Thoughts on Win10 Build

My current thoughts on Windows 10 build 9860. I've been running it since it was released.

In terms of functionality, it’s great. Start menu is powerful and customizable compared to it being just a v1 feature. Having Modern apps within the desktop is much appreciated as I am someone who valued the simplistic approach to their design but didn’t really enjoy the idea of having them full screen on a desktop box. Tablets, it makes sense but not for laptops/desktops.

In terms of stability, I’ve had it blue screen once. My recommendation is that you don’t load 3rd party drivers…keep the MS WHQL drivers from Microsoft Update. Once I removed the 3rd party drivers I haven’t had another BSOD.

For performance, it’s evident that there is debug code in it which takes its toll. You can notice a performance drop when opening apps and sometimes simple transitions. With that said, I use a lot of Hyper-V/VM’s and I haven’t had much of a problem at all in that regard. So it seems that anything that leverages API calls up above a certain level from the kernel will get hit, but if you’re VM heavy…it’s not a problem from my perspective.

[Clear-WindowsUpdateCache] New in 1.4

So I made a few updates to my PowerShell experiment over the past week or so. Here are the highlights -

  • Rename of the script to adhere to the verb-noun standard syntax
  • Added a bunch more Verbose and Debug messages to help users and myself
  • Added much better error handling, but its still my initial stab at it
  • Uses PowerShell Advanced Functions so that it can support multiple computers
    • More to come, I haven't tested objects from the pipeline, but performing several machines by using the parameter -ComputerName works

You can grab the script here.

[Clean-WindowsUpdates] New in 1.1

So I've updated the script with some new functionality and it also was a good opportunity for me to learn a few things. The biggest idea I got out of it was the fact that you want "clean" code that is well organized. Another one was the idea of commenting. I'm of the mindset that comments should describe what you're trying to do and not just the code itself (although it helps).

You will notice that if you run the script without any arguments, it doesn't display anything. If you wanted output, you will need to add the "-Verbose" or "-Debug" to the command when executing. I wanted this to be as silent as possible for use within automation tools such as SCCM or MDT.

Of particular interest is how I needed to remove the updates in Windows 8.1. So I was looking forward to using the DISM PowerShell Cmdlet's to remove the superseded updates in the Component Store, but I was surprised to find that none of the existing Cmdlet's had the equivalent functionality as opposed to running the DISM.exe utility itself. Hopefully the product team will complete the functionality of those Cmdlet's soon. Until then, I am simply calling "Start-Process" and pointing it to the DISM.exe itself to do the work.

Future work - I think I need to work on the identification of OS's. I think the logic is rough. For instance, What about Windows 8.0? Not sure I handle that well and I should look at that soon.

I've created for myself a Github Repo (first time for everything!) for this project and it's located here. As previously indicated, this is a learning experience for me with PowerShell. If you find something wrong or have a feature suggestion, please tell me.

Clean-WindowsUpdates

So I posted a couple of weeks ago that I discovered a project I could do with PowerShell and some sort of automation. Well I'd like to debut my first public script, Clean-WindowsUpdates.

As I've mentioned previously, this is more of a project to help me learn PS and if it helps someone else, all the better. I'm sure there are better scripts out there to accomplish the same or similar results but this is for my learning experience. :)

So what does this script do? It performs the following -

  • Check for Administrator Rights
  • Define a registry key and property using the New-ItemProperty cmdlet
  • Use a Try/Catch/Finally block
  • Start the Cleanup Wizard using the Start-Process cmdlet
  • Perform a cleanup task

The goal of this script is to safely remove superseded Windows Updates from the CBS store. There have been plenty of ways to do this in an unsupported fashion for Windows 7, but now since KB2852386 was released back in October 2013 we can use the functionality in the Windows Cleanup Wizard.

I've released the script here. There are several features I'd like to add such as the detection of the Windows version and whether leveraging Windows Cleanup Wizard is used or if DISM would be appropriate.

