Windows RSAT (Remote Server Administration Tools) is a suite of tools from Microsoft that allows IT administrators to remotely manage and administer Windows Servers and other Microsoft services from a Windows client machine. These tools are essential for system administrators to perform various tasks without needing to log directly into the server.
Here is a list of some of the primary tools included in RSAT:
Active Directory Administrative Center (ADAC): A graphical interface for managing Active Directory.
Active Directory Users and Computers (ADUC): A tool to manage users, groups, computers, and organizational units in Active Directory.
Active Directory Sites and Services: Used to manage the configuration of Active Directory sites, subnets, and services.
Active Directory Domains and Trusts: Manages domain trusts and functional levels.
Active Directory Module for Windows PowerShell: Provides a set of cmdlets for administering Active Directory.
DHCP Server Tools: Includes the DHCP Management Console, DHCP Server cmdlets for Windows PowerShell, and the Netsh command-line tool.
DNS Server Tools: Includes the DNS Manager snap-in and the DNS Server cmdlets for Windows PowerShell.
Group Policy Management Tools: Includes the Group Policy Management Console (GPMC) and the Group Policy Object Editor.
Hyper-V Tools: Provides the Hyper-V Manager snap-in and the Hyper-V Module for Windows PowerShell for managing Hyper-V servers.
File Services Tools: Includes the File Server Resource Manager (FSRM) snap-in and command-line tools, and the Distributed File System (DFS) Management snap-in.
Network Policy and Access Services Tools: Includes the Network Policy Server (NPS) console and the Routing and Remote Access Service (RRAS) console.
Remote Desktop Services Tools: Includes the Remote Desktop Licensing Diagnoser Tool, the Remote Desktop Services Manager, and the Remote Desktop Connection Manager.
Server Manager: A tool for managing roles and features on Windows servers.
Windows Server Update Services (WSUS) Tools: Includes the WSUS console and PowerShell cmdlets for managing Windows updates.
Failover Clustering Tools: Includes the Failover Cluster Manager snap-in and PowerShell cmdlets for managing failover clusters.
Storage Explorer Tools: For managing storage area networks (SANs).
IP Address Management (IPAM) Tools: Includes the IPAM client console and PowerShell cmdlets for IP address management.
Best Practices Analyzer (BPA): Tools that help administrators ensure their servers are configured according to best practices.
Below I’m checking to see if the RSAT tool I want (the Group Policy Management Tool) is already installed – as it returned State: Not Present I then installed it
We had the ‘run as’ service way back in Windows 2000, so the concept of running a command window ‘as administrator’ should not be difficult to understand. But the amount of times I tell people ‘You need to run that as administrator’, and they reply ‘I AM an administrator’ is far too high. With PowerShell theres no way of knowing, and with command prompt the differences are subtle.
Solution
There’s a myriad of different ways to launch an administrator command window, here are a few, If I’ve missed any let me know.
Launch Powershell in Administrative Mode
Powershell administrative mode (from Within Powershell)
If you’re already in Powershell you can open an administrative Powershell window, with the following command;
[box]
Start-Process PowerShell -Verb RunAs
[/box]
Powershell Administrative Mode (from Start Menu)
Option 1: From Start/Search > Powershell > Right Click Windows PowerShell > Run as administrator.
Option 2: Start > Right Click Windows PowerShell > Run as administrator.
Option 3: Start > Windows PowerShell > Windows Powershell > Run as Administrator.
Option 4: Right Click Start Menu (or Press Windows+X) > Window Powershell (Admin).
Launch Task Manger > File > Run new task > Powershell > Tick ‘Create this task with administrative privileges’.
Powershell Administrative Mode (from Windows Explorer)
From Windows Explorer > File > Open Windows PowerShell as administrator.
Launch Command Prompt in Administrative Mode
Administrator Command Prompt From Start Menu. (Windows 10 and Server 2016/2019)
From the Start/Search option > Type cmd > Then right click Command Prompt and select ‘Run as administrator’.
Command Prompt (Admin) – Windows 10 (& Server 2016/2019)
Right click the Start Button > Command Prompt (Admin)
Command Prompt (Admin) – Windows 8 (& Server 2012) Quick Links Menu
Press Windows Key+X > Select Command Prompt (Admin)
Administrator Command Prompt From Start Menu. (Windows 8 and Server 2012)
If you have the new Windows 8/2012 Start Menu (that we can’t call Metro any more) then type ‘command’ in the search window, then either right click and select ‘Run as administrator’, or press Ctrl+Shift+Enter to launch.
