Author: Mitch Garvis

IPv6: Be gone!

/ Mitch Garvis / Leave a comment

Let me start this piece by stating that I am not advocating that we all ignore IPv6.  There are many reasons to use it, and there is nothing wrong with it.  Sure, it is more complicated than we may like… but then again, so was IPv4 when we were first introduced to it.

But alas, if you and your organization are not using IPv6, then there is no reason to have it bound to your workstations, let alone to your servers.  Let’s get rid of it… for now, knowing we can come back and re-enable it with a simple cmdlet.

First, we need to see which network cards have IPv6 bound to it, with the following:

Get-NetAdapterBinding | where {$_.ComponentId -eq ‘ms_tcpip6’}

That will return a list of NICs that have IPv6 enabled, like so:

Get-IPv6

We can remove the binding from each adapter individually, like so:

Disable-NetAdapterBinding -Name “Wi-Fi 2” -ComponentID ms_tcpip6

Of course, then we would have to do it for each of our NICs.  Rather than doing that, it would be simpler to just use a wildcard, thus disabling it for all of our NICs simultaneously:

Disable-NetAdapterBinding -Name “*” -ComponentID ms_tcpip6

Of course, in order to do this, you must open PowerShell with elevated credentials, so make sure you Run As Administrator.

Once you have done that, you can then go back and get the same list.  Notice that the listings under Enabled all read False now.

Disable-IPv6

Now, as you may have heard me say before, PowerShell is very easy to understand… it is almost as if it were post-troglodyte grammar.  Get-Thing! Disable-NetAdapterBinding!  So it stands to reason that the reverse of the Disable-NetAdapterBinding cmdlet would be… yes, you guessed it! Enable-NetAdapterBinding!  But this time, rather than using the wildcard, let’s just do it for the NIC that I am currently using:

Enable-NetAdapterBinding -Name “W-Fi 2” -ComponentID ms_tcpip6

From this, we will now get the following results:

Enable-IPv6

…and just like that, we can now enable and disable a protocol on demand.

By the way, if you are not fond of ComponentIDs, you can also use the actual display names:

Get-Bindings

Of course, that is too much typing for a lot of people, so you could shorten it with wildcards… or you can just cut and paste the ComponentID cmdlets.

Have fun guys, and script on!

 

 

Advertisements

A PowerShell Gotcha

/ Mitch Garvis / Leave a comment

powershell1_thumb.jpgI was bulk-creating users for a test environment today, and in doing so, I borrowed a script from an article online, which set the password for all users to ‘Pa$$word’  I usually use a variation on the same for test environments, but I opted to leave this one as it was.  The script worked.

A few minutes later, I went to log on as one of the newly created users, and the computer returned ‘The password is incorrect.  Try again.’

I spent a few minutes troubleshooting, until I realized… PowerShell uses the dollar sign ($) for variables.  I deleted the users, then changed the script to use a password like ‘P@ssw0rd’.  Sure enough, it worked.

The moral of the story… When using PowerShell, remember that the $ means something, and might break things if you use it for other things.

Have fun!

Server 2016 Versions & Builds

/ Mitch Garvis / Leave a comment

When Microsoft introduced the Operating System as a Service with Windows 10, a lot of people got started getting confused because of the different version numbers and build numbers, all the while Microsoft was telling us it was really the same operating system.  Okay, I think we have it clear now… three years later.

So just to make things fun, Windows Server 2016 is offered as an OS as a Service as well… although mercifully we do not have to update our servers nearly as often to stay current.

It is one thing to mess around with our desktops.  Messing around with our servers could be disastrous on an entirely different level.  So, unlike Windows 10, monthly updates (or Cumulative Updates, if you are just catching up) will not change the version of the OS.  If you installed a Windows Server from the original release (Version 1607), it will remain Version 1607.  The only thing that will change is the OS Build.

Notice the different build… the original reads OS Build 14393.1884, and after applying Cumulative Update for Windows Server 2016 for x64-based Systems (KB4093119) it kicks up to OS Build 14393.2189.

Some of us in the know feel that calling every release of Windows 10 the same operating system is like saying that a 2013 Ford Mustang is the same as a 2018 Ford Mustang; just because they have the same name does not make them the same car.  Similarly, Windows 10 Version 1607 is hardly the same as Windows 10 Version 1803.  They look the same for day-to-day operations, but under the hood there are real differences (i.e.: look for your Control Panel in the Windows Menu in 1803).

