Archive for the ‘Microsoft’ Category

Tip: Fixing Windows 8.x to 10 Upgrade (Part 1… I assume.. :-( )

Tuesday, August 4th, 2015

Hello Folks,

did you also already tried to upgrade to Windows 10? On some devices it runs smoothly but on other one’s it could be a real nightmare… To be honest i assume the release was a little bit to early or the developers for the upgrade routines got a few beer to much during the development. As you can read iam currently not really happy with the upgrade process….

Why? I tried to upgrade a bunch of different devices and only on 50% the upgrade worked with the first try… On the other devices like the Surface Pro 2 it fails with really funny and nonsense error messages. There are already a lot of tweaks available but here is a small checklist to prepare the upgrade from my site.

1) Run “Dism /Online /Cleanup-Image /RestoreHealth" to verify your current installation (Windows 8.x) is working fine and correct. Maybe you are required to solve seperate issue here, try google in this case.. :-)
2) Uninstall any Virus Scanner from your current Windows, Virus Scanners can cause a lot of issues during the upgrade.
3) Add a Registry entry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade" DWord 32-> "AllowOSUpgrade" and set it to "1". (This seams also to force the upgrade if you did not got the Microsoft upgrade notice in advance).
4) If you already tried to upgrade remove the $Windows.~BT and $Windows.~WS folders from drive C:
5) Reboot and retry the upgrade thru Windows update.

In some cases this will fix the issue but not always so i assume there will be some follow up articles…. 🙁

Cheers

Michael

 

Tip: Troubleshooting Miracast devices and Windows 8.x

Friday, July 3rd, 2015

Hi Folks,

did you get a Miracast enabled device like the Microsoft Wireless Display Adapter? But now you suffer during the setup or it “just” did not work?

mswda

Here are a few simple tips’s how to troubleshoot a Miracast connection.

First of all verify that you device is Miracast enabled! To use Miracast you must be use a Miracast enabled GFX-Card and WiFi driver, you can check this out quite simple… Just execute “dxdiag.exe” and select “Save informations”, now open the saved “dxdiag.txt” file with a regular text editor and scroll down to the line beginning with “Miracast:” in the Display Devices area.  If you have “Miracast: Supported” than you are ready to go but i assume that you have a “Miracast: Not supported…”

For Windows Phone you can find a Miracast enabled device list here: http://www.microsoft.com/en-us/mobile/support/faq/?action=singleTopic&topic=FA143456

If you run into a “Miracast: Not supported by Graphics Driver” issue make sure that you have installed the latest driver! By default newer Intel devices are working well also with low end Atom based tablets if they are not to old. You can download the latest Miracast enabled Intel Drivers from here: https://downloadcenter.intel.com/search?keyword=4th+Generation+Intel%C2%AE+Core%E2%84%A2+Processors+with+Intel%C2%AE+HD+Graphics+4400. This driver supports a bunch of devices but be aware that not all devices are supported for Miracast, just review the driver release notes (see picture below).

IntelMiracast

AMD could be also be tricky, in anyway you mostly are required to perform a driver update but for a couple of AMD Devices you are required to add a registry entry “DalWirelessDisplaySupport” as Dword set to 1 in the HKEY_LOCAL_MACHINE_System\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\00?? area. 00?? means you have to figure out which registry part handles your AMD GFX-Card.

If you run into a “Miracast: Not supported by WiFi Driver” issue you are required to update your wireless driver or maybe forced to replace the Wireless Module.  For Intel devices there is a good article here: http://supportkb.intel.com/wireless/wireless-display/templates/selfservice/intelwidi/#portal/1026/article/2511 to verify if your components are supported or “not”.

If you have a “Miracast: Supported” message in the dxdiag.txt but still you are not able to connect to the Miracast Device the fun beginns…

1) If the Hyper-V role is installed make sure that you have not assigned a virtual switch to the Wireless network card.

