Category: Deployments


http://blogs.technet.com/b/askcore/archive/2011/05/12/bare-metal-restore.aspx

http://www.alexwinner.com/articles/divers/123-backupscript2008r22012.html

http://www.alexwinner.com/articles/divers/122-wbsbaremetalrestore.html

 

Reference: http://support.microsoft.com/kb/318785

Microsoft .net Framework is a software package that is used by many applications, it runs in a software environment as opposed to hardware environment. The Microsoft .net Framework provides language interoperability across several programming languages. Microsoft .net Framework does a lot of really cool things and is widely used, the only problem is there are several different versions of the Microsoft .net Framework, and finding out if you have the right version of the program can be a bit tricky. I would like to give you a quick and easy way to find out if you have the version you need and if you don’t a simple way to get it.

Click Start>>Type Regedit>>Hit Enter>>Click Edit>>Click Find>>Type NET Framework>>Check the installed versions

I prefer instead to download this free program called .NET Version Detector ( download here ). The reason this tool is so much more effective is that you simply have to download the file, extract it, and run it. You don’t even have to install the program, it’s completely portable. You run the program and get a nice graphical interface that will tell you what versions of the Microsoft .net Framework are installed on your system and what versions are missing from your system.

 

Note: With win7 .NET Framework 3.5 is installed by default.

WDS starter guide : http://technet.microsoft.com/fr-fr/library/jj648426.aspx

Solution accelerator: MDT “Microsoft deployment toolkit” : http://technet.microsoft.com/en-us/library/ee376932.aspx

Lite-Touch: http://technet.microsoft.com/en-us/windows/dn282138

Zero-Touch: http://technet.microsoft.com/en-us/windows/dn282139

Script center and WDS: http://gallery.technet.microsoft.com/scriptcenter/Windows-Deployment-WDS-8bb013b7

WDS and MDT better together?

WDS is for network deployment, MDT can create images that can be uploaded to WDS or deployed individually as a DVD boot image:

http://technet.microsoft.com/en-us/video/deploying-windows-7-with-windows-deployment-services.aspx

MDT is the way to go. WDS just delivers the images. With MDT, you can manage your image creation process as well as the imaging process. So yes, with MDT you can create a single image and push it to any number of different hardware models and inject the drivers as needed at image time. You can also inject program installations and fixes and updates. You can also use MDT to backup and restore profiles if you just wanted to refresh a computer. It’s very powerful and well worth the learning curve. Their are some very good tutorials out there that will get you started.

The Microsoft Deployment Toolkit (MDT) can also manage device drivers, however MDT is a task based process that allows you to do much more. MDT can run custom scripts, install software, packages and updates and call Windows Update or WSUS to make sure any new updates are installed. This makes it possible to have a thin base image that goes on all machines while allowing you to install software based on department or personal needs and have all the latest updates installed without the need to update your base image frequently or have multiple images to cover all possible scenarios in your organization.

MDT also has the ability to use other tools during deployment, such as the User State Migration Tool (USMT), the Application Compatibility Toolkit (ACT), the Microsoft Assessment and Planning tool (MAP) and the Microsoft Security Compliance Manager (SCM).

Additionally, the Litetouch PE images that MDT creates can be used with WDS to allow network booting and multicast deployments while still using the flexibility of MDT.

These videos are a great way to see how MDT can improve your deployments:

Deployment Day Session 1: Introduction to MDT 2012
Deployment Day Session 2: MDT 2012 Advanced

http://prajwaldesai.com/integrating-windows-deployment-services-with-microsoft-deployment-toolkit/

MDT 2013 installation: http://blog.itvce.com/?p=4730

Many more videos and articles and free tools to help with Deploying Windows with MDT can be found on the Deliver and Deploy Windows 7 and Deliver and Deploy Windows 8 pages of the Springboard Series on TechNet.