The team at Microsoft understood that you cannot just upgrade versions with servers.  There are too many things that could go wrong.  As such, Windows Server 2019 is currently in pre-release testing (we used to call it beta testing… I can’t keep up with the current names).  When the time is right, you can upgrade.

In the meantime, should you be upgrading all of your servers that are Version 1607 to Version 1803?  In general I wouldn’t, but there may be use cases where you would want to.

I hope this clears some things up for you!

April Updates Bring May Frustrates

/ Mitch Garvis / 2 Comments

Okay, I know the grammar in my title is terrible, but I know so many people (including myself) who have had a number of frustrating issues that arose from Microsoft’s April patch cycle.  I will not go into all of them, but one in particular has been annoying me of late.

image

Okay… but this is my corporate laptop, and I don’t remember having a D Drive.  I know my C Drive is running low, but that is only as a percentage… My actual free space is still over 13GB free.  But… where did that 489MB D Drive come from?

image

Most computers running any modern version of Windows is likely going to have a hidden partition… or two.  One of them, the ESP Partition, is used by computers adhering to the Unified Extensible Firmware Interface (UEFI).  It should be around 500MB in size, and before you ask, do not think about deleting this partition… unless you are partial to non-bootable system devices.

The Recovery Partition is usually a 450MB partition that has some information that Windows would need if you decide to clean up… I leave it there because what’s the harm, right?  Until April that is…

If this partition was there in March (and September, for that matter), and nothing has written to it since, why are these Low Disk Space warnings coming up all of a sudden… and every five minutes, just to make matters more annoying?  The answer is simple… and so is the solution.  For some reason there was a  drive letter assigned to the volume all of a sudden… and yes, it has to do with one of the April patches from Microsoft.

Solution:

1) Open the Disk Partition Tool (diskpart.exe).  If your current user is not a member of the local administrators security group, you will have to provide administrative credentials.

2) Type list volume.

image

Here we see a list of partitions (volumes) on the computer.  Volume 0 is obviously my active partition… it is 237GB, the Label is OS, and the Info says Boot.

Volume 1 is my Recovery Partition… 490MB, with no Label, no Info, and the Drive Letter is D… but there is absolutely no reason for this volume to have a drive letter.  Let’s get rid of it.

3) Select the volume in question by typing Select Volume # (where # is the number of the affected volume)

4) Type Remove Letter=”X” (where X is the Drive Letter in question)

5) Type List Volume

image

The affected volume should no longer have a Drive Letter assigned… and your problem should be resolved.

6) Exit DiskPart immediately.  (Type EXIT)

**IMPORTANT NOTE: I have two things to say here:

  1. If you are not an IT Professional, you should really consult a professional before doing this yourself.  DiskPart.exe is possibly the most dangerous tool that Microsoft provides you with Windows, and should be used very carefully.
  2. If you are planning on doing this on your corporate machine, STOP RIGHT THERE!  There is a very good chance that even if you know what you are doing, and even if you have the administrator credentials needed to perform these actions, that doing so without consulting your IT Help Desk will result in a policy violation, and can be grounds for serious disciplinary actions.

If this is your personal computer, and if you are comfortable using DiskPart, this should solve your problem.  If you are concerned, you should let a professional do it for you.  However, if you are comfortable doing it yourself, this should have solved your problem.  Thanks for reading!

image

Deleting User Profiles

/ Mitch Garvis / Leave a comment

“How do I delete old users from a Windows 10 computer? I log in as an administrator, navigate to c:\Users\, and delete their tree.”

NO!  In fact, HELL NO!

There are several reasons why you might want to delete a user profile from a computer. ranging from termination of employment to reallocation of systems to… well, you get the picture.  There are a few of ways you can do it, but there are only a couple of ways of doing it right,

Recently I was working with a client who encountered a situation where a few of his domain users’ local profiles were corrupted on a corporate system.  I told him that the simplest way of fixing the issue was to delete the user profile, so that when the user next logged on, it would re-create the profile for them.  They called me back a few minutes later reporting that they were now receiving the following message when the affected users logged in:

We can’t sign in to your account. This problem can often be fixed by signing out of your account then signing back in. If you don’t sign out now, any files you create or changes you make will be lost.

