Category: Essentials Server

Redirecting default OU for users and computers

Published on in Essentials Server, Windows SBS Server, Windows Server by Elvis

As you probably know, by default, newly created user or computer is placed in default OUs Computers or Users. It is not a good practice to leave them there, because we are not able to apply GPO to these OUs and in many cases, we need more OUs. The good example why to create more OUs is that we need different policy for notebooks, desktops and servers.
There is also a good practice to change default containers for users and computers to one of these newly created OUs.
It is very simple to redirect them. You have to execute two commands from Administrative command prompt:

  • For users: redirusr ou=MyDefaultUserOU,dc=domain,dc=local
  • For computers: redircmp ou=MyDefaultComputerOU,dc=domain,dc=local

If you want your environment to be even more secure, just put this default OUs in OUs that have the most restricted GPOs applied. In this way, you will limit the access to your environment..

Problems installing Windows Server 2012R2 on HP DL380e

Published on in Essentials Server, Windows Server by Elvis

I received a HP DL380e Gen8 in my office to install the Windows Server 2012R2 operating system. Unfortunately, the operation was not as easy as I expected. There is no way to correctly install OS without receiving blue screen. The problem is the driver for the RAID controller B320i. At the moment, when you inject that driver, you receive a blue screen.
Here are the steps how to solve the problem:

  1. Download SPP DVD from http://h18013.www1.hp.com/products/servers/service_packs/en/index.html .
  2. Update the firmware using SPP DVD:
    1. Boot the server from HP Service Pack (from DVD/using iLO Virtual media).
    2. At the Boot menu, select Interactive Mode (Automatic is default).
    3. Please wait while HP Service Pack loads on your Server.
    4. Select the Language from below provided screen.
    5. Accept HP End User License Agreement (EULA) and click Next.
    6. Click Launch HP SUM.
    7. HP Smart Update Manager will open and start building Inventory of Available Updates.
    8. HP SUM will Check Installed Firmware of your Server.
    9. Now you are at Select Bundle Filter window.
    10. You need to select HP Service Pack.
    11. Once you select HP Service Pack, click OK.
    12. Once you choose the firmware update, click on Install button.
    13. HP Smart Update Manager will install the selected Firmware updates on your Server.
  3. Once the Firmware is updated  then try to install the OS 2012 R2:
    1. Download HP supplement pack available for Windows 2012 R2 at ftp://ftp.hp.com/pub/softlib2/software1/supportpack-generic/p1235385378/v89111 
    2. Unpack the downloaded file to desired media.
    3. Locate the cp020926.exe and extract it to an USB drive. (this is a functional RAID driver)
    4. Install OS directly from OS media  and for B120i/B320i controller use cp020926.exe.

This way the operating system installation will be successful.
Many thanks to HP global support for helping me solve this issue. They also promised me that in the next release of HP intelligent provisioning firmware 2012 R2 drivers will be included.
 it form here..

My top 10 in new Essentials server

Published on in Essentials Server, Office 365, Virtualization, Windows Server by Elvis

What is new, cool and bad in Windows Server 2012R2 Essentials? I have my personal top 10 opinion. I don’t want to write only good thinks, because the administrator must know also the dark side of a product. Here is my list:

  1. Virtualization rights – Server 2012R2 Essentials license include virtualization rights that are different form normal, standard product. These rights include the virtualization 1 + 1. To be more specific, you don’t need to buy an additional license for the host server (if you want to have GUI), but you have to buy it for any additional VM. This will be useful for providing DR scenario in small companies with Hyper-V replica (for example to do it in our datacenter).
  2. AD Groups – Finally! Microsoft realizes, that user-by-user permissions are not a good approach even in small environments (especially in version 2012, where you were able to translate product to the standard version…). Now we can create groups directly in Dashboard and we can assign permissions to groups and add users to them. It’s fine. Like in the good, old SBS.AD Groups
  3. Essentials role in standard server – Microsoft adds Essentials role to standard products in the way, that if you buy Windows Server 2012R2 Standard or Datacenter edition, you will be able to install the Essentials role. This role will give an opportunity to use Dashboard, Remote Web Workplace and other Essentials functionality. You will be able to use one or more Essentials functionalities, but in some cases, you will be limited with a limit of 100 users (for example in client backups – another good point to limit usage!).Essential role
  4. Client computer backups – Good practice in small companies where you have users, that just use “Save” button and don’t matter where the data is going. This happens in many small companies and no one knows where the data is. In this cases, you have to backup all the environment, including client computers. Very useful functionality.Çlient backup settings
  5. Azure Backup – We talk again about small businesses. In many cases, the server is located under the table, security is something that they don’t think about and their data are exposed to high risk. Azure backup in those cases is a very good functionality to store crucial company data in a secure location. Of course, this is not a replacement for the normal server backup. We still need to backup our server, because Azure backup will not protect you against accidents like hardware failure or similar. In these cases, you will need a local backup to restore the server quickly.
  6. Remote Web Workplace – One of my favorite functionalities in Essentials or old SBS server. I use this functionality a lot, I talk a lot about it, but is still buggy. I mentioned this bug in my blog previously and I reported this bug to Microsoft when SBS 2011 public preview was released. From than the bug is still present, so be careful who will have the Administrator rights in your system. It is not really a good point to preserve private data.
  7. Internal “local” domain – by default is no chance to change FQDN domain from .local to any other domain name. This will be not smart after January 1st, when you will not be able to add local domain to trusted certificates and in many cases this is not a good idea to do it this way. The only way to move away from local domain is installing the Essential role with PowerShell (Break the Essentials wizard and run Start-WssConfigurationService -CompanyName “ContosoTest” -DNSName “ContosoTest.com” -NetBiosName “ContosoTest” -ComputerName “YourServerName” –NewAdminCredential $cred -Setting All from elevated PowerShell).
  8. Windows Phone and Windows 8 App – Both apps are present from version 2012, but I think, that is a nice approach to have easy access to all data on the server. It is also nice for administrators with quick status report for network. Nice thing.Windows Phone App
  9. Health Monitoring and reports – Another thing, that make SBS and Essentials servers popular and easy to manage. Very nice idea to have all events reported on the same screen. In this version is improved with some knowledge results for every error or warning. It is very useful for administrators. The other good functionality of Health monitoring is that it can send E-Mails with health reports and critical errors. One thing I would correct here is the schedule for generating reports; I would like these reports to be generated weekly, not hourly or daily. If you are administrator for more servers, there are too many mails with current configuration.Healt Management
  10. Launchpad – Nice application for not so expert users. I think that is very good to advice all users in small companies to use it, because it has a lot of good shortcuts. The first one is access to all shared folders on server without mapping them. This will solve administrator problems like “I cannot see Y drive”. The second nice thing is the list of errors and warnings; including disk space and update warnings. And the last, but not least, is the backup functionality. Unfortunately it is not so good, because a non administrator user can backup his machine, but he is unable to restore some files. This could be corrected.

I hope, that this list will give you a good opinion about this server. Honestly is not a bed product and it is very useful and easy to manage. It is dedicated to small companies and it is made with this logic. Consider it, test it and use it. You will be satisfied with it!.

Group Policy and WMI filtering for OS

Published on in Essentials Server, Management, Windows Server by Elvis

Many times, we have to apply some GPO only to particular OS, domain controllers or servers. As we know, this is possible with WMI filtering, but it is very difficult to found all parameters to determinate the operating system in one place. This is why I want to write this post.

When you want to use a WMI filter for query OS, you have to use WMI\CimV2 namespace and there are listed some values that you must know:

Operating system version – we can determinate the version of OS with the variable Version:

Windows Server 2012 Version like “6.2%”

Windows Server 2008 R2 Version like “6.1%”

Windows Server 2008 Version like “6.0%”

Windows Server 2003 Version like “5.2%”

Windows 8 Version like “6.2%”

Windows 7 Version like “6.1%”

Windows Vista Version like “6.0%”

Windows XP (Version like “5.1%” or Version like “5.2%”)

As we can see very quickly, some OS have the same number of OS Version, so we have to adopt the second variable ProductType to have a selection:

Client operating systems ProductType=”1″

Domain controllers ProductType=”2″

Servers that are not domain controllers ProductType=”3″

Now, with the combination of those two variables, we can find only the operating system that we need. However, is it a 32 or 64 bit system? Of course, we can sort also this characteristic with another variable – AddressWidth:

32bit systems AddressWidth = “32”

64bit systems AddressWidth = “64”

At the end, to be more clear, I want to write some examples:

All domain controllers in domain:

select * from Win32_OperatingSystem where ProductType = “3”

All 64 bit Windows 8 OS:

select * from Win32_OperatingSystem where Version like “6.2%” and ProductType = “1” and AddressWidth = “64”

All Windows 2012 servers that are non DC’s:

select * from Win32_OperatingSystem where Version like “6.2%” and ProductType = “3”

Of course, we can filter on many more variables than explained. There are many parameters, which are explained on TechNet and in White papers. For example, we can apply policy (e.g. to install some software) only to computers that have more than 1GB of space on HD:

Select * from Win32_LogicalDisk where FreeSpace > 1073741824 (space is in kb).

Windows 8.1 and Windows Server 2012R2 is coming

Published on in Essentials Server, Windows, Windows Server by Elvis

As you can see also on TechNet’s blog, the operating systems Windows 8.1 and Windows Server 2012R2 will became available on October 18. On this date will be also available Windows Server Essentials 2012R2, which is designed for small companies. As in all other OS, also in Essentials there are many upgraded or new functionalities (very nice and very cool). I will publish my top-ten new features in few days.
You can also download the Windows 8.1 product guide here..