Saturday, February 20, 2016

Remote connect to Windows PE with VNC

A few years ago, I came across this neat trick while trying to upgrade my WD Sentinel DX4000 from Windows Storage Server 2008 R2 Essentials to Windows Server 2012 R2 Standard. The challenge in this was that the DX4000 is a headless system. To interact with the DX4000, someone came up with the good idea of injecting a TightVNC server into the Windows PE boot media of the installation. You could then interact with the installation from a remote computer. In this guide, we are going to show you how you do that.

To see the original article about installing Windows Server 2012 onto a WD Sentinel DX4000, click here.

Download and install TightVNC


The first step is to download TightVNC from http://www.tightvnc.com and install it onto a reference computer. We're using the 64-bit version of TightVNC 2.7.10 for this guide. Perform a Complete install of TightVNC accepting any defaults. When prompted to set a password for our TightVNC server, we have chosen not to use a password for the purpose of this guide.


After installing TightVNC, the next step is to configure your TightVNC server with all the settings you want and then open up the registry to HKLM\SOFTWARE\TightVNC\Server.

Export that key to a file called TightVNCServerSettings.reg and save the file to the installation directory of TightVNC, C:\Program Files\TightVNC. Your .reg file should look similar to the following.
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server]
"ExtraPorts"=""
"QueryTimeout"=dword:0000001e
"QueryAcceptOnTimeout"=dword:00000000
"LocalInputPriorityTimeout"=dword:00000003
"LocalInputPriority"=dword:00000000
"BlockRemoteInput"=dword:00000000
"BlockLocalInput"=dword:00000000
"IpAccessControl"=""
"RfbPort"=dword:0000170c
"Hotpot"=dword:000016a8
"DisconnectAction"=dword:00000000
"AcceptRfbConnections"=dword:00000001
"UseVncAuthentication"=dword:00000000
"UseControlAuthentication"=dword:00000000
"RepeatControlAuthentication"=dword:00000000
"LoopbackOnly"=dword:00000000
"AcceptHttpConnections"=dword:00000001
"LogLevel"=dword:00000000
"EnableFileTransfers"=dword:00000001
"RemoveWallpaper"=dword:00000001
"UseMirrorDriver"=dword:00000001
"EnableUrlParams"=dword:00000001
"AlwaysShared"=dword:00000000
"NeverShared"=dword:00000000
"DisconnectClients"=dword:00000001
"PollingInterval"=dword:000003e8
"AllowLoopback"=dword:00000000
"VideoRecognitionInterval"=dword:00000bb8
"GrabTransparentWindows"=dword:00000001
"SaveLogToAllUsersPath"=dword:00000000
"RunControlInterface"=dword:00000001
"VideoClasses"=""

Download and install the Windows Assessment and Deployment Kit (ADK)


Windows PE is a part of the Windows Assessment and Deployment Kit (ADK). For this exercise, we're using Windows ADK for Windows 10. You can download Windows ADK for Windows 10 from here.

Run adksetup.exe. When you get to the part where you select the features you want to install, select Deployment Tools and Windows Preinstallation Environment (Windows PE). We only need these components for this exercise.


Create the Windows PE image and inject TightVNC


Run the Deployment and Imaging Tools Environment command prompt as an administrator. The shortcut should be in your Start menu after you install ADK.


Using the following article as a guide to create and mount a Windows PE image. We're using the 64-bit for our example.

Step 1. Create your Windows PE image with the working directory C:\WinPE_amd64.
copype amd64 C:\WinPE_amd64

Step 2. Mount your Windows PE image so that it can be edited.
Dism /Mount-Image /ImageFile:C:\WinPE_amd64\media\sources\boot.wim /Index:1 /MountDir:C:\WinPE_amd64\mount

Step 3. Copy the installation directory of TightVNC, C:\Program Files\TightVNC with the .reg file we created earlier in it to C:\WinPE_amd64\mount\Program Files\.


Step 4. Configure TightVNC to start up automatically in your Windows PE image by editing C:\WinPE_amd64\mount\Windows\System32\startnet.cmd in notepad. Add the following lines to startnet.cmd. This is a quick and dirty method.
%WINDIR%\System32\wpeutil.exe InitializeNetwork
%WINDIR%\System32\wpeutil.exe DisableFirewall
%WINDIR%\regedit.exe -s "%SYSTEMDRIVE%\Program Files\TightVNC\TightVNCServerSettings.reg"
"%SYSTEMDRIVE%\Program Files\TightVNC\tvnserver.exe" -install -silent
"%SYSTEMDRIVE%\Program Files\TightVNC\tvnserver.exe" -start -silent

Step 5. Unmount and save your Windows PE image.
Dism /Unmount-Image /MountDir:C:\WinPE_amd64\mount /Commit

Step 6. Once your Windows PE image is saved and unmounted, create your Windows PE media using the command MakeWinPEMedia. Below is an example for a USB drive on D:\.
MakeWinPEMedia /ufd C:\WinPE_amd64 D:

Boot Windows PE and remote in


Test your TightVNC enabled Windows PE boot media by booting a computer with your Windows PE boot media. On another computer on the same network, connect to your Windows PE machine with TightVNC viewer. You'll need the IP address of the Windows PE computer. How you work this out, we'll leave up to you.

Wednesday, February 10, 2016

Introduction to Operating System Deployment (OSD)

Operating System Deployment (OSD) is the practice of creating, maintaining, configuring and deploying operating system images usually to a large groups of computers in an organisation. In the past, the objective was to create a Standard Operating Environment (SOE) where the software is standardised in an organisation as much as possible. Increasingly more common nowadays is the practice of customising operating system deployments on-the-fly to cater to an individual's or group's need in an organisation.

