Many people allow ICMP in and out of their network because it is so useful for testing. It could be an idea to make some groups and lock it down. If you need to test you can quickly add the host to the allowed group. If you need to allow pings from hosts on the internet you should restrict down to these also.
http://blog.zeltser.com/post/10755639827/reverse-icmp-shell
Wednesday 28 September 2011
Friday 23 September 2011
Turing off internet explorer "enhanced" security on a test server 2008
http://4sysops.com/archives/how-to-disable-internet-explorer-enhanced-security-configuration-ie-esc-in-windows-server-2008/
Thursday 22 September 2011
Enabling instant search on server 2008
http://blogs.msdn.com/b/mjsabby/archive/2009/04/26/enabling-outlook-instant-search-on-windows-server-2008-windows-server-2008-r2-beta-win7-server-beta.aspx
I use Windows Server 2008 R2 Beta (Win7) as my workstation OS with Desktop Experience enabled, and performance adjusted for Programs (as opposed to background services).
Only one gripe, the slow Outlook Search because because there isn't a Search service installed out of the box on Windows Server 2008 (and R2). So, I open services.msc, and start looking for a search service ... but couldn't find one -- so I settled with the slow search.
Until today, when I accidentally discovered how to do it while trying to add a File Server role to my box!
FYI
(1) Command line: ServerManagerCmd -i FS-Search-Service
(2) Or, Server Manager > Roles > Add Roles > File Services > Windows Search Service
(2) Or, Server Manager > Roles > Add Roles > File Services > Windows Search Service
Tuesday 20 September 2011
sequencing office pro plus 2010 32bit with app v
Appv and office 2010
Why office on appv
Isolation - no conflicts
Multiple versions of office
Fast deployment
Centrally manage apps
Install once deploy many times
Streaming the app to the use
Control over apps add-in's
Virtualize the app
Virtualize the add-in
Only deliver apps and add-in's to those that need it
Easy servicing updating apps / plugins etc
SCCM integration, simple delivery
Apps virtualized on appv think they are installed on the OS and can see the OS files.
The OS cannot see the appv application files.
This yeilds benefits and issues called integration limitations. For example a user is on sharepoint in IE (which cannot be virtualized) They click on a link that should open a document IE looks for the activex control that should launch office but since office is virtualized it cannot find it and fails.
To resolve this MS has created the Office 2010 deployment kit for app v. This creates bridges between the OS and the virtual applications. This is to give the users the best of both worlds.
The bridges that link the virtual world with the native world are known as feature proxies. Fast Search in Outlook. Opening documents in sharepoint. Send to one note printer. Send to mail function etc
OSD files allow us to launch virtual bubbles in the OS. To configure the proxies we need to add another OSD file with a launch path. We also need to add a modified activex control nativly. This activex control is aware of the virtual bubble. When the user click something in sharepoint IE looks for the activex control. The modified activex control redirects it to the activex control in the virtual bubble and that then launches virtual microsoft word.
Some users have opted to install virtual office 2010 along side native office 2007 and users are to move over gradualy. This is not a good idea because exchange was not designed to handle a single user managing one mail box with two different clients constantly there have been many issues when doing this.
Current limitations
Virtual -> native app integration
Solution is sequence other applications with office. However you need to be aware. The max package size is 4GB.
The way around this is to use DSC to package applications seperatly and link them together.
Another issue is that the OS is unaware of office 2010. The deployment kit solves that by creating the bridges.
two critical questions
Is office being used more as a platform
Does the business write lots of plugins for office etc.
Do applications that integrate with office do they need to stay native, can we virtualize them.
You can sequence
Office Pro plus
Stanard
Small business
You can also virtualize stand alone applications.
You can also Visio in with office pro with visio. There are some issues with licensing here more on that later.
What apps integrate with office ?
Live meeting
Office communicator
Windows sharepoint services
Add-ins (Outlook connector, conferencing add-in tool)
Line of business applications
First option sequence everything into the same package. The downside is that every user that recieves the package will get all that apps, but is that a problem for your business.
