MSTSC /admin

In both Vista SP1 and Windows Server 2008, the Remote Desktop Program has been updated to version 6.1 (6.0.6001) and one of the changes is that the functionality previously associated with the /console switch is now called the /admin switch.

If you use "mstsc /v:servername /console" in a script file then the /console will be ignored (with no warning) and you will be connected to a normal session that is not the server console.

You now use /admin instead of /console.

Detailed discussion on the the change here:

http://blogs.msdn.com/ts/archive/2007/12/17/changes-to-remote-administration-in-windows-server-2008.aspx

Installing Windows 7 via USB or SD Media

You can install Windows 7, Windows Server 2008 or Windows Vista from USB or whatever other removable media your computer can boot from? Insert your removable media into a Windows XP or Vista PC and run the following commands from an elevated command prompt.

1. diskpart
2. list disk (find the disk number for the removable media)
3. select disk #
4. clean
5. create partition primary
6. select partition 1
7. active
8. format fs=fat32
9. assign letter=y (or any free drive letter)
10. exit

Once that is complete mount the ISO and run the following command.

xcopy x:\*.* /s/e/f y:\

Where “x” is the drive letter of the mounted ISO. Once complete boot off the device and install the OS. When a new Windows 7 or 2008 R2 build is released, simply delete the contents, rerun the xcopy command and you are ready to go again.

Link: http://thelazyadmin.com/blogs/thelazyadmin/archive/2009/01/08/installing-windows-7-via-usb-or-sd-media.aspx

Media State: Authentication failed

Network card status reports error Media State: Authentication failed.

In Microsoft Windows Vista, a user reported an error on the network card.

If the domain network is not using a radius connection you may need change the Authentication settings of the network card.

In the properties of the network card click on the Authentication tab and unselect Enable IEEE 802.1x authentication.

How to Create a Custom Windows Installation DVD - for UMPC

Using the free software vLite, you can create a completely custom, bootable Windows Vista install DVD. Remove the parts of Vista you don’t want/use, change some of the default settings, include Service Packs and Windows Updates, and more. Keep reading for complete step-by-step instructions on using vLite.

Guide for Vlite
http://forum.notebookreview.com/showthread.php?t=271701

Full instructions are available from:
http://www.simplehelp.net/2008/06/04/how-to-create-a-custom-windows-vista-installation-dvd/

Vlite is available from:
http://www.vlite.net/

Wireless Vista machines connecting to a Domain

This specifc case referes to Microsoft Vista workstations and users who are connecting to a Windows radius server, though it will be of use to users who are using other authenticating technicnologies.

The Radius server and workstations require a server certificate, this can be generated by using the SelfSSL obtained from the IIS Resource kit.

How To Install:

1. Download IIS 6.0 Resource Kit Tools (requires Windows Server 2003, Windows XP)
2. Install the resource kit (If you want hand-holding through these steps, read these instructions with screenshots by Jonathan Maltz)
3. From the Windows Start Menu, go to the "\Programs\IIS Resources\SelfSSL" folder and select "SelfSSL".
4. Instructions will be listed in a command prompt. Type "selfssl" to run the program.
5. Type "y" to confirm overriding/installing the certificate on the given site.
6. Test that it worked by visiting https://localhost/.
   

Additional instructions are available from the following blog.

We are going to manage the wireless connection at the workstations via Microsoft Group Policies.

"Wireless and wired clients running Microsoft® Windows Vista™ or Windows Server 2008 and wired clients running Windows XP with Service Pack 3 support enhancements that can be configured through Group Policy settings that are supported by domain controllers running Windows Server® 2008. To support these enhancements for an Active Directory® directory service environment consisting of domain controllers running Windows Server 2003 or Windows Server 2003 R2, the Active Directory schema must be extended."

Use the following guide to extend the schema:
Active Directory Schema Extensions for Windows Vista Wireless and Wired Group Policy

Edit the Group Policy using Group Policy Management Console.

