WDS – Adding your drivers to WinPE image.

Posted on by

Okay this just about drove me nuts untill I figured it out. When deploying a WinPE image, you probably going to want to add some drivers (particularly network drivers) to it. There are lots of tutorials out there about how to do this. Evidently Windows 2K8R2 makes it simple. But on 2k8 you still have to deal with the command prompt.

With WinPE 3.0 (what you would use to deploy Windows 7 and 2k8r2) you need to be sure to write your drivers to INDEX 2 for WDS deployment. In other words you need to run a command like:

Dism /Mount-Wim /WimFile:PATH_TO_BOOT.WIM /index:2 /MountDir:PATH_TO_MOUNT_DIR

Then you add your drivers with:

 DISM /image:PATH_TO_YOUR_MOUNT /Add-Driver /driver:PATH_TO_YOUR_FOLDER_OF_INF_DRIVERS\ /recurse

Then you commit and dismount with.

Dism /Unmount-Wim /MountDir:PATH_TO_YOUR_MOUNT /Commit

Hope that helps, this was driving me crazy. I’ll save the rant against MS, I’m sure they have a perfectly good reason for introducing multiple images in the files. But I couldn’t find any documentation on it, or anything about how to determine which images are used for what.

At least 2k8r2 is supposed to make this easier.

Share

VMware Powershell Scripts – Why aren’t they signed?

Posted on by

VMWare vSphere PowerCLI is an awesome thing. If you do any kind of vmware administration and you haven’t installed it yet, stop what you are doing right now and go do it! PowerShell itself is an awesome thing, but it has some gotchas. Most notably (for the purpose of this post) is code signing, and for some odd reason VMWare did not sign any of their scripts.

Now we could change that setting via “Set-ExecutionPolicy” (need to be in an administrative context) to something less secure, typically “Unrestricted” but this is a step back from a security standpoint. Idealy your policy would be “AllSigned” and VMWare would have provided you a certificate to add to your “Trusted Publishers.” But since VMWare didn’t sign the scripts, it’s not an option.

Instead I went ahead and signed them myself. If your not familiar with this procedure check out this great tutorial. If you already have something like a windows Certificate Server it’s even easier, just make sure the ‘code-singing’ template is enabled, and request a cert from the website (you can even distribute the cert by AD if you like).

Anyways the scripts that need to be signed to make vSphere PowerCLI work with Code signing are all the ps1 files in the “Program Files\VMware\Infrastructure\vSphere PowerCLI\Scripts” and all the ps1xml in the “Program Files\VMware\Infrastructure\vSphere PowerCLI” directory.

Bottom line, if your already setup with a certificate for codesigning in your certificate store this lines of code will fix the problem for you:

foreach ($script in Get-ChildItem ‘C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\*’ -recurse | where { $_.name -like ‘*.ps1*’ }) { Set-AuthenticodeSignature $script @(Get-ChildItem cert:\CurrentUser\My -codesigning)[0] }

Hope that helps!

Share

Awesome Pro-Tip

Posted on by
Need to modify a non-admin user printers in an administrative context? You can use the run-as trick within printers and faxes as well! Just hold down shift when right clicking the option you want and boom, run-as should be there along with the options you probably wanted to select from! Enjoy.
Share

Charles Babage Say What?

Posted on by

On two occasions I have been asked, ‘Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?’ I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question.
Charles Babbage

Share

Installing RAST for Win 7

Posted on by
This is a Major PITA. So to install the RAST (Remote Access Server Tools) you have to go through a fairly stupid and drawn out procedure. First download the RAST package from http://www.microsoft.com/download/en/details.aspx?id=7887,it’s a pretty big file, 200+MB.So you download it. And run it, but then it connects to windows update and apparently gets even more files? Fine. You sit there and wait. And finally it’s done. But you’re not ready to go yet. So to actually use the stuff you downloaded you have to go into Windows Features (and yeah of course Windows 7 buries this crap deep in its menus now) and turn on these features, buy clicking lots of check boxes.

Nothing a competent admin should have a problem doing but why is this such a pain to do? I’m expecting windows built in tools at least to install w/ apt-get easiness. But I guess this is not the case.

