A New Year… A new me?


You may have noticed that although this article is all about the new year, it is not my first article of 2018.  In fact, the article I published prior to this one was written the week between Christmas and New Years… and I felt that publishing then might have been less than beneficial.

So as I type these words it is Tuesday January 2nd, and I am back in my office in Ottawa, after having enjoyed a wonderful week (10 days really) in and around the GTA (That’s the Greater Toronto Area, for those of you unfamiliar).  I spent time with friends, family, and loved ones.  I did more driving than I would have liked, and did not eat nearly as well as I would have liked.  I relaxed, I ran around.  All in all, it was a typical holiday week.

I have a lot of plans for this year, and I am hoping to be able to achieve a lot of goals.  I am not one for New Years Resolutions… but I am hoping to get a few things going.  One of these is to blog more often than I have been.  I remember the dedication I put into this site when I was at my peak, and the past two years I have, compared to 2012-2014, been positively neglectful.  That stops now.  I cannot promise a blog article every day, but I would like to aim for two articles per week… one technical, one non-technical.  Let’s see how that goes.

Once again, I would like to thank my loyal readers… without you, I am nothing!


DCPromo No More… PowerShell!

I needed to build a new domain controller for a friend’s company recently.  It is something that I have done so many times over the past two decades that some things are just instinctive… like typing dcpromo to create a domain controller.


Right… I had forgotten about that.  dcpromo has been deprecated.

You could go through the process of doing it through the Server Manager, but it really is more work than is needed.  Instead, try the following PowerShell script::

# Script to create Active Directory Domain Controller.
# Written by Mitch Garvis for Cistel Technologies Inc.
# Enjoy!

# Install Active Directory

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

# Create Domain Controller

Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath “C:\Windows\NTDS” `
-DomainName “domain.com” `
-InstallDns:$true `
-LogPath “C:\Windows\NTDS” `
-NoRebootOnCompletion:$false `
-SiteName “Default-First-Site-Name” `
-SysvolPath “C:\Windows\SYSVOL” `

That should do it… just change where it says ‘domain.com’ to whatever domain you want to use.  Run it.  In a couple of minutes, you will be asked to enter a Safe mode Admin password.  A few minutes after that, you should have a brand new domain controller.

Remember, depending on the size of your Active Directory, it may take several hours to replicate to the new DC… so give it time 🙂

Renaming Files en Mass…

Nikon D5100I take a lot of pictures… not only with my phone, but also with my Nikon DSLR camera.  It is one of my hobbies… I am not very good at it, but I enjoy it nonetheless.

Keeping track of hundreds or thousands of pictures is easy, as long as you copy them into the appropriate directory in your computer.  It is easy to keep track, so I might have the following files in a directory:

Volume in drive E is SWMI Blue-2T
Volume Serial Number is 9ED7-318E

Directory of E:\Holiday Snaps

2017-12-19  03:26 PM    <DIR>          .
2017-12-19  03:26 PM    <DIR>          ..
2017-12-19  03:26 PM                 0 dir.txt
2008-05-25  03:54 PM         3,102,650 DSC_0001.JPG
2008-05-25  03:55 PM         3,107,741 DSC_0002.JPG
2008-05-25  03:54 PM         3,102,650 DSC_0003.JPG
2008-05-25  03:55 PM         3,107,741 DSC_0004.JPG
               5 File(s)     12,420,782 bytes
               2 Dir(s)  280,903,417,856 bytes free

That is great… except for the fact that if I search my hard drive for a file named DSC_0004.JPG, I might have hundreds of them, depending on how my camera is configured. So what I like to do is rename all of my files from a specific event, like so:

E:\Holiday Snaps> ren DSC_0*.* HolSn*.*

E:\Holiday Snaps> dir

Volume in drive E is SWMI Blue-2T
Volume Serial Number is 9ED7-318E

Directory of E:\Holiday Snaps

2017-12-19  03:30 PM    <DIR>          .
2017-12-19  03:30 PM    <DIR>          ..
2017-12-19  03:26 PM               553 dir.txt
2017-12-19  03:30 PM                 0 dir1.txt
2008-05-25  03:54 PM         3,102,650 HolSn001.JPG
2008-05-25  03:55 PM         3,107,741 HolSn002.JPG
2008-05-25  03:54 PM         3,102,650 HolSn003.JPG
2008-05-25  03:55 PM         3,107,741 HolSn004.JPG
               6 File(s)     12,421,335 bytes
               2 Dir(s)  280,903,417,856 bytes free

Great… I now have my files named HolSn (for HOLiday SNaps).  If I only go on holiday once in my life, I am set.

What I want to be able to do is to rename the files with more descriptive names… like Havana July 20170001.JPG, and so forth… and if I only have four or five pictures, that is easy enough.  With hundreds and often thousands of pictures, it can be ridiculously laborious.  So instead, we are going to use some old Command Prompt/Batch Magic.  Watch this:

E:\Holiday Snaps>for /f %a in (*) do ren “%a” “Havana July 2017 %a”

E:\Holiday Snaps> dir

Volume in drive E is SWMI Blue-2T
Volume Serial Number is 9ED7-318E

Directory of E:\Holiday Snaps

2017-12-19  03:42 PM    <DIR>          .
2017-12-19  03:42 PM    <DIR>          ..
2017-12-19  03:42 PM                 0 dir.txt
2008-05-25  03:54 PM         3,102,650 Havana July 2017 DSC_0001.JPG
2008-05-25  03:55 PM         3,107,741 Havana July 2017 DSC_0002.JPG
2008-05-25  03:54 PM         3,102,650 Havana July 2017 DSC_0003.JPG
2008-05-25  03:55 PM         3,107,741 Havana July 2017 DSC_0004.JPG
               5 File(s)     12,420,782 bytes
               2 Dir(s)  280,903,409,664 bytes free

That is more like it.  So when you want to rename your files in a Command Prompt, just follow those easy steps.


Yes, I know… Command Prompt is out, PowerShell is in.  Also simple…

Get-ChildItem | Rename-Item -NewName { “Prefix_” + $_.Name }

This will do the same thing, but you have to be running a version of Windows with PowerShell… so, not Windows XP! Smile

PS E:\Holiday Snaps> ls

    Directory: E:\Holiday Snaps

Mode                LastWriteTime         Length Name
—-                ————-         —— —-
-a—-       2008-05-25   4:54 PM        3102650 DSC_0001.JPG
-a—-       2008-05-25   4:55 PM        3107741 DSC_0002.JPG
-a—-       2008-05-25   4:54 PM        3102650 DSC_0003.JPG
-a—-       2008-05-25   4:55 PM        3107741 DSC_0004.JPG

PS E:\Holiday Snaps> Get-ChildItem | Rename-Item -NewName { “Havana July 2017-” + $_.Name }
PS E:\Holiday Snaps> ls

    Directory: E:\Holiday Snaps

Mode                LastWriteTime         Length Name
—-                ————-         —— —-
-a—-       2008-05-25   4:54 PM        3102650 Havana July 2017-DSC_0001.JPG
-a—-       2008-05-25   4:55 PM        3107741 Havana July 2017-DSC_0002.JPG
-a—-       2008-05-25   4:54 PM        3102650 Havana July 2017-DSC_0003.JPG
-a—-       2008-05-25   4:55 PM        3107741 Havana July 2017-DSC_0004.JPG

PS E:\Holiday Snaps>

I hope this helps…. now if you don’t mind, for some reason I am thinking I should book a vacation!

Dynamic Lock: Walk away securely.

