Category Archives: Server 2012 R2

Securing your new Server 2012 R2 Domain Controllers

No, I’m not writing a book! It could easily be done, there is an enormous amount of information on the Interwebs about AD and Security. Instead, I want to put a couple of links in here for reference.

Firstly, a friend of mine, Laura Robinson, was the Lead Author of a whitepaper specifically dealing with this topic, download the Best Practices for Securing Active Directory.docx. It’s an awesome document well worth reading through.

Secondly, for those also running SCCM 2012 in their environment, here is a link to a very well written post about Windows Server and SCCM 2012  – Compliance Checking. Step by step on how to use SCCM to run a weekly check on *all* your servers, DCs or otherwise, to make sure they are compliant with your internal (or Microsoft’s) Best Practice.

Enjoy the light reading.

 

get IT right

Wayne

Leave a comment

Filed under SCCM 2012 R2, Server 2012 R2

DHCP stopped my Audio???

What the?? How can DHCP affect my Audio? You didn’t know it could, did you 🙂 Shout out to Mitchell on my course this week in Darwin. I was reading a ASKPFE Blog post and found a really handy command line tool I didn’t know about tasklist /svc

tasklist

Great! Now you can see exactly what processes and the corresponding identifier (PID) for each running service. Mitchell pointed out that this screenshot points out a weird error he had on his own system: misconfigured IPV6 causing DHCP to fall over, taking the Audio with it! So, a new tool for your troubleshooting kit :tasklist

get IT right

Wayne

 

1 Comment

Filed under Server 2012 R2, Windows 8.1

Building your own Test Lab – revisited!

The most common question I get asked in every course is: “Can we take the virtual machines with us?”. Short answer. No. The virtual environment I build up for each course actually belongs to Microsoft! But, you can build your own Test Lab and setup various scenarios quite easily. First, you need a decent pc. I7 processor, at least 16GB RAM and a quick HDD; big enough to store all your vhds (virtual hard disks). Operating system? If you’re running Windows 8 or higher, you have a built-in feature, Hyper-V, that can easily be turned on. If you would rather run a Server o/s (operating system) then you either have to use one of your company’s licenses, or download a 180 Evaluation version from TechNet.  You’ll need those evaluation versions in any case, because you’re about to build a Base Test Lab. Using the TLG (Test Lab Guide) available from Microsoft, you’ll be able to build, relatively quickly, an entire test environment. The graphic below shows what I mean:

BaseConfig_NewIcons_png-550x0

What’s even more exciting (in a geeky way!) is the new ability to build your test lab in the cloud!!

Azure_BaseConfig_png-550x0

Awesome! Once you have your Base Lab setup, BACKUP! and BACKUP again! You’ve just put a lot of hard work into setting you Lab up, don’t lose it.

Now that you backed up the Lab, you can start playing, building, breaking, and fixing your resources. If you want to extend the Base Test Lab, go back to the wiki and look at the additional Labs that have been written: Exchange, SCCM, ADFS, Direct Access, and a multitude of others! http://social.technet.microsoft.com/wiki/contents/articles/1262.test-lab-guides.aspx

Take checkpoints (or snapshots) of your Lab before installing or testing, that way you can revert to a pristine Lab environment, ready for you to break it all over again. This has to be one of the best ways to learn, and a whole lot of geeky fun as well 🙂

 

get IT right!

Wayne

1 Comment

Filed under Certification, Server 2012 R2, Windows 8.1

Communication Breakdown!

No, not the Big O’s hit (if you don’t know who the Big O is, ask your parents <g>), but the dreaded:

test1

Hmmm, lost/corrupted/hosed the secure channel. What next? I know, logon locally, take the computer out of the domain, put it into a workgroup, then restart, rejoin the domain, restart yet again; all is sweet! Nope, bzzzzt! Fail. It looks like it has worked, but what you have most probably done in the background is destroyed the original SID (Security IDentifier) of the computer and created a new computer object in the domain; all group memberships, ou membership, SCCM 2012 object history … gone!

