Thursday, May 22, 2014

Remote GPUpdate on Windows Server 2012

 

You often need to run ‘gpupdate /force’ to ensure the latest policy is applied to systems. Now you can remotely run this command. This method creates a task through task scheduler. The task will execute within the next 10 minutes, which runs the ‘gpupdate /force’ locally on the machine.

This uses a remote connection, you will need the firewall rules enabled on clients.

  • Remote Scheduled Tasks Management (RPC)
  • Remote Scheduled Tasks Management (RPC-EPMAP)
  • Windows Management Instrumentation (WMI-In)

There are two ways you can invoke a remote Group Policy update.

GPMC

From the GPMC, right click on an OU that contains computer objects. Click the “Group Policy Update” option.

This will run a ‘gpupdate /force’ on all computers in the OU, and any sub-OUs. Computer policy will be refreshed for each computer, and user policy will be refreshed for any and all users currently logged into those computers.

image

 

Powershell

The Invoke-gpupdate cmdlet is part of the Group Policy Powershell Module.

An example of the most basic use of invoke-gpupdate:

Invoke-gpupdate computername

The completion of this cmdlet will put a task on the computer that will execute a gpupdate /force

Want to run it on many in series?

$cn = Get-ADComputer -filter { name -like 'my*hyperv*' } | select -ExpandProperty dnshostname

$cn | % { Invoke-GPUpdate -Computer $_ }

Wednesday, May 21, 2014

To find the installed .NET Framework versions manually (versions 4.5 and later)

 

Open regedit.exe

Open the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full

Check for Release. Just having the Release key shows that the .NET Framework 4.5 or newer has been installed

image

The value of Release shows which version of the .NET Framework is installed

Value of the Release DWORD

Version

378389

.NET Framework 4.5

378675

.NET Framework 4.5.1 installed with Windows 8.1

378758

.NET Framework 4.5.1 installed on Windows 8, Windows 7 SP1, or Windows Vista SP2

379893

.NET Framework 4.5.2

Note: You need to reboot before the correct release is shown.

Friday, May 16, 2014

Migrating DHCP Scopes between Windows Servers

 

Need to move a DHCP database from a computer that is running Microsoft Windows Server 2003 right through to Microsoft Windows Server 2012 r2 update 1. Here is how…

 

The one-time export/import process

Export the DHCP database from Windows, On the Windows DHCP server, navigate to a command prompt, type the following commands:

netsh

DHCP

\\Name or IP Address

export c:\oldserver.txt all

Or in a single command: netsh dhcp server \\servername export c:\oldserver.txt all

image

Then to import the DHCP database onto another server. Copy the exported DHCP database file to the local hard disk of the Windows Server that you have installed the DHCP Role on the server.

Stop the DHCP server service on the server.

net stop DHCPserver

Delete the c:\windows\system32\DHCP\DHCP.mdb

net start DHCPserver

Open the cmd prompt using elevated privileges. Type the following Commands:

  • netsh
  • DHCP
  • server \\Name or IP Address
  • import c:\oldserver.txt all

To do the import in one command: netsh dhcp server \\servername import c:\oldserver.txt all

  • Activate the server if needed then restart DHCP.
  • You need to update all affected router DHCP relays.

 

Consolidating scopes onto one server

NOTE: split scopes cannot be consolidated from two servers and server options that conflict will fail to import.

To do this you need to just to the specific scopes. Type the following Command:

In one command line: netsc dhcp server \\servername export c:\dhcp-scopename.txt scope-ip-range

Repeat for all affected scopes

To import: netsc dhcp server \\servername import c:\dhcp-scopename.txt

 

DHCP relay

If you have multiple physical networks connected through routers, and you do not have a DHCP server on each network segment, the routers must be capable of relaying DHCP traffic. If you do not have such routers, you can set up the DHCP Relay Agent component on at least one server in each routed subnet. The relay agent relays DHCP message traffic between the DHCP-enabled clients on a local physical network and a remote DHCP server located on another physical network.

 

Here is the original material: http://support.microsoft.com/kb/962355

Deleting orphaned Hyper-V disks from a server

 

I have a tame Powershell expert on hand, and the problem with Hyper-V is the standard GUI does not delete the disk when you delete a Virtual Machine, this can lead to a bunch of ophan VHD/VHDX files on the server. This script must be run on the server and will put out the VM drive path, the VMs that are on the server, the VHX/VHDX’s and will allow to see or delete them.

NOTE NOTE NOTE: This will delete valid snapshots… No I did not have any … Just a warning.

To view them run:

Delete-OphanedDisks.ps1 –whatif

To delete them run:

Delete-OphanedDisks.ps1

And follow the confirmation prompts.

clip_image002

PS: SCVMM does not have this problem. Cheers.

