April, 2014

  • Introducing Script Browser - A world of scripts at your fingertips

    To reuse script samples on the Internet, the following steps seem quite familiar to IT Pros: wandering through different script galleries, forums and blogs, switching back and forth between webpages and scripting environment, and countless download, copy and paste operations. But all of these will drive one as dizzy as a goose. Need a simpler way of searching and reusing scripts? Try out the new Script Browser add-in for PowerShell ISE!

    Download Here

    Script Browser for Windows PowerShell ISE is an app developed by Microsoft Customer Services & Support (CSS) with assistance from the PowerShell team and the Garageto save IT Pros from the painful process of searching and reusing scripts. We start from the 9,000+ script samples on TechNet Script Center. Script Browser allows users to directly search, learn, and download TechNet scripts from within PowerShell ISE – your scripting environment. Starting from this month, Script Browser for PowerShell ISE will be available for download. If you are a PowerShell scripter or are about to be one, Script Browser is a highly-recommended add-in for you.

    Nearly 10,000 scripts on TechNetare available at your fingertips. You can search, download and learn scripts from this ever-growing sample repository.

    · We enabled offline searchfor downloaded script samples so that you can search and view script samples even when you have no Internet access.

    You will get the chance to try out another new function bundled with Script Browser - ‘Script Analyzer’. Microsoft CSS engineer managed to use the PowerShell Abstract Syntax Tree (AST) to check your current script against some pre-defined rules. In this first version, he built 7 pilot PowerShell best practice checking rules. By double-clicking a result, the script code that does not comply with the best practice rule will be highlighted. We hope to get your feedback on this experimental feature.

    It is very essential that an app satisfies users’ requirements. Therefore, feedback is of prime importance. For Script Browser, Microsoft MVPs are one of the key sources where we get constructive feedback. When the Script Browser was demoed at the 2013 MVP Global Summit in November and 2014 Japan MVP Open Day, the MVP community proposed insightful improvements. For instance, MVPs suggested showing a script preview before users can decide to download the complete script package. MVPs also wanted to be able to search for script samples offline. These were great suggestions, and the team immediately added the features to the release. We have collected a pool of great ideas (e.g. MVPs also suggested that the Best Practice rules checking feature in Script Analyzer should be extensible). We are committed to continuously improving the app based on your feedback.

    We have an ambitious roadmap for Script Browser. For example, we plan to add more script repositories to the search scope. We are investigating integration with Bing Code Search. We are also trying to improve the extensibility of Script Analyzer rules. Some features, like script sample sharing and searching within an enterprise, are still in their infancy.

    The Script Browser was released in mid-April and

    has received thousands of downloads since it was released a week ago. Based on your feedbacks, today we release the 1.1 update to respond to the highly needed features. The team is committed to making the Script Browser and Script Analyzer useful. Your feedback is very important to us.

    Download Script Browser & Script Analyzer 1.1
    (If you have already installed the 1.0 version, you will get an update notification when you launch Windows PowerShell ISE.)

    1. Options to Turn on / Turn off Script Analyzer Rules

    You can either select to turn on or turn off the rules in the Settings window of Script Analyzer.

    image

    You can also suggest a new Script Analyzer rule or vote for others’ suggestions. Our team monitors the forum closely. Based on your suggestions and votes, we will provide the corresponding Script Analyzer rules in future updates. We are also looking into the capability for you to write your own Script Analyzer rules and plug into the Script Analyzer.

    2. Refined Script Analyzer Rules with Detailed Description

    Thanks to your feedback, we refined the Script Analyzer rules that were released in the version 1.0. We also fixed all rule issues that you reported. Each rule comes with a detailed description, good/bad examples, and supporting documents. Here are the 5 refined rules released in this update. We look forward to learning your feedback.

    Invoke-Expression use should be carefully considered

    Invoke-Expression is a powerful command; it’s useful under specific circumstances but can open the door for malicious code being injected. This command should be used judiciously.

    http://blogs.msdn.com/b/powershell/archive/2006/11/23/protecting-against-malicious-code-injection.aspx

    Cmdlet alias use should be avoided

    Powershell is a wonderfully efficient scripting language, allowing an administrator to accomplish a lot of work with little input or effort. However, we recommend you to use full Cmdlet names instead of alias' when writing scripts that will potentially need to be maintained over time, either by the original author or another Powershell scripter. Using Alias' may cause problems related to the following aspects:

    Readability, understandability and availability. Take the following Powershell command for an example:

    Ls | ? {$_.psiscontainer} | % {"{0}`t{1}" -f $_.name, $_.lastaccesstime}

    The above syntax is not very clear to the novice Powershell scripter, making it hard to read and understand.

