DNS or something like that. And that is true, it doesn’t matter if you sending the result down the pipeline, but it does show up in the warning stream.

The annoying way

In the first sample we run Test-NetConnection using the following

$Computers = "SRVDC01","SRVDC02","SRVDC03","SRVHOST301"
$result = foreach($Computer in $Computers){
    Test-NetConnection -ComputerName $Computer -CommonTCPPort SMB
}
$result

And here is the output, note the warning stream that shows up

image`

The non annoying way

In the second sample we run Test-NetConnection using the following

$Computers = "SRVDC01","SRVDC02","SRVDC03","SRVHOST301"
$result = foreach($Computer in $Computers){
    Test-NetConnection -ComputerName $Computer -CommonTCPPort SMB -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
}
$result

And here is the output

image

/mike

Posted in Uncategorized | Leave a Comment »

Nice to Know – Mass upgrading Windows 10 Using PowerShell

Posted by Mikael Nystrom on December 5, 2017

Someone asked med a while back

– Is it possible to upgrade our Windows 7,8,8.1 and unsupported Windows 10 machines to a supported version of Windows 10 without a deployment solution?

….(thinking)

– You mean without running around to all machines?

….(Thinking)

– Yes, it is possible

Before explaining how that can be done, let’s be clear, if you have ConfigMgr or Microsoft Deployment Toolkit, that is far better then doing it this way, but you could be in a situation when that is not an option but you still need to achieve the same goal, upgrade to a supported version of Windows 10. (I’ll write another post on how to combine the scripts here with MDT)

Overview:

Assuming you have a licensed version of Windows 10, the Windows 10 Media, a network and access to all the computers over the network it will be possible to push out an upgrade. This method also works if you are running an older version of Windows 10 and would like to upgrade to a never version of Windows 10. The way to do this is rather easy, we basically need to perform the following steps:

– Enable remote access for PowerShell

– Copy the media down to the computer

– Run a compatibility scan to verify that we can upgrade

– Upgrade

Create a CSV file for computers that should be upgraded:

First of all we need to create a .CSV file with the computers that should be upgraded, the file contains the 3 servers I would like to upgrade to Windows 10.

image
Content of computers.txt

Store the file in your computer, in my case I stored it in D:\Upgrade2w10\Computers.txt

Enable remote access for PowerShell:

We need to access the computers using Remote PowerShell and therefor we need to enable that. This can be done using various method and one easy/weird/fun way to to that is to use WMI. The script below will connect using WMI and execute two commands on each server:

The following PowerShell script enables WinRM (Remote Access) and Remote PowerShell.

image
Content of Invoke-ComputerPrep.ps1

The result after running the script is this:

image

Copy the media down to the computer:

Now when we have access to all the machine, we can copy the media down to each machine and we will do that in a reversed way. We will create a scheduled task on each Windows 7 machine and the scheduled task will then download the content to the local hard drive. You need to edit the settings in this file to match your environment.

image
Content of Invoke-ImageDownload.ps1

Here is how it looks when you run the script:

image

Run a compatibility scan to verify that we can upgrade:

Ok, so we have the Windows 10 image in the C:\Source folder of each computer, now lets run the Compat Scan.

The script will connect to each computer, create a plain vanilla .BAT file and then we will remotely execute that:

image

And here is the result, as you can see all, none of the machines had any issues.

image

Upgrade:

Ok, so the final step. The only thing we need to do is fire up the install program, and for that we use PsExec, it’s old but works for this kind of work.

The script will connect to each machine, create a .BAT file and then we let PSExec execute it.

image
Content of Invoke-ComputerUpgrade.ps1

Here is the result of running that, as you can see all (you can only see Win-01) of the machines is returning a success (return code 0)

image

Ok, so, what next, well, since the return code was 0, lets restart them…

image

The scripts can be downloaded here: https://github.com/DeploymentBunny/Files/tree/master/Tools/MassUpgradeWindows10

/mike

Posted in OS Deployment, OSD, Windows 10 | Tagged: , , | Leave a Comment »

The October 2017 Update – “Inaccessible Boot Device”

Posted by Mikael Nystrom on October 11, 2017

Also known as:

KB4041676 -  https://support.microsoft.com/en-us/help/4041676

KB4041691 – https://support.microsoft.com/en-us/help/4041691

KB4000824 https://support.microsoft.com/en-us/help/4000824

Affected systems:

This only affects systems that are managed trough WSUS and the patches was approved at the same time as the “delta” updates also was approved. Those updates was never intended to show up in WSUS, they should be deleted/Declined. You should NEVER have Delta updates in WSUS. It was a “woops” somewhere. But if they were approved, and distributed, and download, and installed at the SAME time as the full patch, then you are affected

image
These should be declined, and they should be gone at the next sync.

