Golden Exam?

I have a spreadsheet that I keep in my OneDrive that tracks the certification exams I have taken.  Over the years (starting in December, 2011) I have written a great many of them, Mostly for Microsoft but also a few VMware exams sprinkled in there. 

MCP LogoMuch has changed since I wrote my first exam (which, incidentally, was 70-215, which I failed the first time around).  I have an envelope that contains most (sadly not all) of the score reports from those exams, and looking back at the first one and comparing it to the latest one I see a lot of differences (aside from the fact that I passed my most recent exams).  The logos have changed, the report formats have changed, and for the online proctored exams there is a picture of me (in case I forgot what I look like).

One thing that has not changed since I passed my first exam (March 31, 2003) is the elation (and relief!) I feel when I see the words ‘Congratulations, you passed’ at the end of the exam.  It is one of the reasons I never loved taking beta exams, for which you would have to wait to receive your score report… often several months.

This week I took an exam that was, to me, completely unnecessary.  Exam 698: Installing and Configuring Windows 10 is a required exam for the MCSA: Windows 10 certification… unless you have a particular Windows 8 certification, at which point you only need to take Exam 697: Configuring Windows Devices.  I passed that exam last year, so I did not need Exam 698.  However, I am leading a study group this week, and I wanted to make sure I knew what I was talking about with regard to the exam.  I sat down at my computer Tuesday morning and passed it.  I then went back to work and did not give it another thought.

This morning I was cleaning up my paperwork, and I opened the Certifications spreadsheet to update it with my latest.  It turns out that is was the fiftieth exam that I have passed.  (We will not mention the number of exams I have failed).

Fifty exams is not a record by any means.  I know people who have likely passed a few hundred exams in their time.  For some, it would be a tremendous number.  For others, it would be a drop in the ocean.  For me, it is what I have done… and because it was that special number I will take a moment to be proud of myself… and then I will get back to work.

I have students and colleagues who as I write this are preparing to sit their first certification exam.  I am so proud of them.  Why?  Because I remember how stressful it was for me.  Pass or fail, they have taken that step, and that is something to be proud of.  Good luck friends!


What is in a Name?

Recently a client asked me to build a series of virtual machines for them for a project we were working on.  No problem… I asked what they should be named, and the client told me to call them whatever sounded right.

That did not sound right… or at least, it turned out to not be right.  Indeed, the client had an approved server naming convention, and when the manager saw my virtual machines named VM1, VM2, VM3, and so on… he asked me to change them.

If we were talking about a single server, I would have logged in and done it through Server Manager.  But there were fifteen machines in play, so I opted to use Windows PowerShell from my desktop.

Rename-Computer –ComputerName “” –NewName “” –DomainCredential domain\Mitch –Restart

The cmdlet is pretty simple, and allowed me to knock off all fifteen servers in three minutes.  All I needed was the real names… and of course my domain credentials.

The cmdlet works just as well with the –LocalCredential switch… in case you aren’t domain joined.


That’s it… have fun!

Offline Files: Groan!

You’ve configured Folder Redirection in Group Policy, and it works as expected… as long as you are connected to the network.  As soon as you disconnect, things stop working.  That may be a real inconvenience if you are redirecting your Photos, but if you have redirected your Desktop folder to a network share, there is as good chance that your computer will be rendered unusable… that is, until you reconnect to your local network.

We came across this issue recently at a client’s site, and we spent a few aggravating hours trying to get things working, to no avail.  Remember, this is something that I have been doing since the days of Windows 2000, and the procedures have not changed significantly in that time.  I was baffled… until I realized that we were working with a File Server Failover Cluster, and that our servers were Windows Server 2016.

There is an option in clustered Server 2016 shares that is called Enable continuous availability.  If this option is checked (as it is by default), then even if you have done everything right… even if your Offline Files are properly configured, you are going to click on a file in that properly configured folder, and in the Details tab it will be listed as Available: Online-Only.

How do we fix that?  Simple… uncheck the box.


  1. In Server Manager, expand File and Storage Services, and then click on Shares.
  2. In your list of shares, right-click on the one where you are redirecting your files and click Properties.
  3. In the Settings tab, clear the checkbox next to Enable continuous availability.
  4. Click Okay.