Okay, that led me to believe they had simply deleted the c:\Users\%username% directory, and we had to clean up that mess in the registry (under “KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList”, delete any entries that have the .BAK extension).

Okay… now that we have learned how NOT to do it, here’s how you should do it:

1) Open Control Panel > System and Security > System in the affected machine.  The simplest way to do this in the more recent releases of Windows 10 is to click Run – sysdm.cpl.

3) In the Advanced tab of the System Properties window, in the User Profiles section, click Settings…

image

4) In the User Profiles window, click on the user you want to delete, and click Delete.

image

**NOTE: You will not be able to delete the account you are logged in as, nor the default Administrator account.

Of course, you will be asked if you are really really sure that you want to delete the account, and you can click Yes or No as you wish.

There are ways to do it in PowerShell… but they don’t seem to be very clear or very easy.  For this one time, I strongly suggest the GUI.

Stored Passwords–Beware, and know.

/ Mitch Garvis / Leave a comment

How many passwords do you have?  How many of them are unique?  How many of them would cause you, should they fall into the wrong hands, grief, hardship, financial loss?

Now what would you say if I told you that anyone with a very little bit of knowledge could access all of those passwords, and it would be your fault?

lock.jpgThe world has gotten a lot busier since I was a kid.  Back then, the only password I really had to know was the locker combination to my school locker.  Today, as I peruse my password manager vault, I have over two hundred (200) individual passwords stored.  It is impossible for anyone to remember all of those, so Microsoft decided to help us out.  A lot of the passwords for the web sites we visit on a regular basis are stored in the Windows Credential Manager, so that we do not have to remember them every time.  Every time you click ‘Remember my password’ an entry is made into the Windows Credential Manager, and most people will forget that it is there… if they ever knew it was there in the first place.

if this is your personal computer, and you never give it to anyone else to fix, then it is really not that big a deal.  But what happens when you give your computer to a tech to fix it?  What happens if you leave your job, and the company takes back the computer?

The following guidance is not comprehensive, and it is in no way meant to be a way to protect your passwords; this is more a question of opening your eyes to the dangers of using your online passwords on shared computers.

1) Open the Windows Credential Manager.  From the Start Menu, type netplwiz.  If you are not a member of the local administrators group, you will be prompted to provide elevated credentials.  The User Accounts window opens.

2) Click the Advanced tab.

3) In the Passwords context, click Manage Passwords.

At this point you have a couple of options.  The Web Credentials context appears by default, but the Windows Credentials context is there too.

image

In the Web Credentials context, you will see a list of the sites for which you have stored your passwords.  You can expand any of them to see something like this:

image

You see that blue word ‘Show’?  That means that if you click there, your password will be displayed in clear text.  It is small consolation that you are required to enter your Windows password for that to work, because if you handed your computer to a technician then you probably handed them your password as well.  Worse, if you left your job, the IT department can very easily change your password to anything they want, and have access to this.

It is again of little consequence that on the Windows Credentials side, you do not have the ‘Show’ option.

image

So yes, for the people who are looking for complete convenience with little regard to security, this is a great feature.  If you are so inclined, you can even click on the Back up Credentials button at the top and save all of your credentials to port them to another machine (It does encrypt this file, and you must provide a password for it).  However, if you are at all concerned about security, and especially if you are one of those people who tends to reuse the same passwords (hey, I thought of a great password to use for online banking… let’s use the same password for my Recipes Sharing forum!) then you should be aware of why you should not do that… and rather than using the Windows Credential Manager to store your passwords, look into a password vault solution (See article), and possibly even pair it with a multifactor authentication solution (I have a few, including my Yubikey).

Passwords stored in clear text are never a good idea, and the fact that Windows still does it for websites baffles me, especially since I remember learning about non-reversible encryption algorithms back in my Windows 2000 Server classes.  Now that you know that Windows does it, you might take a few extra precautions.

