Microsoft have provided several documents detailing the usage of the latest group policy settings for a Server 2008r environment, with Windows7. Sadly they havent released a list of 'new' group policy settings for windows 7. I've been able to identify around 200, which I am listing below;
NOTE: These will only work with a server 2008r2 backend, and Windows 7 desktop. If your looking to roll out windows 7 after upgrading your DCs, these are the group policies you should be looking to apply, in addition to ones you are already using.
AppCompat.admx Turn off Application Telemetry
AppCompat.admx Turn off Problem Steps Recorder
AppCompat.admx Turn off Program Inventory
AppCompat.admx Turn off SwitchBack Compatibility Engine
AutoPlay.admx Turn off Autoplay for non-volume devices
AutoPlay.admx Turn off Autoplay for non-volume devices
Biometrics.admx Allow domain users to log on using biometrics
Biometrics.admx Allow the use of biometrics
Biometrics.admx Allow users to log on using biometrics
Biometrics.admx Timeout for fast user switching events
Bits.admx Do not allow the BITS client to use Windows Branch Cache
Bits.admx Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers
Bits.admx Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers
ControlPanelDisplay.admx Load a specific theme
ControlPanelDisplay.admx Prevent changing mouse pointers
ControlPanelDisplay.admx Prevent changing sounds
Desktop.admx Turn off Aero Shake window minimizing mouse gesture
DeviceInstallation.admx Configure device installation time-out
DeviceInstallation.admx Prevent device metadata retrieval from the Internet
DeviceInstallation.admx Prevent Windows from sending an error report when a device driver requests additional software during installation
DeviceInstallation.admx Specify search order for device driver source locations
DeviceInstallation.admx Time (in seconds) to force reboot when required for policy changes to take effect
DeviceRedirection.admx Prevent redirection of devices that match any of these device Ids
DeviceRedirection.admx Prevent redirection of USB devices
EnhancedStorage.admx Allow Enhanced Storage certificate provisioning
EnhancedStorage.admx Allow only USB root hub connected Enhanced Storage devices
EnhancedStorage.admx Configure list of Enhanced Storage devices usable on your computer
EnhancedStorage.admx Configure list of IEEE 1667 silos usable on your computer
EnhancedStorage.admx Do not allow non-Enhanced Storage removable devices
EnhancedStorage.admx Do not allow password authentication of Enhanced Storage devices
EnhancedStorage.admx Lock Enhanced Storage when the computer is locked
Explorer.admx Set a support web page link
Explorer.admx Turn off Data Execution Prevention for Explorer
fthsvc.admx Configure Scenario Execution Level
Help.admx Turn off Data Execution Prevention for HTML Help Executible
kdc.admx Use forest search order
kerberos.admx Require strict target SPN match on remote procedure calls
kerberos.admx Use forest search order
LanmanServer.admx Hash Publication for BranchCache
Logon.admx Always use custom logon background
MSDT.admx Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with Support Provider
NCSI.admx Corporate DNS Probe Host Address
NCSI.admx Corporate DNS Probe Host Name
NCSI.admx Corporate Site Prefix List
NCSI.admx Corporate Website Probe URL
NCSI.admx Domain Location Determination URL
NetworkConnections.admx Do not show the "local access only" network icon
NetworkConnections.admx Require domain users to elevate when setting a network's location
NetworkConnections.admx Route all traffic through the internal network
NetworkProjection.admx Network Projector Port Setting
OfflineFiles.admx Configure Background Sync
OfflineFiles.admx Enable Transparent Caching
OfflineFiles.admx Exclude files from being cached
PeerToPeerCaching.admx Configure BranchCache for network files
Power.admx Allow Applications to Prevent Automatic Sleep (On Battery)
Power.admx Allow Applications to Prevent Automatic Sleep (Plugged In)
Power.admx Allow Automatic Sleep with Open Network Files (On Battery)