Dynamic-LockOne of my pet peeves when walking through organizations that I consult for is seeing unlocked and unattended workstations.  I hate seeing this, knowing that anyone can sit down at their desk and do… whatever.  I know people who would sit down at these unlocked workstations, and send an e-mail to the entire organization (in the name of whoever’s workstation they was at), saying that they were buying beer, dinner, vacations, whatever.  Of course, *I* would never do that… it might be considered unethical.  But someone out there does it, and did it at a few companies I have worked at.  Funny, the behaviour seemed to stop when I left the company.  A weird coincidence, I know.

imageI have been saying for years that it would be a great feature if Microsoft could allow users to have a token – a key card or something – that would automatically lock their computers if the token were removed.  In Windows 10 Edition 1703 they have finally done it.

Dynamic Lock is a feature that is enabled in the Sign-in options, and is one of those great new features that I have not heard too many people talking about.  If you carry your smartphone around with you, and really, who doesn’t these days, then it is easy to implement and use.  Here’s how:

  1. Pair your smartphone to your desktop or laptop.  Oh, did I mention?  This will only work if both devices have Bluetooth enabled.
  2. Open Windows Settings, then select the Accounts option.
  3. On the left side of the window click Sign-in options.
  4. Click the check box under Dynamic lock.


That’s it… as simple as that.  Walk away with your phone (out of Bluetooth range), and within a minute your computer will lock down.  For those of us who are used to locking every time we walk away, this may not be an issue.  For the rest of you out there… set this up today!

Urban Armor: Protect your device!

Are all phone protector cases created equal?  I have discovered over the years that, much to my dismay, they are not.  Some cases look pretty and are sleek, but they do not do a very good job of protecting your phone.  Others are big and bulky, and your phone is safe… but you never want to carry it.  I have been looking for a compromise that will look and feel good, but still provide comfort.

There are actually two components to the phone that need to be protected – the case itself, and the screen.  And so, in addition to the protective case, we should really be investing in a protective screen covering as well… and because our phones are touch devices, it has to be a balance between protective and functional.

Last month I bought my new Samsung Galaxy S8 Plus phone.  It is the first non-Apple device I have bought in a few years; it is also the first phone I bought second-hand, thus no extended coverage warranty.  It is a very sleek phone, and from the very beginning I bought a protective case, as well as an explosion-proof tempered glass film.  I was satisfied that with the combination of both, I would be protected… until I tried to put the phone with the screen-protector into the case, and realized that the case was so tight that the two would not work together.  And so, the $50 investment in the protective case was out the door… unless I wanted to leave my screen unprotected.

Over lunch that day I shared my concern with a colleague, who suggested I look into Urban Armour Gear (UAG) cases.  I checked out their website, and found the case I wanted – the Monarch Series case features 2X drop-protection, and comes with a ten year warranty.  It is handcrafted with top-grain leather, a polycarbonate shear plate, armour shell, allow metal hardware, and impact-resistant rubber.  All of that sounded good on paper… but would it allow me to protect the screen at the same time?  I checked their FAQs, and realized that UAG also sells tempered glass screen protectors.  It stood to reason that they would fit with their cases, right?

And so, I placed my order.  A week later I received my Monarch Series Galaxy S8+ case, and I will tell you this, it was money well spent.  Worth every penny!  As expected it fit my phone like a glove… including the tempered-glass screen protector.  Unlike some other protective cases, it did not feel like I was carrying a brick in my hand… the protection was offered with a strong consideration to the sleek design of the phone, and so while the case does make the phone bigger in my hand, it is only slightly bigger, and not at all uncomfortable.

…but does it work?