Hope this helps,

In Microsoft Windows Operating Systems, there are two types of disk partitioning architectures, MBR and GPT. The main difference between them is how they access disk sectors and logical blocks. MBR or Master Boot Record was the first partitioning architecture invented for disk drivers that had the capacity lower then 2 TB (terabytes). GUI or GUID Partition Table was designed to cover the MBR size limit. Both architectures are in use today but there are some main differences between them. In this post, I will talk about the differences between these two disk partitioning types.

Data is divided into several blocks of information, that’s why partition tables were invented. Partition tables keep track of the mappings between sectors and logical numbering blocks. Imagine that you have a file stored on your disk drive. The file is segmented into several pieces of information (study the networking tutorials from IT training day to understand how this is done), each segment receives a label and this information is stored in the partition table. By checking the partition table, devices are able to reconstruct the whole information.
Master boot record was invented when only x86 computers existed. On a MBR disk you can create 4 partitions or three primary and one extended. Of course, the extended one can be partitioned further. One big problem of using a MBR architecture is the possibility of data corruption. There is only one partition table for each partition. The next image taken from Microsoft’s website will illustrate the MBR architecture:
MBR Disk
You can see from the image that there are four partitions (three primary and one extended). The primary partitions are C,E and F. Each of the primary partitions have 1 partition table. The extended partition contains the logical drives (G, H, … n).
The Master Boot Code contains a small piece of code that is executed. This structure is automatically created when a disk is partitioned as a MBR. The executed code does the following: scans the partition tables for the active partition(the partition where the Operating System is stored). The code also finds the location of the first sector from the active partition. It loads the boot sector code from the active partition into the memory and then transfers control to the executable code in the boot sector. If the master boot code doesn’t locate the boot sector code from the active partition, the following messages can be displayed: Error loading operating system, invalid partition table or missing operating system.

The 0x55 AA is a 2 byte structure that is used to mark the end of a MBR architecture. It is also called a signature.

GUID Partition Table – this type of partitioning is supported by hard drives that have more than 2 TB storage capacity. A basic disk that uses GPT partitioning, can have up to 128 primary partitions. This technology also supports CRC (Cyclic Redundancy Check), reliability and backup. This is how a GPT architecture looks like (from Microsoft’s website):
GPT Disk

You can see that GPT architecture uses a large part of the MBR architecture but also has other features. It contains GUID partitions (primary GUID partition) which can identify the type of data that is stored on the partition and the disk type. For each GUID partition table there is a backup partition. It also contains a GUID partition table header and a backup GUID partition table header. Read more about this on Microsoft’s website:
http://msdn.microsoft.com/en-us/library/aa363785%28VS.85%29.aspx

If you use batch files to automate tasks on a Vista/Windows 7/Windows 2008,2008r2 computer, you have probably encountered situations when you needed to start a program ELEVATED (as Administrator).

For example, if you want to share a folder automatically from a batch file, you would use the “net share” command. However, unlike many other programs that ask for the administrator’s approval, net share does not do that and simply returns the error code 5 (“access denied”) if it was started by a standard user.

How to force that program to start elevated from a batch file?

There are multiple elevate.exe programs available for free on Internet, I selected two of them:

<http://code.kliu.org/misc/elevate/>

Usage:  elevate [(-c | -k) [-n] [-u]] [-w] command

Options:
  -c  Launches a terminating command processor; equivalent to “cmd /c command”.
  -k  Launches a persistent command processor; equivalent to “cmd /k command”.
  -n  When using -c or -k, do not pushd the current directory before execution.
  -u  When using -c or -k, use Unicode; equivalent to “cmd /u”.
  -w  Waits for termination; equivalent to “start /wait command”.

Notes:
  Both the hyphen (e.g., -w) and slash (e.g., /w) forms of switches are valid.

  When -k is specified, command is optional.  Omitting command in this case will  simply open an elevated command prompt.

  Normally, an elevated command processor will not honor the current directory  of an unelevated parent process, thus potentially creating problems with
  relative paths.  To address this problem, when the -c or -k switches are used,  elevate will issue a pushd command to the new command processor to ensure that
  it uses the current directory of its parent process.  Specifying the -n switch  will disable this feature.

