The Deployment Bunny

OS Deployment, Virtualization, Microsoft based Infrastructure…

  • Archives

  • Meta

Posts Tagged ‘Windows 10’

Nice to Know – Mass upgrading Windows 10 Using PowerShell

Posted by Mikael Nystrom on December 5, 2017

Someone asked med a while back

– Is it possible to upgrade our Windows 7,8,8.1 and unsupported Windows 10 machines to a supported version of Windows 10 without a deployment solution?

….(thinking)

– You mean without running around to all machines?

….(Thinking)

– Yes, it is possible

Before explaining how that can be done, let’s be clear, if you have ConfigMgr or Microsoft Deployment Toolkit, that is far better then doing it this way, but you could be in a situation when that is not an option but you still need to achieve the same goal, upgrade to a supported version of Windows 10. (I’ll write another post on how to combine the scripts here with MDT)

Overview:

Assuming you have a licensed version of Windows 10, the Windows 10 Media, a network and access to all the computers over the network it will be possible to push out an upgrade. This method also works if you are running an older version of Windows 10 and would like to upgrade to a never version of Windows 10. The way to do this is rather easy, we basically need to perform the following steps:

– Enable remote access for PowerShell

– Copy the media down to the computer

– Run a compatibility scan to verify that we can upgrade

– Upgrade

Create a CSV file for computers that should be upgraded:

First of all we need to create a .CSV file with the computers that should be upgraded, the file contains the 3 servers I would like to upgrade to Windows 10.

image
Content of computers.txt

Store the file in your computer, in my case I stored it in D:\Upgrade2w10\Computers.txt

Enable remote access for PowerShell:

We need to access the computers using Remote PowerShell and therefor we need to enable that. This can be done using various method and one easy/weird/fun way to to that is to use WMI. The script below will connect using WMI and execute two commands on each server:

The following PowerShell script enables WinRM (Remote Access) and Remote PowerShell.

image
Content of Invoke-ComputerPrep.ps1

The result after running the script is this:

image

Copy the media down to the computer:

Now when we have access to all the machine, we can copy the media down to each machine and we will do that in a reversed way. We will create a scheduled task on each Windows 7 machine and the scheduled task will then download the content to the local hard drive. You need to edit the settings in this file to match your environment.

image
Content of Invoke-ImageDownload.ps1

Here is how it looks when you run the script:

image

Run a compatibility scan to verify that we can upgrade:

Ok, so we have the Windows 10 image in the C:\Source folder of each computer, now lets run the Compat Scan.

The script will connect to each computer, create a plain vanilla .BAT file and then we will remotely execute that:

image

And here is the result, as you can see all, none of the machines had any issues.

image

Upgrade:

Ok, so the final step. The only thing we need to do is fire up the install program, and for that we use PsExec, it’s old but works for this kind of work.

The script will connect to each machine, create a .BAT file and then we let PSExec execute it.

image
Content of Invoke-ComputerUpgrade.ps1

Here is the result of running that, as you can see all (you can only see Win-01) of the machines is returning a success (return code 0)

image

Ok, so, what next, well, since the return code was 0, lets restart them…

image

The scripts can be downloaded here: https://github.com/DeploymentBunny/Files/tree/master/Tools/MassUpgradeWindows10

/mike

Posted in OS Deployment, OSD, Windows 10 | Tagged: , , | Leave a Comment »

The October 2017 Update – “Inaccessible Boot Device”

Posted by Mikael Nystrom on October 11, 2017

Also known as:

KB4041676 -  https://support.microsoft.com/en-us/help/4041676

KB4041691 – https://support.microsoft.com/en-us/help/4041691

KB4000824 https://support.microsoft.com/en-us/help/4000824

Affected systems:

This only affects systems that are managed trough WSUS and the patches was approved at the same time as the “delta” updates also was approved. Those updates was never intended to show up in WSUS, they should be deleted/Declined. You should NEVER have Delta updates in WSUS. It was a “woops” somewhere. But if they were approved, and distributed, and download, and installed at the SAME time as the full patch, then you are affected

image
These should be declined, and they should be gone at the next sync.

Result:

After installing the update and reboot, the pc will not boot, instead it gives you ”Inaccessible Boot Device”

Official Solution:

Currently the official solution is to contact Microsoft Support, but it is possible to use DISM.exe or PowerShell to remove the updates or reverse back a folder name.

read about the issue here (from Microsoft) https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/monthly-delta-update-isv-support-without-wsus

image
Information regarding the Delta’s from Microsoft in a forum.

The Quick fix Solution:

A very nice MVP manage to figure out how to remove all the updates using DISM, and yes, it does work like a charm!

(update: If this is a VM, you might need to add more memory. We have found that you need at least 3GB of RAM for WinPE to use larger scratch space.)

https://blog.workinghardinit.work/2017/10/11/quick-fix-publish-vm-wont-boot-after-october-2017-updates-for-windows-server-2016-and-windows-10-kb4041691/

Other ways to fix it is:

The idea is to rename the WindowsApps folder and that seems to work for some

image

https://marc.info/?l=patchmanagement&m=150007672922185&w=2

/mike

Posted in Windows 10, Windows Server 2016 | Tagged: , | 29 Comments »

OSD – Workaround for ADK issue in 1703

Posted by Mikael Nystrom on May 16, 2017

The issue in ADK 1703 is that you cannot mount a WIM file in MDT/ConfigMgr, due to a signing issue with the WIM Mount Driver when running a system with UEFI and Secure Boot.

