How to add a driver to the DriverStore

All drivers are stored in the so called DriverStore, which is located under %SYSTEMDRIVE%\Windows\System32\DriverStore.

With the built-in command line tool pnputil you can add or remove drivers.

How does it work?

  1. Start an elevated command prompt (Start, type CMD, hit Ctrl+Shift+Enter)
  2. Adding a driver:
    • Pnputil.exe -a c:\LOCATION_OF_DRIVER\DRIVER_NAME.inf
      The location can be either local or remote
    • Pnputil.exe -a C:\LOCATION_OF_DRIVER\*.inf
      Copy all drivers from that folder
  3. Deleting a driver:
    • Pnputil.exe -d DRIVER_NAME.inf

Deploy Windows 10 with MDT 2013 Update 1 “Preview”

Deploying Windows 10 with MDT 2013 Update 1 Preview

Next you need the MDT 2013 Update 1 Preview. To get the preview, you need to first join the MDT Group on Microsoft Connect, if you’re not a member already. Then, prior to downloading the actual preview bits, you’ll need to grab the Windows ADK for Windows 10 Technical Preview, which is a prerequisite for running MDT.

The Build number which the best to use is the Windows 10 Technical Preview with build number 9926 Winking smile

So i installed some apps automaticly Winking smile
image

Doing some bug check/feature check Winking smile Keep you posted Winking smile

Fixing User Home Folder rights with Powershell

When i visit a lot of company’s i see many times that the home folder directory have not the right rights. To fix this that’s al lot of work. Sow it time to write about it. I wrote a nice powershell script to fix it and save me and you a lot of time.

Three steps :

1.  Set Share Permissions for the Everyone group to Full Control.

2.  Use the following settings for NTFS Permissions (http://support.microsoft.com/kb/274443):

  • CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only)
  • System – Full Control (Apply onto: This Folder, Subfolders and Files)
  • Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files)
  • Everyone – Create Folder/Append Data (Apply onto: This Folder Only)
  • Everyone – List Folder/Read Data (Apply onto: This Folder Only)
  • Everyone – Read Attributes (Apply onto: This Folder Only)
  • Everyone – Traverse Folder/Execute File (Apply onto: This Folder Only)

Pay attention when configuring the home directory or folder redirection policies.  If you enable the setting to give the user exclusive access to the folder, you will override the inherited permissions and need to reset the ACL Winking smile

3. Run the Following script Repair-HomeFolderPermissions.ps1

________________________________________________________________________

#########################################################################
# Script: Repair-HomeFolderPermissions.ps1
# Author: Ward Vissers    http://www.wardvissers.nl
# Date: 20/11/2014
# Keywords:
# Comments:
# Pre-Requisites: Full Control over destination folder.
#
# +————+—–+———————————————————+
# |       Date | Usr | Description                                             |
# +————+—–+———————————————————+
# | 20/11/2014 | WV  | Initial Script                                          |
# |            |     |                                                         |
# +————+—–+———————————————————+
#
#   1. http://support.microsoft.com/kb/274443
#
#   2. Set Share Permissions for the Everyone group to Full Control.
#  
#   3.  Use the following settings for NTFS Permissions:
#
#   CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only)
#   System – Full Control (Apply onto: This Folder, Subfolders and Files)
#   Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files)
#   Everyone – Create Folder/Append Data (Apply onto: This Folder Only)
#   Everyone – List Folder/Read Data (Apply onto: This Folder Only)
#   Everyone – Read Attributes (Apply onto: This Folder Only)
#   Everyone – Traverse Folder/Execute File (Apply onto: This Folder Only)
#
#
# DISCLAIMER
# ==========
# THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
# RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER.
#############################################################################

$dirpath = “D:\Data\user”

# get list of all child directories, in the current directory
$directories = dir $dirpath | where {$_.PsIsContainer}

# iterate over the directories
foreach ($dir in $directories)
{
# echo out what the full directory is that we’re working on now
write-host Working on $dir.fullname using $dir.name

