Category Archives: Uncategorized

Second shot = Replay!

tldr: click graphic to get exam replay offer.

Microsoft have run, at various times over the last few years, campaigns to give exam candidates a “second shot” at passing exams. Why? As Microsoft’s Liberty Munson (Principal Psychometrician for Microsoft Learning) writes: “certification exams are valid and reliable measures of the content areas that they are intended to measure”. Exams will test your understanding of Microsoft’s solutions, not just test how well you memorise and then regurgitate answers. This could mean not passing an exam on the first attempt. Remember, you don’t fail exams; you just haven’t passed it … yet!

Enter Microsoft’s latest special offer: Exam Replay.


There’s even an offer that gives you a replay on your exam, plus a practice test! This offer gives you an edge, the confidence that you’ve studied and understood the objectives, plus a safety net to stop you crashing if you have a bad day in the test center.

Certification is a great validation of what you know, and how you apply that knowledge, it’s the advantage you take into a job interview, the credibility you add to discussions: you’re a Microsoft Certified Professional!

Wayne McGlinn


Leave a comment

Filed under Uncategorized

Step by Step UEFI Boot Device

Have you noticed that new PCs and tablets seem to boot really, really quickly? Compared to your typical work desktop, these devices are up, running, and ready to logon in seconds! No longer is there time to go get a coffee and come back  to see the Username/Password prompt flash into existence. How does it boot so quickly? That’s due to the Unified Extensible Firmware Interface (UEFI). Once UEFI is enabled, it allows us to get around the limitations of the Basic Input Output System (BIOS) that has been around in one form or another since 1975. Those limitations included 16 bit processor mode, and being limited to 1 MB of addressable space. UEFI also uses a newer partitioning scheme, GUID Partition Table (GPT). GPT was designed to extend pass older limits. In this case, Master Boot Record (MBR) is limited to a maximum disk size of 2TB.

How does all this fit together? Well, to install a modern operating system (OS), a UEFI bootable device needs to be created. If you’re booting from a Windows 8.1 DVD, and UEFI is enabled in the BIOS of your pc, the required partitions are automatically created. If, however, you’re using the Windows 8.1 iso downloaded from Microsoft, then you need to build a bootable device yourself. This means using FAT32, I repeat, you need to use FAT32, *not* NTFS! The following screen shots and explanations will give you all the detail needed. Read through all the steps first, backup your old OS, then start playing.

First, choose an appropiately sized USB Flash Drive, in my example I’m using an old 32 GB Patriot Flash Drive. Insert it, then run diskpart from an administrative command prompt:


Note the Disk number for your USB disk, in this case Disk 1. Then type the following command: select disk 1

select disk 1

diskpart’s focus is now on Disk 1, let’s remove everything from that disk using: clean


next we’ll use GPT instead of MBR: convert gpt

convert gpt

let’s make a primary partition and then format it, note you’re using FAT32:

create primary partition

looks like it worked, now to check by using: list volume

List Volume

looking good! We now have a FAT32 partition on a GPT disk. Exit diskpart, taking *careful* note of the drive letter. In the screenshot above, the * symbol is showing next to Volume 3, with a drive letter of “F”. The next step is to copy bootsect.exe from the desired operating system media. To do this, double click on the iso (or browse a DVD) and find bootsect.exe, under /boot:


copy bootsec.exe then type the following: bootsect /nt60 f: (or whatever drive letter you *carefully* noted above!)


next, copy the entire contents of the iso or DVD onto your newly formatted, bootable flash drive:


Once the copy process is completed, you should have a brand new USB FAT32 GPT bootable device. Follow the instructions to enable UEFI boot in your BIOS, reboot using the above mentioned USB and install a really, really fast booting version of your operating system. Even faster if you use an SSD. Good luck, and don’t forget to back up first!


Wayne McGlinn

Leave a comment

Filed under Uncategorized

A handful of ACEs

Great if you are playing a game of cards, particularly a high stakes poker game, not so great if you are trying to secure your corporate resources. “Man up, and defend yourselves!” said Ex NSA Director Michael Hayden. Difficult, when all our Administrators have a handful of ACEs!

Quick revision time: An Access Control Entry (ACE) is found in an Access Control List (ACL). Typically IT Pros refer to ACEs and ACLs, pluralising the acronyms rather than the words. The ACEs in an ACL determine what access rights a trustee has to a securable object. There are two types of ACLs: Discretionary Access Control List (DACLs) that contain Access-denied ACE and Access-allowed ACE, and System Access Control List (SACLs) that contain System-audit ACE. So DACLs grant or stop resource use, SACLs track who or what succeeded or failed that usage.