Share

Likewise Open Sudo

Posted on by
So likewise-open makes it trivially easy to add a computer to the domain, arguably easier then it is in windows even.Just:
domainjoin-cli join [-ou ] domain adminusername
Then put in your password. Easy-peasy. But while that will get you login, you won’t be able to use sudo and what not w/ that. Doing that is easy however as well though. Just use visudo with the -f option to make a new file for your sudoers.d directory w/ this option:

%DOMAINNAME\\domain^admins ALL=(ALL) ALL

Simple enough. Move that into /etc/sudoers.d and boom your done. Domain Admins now have root privileges on the box. You can of course replace domain admins w/ whatever group might be appropriate for you.

Share

Dell Power Edge 2850 Rant

Posted on by
Just need to vent. I’m sure no one cares about my feelings about a 6 year old server model that is basically obsolete, but this thing helped keep me up to 5:00AM Monday Morning, so I feel the need to rant.First off: WHO IN THEIR RIGHT MIND COMBINES THE ONBOARD RAID CARD WITH THE PCI RAISER! I don’t have any complaints with the Power Edge PERCs (redudant I know). But putting the card together on the board with the PCI raiser is just monumentally stupid.

Look, you can kind of figure what are the most likely repair jobs for a server. Most common are hard-drives and power supplies. Dell does right and these are quick and easy to replace in place (hard drives at least I haven’t done a hot swap of a power supply yet).

But if you are cracking open the case, chances are your either upgrading/replacing the ram, or putting in a new PCI card. One thing NO one is likely to do is replace the on board raid card (unless it is broken). So why does replacing/adding a PCI require the removal of this giant board, which (worse) has some big thick cables going into the front plane and back-plane. It’s completely unnecessary and only creates the potential for a devastating disaster (failure of a the PERC card) from what should be a simple replacement (adding/removing a PCI card). I bet you can guess what kept me up this Sunday night…

It also makes the PCI raiser (a unit that does not have to be huge) a ginormous assemblage. Rule of thumb with circit boards, the bigger they are, the more likely they are to break. When you are dealing with a riser board more than twice the length of the longest PCI cards, you know you have messed up. And worse, a PCI card is one of the bits of hardware that sometimes requires some finagling (read a slightly uncomfortable level of force) to get inserted. Worst case scenario if I break a PCI raiser, I’m out a cheapish raiser and I can’t use my PCI cards (likely not mission critical, or something you can work around). Worst case scenario if you f-up the PERC raid controller (redundant again, I know). SHIT STORM.

So you’ve got this huge raid/controller pci expansion card. With Raid memory modules, PCI cards, and who knows what else dangling off of it. It’s as long as your arm and awkward to handle. Guess what for more fun? There’s no quick release tab or anything on the PCI cards for you. No, you’ve got to unscrew the things, and hope to god that no one tightened them in real good because it takes a tiny phillips head and you’ve got exactly 0 inches of freedom on your tiny jewlers head screwdriver. ARGH.

I’ve had mixed feelings on the Dell Desktops, but quite frankly this is enough to make we not want to purchase another server from them again. EVER.

Share

Harry Potter and the Deathly Hollows Part 2 Review

Posted on by
Saw Harry Potter and the Deathly Hollows Part II today. I thought it was pretty good. One of the better Potter movies and much better then the previous installment. I’m a pretty big fan of the Potter books, though I think they jumped the shark after book 4. The movie is better than the book I think. I give it 4/5.Detailed thoughts, might contain light spoilers. I’ll try and constrain my criticism to that of the movie, and not that of the book.

  • The bit at Gringots really should have been in the previous movie or omitted entirely I think. It doesn’t match in tone and setting with the rest of the film (which takes place almost entirely in Hogwarts). And frankly it adds nothing to the movie (or book for that matter) and we have enough Horocrux’s without it.
  • The films pacing is a bit mixed, with an extended 2nd act that seems to build to a climax, only to be stop for a self-reflective intermission. And then continues on to the final climax. Which I feel lessens its impact somewhat (though this is true to the book).
  • The movies crosses between betting you over the head with plot points, and leaving crucial points unexplained. If you have not read the books, why the outcome of the final battle is what it is may be a bit of a headshaker to you.
  • The start of the movie has some more T&A shots of Hermione, whats up with this? At least not as bad as the last movie.
  • The film totally acknowledges that Ginny is a worthless character. She’s barely in the film.
  • While I still don’t empathize with Harry very much, he’s a much more Heroic character in this one then he was in the last couple films. Though still dragged around by fate rather then settings his own course (again, this comes from the book).
  • The film is shot very beautifully, with a lot more attention to detail and placement. I give the cinematography 5/5. The 3D is tasteful and adds to the context without being distracting (mostly).
  • For as important as Snape should be for this film, he doesn’t seem to get that many lines or time on screen. Which is a shame ’cause he’s my favorite character.