<#
.SYNOPSIS
Removes Windows Updates using the Microsoft supported Disk Cleanup Wizard
functions.

.DESCRIPTION
This script will use the Microsoft supported Disk Cleanup Wizard plugin to
safely remove applied Windows updates from the system. Once removed, these
updates cannot be uninstalled. The primary benefit is recovering disk space.

.NOTES
Michael Sainz
mike@iamdigerati.com

.LINK
http://www.iamdigerati.com/

#>

[CmdletBinding()]
Param()

Write-Verbose "Checking for Administrator rights."

$Identity = [Security.Principal.WindowsIdentity]::GetCurrent()
$Principal = new-object Security.Principal.WindowsPrincipal $Identity
If ($Principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) -eq $False)
{
Write-Verbose "Script isn't running with Administrator rights. Exiting."
Exit
}

Write-Verbose "Check if the required registry key exists."
$Key = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Update Cleanup"

Write-Verbose "Writing the registry configuration for the Cleanup function."
Try{
New-ItemProperty -Path $Key -Name StateFlags0128 -PropertyType DWord -Value 2 -ErrorAction Stop | Out-Null
}
Catch [System.Management.Automation.ActionPreferenceStopException]{
Write-Verbose "Couldn't write the registry key needed for the Cleanup function."
}
Catch{
Write-Verbose "A general error occured, exiting."
}
Finally{
Write-Verbose "Exiting."
Exit
}

Write-Verbose "Executing the Cleanup Manager."
Start-Process CleanMgr.exe -ArgumentList "/sagerun:128" -NoNewWindow -Wait

Write-Verbose "Cleaning up registry configuration for the Cleanup function."
Remove-ItemProperty -Path $Key -Name StateFlags0128


Script Project

So I just figured out what my script project will be.

So awhile ago I came across a blog post detailing out a new update that adds functionality to the Windows Update Cleanup wizard. What it basically does is remove the backup or superseded update files from the WinSXS folder.

But this update only adds the new feature to a GUI. What happens if you wanted to cleanup the updates from a large group of computers?

Well there's going to be a script for that.

System Center & PowerShell = Happiness

So I've been doing a lot with the System Center suite of tools for enterprise management. I've always had exposure to System Center - Configuration Manager due to its OSD features but in the past couples years I've had more opportunities to gain some insight into Service Manager and a more complete understanding of Configuration Manager as well.

One of the pains of this suite though is that its just huge. Both in terms of infrastructure in production environments (labs are smaller but still puts some load on hardware) and the time it takes for deployment. I've always likened it to spinning plates...lots of them.

And then I found out about the PowerShell Deployment Toolkit. And its...amazing.

First, the name doesn't give it justice. This is not a tool for deploying PowerShell but rather its deploying System Center leveraging PowerShell! The team who puts this together (Windows Server and System Center Group within Microsoft) has done an amazing job at integrating several features of PowerShell including Workflows into a cohesive and automated solution to both provision virtual machines, install core dependencies and System Center.

The team is led by Rob Willis and he blogs over at the Building Clouds site under the Deployment track, but pretty much all of those posts/tracks are great for cloud construction and systems automation content.

You can grab the PowerShell Deployment Toolkit here.

Where the Rubber Hits the Road

So throughout last year I've been talking to clients and fellow IT professionals about the incredible benefits of systems automation and DevOps. This is turning out to be something that I just really enjoy doing.

But there was something that held me back and I've started to change this - PowerShell.

It's funny really...I go at length evangelizing the benefits of PowerShell and even have helped people write some scripts (verbally) without fully understanding and learning the scripting language itself. Well, this stops here. And what better way to learn something by doing something!

Sometime soon I'm going to zero in on problem or task that I need solved and I'll make a script project out of it and share it with the community. The community has always been such a great learning tool and I'm excited to give something tangible back instead of just troubleshooting advice.

TechEd 2013: Announcing Windows Server 2012 R2

Oh hey, I have a blog. 

