Wednesday, July 17, 2013

Deploying Windows 8 using the Windows ADK and WinPE

After spending a chunk of today trying to get imaging and deployment of Windows 8 figured out I decided it was worth a post since the scripts Microsoft provides are either slightly incorrect or missing information. I started out with this TechNet article and this other, then built the final solution from there.

First, use the article to get the Windows ADK, which will allow you to create bootable WinPE media. You can either create a bootable USB device like the article states, or create an iso image file that can be burned to a CD. Personally I prefer CD because it seems to be the most compatible since everything can boot from CD, but not everything likes booting from USB. To create the iso file instead of the USB in their step 1.3, use the command MakeWinPEMedia /ISO /C:\winpe_amd64 C:\winpe.iso. That will create the ISO file named winpe.iso in the root of the C drive using the directory located at C:\winpe_amd64. If you want to change those paths, feel free, especially for the location of the iso file.

From this point on I was able to capture the system image using the directions outlined in the TechNet article, so refer to that for image capture.

Deployment is where I started running into problems. I have a pile of cheap Dell Inspirons, and they were using UEFI booting. I'm not going to get into MBR/BIOS since I didn't deal with that and don't know if the article is correct, but the scripts provided for the UEFI option need some tweaking.

For the create partition script, use the script below instead of what Microsoft provided. I have bolded the changes I made. For the line with shrink minimum, adjust this so it's big enough to hold your system image. 14GB is what they have it set to, and my image came out to just over 7 so if I didn't adjust it I would've wasted 7GB of hard drive space.

rem These commands are used with DiskPart to
rem erase the drive and create five partitions
rem for a UEFI/GPT-based computer.
rem Adjust the partition sizes to fill the drive as necessary.
select disk 0
clean
convert gpt
rem === 1. Windows RE tools partition ===========
create partition primary size=300
format quick fs=ntfs label="Windows RE tools"
assign letter="T"
set id="de94bba4-06d1-4d40-a16a-bfd50179d6ac"
gpt attributes=0x8000000000000001
rem === 2. System partition =====================
create partition efi size=100
format quick fs=fat32 label="System"
assign letter="S"
rem === 3. Microsoft Reserved (MSR) partition ===
create partition msr size=128
rem === 4. Windows partition ====================
rem ==    a. Create Windows partition =========== 
create partition primary 
rem ==    b. Create space for recovery image ====  
shrink minimum=10000
rem ==    c. Prepare the Windows partition ====== 
format quick fs=ntfs label="Windows"
assign letter="W"
rem === 5. Recovery image partition =============
create partition primary
format quick fs=ntfs label="Recovery image"
assign letter="R"
set id="de94bba4-06d1-4d40-a16a-bfd50179d6ac"
gpt attributes=0x8000000000000001

You can name that CreatePartitions.txt as suggested, or use your own file name. Make sure you copy it onto a USB drive or something that is accessible to the machine you will be deploying the image to. You can use the instructions in the TechNet article to run this script (e.g. diskpart /s E:\CreatePartitions.txt if the script file is saved on something mapped to the letter E).

Now, for the batch file that actually deploys the image you need to make a few tweaks to this as well to get it to work. Use the below

rem These commands use the specified Windows image file 
rem to deploy Windows, system, and recovery tools 
rem to a UEFI-based computer.

rem Usage:   ApplyImage WimFileName 
rem Example: ApplyImage E:\Images\ThinImage.wim

rem === Apply the image to the Windows partition ========
dism /Apply-Image /ImageFile:%1 /Index:1 /ApplyDir:W:\

rem === Copy tools to the Windows RE Tools partition ====
md T:\Recovery\WindowsRE
copy W:\windows\system32\recovery\winre.wim T:\Recovery\WindowsRE\winre.wim

rem === Copy boot files to the System partition =========
W:\Windows\System32\bcdboot W:\Windows /s S: /f ALL


rem === Set the location of the WinRE tools =============
W:\Windows\System32\reagentc /setreimage /path T:\Recovery\WindowsRE /target W:\Windows

rem === Create the recovery image =======================
Mkdir R:\RecoveryImage
Copy %1 R:\RecoveryImage
W:\Windows\System32\reagentc /setosimage /path R:\RecoveryImage /target W:\Windows /index 1

To actually have the system partition recognizable as UEFI you need to add the /f ALL to the bcdboot command. Also, they made a bad typo in the very last line by getting the drive letters mixed up. They have it as T in their script, but it needs to be R.