I have always tried to be as delicate as possible with my phones, and try to be as careful as possible.  I have seen friends walking around with cracked screens and worse, and I have never wanted any of that.  But sometimes you cannot be as careful as you like.  I was carrying more than I should have to my car – suitcase, laptop case, gym bag, and a hanging garment bag.  I was also on an important call, and stupidly had my phone secured between my shoulder and my ear as I rushed to make it out on time.  I almost made it… but at some point, something had to give.  In this particular case it was my garment bag, and when I lurched to try to save it…

…the phone flew from its perch and dropped… and bounced… and bounced again… until it fell flat, face-down, on a pile of stones.  It flew several feet – easily ten feet from where I was standing, and so it fell from a height of nearly six feet, and bounced another ten feet.  I was not holding out hope.  I put my bags down, picked up my phone, and…

…RESUMED MY PHONE CALL.  All that potential for damage, and my phone did not even drop the call.  The screen was safe because of the protective shield, the phone was protected thanks to the UAG case, and all was good in the world.

And so: we know that the case does a spectacular job of protecting my phone… but does it prevent any of the features?  Let’s run them down:

  • Large tactile buttons make the buttons easy to press.
  • Cameras (both front and back) are perfectly visible.
  • Fingerprint sensor is easily accessible.
  • NFC wireless charging and payments work perfectly.
  • Honeycomb traction grip makes it even more comfortable in my hands.

In other words… the UAG case allows complete functionality of the phone, combined with spectacular military-grade protection.

All in all, I would recommend this case to all of my friends and readers… and knowing that they make cases for all of my other devices as well (Surface Pro 4, iPhone 6S, iPad Mini), I will be looking into those UAG cases as well.  Now that their case has passed MY drop test, I am satisfied knowing that this is the case for me.

Rules for my sons…

These are now rules for both my sons! Thanks Peter!

I like these a lot!

Rules For My Unborn Son by Walker Lamond

1. Never shake a man’s hand sitting down.

2. There are plenty of ways to enter a pool. The stairs ain’t one.

3. The man at the grill is the closest thing we have to a king.

4. In a negotiation, never make the first offer.

5. Act like you’ve been there before. Especially in the end zone.

6. Request the late check-out.

7. When entrusted with a secret, keep it.

8. Hold your heroes to a higher standard.

9. Return a borrowed car with a full tank of gas.

10. Don’t fill up on bread.

11. When shaking hands, grip firmly and look him in the eye.

12. Don’t let a wishbone grow where a backbone should be.

13. If you need music on the beach, you’re missing the point.

14. Carry two handkerchiefs. The one in your back pocket is for you. The one in your breast pocket is for her.

15. You marry the girl, you marry her whole family.

16. Be like a duck. Remain calm on the surface and paddle like crazy underneath.

17. Experience the serenity of traveling alone.

18. Never be afraid to ask out the best looking girl in the room.

19. Never turn down a breath mint.

20. In a game of HORSE, sometimes a simple free throw will get ’em.

21. A sport coat is worth 1000 words.

22. Try writing your own eulogy. Never stop revising.

23. Thank a veteran

Should You Forgive a Drunken Attack?

SorryLast week Jews around the world fasted for Yom Kippur. The translation is Day of Atonement. In the days leading up to Yom Kippur we are meant to seek forgiveness from others for our transgressions against those we might have wronged. The thinking is that while G-d can forgive sins against him, it is only the people we have wronged who can forgive those wrongs. I have had a lot to seek forgiveness for over my life, and some of those wrongs will never be forgiven.

I do try to be a good person, and as such, when someone seeks my forgiveness, I try to forgive when I can. And so when, a couple of months ago, someone whose name may start with Q asked me to forgive him, I did. I did not let him off the hook easily, but I did say that I would give him a chance. He told me he did not know what had come over him, that even when others spoke against me he had told them that I was a good guy, that I had been good to him, and it must have been that he had been drinking. Still he had cut me off completely. When he asked forgiveness I was willing to accept his remorse.

Early this week something happened, and Q confronted me. I had not done anything, but it looked like I had. Even if I had done what I had been accused of, I still would not have harmed anyone… but someone who does not like me (and, again, someone who had been a false friend) used it as ammunition to talk bad about me.