Anyways in general I liked it.

Share

Today's Thoughts: Friday, July 15 2011

Posted on by
I ate at Arby’s today, and it was a most unpleasant experience. I generally like Arby’s. The food is pretty good (their French Dip is great), if a bit pricey IMO for fast food. I like the curly fries but generally avoid them. I love the Arby sauce but I’m frankly to lazy to apply it most times (to lazy to apply a condiment? I’m really lazy). And I’m a pretty pragmatic guy, I go into a restaurant to eat, and that’s it. I don’t think I’m hard to please. As long as the food is good, I’m generally good.So it takes quite a lot to take me away from my dining experience. Arby’s 1614managed to do that for me. And it wasn’t the food, which was quite acceptable, and delivered in a timely manner. But just about everything else about the restaurant was wrong.

  • First and most prominently the AC was out. Now this is Texas and it was nearly 100* today. I understand that things happen, and they did have a fan running, but the environment was entirely unacceptable. If the AC breaks, you got to get it fixed, pronto. No excuses.
  • The restaurant was dirty and unkempt. A couple unbussed tables does not bother me, but I had to take a good look around the restaurant to find a clean spot. Well it wasn’t clean, but at least margianlly clean.
  • The staff had trouble getting my order right. Honestly doesn’t bother me that much, but ordering should be a simple matter, it aggravates me to not get what I want on my first order and have to do another transaction.
    • Also, it’s the 21 century, isn’t it time Arby’s upgraded their order taking system to keep in touch?
  • The staff was generally unkempt. Nothing overt, but their uniforms seemed slightly dirty and unkempt. Several had prominent tattoos/piercings. Normally I don’t care about things like this, but when the restaurant is dirty and the staff is unkempt, I start to worry about the cleanliness of my food.
  • The staff friendlyness was a mixed bag. The employee who took my order was unfriendly, but the rest of the staff was kind enough, I was greeted on my exit.

I’ve ranted enough, I like Arby’s, but this was an unpleasant enough experience that I don’t plan on heading back in the next 6 months. No point in subjecting myself to an unpleasnt experience or rewarding bad behaviour. I know the restaurants are Franchises, and at one point I had met this locations manager, who was a nice enough guy (not sure if he still runs it), but this store needs a firmer hand at the wheel. Look I like Arby’s, I want to give you guys my business, please fix what is broken so I can do so.

A little META: I’m trying to blog more, and trying to be more active about what I feel. I have no idea if Arby’s cares at all about this. But I’ll certainly shove it at ‘em. If they do, awesome. If they don’t, well at least I’ll feel better for expressing it.

http://maps.google.com/maps/place?client=ubuntu&channel=fs&oe=utf-8&um=1&ie=UTF-8&q=Arbys&fb=1&gl=us&hq=Arbys&hnear=0x86344132c2a06457:0x9d583c9261db5b70,Texarkana,+TX&cid=17922461051151506376&ei=vhwhTtrWN86ltwfHusHHAw&sa=X&oi=local_result&ct=map-marker-link&resnum=1&ved=0CDIQrwswAA

Share

Getting Windows to Sign your CSR

Posted on by

So if you run a mixed Windows/Linux network, or even if you just run Apache on a webserver someplace, or even if you’ve got some network appliance someplace, you may have run into the issue of getting your AD Certificate Authority to sign your certificate request. Linux tools (openssl primarily) will generally have you end up with a .csr (Certificate Signing Request) to get signed. Verasign and all the other major certificate providers know how to deal with them no problem, but to windows it seems like you are talking a forgin language (which is pain if you only need the cert to be good internally and have no need to get Verasign to sign it).

If you try and import into the CA via the MMC agent, you’ll find that windows doesn’t know anything about a CSR file (and no you can’t force it). Apparently you can use the webagent to do it in 2008, but the auto-install of that has been a big cluster F* for me (don’t ever try and install a windows webservice if you are already running anyother kind of webservice) and I haven’t the time to get it working.

Instead here is what you do.  Drop to the command line and do

certreq -submit -attrib “CertificateTemplate:WebServer” <Cert Request.csr> <Cert.cer>

The attribe: part is the key here. Windows wants/requires a template for the cert, which openssl doesn’t issue with the CSR without jumping through some hoops. Generally webserver is what you want, but you can check out what other templates you have avaliable in the CA dealydo. Hope this helps!

Share