If you have the traditional start menu enabled or are running Windows 7/Vista, you can type command in the search/run box, then
Create An Always Run As Administrator Command Prompt Shortcut
1. Right click and empty area of your desktop > New > Shortcut.
2. Set the location to ‘cmd’ > Next > Call it Admin Command > Finish.
3. Right click your new shortcut > Properties.
4. Shortcut > Advanced > Run as administrator > Apply > OK.
Launch Admin Command Prompt from Task Manager.
Launch Task Manager (Ctrl+Shift+Esc) > File > Run new task > cmd > Tick ‘Create this task with administrative privileges’.
Launch Command Prompt ‘As Administrator’ From Command/Run.
I’m not a fan of this, in fact I only include it here for completeness, you can call a command windows and run it as administrator from command (or the run box (Windows Key+R). The reason I don’t like this is, you need to enter the machines local administrators password for it to work.
[box]
runas /user:%computername%administrator cmd
[/box]
If theres any I’ve missed feel free to drop me an email, and I will update the article.
Related Articles, References, Credits, or External Links
Given the amount of deployments I do, it’s surprising that I don’t use KMS more often. Like most technical types, I find a way that works for me, and that’s the way I do things from then on. However these last few weeks I’ve been putting in a new infrastructure for a local secondary school. Their internet access is through a proxy server, that refuses to let Windows activation work. Unfortunately the “Administrators” of this proxy server were not disposed to give me any help, or let me anywhere near it, to fix it.
So after activating a dozen servers over the phone, I decided enough was enough “I’m putting in a KMS Server!”
I’m deploying KMS on Windows Server 2008 R2, and it is for the licensing and activation of Serer 2008 R2 and Windows 7. I will also add in the licensing KMS mechanism for Office 2010 as well.
Note: If you are using Server 2003 it will need SP1 (at least) and this update.
Solution
To be honest it’s more difficult to find out how to deploy a KMS server, than it actually is to do. I’ve gone into a fair bit of detail below but most of you will simply need to follow steps 1-4 (immediately below). In addition, after that I’ve outlined how to deploy KMS from command line. Then how to test it, and finally how to add Microsoft Office 2010 Licenses to the KMS Server.
Install Microsoft Windows 2008 R2 Key Management Service (EASY)
1. The most difficult part is locating your KMS Key! If you have a Microsoft License agreement, log into the the Microsoft Volume License Service Center, and retrieve the KMS License Key for “Windows Server 2008 Std/Ent KMS B”
Note: To License/Activate Server 2008 R2 AND Windows 7 THIS IS THE ONLY KEY YOU NEED. You do NOT need to add additional keys for Windows 7. (You DO for Office 2010, but I’ll cover that below).
2. Armed with your new key, you simply need to change the product key on the server that will be the KMS server, to the new key. Start > Right Click “Computer” > Properties. (Or Control Panel > System). Select “Change Product Key” > Enter the new KMS Key > Next.
3. You will receive a warning that you are using a KMS Key > OK. You may now need to activate your copy of Windows with Microsoft, this is done as normal, if you can’t get it to work over the internet you can choose to do it over the phone.
4. In a corporate environment (behind an edge firewall) you may have the local firewall disabled on the server. If you do NOT then you need to allow access through the local firewall for the “Key Management Service”, (this runs over TCP port 1688). To allow the service, Start > Firewall.cpl {enter} > Allow program or feature through Windows Firewall” > Tick Key Management Service > OK.
Note: Should you wish the change the port the service uses, you can do so with the following command, i.e. to change it to TCP Port 1024;
[box]
cscript c:\Windows\System32\slmgr.vbs /SPrt 1024
[/box]
That’s It! That is all you should need to do, your KMS Server is up and running.
Install Microsoft Windows 2008 R2 Key Management Service from Command Line
You will notice below that I’m running these commands from command windows running as administrator (Right click “Command Prompt” > Run as administrator).
Note: To License/Activate Server 2008 R2 AND Windows 7 THIS IS THE ONLY KEY YOU NEED. You do NOT need to add additional keys for Windows 7. (You DO for Office 2010, but I’ll cover that below).
2. Providing the command runs without error, we have just changed the product key for this Windows server to be the KMS key.
