Deployment Redux

Once again I am building an OS deployment solution based on the Microsoft Deployment Toolkit. Usually it is nothing but fun but this time there is such a desperate need for it that it really does feel like work. Plus the environment isn’t built out in a way for me to add all the bells and whistles I want to. But it is still cool stuff and I look forward to bringing this kickass solution to the office and showing off what it can do.



Cops. V-cops.

Work just closed the deal on the full vCenter suite this week. On Tuesday I spent about 2.5 hours upgrading to vCenter 5.1 (up from 5). As a matter of pride I tried to do it completely solo.

About 2 hours in I panicked and called up VMware support because I was getting a weird error and starting to run low on time. By the time they got back to me I figured out that I had misunderstood exactly what database I was supposed to point to. Their upgrade documentation is really vague in certain areas but pretty solid in others..

I must say it’s weird getting comfortable in SQL. Just hopping into the admin tool and doing stuff…. was kind of fun but I’m still sure DBA is never going to be in my future. Of course I say that about Sharepoint and today I was told (paraphrasing) “Oh hey, you DO know a lot about that. You’re my new escalation point.”  Me and my big mouth…. maybe I shouldn’t be commenting on my SQL exploits. At least I don’t think my coworkers know I blog so I’ll be safe for a little while…



Work Life Balance

This isn’t specifically tech-related, and really more of a chance for me to brag…

My round-trip commute was topping out at about 3 hours which is pretty crazy and not personally sustainable.

I emailed my boss and asked if I could shift my hours around. He told me that once I got a month of work under my belt and proved my work ethic I could “work from China every day” if I wanted to.

Well, a single day later after pitching some project plans for important infrastructure plans and I was told I could pick my hours effective immediately. What a relief! My commute was cut in half, I’m even more motivated to get things done, my home life is way more comfortable, I get more sleep, and my fuel bill is down.




Fun New Guy

I’ve fallen a couple weeks behind in my blog posting. My new job has been a rollercoaster of emotions! But I’m starting to settle in and thus it’s time for me to get back to my routine of weekly blog posting.

My enterprise career was born and raised at Sony – I didn’t know what to expect at this new place. Plus it’s all about The Cloud and I’ve never known how much BS vs actual “not-a-buzzword” technology The Cloud really is.

Culture-wise I was wary at first because there wasn’t much up on the walls in people’s offices/cubes, and my geek radar didn’t immediately pick up fellow Comic-Con attendees. Slowly but surely I’m finding familiar cultural artifacts that make me feel at home:

  • The guy in the cube next to me happened to have purchased the same model mechanical keyboard as me. 
  • There’s more than one StarCraft fan (though they don’t hold a candle to the fire that was a certain Sony coworker’s ladder ranking)
  • I once again have a coworker with lots of dogs and horses (although this time > 20 horses … it’s a whole side business!). I definitely miss not seeing dogs around in the office though
  • Without having to make any special requests, a pair of new Dell 24″ monitors were set up for me and is standard-issue
  • I found my Comic-Con attendee friend, but he works across the country in the Boston office

Here’s a breakdown of the technology-related changes/differences I’ve picked up on:

  • I thought I was definitely not a network guy, but certain network infrastructure choices I see being made at the new job suddenly make me care a lot, and realize how much knowledge I had soaked up via osmosis while at Sony
  • It may be a Production environment, but Production Development problems never change
  • People who don’t have to regularly activate Windows over the phone don’t know what they’re missing. And should never know it. Guess who just implemented their first project for improving processes in the workplace!
  • I’m already getting pulled into lots of cool projects that I just happen to know lots about, which makes it hard to manage my time because I’m excited about all of them
  • I’m glad I took the time when I could at Sony to be involved with pioneering the IPv6 path
  • I need to put together the Perfect Pitch for why the IT group needs to go out to conferences like TechEd or VMworld. Every day I’m using some skill or knowledge I picked up from there!
  • While I do believe that The Cloud is more than just a buzzword, don’t underestimate the value good old fashioned elbow grease


New Job

Yesterday was my last day working with Sony. There are many awesome people I’m leaving behind, but come Monday I’ll be working with a whole new set of awesome people.

A former coworker of mine has a theory that to be successful with IT, the organization needs to take small, calculated risk gambles. My own interpretation is that there is a relationship between risk and progress. No risk, no progress. Lots of risk means you’ll probably have enough backwards progress to cancel out any benefits. But there’s a sweet spot somewhere in there.

