Recorded Concerts–an interesting approach from Mark Knopfler

My wife and I go up to London’s Royal Albert Hall whenever we can get tickets for acts we like. We don’t go often, but in recent times we’ve seen Jackson Browne, Eric Clapton and most recently Mark Knopfler. After the Eric Clapton gig, we both would have just loved a CD from the show – we both thought it was about the best Clapton gig we’d been too (and I’ve seen him a lot over the decades).

For the Mark Knopfler gig, there was a flier on each seat advertising the show on USB. I took the flier, not really thinking about it till I got home. The flier just pointed off to http://www.markknopfler-live.com/ – and to my surprise, it was not just the London show that was being offered, but a separate stick for nearly every show on the tour. The cost was £26 plus shipping!

Ten days later, I’m sitting here listening to the show. Sadly, the recording is done with a lossy codec (MP3) versus a loss-less codec. But despite that, the quality is excellent – just enough crowd nose to give it a live feel but the music shines through where it should. The stick arrived this morning and we’ve played it three times already!

This may be all the rage these days – but it was the first time I’d seen it. It seems to me to combine the ability for the fans to enjoy what they heard with ensuring the artist enjoys some revenue from the sale. A few bands, like the Grateful Dead, have encouraged fan trading of their shows for decades, but all too many artists dislike it intensely. I once had a discussion with Jimmy Page about this – like Van Morrison and others, his views were fairly strident. The week before our conversation, Page had been in Scotland testifying against a bootlegger, who on some shows probably made more money our of the bootlegging than Page did for playing!

So while, like any MP3, these will almost be traded illegally. Despite that, it’s really nice to be able to enjoy the music we heard – it’ll keep the memories a bit more alive. I just wish and hope more artists do this!

Technorati Tags: Music

TechEd Europe 2013 - Surface Offer (I’m Buying)

I’ve long held out from buying a table device. We bought my daughter one and I enjoy playing with it (when I’m allowed), but for me a tablet is a device too many. I have my phone and laptop – why do I need a tablet TOO.  Just another device to feed and to lose.

I travel a great deal and lately, as I look around the planes/trains/lounges/etc., folks with laptops are almost non-existent. Everyone seems to be using tables. I have, over the past few weeks, been considering a purchase – but the full list price seemed to me to just be too high for something I don’t really need.

What price would I pay is a fair question. If I was to have a tablet, I’d probably prefer an iPad fondleslab, but mainly due to the apps and the wonderfulness of it’s design/build. However, having seen a few Surface devices, I am really swayed. While the Apple device has the benefit of the eco-system (3rd party add ons plus the sheer number of application). But as I thought, there are going to be times when I simply don’t need the weight of the laptop – I just need a device to do mail, and a bit of writing that I really can’t do on the phone.

So what WOULD I be willing to pay? Obviously, if the device were free, I’d have it now. But back in the real world, and given I really don’t need a tablet, I could be persuaded to pay up to around £75 for a Surface RT 64, and maybe up to £350 for a Surface Pro 128. Whilst that may seem cheep (and it would be!), that’s the point where it could be worth it to me. Again, this is a device I don’t' really want, and would be worried about losing!

Well imagine my surprise when I read this blog article this morning: Special Surface Offer for TechEd Europe 2013 Attendees. I had to refresh the page a couple of times, and check to see if this really was an offer coming from Microsoft. I guess that they did a similar offer at TechEd US, Microsoft needed to so the same here in Europe. Well Done Microsoft – and THANKS.

So, I am definitely getting a Windows Surface device. Now the key question: which one? Or do I do seriously greedy and go for both.

 

 

Technorati Tags: TechEd Europe 2013,Surface,Surface Pro,Surface RT

TechEd Europe 2013–I’m Going!!!

Back in February I got a challenge by Microsoft UK to help to drive up clicks on some Microsoft Sites. One of the prizes in the challenge was a free pass to TechEd, assuming I got enough clicks. Well, I’m happy to say that thanks to all you nice folks (and your friends, etc.), I WON THE PASS! A lot of you clicked a whole heck of a lot!!

So in just over a week, I’ll be heading down to Madrid. I’m going to attend the MCT Day Zero, where I’m running session on PowerShell. Then a day off, Monday, where I’ll probably just do some sightseeing followed by 4 days of hard core TechEd. I’m particularly keen to see all the new features coming in Windows 2012 R2. And of course hang out with a bunch of people!

See you there!

 

                   

Technorati Tags: TechEd 2013,Teched Europe,Getting Me a Surface!

Windows 8 Rock and Roll with Joey Snow

The UK Windows User Group is throwing an event in a fortnight's time – featuring both Joey Snow and Rick Claus from Microsoft Redmond. The event is on Wednesday 19 June starting at 17:45 and finishing up at 21:00. Tickets are free, but if you wish to pay a bit extra, you can also order VIP tickets for 20 pounds a seat. The event is to be held in York (UK).

To sign up, go here: http://windowsug1.eventbrite.co.uk/#

If you are anywhere in the area – this would be worth going to. I’ve known Joey for a very long time and his talks are always worth attending. I just wish I was gong to be in the area.

Technorati Tags: Windows,Joey Snow,Windows 8

Moving to a Windows Phone–Part 3–The Move Over

As many of you will know, I engaged in a contest to get you all to click, click, and click. If enough of you clicked, the story was that Microsoft would give me a new Windows Phone. I accepted that challenge and promised that in return for the phone, I’d cease using my iPhone and use this new Windows phone for 3 months. I love my iPhone, and was somewhat nervous over the deal – but I’m willing to try it.

Well, the first part of the challenge was a success, and I duly headed over to Microsoft to pick up the new phone. It’s a Nokia Lumia 820. I arrived at Microsoft and was given the phone by Claire Smyth, our most excellent MVP Lead. We had a nice chat and I was quite excited to open the box.

First Impressions

As I opened it, the packaging was nice and very Apple like with a nicely designed box. The phone it self felt good in my hand and felt heavy enough to be real – and the battery even had nearly a full charge! Some of the newer phones I’ve held recently felt cheap and plasticy (Is that a word – all plastic like), in other words cheap and cheerful (maybe). By comparison, it was heavy enough to feel good, and could pretty instantly be used.

First impressions, thus, were good. The phone looked good, the white plastic back looked cool. It was stylish, but practical. So far so good.

Getting into the new phone

Back home, I immediately started playing. The phone booted smoothly and I was immediately able to get wireless connectivity going. My first task was to get mail working and this was surprisingly easy. I just typed in my credentials and the Exchange Server name and away it went. The Email client, at first sight looks OK, compared to the iPhone.

Getting the phone to work as a phone was also snap – I just had to find the iPhone tool to retrieve my SIM and pop it into the phone. As someone with non-existent finger nails, I did find getting into the new phone was quite difficult. As I’m not likely to have to get into the innards very often, this is probably no bad thing, but in the end, I had to get my wife, with her longer nails, to help. But once I popped the old SIM into the new phone, immediately it worked! The overall phone quality from home is sucky, but that’s O2’s issue, not the phone. But I could make calls in the UK. I’ve yet to try calls when abroad but I’ll post any issues or success that arises.

I also started playing around with the Windows Phone 8 UI – the new version Windows 8 with it’s tile based front end. And I also started searching for apps. As I posted, I have a bunch of apps I wanted and needed on the new phone so time was spent in the Store. In my last article on this topic, I set out what my needs and expectations were with regard to apps. While I knew that, at least, some the apps in a given category might be different (like they are between Android and iPhone). I can live with that to a degree.

