Active Directory, Windows Server and any other on-premises topics
Katy Nicholson, 2 January, 2022
MSIX packages need to be signed for them to be any use. You can get a code signing certificate from various certificate vendors, but if your package is only going to be used on company-managed devices you could use your Active Directory Certification Authority instead. The pre-requisites for this are that you already have AD CA set up, and your CA root certificate is present as a trusted root certificate on all the devices you want to use your MSIX packages on.
Katy Nicholson, 23 January, 2021
Last year I replaced a 3 node VMWare+SAN cluster with a 2 node hyperconverged Hyper-V cluster. I've been quite impressed with it so far so thought I'd write how I did it - especially considering I did the bulk of the work through Windows Admin Centre.
Katy Nicholson, 16 January, 2021
If you're installing something that won't let you browse for certificates and instead asks for a thumbprint - e.g. Windows Admin Centre - you can get this using either the management console or PowerShell.
Katy Nicholson, 16 January, 2021
Windows Admin Centre is a web based server (and desktop) administration package which, eventually, should replace the majority of the work currently done through MMC consoles and snap-ins. If you've ever opened Server Manager on a Windows 2019 machine you'll have seen the popup telling you to "Go get Windows Admin Centre!". Whilst it's not there yet, it is constantly being updated and improved and I find it really useful. It's a lot more than just managing a couple of systems - when I set up our hyperconverged Hyper-V cluster I primarily did this from within WAC (post to follow on this if I get chance to write it up) - and it integrates nicely with a lot of Azure services (including any Azure VMs you might have)
Katy Nicholson, 19 October, 2020
I've recently replaced my servers with some nice HPE ProLiants with iLO 4 Advanced. One of the first steps I wanted to get sorted was replacing the self-signed SSL certificates so I don't have to sit through the warning messages every time I open the web interface. I've already got an Active Directory Certification Authority set up so thought I'd use that, given that the root CA certificate is already installed and trusted on all devices.
Katy Nicholson, 7 September, 2020
A while ago we accidentally deleted a leaving staff member's account instead of disabling it - and pure bad luck means this particular member of staff came back a week later to cover a staff illness. Not wanting to have to re-create the account I discovered that the Active Directory Recycle Bin had not been enabled in the forest - oh no! Luckily we can still get the account back. Objects deleted in AD are tombstoned for 180 days (by default).
Katy Nicholson, 20 August, 2020
The standard method to configure hybrid domain join is to open up Azure AD Connector and follow the wizard. However this isn't suitable for every environment - for a start it needs to write forest-level configuration data, create a Service Connection Point (SCP), and if you want to link multiple tenancies to a single AD forest you're in for a hard time. Luckily we can hybrid join with some registry settings on the client devices, and don't need to set up the forest level SCP. Here's how I've managed it on my network.
Katy Nicholson, 15 August, 2020
A few years ago when UEFI became much more common on new PCs I wanted to use the UEFI network boot, rather than the old style PXE boot, for imaging machines. This worked fine for computers sat on the same subnet and VLAN as the server, but getting this to work when the client device is in a different subnet took a bit of work.
Katy Nicholson, 15 August, 2020
A couple of years ago I wrote about the pain of getting Wake on LAN to work on HP switches. While this got some of my machines to work, there was still quite a large proportion (about 60%) that weren't playing ball. I've finally had a bit of time to look into this, so here's everything I've gone through to get a lot more of the PCs powering up on command. Of course there will always be some PCs which just refuse to work (we have some Gigabyte H81M based machines where they just don't Wake on LAN - whatever you do the LAN link drops when the power is turned off), and some older H61M based machines that are a bit hit and miss.
Katy Nicholson, 7 August, 2020
A couple of years ago we replaced our copier fleet and moved to PaperCut MF, with a single print queue for the entire site and users had to go to their nearest copier and enter their code to release their printing. Almost perfect setup but people struggle to remember 5 digit codes, so I had a look at using their existing student/staff ID cards instead. We already sync Active Directory to PaperCut so the ideal solution would be storing the RFID codes in Active Directory, and using that data as the user's login code in PaperCut.
Katy Nicholson, 4 August, 2020
Over the last 15 years I've tried pretty much every method of adding printers at logon there is - KIXTART script, VBS, Group Policy Preferences and Powershell. As part of speeding up logon, and investigating a weird issue with Windows 10 printers, I moved away from GPP and to Powershell shortly after we upgraded from Windows 8.1 to Windows 10. The issue being - roughly 5% of the time, on random user/computer combinations, printers would take a long time adding and then fail to add, with a non-specific error message. My first go at this was a basic powershell script which had a hard coded list of location/printer mapping, and it would run the "add printer" command repeatedly until the error went away. (It always added fine on the 2nd go). The problem with this is that it's a complicated script for technicians to update, and being a single threaded script the nice form it displays showing people what's happening would freeze while it was working in the background. My new script does the bulk of the work in background jobs - so printers add quicker (as it can do more than one at once), and the UI doesn't lock up and freeze. More importantly, it uses Group Policy Preferences by reading the XML file generated and applies that - so technicians have the familiar interface for adding/removing printers from the script.
Katy Nicholson, 13 September, 2018
We've recently switched from Ringdale FollowMe to PaperCut MF and I wanted to bring over our classroom queues. Unfortunately the supplier said this couldn't be done, so I did some experimenting and worked out how myself. The idea behind the classroom queue is that a second printer is listed on each PC in the room, so for room 10 the PCs would all show the "PaperCut" printer and also "Room 10". Print to PaperCut and you use your personal code to release, print to Room 10 and you use the room code. This way a class of 24 pupils can all print their work to the Room 10 queue, then the teacher (or a single pupil) can go and release all 24 documents in one go. Loads quicker than a queue forming at the device. To do this I did the following:
Katy Nicholson, 10 June, 2018
As part of setting up Config Mgr I wanted to get all PCs to wake-on-LAN to enable truly zero touch deployment. I'm using mostly HP v1910/1920 edge switches with a HP 5406zl core switch. To send WoL packets while testing I'm using a tool from http://magicpacket.free.fr/ (once all set up Config Mgr will be doing the wake on LAN packets).