I’m taking my own calculated risk gamble by moving away from a juggernaut in the digital entertainment / video game industry and into a ninja strike force team for cloud services. I never would have thought I’d be moving away from a video game company, but here I am. I love gaming. But I also love IT. My heart and my head tell me that when the chips are on the table, I should let gaming be the hobby I pay for and IT be hobby someone pays me for. Staying at Sony would be the safe and easy choice, but I’m confident I have great things in store for me at LoadSpring Solutions.



PowerShell QuickStart

I decided recently that I want to do more to empower my coworkers. For Windows administration, PowerShell is the modern, cool way of accomplishing all kinds of system administration tasks. The elevator pitch for getting people excited about it is easy, but the learning curve is so steep it’s hard to keep them interested. Here’s my best effort at a short, practical beginner’s guide. The only prerequisite knowledge required is basic command prompt experience, and you can probably get by without that. Also, you want to at least have Windows 7 with SP1, ideally the 64-bit version.

Launching PowerShell

This section may seem way too basic and easy to skip over. But I strongly encourage you to work your way through it at least once. Small steps – we’ll get to the cool stuff soon enough.

Getting the Latest Version

  1. If you already have some version of PowerShell installed, open it up. WindowsKey+R > PowerShell
  2. Type the following into the console, then press Enter:
  3. Look for the row labeled “Version” – If you have the latest version (3.0 at time of writing this document), great! Otherwise, proceed onward.
  4. Download PowerShell 3.0 here [microsoft.com]. Don’t be confused like I was because they call it “WMF 3.0”. That stands for Windows Management Framework and is the totally uncool equivalent of saying PowerShell. Scroll way down to the Instructions section for directions on which exact file you need. Hint: For Win7 x64, get Windows6.1-KB2506143-x64.msu.
  5. Fire off the installer. Accept all the defaults. If you encounter an error like “This update does not apply to your system”, download and install the Microsoft .NET Framework 4 [microsoft.com] and try again (accept all defaults, and restart between installs if prompted). I don’t know why they couldn’t bundle these together or at least have a more helpful error on the PowerShell installer. If you’re still having trouble after that at you’re on Windows 7, make sure you have Service Pack 1 installed.
  6. At this point you’re ready to go. Launch and double-check with the “Get-Host” command

Console vs. ISE

There are two launchers for PowerShell: powershell.exe and powershell_ise.exe. These are both located in C:WindowsSystem32WindowsPowerShellv1.0 – Yes, even PowerShell v2 and v3 are installed into that exact folder (something about compatibility). By the way, you cannot have older and newer versions of PowerShell installed at the same time.

PowerShell.exe is the basic PowerShell console. It’s much like a Windows Command prompt – by default you’ll see a prompt starting with “PS” and then the current directory path you are in. Copying and pasting works very similar to Putty or a Linux/Unix console – Use the right mouse button to copy text or paste whatever is in the clipboard – Control+C and Control+V won’t do what you want it to do here. You can start PowerShell from a command prompt by simply typing “powershell” (without the quotation marks) – the color scheme and fonts will be a little different but it really is the same thing.

PowerShell_ISE.exe is the PowerShell console plus a bunch of really convenient features that you almost definitely want to take advantage of. The ISE is broken up into three sections (all of which can be toggled on or off): At the top is a blank script file that works like a basic text editor. Consider this your scratch pad for planning things out. At the bottom is your console window. It is exactly the same as the non-ISE version of PowerShell except that keyboard shortcuts for copy and paste will work. And finally, on the right-hand side is a cheat-sheet of all available PowerShell commands.

In the ISE, write commands into the top section or the bottom. Use the bottom for “one-offs”, use the top for planning a series of tasks that can be automatically sent to the bottom section and run line-by-line using the Play button in the toolbar.

If for some reason you don’t see all the panes/sections, open the View menu and make sure the first six items are checked.

In summary, the ISE will make your life easier. It gives you a cheat-sheet of commands, makes it easier to plan a sequence of commands, and has some other benefits I haven’t mentioned yet that you will pick up and get accustomed to as you follow this guide. However, the guide will work for both vanilla PowerShell and the ISE and if you feel overwhelmed with the ISE by all means don’t use it

Setting Up Your Environment

Enabling Scripts

By default, PowerShell is designed to be so secure that no scripts will run by default. Single commands will work just fine, but a sequence of commands saved in a script file will fail. Script files have an extension of .ps1 but otherwise appear as a plain text file – you can edit them in Notepad, the ISE, or other text editors. PS1 stands for PowerShell version 1 – Even if you are using a different version or if the script was written using a newer version, for backwards compatibility all PowerShell scripts use .ps1.