Good stuff

Moving over to the phone for all my KEY needs has been pretty painless. Email was up in a snap, wireless and mobile data were a breeze to setup. Props to the Phone OS – when I went to setup the wireless data, rather than having to call O2 to find out the password etc., the Lumia displayed an option to just use the O2 settings and hey presto. Sweet! Mail is quick, the phone works in the local area and some of the key apps are up and working.

The Windows 8 tiles seem pretty cool. At first sight. It took me a month or two on both my last Android and iPhone to get a layout that worked and this is certainly going to be true for the Windows phone. The tiles are easy to access, easy to move around and easy to re-size. The application the tile represents can change the display – and this I find better than the iPhone’s method of displaying pushed changes.

Adding storage via a MicroSD chip is trivial and not very expensive. It was trivial to buy off the net, and a breeze to install (with the proviso that getting the back of the phone off so I could insert the chip was not easy). But after inserting it, replacing the cover and rebooting the phone - it just worked! Of course, filling it is not be a problem! I wish the iPhone had had the ability to use a MicroSD chip. Lack of on-phone memory was for me a limiting factor to the iPhone – so well done Nokia. Any chance of adding in a 2nd or 3rd slot next time – I have a lot of Grateful Deal to move onto the phone! Trying to take my 3.5TB worth of shows and fit into a mere 64GB is not easy – but that’s my problem to deal with.

Issues Arising So Far

While the initial honeymoon period was nice, it wasn’t perfect and there are a few issues I’ve noted. The first issue is the resolution of the screen. When I open an Email message, the resolution of the text is just not as crisp or as clear as on the iPhone. The iPhone is much better despite 2 year older technology. That said, I can live with it – but it feels cheap. This is a Nokia fault, really, not Windows.

The second issue, which is really quite a mild one, is the difficulty of getting into the phone’s innards. As I mentioned earlier, I don’t have adequate finger nails to pry off the cover. I suppose this is a good-news/bad-news thing – it’s difficult to get the cover off, meaning the cover won’t come off easily. And as I hopefully won’t need to pop the cover off very often, this is a minor thing.

The third issue is apps, or should I say lack thereof. After a week, I’ve not managed to duplicate the full richness of my previous iPhone environment. The Windows shop reminds me of visiting East Berlin and the USSR in the early 1980’s and going into a shop there. I’ll report more on my quest for apps in the next article.

Summary after a Week

Overall, it’s a nice phone. The display quality is somewhat disappointing – I expected iPhone 4 quality and better. The OS is solid, and the core apps I’m using so far all work OK. But several apps are still unfound and some don’t yet work for me. I’ll return in a week or two with further commentary.

Technorati Tags: replacing an iPhone,Nokia,Lumia 820

Unified Remote Access and Deployment

I’ve just finished looking at a recently published book: Windows Server 2010 Unified Remote Access Planning and Deployment written by Erez Ben-Ari and Bala Natarajan. Erez has written several books related to this subject for Packt and is a PSS engineer at Microsoft. Bala is a Program Manager in Windows networking team – so these guys should be in the know as to this technology.

Unified Remote Access is the new name for the Direct Access feature added to Windows in Windows 7 and Server 2008 R2. With Direct Access/URA, a client is able to access internal resources on an internal network via encrypted IPv6 tunnels. While URA is a pretty technical subject – and potentially difficult to setup, the book takes you through the key planning, setup and management topics. It’s worth noting that while setting up URA is complex and potentially disastrous if setup badly, Microsoft has put a lot of effort into making the installation wizard doing most of the hard work.

The book also looks more deeply at both Group Policy and PKI which are fundamental technologies used with URA. The final chapter of the book is a good look at troubleshooting. Given the complexity of URA, I almost think this content could go earlier if only as a warning to the unwary.

All in all, it looks a good book to have if you are planning to deploy URA in your organisation.

Technorati Tags: URA,Unified Remote Access

Moving to a Windows Phone–Part 2

As I recently posted, I’ve won a Nokia Lumia 820 from our good friends at Microsoft – now I have to use it (for at least 3 months). As I flew back home yesterday from a training gig, I pondered on what I actually needed in a phone. I’d had the iPhone for a couple of years and about the only weaknesses are the inevitable scratches, the slowly diminishing battery life and the reality that I needed more storage on the device. Otherwise, I really like the iPhone – it does what I want, I can have some fun (I will probably never conquer Plants v Zombies), listen to an extensive collection of Grateful Dead shows – plus it makes phone calls.

So what does the phone need to do for me? What features are really important – and a literally deal breakers, which were nice to have and which were things I’d not miss. Having thought about it, here’s my key features.

• It’s got to have decent radios – it’s got to be a decent world usable telephone and must do wireless. Sort of a no-brainer, but it has to get/receive calls and SMS via my carrier (O2). O2 reception in my home office is poor, but is fine everywhere else. A new phone must be as good, and preferably better. It’s also got to do all the various phone standards and has to do wireless.
• It’s got to do email – I need to have my main mailbox (hosted in the cloud) so I need active sync to sync my mail to the phone.
• It’s got to be secure. That means login screen, a remote wipe ability and a ‘find my phone’ feature.
• It’s got to do decent music. I have a good pair of headphones and want to hear music at the same quality as on the iPhone. This includes a good on-device Player and a good desktop tool to manage the content. To some degree, I’d be happy with just files/folders and manage the device’s data via Explorer on the desktop, but a better app would be nice. The old Zune app would be OK. Anything better than the current version of our fruity themed company’s offering - which I think is suboptimal.
• It’s got to get RSS Podcasts that I can listen to. I subscribe to The Deadpod (http://deadshow.blogspot.co.uk/) and want to continue to listen to it. On the iPhone, I subscribe and it just automatically downloads via the apple desktop app.
• It’s got to be expandable at a reasonable price. I have a lot of music that I like to play and the 16GB limit on the iPhone is too small for me! So I want more and preferably removable.
• It’s got to have decent Linked-In and Twitter applications. I spend time on these two social networks and want to carry on doing so. I also want other apps but these two are MUST haves.
• It has to have a decent web browser that is as industry standard as possible. Via mail and SM as well as by Search Engine - I get a lot of links to look at and I want a good browser. I’d like to have Firefox's Ad Block feature – to know out the flashing and obnoxious ads (and reduce my bandwidth usage).
• It’s GOT to have Google maps. I’ve used others – and I know what I want.
• It’s got to have a reasonable camera. I have taken a lot of pictures with the iPhone and it’s good enough – but I’d like better. I’d also like to be able to remove/replace the lens easily. My current lens got scratched during a recent trip and the pictures now are fuzzy as a result.
• It should have a Skype and Lync client. I like using these for the obvious reasons, but on the road I can tolerate using the phone – or using those apps via my laptop.
• I’d like some decent games. I currently enjoy Solitaire, lane splitter and Plants v Zombies. All are somewhat addictive.
• It should have as many apps as possible to communicate with various on-line entities. This includes apps for: O2 (myO2), BBC News, BBC iPlayer, Tweet Deck, Google+, The Register, Kindle, First Direct (bank), Stock tracker, Tech Eye, the Register, Pluralsight, Amazon shopping, Pedometer, LogMeIn. YouTube, GPSForTHeSoul, Angry Birds, Paper Toss, would be nice too. And FilmonTV would be awesome. I’d prefer all these to be free, but I’d be willing to pay a bit for some of the games, and for good productivity apps.
• It really should have non-proprietary charging cables (e.g. micro USB). I’m really tired of apple’s walled garden here. A docking station and a Bose-like docking station would be nice.
• I’d like a replaceable battery. Given how much music I listen too, and how active I can be on email and social media, I need a decent battery life from the get go, but I am realistic about the technology in today’s batteries. EVERY phone I’ve ever owned has had the batteries die off over time and I’m not expecting any change. The ability to replace the battery rather than needing a whole new phone is sort of important.

