Vmware Port Mirror and MS Advanced Thread Analytics

The project was to install MS Advanced Thread Analytic Gateway in a virtual machine, in Vmware, to monitor a physical domain controller.

Hardware involved

  1. Domain controller (physical) – DCServer1
  2. DELL switch – switch1
  3. ESXi host – host1
  4. MS ATA Gateway – atagw1

Setup Port Mirroring at Physical Switch Level

DC server DCserver1 and ESXi host1 are physically connected to switch1. DCserver1 connects on port 40 and host1 connects on port 44 of the switch.

We’re going to configure port mirroring on switch1 as source being port 40 and destination port 44 and we’re going to use use both directions in our config. You can use the following link to configure port mirroring on DELL switches.

Configure Vmware for Port Mirroring

As mentioned before, host1 connects to switch1, and we’re going to use this connection (vmnic2) and create a new standard switch (that was my setup). So, at point, vmnic2 connects to port 44 on switch1.

Once your new standard switch is created (vSwitch2), then we’ll create a new port group (ATA-Capture). While creating port group ATA-Capture, make sure to enable Promiscuous Mode and set VLAN ID to All (4095) – this part crucial!

port-group

 

Configure Microsoft ATA Gateway VM

Your MS ATA Gateway will need to have two NICs. One NIC will be used for day to day work and the second NIC for capture. To make thing easier, rename the NIC to something like ‘Capture‘. Next, make sure that your Capture NIC belongs to the ATA-Capture port group.

At this point you should be able to install MS ATA Gateway software.

Leave a comment

Deploy iTunes 12 & QuickTime 7

The following are steps to deploy Apple iTunes  12.5.3.1 and Apple QuickTime 7.79.80.95 using System Center Configuration Manager.

Some of these steps were taken as tips from the following links:

  1. Link one
  2. Link two

I’m not going into details, but rather I’m going to point out some of my specific changes.

Get the MSI files for iTunes and QuickTime

Download the latest version of iTunes and QuickTime. In case you’re wondering why QuickTime, well, it’s a requirement for iTunes.

You’re going to get the MSI files for both applications by running the executable files (do not click the Next button in the installation wizard), once you run the executable files, then open file explorer and type %TEMP% in the location bar. Now look for a recently created folder and you’ll find the MSI files there, next, copy these files to your deployment folder. You’re going to perform these steps for iTunes and QuickTime.

Create QuickTime deployment

First, we’ll use Microsoft’s Orca tool to edit the QuickTime.msi file, we’re going to make the following changes:

  1. From View menu, select Summary Information. Within this window in languages field remove all but 1033, then press OK
  2. Click Property table and change the following fields:
    1. REGSRCH_DESKTOP_SHORTCUTS to 0
    2. REGSRCH_MEDIA_DEFAULTS to 0
    3. SCHEDULE_ASUW to 0
    4. Create a new row REENABLEAUTORUN and set this to 0 (disables auto-run)
  3. Click LaunchCondition table and drop the “NOT BNEWERPRODUCTISINSTALLED” row
  4. In the Checkbox table set all values to 0. If a manual install is done of the application then all the install options are uncheked by default
  5. Save the MSI

You’re now ready to create the application deployment task.

For my environment, I’m not using a script as the installation method (the links mentioned above use scripts), I use the MSI file; however, I’m using the following installation command:

msiexec /i “QuickTime.msi” ASUWISINSTALLED=0 SCHEDULE_ASUW=0 REGSRCH_INSTALL_ASU=0 /q

Create iTunes deployment

First, we’ll use Microsoft’s Orca tool to edit the QuickTime.msi file, we’re going to make the following changes:

  1. From View menu, select Summary Information. Within this window in languages field remove all but 1033, then press OK
  2. Click Property table and change the following fields:
    1. REGSRCH_DESKTOP_SHORTCUTS to 0
    2. SCHEDULE_ASUW to 0
    3. IAcceptLicense to Yes
  3. In the Checkbox table, we’re going to change the following:
    1. ChkOptInstASU to 0
    2. ChkOptInstShortcuts to 0
  4. In the Shortcut table, we’ll remove QuickTimePlayer_Desktop and QuickTimeUninstaller. This will remove those shortcuts
  5. From the LaunchCondition table drop NOT BNEWERPRODUCTISINSTALLED field
  6. Save the MSI

I tried using the MSI files to create the deployment, but it became too complex as iTunes requires all pre-requisite files to be on the system before iTunes gets to be installed.