Let’s find out if you can run scripts by typing the following PowerShell command:

You’ll see the output come back Restricted – this means no script can run. (If you see anything else, Group Policy settings are managing this for you and you can skip the rest of this section.) Let’s relax those rules and allow local scripts to run. This will specifically only let scripts run if they are saved locally or if they are on a network share and have a signed SSL cert (we’re not getting into the details of that – it’s complicated):
Set-ExecutionPolicy RemoteSigned
Note: This is one of the few times you’ll need to launch PowerShell with the “Run as Administrator” option. You’ll be prompted to confirm this setting which you can do by just pressing Enter to accept the default.

Re-Run Get-ExecutionPolicy and you’ll see your new setting in place.

PowerShell Remote Connections

One of the most useful features of PowerShell is that you can use it to run commands on a different computer from the one you are sitting at. But to do so you need to set up a few things (unless Group Policy has been configured to do this for you – let’s assume that is not the case):

On the computer you want to connect remotely to:

  • Run the following PowerShell command (this is one of the other rare times you need to make sure you run launch Power with the Run as Administrator option):
    Note: You’ll be prompted several times with questions about settings. Press enter to accept all the defaults. Or cheat and use the command Enable-PSRemoting -Force to automatically select all defaults

On your computer:


  • Run the same Enable-PSRemoting command. Technically you don’t need all the settings that are enabled, but this is a much quicker way of getting started.
  • Next, make sure you can reach the remote computer from yours by hostname. Type ping RemoteComputer but with the name of your actual remote computer – do not use an IP address. If the hostname does not resolve to an IP address, you will be unable to run remote commands, but the fix is beyond what this guide can provide – You need working DNS and if this isn’t automated through Active Directory you’ll have to manually update your DNS server as needed.
  • If the machine you want to connect to is not bound to Active Directory, you also need to run the following command:
    winrm set winrm/config/client ‘@{TrustedHosts=”RemoteComputer“}’Be sure to use all the quotation marks as they appear here, and replace RemoteComputer with the actual hostname of the computer you want to connect to. If you have difficulty with managing computers remotely you can use an asterisk instead of a computer name but this is extremely insecure and a hacker’s paradise.

At this point, on your machine you can connect to the remote one by using the following command:
Enter-PSSession -ComputerName RemoteComputer -Credential DomainUser

You’ll be prompted for the username and password of an account on the remote computer that is a member of that computer’s Administrators group. If the command is succesful, you’ll see a normal PowerShell prompt except that in brackets it shows the name of the computer you are connected to. At any time you can type Exit-PSSession to return back to your local PowerShell console. It is important to always check for a hostname in brackets – this is how you tell if you are running commands on your computer or on some other computer.


Although we’ve hardly done anything, at this point you have everything set up on your computer and maybe even a remote computer. Next week we’ll dive into running commands, keyboard shortcuts, using auto-complete, etc.



Hosting My Own IT Super Bowl

This weekend I was finally motivated enough to attempt standing up an entire Windows infrastructure from scratch. Building on my Hyper-V efforts last week, here are my goals:

  • All servers and clients are hosted in Hyper-V off of my Windows 8 desktop host
  • All Hyper-V management is being done through PowerShell
  • VM servers are running Server 2012 Standard Core
  • All VM management and configuration is being done through remote PowerShell consoles from my desktop host
  • Services to configure first in the virutal environment: DHCP, DNS, Active Directory
  • Services to look into a little later: Exchange, IPAM, Sharepoint, SCCM, IIS, RDS

So far, so good, and having a blast using a Zombie theme where possible. I configured some virutal switches to isolate my virtual infrastructure’s DHCP and DNS (Switch names External, Borderlands and Quarantine), got my primary server up and running (PatientZero), turned on the DHCP and DNS role, and just finished configuring the new AD forest (zombienet.local).

Much assistance for configuring active directory is coming from http://technet.microsoft.com/en-us/library/hh472162#BKMK_PS but it’s definitely taking some extra time to parse and take it all in.



Installing Hyper-V Blind

One of the initiatives at work right now is to prepare for / expand on IPv6 adoption. We have a great lab environment just begging to be hacked away at and it’s a perfect chance for some self-paced real-world learning on cool stuff that doesn’t apply directly to my daily responsibilities.

