I am currently on an Operations Manager 2007 project and it's been a lot of fun so far. One of the new concepts of Operations Manager 2007 is that any change made to the provided management packs are done through the use of Overrides. Overrides were very difficult to manage and create in MOM 2005 but they are really simple to implement and change in Operations Manager 2007. By default all Overrides are placed in a separate Management Pack called Default Management Pack. This allows all of your custom settings to be mainted when upgrading your Management Packs.
Opeations Manager 2007 also has a great number of commands available to manage the product through Windows Powershell. One of the commands that I found this week is called get-override. After playing with this command a bit I found that I could run this simple command to give me a list of all of the overrides I have configured:
get-managementpack | get-override | format-list name,parameter,value
This will output a list of all of the overrides from all of the management packs that are installed giving me the name of the Override, the parameter that was changed, and the value of that changed parameter.
Have you started testing Operations Manager 2007 yet? If not sign up today for the beta at http://connect.microsoft.com!
One of the cool features of IE7 is that you can easily add any new search provider to your search bar. I use myITforums Forums search quite a bit when finding answers to problems to I created my own search provider for searching their forums.
To do this go to this page:
http://www.microsoft.com/windows/ie/searchguide/en-en/default.mspx#
On the right hand side their will be instructions for creating your own search provider. In step 3, past the following URL:
http://www.myitforum.com/forums/searchpro.asp?phrase=TEST&author=&forumid=ALL&topicreply=both&message=body&timeframe=%3E&timefilter=0&language=single&top=300&criteria=AND&minRank=0&sortMethod=r&submitbutton=+OK+
In step 4, name it something like myITForum Forums and then click on Install in Step 5.
Now you have a new search provider listed in the drop down box that will search the myITforum's Forums!
Rod and Ron, you all should download this XML file and put it on your site!
Tim
I will be posting over the next few months about all of the new management features in Vista. It is easy to say that Vista will be the most "management" friendly OS that we have released to date.
To get you started you should really watch the webcast on some of the new Group Policy features in Vista available here: http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032292773&EventCategory=5&culture=en-US&CountryCode=US
There are over 700 new policy settings in Vista and it can be a little overwhelming when you first load up the GPMC and look through all the settings. You can download the settings reference guide here:
http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=41dc179b-3328-4350-ade1-c0d9289f09ef&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2f5%2fa%2f9%2f5a97f495-51b1-433a-b5c4-976a61391f71%2fVistaGPSettings.xls
If you are new to managing the new ADMX format with Vista you should really read through the Step by Step Guide to Vista Group Policy. You can download and read through it here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=311f4be8-9983-4ab0-9685-f1bfec1e7d62&DisplayLang=en
The Windows Automated Installation Kit (WAIK) is now available for download. This download includes the much anticipated Windows PE 2.0 which is the primary installation delivery method of Windows Vista.
I have been using the WAIK for several months now and it is a huge improvement over the days of the sysprep.inf, unattend.txt, etc. Now you just have to configure one file, the unattend.xml.
The install for WAIk includes the Windows System Image Manager which allows you to create the unattend.xml. You can use the unattend.xml to customize not only your Windows Vista installation but also customize your Windows PE 2.0 boot process.
Other great tools that are included are imagex, our new imaging tool with that allows you to create a WIM file. You can easily create WIM files with both Windows XP or Vista so you don't have to wait until deploying Vista to take advantage of the new tools.
The Windows Deployment Service (WDS), is also included in the WAIK. WDS is a replacement for RIS and allows PXE booting to a Windows 2003 server. You can take your custom WIM file created with imagex and deploy it with WDS.
The help files are outstanding and the Windows System Image Manager has competely integrated help so you can click on any item and hit the F1 key and find great reference information.
Download and start playing with WAIK today at:
http://www.microsoft.com/downloads/details.aspx?FamilyID=7e5752f7-4e64-474f-9069-d2694eff2245&DisplayLang=en
In case you are not aware, you can use Powershell to manage many aspects of Operations Manager 2007. The Shell team for OM 2007 has started a blog and has a nice introduction to the new tool(s) here: http://blogs.msdn.com/scshell/
Wow it has been a long time since I've posted anything. I have been heads down getting my customers ready to deploy Vista in their environments. There was so much information to keep track of on what we could and could not share, I just decided to keep quiet until everything had been made public. Well now that we have RTM'd Vista I am free to talk!