# setup the inheritance and propagation as we want it
$inheritance = [system.security.accesscontrol.InheritanceFlags]“ContainerInherit, ObjectInherit”
$propagation = [system.security.accesscontrol.PropagationFlags]“None”
$allowdeny=[System.Security.AccessControl.AccessControlType]::Allow

# get the existing ACLs for the directory
$acl = get-acl $dir.fullname

# add our user (with the same name as the directory) to have modify perms
$aclrule = new-object System.Security.AccessControl.FileSystemAccessRule($dir.name, “FullControl”, $inheritance, $propagation, “$allowdeny”)

# check if given user is Valid
$sid = $aclrule.IdentityReference.Translate([System.Security.Principal.securityidentifier])

# add the ACL to the ACL rules
$acl.AddAccessRule($aclrule)

# set the acls
set-acl -aclobject $acl -path $dir.fullname
}

__________________________________________________________________________

Deploy Windows 10 and Windows Server vNext Technical Preview Using MDT 2013

1. Mount boot.wim file
Dism /Mount-Image /ImageFile:”D:\DeploymentShare\Operating Systems\Windows Server Technical Preview\sources\boot.wim” /index:1 /MountDir:D:\offline

2. Copy the dism.exe and DISM folder from the Windows 10 Technical Preview boot.wim file to your deployment share, in my case D:\DeploymentShare\Tools\x64.

The dism.exe file and DISM folder are found in the X:\Windows\System32 on your boot image (once booted), or D:\Offline\Windows\System32 if you just mounted the boot.wim.

3. Unmount the image|
Dism /Unmount-Image /MountDir:”D:\Offline” /Discard

4. Edit the Task Sequence
image image 

After copying the files, add two run command line actions to your Windows 10 Technical Preview and Server vNext Preview task sequence after Preinstall – Enable Bitlocker (Offline)

Copy WTP dism.exe
cmd /c copy %deployroot%\tools\%architecture%\dism.exe x:\windows\system32\ /y

Copy WTP DISM subsystem
cmd /c copy %deployroot%\tools\%architecture%\dism\*  x:\windows\system32\dism /y

5. Deploy Machines

image

image

Installing Windows 10 & Server vNext Technical Preview via PXE on Gen 2 VM

If you try to PXE boot a Windows 10 or Server vNext Technical Preview VM running on Hyper-V in Windows Server 2012 R2, you are greeted by a nice error message: Boot Failed. EFI Network. Failed Secure Boot Verification.

The simple fix

Until there is an update available turn off secure boot for the Gen 2 VM.

image

Performance issues or delays when you connect to Exchange Server 2013 that is running in Windows Server

Microsoft released a new KB article about a performance issue with Exchange 2013

When you connect to a Microsoft Exchange Server 2013 server that is installed in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008 in which Microsoft .NET Framework 4.5 is included, you may experience delays to access email messages or disconnections to the Exchange server. When this issue occurs, the CPU or memory usage on the server is high for some services that include one or more of the W3wp.exe processes.

This issue occurs because too many objects are pinned on the .NET Framework 4.5 garbage collector heap. It causes heap fragmentation in addition to an increase in CPU and memory usage by the garbage collector.

Important Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

For Exchange Server 2013 that is installed in Windows Server 2012

Apply hotfix 2803755 that needs a restart, and then use one of the following methods to enable the hotfix:

  • Create the COMPLUS_DisableRetStructPinning environment variable, and set the value of the variable to 1.
  • Create a DWORDvalue of the DisableRetStructPinning entry at the following registry subkey, and set the DWORD value to 1:

    HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework

Then, restart the computer.

For Exchange Server 2013 that is installed in Windows Server 2012 R2

Create a DWORDvalue of the DisableRetStructPinning entry at the following registry subkey, and set the DWORD value to1:

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework

Then, restart the computer.