Well – that’s my list. At least for now – I’ll give this more thought and reserve the right to change this list at any time!

My next post will cover first impressions of the new phone.

Technorati Tags: Windows Phone

Moving to a Windows Phone–Part 1

As many readers of this blog have noticed, I was issued and have accepted a challenge from Microsoft.   Microsoft UK is promoting  ways for IT Pros to get copies of Windows Server and System Center. Their challenge was to get people to click through to their sit where you can download the relevant software and try it out. My reward, as described here was twofold: If the bunch of challengees get enough clicks, Microsoft UK will pay for us to go to TechEd. I’ve been a TechEd EU supporter since my first TechEd UK in a wet rainy Bournemouth in 1994. And second, if we each got over a certain number, Microsoft UK would give me  a new Windows 8 phone.

So before reading further, please click here, here AND here. If in doubt. PLEASE click: here, here AND here.  And if you click here, here AND here, you may be met by a Microsoft ID sign on. If you have a Microsoft Id, go further, but if not apologies and move on. If you want to help more:  click here, here AND here.

Now those of you know me, know I love my iPhone. Those very nice people at American Express UK gave me an iPhone 2 years ago after some appalling mistakes on their part.They screwed up mega-big time but fixed the problem and sent me a (then) new iPhone by way of a tangible apology. Much appreciated it was, and I have since become utterly in love with my phone. Frankly, I have NO good reason to upgrade other than to respond to the challenge. And, as part of the challenge, I have agreed that if I won the phone, I would use it exclusively for 3 months.

In terms of a new phone – if truth be told and all things are equal, I’d have another iPhone. It is all I could want and more. The phone bit sort of sucks at home- but that's O2’s issue NOT Apple’s. And no matter WHAT handset I get, O2 will still suck at home (I think), but I will easily live with that. So,bottom line, if I really am to dump my iPhone, it’s replacement better be as good.

With that all said - the news is in: I am tomorrow picking up a new Nokia Lumina 820. I am committed to a 3 month run. Watch this space! I am going to Microsoft’s offices tomorrow morning to pick up my new phone.  I will post more ASAP

And in the meantime: please help me to go to TechEd Madrid by clicking: here, here AND here. Please?

Finding Office 365 Cmdlets–It shouldn’t be this hard

I’m working on some courseware for Office 365, Microsoft’s online office product. I have a small business subscription - www.reskit.net, for example is the hosted SharePoint external facing site, and you can get me at tfl@reskit.net. I love the product as it was pretty easy to setup, and works well in practice.

Last week, in preparation for an upcoming training course I began documenting how to get it all setup. I have the cmdlets on MY local workstation, but need to show delegates how to find, install and use them on their systems. I spent several days trying to find these cmdlets – and even went so far as opening a support call with Microsoft, although 2 days later I’ve still had no reply.  But after some considerable amount of effort, I’m sorted. Let me show you how I , finally, got things sorted:

I started at the MS Online Portal and click on the Setup/Overview which brings up this window:

 

Easy, you might think, just click on Learn More link for Module For PowerShell (highlighted above). Ok – So I click on this link and get this:

 

The page has moved. Nothing new, you might say, as Microsoft does this thing all the time. But good on Microsoft for pointing out where the content was moved to! I figure things have changed in Microsoft’s haste to get the new versions of Office 365 out and it may take a while (Ed: 3 weeks??) for the first page to point to the right place. But the redirect link is better than a 404 – so I click that redirection link and get this:

Hold on. I wanted the Office 365 cmdlets not the Azure AD cmdlets. Now it may well be that it’s Azure that ultimately manages O365’s AD. But how do I know? What I am looking for is not what I’ve found. Heck, if I wanted Azure cmdlets, I’d have searched for Azure in the first place, not Office 365. And worse, these have been relocated too! But  there’s a relocation link so maybe not al is lost.

So I click on the link but that just takes me back to the parent node in the table of contents! I’m not going to repeat my rant about the lousy skins MS have foisted on hapless users and how poor the decision to scrap the Class skin was and how hard the TOC now is to use. But even putting that to one side, pointing to a TOC parent doesn’t make much sense.  But then I look carefully at the resultant page:

 

Notice the little note (highlighted above) that says the cmdlets have been renamed. Why couldn’t the very first page on the Online Portal have mentioned this? Or on then first redirection (these content has moved and has been renamed). So the mystery is getting closer to being solved.

So off I go, download these ‘new’ cmdlets (which don’t sound like what I need, but I’m willing to try). But when I try to install the cmdlets, I get told it needs the MSOID Client. So I find that, install it, and try to install the cmdlets again. Whoops – it turns out I need the old .NET framework (I am working on Server 2012 for all these demos). And for reasons best know to some pointy haired boss, the 3.51 Framework has been removed, by default, from Server 2012. So I search out the ISO image, and do the magic incantation:

Add-WindowsFeature NET-FrameworkCore –Source d:\sources\sxs

With that loaded, I try to install the Cmdlets again, the installation succeeds. So off I go looking for the Azure AD cmdlets – but there aren’t any. The module loaded was NOT named Azure (as the web pages seemed to indicate I needed), but MSOnline (which of course is what I wanted all along). But they work. HORRAY. But it took days of effort and following what looks like very incorrect links – I just wanted Office 365 stuff, not Azure, or a lesson in MS product naming (i.e. Office 365 is Azure, except when it isn’t, etc., etc.)

Note to Microsoft: you really need to do a better job here. Please fix the original page to a) point out the right cmdlets, b) point out the renaming and c) that there are pre-reqs and where to find them. Finally, please put the renaming front and centre – especially when what was renamed wasn’t actually renamed. Folks (and I know I am not the only one) get confused with stuff like this.

Summary: It’s taken 4 days of looking and searching to find something that doesn’t sound right, but ends up being so. It really shouldn’t be this hard. I wonder if the new Office 365 exams will test the skills that are REALLY needed to install these cmdlets?

Technorati Tags: Office 365 cmdlets

WMI Explorer–Where’s It Gone–A Temporary Solution

As a trainer, teaching PowerShell, I use WMI Explorer heavily. For those who may be unfamiliar, this is a PowerShell script that displays information about WMI on a system. Written by MOW, a PowerShell MVP, it is for me the best tool I can find for displaying WMI data to the class.

The bad news is that for some reason, it’s old home is not resolving – so all the search engine listings point to a host that for some reason is not there. IN the meantime, I’ve put a copy up on my web site at http://www.reskit.net/powershell/wmiexplorer.zip.

I will be in contact with MOW to see what’s up and to ensure he’s OK with me hosting this magnificent bit of code.

Technorati Tags: WMI Training,WMI,WMI Explorer,WMI PowerShell Script,PowerShell WMI explorer

Help Send Me To Teched?