Examples:
  elevate taskmgr
  elevate -k
  elevate /w HashCheckInstall.exe
  elevate -k sfc /scannow
  elevate /c del %SystemRoot%\Temp\*.*
  elevate -c -w copy foo*.* bar

Why this utility?

There are other similar utilities available; for example:
* http://wintellect.com/cs/blogs/jrobbins/archive/2007/03/27/elevate-a-process-at-the-command-line-in-vista.aspx
* http://jpassing.com/2007/12/08/launch-elevated-processes-from-the-command-line/

* http://www.winability.com/files/elevate.zip

Copy the file Elevate.exe into a folder where Windows can always find it (such as C:/Windows). To use it in a batch file, just prepend the command you want to execute as administrator with the elevate command, like this:

  elevate net share ...
  elevate -noui "c:\batch.bat"

and it should run the command net share as administrator. Of course, it does not relieve the administrator from the duty to approve the request (unless you have enabled the guiet mode of UAC or disabled the UAC altogether).

The syntax of the Elevate command is as follows:

  elevate [-opt1] [-opt2...] [path\]file[.exe] [param1 [param2...]]

Where -optN can be one of the following:

  -?         - Display the help screen and exit
  -info      - Open the web page with more information (the web page you are reading now!) and exit
  -wait4idle - Wait for the target process to initialize before returning
  -wait4exit - Wait for the target process to finish before returning
  -noui      - Don't display any messages, even if an error occurs

After the options, the following arguments should be entered:

  file       - The file name of the program to launch elevated
  paramN     - Optional parameters (as expected by the program being launched)

For example, if for some reason you want to run Notepad as administrator, and continue only after you exit Notepad, you would use a command like this:

  elevate   -wait4exit   notepad

If you use the elevate command while being logged in to Windows as a user that does not have a split token, that is as a non-administrator or a guest user, it will ask for the administrator’s password to continue. If you use it as the true administrator (that is, if UAC is disabled, or it you’ve launched the batch file itself as administrator), then no administrator’s approval would be required and it would launch the program as usual.

Can Elevate.exe be used on a Windows XP or Windows 2000 computer, even though they do not have UAC or users with the split tokens? Yes, it can! In such a case, if the batch file is executed by the administrator, then Elevate.exe runs the program as usual, without requiring any additional approval. If run by a restricted user, Elevate.exe has the same effect as the Runas  command of Windows XP/2000: it gives the user an option to enter a different user’s credentials to lunch the program.

The return code of the elevate command depends on the result of its execution and whether you have specified the -wait4exit option or not. If the -wait4exit option is NOT specified, then elevate returns code 0 if it started the target process successfully, or an error code as reported by Windows. For example, if Windows could not find the target file, it usually returns code 2. If the file was found, but the administrator did not approve the request to start the program elevated, the return code is 5. And so on.

However, if you have specified the -wait4exit option on the command line, then if the target process was started successfully, the elevate command would wait for it to finish and return the exit code from that process. The returned value in such a case depends on the program being launched be the elevate command. As with other commands, you can access the return code in a batch file via the ERRORLEVEL variable.

Tip: how to extend the shell context menu for directories by an ‘Open Elevated Console here’ entry by adding the following registry entries:

[HKEY_CLASSES_ROOT\Directory\shell\Open Elevated Console here]
@=”Open Ele&vated Console here”

[HKEY_CLASSES_ROOT\Directory\shell\
           Open Elevated Console here\command]
@=”c:\\path\\to\\elevate.exe  /K \”title %1 && color 1a && cd /D %1\””

http://msdn.microsoft.com/en-us/library/windows/hardware/dn529134

The objective is to allow WMI queries on a computer for a non-admin user/group ?

the group to allow is mydomain\wmiquery-users

the scripts requires, dcomperm.exe and wmisecurity.exe

Authorize WMI users and set Permissions on Win7, Win2008 R2:http://technet.microsoft.com/en-us/library/cc771551.aspx

example of PS code:http://unlockpowershell.wordpress.com/2009/11/20/script-remote-dcom-wmi-access-for-a-domain-user/

