December 2012 Entries
Installing Windows Deployment Services

While we will use the Microsoft Deployment Toolset (MDT) 2012 for our actually server deployments we are going to leverage the power WDS provides us to PXE boot (boot from the network) with a winPE image. You could argue this is not necessary if you are running all virtual machines but I want a solution as flexible as can be.

Install WDS

Add Server roles












Select the windows deployment Services 











Read through the introduction if you feel like it…











Make sure the transport & deployment components 











Confirm everything by clicking install 











Installation should be swift and error free











Once the installation succeeds you will be presented with a nice report, most likely detailing that you do not have windows updating enabled. No worries, I'll get to that later on!


Creating an automated OS deployment

To create a deployment environment we are going to use ADDS, DHCP, WDS, WSUS, MDT2012 and good old fashioned hard work! Note that a number of prerequisites need to be met to install certain services. I used 2 servers, but it is possible to do it with only one server, do note that you will need to research on how to set the WDS entries in DHCP as this will not be done automatically…


There are a number of binaries you will need to download:

MDT 2012:


Server setup:

DC00: Domain controller with DHCP scope


Once both machines have been installed and configured, setup a domain (in my case deploy.lan) and join WDS to that domain.


To get started, read these articles:

Installing Windows Deployment Services:

Installing and configuring Windows Server Update Services (WSUS):

Installing and configuring Windows Server Update Services (WSUS)

Deploying images is one thing but actually having to run the update gauntlet on every deploy is terrifying to me. It often results in no updates being installed (cause I just could not be bothered) and this can cause discrepancies between test systems or even you missing out on cool new features! So let's install the WSUS component to handle that. Later on we'll see how to configure WSUS and set an automatic "Approve All" rule. What we will be doing as, albeit not in this part, is leveraging the power of WSUS to update our installations right after deployment. Without joining a domain!


Go to the server roles wizard and select the "Windows Server Update Services".











You will be automatically presented with the prerequisites required for the WSUS component. Agree with the popup by selecting add Required Role Services.











Once you accept that you should take notice that the Web Server component is checked as well. Try not to install this role on a server which hosts other websites, it's possible but requires a bit more care…











Once again, read through the introduction page.











You don’t have to select anything extra on this screen as that has been taken care of by the popup you received earlier.











Install WSUS and the required role services by clicking the install button











Just like with the WDS role you will be presented with a progress screen. Once again it should be smooth sailing and no reboot will be required.











Once installation of WSUS is complete you will be presented with the following setup screen:











Accept the license terms (and you "should" actually read them -_-)











I don't really care about the reporting at this stage, just know that you can manage the machine just fine and all you will not be able to do is pull reports. If you care about those you can always install the report viewer later on.











You'll have to present WSUS with a folder where it can store the updates. I added an extra 250 GB LUN to the server to handle this and the MDT files.











If you have a database server, feel free to put the WSUS database on there, if you don't you can install the internal database from Microsoft on your server by choosing the first option and clicking next.











If you are running another website on your server you have the option to coexist with that website. It also means you have to keep track of your ports somewhere…











Once all have been taken care of you can go ahead and complete setup.











Another progress screen will present itself to keep you informed











Complete the WSUS setup by clicking finish in this window.











If the below window does not present itself you can access it from the start menu.













Up to you if you want to join the improvement program.













Unless you have another WSUS server somewhere that you can use there is not much choice in these options ;).













Enter any proxy servers which you might have in your network













An initial connection to the WSUS servers of Microsoft is needed to determine what can be pulled in. This might take a while so sit back and relax.













Once completed, click next.













If you are supporting multiple languages in your organization you have the option to select those specific update packs here.













The following window will give you a granular control of the products you will be downloading updates for. As you can see this includes legacy products so you are best off not to select the "all Products" option.













Populate the below selection fields where necessary to suit your needs.













Unless you feel the need to synchronise manually you can setup daily synchronizations in this window. Make sure to adapt the time if necessary!













Once all the settings have been configured you can launch your initial synchronization and pull down the updates.













Click finish













Aaaaaaaaand close











Now go to start and open the Windows Server Update Services management tool.














You'll notice that none of our updates have been actually approved! Much good this server will do us not at this point…







So select every update (CTRL+A) and right click to select approve. (obviously this should not be done in a production environment. In such a key you should actually verify each update so it does not break your production services or third party applications)









Approve the updates for installation on the "all computers" group.










Click ok.










Erm yeah, this will take a while and you might be presented with a couple of additional screens to agree with license terms. If this process appears to be stuck try and minimizing your windows one by one. Sometimes the pop up screens go play hide-and-seek.










To avoid having to manually approve every new update in our lab environment you can go to options and click the "automatic Approvals" option to configure a default "approve all" rule.