3. Now we need to activate the Windows Server > Run the following command;
[box]
c:\Windows\System32\slui.exe
[/box]
Select “Activate Windows online now” > Follow the on screen prompts.
4. When complete, it should tell you that it was successfully activated.
5. In a corporate environment (behind an edge firewall) you may have the local firewall disabled on the server. If you do NOT then you need to allow access through the local firewall for the “Key Management Service”, (this runs over TCP port 1688). To allow the service, Start > Firewall.cpl {enter} > Allow program or feature through Windows Firewall” > Tick Key Management Service > OK.
Note: Should you wish the change the port the service uses, you can do so with the following command, i.e. to change it to TCP Port 1024;
[box]
cscript c:\Windows\System32\slmgr.vbs /SPrt 1024
[/box]
That’s It! That is all you should need to do, your KMS Server is up and running.
Testing the Key Management Server
Before it will start doing what you want it to, you need to meet certain thresholds, with Windows 7 clients it WONT work till it has had 25 requests from client machines. If you are making the requests from Windows 2008 Servers then the count is 5. (Note: For Office 2010 the count is 5 NOT 25)
Interestingly: On my test network I activated five Windows 7 machines, then one server, and it started working.
Windows 7 and Windows 2008 R2 have KMS Keys BUILT INTO THEM, if you are deploying/imaging machines you should not need to enter a key into them (unless you have entered a MAK key on these machines then you will need to change it to a client KMS Key). These are publicly available (see here).
1. The service works because it puts an SRV record in your DNS, when clients want to activate, they simply look for this record before they try and activate with Microsoft, if they find the record, they activate from your KMS Server instead. If you look on your domain DNS servers, expand “Forward Lookup Zones” > {your domain name} > _tcp > You will see an entry for _VLMCS that points to your KMS Server.
2. From your client machines you can test that they can see the SRV record, by running the following command;
[box]
nslookup -type=srv _vlmcs._tcp
[/box]
Note: If this fails, can your client see the DNS server? And is it in the domain?
3. There is no GUI console for KMS to see its status, so run the following command on the KMS server;
[box]
cscript c:\Windows\System32\slmgr.vbs /dli
[/box]
4. As I’ve mentioned above, with Windows clients you need 25, and Windows Servers you will need 5 requests before KMS will work, before this you will see;
Windows Activation
A problem occurred when Windows tried to activate. Error Code 0xC004F038
5. For each of these failures, look-in the KMS Server, and the “Current count” will increment by 1 till it starts to work). In a live environment this wont be a problem, (You probably wont be looking at KMS with less than 25 clients!). On a test network just clone/deploy a load of machines until you hit the threshold.
Troubleshooting KMS Clients
To make things simple the command to execute on the clients, is the same command that you run on the KMS server to check the status.
[box]
cd c:\windows\system32
slmgr /dli
[/box]
For further troubleshooting, see the following links.
In addition to servers and clients, KMS can activate and handle Office 2010 licenses as well. You simply need to add in Office support, and your Office 2010 KMS key. As mentioned above, unlike Windows clients, you only need five requests to the KMS server before it will start activating Office 2010 normally.
1. First locate your Office 2010 KMS Key! If you have a Microsoft License agreement, log into the the Microsoft Volume License Service Center, and retrieve the KMS License Key for “Office 2010 Suites and Apps KMS”
Note: As with Windows 7, and Server 2008 R2, Office 2010 comes with a KMS key already installed, if you have changed the key to a MAK key you can change it back using the Microsoft public KMS keys (see here).
Failed extract of third-party root list from auto update cab at: <Microsoft URL>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
There’s a lot of info on this error out there in forums, and 99% of it had nothing to do with my problem.
Its basically a certificate error, to get to the bottom if it you need to dig a bit deeper.
Solution
If you have been hunting for a fix, and got here, you may of already tried some or all of these which DID NOT WORK, downloading and installing the certs from the link in the error,or deleting all your expired root certs.
1. First you need to get some detailed logging on what’s failing, Click Start > Control Panel > Administrative tools > Event Viewer > Expand Applications and Services > Microsoft > Windows > CAPI2 > Right click “Operations” > Select “Enable Log” >Then reboot.
2. Return to the same place in Event Viewer > And open the errors listed there, as you can see “In My Case” the problem is McAfee, after I removed McAfee and installed the latest version (8.7i with patch 3 at time of writing), the error ceased.
