On a Domain Controller you will get Group Policy Management, (by default) listed under administrative tools. But if you have a ‘Management Server‘ of a ‘Jump Box‘, that you want to install the tool onto, (without making it a domain controller!) Then do the following;
Option 1: Install GPMC with Powershell
This is the quickest and simplest option! Open a PowerShell Windows and execute the following command;
[box]
Install-WindowsFeature –Name GPMC
[/box]
Note: For older, (Windows Server 2012 and older) servers use the following commands instead.
Moving a machine onto a Windows domain, is a simple task, I’ve done this for a lot of clients. The main complaint (post migration,) is that something is missing. This is because your-account-name on your PC or laptop, and your-account-name in the domain are TWO DIFFERENT ACCOUNTS, (even if they have the same name).
Microsoft have produced some tools help you, but I challenge you to start reading the USMT documentation for more than 15 minutes without losing the will to live.
Below is a list of things people have complained to me about losing post migration;
Desktop wallpaper.
Files & Folders from the desktop.
My Documents.
Internet Favorites.
My Pictures.
Outlook Signatures.
Outlook Mail Accounts.
Word Custom Dictionaries.
Work Autocomplete Settings.
MS Access Macro settings.
So I setup a test Windows 10 machine, with all of the above setup, and used two tools to migrate my local profile into my domain profile.
Solution
Test 1 ForensIT User Profile Wizard
Software is free (there are paid for versions) but I plumbed for the free one, you don’t have to install anything as it runs from an executable, (which is a bonus if you have a lot to do). Its VERY fast, and simple to use.
I’ve joined my target machine to the new domain and logged on once as the domain user and created a blank profile, then logged back on as the domain admin to carry out the following.
Launch the software > Next > Select the profile you want to copy from.
Select your domain name > Enter the logon name for the ‘DOMAIN USER’ you want to copy the profile to > Next > Next.
Verdict: Of the two, this ones quicker, more intuitive and free.
Test 2 USMT GUI 10
This is a graphical wrapper that sits on-top of the Microsoft USMT tools, I donated $10.00 for the cheapest version, and repeated the tests above.
First you have to take a backup of the local profile(s).
I’m just choosing one (Pete) > RUN > My profile was 177Mb and it took about 5 minutes.
Now resort the profile back to your domain profile, as you can see that’s a little more complicated, but not that difficult > RUN.
At this point it ran thought and gave me an error, even though it did migrate the profile successfully.
Verdict: Well it does the job, it’s probably a lot more versatile than the first tool, but nowhere near as intuitive, and it costs $10. I know that’s cheap, and the dev deserves to be paid for their hard work, but I prefer the free one.
Related Articles, References, Credits, or External Links
In Part 1 we looked at setting up your connection server. To actually deliver a virtual desktop you need to a) have a desktop built, and b) have the VMware View ‘agent’ installed on it.
In addition there are various changes you need to make, both to streamline the virtual machine, and make it more efficient for VMware View.
Note: If you are doing manual assignment of desktops to users, then this is not as important, but if you are going to deploy linked clone desktops this is VERY important. Either way its still good practice to ‘prep’ desktops first.
Solution
1. Build the desktop you intend to deliver via View (In this example I’m using Windows 7 Pro x32 bit).
Licencing Note: For manual desktop assignments you can use MAK license keys, but for larger deployments using VMware composer and linked clones, use Microsoft’s KMS server to service your licensing needs.
2. Run a full Windows update, allow the machine to reboot, then keep running Windows update until it says that it is up to date.
3. Then install the VMware tools.
4. Install any software and applications you require.
5. Download these scripts to auto configure your clients.
Note: There are two scripts, one called PrepClient.bat and the other called PrepClientPM.bat (Only use the latter if you are going to deploy persona management). I originally got these scripts from VMware, and have made a subtle change to them, they are 99% NOT my work!
Make sure you execute the scripts from a command window “As Administrator”, (right click the cmd shortcut while holding down Shift). You will need to do this even if you are logged in as the administrator.