For Exchange Server 2013 that is installed in Windows Server 2008 R2 or Windows Server 2008

Apply hotfix 2803754 that needs a restart, and then use one of the following methods to enable the hotfix:

  • Create the COMPLUS_DisableRetStructPinning environment variable, and set the value of the variable to 1.
  • Create a DWORDvalue of the DisableRetStructPinning entry at the following registry subkey, and set the DWORD value to 1:

    HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework

Windows 8.1 Update (KB 2919355) prevents interaction with WSUS 3.2 over SSL

There is a known issue which causes some PCs updated with the Windows 8.1 Update (KB 2919355) to stop scanning against Windows Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2 or WSUS 3.2) servers which are configured to use SSL and have not enabled TLS 1.2.

Issue Description

The problem is specific to the following scenario when all of the following are true

  1. Client PC has installed Windows 8.1 Update KB 2919355
  2. Windows 8.1 with Windows 8.1 Update KB 2919355 attempts to scan against WSUS 3.2 running on any affected platform:
    • Windows Server 2003 SP2, or
    • Windows Server 2003 R2 SP2, or
    • Windows Server 2008 SP2, or
    • Windows Server 2008 R2 SP1
  3. HTTPS and Secure Sockets Layer (SSL) are enabled on the WSUS server
  4. TLS 1.2 is not enabled on the server

Only users who have enabled HTTPS and have not enabled TLS 1.2 on their WSUS 3.2 servers and who are also using these WSUS 3.2 servers to manage PCs running the Windows 8.1 Update KB 2919355 are affected by this issue. Please note, while we do recommend the use of HTTPS on WSUS servers, HTTPS and TLS 1.2 are not enabled by default.

Workarounds

If you are using WSUS 3.2 on Windows Server 2008 R2, you may perform either of the following steps to restore the scan functionality if you have deployed the Windows 8.1 Update KB2919355.

  • Enable TLS 1.2 (follow the instructions under More Information > SCHANNEL\Protocols subkey), or
  • Disable HTTPS on WSUS

If you are using WSUS 3.2 on an operating system other than Windows Server 2008 R2, you may perform the following step to restore the scan functionality.

  • Disable HTTPS on WSUS

When Microsoft releases an update that resolves the issue, you may re-enable HTTPS on WSUS.

Microsoft plans to issue an update as soon as possible that will correct the issue and restore the proper behavior for Windows 8.1 Update KB 2919355 scanning against all supported WSUS configurations. Until that time, we are delaying the distribution of the Windows 8.1 Update KB 2919355 to WSUS servers.

You may still obtain the Windows 8.1 Update (KB 2919355) from the Windows Update Catalog or MSDN. However, we recommend that you suspend deployment of this update in your organization until we release the update that resolves this issue. You may also find the workarounds discussed in this article to be useful for testing this Windows 8.1 Update for your organization. Thank you for your patience during this time.

Server 2012 R2 Update & Windows 8.1 Update (KB2919355) direct download links

Server 2012 R2 Update & Windows 8.1 Update is a cumulative set of security updates, critical updates and updates.

Windows 8.1 Update for x86 (KB2919355)

Windows 8.1 Update for x64 (KB2919355)

Windows Server 2012 R2 Update (KB2919355)

Microsoft Virtual Machine Converter 2.0

    Microsoft® Virtual Machine Converter (MVMC) is a Microsoft-supported, stand-alone solution for the information technology (IT) pro or solution provider who wants to convert virtual machines and disks from VMware hosts to Hyper-V® hosts and Windows Azure™.
    MVMC can be deployed with minimal dependencies. Because MVMC provides native support for Windows PowerShell®, it enables scripting and integration with data center automation workflows such as those authored and run within Microsoft System Center Orchestrator 2012 R2. It can also be invoked through the Windows PowerShell® command-line interface. The solution is simple to download, install, and use. In addition to the Windows PowerShell capability, MVMC provides a wizard-driven GUI to facilitate virtual machine conversion.
    New Features in MVMC 2.0
    MVMC 2.0 release of MVMC includes the following new features:

    • Converts virtual disks that are attached to a VMware virtual machine to virtual hard disks (VHDs) that can be uploaded to Windows Azure.
    • Provides native Windows PowerShell capability that enables scripting and integration into IT automation workflows.
      Note The command-line interface (CLI) in MVMC 1.0 has been replaced by Windows PowerShell in MVMC 2.0.
    • Supports conversion and provisioning of Linux-based guest operating systems from VMware hosts to Hyper-V hosts.
    • Supports conversion of offline virtual machines.
    • Supports the new virtual hard disk format (VHDX) when converting and provisioning in Hyper-V in Windows Server® 2012 R2 and Windows Server 2012.
    • Supports conversion of virtual machines from VMware vSphere 5.5, VMware vSphere 5.1, and VMware vSphere 4.1 hosts Hyper-V virtual machines.
    • Supports Windows Server® 2012 R2, Windows Server® 2012, and Windows® 8 as guest operating systems that you can select for conversion.
    Standard MVMC Features
    In addition to the new features previously identified, MVMC provides the following functionality:

    • Converts and deploys virtual machines from VMware hosts to Hyper-V hosts on any of the following operating systems:
    • Windows Server® 2012 R2
    • Windows Server® 2012
    • Windows Server 2008 R2 SP1
    • Converts VMware virtual machines, virtual disks, and configurations for memory, virtual processor, and other virtual computing resources from the source to Hyper-V.
    • Adds virtual network interface cards (NICs) to the converted virtual machine on Hyper-V.
    • Supports conversion of virtual machines from VMware vSphere 5.5, VMware vSphere 5.0, and VMware vSphere 4.1 hosts to Hyper-V.
    • Has a wizard-driven GUI, which simplifies performing virtual machine conversions.
    • Uninstalls VMware Tools before online conversion (online only) to provide a clean way to migrate VMware-based virtual machines to Hyper-V.
      Important MVMC takes a snapshot of the virtual machine that you are converting before you uninstall VMware Tools, and then shuts down the source machine to preserve state during conversion. The virtual machine is restored to its previous state after the source disks that are attached to the virtual machine are successfully copied to the machine where the conversion process is run. At that point, the source machine in VMware can be turned on, if required.
      Important MVMC does not uninstall VMware Tools in an offline conversion. Instead, it disables VMware services, drivers, and programs only for Windows Server guest operating systems. For file conversions with Linux guest operating systems, VMware Tools are not disabled or uninstalled. We highly recommend that you manually uninstall VMware Tools when you convert an offline virtual machine.
    • Supports Windows Server and Linux guest operating system conversion. For more details, see the section “Supported Configurations for Virtual Machine Conversion” in this guide.
    • Includes Windows PowerShell capability for offline conversions of VMware-based virtual hard disks (VMDK) to a Hyper-V–based virtual hard disk file format (.vhd file).
      Note The offline disk conversion does not include driver fixes.

Download

Windows ADK 8.1 update (for Windows 8.1 Update) is available for download:

The Windows ADK 8.1 update (for Windows 8.1 Update) is available for download:

Windows ADK 8.1 update (direct download only: http://www.microsoft.com/en-us/download/details.aspx?id=39982

You still run adksetup.exe to install or download the updated ADK, but you do see that the new ADK is slightly bigger than the previous kit. The Patches folder content also have a higher version number. The October 18, 2013 release of Windows 8.1 ADK had a folder named 8.100.26020, but the April 2, 2014 release of Windows 8.1 ADK have 8.100.26629.

New features in ADK 8.1 are the WIMBoot option, updates to dism, updates to WinRE and a new WinPE version (5.1). There are also fixes for USMT.

Important Change:
DISM: Does not support Windows Vista or Windows Server 2008 images.

More info about the changes here: http://msdn.microsoft.com/en-us/library/windows/hardware/dn247001.aspx

Info on updating WinPE 5.0 to WinPE 5.1: http://technet.microsoft.com/en-us/library/dn613859.aspx