Recovery Image Oopsie…

/ Mitch Garvis / Leave a comment

In a recent article I told you all how I had to recover my Surface Pro, and downloaded a Recovery Image from Microsoft in order to do so (See Surface Woes). As I went through the process of finding that image download, I could not help thinking that so much of the process seemed… outdated.  Don’t get me wrong, it worked… but it just felt like somewhere around the Surface Pro 2 era someone at Microsoft just gave up keeping up the information.

So how funny was it when I realized this morning that the Recovery Image, downloaded directly from Microsoft, was actually based on Windows 10 1703, released fifteen months ago?  I know Microsoft wants people to use their latest and greatest, especially when it comes to Windows 10.  Two builds have been release since (1709 and, most recently, 1803), so I wonder how difficult it would have been to update the Recovery Image to one of those.  My Surface Pro had been upgraded to Windows 10 1803 a few weeks ago, before the crash.

And so, having already done so once, and having spent several hours restoring my on-the-brink-of-dead device back to functionality, I have to spend another couple of hours watching the spinning circles of boredom before I can go back to using the device happily.

image

Delegating Control in Active Directory

/ Mitch Garvis / Leave a comment

I have been saying for years that a good IT department in a secure, well-managed infrastructure will give their end users the tools they need to do their job… and nothing more.

If that is true for end users, shouldn’t it also be true for the IT department themselves?  It is frustrating to see the number of shops I go into where there are fifteen or twenty members of the Domain Admins group, and for the silliest reasons.

Windows ServerBy using the Delegation of Control Wizard, you can assign very granular permissions to regular user accounts to perform several common tasks.  In Windows Server 2016 these include:

  • Create, delete, and manage user accounts
  • Reset user passwords and force password change at next logon
  • Read all user information
  • Modify the membership of a group
  • Join a computer to the domain
  • Manage Group Policy links
  • Generate Resultant Set of Policy (Planning)
  • Generate Resultant Set of Policy (Logging)
  • Create, delete, and manage inetOrgPerson accounts
  • Reset inetOrgPerson passwords and force password change at next logon
  • Read all inetOrgPerson  information

These permissions can be set either at the domain level, or at the Organizational Unit (OU) level (except Join a computer to the domain, which must be set at the domain).  In order to do it:

  1. Open Active Directory Users and Computers (ADUC)
  2. Right-click on the domain (or OU) where you want to assign the permission
  3. Click Delegate Control…
  4. On the Welcome to… window click Next
  5. On the Users or Groups window click Add… and select the security group (or individual) that you want to affect.  Click Add, then click Next
  6. On the Tasks to Delegate window select the tasks from the list, and then click Next
  7. On the Completing the Delegation of Control Wizard window click Finish.

Remember, if you have multiple sites across slow links this might take a while to propagate, but you are done.  That’s it!

I hope this helps.  Really, it has not changed much in fifteen years, but sometimes it is important to refresh knowledge, especially for the newer generations of IT Admins!

Surface Woes

/ Mitch Garvis / Leave a comment

Earlier this year I opened a ticket with Microsoft to replace my Surface Pro 4 under warranty.  There was an intermittent problem, and I was hoping to be able to get it fixed.  Unfortunately the problem went away, and I continued to use my device as normal.

imageThis week I turned on the device, and it would not boot.  It turned on alright, but it spent hours in the ‘dots spinning in a circle’ pattern.  When I say hours, what I should say is overnight.  I hoped that the drive was self-repairing.  I don’t know what in the world possessed me to think that – something akin to a doctor hoping that a sick liver just regrows.  Yesterday I went to work troubleshooting.

The first place I went was Microsoft’s Surface Support.  It was there that I discovered that, like so many companies out there, Microsoft doesn’t even want to talk to you once the warranty is over.  I’m sure they would be happy to speak to me if I gave them my credit card… but I was not quite there yet. 

The one thing I did get out of that experience (and a bit of surfing and fishing around) was a link to download a Recovery Image for the Surface Pro, as well as instructions on how to use it.  More on that later.

From the research I did online, it looks like my hard drive is either (hopefully) corrupt or (nooo!) dead.  I boot into my trusty Windows To Go key (see any of the articles I have written on it here).  I open Disk Manager, and bring the internal drive online.  So far, so good.

I try to navigate to it.  Access Denied.  Crap.  That can mean a number of things went wrong, but I am not concerned with Ransomware; they haven’t asked me for anything, it is just not booting.