1. Create a Group Policy Object for the computers you want to configure wireless access. (i.e. called Wireless workstation settings)
2. Edit the Group Policy Object.
3. Expand Computer Configuration, Policies, Windows Settings, Security Settings.
4. Select Wireless Network (IEEE 802.11) Policies.
5. Click the right hand mouse button, in the right hand window and select Create a new Wireless Policy.
6. Enter an appropriate name and description, tick the Use Windows WLAN AutoConfig service for clients.
7. Click Add, then select Infrastructure.
8. In the Profile name enter an approprate name and the correct SSID
   Tick - Connect automatically when this network is in range.
   and tick - Connect even if the network is not broadcasting.
9. Click the Security tab
   In Authentication select WPA-Enterprise
   Encryption select - TKIP
   In Select a network authentication method: select Microsoft: Protected EAP (PEAP)
   Click on Properties:
   Tick on Validate server certificate
   In Trusted Root Certification Authorities - select your certificate. (Ensure it has been installed.)
   In Select Authentication Method: select Secured password (EAP-MSCHAP v2)
   Click Configure - In When connecting ensure Automatically use my Windows logon... is selected. - Click Ok, click OK on Protected EAP Properties.
   In Authentication Mode: select User re-authentication
   Max Authentication Failures: is set to 3.
   Tick Cache user information.
   Click Advanced.
   Ensure Enforce advanced 802.1x settings is not selected.
   Tick enable Single Sign on
   Select Perform immediatly before User Logon
   Max delay for connectivity set to 30
   Tick Allow additional dialogs to be displayed. Click Ok, click Ok to close Wireless network properties.
10. In the Network Permissions tab
11. Ensure the correct Network Name and network type is set with the permission set to Allow.
12. Tick the following - Allow user to view denied networks and Allow everyone to create all user profiles. - then click Ok.
13. Add the Group Policy object to the appropriate workstations.

On the workstation you need to install the certificate into the Trusted Root Certificate Authority.

On the workstation load the MMC and load Certificates and install the manually created certificate.

Links:
The Cable Guy - Wireless Group Policy Settings for Windows Vista

Network adapter priority in Vista

If you have multiple network cards in your Vista machine it is recommended to configure the wired domain network card as the first in the list.

On the Advanced menu, on Advanced settings, you can change the order which Vista uses different adapters.

To access the Advanced Settings, go to the Network and Sharing center, click Manage Network Connections - 5th down under task on the on the left then press ALT to make the menu appear.

Information and link to: http://blogs.technet.com/jamesone/archive/2007/04/03/network-adapter-priority-in-vista.aspx

Group Policy - preferences

Microsoft's Group Policy preferences includes the ability to control and configure a great deal more, from a central point, than regular Group Policies can. Some preference settings actually overlap with “real” policy settings, but in that case you have a choice between a policy and a preference. So, you might ask: what’s the difference? Well, a “policy” is something you enforce and which cannot be changed by the user – a “preference” is a setting you would prefer the user takes on, but the user can still change it.

Preference can be set to apply only once and from that point in time the user is free to do whatever he/she wants – or to apply every time the Group Policy is refreshed (default ever 90 to 120 minutes on clients).

Preferences can be used to amongst other things, map network drives, manage environmental variables, registry entries, creating folders/files and short cuts.

For a more detailed information: Windowssecurity.com

How to access Group Policy - preferences:
Windows Server 2008 server or a single Windows Vista SP1 with the downloadable, “Remote Server Administration Tools” (RSAT) toolkit installed. RSAT will include GPMC version 2 and updated versions of the administrative tools we had in the “Administration Tools Pack” for earlier Windows Server systems.


Enabling Group Policy, preferences on Client Workstations

To enable client workstations to use Group Policy preferences you need to install Group Policy Preference Client Side Extensions on the workstations.

Group Policy Preference Client Side Extensions are now available for download.