Q decided he needed to get me to confess to him. I told him I hadn’t done anything, but he did not believe me – he would not believe me – and he spent a couple of hours yelling at me, threatening me, and in the end told me that he would take every chance possible to besmirch my name, both on-line and in person… not because I had done something wrong, but because I would not confess – even in confidence – to him. This, of course, was less than two months after he apologized for showing me he could not be trusted.

The next day, having let a few hours pass, I asked him why he had taken it so personal. His answer?

I was drunk to be honest I don’t know why I took it so personally….. I thought I was just chatting with you a bit.

And believe me or not, while I did unfriend you I never talked smack. You can ask <named two friends> or whoever.
I just thought it was ridiculous you were denying it to me but whatever.
It wasn’t like I was investigating for <edited out>, every one already knew it was you, I was just sending a message cuz j thought it was funny.

So if we read his words, he had no excuse for taking things so personally, but he was drunk. That is perfectly plausible – the initial conversation started after 9:00pm and with some breaks lasted over two hours. But this second conversation, in which he went on to again tell me he thought I was lying, took place at 3:00pm the next day. Is it possible he was drunk then too? Yes. Is it likely? Probably not – I believe he has a job, and was probably either at or just finished work.

So, was it the booze that made him so angry? Maybe. Was it the booze that made him promise to:

Hope I do see you soon, I’ll make a fucking point of coming to <A mutual friend’s house> next time your there….. not threatening anything, just want to put you on blast in front of other people

I don’t know if it was or it was not… but I will say this: In the same statement where he claimed to have been drunk the night before, he did not apologize for his behaviour, and he continued to call me a liar. Of course, he did not threaten to disrespect a mutual friend’s house by going there to make a scene, and he did not threaten to expose me and what a terrible person I was to everyone who would listen… so at least he was a bit calmer.

He was still the same person.

Q’s personality did not change when he was drunk, it was just enhanced. I have heard that so many times, but I don’t think I ever believed it… until now. People have been telling me for years that certain things – alcohol, drugs, old age – do not change who you are, it just magnifies some of the traits that are in you. Maybe that is why I have never started a fight when I was drunk. It is not who I am sober, so why should it be so when I am drunk?

Now… have I ever said things that really pissed someone off when I was drunk? Absolutely. THAT is a magnification of some of the traits I have worked over the past few years to fix in myself. Am I loud when I am drunk? I know that I am… and these are just a couple of the reasons I seldom drink to intoxication. It is also why I know I can trust someone sober, when they are a trustworthy drunk.

Will Q ever ask forgiveness again? I doubt it. Would I forgive him if he asked? Probably… but it is easier to forgive than to forget, and I will never forget, and I will never trust him again. That is not out of spite… it is simply because he has proven – twice now – that he does not deserve my trust.

Have a great weekend everyone.

Password Vault: Success!

I can’t believe it has been two years since I signed up for my password vault, but there it was in my mailbox… the reminder that it is time to renew my ‘premium’ service with my password vault service.  I did it gladly, giving over my credit card information.

Why premium, you ask?  Well, for one, I appreciate the ability to use my Yubikey to authenticate.  Multi-Factor Authentication (MFA) is extremely important in this day and age, especially when it comes to password safety.  As I wrote in this article, it took me a very long time to start trusting password management tools, and I did not want to trust my passwords to a simple… well, password.

With that said, there is something psychological to my decision as well.  I know it is wrong, but there is something in my mind that makes me distrust – or at least, not completely trust – any company that is giving me a service completely for free.  Maybe I am wrong, but I feel that if it is free, I have no right to complain.  Paying that yearly fee – even though it is only $1 per month – makes me feel that the company is accountable to me, and that if something goes wrong, I can pick up the phone and complain.

Am I right about this? I do know that when I had a problem with my Microsoft Account a few months ago (See article), it took me 107 days to get the problem resolved.  In fact, it took me the better part of a month to find anyone at Microsoft who would even take me seriously.  And really, what could I do?  Their reputation may be damaged in some small way for those people who read the article, but I cannot sue them.  I can yell and scream and curse and jump up and down, but because it is a free service, I can’t do anything else.