With those few changes I was able to successfully deploy Windows 8 just like I had been doing for Windows 7 machines using WinPE and imagex.exe. Hopefully this will save you from trying to figure out what is wrong with the scripts Microsoft provides. I did send them feedback outlining the mistakes, but whether or not they'll actually update it is yet to be seen. Good luck with your deployment!
No comments:

Wednesday, May 22, 2013

Remotely enable Remote Desktop

I've had a few instances where, for whatever reason, remote desktop has been disabled on machines I manage. This can be quite a pain when you don't have someone onsite at that location who can turn the service back on. However, if the proper services are running you can get remote desktop working from your remote location without rebooting the computer. I originally found this article, but added in the extra steps in the beginning to avoid any need to reboot.

To get started, go to Start and right-click on Computer, then choose Manage. Right-click on Computer Management at the top and select Connect to another computer... Enter in the computer name for the computer you need to enable remote desktop services for. This will connect you to the management console for that remote computer. If you cannot get into the management console, you can still try changing the registry with the steps below with the hopes that the services are already running, but by using the management console you can verify the services are running.

Once the management window opens for the remote computer, go to Services and Applications->Services. Scroll down to Remote Desktop Configuration. Now, verify that the following services show Started under the Status column: Remote Desktop Configuration, Remote Desktop Services, Remote Desktop Services UserMode Port Redirector, and Remote Registry. If any of them do not show Started, right-click on that service and choose Start

After those four services have been started, open Registry Editor (this is where this article comes in) by typing regedit into the Search bar, or into the Run box if you're using Windows XP/Server 2003. Once the Registry Editor is open, click on File->Connect Network Registry, enter the remote computer's name, and click OK. This should get you access to the registry on the remote computer. Navigate to HK_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server. Once there, double-click on fDenyTSConnection and change the value to 0 and click OK. This will allow terminal server connections on the remote machine. That should be it. Try to access the remote machine using remote desktop now and it should connect. If not, try rebooting the remote machine using the command prompt with the command: shutdown -r -m \\computername
No comments:

Tuesday, May 7, 2013

Repair a corrupt Recycle Bin in Windows

If you've ever run into a problem where you get an error when emptying your Recycle Bin on a Windows computer, it can be very annoying. I hate seeing anything in that trash can icon and try to keep it empty all the time. If you're having similar problems, try this to reset your Recycle Bin. I originally found this post, then added in the option for XP and Server 2003.

For XP and Server 2003 go to Start->Run, type cmd and Click OK. If you're on Vista, Windows 7, or Server 2008, go to Start, type cmd in the search box, then right-click Command Prompt and select "Run as Administrator".


Once the command prompt is open type the following command corresponding to your operating system and press Enter

For XP/Server 2003: rd /s /q C:\Recycler

For Vista/Windows 7/Server 2008: rd /s /q C:\$Recycle.bin

 This will delete the Recycle Bin folder from your machine, effectively getting rid of whatever problem files are creating the issue not allowing you to empty the Recycle Bin. Once you've done this you can add something new to the Recycle Bin and Windows will create a new version of the folder so you can once again clean up your junk files.



No comments:

Wednesday, April 17, 2013

Search Active Directory for email accounts that are being forwarded elsewhere

I was asked by a member of the management team to shut off the email forwarding for all ex-employee accounts that were going to this particular person. Rather than go through all Active Directory user accounts to check whether forwarding was on or not, I did a quick online search and found an easy way to use an LDAP query to list only the accounts I needed to check. The original post is here

I'm still stuck with Exchange 2003, so here were the steps:

1. Open Active Directory Users and Computer
2. Right-click on your domain and choose Find
3. In the Find dropdown, change it to Custom Search
4. Go to the Advanced Tab
5. In the "Enter LDAP query" box, type (objectClass=*)(altrecipient=*) then click Find Now

The results will be all users that have email forwarding turned on. Please check the original post if you're looking for how to do this with Powershell in Exchange 2007. I'd guess it'll work the same in 2007 and newer versions
No comments:

Friday, April 12, 2013

Outlook "Cannot copy or move because it contains private items" error

Update 3/25/15

 I can't believe it's been almost 2 years since this was posted. Since the original post I've had mixed luck with this method, which has led me to believe the original is not necessarily a fix. However, I have not seen this error when I log in as the actual user, which is because the user has access to everything within its mailbox. I've been backing up the mailboxes this way and it works fine.

1. Assign license to user account (if one isn't already assigned)
2. Reset the user account password so you have the login info
3. Enable login for the user if you had previously disabled it
4. Convert the mailbox back to a regular mailbox if you had made it a shared mailbox
5. Set up an Outlook profile with the user account info, making sure to turn off Cached Exchange mode
6. Open Outlook with the profile and login
7. Export to PST from within Outlook
8. Remove the profile from Outlook
9. Delete the user account from O365
10. Repeat for other user accounts you want to back up and remove

Of course you should modify those steps for your own needs (e.g. only delete the user account if you actually want to), but in general you can get around the private items error this way. If you're trying to do this for an active user you'll have to work with the user to have them login to his or her mailbox so you can run the export.

