The Deployment Bunny

OS Deployment, Virtualization, Microsoft based Infrastructure…

  • Archives

  • Meta

Archive for the ‘Windows 10’ Category

OSD – Workaround for ADK issue in 1703

Posted by Mikael Nystrom on May 16, 2017

The issue in ADK 1703 is that you cannot mount a WIM file in MDT/ConfigMgr, due to a signing issue with the WIM Mount Driver when running a system with UEFI and Secure Boot.


Michael Niehaus did found a workaround today, and that is to use the existing WIM mount driver that is already in the system.



Posted in ADK, Windows 10 | Tagged: , | Leave a Comment »

Nice to Know – Windows 10 and Windows Server 2016 Update History

Posted by Mikael Nystrom on April 27, 2017

Here is a nice list, it gives you all released versions of Windows 10 and Windows Server 2016. So when ever you need to know the “latest” Cumulative Update of Windows 10, 1511, 1607, 1703 or Windows Server 2016 1607 you can use this page to find related information about the version, including the link for the download at Microsoft Update Catalog.

Update history for Windows 10 version 1703.


Specific information about the latest version of Windows 10.


Including the link to the cab file at Microsoft Update Catalog.



Posted in Windows 10, Windows Server 2016 | Tagged: , | 2 Comments »

Nice to Know – IT Pro documentation for Windows 10 is now on Microsoft Docs

Posted by Mikael Nystrom on April 27, 2017

So, Microsoft has “moved” W10 documentation to It does make sense, the “docs” site is better suited for having this information then TechNet/Msdn.



Posted in Windows 10 | Tagged: | Leave a Comment »

Nice to Know – Windows 10 1703 is now available for download

Posted by Mikael Nystrom on April 5, 2017

A few minutes ago Microsoft released Windows 10 1703

You can find it on MSDN as well as at on TechNet


You can read more about it here


Posted in Windows 10 | Tagged: | Leave a Comment »

Nice to Know – New feature in Windows 10 Creators Update

Posted by Mikael Nystrom on March 29, 2017

One of the new features in the upcoming version of Windows 10 (Windows 10 – Creators Update) is the Windows Defender Security Center, as you might expect it is defender, but it also includes a nice little health check


In this case, there is something wrong, maybe we should take a look…


Seems that I have an issue with a device driver, hmm, need to fix that


Let us run that and see what is wrong…


Big surprise (not really), one of my virtual network adapters are turned off.

That should give you an idea what the new feature is all about, pretty nice, pretty cool.


Posted in Nice to Know, Windows 10 | Tagged: , | 3 Comments »

Windows 10 Insider – New Fun Feature

Posted by Mikael Nystrom on February 2, 2017

In future releases of Windows 10 (Build 15014 or later), there is a new feature in Hyper-V currently called “Quick Create”

It basically means that you do not need to run trough the entire wizard to create a VM, instead it is a single page, like this:


Have fun.

/The Bunny

Posted in Hyper-V, Insider, Windows 10 | Tagged: , , | Leave a Comment »

Windows Server 2016 – Create a NAT network using the Hyper-V switch

Posted by Mikael Nystrom on March 3, 2016

In Windows Server 2016 (TP4) and Windows 10 1511 it is possible to create a Hyper-V Switch with NAT functionality, including publishing rules. The purpose is to run containers, but it can of course be used to run normal virtual machines. This means that you can very easy build an infrastructure environment with access to Internet and reverse without having a virtual router or firewall, pretty neat IMHO. Currently, the only way to create the switch is using PowerShell, but hey, I don’t mind…

Create the Switch

The following command will create a VM Switch for NAT usage with a subnet of The net result will be a switch and an Internal network adapter with the IP address

New-VMSwitch -Name ViaMonstraNAT -SwitchType NAT -NATSubnetAddress

Create the NAT rule to get out

The following command will create a NAT rule for all machines connected to the Switch that uses the default gateway to get out.