So how do we regulate what ACEs our Administrators hold? After all, they’re Admins; and by definition we totally trust our Admins, we have to! “Pardon Mr Snowden, you’re leaving?? But …” We do not, we can not trust our Administrators to hold all the top cards any longer. It’s not a personal issue, a lot of administration is automated; click a button on a web page and you can provision an entire Active Directory (AD) environment in Azure in a matter of minutes, literally. Organisations, corporations, governments, the local optometrist, all need a method of abstracting the necessary permissions – the ACEs – from the physical persona of the Administrator. For both the sake of the Admin, and his area of responsibility, let’s find a method of taking all the picture cards (including ACEs) away from Admins and only giving them Just Enough Administration rights to carry out their assigned tasks.

Without any more fanfare, let’s introduce JEA. Just Enough Administration (JEA) is a recent release of a Windows PowerShell Desired State Configuration (DSC) resource and configuration script that constrains administrative rights and permissions on both local and remote servers. In essence, any commands an Admin wishes to run on a server will run in a local administrative context, restricted to a subset of commands, and only for that session. Brilliant! I can now, through the use of the JEA Toolkit, chose what modules, what cmdlets, and even what parameters can be used for each Administrator, for each session, for each server! And, most importantly, through the SACLs, audit success and failures for every resource. As you can see, in the screenshots below, I can choose the modules, the security group, and then read the script to ensure I get the correct configuration.

This is just scratching the surface of what is available in JEA. For how to configure, manage, and create the JEA Endpoints used in constrained delegation, follow the links to download, read, and implement what will become the standard for administering your servers in the future.

Leave a comment

Filed under Uncategorized

Linking in your new certification

You’ve done it! After months of courses at DDLS, weeks of study, days of practice tests and hours sitting in front of  test centre computer screens … that final green bar has popped up on your screen. Passed. 700? 800? 1000! Doesn’t matter, that magical word “pass” means you are now a freshly minted, new and shiny MCSE (Microsoft Certified Solutions Expert).

MCSE Charter Member


Phew! Seriously, the sense of relief flooding through you feels like you’re on top of the world. What next? Tell everybody, starting with the Exam Centre Proctor, then ring everyone important to pass on the big news. Then onto Social Media; Twitter, Facebook, anywhere to spread the news.

Facebook … great for keeping up with friends and relatives, but it’s not really a “professional” network. News of your MCSE status shares space with friends dancing in grass skirts, your Mum’s complaint about snails on her lettuces and Grumpy Cat scowling at the world.

How do you update your CV, tell others in the industry of your latest achievments? LinkedIn.

If you’re not already on it, go to, create your account and start filling in the details. Companies (DDLS), individuals (Wayne McGlinn), Special Interest Groups (Hamster Rescue), all have a professional presence on LinkedIn. That’s the key word here: professional. You have spent significant time and effort on your MCSE and you want that effort to be viewed and acknowledged by your peers. That MCSE helps open doors, connects you to your peers, even attracts new and better job offers.

A good friend of mine, Donald Hester, presented a great YouTube webcast  on this very subject recently. Spend 30 minutes watching, then go share your Microsoft Certifications with the IT world, you’ve earned it!


Wayne McGlinn

Leave a comment

Filed under Uncategorized

Working smarter with SCCM 2012 R2

Working smarter, not harder, is a goal all Administrators should work toward. Administrators are being asked to do more, with less, and in increasingly shorter time frames. Trying to keep up with new releases of operating systems (OS), patches, cumulative updates soon spirals into a chasing your tail kind of work environment. System Center Configuration Manager (SCCM) is a major tool in an organisation’s arsenal; producing reports, keeping the company OS updated .. lots of work to be done! So, let’s work smarter. Download the System Center 2012 Configuration Manager Servicing Extension from *HERE* The download is an msi file, simply install it and then restart your SCCM Admin Console.

A new Site Servicing entry now appears in the Administration Pane. This shows the version of your SCCM Site, what releases are available and links to get those updates! And things get better from there:

Administration Pane

Here is a list of Cumulative Updates, version numbers, and release dates.

Version Numbers

Here’s your Site Version and current updates.

Site Version

There is an interface to “Create Query” to produce Reports of what Client Version your site has.