    The same command with the full Cmdlet names is easier to read and understand.

    Get-ChildItem | Where-Object {$_.psiscontainer} | ForEach-Object {"{0}`t{1}" -f $_.name, $_.lastaccesstime

    Lastly, we can guarantee that an alias will exist in all environments.

    For more information, please see the linked Scripting Guy blog on this topic.

    http://blogs.technet.com/b/heyscriptingguy/archive/2012/04/21/when-you-should-use-powershell-aliases.aspx

    Empty catch blocks should be avoided

    Empty catch blocks are considered poor design decisions because if an error occurs in the try block, the error will be simply swallowed and not acted upon. Although this does not inherently lead to undesirable results, the chances are still out there. Therefore, empty catch blocks should be avoided if possible.

    Take the following code for an example:

    try
    {
            $SomeStuff = Get-SomeNonExistentStuff
    }
    catch
    {
    }

    If we execute this code in Powershell, no visible error messages will be presented alerting us to the fact that the call to Get-SomeNonExistentStuff fails.

    A possible solution:

    try
    {
             $SomeStuff = Get-SomeNonExistentStuff
    }
    catch
    {
            "Something happened calling Get-SomeNonExistentStuff"
    }

    For further insights:

    http://blogs.technet.com/b/heyscriptingguy/archive/2010/03/11/hey-scripting-guy-march-11-2010.aspx

    Positional arguments should be avoided

    Readability and clarity should be the goal of any script we expect to maintain over time. When calling a command that takes parameters, where possible consider using Named parameters as opposed to Positional parameters.

    Take the following command, calling an Azure Powershell cmdlet with 3 Positional parameters, for an example:

    Set-AzureAclConfig "10.0.0.0/8" 100 "MySiteConfig" -AddRule -ACL $AclObject -Action Permit

    If the reader of this command is not familiar with the set-AzureAclConfig cmdlet, they may not know what the first 3 parameters are.

    The same command called using Named parameters is easier to understand:

    Set-AzureAclConfig -RemoteSubnet "10.0.0.0/8" -Order 100 -Description "MySiteConfig" -AddRule -ACL $AclObject -Action Permit

    Additional reading:

    http://blogs.technet.com/b/heyscriptingguy/archive/2012/04/22/the-problem-with-powershell-positional-parameters.aspx

    Advanced Function names should follow standard verb-noun naming convention

    As introduced in Powershell 2.0, the ability to create functions that mimic Cmdlet behaviors is now available to scripters. Now that we as scripters have the ability to write functions that behave like Cmdlets, we should follow the consistent nature of Powershell and name our advance functions using the verb-noun nomenclature.

    Execute the Cmdlet below to get the full list of Powershell approved verbs.

    Get-Verb

    http://technet.microsoft.com/en-us/magazine/hh360993.aspx

    3. Issue Fixes
    • Fixed a locale issue “Input string was not in a correct format..” when Script Browser launches on locales that treat double/float as ‘##,####’. We are very grateful to MVP Niklas Akerlund for providing a workaround before we release the fix.
    • Fixed the issues (including the error 1001, and this bug report) when some users install the Script Browser.
    • Fixed the issues in Script Analyzer rules

    We sincerely suggest you give Script Browser a try (click here to download). If you love what you see in Script Browser, please recommend it to your friends and colleagues. If you encounter any problems or have any suggestions for us, please contact us at onescript@microsoft.com. Your precious opinions and comments are more than welcome.

    John Marlin
    Senior Support Escalation Engineer
    Microsoft Global Business Support

  • How to Configure MSDTC to Use a Specific Port in Windows Server 2012/2012R2

    My name is Steven Graves and I am a Senior Support Escalation Engineer on the Windows Core Team.  In this blog, I will discuss how to configure MSDTC to use a specific port on Windows Server 2012/2012R2 as this has slightly changed from the way it is configured in Windows Server 2008 R2 in order to prevent overlapping ports.  As a reference, here is the blog for Windows 2008 R2.

    How to configure the MSDTC service to listen on a specific RPC server port
    http://blogs.msdn.com/b/distributedservices/archive/2012/01/16/how-to-configure-the-msdtc-service-to-listen-on-a-specific-rpc-server-port.aspx

    Scenario

    There is a web server in a perimeter network and a standalone SQL Server (or Clustered SQL Server instance) on a backend production network and a firewall that separates the networks. MSDTC needs to be configured between the web server and backend SQL Server using a specific port in order to limit the ports opened on the firewall between the networks.

