New tool from Microsoft: Policy Analyzer

Microsoft released a new tool for analyzing and comparing sets of Group Policy Objects (GPOs). The tool is is deliverd in a .zip file and requires no installation.
http://blogs.technet.com/b/secguide/archive/2016/01/22/new-tool-policy-analyzer.aspx

Features On Demand

How To Patch Windows Image to be able to install Features On Demand on patched Windows Server 2012:
0. Show applied patches:
WMIC QFE > PATCHES.TXT
NOTEPAD PATCHES.TXT
1. Download patches using “WSUS Offline Update”
C:wsusofflineUpdateGenerator.exe
2. Mount the wim-file using dism:
dism /mount-wim /WimFile:C:wsusofflinewiminstall.wim /index:2 /mountDir:C:wsusofflinedismmount
3. Apply patches
dism “/Image:c:wsusofflinedismmount” /Add-Package “/PackagePath:C:wsusofflineclientw62-x64temp”
4. Commit changes
dism /Unmount-Wim /MountDir:c:wsusofflinedismmount /commit
5. Repeat step 2-4 for the other images (index 1,3,4)

References:
http://www.virtualizationadmin.com/kbase/VirtualizationTips/GeneralVirtualizationTips/ServerVirtualizationTips/ManagementAdministration/CheckinginstalledupdatesonServerCore.html
http://www.sysadminlab.net/mobile/creating-a-fully-patch-install-wim-for-windows-78-without-mdt-but-using-wsus-offline-updater
http://blogs.technet.com/b/joscon/archive/2013/06/24/3532554.aspx#pi47623=2
https://technet.microsoft.com/en-us/magazine/hh825626.aspx

To list packages added to the image:
dism /Image:C:wsusofflinedismmount /Get-Packages

For troubleshooting installations:
C:WindowsLogsCBSCBS.LOG

FREE Microsoft eBooks

Microsoft Senior Sales Excellence Manager – Eric Ligman posted a list of almost 300 FREE Microsoft eBooks. You can download them all from hos blog at the following address:
http://blogs.msdn.com/b/mssmallbiz/archive/2014/07/07/largest-collection-of-free-microsoft-ebooks-ever-including-windows-8-1-windows-8-windows-7-office-2013-office-365-office-2010-sharepoint-2013-dynamics-crm-powershell-exchange-server-lync-2013-system-center-azure-cloud-sql.aspx

Free Study Guide for Microsoft Exam 74-409

Veeam are giving away a studying guide for Microsoft Exam 74-409: Server Virtualization with Windows Server Hyper-V and System Center for free.
The guide can be downloaded at http://go.veeam.com/microsoft-certification-exam.html

Recover From An USN Rollback

Very interesting article about a possible way to recover from an USN rollback:
http://thoughtsonopsmgr.blogspot.se/2014/03/solving-domain-controller-issues.html

Publishing of older posts

I have decided to publish some of my older posts that I held private as they was mostly ment as a collection of good links for my own use. Most of them are related to System Center 2012 but other areas are included as well.

SPN settings in SCOM 2012
SCOM 2012 Agent Discovery Fails
System Center 2012 Operations Manager Survival Guide
Operations Manager 2012 Sizing Helper Tool
How to become an expert
Monitoring Text and CSV log files in System Center Operations Manager
Visio and SharePoint extensions for System Center 2012
WS-Management/SMASH in SCOM 2012
Script to backup MPs
Regular expressions in SCOM
Remote Server Administration Toolkit for Windows 8
How to Create Your Own Windows Azure Publish Settings File
SCOM Remote Maintenance Mode Scheduler 2.0
Understanding Operations Manager Maintenance Mode
How to make Operations Manager 2012 (SCOM 2012) Fault Tolerant

Pass the hash solved or not?