Create Query

Click on “Create Query” and follow the bouncing ball!

Create Query

And, as a huge bonus, a list of all the latest Blog Posts from the System Center Configuration Manager Team!

Latest posts

Working smarter, not harder. Helping Administrators get the right work/life balance. Not a bad conclusion, if I do say so myself 🙂


Wayne McGlinn

Leave a comment

Filed under Uncategorized

12 Reasons to Certify

“Hey Kyle, something’s wrong with the DC!”
“Hang on … Ok … Hmmm … Let’s try this … I call upon the great powers of CERTIFICATION!”
“Nope, didn’t work Kyle.”
“Um, well that’s all I remember from my course.”
“Kyle, you didn’t actually sit the exam, did you? You sat all those courses and didn’t get certified.”
“Well, I didn’t really think I needed to, besides it didn’t help, you just saw that!”
Kyle’s right you know. Just sitting courses doesn’t mean you’re now ready to go and dazzle the world with your cutting edge troubleshooting skills. You won’t shock and awe prospective employers with those Certificates of Achievement from all your courses.
Still, we need to answer Kyle: he didn’t really think he needed to. So, let’s look at 12 Reasons to Certify, number 13 is your take-away and action plan.

  • Certified IT Professionals earn more MONEY. Blunt, but true. And seriously, who wouldn’t like more in their pay packet each month?
  • Experience is valuable, and what a great way to showcase this with your MCSA/MCSE Certification history.
  • Renew and resit Certification exams, keep up to date and current with the latest solutions from Microsoft.
  • Talking to your customers, or even your own company’s CEO/CFO/CIO, carries much more weight.
  • IT Professionals need industry standard Certifications, not generic.
  • Failure is not an option (thanks Lester!). You tried to certify once and failed, so that’s made you wary of trying again. Maybe you need to attend a training course at a CPLS – oh, say the biggest and most awarded CPLS in Australia, DDLS for example. Motivated and experienced MCTs will help you fill in those gaps in your knowledge, and teach you that failing an exam simply means you haven’t passed yet!
  • Indicate to your employer that you would like to validate the training courses you’ve attended, they may even pay for your Certification exams.
  • Certification = Credibility. To pass and become a Solutions Associate/Expert means you really do understand the whole solution, not just a product.
  • Achieve personal goals, and through those personal goals you’ll probably also achieve your company’s goals.
  • Take a look at Seek or LinkedIn, and see how many IT positions do NOT ask for Certification
  • Increase confidence, both in you, and within you. Cynics will say “ah, it’s just a piece of paper”. Well pffft to them. It’s my hard earned piece of paper that shows I passed a rigorous test of my understanding of solutions, and it DOES mean something to me. Seriously, even as a 21 year veteran of Certifications, from Novell to Lotus to Check Point to Microsoft; I still get a buzz and a feeling of “yes, I do know my stuff” whenever I achieve or renew my Certifications.
  • Origami.
  • Now grab your planning calendar for 2016 and mark that first exam down, then pace yourself from there. You’ll be a Solutions Associate, then a Solution Expert by the end of the year.

What, the 12th reason doesn’t make sense? There’s a little lesson there. I honestly wonder just how many people read through each of those reasons, how many said TL;DR? Well, if you did read that far, then if nothing else, the paper your Certifications are printed on will make some really cool origami <g>. Have a great 2016, and a big shout out to my mate, Kyle Rosenthal who appeared in the opening sentences as my “demo”.

Wayne McGlinn

Leave a comment

Filed under Uncategorized

why corner an MVP? Wait, what is an MVP??

Happy New Year all!

My first post for the year is to explain what a Microsoft MVP (Most Valuable Professional) is, and why we are worth cornering. The origins of the MVP program date back to the early stages of Microsoft’s support and monitoring of the Usenet and CompuServe Developer Forums. One of the independent developers on the FoxPro Forum (Calvin Hsia) kept a list of the number of postings by person, including information on messages both sent and received. Making the Top Ten on Calvin’s List was a worthy achievement, whether a blessing or a curse was cause for discussion in itself! As the story goes, Microsoft saw the list and used it as a way to identify significant involvement with assisting the greater User Community. And so was born the MVP Program.

Microsoft MVP

“Today, exemplary community leaders around the world were notified that they have received the MVP Award! These individuals were chosen because they have demonstrated their deep commitment to helping others make the most of their technology, voluntarily sharing their passion and real-world knowledge of Microsoft products with the community.” MVP Blog Website.

“Dear Wayne McGlinn, Congratulations! We are pleased to present you with the 2016 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Windows Expert-IT Pro technical communities during the past year(ed. bolding added to original text) The Microsoft MVP Award provides us the unique opportunity to celebrate and honor your significant contributions and say “Thank you for your technical leadership. At Microsoft, we believe that technical communities enhance people’s lives and the industry’s success because independent experts, like you, help others extract greater value from products and technologies through the free and objective exchange of knowledge. As a Microsoft MVP, you are part of a highly select group of experts that represent technology’s best and brightest who share a deep commitment to community and a willingness to help others. ” extract from the official email notification. Mike Hickman, Director Community Engagement, Microsoft.

The MVP Award is earned each year, we cannot rest on our laurels and are continually assessed. So, in a nutshell, if you see anyone wearing an MVP badge at any technical conference, corner them! If you know of classes being taught by an MCT who is also and MVP, sign up! Why? Because we have proven the depth of our knowledge, because we are there to help anyone and everyone, in any way we can. I do not know all the answers, but I guarantee I can get hold of someone who *can* give an answer.

Wayne McGlinn

Leave a comment

Filed under Uncategorized

My Boss gave me $1500 !!

Hang on, let me explain that in a just bit more detail, and maybe stop Mal from having a minor myocardial infarction! Last week, in Chicago, Microsoft held their premier technical conference Ignite. Ignite is a blend of TechEd, MMS and other technical events in a week long geek-fest! From the opening Keynote through to the last session on Friday afternoon Microsoft showcased where they were, and more importantly, where they are going. Mobile first, Cloud first, all week long. Tech Sessions, Breakouts, HOLs and ILLs (Hands On Labs and Instructor Led Labs – courtesy of Learn on Demand Systems), and of course the Expo Hall; a mass of innovative displays and demonstrations from a multitude of IT companies.

My role last week was to be an MCT Ambassador and to present a series of ILLs focused on the upcoming release of Windows 10, in particular how Microsoft’s customers will deploy and/or upgrade their current fleets. Just prior to Ignite, Microsoft also released their latest preview versions of Windows 10, along with the Windows 10 ADK (Assesment and Deployment Kit). Hidden inside the ADK is a little gem of an application called Windows Imaging and Configuration Designer (WinICD).

That brings me back to the (fictitious) $1500 my boss gave me. CYOD (Choose Your Own Device) is gathering momentum; allowing your staff to choose their own device, be it a laptop, tablet, phone or even a desktop to be used in the corporate environment. Fantastic idea, choose any device and any operating system, as long as it’s Windows. The issue, though, is that when you toddle off to Harvey Norman and buy your device, it will typically come with either the “Home” or “Professional” version of Windows 10 (looking forward to after July that is). That means the IT Department has to take your device and then put the Corporate image on there; usually taking at least a day to get everything working smoothly. A fair bit of time and effort.

This is where the WinICD comes into play. Using the Designer, your Corporate IT professional creates a provisioning package, turning your “Home” or “Professional” version of Windows into “Enterprise” and setting your new device up to work in the Corporate environment. Awesome! As you’ll see from the screen shots below, it’s a relatively simple wizard that steps you through the creation of the package. Take the package, put it onto a flash drive, or email it, then run the package to provision your shiny new device into the Corporate SOE/MOE.

After downloading the Windows 10 ADK, go to the Installers folder and find the “Imaging And Configuration Designer-x86_en-us.msi” and double click. Once the install finishes, start the WinICD and Create a New Provisioning Package, filling in the details and path.


Next, select your version; notice the option to also provision a Windows Phone! Love it!

Specify the path.

This is where all the magic happens. There is a huge list of settings here; from Applications, Drivers, Certificates and most importantly, Upgrading Edition Product Key. This is where that “Home” version turns into “Enterprise” by inserting the Product Key for the new SKU!


Name your package, add in version number, rank and Package Owner.

Next, setup security for the package, selecting a certificate at this point means no UAC prompt when running the package – as long as the certificate is trusted.

Specify the path.

Build the package.


Either using a flash drive, or some other means (floppy disk? <g>) double click the package and accept the UAC.

Watch and wait through the various restarts and adding features.

Finally, completed. You now have a device that has been reconfigured, provisioned and ready for your work environment. Now go ask your own boss for the money to purchase a CYOD, confident that it can easily be integrated into your corporate environment.