My big concern is that if the drive is not accessible, then there may be something wrong with the hardware… but all signs point away from that, and I expect that somehow something just went terribly wrong.

Fortunately, I have Easeus Data Recovery Pro on my Windows To Go key, so I am able to recover lost files.  Hey, wait a minute!  If I can do that, then chances are the drive is not dead, right?

Okay, great… I have recovered my files, and now it is time to try to restore the device to useable.  I go back to Microsoft’s Support page to download the Recovery Image.  You can only download the image once you have signed in with your Microsoft Account, and then only if you have a Surface Pro registered to your account.

image

Great… I have the Recovery Image.  Now what I need is another computer to create the Recovery Drive with.  Unless you actually have another Microsoft Surface Pro 4, you are going to have to have Windows create a Recovery Disk for itself, and then copy over the files with the ones I downloaded.  That isn’t a problem for me – I have several computers at my disposal, and I know that my corporate Dell laptop recently received the latest build of Windows 10 Enterprise.  It works just fine.

A word to the wise: You are going to need a 16 GB USB key for this to work.  It will work with a USB 2.0 device, but it……..will……..be……..very……..slow.  I don’t just mean rebuilding your computer either – it will be slow as molasses to create the device.  Proof? I started building on a USB 2.0 device.  I waited fifteen minutes, and then started the same process on a USB 3.0 device.  The USB 3.0 device was done before the USB 2.0 was halfway done.

Okay, it is time.  The moment of truth.  I connect the USB device to my Surface Pro 4, and I boot (holding down the Volume Down button.  The menus are a bit confusing, but I finally get to the button that says ‘Restore my PC to Factory Image.’  It goes through the motions, all the while keeping me appraised of just how many percent done it is (pretty useless, as long as there is forward progress), and when it gets to 100%, it reboots my device…

GETTING READY…

Hello Cortana!  I never thought I would actually be happy to hear your voice! 

So now, I have to re-install all of my software, but that is more time consuming than difficult, since most of my software and licenses are available from the cloud, and the rest are on one of my external USB drives.

…and for the fun of it, what are the first applications I re-installed (in order)?

  • Microsoft Intune
  • Microsoft Office 365
  • LastPass
  • Techsmith Snagit
  • Techsmith Camtasia Studio
  • Open Live Writer
  • Google Chrome

Yes, it is entirely possible that I no longer have my installable source file for Windows Live Writer (see article), and it looks like my newly formatted Surface Pro 4 will no longer have that trusted blogging software that I have been using for a decade (or longer).  In truth, I probably have it one one of my computer at home, but I don’t think it is worth the hassle to look, because Open Live Writer is just fine.

Management Packs: Keep Up!

/ Mitch Garvis / Leave a comment

Congratulations! You have your System Center Operations Manager up and running.  You have imported the Management Packs that you need to monitor your organization.  All that’s left is to watch your dashboards and make sure everything is green, right?

Wrong.

imageManagement Packs are updated all the time.  That’s why they have version numbers.  As an example, the Windows Server 2016 and 1709+ Operating System (Discovery) Management Pack that I downloaded for a client in March was version 10.0.17.0, and is now at version 10.0.19.0.  Is it a big difference?  I don’t know… that is why we check the documentation and the web for clues.  According to the document Management Pack Guide for Windows Server 2016 and 1709 Plus.docx (available online, but also through your SCOM Console):

Changes in Version 10.0.19.0

  • Process monitoring is disabled by default: upon a “clean” installation of the management pack, the monitoring is disabled for all existing and newly added monitored servers, except for the case when the monitoring had been configured before via the wizard in the previous version of the management pack.
  • The following rules are disabled by default:
    • Process Monitoring: Health State Collection
    • Process Monitoring: Process Health State Subscription
    • Process Monitoring: Performance Collection
    • Process Monitoring: Process Performance Metric Subscription
    • Process Monitoring: Network Port State Collection
    • Process Monitoring: Process Network Port Subscription
    • Process Monitoring: High Handle Count
    • Process Monitoring: High Memory Percentage
    • Process Monitoring: High Processor Time Percentage
    • Process Monitoring: Number of Processes Collection
  • Elaborated a workaround for Handle Count increase issue (see details in Troubleshooting and Known Issues section).