Result:

After installing the update and reboot, the pc will not boot, instead it gives you ”Inaccessible Boot Device”

Official Solution:

Currently the official solution is to contact Microsoft Support, but it is possible to use DISM.exe or PowerShell to remove the updates or reverse back a folder name.

read about the issue here (from Microsoft) https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/monthly-delta-update-isv-support-without-wsus

image
Information regarding the Delta’s from Microsoft in a forum.

The Quick fix Solution:

A very nice MVP manage to figure out how to remove all the updates using DISM, and yes, it does work like a charm!

(update: If this is a VM, you might need to add more memory. We have found that you need at least 3GB of RAM for WinPE to use larger scratch space.)

https://blog.workinghardinit.work/2017/10/11/quick-fix-publish-vm-wont-boot-after-october-2017-updates-for-windows-server-2016-and-windows-10-kb4041691/

Other ways to fix it is:

The idea is to rename the WindowsApps folder and that seems to work for some

image

https://marc.info/?l=patchmanagement&m=150007672922185&w=2

/mike

Posted in Windows 10, Windows Server 2016 | Tagged: , | 29 Comments »

OSD – Adding Description to the WIM file during Build and Capture

Posted by Mikael Nystrom on October 10, 2017

The default capture function in MDT does not add any description. It is not needed, but can be added by modifying ZTIBackup.wsf. In this case I added the Task Sequence Name, but you can add other things as will, like Task Sequence Description or Task Sequence version. I did this at a demo at Microsoft Ignite last week but I did not post it at that time, so here it is.

The Session from Ignite is here if you would like to see it: https://www.youtube.com/watch?v=H9HGSVEaqQk

The how:

Modifying the Script

Take a copy of ZTIBackup.wsf, open it in your favorite VBscript editor and look for this section:

image

At line 436 you will see this:

sCmd = " /Capture-Image /CaptureDir:" & oDrive.Path & "  /ImageFile:""" & sBackupPath & """  /Name:""" & sPrefix & Left(oDrive.Path, 1) & "Drive"" /Compress:MAX /ConfigFile:""" & sWimScriptPath & """ /ScratchDir:""" & oUtility.LocalRootPath & "\Scratch"""

Change that to:

sCmd = " /Capture-Image /Description:""" & oEnvironment.Item("TaskSequenceName") & """ /CaptureDir:" & oDrive.Path & "  /ImageFile:""" & sBackupPath & """  /Name:""" & sPrefix & Left(oDrive.Path, 1) & "Drive"" /Compress:MAX /ConfigFile:""" & sWimScriptPath & """ /ScratchDir:""" & oUtility.LocalRootPath & "\Scratch"""

(The yellow text shows the modification)

The result:

Using Get-WindowsImage will show you that the description is now set to the Task Sequence name:

image

If you import the WIM file into ConfigMgr you will also see the description set as well as the Comment:

image

/Mike

Posted in ConfigMgr, Ignite, MDT, OS Deployment, OSD | Tagged: , , , , | 1 Comment »

Event – TrueSec Infrastructure Summit 21 of June–summer 2016

Posted by Mikael Nystrom on May 24, 2017

(Note: This event is held in the Swedish Language)

Vi har nu kört Windows Server 2016 och Windows 10 under lång tid och vi har samlat på oss så mycket erfarenhet, en del fantastiska upptäckter, en del mindre lustiga. Vi tror att du vill veta det här, så att du kan undvika “slukhålen” som vi själva har trillat ner i. Det här gäller så klart både på klientsidan där vi trodde att man skulle få helt andra problem än vad man verkligen fick, samma sak på datacenter sidan, det blev inte riktigt som vi trodde. Så vi har samlat ihop gänget som är där ute och jobbar och sliter varje dag och kör en heldag på Rival i Stockholm. Kan du inte komma dit, kan du sitta hemma i soffan och njuta ändå, vi kör ju med LiveStream. Så, ta genvägen till erfarenhet, och häng med oss på Rival, Stockholm!