Original post 4/12/13

I ran into the "Cannot copy or move because it contains private items" error today while trying to copy a folder from an ex-employee's mailbox to the mailbox of the person taking over that ex-employee's duties. Being the admin I thought it was kind of an odd message to run into, but taking to Google I had an answer within a minute: http://support.microsoft.com/kb/892447.

Apparently the same error doesn't happen if you use drag-and-drop rather than copy/paste. if you want to copy the folder, you can hold Ctrl and click on the folder, then drag it to the mailbox you want to copy it to.

If you're looking to move the folder rather than copy, then click and drag-and-drop without holding the Ctrl key.

Worked like a charm for me. The KB references Outlook 2002 and 2003, but I'm running Outlook 2007 and saw the same issue and that same fix worked for me.
2 comments:

Monday, November 19, 2012

One thing that can cause an internal AD account lockout...

I consolidated a domain recently and moved the domain controller to use our primary domain instead of its own distinct domain (long story why it was setup this way to begin with). However, shortly after my user account started getting locked out periodically. The problem was that something was trying to login using olddomain\myaccount, but the olddomain domain didn't exist anymore. Since I have an account on newdomain named myaccount, it was locking that account out instead seeing multiple invalid logins for that username.

I first figured it had to do with a service running using the old credentials, but ruled that out quickly. The Windows security logs were less than helpful, besides allowing me to see the times of the login attempts. I then turned to Wireshark but didn't find anything useful. Now that I had no evidence of it coming over the network, I determined it must be happening on this newly migrated DC itself. I enabled Netlogon logging, which confirmed that something on the newly migrated DC was using my credentials, but what?

Then I finally ran across this post. I had completely forgotten that dynamic DNS in DHCP requires you to setup login credentials. Sure enough, this was the cause of my problem. It's not best practice to set it up the way I had, but regardless, that's the way it was. I changed the dynamic registration credentials and lo and behold, no more lockouts.
No comments:

Thursday, August 30, 2012

An openupload installation better explained

If you're not familiar with it, openupload is an open-source, web-based, file-sharing system kind of like a rapidshare or mediafire. It's written in PHP and will run fine on a LAMP server. There hasn't been any new versions published since November 2010, but I'm still able to run in on the Ubuntu 12.04.1 without any changes. It appears to be highly recommended on Sourceforge, and so far so good for my setup once I was able to get it to actually work.

I had my fair share of problems getting openupload to run using my limited knowledge of PHP and Linux, but  after roughly following this guide I was able to get it working will be rolling it out as an FTP alternative at my workplace. The lack of setup documentation was one of the frustrating problems I ran across though, so I'm going to share what I've been able to put together in order to hopefully make your install easier.

First, to preface the documentation, here's a little bit of information about my setup. As I said, I'm running this on Ubuntu 12.04.1 server (64-bit), with PHP 5.3.10, MySQL 5.5.24, and Apache 2.2.22.

Following the guide mentioned above, I was able to get the basic installation working for the admin user. However, there were still issues with downloading, and also with any non-admin user. This problem is in the the permissions system of openupload. You will likely have to change it to accommodate your setup. You can do this through the site administration (Administration->Rights, then select the group you want to change), or else you can manually edit the MySQL table, but I'd suggest using the administration tool. To do it during setup, the INSTALL file mentions the different modes available. Pick the mode you want, and then go into the sql/txt/modes directory and find the corresponding permissions file. Copy that file (e.g. acl_restricted.txt) to your sql/txt/ directory, overwriting the acl.txt file. Otherwise you can modify the permissions after the setup using either method mentioned above. The bolded text is the table names that control the permissions. For the rest to make sense you may have to look at the table in MySQL first, and then you should get it:

acl

  • id - is the primary key and is set manually
  • module - refers to the modules of the site, with values of admin, auth, and files
    • admin refers to site administration privileges, which should only go to the admin group
    • auth is for allowing users to do stuff, or not to
    • files refers to the uploading, downloading, or deleting of files
  • action - sub-categories of the modules to be more specific about the permissions
    • admin actions
      • not sure. The admin group uses the wildcard * to allow all
    • auth actions
      • login - whether the group can login or not, which should always be allowed
      • logout - whether the user can click logout, which should be allowed
      • profile - whether the user can view and change his or her profile
      • register - whether a user can register themselves or not
    • files actions
      • d - whether the group can download files
      • u - whether the group can upload files
      • r - whether the group can remove files
      • l - whether the group can view their files. This enables the My Files tab
  • group_name - which group the acl pertains to
  • access - either allow or deny
The plugins work the same way. You can modify them in the administration settings (Administration->Plugins->Plugins ACL), or direct in the MySQL
plugin_acl