Workaround:

Michael Niehaus did found a workaround today, and that is to use the existing WIM mount driver that is already in the system.

https://blogs.technet.microsoft.com/mniehaus/2017/05/16/quick-workaround-for-adk-1703-issue/

image

/mike

Posted in ADK, Windows 10 | Tagged: , | Leave a Comment »

Nice to Know – Windows 10 and Windows Server 2016 Update History

Posted by Mikael Nystrom on April 27, 2017

Here is a nice list, it gives you all released versions of Windows 10 and Windows Server 2016. So when ever you need to know the “latest” Cumulative Update of Windows 10, 1511, 1607, 1703 or Windows Server 2016 1607 you can use this page to find related information about the version, including the link for the download at Microsoft Update Catalog.

image
Update history for Windows 10 version 1703.

 

image
Specific information about the latest version of Windows 10.

 

image
Including the link to the cab file at Microsoft Update Catalog.

 

/mike

Posted in Windows 10, Windows Server 2016 | Tagged: , | 2 Comments »

Nice to Know – IT Pro documentation for Windows 10 is now on Microsoft Docs

Posted by Mikael Nystrom on April 27, 2017

So, Microsoft has “moved” W10 documentation to http://docs.microsoft.com. It does make sense, the “docs” site is better suited for having this information then TechNet/Msdn.

image

/mike

Posted in Windows 10 | Tagged: | Leave a Comment »

Nice to Know – Windows 10 1703 is now available for download

Posted by Mikael Nystrom on April 5, 2017

A few minutes ago Microsoft released Windows 10 1703

You can find it on MSDN as well as at on TechNet

image

You can read more about it here

https://technet.microsoft.com/itpro/windows/whats-new/index

/mike

Posted in Windows 10 | Tagged: | Leave a Comment »

Nice to Know – New feature in Windows 10 Creators Update

Posted by Mikael Nystrom on March 29, 2017

One of the new features in the upcoming version of Windows 10 (Windows 10 – Creators Update) is the Windows Defender Security Center, as you might expect it is defender, but it also includes a nice little health check

image

In this case, there is something wrong, maybe we should take a look…

image

Seems that I have an issue with a device driver, hmm, need to fix that

image

Let us run that and see what is wrong…

image

Big surprise (not really), one of my virtual network adapters are turned off.

That should give you an idea what the new feature is all about, pretty nice, pretty cool.

/mike

Posted in Nice to Know, Windows 10 | Tagged: , | 3 Comments »

Windows 10 Insider – New Fun Feature

Posted by Mikael Nystrom on February 2, 2017

In future releases of Windows 10 (Build 15014 or later), there is a new feature in Hyper-V currently called “Quick Create”

It basically means that you do not need to run trough the entire wizard to create a VM, instead it is a single page, like this:

image

Have fun.

/The Bunny

Posted in Hyper-V, Insider, Windows 10 | Tagged: , , | Leave a Comment »

Windows Server 2016 – Create a NAT network using the Hyper-V switch

Posted by Mikael Nystrom on March 3, 2016

In Windows Server 2016 (TP4) and Windows 10 1511 it is possible to create a Hyper-V Switch with NAT functionality, including publishing rules. The purpose is to run containers, but it can of course be used to run normal virtual machines. This means that you can very easy build an infrastructure environment with access to Internet and reverse without having a virtual router or firewall, pretty neat IMHO. Currently, the only way to create the switch is using PowerShell, but hey, I don’t mind…

Create the Switch

The following command will create a VM Switch for NAT usage with a subnet of 192.168.1.0/24. The net result will be a switch and an Internal network adapter with the IP address 192.168.1.1

New-VMSwitch -Name ViaMonstraNAT -SwitchType NAT -NATSubnetAddress 192.168.1.0/24

Create the NAT rule to get out

The following command will create a NAT rule for all machines connected to the Switch that uses the default gateway to get out.

New-NetNat -Name ViaMonstraNAT -InternalIPInterfaceAddressPrefix 192.168.1.0/24

Create a publishing rule

The following rule will open the “firewall” and redirect traffic on the hyper-v host port tcp/80 to the machine on the VM Switch with the IP address 192.168.1.200 to tcp/80

Add-NetNatStaticMapping -NatName ViaMonstraNAT -Protocol TCP -ExternalPort 80 -InternalIPAddress 192.168.1.200 -InternalPort 80 -ExternalIPAddress 0.0.0.0

Check if it works

You can use the following PowerShell commandlets to see the configuration after it has been done.

image
Get-VMSwitch will show you the switch with SwitchType NAT.

image
Get-NetNat will show you the NAT configuration bound to the switch.

image
Get-NetNatStaticMapping will show you the publishing rule.

image
Get-NetNatSession will show you current NAT sessions.

/Mike

Posted in Hyper-V, Windows 10, Windows Server 2016 | Tagged: , , | 3 Comments »

OS Deployment – Allow PXE deployment to the same MAC Address by configure SMS_DISCOVERY_DATA_MANAGER in ConfigMgr, or How to deploy Windows to shared docking stations and usb network adapters

Posted by Mikael Nystrom on January 29, 2016

This is very simple, when you deploy a device uisng PXE, ConfigMgr will inventory the MAC address, but that will prevent that mac address from being used once more unless the hardware inventory is executed after the machine has been deployed and removed from the docking station (similar)

The fix:

  • Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Components \SMS_DISCOVERY_DATA_MANAGER on the primary site server
  • Add a MultiString entry called ExcludeMACAddress
  • Add all Mac Address to ExcludeMACAddress

For a complete story I strongly recommend you to read the following post:

http://blogs.technet.com/b/system_center_configuration_manager_operating_system_deployment_support_blog/archive/2015/08/27/re_2d00_use-the-same-nic-for-multiple-pxe-initiated-deployments.aspx

/mike

Posted in OS Deployment, OSD, Windows 10 | Tagged: , , | 1 Comment »