Here’s the installation script I use:

@ECHO OFF
start /wait msiexec /i AppleApplicationSupport.msi /passive
start /wait msiexec /i AppleApplicationSupport64.msi /passive
start /wait msiexec /i AppleMobileDeviceSupport6464.msi /qn
start /wait msiexec /i Bonjour64.msi /qn
start /wait msiexec /i itunes6464.msi /passive

Here’s the removal scrlipt I use:

REM remove application support 32
start /wait msiexec /x {F2871C89-C8A5-42EE-8D45-0F02506385A6} /q

REM remove application support 64
start /wait msiexec /x {9BC93467-75D1-4AA4-BD58-D9C51D88DFAB} /q

REM remove mobile device support 6464
start /wait msiexec /x {55BB2110-FB43-49B3-93F4-945A0CFB0A6C} /q

REM remove bonjour 64
start /wait msiexec /x {56DDDFB8-7F79-4480-89D5-25E1F52AB28F} /q

REM remove itunes uninstall
start /wait msiexec /x {554C62C7-E6BB-40F1-892B-F0AE02D3C135} /q

 

Note that the product codes listed above are specific for the version of QuickTime and iTunes that came from the installation program downloaded from Apple.

Next, in Configuration Manager, make sure you the QuickTime deployment package as a dependency for the iTunes package.

As for a detection method, since we have an MSI, you can use that as your detection method.

2016-11-22_1029

Leave a comment

Install Hyper-V Role to Windows Server 2012 R2 During OS Deployment

There are plenty of blogs about this subject, however, many of these blogs are outdated and some of their tips do not work properly for Windows Server 2012 R2. Also, in my case, I’m not using MSDT to install features and roles, but instead I’m using a captured WIM image.

To install Hyper-V role, just add a “Run Command Line” task, towards the end of the task sequence, Install Operating System task.

I’m using the following PowerShell command:

Powershell.exe -Command "& {&'Install-WindowsFeature' –Name Hyper-V -IncludeManagementTools -Restart}"

2016-10-28_1124

Also, here’s an interesting link that discusses this particular issue.

Leave a comment

New Windows 7 Install Not Updating

There’s an issue with brand new installations of Windows 7. If you’re trying to patch/update a brand new Windows 7 installation, Windows Updates will sit there for days without patching anything.

It turns out that, a while back, Microsoft updated their patching servers and because of that, brand new Windows 7 installations will fail to patch until you install the following KBs:

KB3102810
KB3135445
KB3138612

Some of these KBs will not say that will not apply, but keep trying the others and one will fix the Windows Update issue with newly installed Windows 7.

A while back, I opened a Technet case on Microsoft’s forums and here’s the original link.

 

Leave a comment

Run PowerShell Script in Schedule Tasks

The following will allow you to run a Powershell script as a scheduled task. These instructions have been tested on a Windows 7 64bit computer.

Before proceeding, make sure your Powershell script runs without any errors. The best way to make sure your script is running fine is by calling it from a command prompt.

Note: Make sure you run Set-ExecutionPolicy from an elevated Powershell window to make sure your system (Windows 7) is allowed to run Powershell scripts.

  1. Open a Command Prompt window
  2. Run: powershell -file <your ps script file>
  3. Make sure it executes properly

 

Now, open Windows 7 Task Scheduler:

  1. In the Actions tab
  2. Power shell is found at: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    1. You can also just use powershell.exe
  3. In Add arguments (optional) field, add the following: -File “C:\Path-to-your-script\Your-ps-script.ps1”
    1. Sample: -File “C:\Program Files (x86)\Info Folder\Get-Speed.ps1”
  4. In Start in (optional) field, add the following: C:\Program Files (x86)\Info Folder
    1. Sample: C:\Program Files (x86)\Info Folder

2016-09-19_1151

I’m not going to go over the other sections as this is the main section to be able to execute Powershell scripts from Schedule Tasks.

, , ,

Leave a comment

Get Active Network Adapter

Recently I had the need to create a script to find out what was the active network adapter in our server, so after some ideas from the web, I came up with a one line PowerShell script that helped me achieve my goal.