    So as an example, we will configure MSDTC to use port 5000.

    There are two things that need to be configured on the frontend web server to restrict the ports that MSDTC will use.

    • Configure the ports DCOM can use
    • Configure the specific port or ports for MSDTC to use

    Steps

    1. On the web server launch Dcomcnfg.exefrom the Run menu.

    2. Expand Component Services, right click My Computer and select Properties

    clip_image002

    3. Select the Default Protocols tab

    clip_image004

    4. Click Properties button

    clip_image006

    5. Click Add

    6. Type in the port range that is above the port MSDTC will use. In this case, I will use ports 5001-6000.

    7. Click OK back to My Computer properties window and click OK.  Here is the key that is modified in the Registry for the ephemeral ports.

    clip_image008

    8. Start Regedt32.exe

    9. Locate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC

    10. Right click the MSDTC key, select New and DWord (32-bit) Value

    11. Type ServerTcpPort for the key name

    12. Right click ServerTcpPort key and select Modify

    13. Change radio button to Decimal and type 5000 in the value data, click OK.  This is how the registry key should look

    clip_image010

    14. Restart the MSDTC Service (if stand-alone) or take the MSDTC Resource offline/online in Failover Cluster Manager if clustered.

    To confirm MSDTC is using the correct port:

    1. Open an Administrative command prompt and run Netstat –ano to get the port and the Process Identifier (PID)
    2. Start Task Manager and select Details tab
    3. Find MSDTC.exe and get the PID
    4. Review the output for the PID to show it is MSDTC

    clip_image012

    Now DTC will be using the port specified in the registry and no other processes will try to use the same port thus preventing an overlap of ports.

    Steven Graves
    Senior Support Escalation Engineer
    Microsoft Core Support

  • Removing .NET Framework 4.5/4.5.1 removes Windows 2012/2012R2 UI and other features

    This is Vimal Shekar and Krishnan Ayyer from the Windows Support team. Today in this blog, we will be discussing about an issue that we are seeing increasingly being reported in support. We will look at the effects of removing .Net Framework from a Windows Server 2012/2012 R2 installation.

    Windows Server 2012 includes .NET Framework 4.5 and Windows Server 2012 R2 includes .NET Framework 4.5.1. The .NET Framework provides a comprehensive and consistent programming model to build and run applications (including Roles and Features) that are built for various platforms. Windows Explorer (Graphical Shell), Server Manager, Windows PowerShell, IIS, ASP .NET, Hyper-V, etc, are all dependent on .NET Framework. Since there are multiple OS components dependent on .Net Framework, this feature is installed by default.  Therefore, you do not have to install it separately.

    It is not recommended to uninstall .NET Framework.  In some given circumstances, there may be a requirement to remove/re-install .Net Framework on Windows Server 2012/2012 R2.

    When you uncheck the .NET Framework 4.5 checkbox in the Remove Roles/Features Wizard of Server Manager, Windows will check all roles/features that may also be installed as it would need to be removed as well..  If there are other roles or features dependent on .NET Framework, those would be listed in this additional window.

    For Example:

    image

     

    If you read through the list, the components that are affected by this removal are listed as follows:

    1. .NET Framework 4.5 Features
    2. RSAT (Remote Administration Assessment Toolkit) which includes Hyper-V Management tools and Hyper-V GUI,
    3. User interfaces and Infrastructure, which includes Graphical Management Tools and Infrastructure Server Graphical Shell (Full Shell and min Shell),
    4. PowerShell which will remove complete PowerShell 4.0 and ISE

    The list of components may differ depending upon the Roles and Features installed on the Server machine.  If you were to use DISM.EXE commands to remove .Net Feature, you may not even see such a list.  If you were to use PowerShell to remove .Net feature using the following command, you will not get the list.

    Uninstall-WindowsFeature Net-Framework-45-Features

    If you were to use Remove-WindowsFeature PowerShell cmdlet, you can add the –whatifswitch to see the list of features that would also be impacted.

    Remove-WindowsFeature Net-Framework-45-Features –WhatIf

    Unfortunately, we all get in a hurry sometimes and we do not read through the list and click “Remove Features”. If you notice – the “Server Graphical Shell” and “Graphical Management Tools and Infrastructure” are part of the features being removed.

    Here is a sample output from running Remove-WindowsFeature Net-Framework-45-Features -WhatIf. Again you will see that removing .Net Framework will effectively also remove the following:

    clip_image005

    The two key features that I wanted to point out are:

    [User Interfaces and Infrastructure] Server Graphical Shell

    [User Interfaces and Infrastructure] User Interfaces and Infrastructure

    As stated earlier, this will leave the server without a graphical shell for user interaction. Only the command prompt will be available post reboot.