2) Make sure that no VPN client is installed during your tests, this can prevent the Miracast connection….

3) ..similar for a Virus Scanner inspecting the network traffic. During my tests i never got an issue with the enabled Windows Firewall but in any way disabling the Windows Firewall could be also tested.

4) Miracast currently works for 2,4GHz wireless connections, if you are connected to a 5GHz wireless lan a Miracast connection can not be started. This is not well documented but during my tests i never was able to connect to a Miracast device if my WiFi was connected to a regular 5GHz wireless network. The funny thing, i was able to browse the Miracast devices but if trying to connect it just hangs without any error message… So make sure that you are connected to a 2,4GHz network. In rare cases you might be also forced to fully disconnect from the wireless lan->setup the miracast connection->join the wireless lan again.

So the shortlist:

1) Make sure you have the right hardware and the right drivers installed!

2) Make sure you wireless network connection is configured well!

Have Fun!

Michael

 

Tip: Optimizing Windows Server 2012 (R2) or Windows 8(.1) for VDI/Terminal Server use

Wednesday, March 18th, 2015

Hi Folks,

Citrix already one year ago released in article with several optimizations for Windows Server 2012 (R2) and Windows 8(.1) to optimize these systems for VDI / Terminal Server use. A lot of people doesn’t know it and it can be really helpfull, you can find the article here and it also include a .vbs script to run all these optimizations in one step. It will work for Citrix and also other solutions and can be very usefull to improve the user experience in general.

Just try it!

Cheers

Michael

Windows Phone Remote Desktop Services Client comes now with RDGateway support

Thursday, March 12th, 2015

Hi Folks,

the Remote Desktop Services Client for the Windows Phone now comes with RDGateway support (after a long time waiting…).

The RDGateway Client works fine but seams to have some issues with self signed certificates if the CA can not be reached to verify the certificate blacklist. So i recommend to use certificate coming from a public CA to make sure it’s working fine. You will get an 0x3000005 error in this case, this error will only happen if you connect thru an external network and not if you try it in the local network.

Cheers

Michael

 

 

Tip: Fixing HDX3D Pro performance issues with Citrix XenDesktop 7.x and Nividia Grid Cards

Friday, March 6th, 2015

Hi Folks,

if getting performance issues when using HDX 3D Pro together with XenDesktop 7.x and Nvidia Grid Cards you should try the latest XenDesktop Desktop VDA release which is available here.

It doesn’t matter what type of end device is used.

Cheers

Michael

Security: cloud-client.info domain blacklist

Monday, February 23rd, 2015

Hello Folks,

like already mentioned in our blog registration form we will publish domains which are used by spam bots, malware and virus senders and/or domains where users perform suspicious actions against our websites.

So here is our first list called “domains_we_dont_like” containing 643 domains (collected by our websites in the last 12 months), you can use this list as blacklist for mail servers or to protect other webhostings/services. We do also allow the use of this list for other security related use and to prevent these actions in the future. Please note: There are also a couple popular email providers like GMX, Yahoo or Hotmail in the list, as long these mail provider can’t prevent the massive misuse of there services we have no reason to remove these providers from the list. All listed domains are used a couple of times for different suspicious activities, if you are responsible for one of these domains and you want to be removed you can get in contact with us to discuss how you can be removed from the list.

The list will updated from time to time.

Cheers

Michael

 

Info: What clients can be used with the Windows Server 2012 Work Folder feature?