Alright… Maybe these changes are important to you, and maybe they aren’t… but there is someone out there who spends his life writing SCOM Management Packs who thought they might be handy, and knowing about them is part of your job as a cloud administrator.

So it may be our job to know about these changes, but exactly how, short of spending our days combing the web, are we supposed to know when new Management Packs are released, and what changes have been made that may (or sometimes may not) be relevant and useful to our organizations?  Here’s how:

image

  1. From your SCOM Console, click on the Administration context.
  2. In the Navigation Pane, expand Management Packs.
  3. Click on Updates and Recommendations.

You will see a list of available updates and recommendations, and when the installed Management Packs were last updated.  In the Actions Pane there is an option to Get All MPs… This is one of those ‘Are you really sure?’ moments.  I prefer to see what each Management Pack update do before going that route.

In the Actions Pane there is another option to View Guide.  It is greyed out until you click on an individual Management Pack in the main window.  That is how you end up with the document that I mentioned earlier (Management Pack Guide for Windows Server 2016 and 1709 Plus.docx ).

Once you have decided that you do indeed want to install a new version, you can click on Get MP, and the Import Management Packs window pops up, downloading the new MP.

image

Once you have downloaded the new Management Pack, you still have to install them.  In the same window, click Install.  It will go through the process, and let you know when you are ready to go.

Unfortunately, in the Updates and Recommendations console you cannot select multiple updates to apply.  You can either download a single Management Pack, or you can click Get All MPs.  There is no in between.  However, in the Import Management Packs window you can look at the properties of an individual MP (you will see tabs for General, Knowledge, and Dependencies in the Properties window).  You can thus remove individual packs from the whole, rather than having to install everything.

Once you click Import, you can click STOP if you change your mind… but only until the individual pack you are importing is done.  Once it is important, you would have to roll back by re-importing the previous version (which I hope you kept somewhere!).

image

So now you know.  Management Packs are updated more often now in the days of Windows as a Service, so you are likely to see more updates to Management Packs than you might have a few years ago, but that does not mean you have to do this on a weekly basis.  For most organizations, every couple of months should do fine.  Remember… even if you are using an older Management Pack, you are still monitoring.

A BossDock PHEW! Moment…

/ Mitch Garvis / Leave a comment

USB-C-5K-BossDOCK-1I got to my office this morning and realized that my screens were unresponsive, as were my external keyboard and mouse.  Assuming the issue was with my external docking station, I disconnected it from my laptop and then reconnected it; I unplugged it from the power source, waited a few seconds, then plugged it in again.  Still nothing.  Crap.

…And then I realized that a docking station is only useful when it is connected to a functional computer.  I switched to my laptop keyboard and got the same response.  I performed a cold boot of my laptop, and sure enough, the dock worked fine.  It was my laptop (which I cannot recall when the last time I rebooted) that was the problem.

Phew!

(For those of you who are wondering why I would rather the $1500 laptop be the problem rather than the $200 docking station, it is simple… the computer belongs to my company, and if it stops working our Service Desk takes it for an hour to fix it while I go outside for a cigar.  Have a great weekend!)

Golden Exam?

/ Mitch Garvis / 1 Comment

I have a spreadsheet that I keep in my OneDrive that tracks the certification exams I have taken.  Over the years (starting in December, 2011) I have written a great many of them, Mostly for Microsoft but also a few VMware exams sprinkled in there. 

MCP LogoMuch has changed since I wrote my first exam (which, incidentally, was 70-215, which I failed the first time around).  I have an envelope that contains most (sadly not all) of the score reports from those exams, and looking back at the first one and comparing it to the latest one I see a lot of differences (aside from the fact that I passed my most recent exams).  The logos have changed, the report formats have changed, and for the online proctored exams there is a picture of me (in case I forgot what I look like).

One thing that has not changed since I passed my first exam (March 31, 2003) is the elation (and relief!) I feel when I see the words ‘Congratulations, you passed’ at the end of the exam.  It is one of the reasons I never loved taking beta exams, for which you would have to wait to receive your score report… often several months.