    If you get into this situation, run the below commands in the Server Core’s command prompt window to help you recover:

    DISM.exe /online /enable-feature / all featurename:NetFx4
    DISM.exe /online /enable-feature /all featurename:MicrosoftWindowsPowerShell

    The above commands will re-install .Net 4.0 and PowerShell on the server. Once PowerShell is installed, you can add the Graphical Shell (Windows Explorer) using the following command:

    Install-WindowsFeature Server-Gui-Shell, Server-Gui-Mgmt-Infra

    Once the GUI Shell is installed, you will need to restart the server with the following command:

    Restart-Computer

    NOTE:

    Remove-WindowsFeature and Uninstall-WindowsFeature are aliases.  The -whatif command shows what would occur if the command was run but does not execute the command.. 

    We hope this information was helpful.

    Vimal Shekar
    Escalation Engineer
    Microsoft Support

    Krishnan S Ayyer
    Technical Advisor
    Microsoft Support

  • What’s New in Windows Servicing: Service Stack Improvements: Part 3

    Servicing Stack improvements in KB2821895 for Windows 8, and How its assists the upgrade to 8.1?

    My name is Aditya and I am a Sr. Support Escalation Engineer for Microsoft on the Windows Core Team. This blog is a continuation of the previous Servicing Part 1. So to understand this blog better, it is recommended that one reads the previous blog post.  As mentioned in the previous, this is a 4 part Blog series on Windows Servicing.

    What’s New in Windows Servicing: Part 1
    What’s New in Windows Servicing: Reduction of Windows Footprint : Part 2
    What’s New in Windows Servicing: Service Stack Improvements: Part 3

    This feature will back port Windows 8.1 features that reduce the disk footprint of the component store. Any freed space will be reserved for system use in upgrading to Windows 8.1.

    As from the last blog, we discussed about the hard work put in by our Core Deployment Platform (CDP) team in terms of reducing the amount of free disk space required for small footprint devices. Even with these reductions, an upgrade requires at least 5 GB of free space.

    To further reduce the perceived amount of space required, a Servicing Stack Update (SSU) for Windows 8 has been created that back ports Windows 8.1 Component Store Footprint Reduction features. It also introduces the maintenance task for controlling the footprint reductions and a set of Deep Clean operations. Any space freed by the maintenance task will be reserved for use by the Windows 8.1 upgrade process.

    The below features were targeted for the down-level port:

    1. Delta compression of the Component Store

    2. Deep Clean, uninstall of superseded GDR packages

    The features are used by the maintenance task to scavenge disk space. In addition to back porting these features, the servicing stack update must reserve free space for upgrade to Windows 8.1 Client. As we do not encourage upgrades of Windows Server 2012, this feature cannot reserve space on server SKUs, it is only for the Client SKU’s.

    When we install Windows 8 (32bit), on a machine, and the check the size of the WINSXS, folder, we should see something like as shown in figure 1:

    image

    When we perform Windows Update for the first time, on the machine via the Control Panel Applet, we should have about 84 updates, which come up to about 515mb, as shown in figure 2:

    image

    After the reboot of the machine the WINSXS, folder sees a little growth in size, which is about 2gb, as shown in Figure 3:

    image

    Looking at the amount of space that has been taken up, after applying Windows Update, we should download and apply the update KB2821895.

    image

    After the update is installed, a maintenance task will run weekly and continue to reclaim disk space up to the time the machine is upgraded to Windows 8.1. It creates a temporary file equal to size of space saved by delta compression during the reduction of the footprint. This file is hidden and marked as OS file so, that it is not easily visible.

    Location of reserve file is:
    %windir%\winsxs\reserve.tmp
    clip_image006

    The size of this file is saved to registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Configuration\[reserve]”.This value is used to determine if the reserve file was created on machine and then deleted.

    clip_image008

    Note: Only Windows 8 SKUs that are capable of being upgraded through the Microsoft Store will have space reserved in the temp file.

    During the Windows 8.1 store upgrade process, this file is deleted and the reclaimed disk space becomes free space which should ensure a successful upgrade to Windows 8.1.

    New to WIN8.1 and Windows Server 2012 R2

    Smart Pending Logic

    This feature allows updates that do not require reboot to install immediately and does not require them to merge with updates being installed that require a reboot. It also decrease the time it takes to install updates during reboot since only the updates that require a reboot would be installed at that time.