 

Script below, written by Peter Bertok

 

[CmdletBinding(ConfirmImpact='High',SupportsShouldProcess=$true)]

PARAM (

[switch]$Force,

[string[]]$Extensions = @( '*.vhdx', '*.vhd' )

)

BEGIN {

$disks = @( Get-VM | Get-VMHardDiskDrive | select -ExpandProperty Path )

$store = (Get-VMHost).VirtualHardDiskPath

If ( -not ( Test-Path $store ))

    {

Throw "Cannot find default VM disk path: $store"

    }

$List = @( $Extensions | `

ForEach-Object { dir -Path:$store -Filter $_ } | `

Select-Object -ExpandProperty FullName | `

Where-Object { $_ -notin $disks } | `

Select-Object -Unique )

If ( $Force )

    {

$List | del -Force:$Force -Confirm:$False -WhatIf:$False

    }   

Else #If ( $PSCmdlet.ShouldProcess( "$($List.Length) Files", "Delete" ))

    {

$List | del -Confirm:$ConfirmPreference

    }

}

Tuesday, May 06, 2014

Working with Server 2012 r2 Core

 

General

 

Changing computer name

Netdom renamecomputer %computername% /newname:w12r2DC1 /reboot

 

Join to a domain, ex “colv.in”:

Netdom join %computername% /domain:colv.in /userD:administrator passwordD:secret11

 

Configuring IP

SCONFIG.EXE is easier on Server Windows Server 2012 r2 but here is the old way.

netsh interface ipv4 show addresses

netsh interface ipv4 set address “eth” static 10.0.1.41 255.255.255.0 10.0.1.1

To set the DNS server on interface “eth” of 10.0.1.10 as primary and 10.0.1.15 as secondary:

netsh interface ipv4 set dnsservers “eth” static 10.0.1.10

netsh interface ipv4 add dnsservers “eth” 10.0.1.15 index=2

 

Enable remote desktop in the windows command prompt

cscript %windir%\system32\scregedit.wsf /ar 0

View remote desktop settings in the windows command prompt

cscript %windir%\system32\scregedit.wsf /ar /v

0=enabled 1=disabled

 

Restart Computer

shutdown /r /t 0

 

Server Core Vs Server GUI

 

Change from Server core to Full Windows UI

Install-WindowsFeature Server-Gui-Mgmt-Infra -source wim:d:\sources\install.wim:2

Install-WindowsFeature Server-Gui-Shell -source wim:d:\sources\install.wim:2

 

Windows Full to Minimal Server Interface

Uninstall-windowsfeature Server-Gui-Shell

Minimal Server Interface to core

Uninstall-windowsfeature Server-Gui-Mgmt-Infra

 

Full Windows GUI to server Core

Uninstall-WindowsFeature Server-Gui-Shell -source wim:d:\sources\install.wim:2

Uninstall-WindowsFeature Server-Gui-Mgmt-Infra -source wim:d:\sources\install.wim:2

 

Firewall

 

Get the status of all the firewall profiles:

netsh advfirewall show allprofiles

netsh advfirewall firewall show rule name=all profile=any

 

To get the status of firewall profiles

Get-NetFirewallProfiles

 

To see the firewall rules

Get-NetFirewallRule

 

To enable the appropriate firewall rules

Enable-NetFirewallRule -DisplayGroup "Remote Service Management"

Enable-NetFirewallRule -DisplayGroup "Remote Event Log Management"

Enable-NetFirewallRule -DisplayGroup "Remote Firewall Management"

Enable or Disable Windows Features Using DISM

 

Just like APT-GET but more Windows’ie…

Deployment Image Servicing and Management (DISM) is a command-line tool that is used to modify late model Windows Operating Systems (OS) or disk images. DISM can enable or disable Windows features directly from the command prompt.

To use it, open command with administrator privileges.

Use the /Get-ImageInfo to retrieve the index number for the image that you want to modify.

  • Dism /Get-ImageInfo /ImageFile:D:\images\install.wim

Mount the Windows image

  • Dism /Mount-Image /ImageFile:D:\images\install.wim /Name:"Windows Image" /MountDir:C:\test\Windoze

To find available Windows features in an image. List all of the features available in the operating system.

  • Dism /online /Get-Features

To work with an image, specify the location of the mounted image directory.

  • Dism /Image:C:\test\offline /Get-Features

Use /Get-FeatureInfo to list specific features

  • Dism /online /Get-FeatureInfo /FeatureName:TFTP

To enable features

You can use the /All to enable all of the features in the one command.

  • Dism /online /Enable-Feature /FeatureName:Telnet /All

To service an offline image, specify the location of the mounted image directory.

  • Dism /Image:C:\test\Windoze /Enable-Feature /FeatureName:Telnet /All

To get the status of the feature you have enabled.

  • Dism /online /Get-FeatureInfo /FeatureName:Telnet

If the status is Enable Pending, you must reboot the image in order to enable the feature entirely.

To restore removed features

If the files are not found in the default location, DISM will contact Windows Update (WU) for the required files. You can use the /LimitAccess argument to prevent DISM from contacting WU.

If you specify multiple /Source arguments, the files are gathered from the first location where they are found and the rest of the locations are ignored.

  • Dism /Online /Enable-Feature /FeatureName:TFTP /Source:Z:\sources\SxS /Source:C:\test\mount\windows /LimitAccess

To service an offline image you need the mounted image directory.

  • Dism /Image:C:\test\offline /Enable-Feature /FeatureName:Telnet /Source:C:\test\mount\windows

Optional: Get the status of the feature you have enabled.

  • Dism /online /Get-FeatureInfo /FeatureName:Telnet

If the status is EnablePending, you must reboot enable the feature .

To disable Windows features

Disable a specific feature in the image.

  • Dism /online /Disable-Feature /FeatureName:Telnet

To service an offline image, specify the location of the mounted image directory.

  • Dism /Image:C:\test\offline /Disable-Feature /FeatureName:Telnet

Optional: Use DISM /GetFeatureInfo to get the status of the feature you have disabled.

  • Dism /online /Get-FeatureInfo /FeatureName:Telnet

If the status is DisablePending, you must reboot the image in order to disable the feature

Blog Archive