To that end, we needed a VM environment so we don’t crowd up the lab racks with physical hardware. We’re entirely a VMware shop but where’s the fun in just spinning up another ESXi host? My goal:

  • Server 2012 Standard – It would’t really be a fair virtualization tech comparison if we went with Server 2008 and it’s Hyper-V 2.0. We need new and 3.0!
  • Server Core install – That means no GUI! Command prompt and powershell is required until the system is up enough to accept remote management connections that have a more GUI-driven interface
  • Configure Hyper-V as much as possible using PowerShell. But I do hope to enable things so that my colleagues can fall back on the GUI as needed
  • No using IPv4 during setup. I want it going through the virtual switch and available to guests at the end, but that’s it

So that I can look a little more bad-ass in the lab when I’m working on this, I decided to do a test run at home and get through a bunch of the “how the hell do I _____ ?” stuff. Here’s my notes on everything I ran into:

  • Use setres -w #### -h #### to change the screen resolution
  • There’s a decent “Getting started with Server Core” guide on TechNet that the rest of my notes are based around
  • Get-NetIPInterface is frustrating because it won’t show me the MAC of these interfaces
    • Came up with this instead:
      Get-NetAdapter | Select Name,MacAddress,ifIndex,Status
    • To rename an adapter: (annoyingly can’t use the interfaceIndex property)
      Rename-NetAdapter -Name “Current Name” -NewName “New Name”
    • To set a static IP:
      New-NetIPAddress -InterfaceIndex ## -IPAddress -PrefixLength ## -DefaultGateway
    • No info ANYwhere on how to switch back to DHCP though using PowerShell and not WMI though
  • Didn’t find a suitable powershell equivalent for what ipconfig does for me
  • To join to AD, use Add-Computer with no parameters and you’ll be walked through. Make sure the computer object is created in AD beforehand. Looks buggy according to internet. Failback method is netdom)
  • Rename-Computer does just what you’d expect
  • Can’t believe slmgr.vbs is still the command-line way of activating Windows
  • Install-WindowsFeature feature1,feature2 (dependencies automatically grabbed. Use -whatif to show them)
  • End of testing. Can’t install Hyper-V role within Hyper-V it looks like, despite being able to install Hyper-V under VMware (after some tweaks). I probably just don’t know the equivalent tricks



One of my main focuses at work has been AD migrations. The overall project is going frustratingly slow but at the same time is abnormally complicated. Thus my entire day, every day (plus .5-4 hours of overtime) is spent on it. And to make anything else get done I have to volunteer extra of my time.

To keep my sanity between wanting to do fun things, dealing with a massive project, and correcting lots of human error, I decided to spend a few late nights automating as much as I could for this migration project with PowerShell. Through the process I believe I significantly leveled up my scripting skills, and turned many mundane tasks into an automated process. Here’s an overview of what the script does:

  1. Read a manually generated list of users/computers/groups that are migrating together as a “migration wave”
  2. Identify if/where/what those objects are in both the source and target domains
  3. Search a database for additional computers that a listed user may be logging into and add it to the migration wave. The database is populated via a login script GPO utilizing the BGinfo sysinternals tool
  4. Filter out objects that are conflicts, have typos, or appear to be already migrated
  5. (Optionally) move everything that wasn’t filtered out to a staging area in the source domain and set a couple ADSI attributes
  6. Generate separate Group/User/Computer import files compatible with Quest migration tools
  7. Provide an email report of the status of each item in the migration wave

The great thing about this script is it pretty much eliminates the need to manually search for conflicts, you never have to re-type things or click through the clunky Quest AD user interfaces, and it provides a clear report for everyone on the project of what’s going on. An added bonus for anyone familiar with PowerShell is that the migration wave list is output as a custom PS object, meaning it can be saved as a variable, piped to another command, or otherwise manipulated. If I were a little more familiar with the Quest PowerShell plugins I wonder if it could actually perform the migrations for us entirely…

At some point I’ll go back through the script, do a final cleaning to remove company-specific info and post it for anyone who needs it. Please let me know if this sounds helpful – things always get done sooner with some friendly motivation.



The Convenience of Windows 7

It’s funny, the only thing I miss from Windows 7 is the “USB / DVD Download tool” that turns an ISO or DVD into a bootable USB drive.  I’m perfectly capable of running the diskpart commands to format a drive and then copy out all the ISO contents, but the Microsoft tool was pretty convenient.

Adding to my frustration is trying to search for “Windows 8 USB / DVD Download tool” to see if they’ve brought it forward to work on Windows 8.  Unfortunately the results are a million articles about how to upgrade your Windows 7 machine using the Win7 tool.

In related news, I was at a friend’s house the other day and someone commented that Windows 8 is horrible because A you have to log off to be able to shut down the computer, and B during the install you have to watch the tutorial of moving the mouse to corners of the screen.  It’s silly, considering that with one of the corners you can put the mouse into the option to shut down the computer without logging off first comes up. Everyone hates stuff that’s new apparently. Pretty sure I wouldn’t want to be a commercial OS developer for that reason alone.