What this script is doing?
a. Sets screen saver to “Blank Screen”, enable after one minute, and password protects it. b. Empties the internet cache. c. Turns off RSS Feeds in Internet Explorer. d. Disables Microsoft Action center. e. Stops the “Welcome to Internet Explorer” Dialogue for new users. f. Disables “Superfetch”. g. Disables Windows update (Note: If you are not using linked clones you might want to remove this line);
h. Disables System Restore, and removes access to the restore options. i. Sets the application log size to 10MB and allows it to overwrite events as needed. j. Sets the system log size to 10MB and allows it to overwrite events as needed. k. Sets the security log size to 10MB and allows it to overwrite events as needed. l. Disables the Network Location Wizard. m. Disables Crash Dump Logging. n. Deleted files are instantly deleted, they do not go to the recycle bin (Stops the recycler file filling up with junk), to stop this remove this line.
o. Enables Remote Desktop (RDP Connections) from all clients (the less secure option) p. Disables Windows User Access control. q. Disables Windows SideShow. r. Disables the following services.
Bitlocker Drive Encryption Service ‘BDESVC’ Block Level Backup Engine Service ‘wbengine’ Diagnostic Policy Service ‘DPS’ Desktop Window Manager Session Manager Service ‘UxSms’ Disk Defragmenter Service ‘Defragsvc’ Home Group Listener Service ‘HomeGroupListener’ Home Group Service ‘HomeGroupProvider’ IP Helper Service ‘iphlpsvc’ Microsoft iSCSI Initiator Service ‘MSiSCSI’ Microsoft Software Shadow Copy Provider ‘swprv’ Client side Caching Service ‘CscService’ Secure Socket Tunnelling Protocol Service ‘SstpSvc’ Windows Security Center Service ‘wscsvc’ Simple Service Discovery Protocol Service ‘SSDPSRV’ ReadyBoost Service ‘SysMain’ Tablet Input Service ‘TabletInputService’ Themes Service ‘Themes’ Universal Plug and Play Service ‘upnphost’ Volume Snapshot Service ‘VSS’ (Note: NOT Disabled if using the Persona Management Batch File) Windows Backup Service ‘SDRSVC’ Windows Defender Service ‘WinDefend’ Windows Error Reporting Service ‘WerSvc’ Windows Firewall Service ‘MpsSvc’ Windows Media Center Receiver Service ‘ehRecvr’ Windows Media Center Scheduler Service ‘ehSched’ Windows Search Service ‘WSearch’ Windows Update Service wuauserv’ Wireless LAN Service ‘Wlansvc’ Wireless Auto config Service ‘WwanSvc’
s. Sets Windows to show “Blank Screen” when booting instead of the Windows animation. “bcdedit /set BOOTUX disabled”. t Remove all Shadow Copies, “vssadmin delete shadows /All /Quiet” (Note: NOTDisabled if using the Persona Management batch file). u. Disables Hibernation “powercfg -H OFF”. v. Disables the “Last accessed” timestamp for windows files “fsutil behavior set DisableLastAccess 1”. w. Stops scheduled Windows Defragmentation (Note: In Linked clone environments this would expand all the delta disks and is a common ‘gotcha’). x. Stops the registry backup which happens every 10 days. y. Stops the scheduled Windows Defender tasks. z. Stops the Windows System Assessment Tools (this gives your PC its ‘performance rating’ from 1 to 5).
Another Option to Prepare Windows 7 for View
You can also (If you prefer a graphical tool) use Desktop Optimizer from Quest. (Note: Also needs to be ran as administrator or you will get runtime errors!)
6. Then Install the VMware View Agent.
7. Then make sure any floppy drives, and CD/DVD drives are also disconnected.
8. If the virtual machine is going to be in a manual pool leave it powered on. If it’s going to be part of an automated pool, you can snapshot it.
Related Articles, References, Credits, or External Links
You have a 2008 R2 Server to sysprep, but your not sure where sysprep is.
Solution
1. Thankfully in Server 2008 R2, there’s no messing about, its in c:windowssystem32sysprep. (Note: to regenerate a SID don’t forget to tick “Generalize”).
Server 2008 – It’s in the same place.
Server 2003 – As with Windows XP, you need to get it from the Windows install CD, its in the supporttoolsdeploy.cab.
Once the files are extracted you can run sysprep (Note: setupmgr.exe is used to create the unattended / answer files for sysprep.)
Related Articles, References, Credits, or External Links
As you may already be aware Exchange 2007 on a x32 bit machine is NOT supported in a production environment, however there is one exception, x32 bit Exchange 2007 IS supported for management only.
Note: There is NO x32 bit support, (or media) for Exchange 2010 (and newer).
Solution
You can install these tools on XP, 2003, Vista or Windows 7. For this Example I’ll use XP
Pre-Requisites
1. Install IIS: Start > run > appwiz.cpl > add remove Windows Components > Internet Information Services(IIS) > Next.