So one of the most challenging items for my customers during the Vista Beta was running the Windows 2003 Administration tools on Windows Vista. There were many "hacks" out there that seemed to work by modifying the MSI using Orca or another tool, however with Vista RTM our story is much better.
Vista RTM includes an application compatibility shim that will allow the Windows 2003 Admin Tools (Adminpak) to install on Vista! This requires no modification of the MSI.
One thing to note after testing is that Active Directory snap-ins do not seem function immediately after the install. However, this is easily rectified by registering the following DLL's. , ADprop.dll and DSadmin.dll So once you install the Adminpak go to a command prompt and type
regsvr32 adprop.dll
and
regsvr32 dsadmin.dll
Once you register those DLL's the adminpak seems to work fine. Please leave a comment if you find any more issues using the Adminpak.
This solution probably isn't entirely supported but seems to work.
Thanks for reading!
*UPDATE*
The official supported method of getting the Adminpak working can be found here: http://support.microsoft.com/default.aspx/kb/930056
Wow what a week this has been. In the past week we have released Windows Vista RC1 including the new WAIK tools, and USMT 3.0 RC1. You can download both from connect.microsoft.com if you have access. You should also be able to download Vista RC1 from MSDN.
This next few weeks promises to be even more exciting as we are expecting to release the Beta 2 TR of the Office 2007 system, and the next build of BDD 2007 and an update to the Application Compatibility Toolkit.
So if you haven't already started testing these products now is the time to do it! The builds are stable enough to use in a production environment. Feel free to share your experiences with these tools and Vista in the comments.
I'm not sure how I missed this one but the update for the Motorola Q is now available. This update includes the much anticipated Security Update which allows True Exchange 2003 push. Motorola has also included easier support for tethering your Q to your laptop or PC.
You can download the update from here:
http://direct.motorola.com/hellomoto/motosupport/source/SoftwareUpdateSummary.asp?country=&language=&web_page_name=SUPPORT&strCarrierId=Verizon&strPhone=Q&strCable=Mini%20USB%20Data%20Cable#
You can read about the update here:
http://direct.motorola.com/hellomoto/motosupport/s...
I also came across this very cool website that has a lot of great discussion and software for the Q:
http://www.everythingq.com
Enjoy and happy upgrading!
Well I am back after having a week at Techready 3 in Seattle and a week of vacation. I have caught up with the over 400+ email messages and am back to blogging.
Techready 3 was awesome. We have SOO many great products coming out in the System Center Family. I spent a lot of time at the System Center Operations Manager 2007 sessions. I will be blogging quite a bit about the changes coming in SCOM 2007 over the next couple of months.
Over the next year we will be releasing the following products:
I haven't been this excited about the management space in years. We are really going leaps and bounds above our competition and we are really pulling everything togehter.
For those who want to try System Center Virtual Machine Manager, you can now download Beta 1 on Connect (http://connect.microsoft.com)
One of the most exciting technlogies that I saw was the Softricity demo. This technology is really going to change the IT world. Softricity will all but eliminate the need for application repacking due to registry or DLL conflicts as well as allowing users to run applications as Administrator but still be standard users. Start reading up on Softricity now at http://www.softricity.com. We haven't officially re-released the software yet but it will be coming in the next few months probably with a new name.
I have a lot to blog about so stay tuned!
Chris Haaker over at the Blogcastrepository has created a great "blogcast" (screencast for some) on how to use ImageX. http://blogcastrepository.com/blogcasts/37/windows_workstation/entry1586.aspx
For those of you who aren't familiar with ImageX, it is the new imaging tool that will be released with Windows Vista for creating images of workstations using Microsoft's WIM file format.
I've been asked numerous times what the difference is between the WIM file format and the Ghost file format. Other than the obvious file extension, the WIM format does a file based image as opposed to a sector based image as with other imaging tools. This allows you to easily apply offline patches and make modifications to files inside of an image without having to apply the image, make the change, and re-apply the image.
There is a great overview of ImageX here: http://www.microsoft.com/technet/windowsvista/expert/imagex.mspx
If you would like to try it for yourself, sign up for the open beta of BDD 2007 on http://connect.microsoft.com
In case you haven't already seen this, Channel9 has posted a great video discussing Bitlocker encryption with Vista. Since I am primarily working on Vista TAP engagements right now this topic is very near and dear to my heart.