During TechEd 2013, Microsoft announced the next version of its server operating system, Windows Server 2012 R2.

You can watch both the keynote and a list of TechEd sessions, but here is a short overview of what I took away.

Windows Server 2012 R2 is part of Microsoft's evolving approach to a Cloud OS, or Platform. Remember people, they may be a "Devices and Services" company but they are also a platform/partner company. Windows Server 2012 R2 plays a role in their platform strategy which involves the following:

  • Private Cloud
    •  
    • Windows Server 2012 R2 plays the lead role in this area for obvious reasons. What was emphasized here though was the fact that all the experience and insight while Microsoft built out Windows Azure with the previous server versions (2008 R2 & 2012) are brought into focus with Windows Server 2012 R2 so that private companies can take advantage of these benefits at scale also.
  • Public Cloud
    •  
    • This is where Microsoft delivers on their Saas, PaaS and IaaS story. Windows Azure is currently built on Windows Server 2012 Hyper-V but make no mistake, they are testing and iterating at least some portion of Azure on Windows Server 2012 R2 and when its released Azure will absolutely get those bits.
  • Service Partners
    •  
    • Microsoft specifically touted the fact that they haven't forgotten about scenarios where there needs to be a certain amount of customization a customer needs that Azure cannot provide but a partner could. Jeff Woolsey described a scenario in which a requirement that data couldn't leave Canada, but the customer still wanted to take advantage of at scale computing. Providers can deliver on this.

This is how Microsoft described it's approach to cloud computing. They took a few jabs at their competitors such as VMware, Amazon and SalesForce saying that they're only focused on specific pieces of the puzzle. Judging by what they illustrated though, they may be right.

Just because it’s the most thought out solution doesn't mean customers will follow suit.

Time will tell.

BYOD From a Different Perspective

I'm sitting on this plane doing my usual thing: Working. Part of my job is to read...a lot.

I follow a variety of people. One of them is Mike Rigsby. Recently he wrote an article where he lays out the opinion that BYOD (Bring Your Own Device) just wouldn't work in today's enterprises.

Obviously this peaked my interest. :)

Mike lists out the concerns that he believes he would have. And I have to tell everyone, they are valid issues. But at the same time, I don't believe they're as bad as he anticipates. I have the benefit of seeing first hand what this would be like...because I've deployed technologies that enable BYOD in enterprise environments. Let's hit the list…

1. Standardization

I believe the consumerzation of IT is forcing this issue. You can actually make the argument that the same force is applying to BYOD as well. But the question Mike is raising is "Do you really want them in the enterprise?". Well, the reason you want standardization is for support most of all, and also easy procurement. With a BYOD technology like VDI (Virtual Desktop Infrastructure), you rely less on the client hardware and more on the operating environment and infrastructure. This has the potential to reduce hardware support costs because you don't support as much hardware. Enterprises are realizing this and taking advantage.

  2. Security

Security is a tough one. I think it really depends on the business requirements that drive the functional requirements to make this determination if BYOD is a good fit for you. Typically there is risk assessment performed to evaluate if BYOD is acceptable, but a risk assessment is going to take into consideration technology that can prevent and mitigate a lot of these concerns. From VLAN's, 802.1x, NAP/NAC and ACL's, many companies have discovered limited and acceptable risk when contained appropriately.

VDI can also help reduce the attack surface for the company in question. Mike describes a situation where users have their laptops stolen. In the case of VDI, since nothing is on the end users laptop, the impact of stolen property is limited to the end user.

3.Liability

Mike frames this topic in the context of user productivity, which is absolutely a concern. What if the user loses or damages their equipment? Even if it's their own, the business still has to deal with lost productivity. I've discovered that most companies who employ BYOD don't deploy it company-wide. There are certain scenarios that require company owned hardware (like a dependency to interface with another hardware device or a security policy in place). But depending on your business, the vast majority of users are probably information workers. In this case, VDI can be ideal for a BYOD solution. Several companies I know simply have hardware on reserve for this type of scenario.