I don’t think I have had a single problem with my password vault, other than, for some reason, it thinks all of my computers are called Windows Chrome.  Other than that, all is good.  So I’ll keep using it, and for the extremely nominal fee, I will, for the next year, once more feel the false sense of security that, should something go wrong, I have the right to complain.

…and if you didn’t pay, you might not!

The New Mitch?


The photograph on the left was taken in front of La Floridita on Calle Obisbo in Old Havana by Greg Starks in February, 2017.  The photograph on the right was taken in the same spot by Eduardo Bensusan in July, 2017.  Conclusion?  Eduardo is obviously a much better photographer than Greg, except that Greg had the good sense to tell me to stand up straight.

Okay, let me say what I have been up to, simply because I am getting far too many comments to keep it secret any longer.

Yes, I have been on a diet.  Yes, it has been an extreme one.  No, I am not doing it on my own.  No, I am not sick in any way, and no, I have not, nor do I plan to have, any sort of surgical procedure.

Yes, I have been writing about it… quite a bit actually.  My journal, which has been shared with very few people, is nearing forty-eight thousand words.  I have not been writing it in public for a few reasons, not the least of which is that I have over the past few years written publicly and enthusiastically about my weight-loss attempts… and very little about all of those failures.

I have been quite successful with this attempt… so far.  I am down several pants sizes, and as the pictures show I have been doing well.  However I am far from done.  I have a long way to go, and I do not want to fail.  The only reason I am writing this is because I have received so many messages on Facebook from friends commenting, many of which with worried tones, asking if I was ill.

No, I am not ill.  I am quite well – I am jogging again, I am in the gym a few times per week, and I am trying to keep up the diet.  It gets difficult, but I am trying.  I will continue to do so.

I have a favour to ask of you all.  Please don’t ask me about it.  I do not wish to discuss how I am doing, nor what diet I am on.  If you wish to offer words of encouragement, I will graciously accept.  However, should you try to get any further information out of me, I will likely either divert or end the conversation.

Thank you all for your support.  And now we can resume our regularly scheduled technical mumbo-jumbo that Rick only understands twenty-five percent of!

Happy 10th Birthday!

i started blogging at The President’s Blog for MITPro.ca about twelve years ago. However it was ten years ago today that The World According to Mitch went live, completely separating myself from my former position.

of course, back then the address was not http://www.garvis.ca – that would come later – but it was my own blog, running on DotNetNuke if I recall.

Ten years and over one thousand posts later, here we are. I want to thank all of you for your continued supports!

Touch: You can touch this!

Occasionally I am sent a press release about a new product, or a soon to be released product, that I think is worth talking about.  That happened this week when I received a kit about an upcoming product called Touch Earbuds.

touch-campaign-openers-v02The Touch Earbuds are the next generation of a product I looked at a few months ago called the Dot, which was a single earbud (although you could buy two and listen in stereo), which attached magnetically to a charging device (which in turn made a good key chain).  I made some recommendations to the company based on my experience, and here is the result: A pair of ear buds that have probably the best specs on paper that I’ve seen.  The charger is now an enclosed case (that simultaneously holds and charges the pair of buds), the Bluetooth 5 technology gives it an astounding 200m range from your device, as well as faster pairing, and the low energy functionality is perfect for devices that are needed to run for longer lengths of time.  They also did away with the button, and the Touch runs on just that – touch technology.

Did I mention that the Touch ear bud is 21mm long, making it a little shorter than an American quarter?  It fits in your ear smoothly and discretely, and stays in place even during rigorous physical activity.  They are sweat- and water-resistant, so you don’t have to take them out when it’s raining, or when you are working up a sweat.  They also come with various sizes of ear tips, to make sure they fit you perfectly.