Power.admx Allow Automatic Sleep with Open Network Files (Plugged In)
Power.admx Reduce Display Brightness (On Battery)
Power.admx Reduce Display Brightness (Plugged In)
Power.admx Reserve Battery Notification Level
Power.admx Specify the Display Dim Brightness (On Battery)
Power.admx Specify the Display Dim Brightness (Plugged In)
Power.admx Specify the Unattended Sleep Timeout (On Battery)
Power.admx Specify the Unattended Sleep Timeout (Plugged In)
Power.admx Turn On Desktop Background Slideshow (On Battery)
Power.admx Turn On Desktop Background Slideshow (Plugged In)
Printing.admx Execute print drivers in isolated processes
Printing.admx Extend Point and Print connection to search Windows Update
Printing.admx Override print driver execution compatibility setting reported by print driver
RacWmiProv.admx Configure Reliability WMI Providers
ReAgent.admx Allow restore of system to default state
RemovableStorage.admx CD and DVD: Deny execute access
RemovableStorage.admx Floppy Drives: Deny execute access
RemovableStorage.admx Removable Disks: Deny execute access
RemovableStorage.admx Tape Drives: Deny execute access
scripts.admx Run Windows PowerShell scripts first at computer startup, shutdown
scripts.admx Run Windows PowerShell scripts first at user logon, logoff
scripts.admx Run Windows PowerShell scripts first at user logon, logoff
sdiageng.admx Configure Security Policy for Scripted Diagnostics
sdiageng.admx Troubleshooting: Allow users to access and run Troubleshooting Wizards
sdiageng.admx Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)
sdiagschd.admx Configure Scheduled Maintenance Behavior
SearchOCR.admx Force TIFF IFilter to perform OCR for every page in a TIFF document
SearchOCR.admx Select OCR languages from a code page
Sensors.admx Turn off location
Sensors.admx Turn off location
Sensors.admx Turn off location scripting
Sensors.admx Turn off location scripting
Sensors.admx Turn off sensors
Sensors.admx Turn off sensors
ShapeCollector.admx Turn off handwriting personalization data sharing
ShapeCollector.admx Turn off handwriting personalization data sharing
Sharing.admx Prevent the computer from joining a homegroup
SmartCard.admx Allow ECC certificates to be used for logon and authentication
SmartCard.admx Notify user of successful smart card driver installation
SmartCard.admx Turn on Smart Card Plug and Play service
StartMenu.admx Add Search Internet link to Start Menu
StartMenu.admx Change Start Menu power button
StartMenu.admx Remove Downloads link from Start Menu
StartMenu.admx Remove Homegroup link from Start Menu
StartMenu.admx Remove Recorded TV link from Start Menu
StartMenu.admx Remove See More Results / Search Everywhere link
StartMenu.admx Remove Videos link from Start Menu
SystemRestore.admx Turn off Configuration
SystemRestore.admx Turn off System Restore
TabletPCInputPanel.admx Disable text prediction
TabletPCInputPanel.admx Disable text prediction
Taskbar.admx Do not allow pinning items in Jump Lists
Taskbar.admx Do not allow pinning programs to the Taskbar
Taskbar.admx Do not display or track items in Jump Lists from remote locations
Taskbar.admx Remove pinned programs from the Taskbar
Taskbar.admx Remove the Action Center icon
Taskbar.admx Turn off automatic promotion of notification icons to the taskbar
Taskbar.admx Turn off feature advertisement balloon notifications
tcpip.admx 6to4 Relay Name
tcpip.admx 6to4 Relay Name Resolution Interval
tcpip.admx 6to4 State
tcpip.admx IP-HTTPS State
tcpip.admx ISATAP Router Name
tcpip.admx ISATAP State
tcpip.admx Teredo Client Port
tcpip.admx Teredo Default Qualified
tcpip.admx Teredo Refresh Rate
tcpip.admx Teredo Server Name
tcpip.admx Teredo State
TerminalServer.admx Limit audio playback quality
TerminalServer.admx Limit maximum display resolution
TerminalServer.admx Limit maximum number of monitors
TerminalServer.admx Optimize visual experience for Remote Desktop Services sessions
TerminalServer.admx Use Remote Desktop Easy Print printer driver first