Microsoft released KB2871997 to address the “Pass the hash” vulnerability, but according to the following blog post pass the hash is still possible using the local Administrator account (SID 500):
http://www.pwnag3.com/2014/05/what-did-microsoft-just-break-with.html

Use PowerShell to Find Service Accounts

I was looking for a way to find service accounts using PowerShell and found the following post on the “Hey, Scripting Guy! Blog”:

http://blogs.technet.com/b/heyscriptingguy/archive/2012/02/15/the-scripting-wife-uses-powershell-to-find-service-accounts.aspx

To summarize, you can use the Get-WmiObject cmdlet to retrieve information about service accounts as in the following example:

Get-WmiObject win32_service | format-table Name, StartName

Windows Server 2012 R2 Preview

It is here! Windows Server 2012 R2 Preview has been released, you can download it from TechNet Evaluation Center: http://technet.microsoft.com/en-US/evalcenter/dn205286.aspx

How to install pfSense 2.0.2 on Hyper-V (Windows Server 2012)

When you are installing pfSense on Hyper-V there are some things to consider:

• Use Legacy Network Adapters.
• You need to reset all network adapters in pfSense every time the system boots.
• If running on AMD CPU you must set hw.clflush_disable=1 att boot-time.
• pfSense 2.0.x on Hyper-V is not recommended for production environments and should only be used for lab or test purposes.

The following steps is a description of how to install pfSense on Hyper-V in a successful way:

1. Download pfSense-LiveCD-2.0.2-RELEASE-amd64.iso.gz from one of the pfSense mirrors at http://www.pfsense.org/mirror.php?section=downloadsVerify
2. Verify the file hash of the downloaded file using your favourite hashing tool (Personally I like HashTab which is freely available for personal use at http://implbits.com/HashTab.aspx).
3. Extract the ISO-file from the downloaded tarball using a file archiver of your choice (I like 7-Zip which is an open source file archiver. It is available at http://www.7-zip.org/).
4. Create a Hyper-V VM with two Legacy Network Adapters and remove any network adapter already present. The VM should have a small IDE harddrive (typically 1GB) and at least 128MB of RAM.
5. Boot the VM on the ISO-file. If you are using a AMD CPU in your windows host you must set the boot parameter hw.clflush_disable=1 at boot time. To do that press 7 at the boot menu and enter the following commands (also shown in the following picture):
   OK set hw.clflush_disable=1
   OK boot
   
6. Select the option to install pfSense otherwise you wil just boot the LiveCD.
   
7. Change video font, screenmap and keymap appropriate to your video monitor, keyboard and language. Then select “Accept these Settings”.
   
8. Select Quick/Easy install to use the first hard disk and “automatically” install pfSense.
   
9. Confirm by pressing OK.
   
10. Select to install a standard kernel.
    
11. When the installation is finished, choose to reboot the VM, power it off and eject the ISO.
    
12. Start the VM again (remember to set the parameter hw.clflush_disable=1 at boot-time if using a AMD CPU).
13. Configure VLANs if appropriate for your environment.
    
14. Assign interfaces as appropriate for your configuration, confirm by pressing y and enter.
    
15. Enter option 8 to get to the shell.
    
16. Create simple script that resets all your network adapters at boot by entering the following commands (add more interfaces depending on your configuration and start dhclient on all interfaces that should receive IP-configuration dnyamically):
    # touch /etc/rc.local
    # touch /etc/rc.local.running
    # chmod 755 /etc/rc.local
    # echo “ifconfig de0 down” >> /etc/rc.local
    # echo “ifconfig de0 up” >> /etc/rc.local
    # echo “ifconfig de1 down” >> /etc/rc.local
    # echo “ifconfig de1 up” >> /etc/rc.local
    # echo “dhclient de0” >> /etc/rc.local
    
17. If using an AMD CPU, enter the following command to permanently set the parameter hw.clflush_disable=1 at boot time:
    # echo “hw.clflush_disable=1” >> /boot/loader.conf.local
18. Reboot to test your configuration.
    # reboot

Reference: http://forum.pfsense.org/index.php?topic=44568.0