The GPP CSEs are included in Windows Server 2008 RTM, but can now be downloaded for: Windows XP SP2+ (32/64 bit) Windows Server 2003 SP1+ (32/64 bit) Windows Vista RTM+ (32/64 bit)
These are the links:
GPP CSEs for Windows Vista (KB943729)
GPP CSEs for Windows Vista x64 Edition (KB943729)
GPP CSEs for Windows Server 2003 (KB943729)
GPP CSEs for Windows Server 2003 x64 Edition (KB943729)
GPP CSEs for Windows XP (KB943729)
GPP CSEs for Windows XP x64 Edition (KB943729)

Additional information including installing the extension can be obtained from the following blog: heidelbergit

Windows PE 2.0 and a USB flash drive

Windows PE is a version of the Windows OS that runs without installation entirely in memory (no harddisk required) and boots from a cd-rom or the network

Getting started
Download and install the Windows Automated Installation Kit (WAIK) it is available as a download. It's a big download. Burn it to a cd or mount it using some ISO/IMG mounting tool and install it.

The Windows PE Tools Command Prompt
Open up the Windows PE Tools Command Prompt from the Start Menu and make sure to Run as Administrator: (Run as Administrator is only required on Windows Vista and Windows Server 2008)

Alternatively, you can change the shortcut's properties, Advanced..., Run as Administrator to run it everytime elevated as an administrator.

Building your Windows PE
In order to build your custom Windows PE, follow the next steps:

1. Run copype.cmd as follows: copype.cmd x86 d:\winpe_x86
   This makes a copy of the Windows PE files to the specified folder. Alternatively, you can specify amd64 for 64-bit machines.
2. You can customize the Windows PE image (using the Windows Imaging Format, (WIM)) using ImageX:You can mount a WIM file to a folder using the following command:
   imagex /mountrw d:\winpe_x86\winpe.wim 1 d:\winpe_x86\mount
   This works through a file system driver called WimFltr (see sc queryex WimFltr).
3. Add all apps you like to add to the image in the mounted folder. Windows PE is based on packages that can be added to the image at will. This is done through peimg, using: peimg /list /image=d:\winpe_x86\mount\Windows
   to show a list of all images.
   Next, you can add packages by using the command:
   peimg /install=package d:\winpe_x86\mount\Windows
   where package is either * (all packages) or one from the list shown by invoking peimg with the /list switch.
   The packages are :
   WinPE-HTA-Package = HTML Application support
   WinPE-MDAC-Package = Microsoft Data Access Component support
   WinPE-Scripting-Package = Scripting (VBS, WSH) Support
   WinPE-WMI-Package = Windows Management Instrumentation Support
   WinPE-XML-Package = Microsoft XML (MSXML) parser support
4. To copy various deployment tools into the Windows PE image, type:
   xcopy "C:\Program files\Windows AIK\Tools\x86\*.*" "D:\WinPE_x86\Mount\Program Files\Tools" /s
   and then press ENTER.
   When prompted about a file or directory name, type D.
   
   Or other tools type XCopy “C:\Tools\*.*” “D:\WinPE_x86\Mount\Tools” /s, and then press ENTER. When prompted about a file or directory name, type D.
   
   You could add drivers and language packs as well, please see the notes lower in this blog or the help documentation that comes with the WAIK.
5. When you're done with the image customization, run peimg with the prep switch: peimg /prep d:\winpe_x86\mount\Windows
   and unmount the image using ImageX:
   imagex /unmount d:\winpe_x86\mount /commit
   and copy the created .wim file to the ISO folder:
   copy d:\winpe_x86\winpe.wim d:\winpe_x86\ISO\sources\boot.wim
   Answering Y to agree to the file being overwritten.

Create a bootable Windows PE ISO Image

You can create an ISO file for the image using oscdimg:

oscdimg -n -bd:\winpe_x86\etfsboot.com d:\winpe_x86\ISO d:\winpe_x86\winpe_x86.iso

where the -b flag specifies the El Torito boot sector for the ISO to be created. It just takes a few seconds to complete.

Create a Bootable Windows PE USB Flash disk

Finally, it's time to put the whole thing on a USB Flash key or to burn the ISO created in the previous step to a cd-rom. Open up diskpart and execute the following commands.

WARNING! Make sure to select the right disk in step 1; you can view all disks using the "list disk" command. In the steps below, all data from the USB Flash disk will be removed!

This is completed from a computer running Windows Vista. Windows Server 2003 version of diskpart does not display flash memory drives.

