Tag Archives: Microsoft Windows

Create A Dedicated Account To Join Computers To A Domain

This is a quick post to describe the process of creating a dedicated account for joining machines to an Active Directory (AD) domain.  This is useful for things like System Center Configuration Manger task sequences and System Center Virtual Machine Manager templates.

First create a standard Windows user account.  Next, right-click on the Computers Organisation Unit (OU) within your AD domain.  From the menu choose Delegate Control…

DJA1

 

On the next screen (Users or Groups) choose Add and select the user account you just created.  Click Next.  Choose “Create a custom task to delegate” on the next screen.

DJA2

 

Next, choose to only delegate control to computer objects and tick Create and Delete selected objects in this folder.  Click Next.

DJA3

 

On the next screen choose to show general permissions and from the list select:

  • Reset password
  • Read and write account restrictions
  • Validated write to DNS host name
  • Validated write to service principal name

DJA4

Click Next and finish to complete the wizard.  Repeat this process for any other OUs where you’ll be joining computers to the domain.

Advertisements

Adding Domain Users To The Local Administrators Group Using Group Policy

Adding AD users to the local administrators group on multiple computers is simple using Group Policy.  In this post I’ll describe the process.

Create a fresh group policy object (GPO) and link it to a test Organisation Unit (OU).  Add a test server to the OU.

Open the GPO and navigate to Computer Configuration -> Policies -> Windows Settings   -> Security Settings -> Restricted Groups.

RestrictedGroups1

 

Right click and choose Add Group.  If you want to add users to the local administrators group enter Administrators.  In the next window under “Members of this group:” click Add and choose the users to add to the local administrators group.  Note that any users that are currently in the local administrators group will be removed and replaced with the users you select here.  If that is what you want click OK and close the GPO.

RestrictedGroups2

The second method allows you to add an AD security group to the local administrators group.  This process is additive and users and groups that are currently in the local administrators group are untouched.

Navigate to Restricted Groups as previous, right click and choose Add Group.  This time enter the name of the AD security group you wish to add to the local administrators group.  Click Ok and on the next screen in the “This group is a member of:” section click Add.  Enter Administrators to add the group to the local administrators group. Click OK and close the GPO to save changes.  You can add additional users to the domain group and they will automatically be part of the local administrators group on servers that apply the GPO.

System Center Data Protection Manager 2012 R2 Operating System Support

As part of the planning stage for a System Center Data Protection Manager (SCDPM) 2012 R2 upgrade I found the support matrix for SCDPM 2012 R2.  The matrix shows that support for Windows Server 2003 and 2008 has been removed in the 2012 R2 release.

As I manage some SQL Servers that are running on Windows Server 2003 and 2008 I investigated the upgrade options.  Below is a short summary of the latest Windows OS version that is supported on various versions of SQL Server:

SQL Server 2005 supports up to Windows Server 2008 R2 as long as at least SQL 2005 SP3 is installed.

SQL Server 2008 supports Windows Server 2012 R2 as long as at least SQL 2008 SP3 is installed.

SQL Server 2008 R2 supports Windows Server 2012 R2 as long as at least SQL 2008 SP2 is installed.

SQL Server 2012 supports Windows Server 2012 R2 as long as at least SQL 2012 SP1 is installed.

Useful links:

Known issues installing SQL Server on Windows 7 or on Windows Server 2008 R2

Using SQL Server in Windows 8, Windows 8.1, Windows Server 2012 and Windows Server 2012 R2 environments

Adobe Flash Deployment and Patching Using System Center Configuration Manager 2007 R2

In this post, I’ll go through the process to deploy and update Adobe Flash using System Center Configuration Manager 2007 R2 (SCCM) and a simple batch file.

If you don’t have a license to distribute Adobe Flash, apply for one here http://www.adobe.com/products/players/flash-player-distribution.html.  It’s a simple process and gives you access to the offline msi installations of Adobe Flash.

Once you have your software distribution license for Adobe Flash, download the msi installer for the latest version of Flash and store it on a share.  Ensure all users have read access to this share as the installation will run from here.

In the same share create a batch file.  In this example I’ve called the batch file InstallAdobeFlash.cmd.  Create another text file in the same location called mms.cfg.  This file will be used to disable automatic Adobe Flash updates.  Your share should look something like this.

Flash1

Edit mms.cfg and add the following two lines to disable auto updates:

AutoUpdateDisable=1
SilentAutoUpdateEnable=0

The Adobe Flash msi updates any existing installations, so the deployment and update process is simple.  Edit InstallAdobeFlash.cmd and add the lines below, updating the share path for your environment.  The batch file silently updates Adobe Flash to the latest version and copies the mms.cfg file to the appropriate location depending upon whether the computer is 32, or 64 bit.

If Not Exist %WINDIR%\SysWow64\Macromed\Flash GoTo 32Bit

:64Bit
msiexec /i \\ServerShare\SoftwareDistribution\Packages\Adobe_Flash\install_flash_player_11_active_x.msi /qn
copy \\ServerShare\SoftwareDistribution\Packages\Adobe_Flash\mms.cfg %WINDIR%\SysWow64\Macromed\Flash /y

:32Bit
msiexec /i \\ServerShare\SoftwareDistribution\Packages\Adobe_Flash\install_flash_player_11_active_x.msi /qn
copy \\ServerShare\SoftwareDistribution\Packages\Adobe_Flash\mms.cfg %WINDIR%\System32\Macromed\Flash /y

Now setup a standard software package in SCCM to run the batch file.  On the program properties, choose to run Hidden and take no action after running.  From the Environment tab ensure the program can run Whether or not a user is logged on and Run with administrative rights.  I also Suppress program notifications on the Advanced tab.

Flash2 Flash3 Flash4

In order to update Adobe Flash when a new version is released, download the latest msi.  Copy it to the installation share, overwriting the previous version’s msi.  I then enable the advertisement to re-run every time and re-run the advertisement to deploy the latest update.  To do this, right-click on the advertisement and choose properties, go to the schedule tab, change Program rerun behavior to “Always rerun program”.  Click Ok, then right-click on the advertisement and choose Re-run Advertisement.

Flash5

Disk Cleanup Is Missing On Windows Server 2008 R2

Windows Server 2008 R2 doesn’t include the Disk Cleanup tool by default.   Either install the Desktop Experience feature, which requires a reboot, or copy

C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe

to

%systemroot%\System32

and

C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b9cb6194b257cc63\cleanmgr.exe.mui

to

%systemroot%\System32\en-US

To start Disk Cleanup type cleanmgr.exe at the command prompt.

In Place Upgrade Of Windows Server Standard To Enterprise Or Datacenter Edition

If you need to upgrade a server running Windows Server Standard to either the Enterprise, or Datacenter editions, it’s possible to do so online, without re-installing Windows.

Open an elevated command prompt and type DISM /Online /Get-CurrentEdition.  This will return the current Windows version.

Type DISM /Online /Get-TargetEditions to list the Windows editions to which this server can be upgraded.

If you type DISM /Online /Set-Edition:ServerDataCenter you’ll get the message in the screenshot below.  This is because even if you’re using a KMS server for internal activation, you have to provide a product key.  Fortunately, Microsoft have a page that lists the KMS client setup keys http://technet.microsoft.com/en-us/library/ff793421.aspx.  On this page you can find keys for multiple Windows Server versions.

Typing DISM /Online /Set-Edition:ServerDataCenter /ProductKey:xxxxxx will upgrade the operating system.  All that’s required to complete the upgrade is a reboot.