Setup KMS Server for Windows Server 2008 R2 or Windows 7

Posted on January 24, 2012 by Ward

Open the command prompt and run the following command:

cscript c: \ Windows \ System32 \ slmgr.vbs / ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx

Enter the product key xxxxx Windows Server 2008 R2. It is also able to activate Windows 7. The following text appears when the command is successful.

Microsoft ® Windows Script Host Version 5.7
Copyright © Microsoft Corporation. All rights reserved.
Installed product key xxxxx-xxxxx-xxxxx-xxxxx-xxxxx successfully.
The installation of the KMS server is complete. The server installs itself on port 1688. This port must be opened to be put in the firewall. To change the port the following command can be used.

Slmgr.vbs / SPRT xxxx
Once the firewall is open and the key is installed, the KMS server service has to be restarted. Do this by using the following command:

slsvc & net stop & net start slsvc

To check whether the data will be registered correctly in the DNS, the following command:

nslookup-type = srv _vlmcs._tcp

Here, the following output should appear:

_vlmcs._tcp.test.local SRV service location:
priority = 0
weight = 0
port = 1688
svr hostname = kms.wardvissers.local
internet address = 192.168.150.7 kms.wardvissers.local

Clients / Servers

The clientele / servers need to connect to the KMS host will automatically find the host by dns. When the client / server using a MAK key is activated. Should this be put back to a KMS client key. These keys are released by Microsoft. When this key is set on the client / server will automatically look for a KMS host. When not present, the client / server activation.

KMS client keys:

Windows 7 Enterprise: 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Windows Server 2008 Standard: TM24T-X9RMF-VWXK6-X8JC9-BFGM2
Windows Server 2008 Enterprise: YQGMW-MPWTJ-34KDK-48M3W-X4Q6V
Windows Server 2008 R2 Standard – YC6KT-GKW9T-YTKYR-T4X34-R7VHC
Windows Server 2008 R2 Enterprise – 489J6-VHDMP-X63PK-3K798-CPX3Y

The following commands can the key be changed from MAK to KMS here are the xxxxx is one of the above keys.

slmgr.vbs / ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
Note: To ensure that the client is forced to activate the command to be executed on the client.
slmgr-ato

It can happen that the RMS server returns the following message. This is because the KMS server is just beginning to work with 25 clients and 5 servers.

You can find here the list with error codes & solutions: http://support.microsoft.com/kb/938450

Special thanks to:Harm Hoekstra

Preventing Automatic Service Pack 1 Update to Windows 7 and Windows Server 2008 R2

Posted on August 16, 2011 by Ward

Microsoft began to distribute Windows 7 and Windows Server 2008 R2 Service Pack 1 (SP1) as a high-priority update through Automatic Updates. However, as with most large corporate environments, IT organizations may want to delay the introduction of a new Service Pack until they have tested compatibility with internal applications and sites.

Microsoft created a tool called “Windows Service Pack Blocker Tool Kit” to stop it from updating your servers and workstations without your permission. Unlike the Blocker Toolkit for IE9, this tool does have an expiration date – the 22nd of February 2012. The tool and can be configured either by running the registry file on the client machines or through Group Policy in domain joined environments.

Download

Download details: www.microsoft.com/downloads/en/details.aspx?FamilyID=D7C9A07A-5267-4BD6-87D0-E2A72099EDB7

The tool can be used with:

Windows 7 Service Pack 1
Windows Server 2008 R2 Service Pack 1

Toolkit Components

The tool contains three components. All of them function primarily to set or clear a specific registry key that is used to detect and block download of Service Packs from Windows Update. You need to only use one of the components, the one that best serves your organization’s computer management infrastructure.

The components are:

A Microsoft-signed executable
A script
An ADM template

Registry key

The executable creates a registry key on the computer on which it is runs that blocks or unblocks (depending on the command-line option used) the delivery of a Service Pack to that computer through Windows Update. The key used is HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate.

Key value name: DoNotAllowSP

When the key value name is not defined, distribution is not blocked.
When the key value name is set to 0, distribution is not blocked.
When the key value name is set to 1, distribution is blocked.

Blocker Script

The script does the same thing as the executable, but allows you to specify the remote machine name on which to block or unblock delivery of Service Packs.

When the ‘/B’ command line option is used, the key value name ‘DoNotAllowSP‘ is created and its value set to 1. This value blocks delivery of a Service Pack to the computer through Automatic Update or Windows Update.

When the ‘/U’ command line option is used, the previously created registry value that temporarily blocked the delivery of a Service Pack to the computer through Automatic Update or Windows Update is removed. If the value does not exist on the computer on which it is run, no action is taken.