TerminalServer.admx Use Remote Desktop Easy Print printer driver first
TouchInput.admx Turn off Touch Panning
TouchInput.admx Turn off Touch Panning
UserProfiles.admx Background upload of a roaming user profile's registry file while user is logged on
VolumeEncryption.admx Allow enhanced PINs for startup
VolumeEncryption.admx Choose how BitLocker-protected fixed drives can be recovered
VolumeEncryption.admx Choose how BitLocker-protected operating system drives can be recovered
VolumeEncryption.admx Choose how BitLocker-protected removable drives can be recovered
VolumeEncryption.admx Configure minimum PIN length for startup
VolumeEncryption.admx Configure use of passwords for fixed data drives
VolumeEncryption.admx Configure use of passwords for removable data drives
VolumeEncryption.admx Configure use of smart cards on fixed data drives
VolumeEncryption.admx Configure use of smart cards on removable data drives
VolumeEncryption.admx Control use of BitLocker on removable drives
VolumeEncryption.admx Deny write access to fixed drives not protected by BitLocker
VolumeEncryption.admx Deny write access to removable drives not protected by BitLocker
VolumeEncryption.admx Provide the unique identifiers for your organization
VolumeEncryption.admx Require additional authentication at startup
VolumeEncryption.admx Validate smart card certificate usage rule compliance
WindowsAnytimeUpgrade.admx Prevent Windows Anytime Upgrade from running.
WindowsAnytimeUpgrade.admx Prevent Windows Anytime Upgrade from running.
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow OpenSearch queries in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer
WindowsExplorer.admx Disable Known Folders
WindowsExplorer.admx Pin Internet search sites to the "Search again" links and the Start menu
WindowsExplorer.admx Pin Libraries or Search Connectors to the "Search again" links and the Start menu
WindowsExplorer.admx Remove the Search the Internet "Search again" link
WindowsExplorer.admx Turn off display of recent search entries in the Windows Explorer search box
WindowsExplorer.admx Turn off numerical sorting in Windows Explorer
WindowsExplorer.admx Turn off numerical sorting in Windows Explorer
WindowsExplorer.admx Turn off the display of snippets in Content view mode
WindowsExplorer.admx Turn off Windows Libraries features that rely on indexed file data
WindowsExplorer.admx Verify old and new Folder Redirection targets point to the same share before redirecting
Upgrading a 2008 Domain to 2008r2
This document is presuming current domain level is 2008, with all 2008 Domain Controllers.
Step 1 ? Upgrade the schema
The tools for this are provided on the Server 2008 r2 DVD, in the \support\adprep folder First copy this entire folder onto the C:\ drive of the Forest?s schema master. There are various tools online to locate your infrastructure master (if you don?t know it), but you can easily identify it using AD Users & Computers Console. Just right click on the tree root, select all tasks, and operations masters.
From an elevated command prompt, go into the adprep folder which was previously copied;
Cd c:\adprep
Type in the following command;
Adprep /forestprep
If you plan to implement any read only DCs, also run;
Adprep /rodcprep
Before doing anything else, wait at least 10 minutes. It can take up to 5 minutes for changes to replicate through the forest
Next copy the folder adprep to the infrastructure master, onto the local C:\ drive. Open up an elevated command prompt, and go into the adprep folder;
Cd c:\adprep
Type in the following command;
Adprep /domainprep /gpprep
Keep ad changes to a minimum for at least 10 minutes. The schema is now upgraded to Server 2008 r2, and can support Server 2008 r2 Domain Controllers.
Step 2 ? Upgrade each domain controller
Once the upgraded schema is in place, you can begin to upgrade your DCs.
The most import issue to address is that your DCs cannot be 32 bit. Server 2008r2 is only available in 64 bit. If you do have 32 bit DCs you will need to demote/remove and rebuild them as 64 bit Server 2008r2 DCs.