This week I took an exam that was, to me, completely unnecessary.  Exam 698: Installing and Configuring Windows 10 is a required exam for the MCSA: Windows 10 certification… unless you have a particular Windows 8 certification, at which point you only need to take Exam 697: Configuring Windows Devices.  I passed that exam last year, so I did not need Exam 698.  However, I am leading a study group this week, and I wanted to make sure I knew what I was talking about with regard to the exam.  I sat down at my computer Tuesday morning and passed it.  I then went back to work and did not give it another thought.

This morning I was cleaning up my paperwork, and I opened the Certifications spreadsheet to update it with my latest.  It turns out that is was the fiftieth exam that I have passed.  (We will not mention the number of exams I have failed).

Fifty exams is not a record by any means.  I know people who have likely passed a few hundred exams in their time.  For some, it would be a tremendous number.  For others, it would be a drop in the ocean.  For me, it is what I have done… and because it was that special number I will take a moment to be proud of myself… and then I will get back to work.

I have students and colleagues who as I write this are preparing to sit their first certification exam.  I am so proud of them.  Why?  Because I remember how stressful it was for me.  Pass or fail, they have taken that step, and that is something to be proud of.  Good luck friends!

What is in a Name?

/ Mitch Garvis / Leave a comment

Recently a client asked me to build a series of virtual machines for them for a project we were working on.  No problem… I asked what they should be named, and the client told me to call them whatever sounded right.

That did not sound right… or at least, it turned out to not be right.  Indeed, the client had an approved server naming convention, and when the manager saw my virtual machines named VM1, VM2, VM3, and so on… he asked me to change them.

If we were talking about a single server, I would have logged in and done it through Server Manager.  But there were fifteen machines in play, so I opted to use Windows PowerShell from my desktop.

Rename-Computer –ComputerName “VM1.domain.com” –NewName “ClientName.domain.com” –DomainCredential domain\Mitch –Restart

The cmdlet is pretty simple, and allowed me to knock off all fifteen servers in three minutes.  All I needed was the real names… and of course my domain credentials.

The cmdlet works just as well with the –LocalCredential switch… in case you aren’t domain joined.

image

That’s it… have fun!

Offline Files: Groan!

/ Mitch Garvis / Leave a comment

You’ve configured Folder Redirection in Group Policy, and it works as expected… as long as you are connected to the network.  As soon as you disconnect, things stop working.  That may be a real inconvenience if you are redirecting your Photos, but if you have redirected your Desktop folder to a network share, there is as good chance that your computer will be rendered unusable… that is, until you reconnect to your local network.

We came across this issue recently at a client’s site, and we spent a few aggravating hours trying to get things working, to no avail.  Remember, this is something that I have been doing since the days of Windows 2000, and the procedures have not changed significantly in that time.  I was baffled… until I realized that we were working with a File Server Failover Cluster, and that our servers were Windows Server 2016.

There is an option in clustered Server 2016 shares that is called Enable continuous availability.  If this option is checked (as it is by default), then even if you have done everything right… even if your Offline Files are properly configured, you are going to click on a file in that properly configured folder, and in the Details tab it will be listed as Available: Online-Only.

How do we fix that?  Simple… uncheck the box.

Capture

  1. In Server Manager, expand File and Storage Services, and then click on Shares.
  2. In your list of shares, right-click on the one where you are redirecting your files and click Properties.
  3. In the Settings tab, clear the checkbox next to Enable continuous availability.
  4. Click Okay.

Incidentally, the file share will only be listed under the cluster node that is the current owner.  Don’t worry about doing it at the Cluster Level, although if you prefer to do it in Failover Cluster Manager, you can perform the following steps to achieve the same results:

Capture2

  1. Connect to the relevant failover cluster.
  2. Navigate to Roles
  3. Click on your File Server Role in the main screen.
  4. In the Details pane below, select the Shares tab.
  5. Right-click the relevant share, and click Properties.
  6. In the Settings tab, clear the checkbox next to Enable continuous availability.
  7. Click Okay.

The Properties window will be identical to the one that you saw under Server Manager.

You shouldn’t have to refresh your group policy on the client, but you may want to log off and log on to force the initial synchronization.

That’s it… Good luck!