Another option branch office package is not recommended. Create one or more packages
Dynamic Suite compositon
Sequence each app seperatly
Link them with DSC
From top to bottom there is increased control but increased complexity
MS recommends to sequence the following with office
Live meeting
Office communicator
Common add-ins that everyone uses
Sharepoint integration
Then sequence other add-ins and line of business plugins in another package and link with DSC
The maximum package size and avoiding it.
Max size is 4GB
Full compression can save up to 1GB off the package size.
MSO Cache can be removed during sequencing time to save 800mb of space.
MSO cache can be used to let the user run repairs we won't be using this in virtualized office.
Office 32bit has the proxy features, 64bit does not.
How to customize office
OCT / Group Policy
Config.XML
Its a good idea to use a test plan. Get a top 5 list of what users need to do.
Installing the deployment kit on the sequencing station. Make sure to use 32bit.
msiexec /i OffVirt.MSI
[featureflags]
[license flags]
This is where you can do a combination`and activate office and visio for example
Sharepoint needs a reg key deleted during monitoring see recipe
Visio has a SxSAppExtension
Office 2010 - Merge with local
Outlook 2007/2010 co-existence recipe
Stick with one outlook until you are ready to fully move and then move
OMS add-in see recipe
OSD version numbers only have to match not the office version number
DSC
Load the root of sequenced apps
All apps will be loaded
select the primary
select the seconday
you can make mandatory if you want
most of the time you wont need to
click save
your OSD's will be over written.
However it will create a backup file.
How do I deploy my client
Install appv client
install deployment kit with only licensing parameters
publish your office package
configure deployment
Gotchas's with OffVirt
No spaces between commas
Curly braces around package guid
Appnames are Case Sensitive
Office 2003 is (office 11) reg hex value for 11 (0x0000000b)
Office 2007 is (office 12) reg hex value for 12 (0x0000000c)
Install commands
\\server\share\setup.exe /adminfile \\server\share\custom\mycustomfile.msp
App-v Forums
http://social.technet.microsoft.com/Forums/en-US/category/appvirtualization
Recipe
http://support.microsoft.com/kb/983462
Seqencing video
http://www.youtube.com/user/mentvanderplas
How to use DSC
http://technet.microsoft.com/en-us/library/cc843662.aspx
Monday 19 September 2011
Some things I have learned about the Application Virtualization Sequencer V4.6 SP1
If an applications interface with the system like a driver
extract the problem component include on golden image or use OSD scripting to deploy it with the app
Some apps use non virtualized extensibility points
Shell extentions and plug-ins
To fix this use DSC to link applications together so they can see each other in the run time environment
Embeded state or dependencies
Applications embed paths to resources in binary so sequencer can't find it
Make sure to install to the Q drive and follow appv best practices
One app that has these problems is netmon from MS
8.3 names are no longer needed in the new sequencer 4.6 sp1
Creating the primary feature block happens at the prepare for streaming section (not like at the first run in 4.5)
When should you compress a package. If you are streaming the package and there is a low bandwidth network then you should compress the package. Also if you package is approaching the 4GB size limitation then you need to compress it. Some MS engineers always compress packages.The package will only be decompressed at first run on the client side.
The standard way to trouble shoot app v is to use procmon while the application is starting up and observe what it is trying to access. There is also diagnostics in the sequencer. The first point of call should be the excluded files list in the sequencer. Report.xml is outputed with your package. If we identify a file that should have been included we need to go back and re-sequence the application but this time remove the files from the exclusion list.
A driver may have been detected when the app was installed. You will be provided with a location. Often in the registry. So if we need to include a driver that cannot be virtualized we need to extract that driver. Then include on our golden image or deploy it with the package using OSD scripting.
Sequencer will detect pending reboots. Defrag and SMS service can really interfere with the sequencer. Turn off indexing. 4.6SP1 will also remind you that you need to revert the VM if using hyper-v.