The good news is that 2008 64bit DCs can be upgraded, without having to be removed from AD. The only thing you must do first is transfer any roles off the DC whilst the upgrade takes place. This is essential, as if the upgrade fails and your server dies, you are safe in the knowledge that AD will still function.
The following article describes which AD tools can be used to identify which server?s are holding roles, and how to move them to other servers;
http://support.microsoft.com/kb/324801
You may currently have certain services running in your environment which point to specific DCs because that DC holds a specific role. As such, I would advise that after upgrading a DC you reinstate the roles onto it which it previously held. This will minimize impact. I?d also suggest doing this out of hours, or during a quiet period, so that AD changes are minimal during the process.
Once you have removed the roles from the first server you want to upgrade, just stick the Server 2008r2 DVD into the drive (or mount the ISO).
Step 3 ? The Install
Firstly, Microsoft suggests running their memory (RAM) checker before performing an upgrade, this can be found here;
http://go.microsoft.com/fwlink/?LinkId=50362
The disc should auto-run, if it doesn?t just run setup.exe from the root.
The only option you have when the flash screen appears is INSTALL. Click on Install.
You will get an option next to go online for the latest updates to the installation. I would always suggest choosing this option. As of 27 Jan 2010, choosing the option to download the latest updates took an extra 1 second, and downloaded around 1Mbs worth of updates.
Next you get a list of versions of 2008r2 server available on the DVD. Changing varieties can be tricky/impossible. For example you can?t go from Data Centre edition to Enterprise Edition. In most cases you will simply be choosing the same version as the server is already running. Eg, your DC is currently running 2008 Enterprise 64 bit Full Install (not core), so choose the 2008 R2 Enterprise Full Installation.
After you click next accept the license terms.
You will then get two options. Upgrade or Custom. Choose upgrade.
You will get a warning about any issues which may exist. The generic one seems to be that you should check that any software installed on the server is supported to run on Server 2008 r2. It would be very unlikely that software which works on 2008 wouldn?t work on 2008r2, but the warning is there. If any windows updates have been performed you may also be told that you need to reboot the server before running the upgrade.
Once you?re ready click next, and Windows will start copying files and upgrading. The warning indicates that this can take several hours, but in practice seems to complete in around 60 minutes, as the upgrade only copies around 2Gb of data. The server will reboot part way through expanding files (around 18%). After the ?installing features and updates? step the server will reboot again, during which the machines registry settings will be updated. One final reboot will take place after ?Transferring Programs & Settings?. The loading screen will state ?Setup Is Preparing Your Computer For First Use?. Don?t worry, it?s still the same DC, just a slightly ambiguous message.
Once the boot up completes the server is ready to use, and you can restore any roles back onto it which you might have transferred away.
Thats it.
This document is presuming current domain level is 2008, with all 2008 Domain Controllers.
Step 1 ? Upgrade the schema
The tools for this are provided on the Server 2008 r2 DVD, in the \support\adprep folder First copy this entire folder onto the C:\ drive of the Forest?s schema master. There are various tools online to locate your infrastructure master (if you don?t know it), but you can easily identify it using AD Users & Computers Console. Just right click on the tree root, select all tasks, and operations masters.
From an elevated command prompt, go into the adprep folder which was previously copied;
Cd c:\adprep
Type in the following command;
Adprep /forestprep
If you plan to implement any read only DCs, also run;
Adprep /rodcprep
Before doing anything else, wait at least 10 minutes. It can take up to 5 minutes for changes to replicate through the forest
Next copy the folder adprep to the infrastructure master, onto the local C:\ drive. Open up an elevated command prompt, and go into the adprep folder;
Cd c:\adprep
Type in the following command;
Adprep /domainprep /gpprep
Keep ad changes to a minimum for at least 10 minutes. The schema is now upgraded to Server 2008 r2, and can support Server 2008 r2 Domain Controllers.
Step 2 ? Upgrade each domain controller
Once the upgraded schema is in place, you can begin to upgrade your DCs.
The most import issue to address is that your DCs cannot be 32 bit. Server 2008r2 is only available in 64 bit. If you do have 32 bit DCs you will need to demote/remove and rebuild them as 64 bit Server 2008r2 DCs.