Incidentally, the file share will only be listed under the cluster node that is the current owner.  Don’t worry about doing it at the Cluster Level, although if you prefer to do it in Failover Cluster Manager, you can perform the following steps to achieve the same results:


  1. Connect to the relevant failover cluster.
  2. Navigate to Roles
  3. Click on your File Server Role in the main screen.
  4. In the Details pane below, select the Shares tab.
  5. Right-click the relevant share, and click Properties.
  6. In the Settings tab, clear the checkbox next to Enable continuous availability.
  7. Click Okay.

The Properties window will be identical to the one that you saw under Server Manager.

You shouldn’t have to refresh your group policy on the client, but you may want to log off and log on to force the initial synchronization.

That’s it… Good luck!

Not all Computer Docks are Created Equal…

When I first joined Cistel, I picked up a Dell Universal Dock (D6000) to use with my corporate Dell Latitude laptop.  It is a good little device, and it did the job just fine… until I wanted to work on my Surface Pro 4, at which point I would have to switch to my Surface pro port replicator (which they call the Microsoft Surface Dock).  Both have their advantages… the Surface Dock has two Mini-DisplayPort inputs which supports any display type you are willing to buy a dongle for, while the Dell has an HDMI port, a Mini-DisplayPort, and a 15-pin VGA port for those of us living large and long ago.  The Surface dock is proprietary, with a connector that works only for select Microsoft Surface devices.  The Dell has a USB-C connector, which allows a lot more flexibility… except that it won’t work on the Surface Pro (or any other device without a USB-C input, for that matter).

It really doesn’t matter which of these devices is better; they both do about the same thing… for their respective devices.  The fact that I cannot use either of them for both of my devices (well, all of my devices) is a bit of an annoyance.  I decided to go looking for an alternative.  I tried a few different devices that I didn’t quite love, until I found the BossDock from Juiced Systems.

JuicedI have written about a number of different peripherals from Juiced Systems before, most (but not all) of which were geared to my Microsoft Surface Pro 4 (and prior to that, the Microsoft Surface Pro 3).   Their products have always been reliable and competitively priced.  With the BossDock selling for USD$200, it is again competitively priced to both of my other docks… but supports both USB-C and USB 3.0 interfaces, meaning that it will likely work on every laptop (or desktop, for that matter) that has been sold in the last five years.  How does it work with either device?  The cable that connects the dock to the computer is interchangeable.

So what do we have here?  The BossDock really is the boss… it features:

  • Compatible with both USB Type-C and Type-A Laptop/Desktop Computer
  • Supports resolutions up to 5K ( 5120×2880 @ 60hz ) when using dual Display Ports simultaneously
  • Dual 4K HDMI / Dual 4K Display Port / 4K HDMI + 4K Display Port Output
  • Supports Extend and Mirror Mode
  • Supports 5.1 Channel Surround Sound
  • Built in USB 3.0 GPU, Plug and Play Display
  • Separate Microphone Input and Audio Output
  • Super Speed USB 3.0, Transfer Speeds up 5Gbps and backward compatible with 2.0/1.1
  • Built In 10/100/1000 Bate-T Gigabit Ethernet RJ45 port for uninterrupted network performance

It is compatible with all currently supported versions of Windows (both 32-bit and 64-bit), as well as Windows Vista and XP (but you have to download the software for those… big deal!).  It is also compatible with Mac OS X (El Capitan, Yosemite, Mavericks, Mountain Lion, Sierra, Lion, Snow Leopard). 

The front side has four USB 3.0 ports, along with the sound in and out jacks.  The back has two more USB 3.0 ports, as well as a 1GB Ethernet port, two HDMI ports, and two Display Ports.  Additionally on the back, there is the USB-C in (from which you would connect to your computer), the DC in (for power), and the on/off switch.  Yes, you can shut it down so it is not draining power when not in use. 

BossDock Front

BossDock Back

The dock is a little longer than the other two devices, at 8.5” x 3.5” x 1”, but weighs less than either of them, and does not require a heavy power brick like they both do.  In other words, if you want to travel with it you will not require frequent trips to your chiropractor for the pleasure.

While I do not really need it, I appreciate that the BossDock has a built-in USB 3.0 GPU, as well as 5.1 Channel Surround Sound. 