Monday, February 23rd, 2015

Hi Folks,

very often asked during workshop’s, what Clients can be used with the Windows Server 2012 Work Folder feature. Currently the following Desktop/Mobile OS’s are supported:

– Windows 8(.x) x86 and 64-Bit and Windows RT: Work Folder support is coming directly with the OS.
– Windows 7 x86 and 64-Bit; Work Folder support needs do be downloaded from here and to be installed.
– Apple Ipad (IOS): Work Folders app for devices is available in the Apple store

Still unsupported:

– Windows Phone 8(.x)
– Android
– Linux
– Webbrowser based access

It’s quite funny (no, not really) to see how Microsoft create good features/products and directly do the best to kill this advantage by not providing a client for several major OS’s in the same or nearly equal way.. Similar to the still existing Remote Desktop Gateway gap for Windows Phone or a missing Lync/RDP Client for Linux. Before talking about cloud as the future of Microsoft it’s maybe helpfull to unterstand that “cloud” means a bunch of end devices and it still seams that Microsoft did not realize this small but important fact. ..don’t misunterstand me, i really like these features/products but i really don’t like to explain customers/users all the time why they can’t use these features in there infrastructure regarding the lack of a well developed client infrastructure. Maybe it will be better with Windows Server vNext… …or Skype for Business. 🙂 Maybe iam also to spoilt by the existing Citrix client environment… 🙂 🙂

Cheers

Michael

Tip: Using Windows Server 2012 R2 workfolders with Remote Desktop/Citrix XenApp based Terminal Servers/VDI’s

Monday, February 23rd, 2015

Hi Folks,

already a year ago I wrote an article how you can change the default port for the Windows Server 2012 R2 workfolder role/feature. By default the Workfolder feature works a “sync” share for Windows 8.1 based desktop systems/VDI’s like a self hosted OneDrive/Google Drive. In the article here i’ve also mentioned that these Workfolders can be mapped to a Terminal Server based on Microsoft Remote Desktop Services and Citrix XenApp.

I got a couple of request how the setup should look like so here is a small guide.

1) Install the Workfolder feature (can be found in the file server roles setup) to a Windows Server 2012 R2, make sure that no other feature or application block the SSL Port 443 or modify the Port by following our guide here. During the Workfolder configuration you will be ask what “folder” name should be used, username or username@domain; use username here only.
2) After the workfolder setup is done create a new smb fileshare pointing to your workfolder directory, make sure to setup the exact similar user rights like set for the original workfolder directory. Open Windows Explorer at the Workfolder Server and check the User Rights for the Workfolder and adopt this configuration for the Workfolder Share. If not done right you may mismatch the Userrights and Users may can access files from other Users or loose the Workfolder access.
3) After this is done open the Group Policy Management Console (GPMC) and create a new policy linked to your Terminal Server OU
4) Edit the new policy and browse to User Configuration->Preferences->Windows Settings->Drive Maps and create two new mapping entries, in my sample i map the workfolder shares to drive U: (Click picture to enlarge). Location should be always \\*your_workfolder_server*\*Workfolder_Sharename*\%USERNAME%.

Create the share configuration

Create the share configuration

Update the share configuration

Update the share configuration

Final view

Final view

5) Close the policy and logon to a terminal server to verify the configuration, all modified content within the drive U: will be synced to the user devices and vice versa.

Cheers

Michael

P.S.: This can be also used with any Microsoft Desktop OS based VDI if you want to use the workfolder sync feature only for physical devices (which make sense to prevent double data in the Workfolder Share and the User Profile/Personal VDisk). If you install the file resource manager to the Workfolder Server to set quotes (like 250MB availabe space per User) make sure to set the similar quote also for the fileshare!

P.S.2: The screenshot’s are coming from a production environment, that why the location path is pixeled.

 

Tip (Update): Setting the Startmenu for Terminal Server Users working with Windows Server 2012 R2

Monday, February 23rd, 2015

Hi Folks,

maybe you noticed already that the handling for the Startmenu is very different between Windows Server 2012 R2 and old Windows Server versions like 2008 R2 and so on. These configurations will also work for Windows 8.1 incl. Windows 8.1 RT (Require enabled Group Policy Client service or local Policy setup).

