How to: Building the ultimate lab environment using Windows 8 Client Hyper-V

When you have to create an testlab environment with multiple servers, it is a big job to install all the servers. Even when you are using Hyper-V in this environment. You manually have to install all the servers or make clones of another virtual machine. In this scenario it is very usefull to make use of Differencing Disks within Hyper-V. A Differencing Disks are linked to an master VHD or VHDX file. This master VHD or VHDX file is a virtual machine that has been sysprepped, for example Windows Server 2012.

Basically, all of the main reads for the VMs created with a differencing disk come from the master VHD or VHDX, while any changes (writes) are written to the differencing disk. The differencing disk will remain fairly small, because the amount of change should be minimal. You’re probably looking at around a couple of GBs per differencing disk. With a differencing disk you can build multiple machines with the same parent sysprep image.

labenvironment

My laptop contains Windows 8 with the Hyper-V role enabled, so basically my virtual environment is on my laptop. Because I have only 500 GB on storage available, it is very usefull for me to use differencing disks. A lot of virtual machines with a little need of storage.

You can build this environment by following the next steps;

1.) Create a new virtual machine within Hyper-V
2.) Install the Operating System with the specific updates
3.) Optionally you can install some base applications
4.) Sysprep the virtual machine. You can use the following command:
%windir%\system32\sysprep\sysprep.exe /generalize /shutdown  
5.) Now the virtual machine is sysprepped and power off
6.) Create a new virtual machine (or multiple)
7.) Create a new VHDX file using differencing disk
8.) Navigate to the base VHDX file you’ve just created (the sysprepped virtual machine)
9.) Edit some other settings within the virtual machine (cores, memory, NIC, etc.)
10.) Boot the new virtual machine
11.) Walk through the “First Run” steps of the Operating System
12.) The new virtual machine is now ready to use
13.) Navigate to the differencing disk (VHDX) and see how big it is…right it’s really small!

TMPL_01    TMPL_02    TMPL_03

TMPL_04    TMPL_05    TMPL_06

TMPL_07    TMPL_08    TMPL_09

TMPL_10    TMPL_11    TMPL_12

TMPL_13    TMPL_14    TMPL_15

TMPL_16    TMPL_17

Z-Hire Active Directory, Exchange, Lync User Creation Tool

Z-Hire automates the IT account creation process for Exchange mailbox, Active Directory, Lync accounts, Office 365 cloud and SalesForce cloud deployments. With just a click of the button, your Exchange mailbox, and Active directory user and Lync accounts will be created simultaneousy. This tool can also create and set custom settings for Office 365 accounts using templates. Z-Hire serves as the platform for new hire accounts by allowing auto-creation of major IT user accounts with the option for custom scripts. Z-hire will increase your new hire user account deployment time by 600%, without the need for complicated and expensive identity management solutions. This tool makes creating Active Directory users a breeze. Some of the features include:

– Environment Auto detection (AD/Exchange/Lync/Office 365/SalesForce)
– Copy existing Active Directory User to Z-Hire Template (new in version 4.8.1)
– Support for Active Directory user, Exchange Mailbox, Lync 2010, Office 365 user and SalesForce user accounts
– Template based deployment (allows consistency for all user accounts)
– Office 365 account creation with major attributes
– Active Directory user account creation with major attributes
– Active Directory group selection
– Active Directory user duplicate SamAccountName verification
– Lync 2010 account creation supporting all policies
– SalesForce user creation support all major attributes
– Faster performance (compared to previous version)
– Best of all, this AD User Creation Tool is free!

System Requirements
– Windows 7 X64 w/ .NET 3.5 (Domain Joined)
– Windows Server 2008 X64  w/ .NET 3.5 (Domain Joined)
– Windows Server 2008 R2 X64  w/ .NET 3.5 (Domain Joined)

Permission Requirements
– Ability to create Active Directory user
– Ability to create Exchange Mailbox
– Ability to create / enable Lync user

Supported Environments
– Active Directory (all versions)
– Exchange 2007 (all versions)
– Exchange 2010 (all versions)
– Lync 2010 (both Standard and Enterprise versions)
– Office 365 Cloud
– SalesForce CRM Cloud

Download Z-Hire tool on Microsoft Gallery

Net Logon Service won’t start after demoting a domain controller

Today I had to perform a domain upgrade at one of our customers. After succesfully demoting the old Windows 2003 domain controllers, the Netlogon service won’t start anymore.

“Could not start the Net Logon service on Local Computer.
Error 1075: The dependency service does not exist or has been marked for deletion.”

After some reserch I found the solution.

1.) Start the registry editor (Regedit.exe).
2.) Navigate to the following registry key HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Netlogon/
3.) In the right pane, double-click the DependOnService value .
4.) In the Multi-String Editor dialog box, type the following strings on separate lines, and then click OK
LanmanServer
LanmanWorkstation
Remove any other entries.
5.) Exit the registry editor and restart the server

How to tell what version of Active Directory you have

If you want to view the current version of your Active Directory you have, you can browse to the following registry key on your domain controller(s).

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters and select the subkey Schema Version.

13 = Microsoft Windows 2000
30 = Original release version of Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 (SP1)
31 = Microsoft Windows Server 2003 R2
44 = Windows 2008

How to: Let domain users enable or disable the proxy server

In de most environments the users have a laptop for working in the office, but also for working out of the office. When there’s a proxy server enabled in your Internet Explorer settings, you’re able to internet on your office. But when you’re logging in out of the office, the proxy server is still enabled. So…..no internet for you!! In the most situations the Internet Explorer settings are hided through a GPO, so the users are not be able to edit the proxy settings manually. Whit the tool ProxyPal, you can give the users the oppertunity to enable or disable the proxy.

