The Deployment Bunny

OS Deployment, Virtualization, Microsoft based Infrastructure…

  • Archives

  • Meta

Archive for the ‘Windows 10’ Category

OSD – Workaround for ADK issue in 1703

Posted by Mikael Nystrom on May 16, 2017

The issue in ADK 1703 is that you cannot mount a WIM file in MDT/ConfigMgr, due to a signing issue with the WIM Mount Driver when running a system with UEFI and Secure Boot.

Workaround:

Michael Niehaus did found a workaround today, and that is to use the existing WIM mount driver that is already in the system.

https://blogs.technet.microsoft.com/mniehaus/2017/05/16/quick-workaround-for-adk-1703-issue/

image

/mike

Posted in ADK, Windows 10 | Tagged: , | Leave a Comment »

Nice to Know – Windows 10 and Windows Server 2016 Update History

Posted by Mikael Nystrom on April 27, 2017

Here is a nice list, it gives you all released versions of Windows 10 and Windows Server 2016. So when ever you need to know the “latest” Cumulative Update of Windows 10, 1511, 1607, 1703 or Windows Server 2016 1607 you can use this page to find related information about the version, including the link for the download at Microsoft Update Catalog.

image
Update history for Windows 10 version 1703.

 

image
Specific information about the latest version of Windows 10.

 

image
Including the link to the cab file at Microsoft Update Catalog.

 

/mike

Posted in Windows 10, Windows Server 2016 | Tagged: , | 2 Comments »

Nice to Know – IT Pro documentation for Windows 10 is now on Microsoft Docs

Posted by Mikael Nystrom on April 27, 2017

So, Microsoft has “moved” W10 documentation to http://docs.microsoft.com. It does make sense, the “docs” site is better suited for having this information then TechNet/Msdn.

image

/mike

Posted in Windows 10 | Tagged: | Leave a Comment »

Nice to Know – Windows 10 1703 is now available for download

Posted by Mikael Nystrom on April 5, 2017

A few minutes ago Microsoft released Windows 10 1703

You can find it on MSDN as well as at on TechNet

image

You can read more about it here

https://technet.microsoft.com/itpro/windows/whats-new/index

/mike

Posted in Windows 10 | Tagged: | Leave a Comment »

Nice to Know – New feature in Windows 10 Creators Update

Posted by Mikael Nystrom on March 29, 2017

One of the new features in the upcoming version of Windows 10 (Windows 10 – Creators Update) is the Windows Defender Security Center, as you might expect it is defender, but it also includes a nice little health check

image

In this case, there is something wrong, maybe we should take a look…

image

Seems that I have an issue with a device driver, hmm, need to fix that

image

Let us run that and see what is wrong…

image

Big surprise (not really), one of my virtual network adapters are turned off.

That should give you an idea what the new feature is all about, pretty nice, pretty cool.

/mike

Posted in Nice to Know, Windows 10 | Tagged: , | 3 Comments »

Windows 10 Insider – New Fun Feature

Posted by Mikael Nystrom on February 2, 2017

In future releases of Windows 10 (Build 15014 or later), there is a new feature in Hyper-V currently called “Quick Create”

It basically means that you do not need to run trough the entire wizard to create a VM, instead it is a single page, like this:

image

Have fun.

/The Bunny

Posted in Hyper-V, Insider, Windows 10 | Tagged: , , | Leave a Comment »

Windows Server 2016 – Create a NAT network using the Hyper-V switch

Posted by Mikael Nystrom on March 3, 2016

In Windows Server 2016 (TP4) and Windows 10 1511 it is possible to create a Hyper-V Switch with NAT functionality, including publishing rules. The purpose is to run containers, but it can of course be used to run normal virtual machines. This means that you can very easy build an infrastructure environment with access to Internet and reverse without having a virtual router or firewall, pretty neat IMHO. Currently, the only way to create the switch is using PowerShell, but hey, I don’t mind…

Create the Switch

The following command will create a VM Switch for NAT usage with a subnet of 192.168.1.0/24. The net result will be a switch and an Internal network adapter with the IP address 192.168.1.1

New-VMSwitch -Name ViaMonstraNAT -SwitchType NAT -NATSubnetAddress 192.168.1.0/24

Create the NAT rule to get out

The following command will create a NAT rule for all machines connected to the Switch that uses the default gateway to get out.