In conclusion, are there reasons not to deploy BYOD/VDI? Absolutely. It's a large capital expense. You need to purchase the backend infrastructure and software licenses, which are not cheap.

But is it worthwhile? I believe more companies are asking themselves that question and the answer may surprise Mike.

View 5 Parent VM's

Been working on a VMware View 5 pilot for the past couple months and I wanted to share with you a gotcha we discovered.

First off, I should stress that how you build the Parent VM's is extremely important. I would suggest that you use MDT or SCCM OSD in creation of your image (as always) and that you carefully design your image with the idea that you're running within a shared resource environment.

A short description on Parent VM's. A Parent VM is a virtual machine that is the basis for other virtual machines in a Linked Clone desktop pool. The idea is similar to differential disks in virtualization 101. You have a parent disk and then create/link a second disk to the first. Any additional writes to the VM are written to this second differential disk. The hypervisor then determines which disk to pull from when a read IO occurs. When talking about Parent VM's and Linked-Clones, when a new VM needs to be created, the template it uses is the Parent VM.

Our problem started when we took the snapshot of our parent VM for View to use as our template. Whenever we started provisioning the pool, the VM's would hang at the customization phase. I won't bore you with the details, but first we thought it was hardware we used within the Parent VM. It was built on hardware version 8 (the newest for View 5.0) and that we were using an incorrect storage controller driver with the OS. Whenever we turned on those VM's, it wasn't joined to the domain and we received the "New Hardware Detected" Windows dialog box wanting us to restart the computer.

Easy! Just update the driver and then take another snapshot.

Turns out this wasn't the case.

Several more troubleshooting steps later we finally determine what the problem was: Microsoft App-V. The App-V agent was baked into the Parent VM. When QuickPrep does it's thing, it enumerates all of the drives registered with Windows. App-V creates a logical drive (Default is Q: I believe...) and when the VMware View Agent grabs those registrations and discovers the App-V drive, it handles it incorrectly. When we stop/disable the App-V agent service and started it back up post load it works like a charm.

Whether it was the fault of VMware or Microsoft/SoftGrid (this was using App-V 4.5, no SP so it was pretty old) is unknown. But hopefully this can help someone else who doesn't have to pull their hair out as much as we did.

Yes, I'm still here.

Sadly, I have neglected this blog for far too long. I am constantly reminded that I have this site due to the amount of spam comments I get. The Internet is a wonderful thing, isn't it?

Suffice to say, since my last update I have a few new things going on. I've switched jobs twice but I still love what I do. I'm excited as ever and looking forward to some new experiences. But if there is anything that I've learned in my industry it's that change is constant.

At the beginning of 2011 I moved away from ACS/Xerox and moved to Dell Services. I was part of a team named GICS, or Global Infrastructure Consulting Services. We did exactly that: consulted with companies regarding their IT infrastructure and gave advice and guidance on their current and future projects they're considering. Naturally, I specialized in OS Migrations: Windows 7 stuff. It was awesome...for the first couple weeks...

See, my team was a "national" team. That is code for travel! Awesome, right? To a certain extent. I do enjoy travel...especially when you have a company card. ;) But there was a significant toll on the family. I was traveling every week from February until the middle of July. My first stint was New York/Jersey, then Atlanta and topping it off in Dallas/Ft. Worth. From April through July I was in Texas and let me tell you...that Texas heat is something of a shocker for someone who has lived in the Pacific Northwest his entire life. And if you know me personally, you understand that my favorite seasons are Fall and Winter...not those "other two". More importantly though, it was grueling on my kids and wife. I was given some advice from someone who I trust to be mindful of travel and I'm glad he gave it to me. I didn't like the way we were heading so a change was needed.