  • id - is the primary key and is set manually
  • group_name - specifies which group the acl pertains to
  • plugin - specifies which of the optionally installed plugins the acl pertains to
    • password - allows users to force password entry before file download is allowed
    • captcha - allows users to force a captcha entry before file download is allowed
    • email - allows users to have emails sent to notify of loaded files, removal links, etc
    • mimetypes - Allows restricting uploads by mime type by group
    • compress - another ?. I'm guessing this enables some type of invisible compression algorithm
    • expire - Enables auto-expiration of links after 30 days. Possibly automatic file deletion as well
If you know of other permission settings I'm missing, please add them in the comments. These are the ones I've figured out or found, and they were enough to get everything working as I need it to.

If you're using plugins, you may also need to change the related options. You can do that in the administration under Administration->Plugins->Plugins Options.

Now, you may also want to modify or rebrand the site to better fit the look you want. This is mentioned breifly in the documents, suggesting you create a new site template and change the configuration file to point to that directory rather than the default template, so it's up to you. Here are where files are located, with the directories based on starting in your web directory of the openupload install:


  • Openupload config file - contains all the main application settings (db information, site template and directory mappings, etc)
    • [openupload directory]/www/config.inc.php
  • Main page html file - in case you want to add links or anything to the main page
    • [openupload directory]/templates/default/index.tpl
  • Main CSS file - for modifying the background, alignment of objects, colors, etc
    • [openupload directory]/www/templates/default/main.css
  • Logo image - the logo that displays in the upper-left corner
    • [openupload directory]/www/templates/default/img/openupload.jpg
  • Email template - this is the default template used when sending notification emails
    • [openupload directory]/templates/default/plugins/email/notify.tpl
The [openupload directory]/templates/default/ directory contains the HTML pages for essentially the entire site.

If you run into problems uploading a file, make sure to check the upload size limits. This is set in the config file and your php.ini file. You'll want to make sure that the HTTP POST limit and the max upload size in your PHP settings match, and that the [openupload directory]/www/config.inc.php also matches that value. By default, the PHP settings allow only 2MB files.

I hope that helps you get started with openupload. There's also another one out there called FileZ, but I haven't tried using that and only mention it in case you want to look into an alternative that has more recent development.
No comments:

Monday, June 25, 2012

Adobe Creative Suites 3 (CS3) auto update doesn't work

If you try updating your Adobe CS3 product and receive a message saying updates cannot be detected at this time, it's because of an expired security certificate. This cert comes with the CS3 install, and I don't believe Adobe issued a new one. However, to get around this problem, simply set your system time back to any date prior to 10/16/2011. Doing this will trick your system into thinking it's prior to the expiration of the security certificate, so the connection will be allowed. Make sure to set your system time back to normal though after getting your updates installed.

http://forums.adobe.com/message/4096973
No comments:

Wednesday, June 6, 2012

SQL Server SSIS using Excel fails with DTS_E_CANNOTACQUIRECONNECTIONFROMCONNECTIONMANAGER

If you're running a 64bit SQL Server, you likely are also running the 64bit version of Business Intelligence Development Studio. Unfortunately, the 64bit version of BIDS doesn't work with the Excel Connection Manager. Luckily though, you can still use it to create your SSIS package and getting the package to run is as simple as checking a box.

If you're running SQL Server 2008 and using a SQL Server Agent job to execute your SSIS package that contains your Excel connection, here's how to get it working:

1. Go into the Job Properties
2. Select the step containing your SSIS package and click Edit
3. In the step properties, go to the Execution options tab and check the box labeled "Use 32 bit runtime" (see screenshot)


This will force the SQL agent to use the 32 bit runtime when executing the package, and that supports the Excel Connection Manager.

If you're using SQL 2005 of DTEXEC to execute your package, check out the original post I found that helped me.
2 comments:

Thursday, May 17, 2012

Replace LCD Screen or other parts on an HP 2000 notebook

I was going to take pictures and document the process to replace an LCD screen on an HP 2000-216NR notebook computer, but found HP's service manual online and it does a good job of doing the same thing. You can find it here: http://h10032.www1.hp.com/ctg/Manual/c02753308.pdf. It's the full service manual, so it has the steps to take apart and replace just about every component you'd want to. If you're specifically replacing the LCD screen rather than the entire display, you may want to check out this article too: http://www.insidemylaptop.com/replace-broken-screen-on-hp-2000-laptop/. I used a combination of both to successfully replace the LCD
No comments:
Subscribe to: Posts (Atom)