Here is the link to the video:
http://channel9.msdn.com/ShowPost.aspx?PostID=214558
As a follow up make sure to read all of the technical details on Bitlocker here:
http://www.microsoft.com/technet/windowsvista/security/bitlockr.mspx
I was playing around in Powershell today and ran into this nice set of commands that will show you what Updates have been installed as known by the Windows Update Agent:
First create a variable and bind it to the "Microsoft.Update.Searcher" Com Object:
$wu = new-object -com "Microsoft.Update.Searcher"
A quick list of the members returns:
Name MemberType Definition---- ---------- ----------BeginSearch Method ISearchJob BeginSearch (string, IUnknown, Variant)EndSearch Method ISearchResult EndSearch (ISearchJob)EscapeString Method string EscapeString (string)GetTotalHistoryCount Method int GetTotalHistoryCount ()QueryHistory Method IUpdateHistoryEntryCollection QueryHistory (int, ...Search Method ISearchResult Search (string)CanAutomaticallyUpgradeService Property bool CanAutomaticallyUpgradeService () {get} {set}ClientApplicationID Property string ClientApplicationID () {get} {set}IgnoreDownloadPriority Property bool IgnoreDownloadPriority () {get} {set}IncludePotentiallySupersededUpdates Property bool IncludePotentiallySupersededUpdates () {get}...Online Property bool Online () {get} {set}ServerSelection Property ServerSelection ServerSelection () {get} {set}ServiceID Property string ServiceID () {get} {set}
So it looks like I can do a QueryHistory to see what has been installed. Before doing so I need to know how many updates have been installed.
$totalupdates = $wu.GetTotalHistoryCount()
Now I can run this command to see my update history:
$wu.QueryHistory(0,$totalupdates)
This will list all of the updates along with the following properties:
Name----CategoriesClientApplicationIDDateDescriptionHResultOperationResultCodeServerSelectionServiceIDSupportUrlTitleUninstallationNotesUninstallationStepsUnmappedResultCodeUpdateIdentity
I often get asked, "What is it that you actually do for Microsoft?" Well the short answer is that I am a consultant in the Managment, Operations, and Deployment space. Unless they are IT savvy that usually generates a deer in the headlights look. For the rest of you here is a sample of what my day consisted of today:
Morning:
Lunch:
Afternoon:
Well that is a sample of the type of work I do on a daily basis. My time can be pretty hectic but I have to say that I still love my job and I wouldn't trade it for a standard corporate IT job any day. :)
Mow posted another great blog entry on how to access User properties in Active Directory with Powershell. This guy's blog is just awesome. You should definitely start to grab his feeds:
http://mow001.blogspot.com/2006/07/powershell-and-active-directory-part-3.html
Thank you Rod for all of the links to my blog posts. Rod stated here (http://myitforum.com/cs2/blogs/rtrent/archive/2006/07/03/21768.aspx) that I "was" a great community person. Well I hope to continue to be a great community person. I feel like I am just now starting to keep my head above water here at Microsoft so you should start to see me ramping up my blog posts and other community efforts.
I believe strongly in the idea of IT community. Before joining Microsoft I was a MVP. That passion for sharing information did not end after joining MS. I think now I will be able to share more information than I ever had the opportunity to do before.
Back to a topic that I know I won't get dinged on. :)
I was playing arround with the list of available COM ProgID's by using the command in Jeffrey Snover's blog: http://blogs.msdn.com/powershell/archive/2006/06/29/650913.aspx
I ran this command to see the available Program ID's:
dir REGISTRY::HKEY_CLASSES_ROOT\CLSID -include PROGID -recurse | foreach {$_.GetValue("")} | out-file progids.txt
After looking through the file I noticed a very interesting ID called VirtualServer.Application. That sounded promising so I quickly ran the command:
$vs = new-object -com "VirtualServer.Application"
I then ran the command $vs to see what I could see...Well the command turned up a bunch of blank properties. So I thought I might have to do some more digging so I did a quick Live Search on VirtualServer.Application and came up with two great blog entries for managing Virtual Server with Powershell:
http://blogs.msdn.com/virtual_pc_guy/archive/2006/06/13/630165.aspx
http://blogs.msdn.com/virtual_pc_guy/archive/2006/06/15/631857.aspx
After creating my COM wrapper and setting my security as described in the Virtual PC Guy's blog entries, I tried my $vs command again and low and behold I had some actual properties.