Download the wmisecurity.exe from codeproject site:http://www.codeproject.com/KB/system/WmiSecurity.aspx

Download the dcomperm.exe from: http://cid-62b84429c3a8a991.skydrive.live.com/self.aspx/SharePoint/DComPerm.zip

 1st step: Set up DCOM permissions:

@echo off
CLS
echo.
echo Windows computers – Set up DCOM Permissions – Oct 2011
echo __________________________________________________________________________________
echo.
==========================================================================>.\logs\Set-DCOM-Permissions_%computername%.txt
echo Show current DCOM permissinos – current values on %computername% BEFORE…
echo List machine access permission list…
dcomperm -ma list
echo List machine launch permission list…
dcomperm -ml list
echo List machine default permission list…
dcomperm -dl list
echo.
echo Show current DCOM permissinos – current values on %computername% BEFORE…>>.\logs\Set-DCOM-Permissions_%computername%.txt
echo List machine access permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -ma list >>.\logs\Set-DCOM-Permissions_%computername%.txt
echo List machine launch permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -ml list >>.\logs\Set-DCOM-Permissions_%computername%.txt
echo List machine default permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -ml list >>.\logs\Set-DCOM-Permissions_%computername%.txt
pause
echo.
echo ————————————————————————
echo Set new DCOM permissions – new values on %computername%…
echo Set machine access permission list…
dcomperm -ma set MYDOMAIN\wmiquery-users permit level:l,r
echo Set machine launch permission list…
dcomperm -ml set MYDOMAIN\wmiquery-users permit level:ll,la,rl,ra
echo Set machine default permission list…
dcomperm -dl remove MYDOMAIN\wmiquery-users permit level:ll,la,rl,ra
echo.
echo Set new DCOM permissions – new values on %computername%…>>.\logs\Set-DCOM-Permissions_%computername%.txt
echo Set machine access permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -ma set MYDOMAIN\wmiquery-users permit level:l,r >>.\logs\Set-DCOM-Permissions_%computername%.txt
echo Set machine launch permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -ml set MYDOMAIN\wmiquery-users permit level:ll,la,rl,ra >>.\logs\Set-DCOM-Permissions_%computername%.txt
echo Set machine default permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -dl remove MYDOMAIN\wmiquery-users permit level:ll,la,rl,ra >>.\logs\Set-DCOM-Permissions_%computername%.txt
echo.
echo ————————————————————————-
echo Show current DCOM permissinos – current values on %computername% AFTER…
echo List machine access permission list…
dcomperm -ma list
echo List machine launch permission list…
dcomperm -ml list
echo List machine default permission list…
dcomperm -dl list
echo.
echo Show current DCOM permissinos – current values on %computername% AFTER…>>.\logs\Set-DCOM-Permissions_%computername%.txt
echo List machine access permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -ma list >>.\logs\Set-DCOM-Permissions_%computername%.txt
echo List machine launch permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -ml list >>.\logs\Set-DCOM-Permissions_%computername%.txt
echo List machine default permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -ml list >>.\logs\Set-DCOM-Permissions_%computername%.txt
echo.
goto end
:end

2nd step: Set up WMI Security:

@echo off
CLS
echo.
echo Windows computers – Set up WMI Security – Oct 2011
echo _________________________________________________________________________
echo.
echo ————————————————————————————->.\logs\Set-WMISecurity_%computername%.txt
echo Set up WMI Security on %computername%…>>.\logs\Set-WMISecurity_%computername%.txt
WmiSecurity /C=%computername% /A /N=Root /M=”MYDOMAIN\wmiquery-users:REMOTEACCESS” /R
WmiSecurity /C=%computername% /A /N=Root /M=”MYDOMAIN\wmiquery-users:REMOTEACCESS” /R >>.\logs\Set-WMISecurity_%computername%.txt

goto end
:end

 
Microsoft a publié sur son site TEchnet un intéressant article comparant les quatre stratégies
de déploiement de postes de travail Windows 7: