CoreConfigurator - Graphic Management Tool for Windows Server 2008 Core

The default management for Windows Server 2008 Core is the command line. Yes, the main powerful of Windows Server Core becomes available when using such an approach, but sometimes it's not so user friendly. This is why I've been asking so many times if exist anything more graphic :). Yes, one of the first recommendations to work and manage Windows 2008 Server Core is to use MMC from a remote machine, but MMC cannot do everything. Of course to allow work with remote tools this tool should be allowed passage through the firewall packages Server Core. In addition, this is for many more difficult than editing the registry. :) Therefore, I would like to have a simple graphical tool for configuring local system. The task of developing such an interface is complicated by that the Server Core has a limited set of graphics API, this is a reason why so beautiful MMC doesn't work on it.

So, if Microsoft has not established such utilities anybody else did this. Look at the utility CoreConfigurator developed by Guy Teverovsky, MVP from Israel.

This is what it can:

• Product Activation Product Activation
• Configuration of display resolution Configuration of display resolution
• Clock and time zone configuration Clock and time zone configuration
• Remote Desktop configuration Remote Desktop configuration
• Management of local user accounts (creation, deletion, group membership, passwords) Management of local user accounts (creation, deletion, group membership, passwords)
• Firewall configuration Firewall configuration
• WinRM configuration WinRM configuration
• IP configuration IP configuration
• Computer name and domain/workgroup membership Computer name and domain / workgroup membership
• Installation of Server Core features/roles Installation of Server Core features / roles

To setup this utility use MSI package and then run the CoreConfigurator. exe file. The following interface will appear.

Just in case, it's not necessary to install CoreConfigurator, we can simply copy its files into the system. The result will be the same. The video settings look like this:

Setting "Show window content while dragging" may very markedly improve display window objects, if you work with the server via terminal connection. Please note that the setting affects only the current user. According to the picture, to change the time zone, the developer did not reinvent the wheel, and just call to standard timedate.cpl

Remote Desktop Options look like this:

All would be good, but in this version you still have to allow RDP connections in the firewall manually using netsh. Hopefully, in the next version this will be fixed. Management of local users and groups is done through the following windows.

Installation of Roles and Features became a more visual :

Instantly, functionality of firewall management is very limited, but at least he had already to incorporate all necessary rules for the remote control.

Configuring your network interfaces habitually looks fairly.

To set the activation key and Activate the OS is also very simple and all this done via GUI :)

In addition, let me show winrm interface, interface to rename computer and join it to domain:

It is understandable that CoreConfigurator is not officially supported by Microsoft. Many IT professionals probably have any doubts, whether to trust manufacturer of the software. As usual choice, set its server utility or not is up to you. :)

How to Create File for a Desired File Size

Time to time I get the need to have some temp files of varying sizes. In Linux environment it's not a problem to do. And, in Windows environment it's not a problem anymore :).
I've used a "dd for windows". "dd for windows" could be downloded from official web site. I've created a very simple script, mkef.bat. Here is a syntax for using mkef.bat:

mkef.bat

And now the content of mkef.bat:

@echo off
if {%1}=={} @Echo Please use the following syntax: mkef.bat filename size &goto :EOF
if {%2}=={} @Echo Please use the following syntax: mkef.bat filename size &goto :EOF
dd if=/dev/zero of=%1 bs=1024 count=%2

What NAP is and how it works?

Yesterday was the first Windows 2008 event in Canada. The first event was in Toronto and had almost 3000 attendees. Twenty MVPs participated in Ask-The-Expert and I was one of them :). One of the commonly asked questions was question about “What NAP is and how it works?“

So, I’d like to show what posted on TheLazyAdmin.com about NAP:
With the recent launch of Windows Server 2008 you are no doubt spending all your free time playing around with everything new. One thing you might be playing around with is Network Access Protection. There is a great document on getting a DHCP based NAP lab set up but one thing the document is missing is how to configure the NAP client in XP SP3. In Windows Vista you simply start the service then enable the client through the NAP Client Configuration MMC (napclcfg.msc) but XP SP3 does not include the MMC. So how does one configure the NAP Client without a Nap Client configuration tool? Netsh, that is how!

To enable the NAP Client on XP SP3 you need to do the following:

1. Start –> Run –> Services.msc
2. Change the Network Access Protection Agent service to start automatically
3. Start the Network Access Protection Agent service
4. Start –> Run –> CMD.exe
5. Type netsh nap client set enforcement ID = ##### Admin = “Enable”
6. Start –> Run –> GPEdit.msc
7. Drill down to Computer Configuration | Administrative Templates | Windows Components | Security Center
8. Enable the Security Center
9. Start –> Run –> Services.msc
10. Start the Security Center service

You will need to replace the ##### with the ID based on whichever enforcement method you are using. You can use the following IDs for the various enforcement methods:

• DHCP = 79617
• RAS = 79618
• IPSec = 79619
• TS Gateway = 79621
• EAP = 79623

For more labs and information see:

Step-by-Step Guide: Demonstrate IPsec NAP Enforcement in a Test Lab

Step-by-Step Guide: Demonstrate 802.1X NAP Enforcement in a Test Lab

Step-by-Step Guide: Demonstrate VPN NAP Enforcement in a Test Lab

Microsoft doesn’t recommend creating Vista ‘Lite’

As many of you know, it’s possible to create a “Lite” version of operating system by using well know program vLite. But, recently Microsoft said in an e-mail to CNET News.com:

“Microsoft does not recommend using any tool to strip out applications from Windows Vista prior to installing it on your system, as it may affect your ability to download future Windows updates and service packs, and may cause your system to become unstable,”

So, think twice before you creating Vista ‘Lite’

SEP 11: virus definition folder takes too much disk space

For those who did not give up trying to deploy Symantec Endpoint Protection 11.

On client computers you might notice that virus definition folder (by default it is located in C:\Program Files\Common Files\Symantec Shared\VirusDefs) takes up large amounts of disk space. In my case - more than 5 Gb. When you open VirusDefs folder you can see a lot of temporary folders called tmpXXXX.tmp, where XXXX are hexadecimal characters.

The cause of the problem is that virus definitions may be corrupted.

To solve this issue, follow the steps below:

1. Stop the Symantec Management Client service:

• Start -> Run
• Type "smc –stop" (without qoutes) and click OK

2. Stop the Symantec Endpoint protection Service in services snap-in

3. Go to "Virusdefs" folder. Delete all ".tmp" files and folders AND any numbered folders (such as "20070820.048", "20080115.021" etc.)

4. Install new definitions manually using the Intelligent Updater:

• Follow this link: http://www.symantec.com/avcenter/defs.download.html
• Select the language and for the product, select Symantec Endpoint Protection
• Click "Download Updates" button
• Select the correct file to download for Symantec Endpoint Protection 11 depending on whether it is for 32-bit or 64-bit OS
• Click the ".exe" file specified for Symantec Endpoint Protection 11, download to your hard drive and run it

5. Start the Symantec Endpoint Protection Service

6. Start the Symantec Management Client service:

• Start -> Run
• Type "smc –start" (without qoutes) and click OK

Source: http://youradmin.blogspot.com/

Internet Explorer 7 (IE7) deployment - New white paper

Microsoft just released a new version of their IE7 deployment paper. The document has 156 pages. IE7 deployment can get tricky. Try to read this document before deployment, if you haven’t done it yet. It might be a useful reference if you run into problems.

Things that Virtual PC needs to be run as Administrator for...

For the most part Virtual PC is able to happily run when you are using a non-administrative user account and everything will work. There are - however - a couple of things that will not work correctly unless Virtual PC is run under an Administrative account:

1. Using ping (or other ICMP based tools) over shared networking.
   
   In order to create ICMP packets (as opposed to standard TCP/IP packets) that appear to originate from the virtual machine when using shared networking - we need to access Windows APIs that are restricted to only being accessed by administrators.
   
   The reason why these APIs are restricted is that there are a number of known ICMP based network attacks that malicious software could try to utilized on your computer.
   
   The impact of this is that you will simply be unable to ping other computers from a virtual machine. Note that this does not affect virtual machines that are using a direct connection to the physical network adapter.
   
   
2. Using or converting linked virtual hard disks.
   
   Linked virtual hard disks require us to open a handle to the raw physical disk object (and bypass the Windows file system). As this mechanism could also be used to bypass file system security it is restricted to administrative processes only.
   
   If Virtual PC is not running as an administrative process you will be unable to create linked virtual hard disks, convert linked virtual hard disks or boot virtual machines with linked virtual hard disks connected to them.
   
   
3. Accessing copy protected CDs.
   
   Virtual PC attempts to access the physical CD by using a handle to the raw disk (like with linked virtual hard disks) but if that fails it will fall back to using the Windows file APIs to access the CD.
   
   The Windows file APIs work fine for accessing normal data off of CDs - but is unable to provide the information necessary to support the use of copy protected CDs inside of virtual machines.
   
   If Virtual PC is not running as an administrative process access to normal CDs will function correctly - as will data access to copy protected CDs - however any software that attempts to check the authenticity of a copy protected CD will fail.
   
   
4. Configuring the Virtual PC security options.
   
   Configuring the Virtual PC security options requires that we change registry keys stored in the Local Machine registry hive. The values are stored here so that non-administrative users cannot undo security settings changes made by an administrative user.
   
   If Virtual PC is not running as an administrative process the settings on this options page will be disabled.

Now remember that under Windows Vista Virtual PC will be running as a non-administrative process even if you are using an administrative account. To get these features to work under Vista you need to right click on the Virtual PC icon in the start menu and select 'Run as administrator' (with the exception of the Virtual PC security options where we will prompt you to give administrative approval if you are not running as administrator).

Windows, iSCSI and NAS (Network-attached Storage) in Test Environment

Recently, I worked on a project to be deployed on a Windows servers cluster.
Before setting up the production environment, it was necessary to check if one of the required applications will work on a cluster.

To those of you who doesn’t know what a cluster is, just take a look at what’s written on Wikipedia: http://en.wikipedia.org/wiki/Computer_cluster

That time, I had no extra servers for testing, so I decided to setup the cluster in a virtual environment. To do this, I created 2 Windows 2003 Servers on my VMWARE station.
However, the biggest problem was the storage space.

Anyone who worked at least once with clusters, knows that they need a shared storage, also called a NAS (Network-attached Storage).
Unfortunately, I have no NAS in my lab, so I used another technique for my test.
If you do Googling a bit, you will find a lot of Linux-based NAS software, like FreeNAS.

However, I wanted a Windows-based software and I founded probably one of the best (IMHO), which is StarWind, available for FREE in a Personal edition.
Now, I’m not going to show you how to install a cluster, I just would like to show how to connect two (or more) servers to the same Network-attached Storage by using the iSCSI technology, and how to do this in a test environment.

When you launch StarWind for the first time, you will see a screen like this one:

The first step is to add a device.
To do this, right click on the localhost:3260 icon and select Connect.
For the username and password, simply use the word test.

When the connection will be established, click on the Add device button to display the following screen:

Here, select Image File device and click on the Next button.

On the next window, select Create new image and click on the Next button. You'll have to enter a name, a location and a size for the image.
For best performance, it's recommended to avoid image compression and encryption.
The next screen is of the highest importance.

REMEMBER to select Allow multiple concurrent iSCSI connections (clustering).
If you forgot to select this option, your cluster setup will fail.

The next steps are just about few clicks on some Next buttons and a Finish one.

Finally, you should see a screen similar to this one:

Before connecting the Windows Server 2003 to the iSCSI storage, we need to install the iSCSI Initiator, that can be downloaded from Microsoft.

While I was writing this article, the setup of a Windows Server 2008 RC1 with Hyper-V Beta finished.

Since the procedure for connecting iSCSI disks to a Windows Server 2008 is quite similar to connecting them to a Windows Server 2003, I'd like to show how to do this on a Windows Server 2008.

So, from the Control Panel we start iSCSI initiator. When we do that for the first time, we get the message below:

Click on the Yes button. On the next window also click on the Yes button and you will see the following window:

Click on the Discovery tab, click on the Add Portal button, enter the IP address of the iSCSI machine (where StarWind is installed), and click on the OK button.

Click on the Targets tab, and click on the Log on button.

Select the options according to the picture below, and then don't forget to click on the OK button.

Click on the Volumes and Devices tab, and click on the Autoconfigure button.

Now, we are ready to click on the last OK button, and go to the Disk Management.

If all the previous steps were done correctly, you should see a screen similar to this one:

The next steps are very simple, and I don't think that I've to explain how to create a volume and a partition in Windows.

When done, if we open My Computer we will see a new Local Disk, like in my example:

At this point, we have successfully configured an iSCSI storage under Windows, and we are ready to go on.

PXE, aka Pre-Execution Environment and Acronis - Part 2

Since I've published article "PXE, aka Pre-Execution Environment - Part 1" I've got a lot of emails with the same question - 'Where is a Part 2?". So, here it is.

I know many Network Administrators who work with Acronis products and i also sometime work with those good products. This week i did a project for one of my clients in Seattle, WA. The main idea was to deploy an Acronis image on new servers and configure those servers according to system requirements. So, again, those servers came without floppy drive and CD/DVD :) and as all of you know, to restore Acronis image on a new machine we have to use Bootable Rescue Media, aka Bootable CD with Acronis on it. Yes, I know, that Acronis provides a products with PXE integrated, but i don't have it :) and I've used my own PXE server.

The first step I did was create Bootable Rescue Media. Then I took 2 files, kernel.dat and ramdisk.dat from Acronis's directory and put them into C:\PXEServer\TFTPRoot\Boot directory. Well, now was the time to make a small changes to our "default" file (default file located in C:\PXEServer\TFTPRoot\Boot\pxelinux.cfg\ directory). After all those changes my "default" file now looks as follow:

DEFAULT menu.c32

TIMEOUT 300
ALLOWOPTIONS 0
PROMPT 0

MENU TITLE PXE Boot System

LABEL ACRONIS
MENU LABEL ^Acronis Bootable
kernel kernel.dat
append initrd=ramdisk.dat vga=791 ramdisk_size=32768 acpi=off quiet noapic

LABEL NetworkBoot
MENU LABEL ^Network Boot
kernel memdisk
append initrd=w98se-netboot.IMA

LABEL CleanBoot
MENU LABEL ^Clean Win 98 Boot
kernel memdisk
append initrd=W98.IMA

LABEL MemTest
MENU LABEL ^Memory Test
kernel memdisk
append initrd=W98_MemTest.IMA

The next steps were pretty simple ;), Boot, Select Acronis from the menu, Select Image for recovery and.....

Thanks to time PXE saved me I was able to spend some time in very beautiful city Seattle.


Relaited Articles
PXE, aka Pre-Execution Environment - Part 1

PDC 2008 Announced

Next Microsoft Professional Developers Conference (PDC): October 27–30, 2008 at the Los Angeles Convention Center.

PDC is the definitive Microsoft event for software developers and architects focused on the future of the Microsoft platform.