Note: The executable and script have been tested only as a command-line tool and not in conjunction with other systems management tools or remote execution mechanisms.

Group Policy Administrative Template (.ADM file)

The ADM template allows administrators to import group policy settings to block or unblock delivery of Service Packs into their Group Policy environment. Administrators can then use Group Policy to centrally execute the action across systems in their environment.

Add the .ADM file to the Group Policy by going to Computer Configuration > Administrative Templates. Right click and select Add/Remote Templates. Browse to the location of the .ADM file and click Ok.

Users running Windows 7 and Windows Server 2008 R2 will see the policy setting under Computer Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Windows Components > Windows Update.

Please note that this toolkit will not prevent the installation of the service pack from CD/DVD, or from the stand-alone download package. This simply prevents Windows 7 and Windows Server 2008 R2 Service Pack 1 (SP1) from being delivered over Windows Update.

How to create a Windows 7 x86 or x64 WMI Filter

Posted on May 6, 2011 by Ward

I want to deploy some applications to different OS versions. I created some WMI filters. I added the right Group Policy to the right WMI filter.

Target Win 7 32 bit machines:

select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"

Target Win 7 64Bit machines:

select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND OSArchitecture = "64-bit"

Target any 32 bit OS;

SELECT AddressWidth FROM Win32_Processor WHERE AddressWidth =’32′

Target any 64Bit OS:

SELECT AddressWidth FROM Win32_Processor WHERE AddressWidth =’64

Poster: Deploying Windows 7 in Enterprise

Posted on March 29, 2011 by Ward

To download just click on the picture.

Group Policy Preferences Data Sources Failed with error 0×80070057

Posted on March 15, 2011 by Ward

Group Policy Data Sources is voltooid.

Aanvullende gegevens:

Het voorkeursitem computer ‘Nordined’ in het groepsbeleidsobject ‘De naam van de policy {54A928D5-EAA8-421B-9F12-066B350B6671}’ is niet toegepast, omdat het is mislukt met foutcode ’0×80070057 De parameter is onjuist.’%%100790273

Oplossing:

Edit Datasources.xml
<?xml version="1.0" encoding="utf-8"?>

</DataSources>

Delete username="" and cpassword=""
<?xml version="1.0" encoding="utf-8"?>

Now the policy is deployed succesvol Open-mouthed smile

Microsoft Assessment and Planning Toolkit 5.5

Posted on January 18, 2011 by Ward

The Microsoft Assessment and Planning Toolkit (MAP) is an agentless, automated, multi-product planning and assessment tool for quicker and easier desktop and server migrations. MAP provides detailed readiness assessment reports and executive proposals with extensive hardware and software information, and actionable recommendations to help organizations accelerate their IT infrastructure planning process, and gather more detail on assets that reside within their current environment. MAP also provides server utilization data for Hyper-V server virtualization planning; identifying server placements, and performing virtualization candidate assessments, including ROI analysis for server consolidation with Hyper-V.

MAP helps make the following IT planning projects faster and easier:

Migration to Windows 7, Windows Server 2008 R2, and Microsoft Office 2010
Migration to Windows 7 compatible versions of Internet Explorer
Migration to cloud-based services
Server virtualization with Hyper-V
SQL Server consolidation and migration to SQL Server 2008 R2
Assessment of current software usage and client access history for simplified software asset management
PC security assessment and migration to Microsoft Forefront Client Security

You can use MAP to inventory the following technologies:

Windows 7
Windows Vista
Windows XP Professional
Office 2010 and previous versions
Windows Server 2008 or Windows Server 2008 R2
Windows Server 2003 or Windows Server 2003 R2
Windows 2000 Professional or Windows 2000 Server
VMware ESX
VMware ESXi
VMware Server
Linux variants
LAMP application stack discovery
SQL Server 2008
SQL Server 2008 R2
MySQL
Oracle
Sybase

Download MAP 5.5 HERE

Home folders renamed to My Documents

Posted on December 7, 2010 by Ward

When you redirect users home folders to network share the folders are show as My Documents folder.

This is a bug in Windows 7
http://support.microsoft.com/kb/947222

Solution:

Do not grant the Read permission to the administrator for the Desktop.ini files on the server. To do this, follow these steps:

Note If more than one Desktop.ini file exists, follow these steps for all the Desktop.ini files.

Right-click the Desktop.ini file, click Properties, and then click the Security tab.
In the Group or user names pane, click Administrators.
Click to select the Deny check box for the Read permission.
Click OK.

If you have 1000+ home folders this is not great thing to do Sad smile

Richard Willis created a nice powershell script that will do it for you Open-mouthed smile
You need only change the groupName to the group that you will give deny read permissions.
Save the script in de home folder where all the “My Documents” are and run the script.