Installation report will tell you about:
excluded files
Drivers
COM+
System differences
SxS Conflicts
Shell Extensions
Dynamic Suite Composition
We can link packages so they can see each other in the their virtual bubble. Normally appv'd apps are isolated from each other. You need to decide what route is right for you. You may want to bundle java with several apps. Alternativly you may want to update java regularly so virtualizing java once seperatly and linking it to many apps might be better.
The steps are:
Sequence App1 (Package Files)
Revert VM
Expand app1 (de-virtualize)
Sequence Plug-in (Plugin files)
Link dependencies between app1 and plugin
To expand a package in the sequencer you would select expand package to local system. Select your package and click open. The page will now be expanded.
Start another sequencing job (you'll be warned that the dsc tool is running its ok to leave this open). Choose Add-on or plug-in. Browse to your plug-in (Java or SaveasPDFandXPS). Now you will be ased to browse to the parent program. If this was MS word you would need to select winword.exe on the Q drive. Give a name for the package. Finish the install as normal and create the package.
Now we have our app and our plugin. Now you need to set the depencies. Start up DSC.Select the package roots. Add folder for office and the plugin. Select the primary package in this case office. Add the plugin as the secondard. Click "Save". The tool will go into the OSD and set the secondary as a dependency of the primary package.
Package Accelerators
Are the barebones of a virtualized package. You just need to provide the binaries (install media). Your install media + the package accelerator get input into the sequencer to produce. The complete package.
Start the sequencer, choose the second option "Create a Package Using a Package Accelerator" browse to the package accelerator which you have downloaded. Its a cab file so you can look inside it if you want. The sequencer will check if it has been digitally signed. If not you will get a warning. Its probably a good idea only to use Package accelerators from microsoft. Specify the installation files. And create to create your virtualized application. You can configure the application to provide licencing information (it will launch the app in monitoring mode) Thats basically it.
For complicated apps like office creative suite or autocad package accelerators can save you a lot of time. MS spends alot of time testing them. You can create your own package accelerators for relieable re-sequencing.
Thursday 15 September 2011
App v QA tips
This is a work in progress:
After testing on the desktop applications should be tested in terminal services also.
Fast search in outlook, click start and search for emails
Work on documents in sharepoint
Send to OneNote printer
Mail control panel applet
Simple MAPI
Office document indexing
Test templates in office
After testing on the desktop applications should be tested in terminal services also.
Fast search in outlook, click start and search for emails
Work on documents in sharepoint
Send to OneNote printer
Mail control panel applet
Simple MAPI
Office document indexing
Test templates in office
Wednesday 14 September 2011
sequencing office 2010
5 great blog posts about sequencing office 2010 with app v 4.6 sp1 (there are hotfixes for app-v sequencer and app-v client make sure you get those also)
http://blogs.technet.com/b/office_resource_kit/archive/2011/06/15/sequencing-office-2010-for-app-v-part-1-considerations.aspx
http://blogs.technet.com/b/office_resource_kit/archive/2011/06/16/sequencing-office-2010-for-app-v-part-2-preparing-the-sequencing-workstation.aspx
http://blogs.technet.com/b/office_resource_kit/archive/2011/06/16/sequencing-office-2010-for-app-v-part-3-the-actual-sequencing-part.aspx
http://blogs.technet.com/b/office_resource_kit/archive/2011/06/17/sequencing-office-2010-for-app-v-part-4-getting-it-to-your-users.aspx
http://support.microsoft.com/kb/983462
If you want migration to work you need to go down one of 2 routes
1 - use the package accelerator and do a merge on the office reg key (I have not tested this)
2 - Sequence office to the C:\ drive and follow these steps
http://blogs.technet.com/b/office_resource_kit/archive/2011/06/15/sequencing-office-2010-for-app-v-part-1-considerations.aspx
http://blogs.technet.com/b/office_resource_kit/archive/2011/06/16/sequencing-office-2010-for-app-v-part-2-preparing-the-sequencing-workstation.aspx
http://blogs.technet.com/b/office_resource_kit/archive/2011/06/16/sequencing-office-2010-for-app-v-part-3-the-actual-sequencing-part.aspx
http://blogs.technet.com/b/office_resource_kit/archive/2011/06/17/sequencing-office-2010-for-app-v-part-4-getting-it-to-your-users.aspx
http://support.microsoft.com/kb/983462
If you want migration to work you need to go down one of 2 routes
1 - use the package accelerator and do a merge on the office reg key (I have not tested this)
2 - Sequence office to the C:\ drive and follow these steps
Monday 12 September 2011
issues installing app v management on server a 2008 R2 domain controller
While trying setup a test environment to install app v management server on a DC I was asked to point to a DB server. I installed MS SQL server 2005 express edition. The app v management server setup was not able to detect my sql express install. I had to start the SQL browser service to resolve the issue.