    Currently, when multiple updates are being applied to a system and one or more of the updates requires a reboot, all updates after the “first update that requires reboot” are installed during the reboot process.

    In the current servicing stack design, Windows Servicing Stack passes a flag to the Servicing Infrastructure to pend the installation of a package if:

    • Any package is already pended
    • Pending.xml exists
    • PendingRequired flag is set in the Servicing Infrastructure store

    The limitations with this design are:

    • After the packages are merged together and installation is attempted during reboot, failure caused by any one of those updates causes a failure for all other updates.
    • Our teams that design their components for reboot-less updating cannot gain any benefit of their design because of limitation in stack itself.
    • Because all pended updates are installed during machine reboot, the number of updates pended determines the non-interactive user time while installing the updates.

    The current design that we have in Windows 8 and Server 2012, looks something like this:

    image

    With this new feature, Windows Servicing Stack would not check to see if a reboot is pending and will always try to install the update completely. The operational flow of the new design looks like this:

    image

     

    In Windows 8.1 and Server 2012 R2, updates that don’t require a reboot would be completely installed and only those that require a reboot are pended for installation during reboot. Smart pending logic applies to online servicing operations only.

    Smart Pending exceptions:

    The following types of packages are not going to be smart pended due to performance and reliability reasons:

    • Large packages, such as a service pack or language pack.
    • Special packages that cannot be merged with other packages.
    • Servicing stack updates.

    Below diagram describes

    image

    I hope this blog would have helped in understanding the changes made to Windows 8 OS and the new features added to the Windows 8.1 OS, especially with the Smart Logic put in to make sure that we save more drive space.

    The next blog in the series we would be discussing about the automated maintenance tasks to check for system file corruption, file system health, cleaning up unused drivers etc.?? Till then happy reading….

    Aditya
    Senior Support Escalation Engineer
    Microsoft Platforms Support

  • An Update about the Windows 8.1 Update

    Hi everyone, David here. Today over at the Springboard series blog we announced some important news that applies to anyone who has been trying to roll out the Windows 8.1 update in an enterprise environment. We don’t usually do announcements about ...read more
  • Managing the Store app pin to the Taskbar added in the Windows 8.1 Update

    Warren here, posting with more news regarding the Windows 8.1 Update. Among the many features added by Windows 8.1 Update is that the Store icon will be pinned to the users taskbar when users first logon after updating their PC with Windows 8.1 Update ...read more
  • What's New in the Windows 8.1 Update

    Hello AskPerf Readers! Henry Chen here from the Devices & Deployment team. Today, I would like to spend some time highlighting some of the user experience changes in the shell for Windows 8.1 Update.

    Windows 8.1 Update introduces numerous enhancements to the Desktop experience for mouse and keyboard users.

    Start Screen

    For mouse users, when right clicking anywhere on the Start Screen, a context menu will now appear in replacement of the command bar. The context menu provides the same options as what the command bar. Some of these commands are tile resizing, enable/disable live tile, and uninstall the application.

    For devices with a screen larger than 8.5" and are not connected standby capable, Power and search controls can now accessible from the Start screen. For other devices, only the search control is available.

    clip_image004

    Pin Apps to Taskbar

    Users can now pin modern apps to the taskbar with the exception of modern Internet Explorer. Users can block this setting by unselecting "Show Windows Store apps on the taskbar" from the Taskbar and Navigation properties.

     clip_image006

    Access taskbar from anywhere

    When you are using a mouse, you can see the taskbar from any screen, including Start or a Windows Store app. Move your mouse pointer below the bottom edge of the screen to show the taskbar and then click an app to open or switch to it.

    clip_image009

    Modern App User Interface (UI)

    Your mouse works more consistently anywhere in Windows. When moving the mouse to the top of the screen, the close and minimize buttons will appear from within Windows Store apps.

    For devices that are touch enabled, users will continue to use the close gesture (From top edge, tap and hold dragging to bottom of the screen for a few seconds).

    clip_image012

    These are just some of the user experience changes available in Windows 8.1 Update. Let us know what you think or if you have any questions regarding these changes.

    Enjoy!

    For more information and to view the complete list of new features, check the following links:

    What’s new in Windows 8.1 Update and Windows RT 8.1 Update?

    Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update April, 2014

    -Henry

  • Options for Managing Go to Desktop or Start after Sign in in Windows 8.1

    Hi, David here. Over the past year we’ve gotten a lot of feedback from our customers about the pain of changing from older versions of Windows over to Windows 8 and Windows 8.1. While it’s a great OS with a lot of compelling features, it’s ...read more