Note: Get-NetAdapter is a PowerShell commandlet that’s present on Windows 8 and Windows Server 2012 R2. This command will not work on Windows 7.

Get-NetAdapter | Where-Object {($_.LinkSpeed -eq “1 Gbps”) -and ($_.Status -eq ‘Up’)}

In this line, I’m basically getting the adapter with status ‘Up’ and with a linkspeed equals to ‘1 Gbps’. One can change LinkSpeed property to match your server’s network adapter speed(s).

Leave a comment

Deploying Oracle JAVA

As of JAVA 8 Update 73, this is the easiest way I’ve found to deploy JAVA on a corporate environment.

  1. Download JAVA from here
    1. You’re going to select the Windows Offline download option
  2. Take a look at the many installation options now available for the JAVA EXEcutable file, those options can be found here
  3. From an elevated command line, you’re going to run the JRE executable file with the options you select from step 2
    1. Here’s just a sample command line (all in one line):
    2. jre-8u73-windows-i586.exe EULA=Disable INSTALL_SILENT=Enable AUTO_UPDATE=Disable REBOOT=Disable REMOVEOUTOFDATEJRES=1
    3. You should be able to find the meaning of each installation option by reading the document in step 2. In essence, I’m installing JAVA and accepting the EULA, a silent install with JAVA auto update disabled as well as removing any outdated installations of JAVA and finally rebooting is disabled.

JAVA Instal

Note: Here’s a great JAVA 8 deployment blog in case you need other means of installing it

 

For those using System Center Configuration Manager 2012 (SCCM 20120), one of the ways to create an application deployment would be to use ‘manual’ deployment type and use a script to install JAVA. In the script I used, I was able to use START /WAIT command to execute the JRE file.

Leave a comment

SCCM 2012 R2 SP1 & PXE-E53 Error(s)

In SCCM 2012, you may encounter the following PXE error message:

PXE-E53: No  boot filename received
PXE-M0F: Exiting Intel Boot Agent
Selected boot device failed. Press any key to reboot….

IMG_1755

Unfortunately, there are many instances that will generate the error message above; one of those instances is when you’ve not set your Windows PE x86 to deploy in your distribution point.

Yes, even if you’re using Windows PE (x64), you must enable the (x86) version. (see below)

9-21-2015 12-03-34 PM

, , , , , , ,

Leave a comment

SCCM 2012 R2 SP1 and User Device Affinity

I’m using the Boot Image to set User Device Affinity (UDA) to devices managed by SCCM 2012 R2 SP1.

First, here’s how we script looks to:

Dim userDA, smsUserMode
Set env = CreateObject("Microsoft.SMS.TSEnvironment")

' We enable UDA variable here - before assigning user
smsUserMode = "Auto"
env("SMSTSAssignUsersMode") = smsUserMode

userDA = Inputbox("Type a valid Active Directory user account." &amp; vbCrLf &amp; vbCrLf &amp; _
"Format: DOMAIN\Username", "Name of primary user for device...")
env("SMSTSUdaUsers") = userDA

' writing to log
wscript.echo "User device affinity set to " &amp; env("SMSTSUdaUsers")
wscript.echo "We're going to set UDA by setting SMSTSAssignUsersMode variable to: " &amp; env("SMSTSAssignUsersMode")

I’m going to save this script on a shared network location. This code is widely used by many people, and I’m not the creator of it; I’ve just slightly modified it.

Next, I’m going to customize the Boot Image file in SCCM, see screenshot.

Boot Image UDA

That’s it!

, , , , , , ,

Leave a comment

Deploy JAVA & Disable JAVA’s AutoUpdate

The following will allow you to deploy JAVA, using an MSI, with the ability to disable JAVA’s AutoUpdate feature.

  1. Download JAVA manually from here
    1. You can download 64 and 32 bit version
  2. Next, run the installation file, but do not click anything else after the first screen
  3. Go to C:\Users\YourUserName\AppData\LocalLow\Oracle and find the extracted MSI file
  4. Copy the MSI to another location and use ORCA to modify the MSI fi le
    1. ORCA can be downloaded from here
  5. Go to the Properties table and change the properties highlighted in the screenshotJAVA No AutoUpdate
  6. Save the MSI and you’re now ready to deploy JAVA

, , , , ,

Leave a comment