Microsoft has given the UK MVPs a challenge – and I love a challenge. They, Microsoft UK, is hoping you’ll take a look at System Centre and Windows Server. They have three sets of goodies for you:

• An eval copy of System Center – software to enable private clouds
• An ISO Of Windows Server 2012 – you can use this to create VMs or to load on real hardware.
• A VHD of Windows Server 2012  - create a Hyper-V VM and here’s an installed copy of Windows Server 2012.

The deal is this: if Microsoft get enough clicks, thanks to you generous clicking of these URLs, then those MVPs who participate go into a draw, with 1st prize being a trip to TechEd Madrid this summer. It’s a show I’d love to go to – so please click now and click often.

AND, as an added incentive – if these URLs get more than 250 click thrus, then MS will give me a new Windows Phone. Now those of you who know how much I love my iPhone – if I win the phone, I’ll give up my iPhone for 3 months and use the Windows phone exclusively. So for all those who have been telling me to get a Windows Phone – here’s your chance!

Please click here, here AND here.

Click all! Click early!! Click often!!!

 

Thanks !

MSDN/TechNet Library–The Classic Skin is No More

For those of you who use the MSDN and TechNet library content, you may have noticed that Microsoft has changed the UI of these subsites: http://msdn.microsoft.com/library and http://technet.microsoft/com/library. . These are essentially the same site, that point to different databases. Some years ago, the sites were updated to have several skins: lightweight, script free and classic. I’ve been a user of Classic since forever and was very surprised to see that MS has decided to retire the classic skin.

In the MSDN forum, this decision generated a lot of discussion: see http://social.msdn.microsoft.com/Forums/en-US/libraryfeedback/thread/bbfb492b-4c85-4e8d-ab44-423c4050089e/ for the thread. A user, Victor Araya, posted on Jan 24th claiming to be the PM responsible for the user experience of these sites. He laid out his argument trying to ‘address some of the concerns’.  The feedback on that post was interesting in that not one of the users who follows up this post either agree with him or like the alternative skin. Not one. Comments like “the Lightweight display is a complete failure”, “Lightweight is simply no where near as useable as classic”, “the lightweight view is just washed out and unappealing to the point I really don't want to use it”,” Microsoft really seems to be taking steps to alienate it's developers or just make our work harder” etc.

For me, the change means losing all the community content metrics and tag information. As a community content contributor for both the TechNet and MSND libraries, in fact the largest contributor by a mile, I am sad to see all reference to the thousands of hours I’ve spend curating the content just thrown away.  It’s like all that work has just been for nothing. Heck, I didn’t even get a mail giving me a heads up that all reference to my work would vanish. Thanks Victor and your team for such a great job.

But perhaps the saddest comment comes from a very long time MVP, Cindy Meister. She says: You have to wonder what MSDN does with all the money people pay for their subscriptions. Good point Cindy.

So with such positive feedback – what does Microsoft do? Most companies would have read the feedback and at least gone into explain mode. But no – this is not how Microsoft reacted to the bad feedback. Instead of engaging the community,  we’ve not had a single further response from either ‘Victor’ or any other MS employee. I find the lack of response from Microsoft highly disappointing. And despite every poster asking MS to keep the classic skin, the classic skin is no more – it’s gone. And along with the skin itself, we have lost quite a lot of great information and as well as the improved usability if offered. 

It is sad is that no one from Microsoft has taken the time or made the effort to follow up on the many negative comments. It’s like they have made the decision and that’s that. No amount of sane and sensible paying customer feedback will change their minds. So we suffer. IMHO, Someone at Microsoft needs to listen to the community better. If I were Victor’s boss and read this thread, I’d be very tempted to let him follow his career objectives elsewhere and replace him with someone who gets the needs of the community.

What a sad day!

Technorati Tags: MSDN,community content,TechNet,MSDN Library,TechNet Library,MS fails to listen to users (again)

Windows PowerShell 2.0 Best Practices–A book by Ed Wilson

Ed Wilson, aka Microsoft’s The Scripting Guy, has written a number of PowerShell books (for MS Press). This book, Windows PowerShell 2.0 Best Practices, is one I’ve been slowly reading through. Although this book is a couple of years old, the advice and guidance it contains is still excellent.

The book is divided up into 5 sections: Introduction, Planning, Designing, Testing and Deploying, Optimizing.  In effect, the book is divided around the scripting lifecycle. The Planning section looks at identifying the opportunities for scripting within your organisation. The Designing section shows you how to design scripts that meet your business needs based on the features of PowerShell V2. As I said the book is based on V2 – but there area  number of features that, at least in my experience, a lot of users simply do not know. The fourth section of this book covers both testing (something every script needs!) and deployment (how your users get your scripts). The final section looks at optimising your scripts.

The book, like many MS Press books, contain side bars from folks in the industry. These sidebars provide the voice of experience and give weight to the ideas Ed is promoting. I like these as they provide counterpoint to the book itself.

This is not an easy book to just skim through. Ed writes for adults, and the examples are rich – it took me literally months to finish reading this as I read a little of the book each night. I found that I had to read some pages several times to enable me to distill the key points the book is making.

If you are new to PowerShell, then this would be a good book to read as it provides great background to PowerShell V2 as well a wealth of scripts you could use in your environment. If you have PowerShell skills, then this book can give you new perspectives on PowerShell in the enterprise as well as show you a number of tricks you can leverage in your own code.

I give this book 5 stars!

Technorati Tags: Powershell v2,book,Ed Wilson,The Scripting Guy,PowerShell Best Practices

PowerShell Remoting – The Double Hop Problem And A Solution

I’ve been doing quite a bit of work lately with remoting – running scripts and script blocks on other machines. As part of my series on developing a Hyper-V VM lab, I’ve scripted the installation and configuration of a mini network. One of the patterns I am using to do most of the VM configuration work is defining a script block (on one machine), and running it in the target VM. In the development of the scripts, I kept falling over errors due to what we call the double-hop problem.

What is the Double Hop Problem?

In remoting, a user on one machine (e.g. Win8.Cookham.Net – my laptop) uses Invoke-Command to run a script block in a VM (e.g. I want to run block on server SRV1.Reskit.Org). Cookham.net is my home network, complete with DC, etc., while Reskit.Org is my test lab domain/network. For most configuration, this works fine, but in some cases it doesn’t. When I run a script block on SRV1, I do it by using Invoke-Command, and specify my (Reskit) domain administrator credentials.

The double-hop problem occurs when my target machine, i.e SRV1, needs to go to another machine  for something. For example, running Get-Certificate in a script block on SRV1 requires SRV1 to go off to DC1 to get the appropriate X.509 certificate. This second hop is where the problem lies.

When the second hop is attempted, SRV1 by default uses the credentials of the PowerShell process running on SRV1, NOT your user credentials. The problem is that those credentials are not likely to have (and in my case did NOT have) sufficient privileges to carry out the necessary action (i.e. getting the certificate from the CA on DC1). 

This problem is widely known about and the solution is the Credential Security Support Provider, also known as CredSSP. CredSSP was added to Windows as part of Windows Vista/Server 2008, and is leveraged by PowerShell V3. As should be obvious, CredSSP is key component of Single Sign On (SSO) as well as being rather useful in my VM building scenario.

The Solution – CredSSP

With CredSSP, you pass explicit credentials on the initial hop (from Win8 into SRV1), and when SRV1 needs to go to DC1, it uses those same credentials. And if you configure DC1 and other servers correctly, you can in theory go hopping further!

In order to make use of CredSSP, you need to enable CredSSP on both client and server systems, then explicitly specify you want to use CredSSP when you run the Invoke-Command (or Enter-PSSession) cmdlet. In my case, I could conceivably run a script block against any of the servers in my VM farm which could in theory double hop to any other machine in my farm. Since all my VMs could in theory be both client and server, I run the following cmdlets on all the servers:

Enable-WSManCredSSP -Role Client -DelegateComputer '*.reskit.org' –Force
Enable-WSManCredSSP -Role Server –Force

What Does This Do To My Host?

Using Enable-WsManCredSSP and enabling the client role does two things. First it sets the
WS-Management setting WSMan:\localhost\Client\Auth\CredSSP to true. Second, it sets a local policy, Allow delegating fresh Credentials (and updates that policy with the list of servers you are going to use delegation with). The server list can be a single server,  a set of servers, or a wildcard set of servers. In the above example, I am going to allow the client to delegate credentials to any server in the Reskit.Org domain. These two settings allow the local client to negotiate the use of CredSSP when creating the session on the remote machine.

Using Enable-WsManCredSSP and enabling the server role does just one things – configuring the
WS-Management setting WSMan:\localhost\Service\Auth\CredSSP to true. This allows the WinRM Service on the remote machine to use the credentials in the second hop.

What about Group Policy?

Whilst researching this issue, I came across several web pages that talked about setting up Group Policy to enable CredSSP. And for a large environment, it might be appropriate to do that. However, just using Enable-WsManCredSSP does all you need. There is one small gotcha that I kept running into. When you enable the client role, as I note above, the Enable-WsManCredSSP cmdlet sets a local policy. The one thing I kept hitting is that while the policy is set by using the cmdlet, it takes a GP refresh on the client in order for the client to be able to use CredSSP against the computers in the DelegateComputer List.

To get around this, in my configuration scripts, I just set the client/server roles (remember in my test lab, any computer in theory can be involved in a 2nd hop with any other computer) on each system, then I force a GPUpdate (or do a reboot) which means after the refresh/reboot, the policy is in force!

 

Technorati Tags: PowerShell V3,PowerShell Remoting,CredSSP,Setting up CredSSP with PowerShell V3

Working with Base64 Strings in PowerShell

Base64 is an encoding method that enables transfer of arbitrary binary data through restrictive networks. The most obvious, to me anyway, case of this is email. The SMTP protocol was designed to transfer 7-bit (aka ASCII) characters. If you want to transmit binary data over such a 7-bit transport, you need to encode it some how – and that’s what Base64 does for you. There are loads of other uses for Base64.

For IT Pros, Base 64 can be encoded text that you need to see decoded. I got asked about this the other week in class. You can use .NET it’s current Unicode format using System.Convert and System.Text.Encoding. You can also covert Base 64 encoded strings back into Unicode by using the same .net methods, as you can see in this screen shot:

 

That works, when you can remember the magic incantation(s) but something simpler would be nice, my students mentioned. The obvious answer is to just use PowerShell’s Extensible Type System (ETS) and add a couple of properties onto System.String objects representing encoded/decoded Base 64. This is easy – just create a types.ps1xml file (mine is named My.Types.Ps1xml) that looks like this:

<Types>
<Type>
  <Name>System.String</Name>
    <Members>
      <ScriptProperty>
        <Name>ToBase64String</Name>
          <GetScriptBlock>
             [System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($this))
          </GetScriptBlock>
      </ScriptProperty>
      <ScriptProperty>
        <Name>FromBase64String</Name>
          <GetScriptBlock>
             [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($this))
          </GetScriptBlock>
      </ScriptProperty>
    </Members>
  </Type>
</Types>

With that file saved you can add it into your PowerShell environment by using the Update-TypeData cmdlet, specifying your PS1XML file (e.g. Update-TypeData c:\foo\My.Types.PS1XML). Once that’s complete, System.String in nicely extended, as you can see here:

I have added this bit of type-XML to my type extensions file that I load in my $Profile – which means the ability to covert from/to Base64 is, as it were, now baked into PowerShell.

[Later]
Thanks to Bryan Price for catching two typos in this post.

 

Technorati Tags: PowerShell,Extensible Type System,ETS,Base64

Building A Hyper-V Test Lab on Windows 8 – Part 5 Configuring DC1

Introduction

This the fifth part in a multi-part set of articles on building a test lab with Hyper-V and PowerShell. See the following prior articles in this series.

• The purpose of these scripts/articles
• Creating a reference VHDX
• Creating Virtual Machines and the related differencing VHDXs
• Creating a new forest and new domain controller .

Configuring the First DC

In the last article, I showed you how to create a domain controller in a new forest by taking a newly installed workgroup server and promoting it to be the first domain controller in a new domain/forest.  Since the DC provides the AD environment for the rest of the VMs in my test lab(s), it has to become the DC before any other VMs are created. Once the server becomes the domain controller, a second script is used to configure the DC. Note that most of the other servers can be configured in just one step (although the jury’s still out that with respect to Lync and Exchange).

In this article I present a second configuration script for the domain controller, snappily named Configure-DC1-2.ps1. This second script just finishes off the configuration and setup of the DC. Once the DC1 VM has been created and promoted to being a domain controller, you use this second script to finish configuration.

From a work flow perspective, once the DC has been created, creating and configuring other new VMs can be done in parallel with configuring DC1 (i.e. running Configure-DC1-2). Also, if you are creating VMs that rely on DHCP, you would need to complete the DCHP configuration before those VMs are created.

In my lab’s case, configuration the first domain controller, DC1, is pretty simple:

• Set the VM to automatically logon as the domain admin – in lab environments, life really is too short to have to type credentials any more than is absolutely needed. So I set the registry settings to enable auto admin logon
• Install Key Windows features - I include some simple features, including IIS (which is needed to enable the DC to be a CA).
• Install and configure basic DHCP - Most of my lab machines have fixed IP addresses, but having a small DHCP block seems a good thing! I allocate 20 IP addresses, but you could change that as needed. I also configure this scope with some basic options (IP, subnet mask, and DNS Server). You could add a default gateway if you want to enable routing via the host.
• Create a second administrator – I create one extra user, me (TFL), and add this user to domain and enterprise admin groups. I have a further script Configure-ReskitAD.ps1, as part of this series, that adds a richer AD environment in terms of a coupe of OUs, and more users.

Once that has been done, I do two more things in the script (outside the configuration block):

• Force a reboot of the VM – The very last thing the script block does before returning is to call restart-computer. The reboot is, in effect, asynchronous. Thus after the script exits and control is passed to the main script running on the Hyper-V box which continues while the DC reboots. After the exit, the script restarts DC1.
• Take a snapshot of the DC. This is useful if I want to do some AD configuration but then back out of that. To cater for the async nature of the reboot (it happens in another process/VM), I use the the parameters ‘–Wait –For PowerShell’ which waits till the system has rebooted, the user has logged on before proceeding to take the actual snapshot. .

Using Remoting to Configure DC1

In the first two scripts that create and start up the VM, the scripts contain a function definition that is then run against the local system, i.e. the host you are using to run Hyper-V. In my case, this was done on Windows 8 on my laptop and one of my Server 2012 boxes. They both run Hyper-V well so testing is easy both at home and on the road. As I noted previously, the remainder of the scripts I use that to setup and configure the domain and servers use remoting. The following pattern if these scripts is as follows:

• Create a script block, $CONF or similar, containing PowerShell code to perform some configuration on a server. The PowerShell code is intended to run in the target VM.
• Use Invoke-Command, and the appropriate credentials, to run that script block on a remote server (i.e. one of the Hyper-V VMs you are building/configuring.

This process is flexible and allows me to do things before invoking the script block. For example, to install SQL, Exchange or Lync, I need to have the product CD inserted in the D: drive. For Exchange, I have to load some pre-requisites onto the server, for example bits of IIS, etc. that are not needed for other labs. SO in that case, the configuration script file can create a couple of script blocks to divide up the work. In the longer term I consolidate the multiple script blocks, but that’s work to be done!

Snapshotting VMs

These scripts were designed to support me in writing and developing courseware. Since the development work can be error-prone plus with a need to test, test, and re-test lab instructions, I need to take snapshots before and after key configuration events. So what this script does, at the very end, is to take a VM snapshot and label it as being created by this script. You can, of course, comment out this if you don’t need to have a snapshot!

Using the Scripts

When I am building out a new set of VMs, I open ALL these scripts in the ISE on the Hyper-V host. Whilst I am at home, that means running these via a terminal services window against one of my Hyper-V servers or my laptop. Once I have all the scripts open, I just work through them, tweaking the unattend.xml, building the base disk, building then promoting DC1, finishing off DC1 configuration, configuring a CA, configuring the IIS servers, etc.

Getting the Scripts

I have published the full set of deployment scripts to my web site, at http://www.reskit.net/powershell/vmbuild.zip. Note that some of the scripts in this zip file are very much works in progress that are changing, and hopefully improving, as I publish these articles. I reserve the right to change any of all of them from time to time. I will try to blog any important changes.

I am also publishing the individual scripts over on my PowerShell Scripts Blog:

• Create-ReferenceVHDX.ps1
• Create-VM.ps1
• Configure-DC1-1.ps1
• Configure-DC2-1.ps1

Recent Script Changes

Since starting this series, I’ve been tidying up the scripts. In some cases, I’ve moved parameters into hash tables to increase readability. The changes to the scripts are now added to the script itself. One key change is that I set Auto-Admin logon for all servers, and force a reboot of the server after configuring it. I’ve also added some judicious Hyper-V check pointing into some of the scripts to simplify both further testing and to suit my courses.

[Later]

In the original post, the reboot and snapshot were not handled in a tidy fashion. I re-coded this logic so that the configuration script block does NOT do the restart. Instead, I let the script block continue, and exit back to the main Configure-DC1-2 script block where I then forcibly reboot the DC, wait till the reboot has completed then take the snapshot. Just a little more elegant and it ensures that the snapshot after the reboot has completed and the auto-admin logon has occurred. This makes reverting back to the snapshot that bit easier.

Future Scripts

The next couple of scripts, which I hope to get documented this week, including building and configuring general purpose servers and creating a Certificate Authority. I also have some utility scripts that I have added and will also be documenting.

Comments

Any comments? I’d love to hear from you – either as comments to this blog post, or via email.

 

Technorati Tags: Deployment Scripts,PowerShell,Hyper-V,VM Lab

Building A Hyper-V Test Lab on Windows 8 – Part 4 Creating a DC

Introduction

This the fourth part in a multi-part set of articles on building a test lab with Hyper-V and PowerShell. See the following prior articles in this series.

• The purpose of these scripts/articles: http://www.tfl09.blogspot.co.uk/2013/01/building-hyper-v-test-lab-on-windows-8.html.
• Creating a reference VHDX ( http://www.tfl09.blogspot.co.uk/2013/01/building-hyper-v-test-lab-on-windows.html)
• Creating VMs (http://www.tfl09.blogspot.co.uk/2013/01/building-hyper-v-test-lab-on-windows-8_16.html).

Creating the DC

The starting point for creating a DC is having a simple work group VM created and run. In the last article I covered how to build a Hyper-VM Based a differencing/parent pair of disks. That process generates a work group computer, with a known IP address, a known hostname and a known user id/password set of credentials. The VM that is created has just the standard set of services and features that the base installation process generates (i.e. the same as if you just click next/next/next installing a VM from a DVD).

In Windows Server 2012, the process of creating a DC has changed quite considerably from earlier versions of Windows Server. DCPromo.exe is no more – you now promote a server by using PowerShell cmdlets (although I suppose you could use the GUI – but where’s the fun in that?). 

The installation process for a new DC in a new forest comprises two simple steps:

1. Using Install-WindowsFeature to add the AD-Domain-Services and related management tools.

2. Using Install-ADDSForest, create a new domain and domain controller, install DNS, and set the domain/forest modes (i.e. what DCPromo.exe used to do in years gone past).

Using remoting to perform the DC promotion

In the first two scripts that create and start up the VM, I created a function that I then ran on the local system, i.e. the host you are using to run Hyper-V. All the development was done using Windows 8 and Server 2012 which both run Hyper-V. The remainder of the scripts to setup and configure the domain and servers is done using remoting plus some local hyper-v stuff. Basically, the remaining scripts all have the following pattern:

a) Create a script block containing PowerShell code to perform some configuration on a server.

b) Use Invoke-Command to run that script block on a remote server (i.e. one or more of the Hyper-V VMs you are building/configuring.

This process is flexible and allows me to do things before invoking the script block. For example, to install SQL, Exchange and Lync, I need to have the product CD inserted in the D: drive. For Exchange, I have to load some pre-requisites onto the server, for example bits of IIS, etc. In that case, my published script file can create a couple of script blocks to divide up the work.

When I am building out a new set of VMs, I open ALL the scripts in the ISE on the Hyper-V host (which in most cases is actually being used via a terminal services window!) With all the scripts up, I just work through them, building the base disk, building then promoting DC1, finishing off DC1 configuration, configuring a CA, Configuring the IIS servers, etc.

Promoting with PowerShell

The PowerShell code to carry out the promotion is as follows:

Install-WindowsFeature –Name AD-Domain-Services –IncludeManagementTools
$PasswordSS = ConvertTo-SecureString  -string 'Pa$$w0rd' -AsPlainText -Force
Install-ADDSForest -DomainName Reskit.Org –Force –InstallDNS `
  -SafeModeAdministratorPassword $PasswordSS  -DomainMode Win2012 `
  -ForestMode Win2012

The first step involves windows loading the necessary components to enable the host to be configured into some sort of DC as well as all the management tools. The second step involved creating a new domain in a new forest. In my case, I set both the forest and domain into Win2012 mode (why not?) as well as specifying a safe mode password.

Completing the DC Promotion

After running these few lines of PowerShell, the Install-ADDSForest cmdlet reboots the machine. At which point, assuming nothing hairy has gone on, you now have a DC. It has one main user, Administrator, whose password is the same as the local machine’s Administrator password (in my case Pa$$w0rd).

Unfortunately, for scripting purposes, the reboot is an asynchronous event – there’s no easy way for a PowerShell script to wait for the reboot and continue. Sure – you can use work flows for that, but I don’t (well not yet!). So to finish off the process of configuring the DC, I’ve created a couple more scripts. The first of these, which I’ll describe later, is one you run after the DC has rebooted. This second script does a bit more configuration on the DC, including adding any users, OUs, computers, etc. that might be needed. The second, at least in my case, is adding a Certificate Authority to the DC. I’ll look at both of these scripts in future articles.

Getting the Scripts

I have published the full set of deployment scripts to my web site, at http://www.reskit.net/powershell/vmbuild.zip. Note that some of the scripts in this zip file are still works in progress. I reserve the right to change any of all of them from time to time. I will try to blog any important changes.

I am also publishing the individual scripts over on my PowerShell Scripts Blog:

• Create-ReferenceVHDX.ps1
• Create-VM.ps1
• Configure-DC1-1.ps1

Technorati Tags: Deployment scripts,powershell,Hyper-V

Improving PowerShell with 3rd party Modules

PowerShell is an awesome product with amazing potential. But as we al know, the product team can not do everything and neither can the various product teams at Microsoft. As has been quite evident since Monad first peeked it’s head outside Redmond, the community can provide a lot of great extra functionality. Some an alternative to MS produced code (e.g. the Quest AD cmdlets), while other add-ons add features not available elsewhere.

These add-ons are typically, at least since V2, wrapped up in a module and the module then published somewhere. Finding these modules can be quite a chore as they are scattered all over the Interweb! The Microsoft Script Gallery project has quite a few add-on modules published in their archives.

Here’s a set of the most popular modules published at the Microsoft Script Centre:

File System Security PowerShell Module 2.1.
Allows a much easier management of permissions on files and folders using PowerShell. Download this module at: http://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85.

Local Account Management Module 2.1
This module allows managing local groups and user accounts, local group membership and some other useful tasks. It is mostly based on the .net classes in System.Dir. Download this module at: http://gallery.technet.microsoft.com/scriptcenter/Local-Account-Management-a777191b

Active Directory Replication PowerShell Module 2.01
Managing Active Directory Sites, Site Links and Subnets very easily with PowerShell. Also checking the Active Directory Replication is easy and richer than repadmin.exe, the cmdlets in this module do return objects and not just text. So no more boring test parsing. Download at: http://gallery.technet.microsoft.com/scriptcenter/780a2272-06f9-4895-827e-9f56bc9272c4

DHCPAlternateConfiguration PowerShell Module
The DHCP Alternate Configuration module is a command line interface for managing the DHCP client alternate configuration as described. Download at: http://gallery.technet.microsoft.com/scriptcenter/DHCPAlternateConfiguration-90e92431

Kerberos Module
The module gives access to the Kerberos ticket cache. It can read and purge tickets of the current logon session. Download from: http://gallery.technet.microsoft.com/scriptcenter/Keberos-Module-3a6ab12a

Windows Update PowerShell Module
The PSWindowsUpdate module helps you manage Windows Update on a computer system running Windows. Whole module contain 9 function to check, download and install updates from PowerShell. Download at: http://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc

Registry Security PowerShell
Allows a much easier management of permissions inside the registry database using PowerShell. Download at: http://gallery.technet.microsoft.com/scriptcenter/ce4c51a1-43df-42df-bbd1-c2ad0249a864

Technorati Tags: Powershell,module,third-party,add-on

Building A Hyper-V Test Lab on Windows 8 – Part 3 Creating VMs

This the third part in a multi-part set of articles. See the first article for the start of the set and to understand better what this is all about – see here: http://www.tfl09.blogspot.co.uk/2013/01/building-hyper-v-test-lab-on-windows-8.html. And to see the prior article on creating a reference VHDX see here: http://www.tfl09.blogspot.co.uk/2013/01/building-hyper-v-test-lab-on-windows.html.

 

Building a VM

The overall purpose of my VM Build scripts is to create and configure a set of VMs in a test environment. In the last article, I showed how you can create a base or reference disk. In this article, I show how you can take that base disk and create both a differencing disk and a VM that uses that new disk.

 

Each VM created gets a customised Unattend.XML file, which is stored on the differencing disk, once that disk is created. Thus, when the VM is started, OS installation is completed using the XML file. This allows me to do some simple things, like kill the firewall, set the right language(s), etc.  Creating this file was one of my early stumbling blocks!

 

Unattend.XML

From the earliest days of Windows NT, you could create an Unattend.txt file, put it on a floppy disk, insert the floppy into your system then install the OS from the CD. That enabled Windows NT setup to get the details of the installation coming from the Unattend.Txt. I did a lot of that in then NT 3.5/3.51/4.0 days. But with Vista, Microsoft shipped a totally new setup method, with WIM files and with Unattend.txt replaced with (a more complex) Unattend.XML. Pretty much everything I knew about unattend.txt files goes out the window.

 

A key objective I had in creating these build scripts was to avoid having to know too much about these XML files. I got a ‘starter’ copy form my good pals at Lab Center in Stockholm and have tweaked it (removing things I don’t need) and creating useful default settings for things (e.g. keyboard).

 

I really wanted to avoid becoming a deployment wizard and use a generic Unattend.XML file. But sadly, that objective proved to be a little unreasonable, but I’ve tired hard to minimise the number of things configured in the XML file and do as much as I can via PowerShell scripts after the OS has been installed.

 

Using Unattend.XML files is pretty simple, as long as you understand both the Windows build model and the components you can add to windows. To use the Unattend.XMO file, you create/configure the XML file, save it on the differencing disk and add the differencing disk to the VM. This way, the unattend.XML file guides Windows Setup to create the VM as you need it.  Subsequent scripts that configure the VM further (e.g. adding application specific windows component, adding applications and features, etc.).

 

In the Unattend.XML file, I currently specify 14 components in three passes as follows

 

Pass	Component	The effect of this component
Generalize	Microsoft-Windows-Shell-Setup	Specifies that Sysprep should not remove any icons from the Quick Launch toolbar
Specialize	Microsoft-Windows-UnattendedJoin	Specifies the domain to join and credentials needed to join or whether to just ‘join’ a named workgroup
	Microsoft-Windows-Shell-Setup	Specifies Computer name, registered organsiation and owner, and time zone
	Microsoft-Windows-IE-InternetExplorer	Sets home page to blank and whether to disable the run-once wizard
	Microsoft-Windows-Deployment	Enables local administrator account
	Microsoft-Windows-International-Core	Specifies Input Locale, System Locale, UI Language and UserLocale. The input locale sets an initial keyboard layout.
	Microsoft-Windows-TapiSetup	Tapi settings
	Microsoft-Windows-IE-ESC	Turns off the IE security settings
	Microsoft-Windows-TerminalServices-LocalSessionManager	Enables Terminal services connection to the VM
	Networking-MPSSVC-Svc	Turns the firewall off on the VM
	Microsoft-Windows-TCPIP	Sets TCP/IP settings, including IP address, subnet mask and default gateway
	Microsoft-Windows-DNS-Client	Specifies the DNS Server IP address
OobeSystem	Microsoft-Windows-Shell-Setup	Specifies local administrator password, whether to hide the EULA pages plus sets the time zone
	Microsoft-Windows-International-Core	Specifies a 2nd language to be setup for this VM

 

The Create-VM function

The core aspects of the VM creation is done with the Create-VM function. The function takes parameters including the VM name, the path to store the VM information for Hyper-V, the path to the reference disk, what network to use, how much memory to set, which Unattend.XML file to use and the IP address, subnet mask and DNS Server Address.