TrueSec Infrastructure Summit, Stockholm, Sweden June 21 http://events.truesec.se/Event/Infrastructure_Summit_2017/Start

image

/mike

Posted in Event | Tagged: | Leave a Comment »

OSD – Workaround for ADK issue in 1703

Posted by Mikael Nystrom on May 16, 2017

The issue in ADK 1703 is that you cannot mount a WIM file in MDT/ConfigMgr, due to a signing issue with the WIM Mount Driver when running a system with UEFI and Secure Boot.

Workaround:

Michael Niehaus did found a workaround today, and that is to use the existing WIM mount driver that is already in the system.

https://blogs.technet.microsoft.com/mniehaus/2017/05/16/quick-workaround-for-adk-1703-issue/

image

/mike

Posted in ADK, Windows 10 | Tagged: , | Leave a Comment »

PowerShell is King – A Data Deduplication script that runs the Optimization,Garbage Collection and Scrubbing in a single sweep, including progress

Posted by Mikael Nystrom on April 28, 2017

I use Windows Server 2016 on all my lab machines, therefore I also use Data Deduplication to save space. But I don’t run it in the background, i run it basically when I need space.

The PowerShell script. (https://github.com/DeploymentBunny/Files/tree/master/Tools/Start-VIADeDupJob)


Function Wait-VIADedupJob
{
while ((Get-DedupJob).count -ne 0 )
{
Get-DedupJob
Start-Sleep -Seconds 30
}
}

foreach($item in Get-DedupVolume){
Wait-VIADedupJob
$item | Start-DedupJob -Type Optimization -Priority High -Memory 80
Wait-VIADedupJob
$item | Start-DedupJob -Type GarbageCollection -Priority High -Memory 80 -Full
Wait-VIADedupJob
$item | Start-DedupJob -Type Scrubbing -Priority High -Memory 80 -Full
Wait-VIADedupJob
}
Get-DedupStatus

/mike

Posted in Windows Server 2016 | Tagged: | 2 Comments »

Nice to Know – Windows 10 and Windows Server 2016 Update History

Posted by Mikael Nystrom on April 27, 2017

Here is a nice list, it gives you all released versions of Windows 10 and Windows Server 2016. So when ever you need to know the “latest” Cumulative Update of Windows 10, 1511, 1607, 1703 or Windows Server 2016 1607 you can use this page to find related information about the version, including the link for the download at Microsoft Update Catalog.

image
Update history for Windows 10 version 1703.

 

image
Specific information about the latest version of Windows 10.

 

image
Including the link to the cab file at Microsoft Update Catalog.

 

/mike

Posted in Windows 10, Windows Server 2016 | Tagged: , | 2 Comments »

Nice to Know – Performance guidelines for Windows Server 2016!

Posted by Mikael Nystrom on April 27, 2017

Yesterday, Microsoft announced the availability of performance guidelines for Windows Server 2016. They are not super advanced but they are perfectly fine. One nice thing is that you can view them offline (you don’t always have access to a fancy Internet connection working in a datacenter. My take on this is that you should browse trough the topics that you work with, take the ideas, convert them into reality and implement them in your deployment process. As they say in an old movie, and I quote:

– I feel the need, the need for more speed…

image

Server hardware

Server role

Server subsystem

Offline viewing is here: Download PDF

/mike

Posted in Windows Server 2016 | Tagged: | Leave a Comment »

Nice to Know – IT Pro documentation for Windows 10 is now on Microsoft Docs

Posted by Mikael Nystrom on April 27, 2017

So, Microsoft has “moved” W10 documentation to http://docs.microsoft.com. It does make sense, the “docs” site is better suited for having this information then TechNet/Msdn.

image

/mike

Posted in Windows 10 | Tagged: | Leave a Comment »