New-NetNat -Name ViaMonstraNAT -InternalIPInterfaceAddressPrefix

Create a publishing rule

The following rule will open the “firewall” and redirect traffic on the hyper-v host port tcp/80 to the machine on the VM Switch with the IP address to tcp/80

Add-NetNatStaticMapping -NatName ViaMonstraNAT -Protocol TCP -ExternalPort 80 -InternalIPAddress -InternalPort 80 -ExternalIPAddress

Check if it works

You can use the following PowerShell commandlets to see the configuration after it has been done.

Get-VMSwitch will show you the switch with SwitchType NAT.

Get-NetNat will show you the NAT configuration bound to the switch.

Get-NetNatStaticMapping will show you the publishing rule.

Get-NetNatSession will show you current NAT sessions.


Posted in Hyper-V, Windows 10, Windows Server 2016 | Tagged: , , | 3 Comments »

Nice to Know – DirectAccess Capacity Planning and Performance Metrics

Posted by Mikael Nystrom on February 26, 2016

This evening a friend of mine (you know who you are) started a conversation with in this way

– Do you use DirectAccess?

– Yes, we do

The conversation continued with questions about performance, expectations and such. In the end i sent him a very nice TechNet article about capacity planning and performance metrics that is useful, and here it is for the rest of you that also have the same question but never got an answer.


Please continue the reading here:


Posted in DirectAccess, Windows 10, Windows 7, Windows 8, Windows 8.1 | Tagged: | Leave a Comment »

OS Deployment – Allow PXE deployment to the same MAC Address by configure SMS_DISCOVERY_DATA_MANAGER in ConfigMgr, or How to deploy Windows to shared docking stations and usb network adapters

Posted by Mikael Nystrom on January 29, 2016

This is very simple, when you deploy a device uisng PXE, ConfigMgr will inventory the MAC address, but that will prevent that mac address from being used once more unless the hardware inventory is executed after the machine has been deployed and removed from the docking station (similar)

The fix:

  • Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Components \SMS_DISCOVERY_DATA_MANAGER on the primary site server
  • Add a MultiString entry called ExcludeMACAddress
  • Add all Mac Address to ExcludeMACAddress

For a complete story I strongly recommend you to read the following post:


Posted in OS Deployment, OSD, Windows 10 | Tagged: , , | 1 Comment »

Working in the Datacenter–Enable Virtual TPM in Hyper-V gives you the ability to test bitlocker in a VM

Posted by Mikael Nystrom on January 26, 2016

Last night a friend contaced me and said “-Did you ever post the vTPM thing?”, i did say yes, but i was wrong, so here it is…

Simple, without testing and verfication, a deployment solution will fail. One of the tasks that takes a lot of time to test and verify is BitLocker and that also includes TPM. Windows 10 and Windows Server 2016 gives you the ability to create Virtuial Machines with a Virtual TPM Chip 2.0.

A VM running Windows Server 2012 R2 with a vTPM chip, The VM is running on Windows Server 2016.

The How-To Part

You need to run Windows Server 2016 TP4 or Windows 10.

On the host, add Isolated UserMode, Hyper-V and Hostguardian Services, by running the following powershell command(elevated):

Add-WindowsFeature -Name “Isolated-UserMode”,”Hyper-V”,”HostGuardian” -IncludeAllSubFeature –IncludeManagementTools

If needed, restart the host.

Before you can enable the vTPM you need to have a Guardian Service guardian object and with that you can crerate a Key Protector.

New-HgsGuardian -Name ‘Guardian’ -GenerateCertificates
$Owner = Get-HgsGuardian -Name ‘Guardian’
$KeyProtector = New-HgsKeyProtector -Guardian $Owner -Owner $Owner –AllowUntrustedRoot

Great, the last piece is to enable the vTPM

Set-VMKeyProtector -VMName ‘WSUS01’ -KeyProtector $KeyProtector.RawData
Enable-VMTPM -VMName ‘WSUS01’


Posted in Deployment, Hyper-V, OSD, Windows 10, Windows Server 2016, Windows Server vNext | Tagged: , , , , , | 6 Comments »