Monday, June 25, 2012

How to mount ISO in Windows Server 2012 and Windows Server 2012 R2

On Windows Server 2012 or Windows Server 2012 R2 Preview, it supports to mount ISO without any third-party software.

1, On Windows Server 2012 or Windows Server 2012 R2 Preview, log in as Administrator.
2. Launch "Windows Explorer", navigate to C drive.
3. Right-click the ISO file.


4. Click "Mount".


Remark: We can also perform "Mount-DiskImage -ImagePath <Image location>" to mount  a ISO and VHD file.

To dismount the disk image, we can perform "Dismount-DiskImage -ImagePath <Image location>" to dismount it.


This posting is provided “AS IS” with no warranties, and confers no rights!
Posted by at 15 comments:
Labels: ,

Sunday, June 24, 2012

Query and Reset the Remote Desktop session by Command on Windows Server 2012

To check and reset the current console and remote session on the Windows Server, we can use "Terminal Services Manager" (Remote Desktop Services Manager on Windows Server 2008 R2) to verify it. However, on Windows Server 2012, "Remote Desktop Services Manager" has been integrated into Server Manager. It cannot check the session. So I need to perform command, "qwinsta" and "rwinsta" to check and reset the remote session.

Prerequisites
  • Make sure the user account is a member of Remote Desktop Users or local Administrators group on servers

Using qwinsta check the session
1. On the server, log in as Domain Administrator.
2. Launch "Command Prompt".
3. To query the current session of the local server, perform "qwinsta".


There is a console session which is logged on by Administrator on this computer.

4. To query the current session of the remote server, perform "qwinsta /server:<Server Name>".


The administrator and Mark logged on the Remote Server.

Using rwinsta reset the session
5. Still on the "Command Prompt", perform "rwinsta /server:<Server Name> <Session ID>" to reset the remote session.


To reset the remote session for a non-domain server or workstation, you can use "PsExec" to connect the server or workstation and then perform "qwinsta" and "rwinsta".

Download link
PsExec

References:
QWINSTA and RWINSTA

This posting is provided “AS IS” with no warranties, and confers no rights!
Posted by at No comments:
Labels: , ,

Saturday, June 23, 2012

Configuring Live Migration without Shared Storage on Windows Server 2012

In Windows Server 2012, one of the new features of Hyper-V is Live Migration without Shared Storage. As previous version, Live migration requires a cluster shared storage and cluster settings. Now, you can move VMs from 1 Hyper-V server to other Hyper-V servers without luster shared storage and cluster settings.

I will show you how to confugre Live Migration without shared storage.

Prerequisites
  • Make sure both Hyper-V servers are joined the same Active Directory domain.
  • To perform live migration, make sure the user account ts a member if Domain Administrator Group
Lab environment
  • 1 domain controller, named DC01, for "test.contoso.com" domain.
  • 2 Hyper-V, named "HVSVR01" and "HVSVR02" are joined  "test.contoso.com" domain. Both Hyper-V servers contain 2 network cards with 10.0.0.0 /8 domain network and 172.16.0.0./16 Live migration network.
  • 1 VM, named "FS01.test.contoso.com", is located on HVSVR01.
  • There are 2 virtual switches, named "HVSVR01-Switch" and "HVSVR02-Switch". The    "HVSVR01-Switch" is configured on HVSVR01 and  The "HVSVR02-Switch" is configured on HVSVR02.
Lab
Configure Kerberos authenticate and live migration network for the Hyper-V Servers
Live migration on Windows Server 2012 supports 2 authentication protocol, "CredSSP" and "Kerberos". By default, Hyper-V servers use "CredSSP" To configure to use Kerberos authentication, we need to configure Kerberos delegation on the servers.

1. On DC01, log in as Domain Administrator.
2. Launch "Active Directory Users and Computers".
3. Navigate to "test.contoso.com > computer".



4. Right-click "HVSVR01", select "Properties".
5. Select "Delegation" tab.
6. Select "Trust this computer delegation to specified services only > Use Kerberos only".
7. Click "Add".
8. Click "Users or Computers".
9. Enter "HVSVR02".



Remark: You have to select destination servers for delegation. In my lab, HVSVR01 needs to select HVSVR02, and vice versa.

10. Select "cifs" and "Microsoft Virtual System Migration Service".
11. Click "OK".


12. Click "OK".
13. Repeat step 4 - 12 on HVSVR02.



14. Close "Active Directory Users and Computers".
15. Go to HVSVR01, log in as Domain Administrator.
16. Launch "Hyper-V Manager".
17. Click "Hyper-V Settings".


18. At left pane, select "Live Migrations".
19. Check "Enable incoming and outgoing live migrations".
20. Next to "Authentication protocol", select "Use Kerberos".
21. Next to "Incoming live migrations", select "Use these IP addresses for live migration".
22. Click "Add".
23. Next to "IP Address", type "172.16.0.0/16".