1. select disk 1
2. clean
3. create partition primary
4. select partition 1
5. active
6. format fs=fat32
7. assign
8. exit

Now copy to the d:\winpe_x86\ISO folder contents to the USB disk (which I assume has letter E: assigned)

xcopy d:\winpe_x86\ISO\*.* E: /e /h

Now you should be able to boot from the USB Flash disk. Make sure to select the right boot device during the boot cycle or to change the boot order in your computer's BIOS.

NOTES:

• Shutting down Windows PE - use wpeutil shutdown.
• Adding a driver
  drvload.exe x:\lan\atl01_xp.inf
  Online - the drvload.exe command allows the driver to load after starting WindowsPE. Ideal for rarely used drivers.
  
  peimg /inf=c:\lan\atl01_xp.inf D:\WinPE_x86\Windows
  Offline - the peimg /inf command for adding a driver in the image. Suitable for frequently used devices, e.g. network card. Only specifying the path to the folder is not sufficient, but you have to enter the full name of the driver file (if you do not do this, the erorr 0x80070002 will appear) #
• Change the language and location settings.
  The standard image has the QWERTY keyboard layout. Go back to step 2 to mount and do the following on the mounted image using intlcfg:
  intlcfg -inputlocale: -image:d:\winpe_x86\mount
  intlcfg -syslocale: -image:d:\winpe_x86\mount
  intlcfg -userlocale: -image:d:\winpe_x86\mount
  where is replaced by the locale you want (e.g. nl-be for Belgian Period keyboard).

Links:

• Update from technet - http://technet2.microsoft.com/WindowsVista/en/library/08629d0b-56b0-4194-9782-88d01a488ae01033.mspx?mfr=true
• Imagex - http://technet2.microsoft.com/WindowsVista/en/library/bb068119-1ba6-48c7-9ad7-3ed3f72592e91033.mspx?mfr=true
• Peimg - http://technet2.microsoft.com/WindowsVista/en/library/45563a61-155e-48a5-a833-b6cd5119ad4c1033.mspx?mfr=true
• Oscdimg - http://technet2.microsoft.com/WindowsVista/en/library/1d0b11f9-c0c7-4b9a-a17e-77e60d5c1d9a1033.mspx?mfr=true

Login Scripts, Mapping drives and VISTA

Problem:

By default Group policy service executes scripts in an elevated mode. There are some scripts like 'Map network drives' that would need to be run in UAPmode. In order to launch such scripts in a UAP context from an elevated process, you can leverage the Task scheduler API.

The logon script uses the Net use command to map network drives.It works fine for standard users, but not to domain admin users.

Additional information can be obtained from the section "Group Policy Scripts can fail due to User Account Control" from the link in part 1 of the solution.

Solution:

1. Get launchApp.wsf from the MS documentation http://technet2.microsoft.com/WindowsVista/en/library/5ae8da2a-878e-48db-a3c1-4be6ac7cf7631033.mspx?mfr=true
2. Created Vista_Check.vbs that isset as the login script in Group Policy.
3. When I cut and pasted launchApp.wsf the formatting put an extra carriage return in part of the script that I had to remove.
   
   Call rootFolder.RegisterTaskDefinition( _strTaskName, taskDefinition, FlagTaskCreate, _,, LogonTypeInteractive)

You didn't have to change anything in the actual login.vbs

Vista_Check.vbs==============

Dim isVista
Dim wshShell
Set wshShell = CreateObject("WScript.Shell")
GetOS
If isVista = True Then
runLaunchApp
Else
runLoginNormal
End If

Sub runLaunchApp
wshShell.Run "cscript \\\launchapp.wsf \\\login.vbs"
End Sub
Sub runLoginNormal
wshShell.Run \\\login.vbs
End Sub

Sub GetOS
strComputer = "." Set objWMIService =GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer &"\root\cimv2")
Set colOSes = objWMIService.ExecQuery("Select * fromWin32_OperatingSystem")
For Each objOS in colOSes
osCaption = objOS.Caption
If instr(osCaption, "Vista") Then
isVista = True
End If
Next
End Sub

link: http://www.developersdex.com/asp/message.asp?p=593&r=5431945&page=2

AMD PCnet network card drivers for VMware

Additional drivers are required when using Windows Deployment Services to deploy Windows Vista, while using VMware Workstation.