As shown below














Update the classifications if necessary


7 Comments Filed Under [ General Platforms ]
Powershell: If statements dependent on installed exchange role
Something I need to keep for usage in the future:

If (get-exchangeserver $hostname | where {$_.isClientAccessServer -eq $true})
    } else {
If (get-exchangeserver $hostname | where {$_.isHubTransportServer -eq $true})
    } else {

If (get-exchangeserver $hostname | where {$_.isMailboxServer -eq $true})
    } else {

If (get-exchangeserver $hostname | where {$_.isUnifiedMessagingServer -eq $true})
    } else {

If (get-exchangeserver $hostname | where {$_.isEdgeServer -eq $true})
    } else {

Add Comment Filed Under [ General Powershell ]
Powershell: Connect to Exchange server powershell
Connecting to Exchange powershell is, for normal operations, as simple as opening the shortcut on you start menu :).
However, if you have the need to have some scripts perform actions against your Exchange you can use the below code to make that happen!

 = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://YourCASServerFQDN/PowerShell/ -Authentication Kerberos  Import-PSSession $s    Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010  . $env:ExchangeInstallPath\bin\RemoteExchange.ps1  Connect-ExchangeServer -auto
Add Comment Filed Under [ General Powershell ]
Powershell: Install-dotNET4 function
This function will download and install ,NET 4.0. It uses the Get-Framework-Versions function to determine if the installation is necessary or not. Internet Connectivity will be required as the script auto downloads the setup file (and sleeps for 360 seconds... I had a function in there to monitor for install completion at first, turns out the setup file spawns so many childprocesses the function just got confused and locked up -_-)

Alternatively you could drop the installation file in the folder specified on the $folderPath variable too. That will skip the download and use the file. This function easily adapts in to other versions f.e. I use it for Powershell 3 installs as well!

Function install-dotNet4 () {
    if(($InstalledDotNET -eq "4.0") -or ($InstalledDotNET -eq "4.0c")){
        write-host ".NET 4.0 Framework is already installed" -foregroundcolor Green
    } else{
        #set a var for the folder you are looking for
        $folderPath = 'C:\Temp'

        #Check if folder exists, if not, create it
        if (Test-Path $folderpath){
            Write-Host "The folder $folderPath exists." -ForeGroundColor Green
        } else{
            Write-Host "The folder $folderPath does not exist, creating..." -NoNewline -ForegroundColor Red
            New-Item $folderpath -type directory | Out-Null
            Write-Host " - done!" -ForegroundColor Green

        # Check if file exists, if not, download it
        $file = $folderPath+"\dotNetFx40_Full_x86_x64.exe"
        if (Test-Path $file){
            write-host "The file $file exists." -ForeGroundColor Green
        } else {
            #Download Microsoft .Net 4.0 Framework
            Write-Host "Downloading Microsoft .Net 4.0 Framework..." -nonewline -ForeGroundColor DarkYellow
            $clnt = New-Object System.Net.WebClient
            $url = ""
            Write-Host " - done!" -ForegroundColor Green
        #Install Microsoft .Net Framework
        Write-Host "Installing Microsoft .Net Framework..." -nonewline -ForegroundColor DarkYellow
        $dotNET4 = $folderPath+"\dotNetFx40_Full_x86_x64.exe /quiet /norestart"
        Invoke-Expression $dotNET4
        write-host " - done!" -ForegroundColor Green
        start-sleep -seconds 360
Add Comment Filed Under [ General Powershell ]
Powershell: Get-Framework-Versions.
This function will use the test-key function posted earlier. It will check which .NET frameworks are installed (currently only checking for .NET 4.0) but can be easily adapted and/or expanded.

function Get-Framework-Versions()
    $installedFrameworks = @()

    if(Test-Key "HKLM:\Software\Microsoft\NET Framework Setup\NDP\v4\Client" "Install") { $installedFrameworks += "4.0c" }
    if(Test-Key "HKLM:\Software\Microsoft\NET Framework Setup\NDP\v4\Full" "Install") { $installedFrameworks += "4.0" }  
    return $installedFrameworks
Add Comment Filed Under [ General Powershell ]
Powershell Test Reg Key function
Disclaimer: Code is not mine but forgot where I got it. Ping me if this is yours and you will receive full kudos to it :)

function Test-Key([string]$path, [string]$key)
    if(!(Test-Path $path)) { return $false }
    if ((Get-ItemProperty $path).$key -eq $null) { return $false }
    return $true

Add Comment Filed Under [ General Powershell ]
Powershell Run-As Script
Disclaimer: This script is not of my own making. I found it on a share somewhere and it is so handy I started using in a bunch of scripts. To the writer: If you're out there, somewhere, when you see this, thank you!

Check if script is running as Adminstrator and if not use RunAs
    # Use Check Switch to check if admin
    $IsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()`
        ).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
    if ($Check) { return $IsAdmin }    

    if ($MyInvocation.ScriptName -ne "")
        if (-not $IsAdmin)
                $arg = "-file `"$($MyInvocation.ScriptName)`""
                Start-Process "$psHome\powershell.exe" -Verb Runas -ArgumentList $arg -ErrorAction 'stop'
                Write-Warning "Error - Failed to restart script with runas"
            exit # Quit this session of powershell
        Write-Warning "Error - Script must be saved as a .ps1 file first"
write-host "Script Running As Administrator" -foregroundcolor red
Write-host ""
Add Comment Filed Under [ General Powershell ]