1.) Install ProxyPal on the laptop or computer (you can deploy it with a GPO)
2.) Edit your GPO’s to hide the Connection tab in your Internet Settings. (Optional!!)
3.) The users can enable or disable the proxy server now

ProxyPal_01    ProxyPal_02    ProxyPal_03

ProxyPal_04    ProxyPal_05    ProxyPal_06

ProxyPal_07    ProxyPal_08

How to: Let domain users change there Power Scheme

In some environments users must have the ability to change the power scheme. By default, the normal Domain Users are not be able to do this, there’s an “Access Denied”. With the following Group Policy configuration, the Domain Users are albe to edit the Power Scheme on there laptop or PC.

1.) Make a new Group Policy and link it to the Organizational Unit where the computer objects are placed
2.) Go to Computer Configuration\Policies\Windows Settings\Security Settings\Registry
3.) Add the following registry hives
     HKEY_Localmachine\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\GlobalPowerPolicy
     HKEY_Localmachine\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies
4.) Edit the permissions for the BUILTIN\Users from Read to Full Control
5.) Reboot your client
6.) Login with an user on that client
7.) The user has now the ability to change the Power Scheme

PW_01    PW_02    PW_03

PW_04    PW_05    PW_06

PW_07    PW_08    PW_09

PW_10    PW_11     PW_12

PW_13    PW_14    PW_15

How to: Add custom INI files to your Immidio Flex Profiles environment

By default there are a copple of ProfileSettings available when you install Immidio Flex Profiles. When you install a new application on your Terminal Server environment, you also want to save this application settings for your users! In my Terminal Server environment i’ve installed Adobe Reader and i’ve made some custom INI file for saving the settings for my users.

1.) First make some new INI file in your Flex_Config\ProfileSettings directory
2.) Edit the INI file and type in the RegisterTree or IndividualRegistryValues
3.) Login to your Terminal Server environment, start Adobe Reader and make some changes
4.) Logoff and check the users home directory if there’s a file called <INIfilename.ZIP> in my example AdobeReader9.ZIP. In this file you see all the registry settings!
5.) Login again and see that the settings are saved
6.) Delete the <INIfilename.ZIP> from the users home directory
7.) Login again to your Terminal Server environment
8.) As you can see, all the settings are gone!
9.) If you want to replace a backup, in the users home directory folder _Settings\Settings_Backup is a backup available automatically

ar_01    ar_02    ar_03

ar_04    ar_05    ar_06

ar_07    ar_08    ar_09

ar_10    ar_11    ar_12

How to: configuring Windows 2003 Terminal Server using Immidio Flex Profiles

A nice tool to manage your environment with Mandatory Profiles is Immidio Flex Profiles.

I’m going to install this tool in my Windows 2003 Terminal Server environment.

— First install the Immidio Flex Profile application on your Terminal Server(s). When executing the Immidio Flex Profiles.msi file, no services are installed and no reboots are required. The Flex Profiles MSI file must be executed under an account with administrative privileges, since a small number of registry keys are added to the HKEY_LOCAL_MACHINE hive.
Note! To install the Framework unattended, just run the following command. msiexec /i “\\Server\Share\Immidio Flex Profiles.msi” /qn

flex_01    flex_02    flex_03

flex_04    flex_05    flex_06

— The Flex Profiles framework includes a compressed file that is used for central configuration purposes: Flex_Config.zip. Extract this file in a central and fault tolerant network share using a Zip program, such as WinZip. The target folder can be a share on a file cluster or the NETLOGON share or SYSVOL folder on a domain controller. The scripts included in Flex_Config.zip help you to centrally configure Flex Profiles.

flex_07    flex_08 

— Configuring the Flex Profiles in the logon and logoff script is rather simple. The syntax to activate Flex Profiles is as follows.

An example for a logon script may look as follows.
CSCRIPT /NOLOGO “%PROGRAMFILES%\Immidio\Flex Profiles\Flex_Framework.vbs” LOGON \\FLEX.local\NETLOGON\Flex_Config

In the logoff script, specify the LOGOFF option instead:
CSCRIPT /NOLOGO “%PROGRAMFILES%\Immidio\Flex Profiles\Flex_Framework.vbs” LOGOFF \\FLEX.local\NETLOGON\Flex_Config

IMPORTANT: Proper timing is essential when setting up Flex Profiles in a user logon script. It is recommended to run the Flex Framework script in the logon script after the home directories are mapped and before other application settings are configured. Additionally it is recommended to enable the policy Run logon scripts synchronously in order to prevent applications or the desktop from starting while the logon script is still running.

flex_09    flex_10    flex_11

flex_12    flex_13    flex_14

— In order to configure the Flex Profiles Framework the file Framework.ini in the Flex configuration folder needs to be opened and modified with an adequate ANSI editor, such as Notepad.

I’ve edit this setting to [LOCATIONS] STOREROOT, this setting configures the root of the path where the profile archives are stored.
STOREROOT=3
uses the user’s Terminal Server home directory directly from AD (Only supported with Windows Server 2003 and Windows Server 2008 in an AD environment). By default the vallue is 1.

flex_19    flex_16

— After you login on your Teminal Server environment, and you logoff, you’ll see the following folder in your users home directory _Settings. Here are the user specific settings that will be saved when the users are logoff. As you can see, all the .ZIP file are exactly the same as in your NETLOGON directory, were you can make you settings per application! You  can add new INI files if you want to add some application settings, or even delete some INI files from appliations that are not used in your environment.

flex_17    flex_18