The Script:
———————————————————————————————————–

$folders = Get-ChildItem | where-object {$_.psiscontainer};
foreach ($folder in $folders)
{
$desktopIni = Get-ChildItem $folder -Filter desktop.ini -Force
if ($desktopIni -ne $null)
{
$Acl = Get-Acl $desktopIni.FullName
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule `
("groupName","Read","Deny")
$Acl.SetAccessRule($Ar)
Set-Acl $desktopIni.FullName $Acl
}
}

———————————————————————————————————-

How to Install & Configure Immidio Flex Profiles Advanced Edition

Posted on August 5, 2010 by Ward

Install Immidio Flex Profiles Advanced Edition with setup.exe. There is one thing you must no.

The Management console is there in to flavors x86 and x64.

The Immidio Flex Profiles Advanced Edition.msi that you need later works both fine on x86 and x64 machines.

Start Immidio FlexProfile Kit

Best Practice is that the ini are placed on a domain controller because If one domain controller fails you have no problems with your flex profile kit.

Import the ini files that you will find in the package
I have al ready some ini files (Word 2007, Outlook 2007, Excel 2007) that i used with a older version of flex profile kit.

Create on a File Server an application install folder. I named it Immidio Flex profiles
Copy the Immidio Flex Profiles Advanced Edition.msi to that folder and the following script.

flexprofilesinstall.cmd

REM Voor Immidio FlexProfiles.
IF EXIST "C:\Program Files\Immidio\Flex Profiles\flexengine.exe" GOTO END
msiexec.exe /i "\\ward-dc01\install\Immidio Flexprofiles\Immidio Flex Profiles Advanced Edition.msi" /qb! LICENSEFILE="\\ward-dc01\Install\Immidio Flexprofiles\wardvissers.lic" /l* c:\InstallFlex.log

:END

Create A New GPO on the computers where you want to install Immidio Flexprofile kit. I named Install Immidio Flexprofiles. Asssign the flexprofilesinstall.cmd als a startup script. Set the maximum wait time on 3600.

Afther that i created a new policy for my domain users witch a named Immidio FlexProfiles Users

Add the Immidio Flex Profiles.adm to the new created GPO Immidio FlexProfiles Users

I did some settings where to find the ini files and where to save the settings.

Now you have a working roaming profile based on Immidio Flexprofiles. It’s a great tool a im loving it.

It’s works great when you migrate from XP to Windows 7

Enable Windows 7 Features through Group Policy

Posted on July 21, 2010 by Ward

I love Windows 7. But there is one thing a hate about Windows 7.
There is no nice way to enable Windows 7 Features trough Group Policy.

So I created a small visual basis script that i used as a startup script.

It checks if adsnapins.txt exist in the program files files. If exsist do nothing if it don’t exsist enable the feature.

Windows7ADSnapIns.vbs

‘Installeerd Windows 7 AD Management Snapins.
’13-07-2010 Ward Vissers

Set fso = CreateObject("Scripting.FileSystemObject")

If Not (fso.FileExists("C:\Program Files\adsnapins.txt")) Then
    Dim Wsh
    Set wsh = CreateObject("WScript.Shell")
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS-SnapIns", ,1
    fso.CopyFile "\\ad.local\afs\install\Windows7Feature\adsnapins.txt", "C:\Program Files\adsnapins.txt"

End If

Set fso = Nothing

When trying to activate you get 0xC004F074 with description "The Key Management Server (KMS) is unavailable"

Posted on May 25, 2010 by Ward

Error:

The KMS host that is used is very probably a Windows Server 2008 KMS host that cannot standard activate Windows 7 and 2008 R2 machines.

When you do not have Windows Server 2008 R2 KMS host key have then you must have a Volume License agreement so that your request your Windows 7 and Windows 2008 R2 kms keys.

Resolution

Step 1:
-If the KMS host a Windows Server 2003 SP2 machine is you have the update from the KB article KB968915 install and restart the machine.
-If the KMS host a Windows Server 2008 SP2 machine is you have the update from the KB article KB968912 install and start the new machine.
-If the KMS host one Windows Server 2008 R2 machine is you have to install any further update.

Step 2:
You the new KMS host key import now. The commands are as follows:

1. Uninstall KMS license Key on host – slmgr.vbs /upk

2. Install Windows Server 2008 R2 KMS license key – slmgr.vbs /ipk <Your Key>

3. Activate KMS server online: slmgr.vbs /ato

4. Net Stop slsvc

5. Net Start slsvc

The clients can now activate

Ward Vissers

Things About Microsoft & Exchange & VMware

Category Archives: Windows 7