At this point I wanted to see what I could do with that object so I typed the following command:
$vs | get-member
I quickly noticed a method called RegisterVirtualMachines. That sounded promising. I often download gigabytes of virtual machines to play with new technology and it is a royal pain to use the Virtual Server Administration Website to register all of those virtual machines. So I did another Live Search to see what the parameters were for the RegisterVirtualMachines method and found this reference: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/msvs/msvs/ivmvirtualserver_createvirtualmachine.asp
As you can see there are only two required parameters, the name of the VMC file and the path to the VMC file like this RegisterVirtualMachines("Testmachine.vmc","c:\vms\")
Now I was getting somewhere! I went ahead and went for the gold and tried this command:
dir . -include *.vmc -Recurse | foreach-object {$vs.RegisterVirtualMachine($_.name,$_.directoryname)}
Boom! All of my virtual machine's were now registered inside of Virtual Server!
As you can see with a little bit of research you can take advantage of any COM progID and in a short amount of time start to use it to solve problems.
Ok. After the slack I took for my last my post: http://blogs.technet.com/tmintner/archive/2006/07/03/440029.aspx
I did some research as to why I was being charged for Text messages on my phone when I thought I was using DirectPush with Exchange Server 2003 SP2 and Windows Mobile 5.
Well after doing some research it turns out that there are two methods of doing Always up to date with Windows Mobile 5. The first method is for devices that do not have the Messaging and Security Feature Pack and sends a text message to the phone to tell the phone to get a new message. The second method uses a persistant HTTP connection to the Exchange Server that does not use Text Messaging. Both methods are described in detail here:
http://msexchangeteam.com/archive/2006/04/03/424028.aspx
After doing some digging I have found that the Motorola Q which is the phone that I am using does not have the latest version of the Exchange Messaging and Security Feature Pack installed which means that with the Motorola Q for the time being the only way to have DirectPush is to use the Text Messaging method. Check out this article:
http://www.mobilekick.com/mobile-os/52/motorola-q-with-windows-mobile-50.html
The bottom line is that if in you do not have the Exchange Messaging and Security Feature Pack, then setting your ActiveSync to "as messages arrive" uses Text Messaging. If it is installed then it doesn't.
Check out this video on the proper way to configure your phone:
http://msexchangeteam.com/archive/2006/05/09/427608.aspx
So in my case with the Motorola Q I can only use the Text Messaging method for the time being until Verizon releases an update for the phone.
I have to say that we have some very passionate users out there who were quick to correct my original statement. This has been a great learning experience for me and now I can speak intellegently on the differences between the phones and what to look for to make DirectPush work correctly with Exchange 2003 SP2.
It just shows that even on an American holiday (July 4). There are still hundreds of readers around the globe that are passionate about what they do. Thanks everyone for keeping me honest!
***Quick Update***
Thanks to all who posted comments and emailed me. It turns out that the wrong setting was turned on with my phone. I was using a pre-Windows Mobile 5 feature that used Text Messaging. Sorry for the confusion and thanks to everyone for the correction!
I will post the full details of the correct settings and what was configured incorrectly in a new post tomorrow.
I have created a blog entry on the correct settings here: http://blogs.technet.com/tmintner/archive/2006/07/04/440182.aspx
**********************************
A little off topic here, but I just wanted to give everyone a heads up that if you are using Direct Push with Windows Mobile 5 you need to make sure you have unlimited Text messaging as part of your plan. Apparently Direct Push works by sending a Text message to your phone to tell it to get the email message as new email arrives.
Verizon had the wrong plan set up for me and I got dinged with a $60 bill just for text messaging! Thankfully they were great about it and credited my account and put me on the right data plan.
I was working onsite with a client last week and we were testing SMS V4 (SCCM 2007) OS Deployment features. While we were working we were having numerous client connectivity errors and often had to pull up good ol' notepad or SMS Trace to find the errors.
That got me thinking that there has to be a faster way to quickly identify errors in the SMS event log so I started playing around with Powershell. Powershell has a concept called a filter that you can create to manipulate objects as they pass through the pipeline. Wouldn't it be great if I could read the SMS log file and pull out any error messages?