The more correct way? Read on. First, go to your Admin tools; either ADUC (Active Directory Users and Computers) or ADAC (Active Directory Admin Center – new from Windows Server 2008R2 on), right-click the offending Computer object and Reset Account! This sets the computer password to computername$ and allows the computer to reset that password when the secure channel is restored. Next, logon locally:

test2

Then, open an Administrative PowerShell prompt:

test3

Uh oh … more red hints, I see lots of these, deliberate errors I tell my students (well, that’s what my old sergeant said in the Army!). Lets try that using the correct command:

test4

That’s better! Supply the correct credentials, and:

test5

The returned value is Boolean, True means all is working, we’ve rejoined the domain and have preserved the SID, the object history in SCCM and all is sweet, until next time.

If you want to do this remotely (certainly saves walking, or in the worst case, driving to the workstation, refer to this TechNet tip: http://technet.microsoft.com/en-us/magazine/ff700227.aspx

get IT right!

Wayne

Leave a comment

Filed under SCCM 2012 R2, Server 2012 R2

SCCM 2012 R2 – Start Using PowerShell

Import-Module ConfigurationManager ? Nope, won’t work, at least not without jumping through a few hoops. Looking at the helpful red hints (I get lots of these!), the module is not found in the default path.

ps_cm1_e

From a PowerShell prompt, you need to change to the ….\bin directory, then import a .psd1. Using the -verbose shows the import progress, much better than staring at a screen, wondering what’s happening in the background 🙂

ps_cm2_e

Ready to go? Not quite. As you can see, we must now connect to the drive that represents the site, in this case, S01.

ps_cm3_e

Last thing to do, update the help file:

PS SO1:\>update-help -module configurationmanager

Adding the -module makes sure I only update the cm module, not all modules.

Now we can start using the new Cmdlts. Not too hard, just a bit fiddly. Good luck with the more than 470 cmdlts available.

Oh, and don’t forget, you need PowerShell 3.0 (or above) and the SCCM 2012 R2 console installed on the machine as well. Time for you to play!

get IT right

Wayne

1 Comment

Filed under SCCM 2012 R2, Server 2012 R2

70-410 R2 Changes

Exam 70-410 is the first exam for the Microsoft Certified Solutions Associate (MCSA) 2012. The exam objectives are on Microsoft’s website: Installing and Configuring Windows Server 2012 under the “Skills Measured” area. You must be able to feel comfortable with each of those areas before attempting the exam.

New R2 specific content in Exam 70-410 covers the following areas:

  • Configure servers: Install and configure Windows PowerShell Desired State Configuration (DSC)
  • Configure local storage:Create storage pools by using disk enclosures
  • Configure file and share access: Create and configure Work Folders
  • Configure servers for remote management: Manage non-domain joined servers
  • Create and configure virtual machine settings: Create and configure Generation 1 and 2 virtual machines; configure and use extended session mode
  • Create and configure virtual machine storage: Manage checkpoints; configure storage quality of service (QOS)
  • Create and configure virtual networks: Configure NIC teaming in virtual machines
  • Install domain controllers: Deploy Active Directory infrastructure as a service (IaaS) in Windows Azure

Good luck, pop back in and tell us how you went!

get IT right

Wayne

Leave a comment

Filed under Certification, Server 2012 R2

R U RDY 4 R2?

That bit of “text speak” should have translated to “Are You Ready For R2?” in your own mind, hopefully it did! R2 means the second release of Windows Server 2012 and it will a huge impact on those looking at Certification on Microsoft products. If you are currently studying for a Microsoft Certified Solutions Associate (MCSA) in Windows Server 2012 then you’ll need to read this post and be prepared to add some additional items to your study list.

Effective January 28th 2014, the following exams contain R2 content:

  • 70-410
  • 70-411
  • 70-412 and
  • 70-417 (Upgrade Exam from MCSA Server 2008)

To make it easier to read and to find the updates, I’ll break the original post into three smaller ones, each targeting a specific exam.

get IT right

Wayne

Leave a comment

Filed under Certification, Server 2012 R2