The good news is that 2008 64bit DCs can be upgraded, without having to be removed from AD. The only thing you must do first is transfer any roles off the DC whilst the upgrade takes place. This is essential, as if the upgrade fails and your server dies, you are safe in the knowledge that AD will still function.
The following article describes which AD tools can be used to identify which server?s are holding roles, and how to move them to other servers;
http://support.microsoft.com/kb/324801
You may currently have certain services running in your environment which point to specific DCs because that DC holds a specific role. As such, I would advise that after upgrading a DC you reinstate the roles onto it which it previously held. This will minimize impact. I?d also suggest doing this out of hours, or during a quiet period, so that AD changes are minimal during the process.
Once you have removed the roles from the first server you want to upgrade, just stick the Server 2008r2 DVD into the drive (or mount the ISO).
Step 3 ? The Install
Firstly, Microsoft suggests running their memory (RAM) checker before performing an upgrade, this can be found here;
http://go.microsoft.com/fwlink/?LinkId=50362
The disc should auto-run, if it doesn?t just run setup.exe from the root.
The only option you have when the flash screen appears is INSTALL. Click on Install.
You will get an option next to go online for the latest updates to the installation. I would always suggest choosing this option. As of 27 Jan 2010, choosing the option to download the latest updates took an extra 1 second, and downloaded around 1Mbs worth of updates.
Next you get a list of versions of 2008r2 server available on the DVD. Changing varieties can be tricky/impossible. For example you can?t go from Data Centre edition to Enterprise Edition. In most cases you will simply be choosing the same version as the server is already running. Eg, your DC is currently running 2008 Enterprise 64 bit Full Install (not core), so choose the 2008 R2 Enterprise Full Installation.
After you click next accept the license terms.
You will then get two options. Upgrade or Custom. Choose upgrade.
You will get a warning about any issues which may exist. The generic one seems to be that you should check that any software installed on the server is supported to run on Server 2008 r2. It would be very unlikely that software which works on 2008 wouldn?t work on 2008r2, but the warning is there. If any windows updates have been performed you may also be told that you need to reboot the server before running the upgrade.
Once you?re ready click next, and Windows will start copying files and upgrading. The warning indicates that this can take several hours, but in practice seems to complete in around 60 minutes, as the upgrade only copies around 2Gb of data. The server will reboot part way through expanding files (around 18%). After the ?installing features and updates? step the server will reboot again, during which the machines registry settings will be updated. One final reboot will take place after ?Transferring Programs & Settings?. The loading screen will state ?Setup Is Preparing Your Computer For First Use?. Don?t worry, it?s still the same DC, just a slightly ambiguous message.
Once the boot up completes the server is ready to use, and you can restore any roles back onto it which you might have transferred away.
Thats it.
I've just been working on a monitoring PC which have, which uses server perfmon to monitor the health of all our servers. Graphs include items such as CPU load, RAM available, and disk queue. I've also put a little system in place which will send an alert to twitter in the event of a server crash, or non-responsive ping;
It requires 2 batch files. The first one, looks like this;
--------------------------------------
@ECHO OFF
cls
REM Send 1 ping to server
ping %1 -n 1
IF %errorlevel% == 1 goto ServerFail
EXIT
:ServerFail
REM The next ping is just to force a few seconds of delay befor re-testing
@ping 127.0.0.1
@ping %1 -n 1
IF %errorlevel% == 1 goto ServerFail2
EXIT
:ServerFail2
CLS
@echo Server %1 Failed to ping on more than one occasion
tweetc "Server %1 was showing communication issues at %TIME% on %DATE%"
--------------------------------------
When calling the bat file it takes one parameter, which is the server name or IP address.
The second batch file simply calls pinger.bat for every server we want to run a check against.
You will notice a command in there "tweetc". This is a niftly little utility which allows you to tweet via the command line in windows.