The Touch is the world’s smallest ear buds, and they are due out in November, just in time for Christmas.  If you want to get in early though, you can back their Indiegogo campaign by clicking here.  There are more pictures, as well as data sheets and comparisons that you can look at.

I am really looking forward to trying these out… they will be the perfect fit for my long jogs and gym workouts, as well as for whenever I feel like listening to music… or chatting on the phone, because the noise reduction microphone makes it as easy as pie to chat as well as listen.


SCOM Unmonitored: Never Again!

In my last article I showed you how to enable the System Center Operations Manager (SCOM) Agent Proxy using PowerShell.  We used the cmdlet:

PS C:\> Get-SCOMagent | where {$_.ProxyingEnabled -match “False”} | Enable-SCOMAgentProxy

While this does work, it is what I call a point-in-time solution… that is, it enables the Agent Proxy on everything that exists today… but how do we go about switching it so that we don’t have to do this over and over again? Here we go:

PS C:\> add-pssnapin “Microsoft.EnterpriseManagement.OperationsManager.Client”

PS C:\> new-managementGroupConnection –ConnectionString:YourSCOM.yourdomain.com

PS C:\> set-location “OperationsManagerMonitoring::”

PS C:\> Set-DefaultSetting –Name HealthService\ProxyingEnabled –Value True

That should do it… have fun!

SCOM: Unmanaged?

Congratulations! You have installed System Center Operations Manager, and you have installed all of the management packs that you needed.  Unfortunately you are getting that big, ugly, EMPTY green circle… you know, the one that is supposed to have green check marks in them?  Yeah, it happens to me too.  Not Monitored

The solution, often enough, is as simple as enabling the Agent Proxy on all of your agents.  To do so, from the Operations Manager Shell type the following:

PS C:\> Get-SCOMagent | where {$_.ProxyingEnabled -match “False”} | Enable-SCOMAgentProxy

This should solve your problem.  Good luck!

SCM is gone… Say Hi to SCT.

For the past several years nearly every client of mine (that I have consulted on Active Directory) has been introduced to the Microsoft Security Compliance Manager (SCM), a great tool that helped create Group Policy Objects (GPOs) for any number of Organizational Units (OUs), including Default Domain Policy, Domain Controller Policy, Client Workstation Policy, and many more.

Last week Microsoft announced the retirement of the SCM, and the launch of the Microsoft Security Compliance Toolkit (MST) 1.0.  According to the download site, the MST is a set of tools that allows enterprise security administrators to download, analyze, test, edit and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products, while comparing them against other security configurations. 

If you are wondering how this product is different from the SCM, you can read the write-up by Aaron Margosis here.

I like that Aaron points out that there are gaps in the new offering, and assures us that Microsoft is working to fill those gaps.

Hyper-V Server Clustering Network Issue: Validation Failed?

If I’ve told you once I’ve told you a thousand times… When you build a Failover Cluster on Windows Server make sure you run the Validation Tests… and make sure those tests succeed (or at the very least nothing FAILS… Warnings are acceptable).

So as I sit at a client trying to cluster two Hyper-V Server 2016 hosts, I am frustrated by the big red FAILED on my Cluster Report.


Should you ever encounter this error, it is important to note that the network vEthernet (Data) is not the same network as Data.  So the solution, which stymied me for about an hour, was simple:


In other words, I have to disable to TCP/IP v6 on the problematic binding, which I do with a simple PowerShell cmdlet:

PS c:\> Disable-NetAdapterBinding -Name “vEthernet (Data)” -ComponentId ms_tcpip6

(Remember that I have to put the “quotation marks” around the name because there is a space in it… otherwise I could leave them out.)

Also remember that because these hosts are Hyper-V Servers and not actual Windows Servers, I couldn’t use the GUI to do this.  (There actually is a netsh command to accomplish this as well… but PowerShell rocks!)

Once I ran this cmdlet on both hosts, I re-ran my Validation Tests, and bingo!


Everything comes up roses, and I can continue my day happily.

I hope this helps you!