Well this small bit of code does just that:
filter finderrors { if ($_.contains("error")) {$_}}
This creates a filter called finderors. You can then pass this filter any log or text file and it will analyze the file line by line. If a line contains an error it will return that to the screen. Here is an example command:
get-content ccmexec.log | finderrors
If you want to output the errors to a file just run the command like this:
get-content ccmexec.log | finderrors | out-file errors.txt
You could also go ahead and open it up in notepad at the same time:
get-content ccmexec.log | finderrors | out-file errors.txt | notepad errors.txt
What's cool about this filter is you can now pipe in multiple log files like this:
dir *.log | foreach-object {get-content $_ | finderrors} | out-file errors.txt | notepad errors.txt
I know that this produces some pretty raw output but with a little string massaging you could have the filter return only the specific eror messages and time of the error.
Enjoy and have a great 4th!
If you have downloaded and used RC1 of Powershell you will see that the Execution Policy is set to restricted by default. This essentially means that scripts do not function by default within Powershell. Although this is a great security feature that prevents the running of accidental scripts, it is not very usable.
To change this option you must run the following command from within Powershell:
Set-ExecutionPolicy Remotesigned
This will require that all scripts be signed prior to running or you can go all out and run:
Set-ExecutionPolicy Unrestricted
This allows you to run all scripts regardless of whether or not they are signed.
If you are trying to do this on Vista and you haven't disabled UAC then you will need to elevate Powershell prior to running the command. Strangely enough, when you right click on Powershell in the "Start" (I don't know what to call this!!) menu there is no option to Run as Administrator. To do this you must browse to the Powershell installation folder and right click on powershell.exe and click on Run as Administrator.
If you are into printed books there are a couple of really good Powershell books that you should check out.
O"Reilly has a great book simply titled Monad. This book was originally written on one of the beta versions of Powershell but if you purchase the book you can get the updated version at no charge. Check out the book here: http://www.oreilly.com/catalog/powershell/
Jeffrey Hicks and Don Jones are also writing abook titled Powershell from Sapien Press. It looks good so far. I can't wait until it releases! Check it out here: http://www.sapienpress.com/
Rod Trent has created an upload area for MOM 2005 reports and Management Packs. I know that creating custom reports can often be challenging to a non DBA so if you have taken the time to create custom reports please share them with the Management Community.
To upload the reports and management packs follow the instructions here:
http://myitforum.com/cs2/blogs/rtrent/archive/2006/06/27/21567.aspx
I have been learning the syntax of Powershell so I thought I would write a simple little script to search Active Directory for the mobile phone numbers of my co-workers. This script will accept an input of lastname and even take wildcard characters so if I wanted to search for all people's mobile phone numbers that start with min I can just use min* as my search string.
Check it out:
function getmobilenumber($name){ $root = New-Object DirectoryServices.DirectoryEntry $Searcher = New-Object DirectoryServices.DirectorySearcher $Searcher.Searchroot = $root $searcher.filter = ("(sn=$name)") $Proplist = "cn","mobile" $Proplist | foreach {[void]$Searcher.Propertiestoload.Add($_)} $results = $searcher.findall() foreach ($result in $results){$result.properties}}
To use it just type getmobilephonenumber("lastname") where lastname is the name of the person you are searching for. Note that the $proplist variable could be changed to whatever AD attributes that you wanted to search for.
Enjoy!
BTW I learned a lot on how to do this from this blog entry: http://mow001.blogspot.com/2006/04/large-ad-queries-in-monad.html
Here is a quick little Powershell script that I find useful to see what I have installed on my system.
This will return the installed program and the date that it was installed:
get-wmiobject -class "win32reg_addremoveprograms" -namespace "root\cimv2" | select-object -property Displayname,Installdate
To run this against a remote computer just add a –Computername “computername” before the first pipe.
One of the more interesting features of Windows Vista is that it limits control of an administrative account so that you have to provide credentials or confirm an action that requires administrative privileges. If you are not a local administrator then you have to provide a username and password that will allow you to perform the action.
Schley Andrew Kutz who works for one of my clients has written a similar tool that will function on Windows XP. This tool was meant to be a SUDO tool like on Unix. The tool is called SUDO for Windows. The key thing about this tool is that it allows you to run as a “User” and elevate to an administrator without changing the profile context. This gets around many of the drawbacks of “Runas.” When you do a “runas” you actually change to the profile of the user you are running as so if you were to save a file to the My Documents folder while doing a runas it would save it the folder of the account that you are “running as” and not the originating user. This can often be confusing to users and administrators.
Check out this tool. Andrew is a software altruist so the tool is completely free. Perhaps some enterprising person will take this idea and run with it and bring it to market. Andrew just wants credit for it.
You can read more about this and download SUDO for Windows here: http://sudowin.sourceforge.net/