In this article we are going to look at some of the tools available to the Windows administrator for OSD and to cover off some of the basic terminology used in this practice.

Windows Deployment Services (WDS)


Windows Deployment Services (WDS) is a server role that is included in the server editions of Windows. When deployed, it allows you to deploy Windows over a network to Preboot Execution Environment (PXE) enabled clients.


WDS is a full deployment solution however it does not have the ability to create or edit operating system images. Administrators have to do this manually using other tools such as the Deployment Image Servicing and Management (DISM) tool or the Microsoft Deployment Toolkit (MDT) before importing the image into WDS for deployment.

Deployments are initiated by configuring the PXE client to perform a network boot. During the network boot, a boot image running Windows PE is downloaded from WDS to the client and is used to perform the Windows install. Resources for a WDS deployment are stored on the WDS server.

Microsoft Deployment Toolkit (MDT)


The Microsoft Deployment Toolkit (MDT) is a set of free tools that can be downloaded from Microsoft to assist you in OSD and is often used in conjunction with Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM). One of MDT's best features is the use of task sequences to create and deploy operating system images. Task sequences allow you to specify what happens on a step-by-step basis during an operating system deployment.


MDT also introduces the Windows administrator to the practice of building and capturing a reference image for OSD. The purpose of the captured reference image is to create a standard or baseline for all other deployments. To cater for a particular individual or group need, all the Windows administrator would need to do is deploy the captured reference image using a customised task sequence for that particular individual or group. This minimises the need to maintain different operating system images for different purposes. All there would be is different task sequences. Task sequences are a lot easier to create and maintain.

Although MDT can deploy operating systems, it is not often implemented as a deployment solution by itself as MDT deployments have to be initiated by using boot media. MDT does not have a mechanism to deliver boot images over a network. This is why MDT is often used in conjunction with WDS or SCCM.

When MDT is used on its own or in conjunction with WDS, resources for a MDT deployment is stored in a network share called the Deployment Share. We recommend setting up this share on the WDS server. When used with SCCM, resources for deployment are stored on targeted SCCM distribution points.

System Center Configuration Manager (SCCM)


System Center Configuration Manager (SCCM), also just simply known as Configuration Manager is just one of many products from the Microsoft System Center suite. Configuration Manager is a systems management solution designed to manage large groups of computers. OSD is just one of Configuration Manager's many capabilities.


OSD with Configuration Manager is similar to MDT in that they both employ the use of task sequences for deployment. Unlike MDT, Configuration Manager by itself is a full deployment solution. Operating system deployments with Configuration Manager can be initiated by boot media, PXE boot and if the environment is configured correctly, the Configuration Manager server itself. This ability to deploy an operating system without the need for a Windows administrator to physically initiate it on the target computer is the basis for Zero Touch.

The other part to Zero Touch is fully automating the workflow so that there is absolutely no user interaction at all during the operating system deployment. When using Configuration Manager alone to accomplish this, anything beyond a simple workflow will require heavy scripting. This is why MDT is often integrated into Configuration Manager. Integrating MDT makes available all the Microsoft made scripts in MDT for Zero Touch Installation (ZTI) in Configuration Manager.

Integrating MDT with Configuration Manager also makes available another installation type, User Driven Installation (UDI). UDI is a user friendly wizard-based approach to operating system deployment and is designed to be used by the end-user. One of the advantages of UDI is the ability to customise the operating system deployment, allowing for example the user to select what applications get installed or whether or not, their data is migrated. ZTI is more suitable to standardise environments.

Resources for operating system deployments in Configuration Manager are stored on targeted distribution points.

Windows Assessment and Deployment Kit (Windows ADK)


The Windows Assessment and Deployment Kit (Windows ADK) is another free toolkit from Microsoft to assist you in deploying Windows. Windows ADK is actually a prerequisite to installing MDT and SCCM. There are two types of tools included in Windows ADK, assessment tools and deployment tools.


The features most commonly installed for OSD in the Windows ADK are, Deployment Tools, Windows Preinstallation Environment (Windows PE) and User State Migration Tool (USMT).

Tuesday, February 2, 2016

WD Sentinel DS6100: Supporting Time Machine

One of the features of the WD Sentinel DS6100 running Windows Server 2012 R2 Essentials is that is supports Time Machine out of the box. Time Machine is a very user friendly backup solution for users running Max OS X on your network. They will need a user account on your domain to access this feature.

The default location for Time Machine backups on your server is D:\ServerFolders\TimeMachine. If you attempt to move the folder, you may have noticed that it doesn't appear in your Windows Server Essentials Dashboard.


Moving the Time Machine Folder


Moving the Time Machine folder required a bit of trial and error on my part. It is not something supported by Western Digital. Regardless I'm going to show you how I did it on my sever.

Step 1. Go to the new location on your server and create a folder called TimeMachine or copy it from your old location.


Step 2. Open services.msc and stop the services Western Digital AFP Support Service (WDAfpSupportService) and Western Digital Bonjour Service (WDBonjourService). You may also need to open the Task Manager and kill any associated processes.

Step 3. Open regedit.exe and using the Find and Find Next features, find all instances in your registry that references the old location (D:\ServerFolders\TimeMachine) and change it to your new location. In our example we have changed to E: drive.


Step 4. Open services.msc again and restart the services Western Digital AFP Support Service (WDAfpSupportService) and Western Digital Bonjour Service (WDBonjourService). It may also be a good idea to restart your server.

Step 5. The folder should have been moved now. Check by attempting to use Time Machine on a Mac on your network. To help troubleshoot errors, you can look at the Event Viewer for events generated by ExtremeZ-IP.

ExtremeZ-IP is the third-party tool Western Digital used to provide Apple Mac support on the DS6100.