Not all Computer Docks are Created Equal…

/ Mitch Garvis / Leave a comment

When I first joined Cistel, I picked up a Dell Universal Dock (D6000) to use with my corporate Dell Latitude laptop.  It is a good little device, and it did the job just fine… until I wanted to work on my Surface Pro 4, at which point I would have to switch to my Surface pro port replicator (which they call the Microsoft Surface Dock).  Both have their advantages… the Surface Dock has two Mini-DisplayPort inputs which supports any display type you are willing to buy a dongle for, while the Dell has an HDMI port, a Mini-DisplayPort, and a 15-pin VGA port for those of us living large and long ago.  The Surface dock is proprietary, with a connector that works only for select Microsoft Surface devices.  The Dell has a USB-C connector, which allows a lot more flexibility… except that it won’t work on the Surface Pro (or any other device without a USB-C input, for that matter).

It really doesn’t matter which of these devices is better; they both do about the same thing… for their respective devices.  The fact that I cannot use either of them for both of my devices (well, all of my devices) is a bit of an annoyance.  I decided to go looking for an alternative.  I tried a few different devices that I didn’t quite love, until I found the BossDock from Juiced Systems.

JuicedI have written about a number of different peripherals from Juiced Systems before, most (but not all) of which were geared to my Microsoft Surface Pro 4 (and prior to that, the Microsoft Surface Pro 3).   Their products have always been reliable and competitively priced.  With the BossDock selling for USD$200, it is again competitively priced to both of my other docks… but supports both USB-C and USB 3.0 interfaces, meaning that it will likely work on every laptop (or desktop, for that matter) that has been sold in the last five years.  How does it work with either device?  The cable that connects the dock to the computer is interchangeable.

So what do we have here?  The BossDock really is the boss… it features:

  • Compatible with both USB Type-C and Type-A Laptop/Desktop Computer
  • Supports resolutions up to 5K ( 5120×2880 @ 60hz ) when using dual Display Ports simultaneously
  • Dual 4K HDMI / Dual 4K Display Port / 4K HDMI + 4K Display Port Output
  • Supports Extend and Mirror Mode
  • Supports 5.1 Channel Surround Sound
  • Built in USB 3.0 GPU, Plug and Play Display
  • Separate Microphone Input and Audio Output
  • Super Speed USB 3.0, Transfer Speeds up 5Gbps and backward compatible with 2.0/1.1
  • Built In 10/100/1000 Bate-T Gigabit Ethernet RJ45 port for uninterrupted network performance

It is compatible with all currently supported versions of Windows (both 32-bit and 64-bit), as well as Windows Vista and XP (but you have to download the software for those… big deal!).  It is also compatible with Mac OS X (El Capitan, Yosemite, Mavericks, Mountain Lion, Sierra, Lion, Snow Leopard). 

The front side has four USB 3.0 ports, along with the sound in and out jacks.  The back has two more USB 3.0 ports, as well as a 1GB Ethernet port, two HDMI ports, and two Display Ports.  Additionally on the back, there is the USB-C in (from which you would connect to your computer), the DC in (for power), and the on/off switch.  Yes, you can shut it down so it is not draining power when not in use. 

BossDock Front

BossDock Back

The dock is a little longer than the other two devices, at 8.5” x 3.5” x 1”, but weighs less than either of them, and does not require a heavy power brick like they both do.  In other words, if you want to travel with it you will not require frequent trips to your chiropractor for the pleasure.

While I do not really need it, I appreciate that the BossDock has a built-in USB 3.0 GPU, as well as 5.1 Channel Surround Sound. 

In short, I love the device.  When I switch from my corporate laptop to my Surface Pro, all I do is switch the cable out (USB-C to USB-C, versus USB-C to USB 3.0).  Bang, I am ready to go.  Both cables are included, as is the software & driver CD (although I did not need to use it, as both computers detected all of the devices and installed the necessary drivers automatically). 

As for performance, I am getting great response from all aspects.  The transfer rates advertised as up to 5Gbps are not quite there, but that is because the devices I am using are slower.  The graphics are great, video incredibly responsive, and the sound is clear as a bell. 

Now that I have the BossDock connected at my desk, I have been able to put two boxes into a drawer (unfortunately I still need to retain the power bricks for the laptops, as the BossDock does not power either device) and out of the way, and can sell them off if I want.  because really, all I need is the one… well, I might need another one to use at home Winking smile