If a server fails to ping, a delay is implemented, and then another ping test is done. If the second test fails, the message is sent to twitter saying "Server whatever was showing communication issues at %TIME% on %DATE%"
Its fairly crude in that its only relying on ping as a test, but its a good front line, and can be used in conjunction with more complex reports such as SMTP traps, or even using event logs.
If you want to see the live twitter go to http://twitter.com/bcolservers There isnt much on there at the moment aside from testing, and hopefully there never will be!
It requires 2 batch files. The first one, looks like this;
--------------------------------------
@ECHO OFF
cls
REM Send 1 ping to server
ping %1 -n 1
IF %errorlevel% == 1 goto ServerFail
EXIT
:ServerFail
REM The next ping is just to force a few seconds of delay befor re-testing
@ping 127.0.0.1
@ping %1 -n 1
IF %errorlevel% == 1 goto ServerFail2
EXIT
:ServerFail2
CLS
@echo Server %1 Failed to ping on more than one occasion
tweetc "Server %1 was showing communication issues at %TIME% on %DATE%"
--------------------------------------
When calling the bat file it takes one parameter, which is the server name or IP address.
The second batch file simply calls pinger.bat for every server we want to run a check against.
You will notice a command in there "tweetc". This is a niftly little utility which allows you to tweet via the command line in windows.
If a server fails to ping, a delay is implemented, and then another ping test is done. If the second test fails, the message is sent to twitter saying "Server whatever was showing communication issues at %TIME% on %DATE%"
Its fairly crude in that its only relying on ping as a test, but its a good front line, and can be used in conjunction with more complex reports such as SMTP traps, or even using event logs.
If you want to see the live twitter go to http://twitter.com/bcolservers There isnt much on there at the moment aside from testing, and hopefully there never will be!
Monday
A little known feature which many of our users seem to find useful has been Shadow Copies. Often used from an Admin point of view, by systems such as Virtual Machine Manager, shadow copies can also be used by the end users. This allows people to restore their own lost/deleted files, and roll back to a previous version.
It does have its disadvantages, such as the number of available previous version available, and the overhead on storage and disk utilization, but overall it reduces calls to the helpdesk, provides users with a faster way to recover lost data, and minimizes the time your backup administrator has to spend sifting through tapes for lost files.
Video tutorial is here;
It does have its disadvantages, such as the number of available previous version available, and the overhead on storage and disk utilization, but overall it reduces calls to the helpdesk, provides users with a faster way to recover lost data, and minimizes the time your backup administrator has to spend sifting through tapes for lost files.
Video tutorial is here;
I thought it would be worth a post on my recent experiences with an iSCSI San, and a Server 2008 Cluster. First off this is using the Release 1 of 2008, not R2 which is currently in BETA and has extended support for iSCSI.
The situation we wanted to use iSCSI San is probably much the same as most, virtualization. We are using Hyper-v along with SC Virtual Machine Manager 2008.
I’ve managed to put this into a nine step process, but if you have questions about any of the steps drop me an email;
1.Setup your SAN, install Server 2008 on desired number of nodes in the cluster, and use the MS iSCSI initiator and MPIO to connect to the SAN. Your SAN provider may provide specific tools to assist with this, such as DELL’s host integration toolkit for the Equillogic units.
2.Validate and create the cluster using Failover Cluster Management
3.Create a very small (1.5GB) LUN on your SAN, this will be used for the Witness Disk by 2008, and holds important configuration information about the cluster. Also create a number of LUNS for hosting virtual machines. Size doesn’t matter too much at this stage as they can be extended using the SAN, and Server 2008 disk management.
4.Connect all the nodes in cluster to the LUNS. Bring online, initialise and format the LUNS. Your best bet is to use a GUID partition, without a drive letter. Otherwise you may end up running out of letters in the alphabet if you have a large number of VMs.
5.Using Failover Cluster Management, add the disks into the cluster, and ensure that the small 1.5GB LUN is set as the Witness Disk. Quorum settings will depend on the number of nodes in the cluster, but the wizard does advise accordingly.