In short, I love the device.  When I switch from my corporate laptop to my Surface Pro, all I do is switch the cable out (USB-C to USB-C, versus USB-C to USB 3.0).  Bang, I am ready to go.  Both cables are included, as is the software & driver CD (although I did not need to use it, as both computers detected all of the devices and installed the necessary drivers automatically). 

As for performance, I am getting great response from all aspects.  The transfer rates advertised as up to 5Gbps are not quite there, but that is because the devices I am using are slower.  The graphics are great, video incredibly responsive, and the sound is clear as a bell. 

Now that I have the BossDock connected at my desk, I have been able to put two boxes into a drawer (unfortunately I still need to retain the power bricks for the laptops, as the BossDock does not power either device) and out of the way, and can sell them off if I want.  because really, all I need is the one… well, I might need another one to use at home Winking smile

What’s My WiFi?

A lot of changes have been made to Windows 10 over the nearly three years since its release as the last desktop operating system that Microsoft would be releasing.  Some of those changes have been substantive, others purely cosmetic.  Over the last few versions, they have done quite a bit to remove any of the Windows 7 look-and-feel to the operating system, or at least hiding it.  For those of us who have been using Windows for more than thirty years, it is often annoying that something we used to be able to do without thinking now takes a bit of a fight with the operating system in order to achieve.  As an example, it used to be pretty simple to find your WiFi password.  It is still possible in the GUI, but it is much more convoluted… and at that still requires dropping into the ‘Windows 7’ Control Panel in order to achieve.  (See below)


While there is not really a Windows 10 GUI way to glean the same information, there is a command line way to do it.  The command is:

netsh wlan show profile “NETWORK NAME” key=clear

This will result in the following output:


Incidentally, this will not only work for the wireless network that you are currently connected to.  You can use the following command:

netsh wlan show profiles

to show all of the wireless networks that you have connected to, and then use the same command, like so:



(For the curious, the wireless network BELL570 no longer exists, and the password to my iPhone (which is not called Mitch’s iPhone) is not MyPassword.)

So now you see there are still ways to extract your wireless password, even if Microsoft is making it more arduous to do so.

Ironkey Fail: Time to change.

WTG keysThere is probably no good reason why I have four (4) military grade USB keys on my key ring with Windows To Go (WTG) configured on each one… but since 2015 I have written about four different devices, and I keep all of them.  Of course, they are not all always up to date… but when a new version of Windows 10 is released, I try to upgrade either some or all of them.  I skipped 1709, so I decided to take an afternoon and recreate all four keys on Windows 10 1803.

My Apricorn key worked just fine.

My Spyrus key worked just fine.

My Ironkey W300 (the one without hardware encryption) worked just fine.

My Ironkey W500 (the one with hardware encryption)… did not.

I spent a few hours trying to make it right, but to no avail.  I finally gave up (for now) deciding to come back to it later on.  And then I got an e-mail press release from Spyrus, claiming that ‘…SPYRUS Windows To Go Device Trial Pack with SEMSaaS Device Management to Replace Competitive Devices that Do Not Support Recent Windows 10 Updates’

Interesting… I decided to go through my archives and see if I would be able to create a Windows To Go installation with an earlier version of Windows.  Fortunately on one of my external hard drives I found an ISO for Windows 10 1703 Enterprise (remember that we need the Enterprise SKU for WTG!) and I spent a few minutes working on it last night.  Presto, it worked!

So the good news is: If you have an Ironkey W500 (or W700 I would think), it will still work with Windows 10 (1703 and earlier). 

The bad news is: your USB key which you spent hundreds of dollars on will only work with an operating system that will go out of support in a few months, and unless Kingston changes its policy (which seems to have been to ignore the Ironkey acquisitions and let the products die) then this is unlikely to change.

I do not know if that policy will change, or if there is something going on behind the scenes that we do not know about.  What I do know is that there is a control panel that the Ironkey toolkit installs to the install.wim file before you deploy it from the Windows To Go Control Panel, and that control panel does not seem to be compatible with Windows 10 versions later than 1703.