24. Click "OK".


Remark: If there is no network to be specified for live migration, the Hyper-V servers use the domain network, 10.0.0.0/8, for live migration. If the live migration network setting only applies on 1 server. Both Hyper-V servers use the domain network, 10.0.0.0/8, for live migration.

25. Click "OK".
26. Repeat step 16 - 25 on HVSVR02.

Moving the virtual machine
1. On "Hyper-V Manager" of HVSVR01, right-click "FS01.test.contoso.com".
2. Select "Move".


3. At "Before You Begin" screen, click "Next".
4. At "Choose Move Type", select "Move the virtual machine".


5. Click "Next".
6. At "Specify Destination" screen, next to "Name", type "HVSVR02".


7. Click "Next".
8. At "Choose Move Options" screen, select "Move the virtual machine's data to a single location".


9.Click "Next".
10. At "Virtual Machine" screen, click "Browse".


11. In my test lab, I will select "D:\fs01.corp.tls1.cc".


12. Click "Next".
13. At "Summary" screen, click "Finish".
14. Because the name of virtual switches is different in my test lab, I need to select the virtual switch for the VM.


15. Click "Next".


16. Click "Finish".


Now, the VM is moving to HVSVR02.

17. Finally, the VM has been moved to HVSVR02.

 
Reference:
Configure and Use Live Migration Without Failover Clustering for Server Availability
http://technet.microsoft.com/en-us/library/jj134199.aspx

This posting is provided “AS IS” with no warranties, and confers no rights!
Posted by at No comments:
Labels: ,

Wednesday, June 20, 2012

Minimal Server Interface on Windows Server 2012

The Minimal Server Interface is an configuration option that does not include significant aspects of the Server Graphical Shell. It enables most local GUI management tasks without requiring the Server Graphical Shell or Internet Explorer to be installed. This reduces the security and servicing footprint of the server thereby increasing safety and up time while expanding deployment scenarios. For the maximum reduction of security and servicing footprint, consider using Server Core mode instead.

Minimal Server Interface are installed the following management tools:
  • Server Manager
  • Microsoft Management Console
  • Some Control Panel applets
However, the following items are not installed:
  • Internet Explorer 10
  • Windows Explorer
  • Desktop
  • Start screen
Reference:
Minimal Server Interface for Windows Server 2012

Windows Server Installation Options

Enabling Minimal Server Interface on Windows Server 2012 Server Core
1. On a Windows Server 2012, log in as Administrator.
2. Perform "powershell".


3. Perform "Install-WindowsFeature Server-Gui-Mgmt-Infra"


By default, the roles or features of Windows Server 2012 are not installed in Windows Server 2012 Server Core. You may get the above error if the server cannot access Internet to get the component from Windows Update. To solve this problem, we can provide Internet access or the source files for the server. I will provide the source file for this server.

4. Insert Windows Server 2012 DVD.

Assuming D drive is the DVD drive of the Windows Server. Then I need to get and mount the "install.wim" to provide the source file.

5. Perform "Get-WindowsImage -ImagePath "D:\Sources\Install.wim".


I need to mount the "Windows Server 2012 SERVERDATACENTER", index 4.

6. Perform "New-Item C:\Sources -Type Directory" to create a new directory.


7. Perform "Mount-WindowsImage -ImagePath D:\Sources\Install.wim -path C:\Sources -index 4 -ReadOnly".


8. Perform "Install-WindowsFeature Server-Gui-Mgmt-Infra -Source C:\Sources\Windows\WinSxs".


9. Restart the server.

As a result, the Minimal Server Interface has been installed on the server. I can launch Microsoft Management Console on Windows Server 2012.


Convert Windows Server 2012 full GUI to Minimal Server Interface
1. On a Windows Server 2012, log in as Administrator.
2. Launch "PowerShell".
3. Perform "Get-WindowsFeature -Name Server*".


To convert full GUI to Minimal Server Interface, I will uninstall the "Server Graphical Shell".

4. Perform "Uninstall-WindowsFeature Server-Gui-Shell -remove".


Remark: After performing "-Remove" to uninstall the Windows Feature, the binary files in the Windows Server 2012 will be removed. To reinstall the same Windows Feature, you have to provide the sources for installation.

5. Restart the server.

As a result, the server has been changed to Minimal Server Interface.

This posting is provided “AS IS” with no warranties, and confers no rights!
Posted by at
Labels:

Sunday, June 10, 2012

A free Windows Server 2012 ebook

Would you like to know more Windows Server 2012? Microsoft announced a free ebook "Introducing Windows Server 2012". If you are interested, you can download the it from the following link .