6.Using SCVMM, add one of the nodes from the cluster as a host. VMM will automatically detect that this is a clustered node and add all the other nodes.
7.Ensure that the status of each node shows everything being upto date, and check the properties of the cluster and make sure there is available storage.
8.Create a VM and add it to one of the nodes in the cluster.
9.Test functionality by shutting down the node holding the new VM, and ensure that another node takes over.
When you create your VMs, be sure to set them as highly-available. The above should give you the ability to create highly available VMs, ensuring that if node or nodes in the cluster fail, the VMs will continue to function.
1.Setup your SAN, install Server 2008 on desired number of nodes in the cluster, and use the MS iSCSI initiator and MPIO to connect to the SAN. Your SAN provider may provide specific tools to assist with this, such as DELL’s host integration toolkit for the Equillogic units.
2.Validate and create the cluster using Failover Cluster Management
3.Create a very small (1.5GB) LUN on your SAN, this will be used for the Witness Disk by 2008, and holds important configuration information about the cluster. Also create a number of LUNS for hosting virtual machines. Size doesn’t matter too much at this stage as they can be extended using the SAN, and Server 2008 disk management.
4.Connect all the nodes in cluster to the LUNS. Bring online, initialise and format the LUNS. Your best bet is to use a GUID partition, without a drive letter. Otherwise you may end up running out of letters in the alphabet if you have a large number of VMs.
5.Using Failover Cluster Management, add the disks into the cluster, and ensure that the small 1.5GB LUN is set as the Witness Disk. Quorum settings will depend on the number of nodes in the cluster, but the wizard does advise accordingly.
6.Using SCVMM, add one of the nodes from the cluster as a host. VMM will automatically detect that this is a clustered node and add all the other nodes.
7.Ensure that the status of each node shows everything being upto date, and check the properties of the cluster and make sure there is available storage.
8.Create a VM and add it to one of the nodes in the cluster.
9.Test functionality by shutting down the node holding the new VM, and ensure that another node takes over.
When you create your VMs, be sure to set them as highly-available. The above should give you the ability to create highly available VMs, ensuring that if node or nodes in the cluster fail, the VMs will continue to function.
Thursday
Going back to another problem, I've decided that in order to create VMs on-the-fly, I'm going to need a list of MAC-Addresses which are already in our DHCP server. This will mean not needing to use the netsh command to populate DHCP, and will give us a little more control.
So I need a text file containing all the MAC's which are DHCP enabled. I need to use the first MAC in the file, then delete it from the file (so it doesnt get used again). Powershell to the rescue yet again....and I can even use this within my VM creation script to streamline the whole process.
In the following example the input text file is called c:\test.txt and contains a basic list.
-----------------------------------------------------
#load the file into a string called file
$file=get-content "C:\test.txt"
#$file[0] represents the first line of data......do with as your wish
delete the data which was in the first line
$file[0]=""
#output it to a tempfile
$file out-file "C:\tempfile.txt"
#delete the original file
Remove-Item c:\test.txt
#delete any empty lines from the temp file, and save it as the original name
cat c:\tempfile.txt where {$_ -notmatch "^$" } > c:\test.txt
-----------------------------------------------------
So I need a text file containing all the MAC's which are DHCP enabled. I need to use the first MAC in the file, then delete it from the file (so it doesnt get used again). Powershell to the rescue yet again....and I can even use this within my VM creation script to streamline the whole process.
In the following example the input text file is called c:\test.txt and contains a basic list.
-----------------------------------------------------
#load the file into a string called file
$file=get-content "C:\test.txt"
#$file[0] represents the first line of data......do with as your wish
delete the data which was in the first line
$file[0]=""
#output it to a tempfile
$file out-file "C:\tempfile.txt"
#delete the original file
Remove-Item c:\test.txt
#delete any empty lines from the temp file, and save it as the original name
cat c:\tempfile.txt where {$_ -notmatch "^$" } > c:\test.txt
-----------------------------------------------------
Tuesday
I've been to a few Microsoft conferences where people contantly bang on about PowerShell. Until now its been something I have tried to avoid, as it looks a little bit too much like DOS for my liking!