And so, I hate to do this, but I have to revise my previous statements.  I will give the Spyrus Workspace Pro a big thumbs up, and I will give the Apricorn Aegis Secure Key 3z a big thumbs up.  The Ironkey W500, I’m afraid, is now a do not buy

KB4103723: DO NOT APPLY!


Hey folks, if you know what is good for you, do not apply this patch yet.  KB4103723 protects against a CredSSP vulnerability that has not yet been compromised.  However, it will break lots of things in your system, including RDP and Hyper-V connections.  Errors will include CredSSP errors when trying to connect via RDP (or Hyper-V Manager, or Failover Cluster Manager, or SCVMM).

Remote Computer: This could be due to CredSSP encryption oracle remediation.

Good luck!

Automated Virtual Machine Activation

Let’s face it… Microsoft wants you to use Microsoft, so when it can, it creates technologies that make it easier for you to do so.  Automatic Virtual Machine Activation (AVMA) is one of those tools.

I remember when Microsoft got into the server virtualization game, it really had very little to compete with VMware, other than price.  That has certainly changed, and while Hyper-V is not completely where ESXi is, it is damned close… and there are some benefits, such as AVMA.

What is it?  Simple.  If your virtualization host is running Hyper-V, then your guest VMs do not need to activate to Microsoft… or even to a KMS Server for that matter.  They activate directly to the host.  That means that rather than having to keep track of (or worse, share) your Product Keys, you can simply share the AVMA keys.  The rest is done through the Data Exchange Integration Service in the Hyper-V stack.

The downside?  You have to have an (activated) Windows Server Datacenter Edition as your host.  In other words, it will not work with Hyper-V Server.  That is not a huge downside, but it is significant.

The keys are available for free on-line, and the activation is done against your host.  So use the following keys:

Windows Server 2016

Edition AVMA key
Standard C3RCX-M6NRP-6CXC9-TW2F2-4RHYD
Essentials B4YNW-62DX9-W8V6M-82649-MHBKQ

Windows Server 2012 R2

Edition AVMA key
Datacenter Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW
Essentials K2XGM-NMBT3-2R6Q8-WF2FK-P36R2

(Notice that this works only for Server 2012R2 and later.  The feature was only introduced in that version.)

One thing you need to make sure of in the guest VM settings… You need to have Data Exchange enabled in the Integration Services context, as seen here:


…So now, you can include the AVMA key in your VM templates, and you will be all set.  But if you didn’t do that, try the following command:

slmgr.exe /ipk C3RCX-M6NRP-6CXC9-TW2F2-4RHYD

That will add the product key to your VM, and all that is left to do is activate it using the following:

slmgr.exe /ato

That’s it… Have fun!


Default Gateway Corrections

PowerShell.jpgThe default gateway setting in Windows (and every other networked operating system) is a simple setting that tells your network interface card (NIC) where to send traffic when sending it outside of your domain segment.  More often than not, it will be the .1 address of a network segment (e.g.:, but that is not always the case.

It is one of those settings that you set once and forget it… It almost never needs to be changed… until it does.  Network reconfigurations do happen, and changing the default gateway is simple to do in the graphical user interface via the Properties window of your network interface, simply by modifying the appropriate field in the  Internet Protocol Version 4 (TCP/IPv4) properties.

But what if you need to do it for several machines?  Of course, PowerShell to the rescue!

First, you need to check what your NIC Interface Index is:


This will give you an output that looks like this:


As we see in this example, the server was moved from one network segment (10.128.43.x/24) to a new one (10.128.11.x/24).  Because of that, we need to assign a new Gateway in the proper network segment.

The Interface Index here lists as 3.  Remember that.

Before we add the new Gateway, we have to remove the old one.  Otherwise the NIC will have two gateways, and that can cause issues.

Remove-NetRoute -ifindex 3 -NextHop “”

Notice that we put in 3 for the ifindex (the Interface Index), and the old gateway in quotes.

Now that we have a clean slate, all we have to do is configure the new default gateway, with this:

New-NetRoute -interfaceindex 3 -NextHop “” -destinationprefix “”

Again, we change our interfaceindex to 3, and our NextHop to the proper gateway.  When you run these two commands, you should get the following output:


That’s all there is to it!  Of course, you may want to execute this script against a group of computers, but that’s for another time…




Replay: Not quite a Second Shot, rather like buying Exam Insurance.