Two locations for AMD PCnet drivers:

• VMware NIC driver. The easiest way is to start up a VMware session and choose the “Install VMware Tools” option. Don’t worry if you already have them installed—all this does is mount a VMware Tools installation CD (which may autorun to perform an installation, for which you may just press “exit”). In the CD that appears in your VMware session, go to: E:\Program Files\VMware\VMware Tools\Drivers\vmxnet\win2k\ and copy these files to your host system. Now we can use the peimg utility to mount the driver.
• http://www.amd.com/us-en/ConnectivitySolutions/ProductInformation/0,,50_2330_6629_2452%5E2454%5E2486,00.html
  Use the Windows XP signed.
  

Update the WDS boot image to include the new third-party network driver

To do this, follow these steps:

Note: The following procedure assumes that the Windows Automated Installation Kit (AIK) is installed on the WDS server.

1. On the WDS server, click Start, click Run, type wdsmgmt.msc, and then press OK.
2. Under your WDS server, double-click Boot images.
3. Right-click the boot image that you want, and then click Disable.
4. Right-click the same boot image, click Properties, and then click General.
5. Note the name and location of the boot image that is displayed in the File name box.
6. From the Windows PE Tools Command Prompt, type the following:
   C:\program files\windows aik\tools\petools\copype.cmd x86 e:\windowspe-x86
   Note: Keep this command prompt window open for the next step.
   Imagex /info Drive:\remoteinstall\boot\x86\images\boot.wim
   Notes:
   Drive:\remoteinstall represents the path at which the Remoteinstall folder is installed.
   Boot.wim is the name of the boot image.
7. Note the boot index number of the bootable image that is displayed. To identify the boot index number, locate the line that contains "boot index: X."
   
   Note: X is the boot index number. The number indicates that image number X is marked as bootable and that the image is to be updated. The second image is the default image that you would typically modify. However, always verify which image is marked as bootable.
8. At a command prompt, type the following:
   Imagex /mountrw Drive:\remoteinstall\boot\x86\images\boot.wim 2 mount peimg /inf=driver.inf mount\Windows
   imagex /unmount /commit mount
   Notes:
   Drive:\remoteinstall represents the path at which the Remoteinstall folder is installed.
   Driver.inf is the name of the third-party driver.
   The Imagex /mountrw command mounts the specified image, with read/write permissions, to the specified directory.
9. Enable the boot image on the WDS server. To do this, follow these steps:

• On the WDS server, click Start, click Run, type wdsmgmt.msc, and then click OK
• Under WDS server, double-click Boot images.
• Right-click the boot image that you want, and then click Enable.
  
  Link: http://support.microsoft.com/kb/923834

VMware Workstation 6 - PXE boots slow

Problem:
I'm trying to use Microsoft's WDS to do PXE boots.
But it's taking literally 20 minutes to download the 167MB boot file.

HOST: Windows XP or Vista / Vmware 6.0
Guests: Windows 2003 / Vista and "pxe boot client / no operating system"

Fix:
Close VMware before making changes to the .vmx file.
Setting ethernet0.virtualDev = "vlance" in the .vmx file will switch to the AMD PCnet 32 from the e1000

Vista Updates

Windows Vista suffers from several issues with ReadyBoost, copying/moving large files, resuming from sleep/hibernate and Blu-ray playback on numerous systems.

Microsoft solved a number of these problems through 938979 Vista Performance and Reliability Pack and 938194 Vista Compatibility and Reliability Pack.

Groupwise Web mail client and Vista

Special Notice For Windows Vista Users

Please note if you are accessing GroupWise WebAccess from Internet Explorer 7 and Windows Vista (in that combination, IE7+Windows XP is OK), you need to disable TLS1.0, otherwise you won't be able to log in.

To do this, open IE7 on Vista, select the "Tools" menu, select "Internet Options", click the "Advanced" tab on the far right, scroll down the options and just up from the bottom DESELECT the option "Use TLS 1.0".