 

The details of the VM created is determined by what is in the Create-VM function, details in the the Unattend.XML file and some details set by the call to the create-VM function. For example, the keyboard settings used are set in the XML file only, whereas the use of dynamic memory is set only in the Create-VM function. The IP address, on the other hand, has a default set  in the XML (10.0.0.250/24). The Create-VM function, however, overwrites this address with the IP address/subnet mask specified  in the call to Create-VM.  The parameters specified on the call to Create-VM are used to update the Unattend.XML file stored on the differencing disk and used to install the OS.

 

I use two XML files – one is used to create a stand alone server the other to create a domain joined server. I use the former to create DC1 and once DC1 has been promoted to be a DC, the later XML file is used to create servers that are domain joined. Both XML files, on the other hand, set keyboard layout

 

This approach of setting some installation options in the XML and others via the function (and resulting in updated XML) seemed to be a good compromise. I only implement parameters to Create-VM that need to be differ3ent in different VMs, whereas installation options

 

Creating the VM

The task of creating/building the VM is performed by the Create-VM function and involves the following steps:

1. Creating a differencing disk – this is the ‘difference’ between a reference or parent Vhdx  and  the disk. 
2. Creating a VM in Hyper-V.
3. Adding the differencing disk into the VM.
4. Mounting the VHD on the host computer.
5. Based on a pre-built Unattend.XML, creating a customised Unattend.XML file and saving it to the on the mounted VHDX.
6. Dismounting the VHDX from the host
7. Setting VM settings including memory, startup actions etc.
8. Starting the VM.

Once the VM has started, windows setup proceeds to install Windows as per the Unattend.XML file. The creation of the VM itself takes just 20-30 seconds, followed by the actual installation which takes 10-15 more minutes (and more if you are doing multiple installations in parallel).

The Created VM
The VM created by the Create-VM function will either be a workgroup VM or a VM that has been joined to the domain, as specified in the Unattend.XML file. This VM will be fairly vanilla with only a few options specified (as noted above). There are no extra applications loaded, and the Unattend.dj.xml file only ‘works’ once you have the DC up and running.

The Create-VM script takes around 27-30 seconds to create and start the VM in Hyper-V. On my WIn8 laptop, it take a further 5 minutes to complete the creating of the first DC.

Example
Once you have the reference disk, you can call the Build-VM function like this:

$ref    = …   # Path to the reference disk
$Path   = …   # Path to where to put the VM and differencing disk
$unadj  = …   # Path to Unattend.XML
#     Now Create the VM
Create-VM -Name "Srv1"  -VmPath $Path –ReferenceVHD $Ref  -Network "Internal" `
          -UnattendXML $unadj -Verbose -IPAddr '10.0.0.30/24' `
          -DNSSvr 10.0.0.10  -VMMemory 512mb

You run this script ON the Hyper-V server. Once the Create-VM function completes, which takes between 20-25 seconds in my case, Hyper-V starts up the VM and completes the installation of the OS inside the VM. The complete installation takes 20 minutes or so (depending on your system, how much RAM you give the VM, the speed of your system, etc.). Once the setup is complete, you can move on and configure the VM with application and application settings.

Where are we on this journey?
In the these first three blog posts, I’ve set out the objectives of a VM Build module for building VMs and the two core functions/scripts. The two scripts create a base VM disk, a differencing disk and a VM. Each VM is customised a little in the call to Create-VM – in effect creating a base VM. Once this VM has been created, you can then load additional applications and Windows features (e.g. making the DC a certificate authority). In the next episodes of this set of blog articles, I’ll start looking at the scripts that add those applications and features. And I’ll share the interesting things I’ve discovered along the way. I’ll also publish the scripts and the unattended XML files.

 

 

 

 

Technorati Tags: Deployment,Powershell,Hyper-V

Viewing PowerShell Function Definitions in the ISE–Part 2

Last Friday, I published an article about a neat script I’d come across. At the end, I mentioned it would be nice to extend this to enable me to highlight a function name I’m calling in code and either use a menu item or short-cut keys to get the definition up.

Well, I spend several hours today playing and have done just that. Yesterday, I polished up the code a bit and published it over on my PowerShell Scripts blog. At home, I’ve incorporated it into my personal ISE module and it now loads every time I start up the ISE.

The script, as extended, defines a function (Open-FunctionInISE), then adds it to an ISE menu. The function takes input in three ways: you can specify the function name to open, you can highlight the function name in an open edit window and use either short-cut keys or the ISE menu. And if those fail, the function prompts for a function name. I’ve also taken the liberty of renaming the function to be, hopefully, closer to best practice naming!

In converting the function, it was interesting working with a single function that could take input from the pipeline, from the command line of via selected ISE text (and which prompts for a function name if all those fail). In doing the conversion, changed the parameter from a string array to string, which felt nearer to the way I see the script being used. I might play around a bit with the script and add that back in. To simplify such changes, I’ve left the function to operate in the Process block, but I have pulled out the enumeration of objects within each process block.

Another thing the extended script did was to add the function to a menu item in the ISE. That turns out to be easy. Before the script adds the function to the add-on menu, it checks to see if it’s already been added (as might happen if you decide to edit the function and start running it!). Of course, if you already have the menu item created, to make changes in the function itself, just comment out the menu addition code. Or use the function to bring the function definition into the ISE, make your changes and re-run just that script (remembering to persist any changes you decide to make!).

Thanks to the original author of this script (Cookie.Monster) for giving me something fun to do on a Sunday afternoon. Comments most welcome.

Technorati Tags: PowerShell ISE

Microsoft PowerShell V3 Course (10961) Announced

Microsoft’s just published details of it’s ‘official’ course on PowerShell V3. This is being written by Don Jones, so it should be a pretty solid course. I look forward to teaching this course, which is meant to go live in May. I don’t know who the TE will be, but I’ve certainly volunteered!

The course looks to be a good beginners look at PowerShell V3. As the Microsoft web site points out, this will be a 200-level look and is not intended to teach much about scripting or programming. For those IT pros who have never seen PowerShell, this looks to be a very good course, although it will be pedestrian and will not be overly technically deep.

I have my own PowerShell V3 material and have been teaching V3 for some months. My material is more condenses, and at a higher level (300-400), and I have more advanced material for those needing more specific PowerShell related skills such as using PowerShell to manage XML and SQL. One (if I do say so myself) awesome aspect of my material is that delegates build their own VM test environment using PowerShell scripts (i.e. ones I started blogging about this week).

I am looking forward to the new course – which should be great fun to deliver as well as being able to challenge delegates with more advanced material as needs be.

As soon as I get the courseware and am able to, I’ll post more about this course.

Technorati Tags: PowerShell training,PowerShell V3 training

Viewing PowerShell Function Definitions in the ISE

I came across a neat script, recently posted to Microsoft's Script Center. The function, Open-ISEFunction.ps1 takes the name(s) of function(s) that are currently defined and creates an ISE edit tab for each function.  It’s pretty simple in that it jut grabs the function definition from the function: drive, wraps the definition in a function/script block, then opens and adds the definition in a new ISE window.

If I get time, I might extend this function for the ISE into a menu item. The expanded function, which could as a menu item have a command key short-cut, could take any selected text and try to open the module of the same name. I’d also like to add a couple of comments at the start that might help.

 

Technorati Tags: PowerShell ISE