I also received a message "The Installation program was unable to create the required IIS virtual directory" this was because I didn't install the following role features with IIS:
IIS6 Management Compatibility
IIS Management Scripts and Tools
I also received a message "The Installation program was unable to create the required IIS virtual directory" this was because I didn't install the following role features with IIS:
IIS6 Management Compatibility
IIS Management Scripts and Tools
issues installing from ISO in hyper v or vmware
I was setting up a test enviornment on a laptop using Windows Server 2008 R2 with Hyper-v. I started up hyper v and attempted to install server 2008 R2 from an ISO that I had downloaded from the microsoft partner site. I got the following error during windows setup:
"A required CD/DVD drive device driver is missing. If you have a driver floppy disk, CD, DVD, or USB flash drive, please insert it now."
A lot of people on forums are getting this issue and there are a few causes and solutions. I first assumed I was missing some disk controller drivers so I downloaded the WinPE driver pack from the dell site which should have all the drivers required for my laptop. Guess what, that didn't work. I found this post on MS forums but that didn't help either. Some people online said they had success with downloading their ISO again, this didn't work for me in this case.
I also have experienced this issue with vmware as well and that time with vmware, the issue was with the ISO file. Some proxy servers store files in a cache so they don't have download them each time. Some times files get truncated or cut short. Download your ISO again and use an md5 checksum and file size to check that it is correct. Alternatively download the ISO with a direct internet connection (like a home connection) and a download manager do the m5d checksum if you can.
I solved my hyperv issue by burning the ISO to DVD, inserting it into my laptops DVD drive and then I installed my VM using the physical DVD drive. This isn't going to work for anyone who's virtual host is in a data centre 15 miles away.
I attempted to install a windows 7 client with another ISO from the partner site and I got the same issue. I found that for some reason in the hyper v settings of the VM that I had an IDE controller for the virtual hard disk and I also had a SCSI Controller. I removed the SCSI controller from the settings in hyper v and I was able to install the OS from the ISO file in hyper v.
"A required CD/DVD drive device driver is missing. If you have a driver floppy disk, CD, DVD, or USB flash drive, please insert it now."
A lot of people on forums are getting this issue and there are a few causes and solutions. I first assumed I was missing some disk controller drivers so I downloaded the WinPE driver pack from the dell site which should have all the drivers required for my laptop. Guess what, that didn't work. I found this post on MS forums but that didn't help either. Some people online said they had success with downloading their ISO again, this didn't work for me in this case.
I also have experienced this issue with vmware as well and that time with vmware, the issue was with the ISO file. Some proxy servers store files in a cache so they don't have download them each time. Some times files get truncated or cut short. Download your ISO again and use an md5 checksum and file size to check that it is correct. Alternatively download the ISO with a direct internet connection (like a home connection) and a download manager do the m5d checksum if you can.
I solved my hyperv issue by burning the ISO to DVD, inserting it into my laptops DVD drive and then I installed my VM using the physical DVD drive. This isn't going to work for anyone who's virtual host is in a data centre 15 miles away.
I attempted to install a windows 7 client with another ISO from the partner site and I got the same issue. I found that for some reason in the hyper v settings of the VM that I had an IDE controller for the virtual hard disk and I also had a SCSI Controller. I removed the SCSI controller from the settings in hyper v and I was able to install the OS from the ISO file in hyper v.
Subscribe to:
Posts (Atom)