July came and I got headhunted away to a smaller but up and coming IT consultancy. Slalom Consulting is based in Seattle, but we have a national presence. This company is AMAZING! Voted by Glassdoor.com as the 7th best company to work for! Great people, amazing relationships and opportunities and a great culture. Our next company retreat is in Whistler. I better get that snowboard out.

Hurray for awesome job???

As of December we're fully in Seattle (Issaquah really...). We're prepping our house down in Portland for rental on the weekends. Probably do this SEA to PDX thing for a couple more weekends so if anyone is interested in getting together, hit us up and let's get coffee.

Oh...that sounds good right about now.

Deployment Resources

I've been asked to share the resources I use regarding operating system deployment (MDT/SCCM OSD) and the people I follow. Something that i've been trying to push myself lately is to give back to the community. Been a long time practitioner of leveraging community support for questions and problems I have had but really haven't been active in blog comments and forums until now...
Read More

Tricky USMT, tricky…

The User State Migration Tool is part of the Windows Automated Installation Kit (WAIK) and it’s purpose is exactly that: transfer “user state” from one operating system to another. Although editing the XML can get complex, I found the Technet library reference on it very helpful and complete, or almost.

Our client had space limitations just like everyone else and to help mitigate some of these issues, we set a configuration parameter on scanstate.exe so that any Windows profiles that hadn’t been logged into in 60 days would not get captured. That flag is /UEL:60.

At the same time, we didn’t want certain profiles to be captured either…say for instance the local Administrator account. So for this we specified /UE:%COMPUTERNAME%\Administrator on the scanstate.exe command line as well.

I won’t go into extreme detail, but in short this does not work. USMT has specific rules of precedence depending on the switches and they don’t always merge. If you use the UEL and you specify an UE exclusion, if that UE exclusion has logged in within 60 days that profile will get captured. UEL will take precedence. You can get around this in your deployment by creating a task sequence step to run a tool to remove unwanted profiles before you perform a USMT capture. Check the references section for a blog entry describing this in more detail and a reference on USMT ScanState tool.

This caused my team headaches and I hope this helps other engineers so they don’t have to self medicate as much as I did in their deployments.

What Happened EBS

I know a lot of time has past since they announced that Essential Business Server has been discontinued. I thought now would be a good time since the dust has settled to air some of my thoughts on this decision.

For some context, I've been following this product since it's first beta, code name "Centro". I've been doing SBS deployments for years beforehand and I noticed a discrepancy in "packaged" solutions going beyond 50-75 users into a standard Windows environment, and it was rough. When I had first caught wind this product would help bridge the gap between small business and mid-sized company I felt pretty excited. Maybe this will finally round out Microsoft's server solutions portfolio.

When they announced that they had discontinued the product, like most people in the EBS community I was shocked. EBS version 2 was just about to be released (no joke...it was pretty close to RTM) and the first version had done pretty well from what I heard. So I was surprised that they would stop selling it in June. There was definitely a group of people in the forums and community groups wondering what was the true cause.

The end result is the same either way I look at it though, so I took a different approach. I follow Microsoft technologies pretty closely and at the last PDC when Windows Azure was announced I asked myself a question: What does this mean for solutions I deal with? I thought about it awhile and I've come up with at least a rough forecast. Although I'm more focused on enterprise technology I'll give it a try.

Small Business Server is going to be solid for quite some time. Although I do think that the Exchange component might be ported to the cloud via Windows Azure, the simplistic packaging and value to small business is obvious. EBS...it makes sense that they discontinue. Move those people to Azure and lock in recurring revenue. Although I thought that the 3 server solution wasn't too complicated other people felt differently. And it apparently showed in the "surveys" that the EBS team took.

There will always be servers in the mid-sized company. The variable will be to what extent will they play and that will determine what will be kept.

SQL Reporting Services SP3 Installation Woes

While I was supporting a client I came across an issue where one of the updates failed on the Management server in an EBS installation. Maybe failed is the wrong term to use as the update reported that it would install successfully, but the next day or so (or if you manually kick of the detection logic) that update would reappear. Strange...
Read More