Download link
Free ebook: Introducing Windows Server 2012
http://blogs.msdn.com/b/microsoft_press/archive/2012/06/04/free-ebook-introducing-windows-server-2012.aspx

This posting is provided “AS IS” with no warranties, and confers no rights!
Posted by at No comments:
Labels:

Wednesday, June 6, 2012

Active Directory Topology Diagrammer

Active Directory Topology Diagrammer is a tool which can help you to automatically generate a diagram by Microsoft Visio. The tool can generate the Domains, OUs, Sites, Exchange, Active Directory Application partition, DFS-R and Servers OS version information.

Figure 1: Active Directory Topology Diagrammer

Figure 2: Sites tab result

Figure 3: Domains tab result

Download link:

Remark: Before installing Active Directory Topology Diagrammer, you have to install "Microsoft Office Visio 2003 or newer" and "Microsoft .NET Framework Version 2.0".

For more information:
NedPyle [MSFT] wrote a good article, "Documenting Active Directory Infrastructure the Easy Way". It describe how to use this tool.

This posting is provided “AS IS” with no warranties, and confers no rights!
Posted by at 2 comments:
Labels:

Tuesday, June 5, 2012

Articles for Group Policy Loopback Processing

I would like to share two good articles, "Loopback processing of Group Policy, explained" and "Group Policy Loopback Processing" for you. "Loopack processing of Group Policy, explained" was written by Kudrat Sapaev and "Group Policy Loopback Processing" was written by Chad Gross. Both articles clearly explain the process and how to use it. If you have time, please take a look.

For more information about Group Policy loopback processing:
Loopback processing with merge or replace

Use Group Policy loopback processing mode

Group Policy Loopback Support

Order of processing settings

This posting is provided “AS IS” with no warranties, and confers no rights!
Posted by at No comments:
Labels:

Sunday, June 3, 2012

Delegating the permission to generate Group Policy Results of Computer Configuration for domain users

By default, domain users cannot generate the "Group Policy Results" or "Resultant Set of Policy" of Computer Configuration due to insufficient permissions. Only users with local administrator rights on the target computer can remotely access Group Policy Results data.

Figure 1: Gpresult of a domain user

Figure 2: The warning of "Resultant Set of Policy"

Figure 3: "Resultant Set of Policy" is being processed

Figure 4: The result of "Resultant Set of Policy"

To allow domain users generating the "Group Policy Results" or "Resultant Set of Policy" of Computer Configuration, we can delegate the permission for domain users by using GPMC. The permission can be assigned in a domain or organization unit level.

Remark: To delegate the permission, make sure the forest functional level of the domain environment is Windows Server 2003 or later.

Goals
Allow the domain user,Terry, reading the "Group Policy Results" of Computer Configuration in "Win7 Workstations" OU.

Lab environment
  • 1 domain controller named DC02 which is installed Windows Server 2008
  • 1 workstation named W701 which is installed Windows 7 is under Win7 Workstation OU
  • 1 server named FS01 which is installed Windows Server 2008 R2 is under Computer container
  • 1 domain user account named Terry

1. On DC02, log in as Domain Administrator.
2. Launch "Group Policy Management Console".
3. Expand "Forest > Domains > Domain Name > Win7 Workstations".


4. Select "Delegation" tab.
5. Next to "Permission", select "Read Group Policy Results data".


6. Click "Add".
7. In "Select User, Computer, or Group" window, enter "Terry".
8. On "Add Group or User" window, next to "Permissions", select "This container and all child containers".


Remark: The child OU of "Win7 workstations" will inherit the permission because "This container and all child containers" is selected.

9. Click "OK".
10. Click "Advanced".
11. Next to "Security", select "Terry".


The "Generate resultant set of policy" permission is granted Terry.

12. Click "Cancel".


Now, Terry can generates the "Group Policy Results" or "Resultant Set of Policy" of Computer Configuration on workstations which  is under "Win7 Workstations" OU.

Test result
1. On W701, log in as Terry.
2. Launch "Command Prompt".
3. Perform "gpresult /r".


The "Group Policy Results" of Computer Configuration can be generated by Terry.

4. Perform "rsop.msc".



When the "Resultant Set of Policy" is being processed, there is no warning message. Terry can generate "Resultant Set of Policy" of Computer Configuration.

5. Log out W701.
6. On FS01, log in as Terry.
7. Launch "Command Prompt".
8. Perform "gpresult /r".



9. Perform "rsop.msc".


Because the "Generate resultant set of policy" permission isn't granted on domain level, Terry cannot generate the "Group Policy Results" or "Resultant Set of Policy" of Computer Configuration.

For more information:
Delegation and policy-related permissions

This posting is provided “AS IS” with no warranties, and confers no rights!
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)