New-NetNat -Name ViaMonstraNAT -InternalIPInterfaceAddressPrefix 192.168.1.0/24

Create a publishing rule

The following rule will open the “firewall” and redirect traffic on the hyper-v host port tcp/80 to the machine on the VM Switch with the IP address 192.168.1.200 to tcp/80

Add-NetNatStaticMapping -NatName ViaMonstraNAT -Protocol TCP -ExternalPort 80 -InternalIPAddress 192.168.1.200 -InternalPort 80 -ExternalIPAddress 0.0.0.0

Check if it works

You can use the following PowerShell commandlets to see the configuration after it has been done.

image
Get-VMSwitch will show you the switch with SwitchType NAT.

image
Get-NetNat will show you the NAT configuration bound to the switch.

image
Get-NetNatStaticMapping will show you the publishing rule.

image
Get-NetNatSession will show you current NAT sessions.

/Mike

Posted in Hyper-V, Windows 10, Windows Server 2016 | Tagged: , , | 3 Comments »

Nice to Know – DirectAccess Capacity Planning and Performance Metrics

Posted by Mikael Nystrom on February 26, 2016

This evening a friend of mine (you know who you are) started a conversation with in this way

– Do you use DirectAccess?

– Yes, we do

The conversation continued with questions about performance, expectations and such. In the end i sent him a very nice TechNet article about capacity planning and performance metrics that is useful, and here it is for the rest of you that also have the same question but never got an answer.

image

Please continue the reading here: https://technet.microsoft.com/en-us/library/jj735301.aspx

/Mike

Posted in DirectAccess, Windows 10, Windows 7, Windows 8, Windows 8.1 | Tagged: | Leave a Comment »

OS Deployment – Allow PXE deployment to the same MAC Address by configure SMS_DISCOVERY_DATA_MANAGER in ConfigMgr, or How to deploy Windows to shared docking stations and usb network adapters

Posted by Mikael Nystrom on January 29, 2016

This is very simple, when you deploy a device uisng PXE, ConfigMgr will inventory the MAC address, but that will prevent that mac address from being used once more unless the hardware inventory is executed after the machine has been deployed and removed from the docking station (similar)

The fix:

  • Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Components \SMS_DISCOVERY_DATA_MANAGER on the primary site server
  • Add a MultiString entry called ExcludeMACAddress
  • Add all Mac Address to ExcludeMACAddress

For a complete story I strongly recommend you to read the following post:

http://blogs.technet.com/b/system_center_configuration_manager_operating_system_deployment_support_blog/archive/2015/08/27/re_2d00_use-the-same-nic-for-multiple-pxe-initiated-deployments.aspx

/mike

Posted in OS Deployment, OSD, Windows 10 | Tagged: , , | 1 Comment »

Working in the Datacenter–Enable Virtual TPM in Hyper-V gives you the ability to test bitlocker in a VM

Posted by Mikael Nystrom on January 26, 2016

Last night a friend contaced me and said “-Did you ever post the vTPM thing?”, i did say yes, but i was wrong, so here it is…

Simple, without testing and verfication, a deployment solution will fail. One of the tasks that takes a lot of time to test and verify is BitLocker and that also includes TPM. Windows 10 and Windows Server 2016 gives you the ability to create Virtuial Machines with a Virtual TPM Chip 2.0.

image
A VM running Windows Server 2012 R2 with a vTPM chip, The VM is running on Windows Server 2016.

The How-To Part

You need to run Windows Server 2016 TP4 or Windows 10.

On the host, add Isolated UserMode, Hyper-V and Hostguardian Services, by running the following powershell command(elevated):

Add-WindowsFeature -Name “Isolated-UserMode”,”Hyper-V”,”HostGuardian” -IncludeAllSubFeature –IncludeManagementTools

If needed, restart the host.

Before you can enable the vTPM you need to have a Guardian Service guardian object and with that you can crerate a Key Protector.

New-HgsGuardian -Name ‘Guardian’ -GenerateCertificates
$Owner = Get-HgsGuardian -Name ‘Guardian’
$KeyProtector = New-HgsKeyProtector -Guardian $Owner -Owner $Owner –AllowUntrustedRoot

Great, the last piece is to enable the vTPM

Set-VMKeyProtector -VMName ‘WSUS01’ -KeyProtector $KeyProtector.RawData
Enable-VMTPM -VMName ‘WSUS01’

/Mike

Posted in Deployment, Hyper-V, OSD, Windows 10, Windows Server 2016, Windows Server vNext | Tagged: , , , , , | 6 Comments »