Wayne McGlinn

Leave a comment

Filed under Uncategorized

The Lone Server

he countdown is on! As I write this blog, it’s only 72 days until support for Windows Server 2003 finishes. That’s right, the workhorse of many an organisation is about to lose support. If you haven’t yet, then you need to seriously start planning to move the last of your Windows Server 2003 installations across the the latest version, Server 2012 R2. That will mean big changes, not only the operating system but all your applications and infrastructure will need to be upgraded, or migrated, to Server 2012 R2. It’s been more than 7 years now since Microsoft replaced the last of their Server 2003 installations with Server 2008. For a while there was one, lonely server left still running the older operating system. He became a bit of a star, “Lone Server” had his own blog, even had a short movie made about being  Microsoft’s last 2003 Server. Clever, and well worth a look at.

What resources are there? One of the best options is Microsoft’s Virtual Academy (MVA). They have a number of sessions that instruct organisations on how to plan and then migrate to Server 2012. You can download these sessions or watch at your own pace online. Andrew McMurray presents the first of many MVA sessions. Technet has articles, planning guides and tools available. Migration guides are readily available and a good starting point.

Migrate to Server 2012

Not only do your operating systems and applications need to be migrated or upgraded, just like that Lone Server, your own skills and certifications also need to be brought up to date. Microsoft have a fantastic, limited-time offer that allows you to take any Microsoft Certified Professional (MCP) exam between 5 January 2015 and 31 May 2015 and get a free Second Shot exam if you don’t pass.

Even better, if you hold any of the certifications listed below; sitting one course at DDLS, MOC 20417 – Upgrading Your Skills to MCSA Windows Server 2012 and writing one exam, 70-417, will upgrade you to a Microsoft Certified Solutions Associate (MCSA) Windows Server 2012. This is a great opportunity, especially for those who haven’t had a chance to upgrade their qualifications since Server 2000. Take your time, peruse the list then book your Upgrade Course.

Windows Server 2008 Certifications:

  • MCSA: Windows Server 2008
  • MCITP: Server Administrator on Windows Server 2008
  • MCITP: Enterprise Administrator on Windows Server 2008
  • MCITP: Virtualization Administrator on Windows Server 2008 R2
  • MCITP: Enterprise Messaging Administrator 2010
  • MCITP: Lync Server Administrator 2010
  • MCITP: SharePoint Administrator 2010
  • MCITP: Enterprise Desktop Administrator on Windows 7

Windows Server 2003 Certifications (and earlier!)

  • MCDST: Windows XP
  • MCSE: Windows 2000
  • MCSA Windows 2000
  • MCSA: Security on Windows 2000
  • MCSA: Security on Windows 2003
  • MCSA: Windows Server 2003
  • MCSE: Security on Windows 2000
  • MCSE: Security on Windows 2003
  • MCSE: Windows Server 2003
  • MCSA: Messaging on Windows Server 2000
  • MCSA: Messaging on Windows Server 2003
  • MCSE: Messaging on Windows Server 2000
  • MCSE: Messaging on Windows Server 2003

Remember, the countdown finishes on 14 July 2015. Don’t be the lone 2003 IT person in your organisation, upgrade!


Wayne McGlinn

Leave a comment

Filed under Uncategorized

Are you using the wrong Salt?

Not on your hot chips, but in your Active Directory environment. Server 2003 was a very robust and long living operating system. The trouble is, next year W2K3 support disappears . The latest version is of course Server 2012 R2, and it’s this huge gap of 11 years that is causing some issues as people migrate from Domain Controllers running W2K3 to Server 2012 R2. At the heart of it is the “salt” used:

“The Kerberos client depends on a “salt” from the KDC in order to create the AES keys on the client side. These AES keys are used to hash the password that the user enters on the client, and protect it in transit over the wire so that it can’t be intercepted and decrypted. The “salt” refers to information that is fed into the algorithm used to generate the keys, so that the KDC is able to verify the password hash and issue tickets to the user.

When a Windows 2012 R2 DC is promoted in an environment where Windows 2003 DCs are present, there is a mismatch in the encryption types that are supported on the KDCs and used for salting. Windows Server 2003 DCs do not support AES and Windows Server 2012 R2 DCs don’t support DES for salting.”

Fascinating! Read the full article on the ASKDS TechNet Blog


get IT right



Leave a comment

Filed under Uncategorized