Note: Your problem may not be McAfee, but at least you now have a better idea of what it is 🙂
Related Articles, References, Credits, or External Links
In Part 1 we looked at setting up your connection server. To actually deliver a virtual desktop you need to a) have a desktop built, and b) have the VMware View ‘agent’ installed on it.
In addition there are various changes you need to make, both to streamline the virtual machine, and make it more efficient for VMware View.
Note: If you are doing manual assignment of desktops to users, then this is not as important, but if you are going to deploy linked clone desktops this is VERY important. Either way its still good practice to ‘prep’ desktops first.
Solution
1. Build the desktop you intend to deliver via View (In this example I’m using Windows 7 Pro x32 bit).
Licencing Note: For manual desktop assignments you can use MAK license keys, but for larger deployments using VMware composer and linked clones, use Microsoft’s KMS server to service your licensing needs.
2. Run a full Windows update, allow the machine to reboot, then keep running Windows update until it says that it is up to date.
3. Then install the VMware tools.
4. Install any software and applications you require.
5. Download these scripts to auto configure your clients.
Note: There are two scripts, one called PrepClient.bat and the other called PrepClientPM.bat (Only use the latter if you are going to deploy persona management). I originally got these scripts from VMware, and have made a subtle change to them, they are 99% NOT my work!
Make sure you execute the scripts from a command window “As Administrator”, (right click the cmd shortcut while holding down Shift). You will need to do this even if you are logged in as the administrator.
What this script is doing?
a. Sets screen saver to “Blank Screen”, enable after one minute, and password protects it. b. Empties the internet cache. c. Turns off RSS Feeds in Internet Explorer. d. Disables Microsoft Action center. e. Stops the “Welcome to Internet Explorer” Dialogue for new users. f. Disables “Superfetch”. g. Disables Windows update (Note: If you are not using linked clones you might want to remove this line);
h. Disables System Restore, and removes access to the restore options. i. Sets the application log size to 10MB and allows it to overwrite events as needed. j. Sets the system log size to 10MB and allows it to overwrite events as needed. k. Sets the security log size to 10MB and allows it to overwrite events as needed. l. Disables the Network Location Wizard. m. Disables Crash Dump Logging. n. Deleted files are instantly deleted, they do not go to the recycle bin (Stops the recycler file filling up with junk), to stop this remove this line.
o. Enables Remote Desktop (RDP Connections) from all clients (the less secure option) p. Disables Windows User Access control. q. Disables Windows SideShow. r. Disables the following services.
Bitlocker Drive Encryption Service ‘BDESVC’ Block Level Backup Engine Service ‘wbengine’ Diagnostic Policy Service ‘DPS’ Desktop Window Manager Session Manager Service ‘UxSms’ Disk Defragmenter Service ‘Defragsvc’ Home Group Listener Service ‘HomeGroupListener’ Home Group Service ‘HomeGroupProvider’ IP Helper Service ‘iphlpsvc’ Microsoft iSCSI Initiator Service ‘MSiSCSI’ Microsoft Software Shadow Copy Provider ‘swprv’ Client side Caching Service ‘CscService’ Secure Socket Tunnelling Protocol Service ‘SstpSvc’ Windows Security Center Service ‘wscsvc’ Simple Service Discovery Protocol Service ‘SSDPSRV’ ReadyBoost Service ‘SysMain’ Tablet Input Service ‘TabletInputService’ Themes Service ‘Themes’ Universal Plug and Play Service ‘upnphost’ Volume Snapshot Service ‘VSS’ (Note: NOT Disabled if using the Persona Management Batch File) Windows Backup Service ‘SDRSVC’ Windows Defender Service ‘WinDefend’ Windows Error Reporting Service ‘WerSvc’ Windows Firewall Service ‘MpsSvc’ Windows Media Center Receiver Service ‘ehRecvr’ Windows Media Center Scheduler Service ‘ehSched’ Windows Search Service ‘WSearch’ Windows Update Service wuauserv’ Wireless LAN Service ‘Wlansvc’ Wireless Auto config Service ‘WwanSvc’
s. Sets Windows to show “Blank Screen” when booting instead of the Windows animation. “bcdedit /set BOOTUX disabled”. t Remove all Shadow Copies, “vssadmin delete shadows /All /Quiet” (Note: NOTDisabled if using the Persona Management batch file). u. Disables Hibernation “powercfg -H OFF”. v. Disables the “Last accessed” timestamp for windows files “fsutil behavior set DisableLastAccess 1”. w. Stops scheduled Windows Defragmentation (Note: In Linked clone environments this would expand all the delta disks and is a common ‘gotcha’). x. Stops the registry backup which happens every 10 days. y. Stops the scheduled Windows Defender tasks. z. Stops the Windows System Assessment Tools (this gives your PC its ‘performance rating’ from 1 to 5).