Microsoft certifications are worth the money… but there is certainly money involved.  You are paying USD$165.00 to sit an exam, whether you pass or fail.

Some time ago, Microsoft started offering Second Shot vouchers.  As long as you pre-registered for it, you would get the chance to re-sit an exam in the event that you did not pass.  They were a great way to encourage candidates to try, and if they failed, they would be able to take the exam again at no extra cost.

The last time I wrote about these vouchers was nearly 6 years ago.  I do not know if they have come up since, but I don’t think I have taken advantage in a long time.

MindHubThere is now a program called Microsoft Exam Replay.  This is not a free offer from Microsoft, rather it is like buying an insurance program up front.  Instead of purchasing the exam outright, you purchase an exam voucher + retake from MindHub.  The cost? USD$230, or USD$65.00 more than the cost of the exam.  In other words, it is a bad investment if your confidence level is high… but if you are really uncertain, it may be worth your while to look into it.

Reading the on-line reviews, there is no consensus.  It seems they are like olives… you either love it or hate it.  I am not planning to take any exams in the near future, so I will not be trying them out.  However, if you are concerned, then better safe than sorry.

Microsoft Technology Roadshow

Azure-imageTuesday morning I stood up in front of a great audience of IT Professionals at the Westin Hotel in Ottawa.  The subject? Azure networking.

One of the slides that Microsoft gave me for the ‘Curtain Warmer’ contained a list of links for further information.  They are:

Azure Training:

Azure Certification:

Windows Certifications:

Productivity Certification:

Mobility Certification:

Windows 10 Support Extended

Team10I know, I am a couple of months late on this… on February 1st, 2018 Microsoft announced that it would be extending support on Windows 10 Editions 1709, 1703, and 1607.  That means that instead of having 18 months of support, you will have 24. The bad news? This applies only to the Enterprise and Education SKUs of the product.

According to Microsoft, this is the current support calendar:

Release Release Date End of Support End of Support for Enterprise/Education
Windows 10 (1607) August 2, 2016 April 10, 2018 October 9, 2018
Windows 10 (1703) April 5, 2017 October 9, 2018 April 9, 2019
Windows 10 (1709) October 17, 2017 April 9, 2019 October 8, 2019

For those of you not paying attention, End of Support for Windows 10 (1607) was earlier this week, as well as End of Additional Servicing for Enterprise, Education for Windows 10 1511.

For those of you who say that it is unfair that Enterprise and Education SKUs get longer support cycles, please remember that most customers who buy the Home and Pro SKUs are buying much fewer licenses, and the free upgrade (via Windows Update, as well as numerous other channels) makes it much easier to manage, as compared to Enterprise and Education license customers, where customers often buy tens (and hundreds) of thousands of seats, and need time to check software compatibility and to actually roll out (via their enterprise deployment tools) the myriad seats that they have.


Where is 1803?

Team10For those of you who have been eagerly anticipating the release of the latest release of Windows 10 (Version 1803), you know that it was slated to be released to the public April 10th, 2018.

Those of us who went to our sources (mine is, or expected to see it appear in our Windows Update stream, we were met with disappointment.

It seems that someone at Microsoft discovered a ‘blocking bug’ – that is, a bug that is serious enough to delay the launch of the new platform – over the weekend.  Because of this, they are holding off on the release until the bug is fixed.

While Microsoft has not announced a new release date (I don’t think they ever officially announced April 10 as the old release date), we can assume that they are working hard and fast at getting it out the door.  My conservative estimates would expect to see it by the last week of April.

Fortunately, because Microsoft recently extended the support dates for the Enterprise and Education Editions of Windows 10 (see my article dated April 12, 2018), there is no pressing contractual reason for them to rush a less-than-satisfactory version of their flagship operating system out the door.  Let them take the time they need to get it right before releasing it to the public.

Incidentally, according to my sources, for whatever it is worth the RTM (Release to Manufacturing) build will be Build 17133.  This is one of those interesting tidbits to almost nobody, but will be important for the few who really need to know.

I Think… therefore, I am uncertain.

I spend a lot of time speaking with clients about their environments.  From time to time, my job is to ‘interview’ them, so that I can properly document their environments.