However, working on another project has lead me to look into powershell for creating Virtual Machines, and I've been blown away by what it can do.
The beauty of MS System Centre Products is that they all execute tasks using powershell, even if you use an admin console to create the task. You could quite happily never know that powershell was being used, and I imagine 90% of users never need to know. The brilliant thing is tha whenever you do something with the GUI, be it create a user in Exchange 2007 or deploy a Virtual Machine, a powershell script is generated, which you can use, reuse and tweek for your own requirments.
In my case I used it as a foundation for provisioning new VMs in Virtual Machine Manager 2007. Having created a VM Template (by sys-preping an XP install), I've been able to write a script which using one command can create a new VM, name it, install all our core software, generate a mac address & network card and join the domain!
I've spent the last 2 days trying to come up with a random MAC address generator in powershell, which I'm pasting below. It works a treat, and I'll be posting the full script (including the VM provisioning script) over the next couple of weeks. This random MAC generator is extreamly useful when wanting to give users the ability to create VMs on the fly, and after a lot of digging online I wasnt able to find anything like this...so hopefuly someone else can use it;
----------------------------------------------------------
param(
[int] $len = 12,
[string] $chars = "0123456789abcdef"
)
$bytes = new-object "System.Byte[]" $len
$rnd = new-object System.Security.Cryptography.RNGCryptoServiceProvider
$rnd.GetBytes($bytes)
#define the fields
$macraw = ""
for( $i=0; $i -lt $len; $i++ )
{
$macraw += $chars[ $bytes[$i] % $chars.Length ]
}
#add collons to the random macraw so that it is properly formatted
$macaddress = $macraw[0]+$macraw[1]+":"+$macraw[2]+$macraw[3]+":"+$macraw[4]+$macraw[5]+":"+$macraw[6]+$macraw[7]+":"+$macraw[8]+$macraw[9]+":"+$macraw[10]+$macraw[11]
$macaddress
----------------------------------------------------------
However, working on another project has lead me to look into powershell for creating Virtual Machines, and I've been blown away by what it can do.
The beauty of MS System Centre Products is that they all execute tasks using powershell, even if you use an admin console to create the task. You could quite happily never know that powershell was being used, and I imagine 90% of users never need to know. The brilliant thing is tha whenever you do something with the GUI, be it create a user in Exchange 2007 or deploy a Virtual Machine, a powershell script is generated, which you can use, reuse and tweek for your own requirments.
In my case I used it as a foundation for provisioning new VMs in Virtual Machine Manager 2007. Having created a VM Template (by sys-preping an XP install), I've been able to write a script which using one command can create a new VM, name it, install all our core software, generate a mac address & network card and join the domain!
I've spent the last 2 days trying to come up with a random MAC address generator in powershell, which I'm pasting below. It works a treat, and I'll be posting the full script (including the VM provisioning script) over the next couple of weeks. This random MAC generator is extreamly useful when wanting to give users the ability to create VMs on the fly, and after a lot of digging online I wasnt able to find anything like this...so hopefuly someone else can use it;
----------------------------------------------------------
param(
[int] $len = 12,
[string] $chars = "0123456789abcdef"
)
$bytes = new-object "System.Byte[]" $len
$rnd = new-object System.Security.Cryptography.RNGCryptoServiceProvider
$rnd.GetBytes($bytes)
#define the fields
$macraw = ""
for( $i=0; $i -lt $len; $i++ )
{
$macraw += $chars[ $bytes[$i] % $chars.Length ]
}
#add collons to the random macraw so that it is properly formatted
$macaddress = $macraw[0]+$macraw[1]+":"+$macraw[2]+$macraw[3]+":"+$macraw[4]+$macraw[5]+":"+$macraw[6]+$macraw[7]+":"+$macraw[8]+$macraw[9]+":"+$macraw[10]+$macraw[11]
$macaddress
----------------------------------------------------------
Monday
Subscribe to:
Posts (Atom)