Another Option to Prepare Windows 7 for View
You can also (If you prefer a graphical tool) use Desktop Optimizer from Quest. (Note: Also needs to be ran as administrator or you will get runtime errors!)
6. Then Install the VMware View Agent.
7. Then make sure any floppy drives, and CD/DVD drives are also disconnected.
8. If the virtual machine is going to be in a manual pool leave it powered on. If it’s going to be part of an automated pool, you can snapshot it.
Related Articles, References, Credits, or External Links
It’s been a while since I wrote Part 4, so it’s time to wrap this up. Now we have Composer installed on the Virtual Center, we can start to deploy our linked clone desktops.
Solution
VMware View – Prepare your Source Machine
1. I’ve already covered how to prepare your Windows 7 client machine to be a View client here. Once that’s done, release its IP address (ipconfig /release) and shut it down.
2. With your source machine shut down, take a snapshot of the machine.
VMware View – Create an Automated Linked Clone Pool
3. Log into your VMware View Administrator console > Inventory > Pools > Add.
4. Automated > Next.
5. Dedicated > Next (unless you want a floating user assignment, the description of each is on this page).
6. View Composer linked clones > Next (ensure your vCenter is listed, and has “Yes” in the View Composer section).
7. Give the pool an ID, name, and description. (Note: If you use folders for your VM’s, you can also select those here).
8. I tend to stick with the defaults, except I let the users reset their desktops > Next.
9. I’m not redirecting any disposable files or profiles > Next.
10. Expand Security > Logins > Create a new login.
11. For the default Image, browse to your source machine, then select the snapshot. Set the Folder, Host/Cluster, and Resource pool as applicable. Then browse for a datastore.
12. Here I’ve selected to store my disks on different datastores. If you can, put your replica disk on the FASTEST storage, as this gets the most “Read” traffic > OK > Next.
13. The domain should auto populate > Pick an OU to place the new machines into, then select either to use quickprep (the VMware one), or Sysprep (the Microsoft one). > Next.
Note: You can also use a customization specification (yes Americans are worse at spelling than me!), you set these up in the VI client on the home screen under ‘Customization Specifications Manager’.
14. Review the information > Finish.
15. Now you have you pool, you need to allow your users to connect to it, with it selected press ‘Entitlements’.
16. Add in the users and/or groups you want to grant access to > OK.
17. It can take a while for the replica to be created then all the linked clones to become ‘Available’ watch progress under ‘Inventory > Desktops’.
18. When available you should be able to connect to them using the VMware View Client.
19. And finally get your new Windows 7 linked clone desktop.
Related Articles, References, Credits, or External Links
My Windows 7 Media Center can’t stream to my PS3, but the Windows Media Player that’s built into the same PC can, (well it should be able to!) However when I tried, this is what the Playstation told me.
Media Server Error:
A DNLA protocol error (2104) has occurred.
Solution
Note: Your local firewall on the Windows 7 machine can also cause this problem. I have a decent firewall at home, so I disabled the local firewall on the Media Center, (Start > Run > firewall.cpl).
1. On your Windows 7 Machine open Windows Explorer (Windows Key+E) > Select Homegroup > View homegroup settings.
2. Make sure you’re set to location type Home, if not change it (mine was set to public!).
3. Now “choose what you want to share…”.
4. Select as appropriate > Next.
5. Choose Media Streaming options.
6. Allow All, (or if you know the MAC address of the Playstation it will be listed as “Unknown Device” and, (if you can see it on the list), you can add that in on it’s own, and allow).
7. Accept the warning.
8. If you allowed all, this is what you should see.
9. Finally open the services (Start > Windows key+R > services.msc {enter}) and ensure that the “Windows Media Player Network Sharing Service” Service is started > Set to Automatic > and set to logon as either the Network Service, or the Local System.
Related Articles, References, Credits, or External Links