Recently I was speaking with a couple of admins at a private sector company who were very proud of their environments.  They had hired a sub-contractor to deploy much of their infrastructure, and they were pleased to answer my questions.  They had engaged my serviced to audit the work performed by the other contractor, and were pretty sure that the meeting would be pro-forma, and I would sign off on everything that had been done.

MDG: How often are backups performed?
Client: Daily for most systems, hourly for highly transactional servers.

MDG: How long are your backups retained?
Client: Hourly and Daily backups are retained for 30 days, weekly backups are retained for 6 months, monthly backups are retained for a year.

MDG: How often are your servers patched?
Client: Monthly… we think.

Those last two words send chills down my spine… and I hear it more often than you would think.

Is it our job to know everything about our environments?  Maybe, maybe not… but if you think and you do not know, then you should be following up and making sure.

Why does it scare me that this was their answer?  Because one of the people in the room was responsible for the security and stability of the environment, and an unpatched server will eventually be an unsecure server.

It is not surprising that in a large environment that the manager does not know every detail of the day-to-day operations of his network; he has people reporting to him who are responsible for these things.  In fact, the person responsible for testing, approving, and applying patches was not in the room for this meeting.  He was, we can assume (as this meeting was held on Patch Tuesday), somewhere testing patches.  The manager does not need to know everything… but he has to be able to get that information.

question-markSeventeenth Century French philosopher René Descartes stated: “Cogito ergo sum” (French: Je pense, donc je suis; I think, therefore I am).  He was claiming that he knows that he exists, because he is able to think.  While I feel this philosophy can be disproven by a great many zealots who certainly are but seem unable to think, he was essentially saying that thinking is a good thing.  Socrates – the Athenian philosopher of the Fifth Century B.C.E., claimed that “The only true wisdom is in that you know nothing.”   He was not saying that stupidity is a good thing, rather that it is important to question everything.

So, is it better to think that you know how often your systems are patched, or to know that you do not know, and thus inquire?  While I have never spent a great deal of time studying philosophy (Athenian, French, or otherwise), I think when we are unsure, it is better to inquire.

In my follow-up meeting a few days later, the manager came equipped with a sheaf of printed reports that I had asked for… including the one that showed that patches were indeed applied on a monthly basis, and a list of pending patches, failed patches, and unprotected systems.  The client was doing exactly what they needed to do, and the consultant who had deployed their infrastructure had indeed implemented two separate and complementary patch-management systems, including System Center Configuration Manager (SCCM) with Windows Server Update Services (WSUS), and System Center Virtual Machine Manager (SCVMM) for their virtual servers and hosts.  My client, whose systems integrity were never an issue, was happy that he had gone to make sure, and in fact extracted reports that he had never actually checked before.  His systems were fine… and so was his peace of mind… now.

Going back to the philosophical questions for a minute, we have all heard the question: “If a tree falls in a forest and no one is around to hear it, does it make a sound?”  This is attributed to Eighteenth Century philosopher George Berkeley (in his work “A Treatise Concerning the Principles of Human Knowledge” published in 1710.  In systems administration, the unheard tree can lead to eventual disaster, depending on the scope.  If a system is not properly patched, it can be vulnerable to myriad vulnerabilities.  If systems are not reporting properly, it might mean that the systems are not available… or something more sinister.  That is why we have to check these reports, to make sure that what we believe to be our solid environment is indeed solid, and will remain so.

My client (the company’s IT Manager) had a mostly stable environment, but three systems listed on the reports he brought had not been patched in several months, thereby missing a critical patch that we knew had led to an exploited vulnerability.  The lack of noise – very few admins get active alerts that a system failed to patch – was deafening, and left unchecked could have had disastrous results.  Fortunately, that did not happen; the three unsecured systems were immediately flagged and quarantined, and after a few minutes with the Desktop Support Team were again right as rain.  All is well…

While we may wax poetic, IT is not about philosophy.  Knowing is important; Certainty is crucial; Silence can be Critical.

…And yet, as IT Professionals, just as with long-dead philosophers, it is important for us to keep asking questions, to keep actively seeking the truth, and questioning the silence.  If you don’t?  Well, that tree may fall on your head, and your thinking will mean you are… out of a job.