A lot of Administrator want to modify the Startmenu and to offer a standard view for all User, this can be a very tricky task and i saw already a lot of funny way’s how to edit it. To clear this up a little bit i would like to suggest you two ways how this task can be done, the first variant will introduce you a “static” way. Static means the User will get a “fixed” Startmenu without the ability to change something here. The second way will introduce you a way to create a “default” Starmenu  that can be modified by the User. So you can figure out which way works best for you, depending on the scenario, for example if you deploy Terminal Server thru Citrix Provisioning with an static base image it doesn’t make sense to give the User the ability to modificate the Startmenu in any way. These configurations can be done thru local and/or domain policies.

Way 1 – Static Startmenu for all users

1) Login as User with Administrator permissions and install/setup all Applications you want to provide to the user.
2) Setup Starmenu like it should be “published” to the users.
3) After you have finished the final look and feel create a new SMB Share on any fileserver in your environment, call it “startmenu” or something similar.
4) At the server where you have created the Startmenu “User” view open the powerhell with administrative permissions and enter the command: “Export-StartLayout -Path \\*yourfileserver*\*sharename*\StartMenu.xml -As XML”
5) Logoff from the Terminal Server and start the GPMC (Group Policy Management Console) on any domain system where the GPMC is available.
6) Create a new policy (or use an existing Policy) and link it to the OU where your Terminal Server Users can be found and click the right mouse button->Edit.
7) In the policy browse to User Configuration->Policies->Administrative Templates->Start Menu and Taskbar and edit here the setting Start Screen Layout.
8) Enable the policy and set the Start Layout File to the file you have created in 4) = \\*yourfileserver*\*sharename*\StartMenu.xml

startmenustatic

9) Close the policy and make sure the policy is assigned to the right OU, after this login to the Server and verify the result.

Please note: The Startmenu can not be modified thru a User! For the Export-StartLayout command (4) you have to use the XML format for the export, the bin format can not be used thru the policy! If you assign the policies to a Computer OU like your terminal servers don’t forget to enable loopback processing!

Update: I forgot, Applications where the shortcut is not listed in %ProgramData%>Microsoft>Windows>Start Menu may dissapear after the second User Login (Notepad, Internet Explorer default entry as example). So you may have to create the Shortcuts by your own and assign it to the Startmenu before exporting the XML file. In this folder you can also setup the Applications that should be shown to the User in the “full” Starmenu applications view by editing the User permissions for each file and folder in a very simple way. As example if you want to hide the Windows Store disable the permission inheritance and set the User permissions to full access for “Domain Administrators”, “System”, “Administrators” and add the Usergroup(s) which should be able to gain access to the Applications thru the “full” Startmenu view (Arrow down button in the Startmenu). If you want to be more secure regarding the general Application access you can also combine this with the Windows Applocker feature.

Way 2 – Flexible default Startmenu for all Users (Source: Microsoft Platform)

There is also an alternative described here: Microsoft Platform, this way allows also provide write access for the users but it’s a little bit tricky to set it up and can cause issues in production.

I personal do prefer Way 1 which make more sense for the most scenarios, so i do provide only the link to the source.

Cheers

Michael

cloud-client.info Remote Desktop Services Configuration Tool Beta is now available for download

Monday, February 16th, 2015

Hello Folks,

if you are looking for a small tool to simple configure a bunch of Microsoft Remote Desktop Service settings for Windows 8 (.1) or Windows 2012 (R2) than you should try our latest Tool “Remote Desktop Services Configuration Tool” which is now available as public Beta.

Remote Desktop Services Configuration Tool 1.0 Beta

The tool can also import and export settings, as example to switch settings very fast between different system’s or to adopt a configuration from a production system to a trial system and so on.

As written RDSCT is currently a Beta Version and a bunch of settings will follow with upcoming releases (and depending on my time). The source is already more than 16k lines of code and i don’t have always the time to add new features as i want to do it. 🙂

The download is available here: Remote Desktop Services Configuration Tool

Have Fun

Michael

P.S.: Please report bugs or settings you want to see in later versions to us, see readme.txt for details.

Lync 2013 in a Box for SMB customers, introducing the UCBOX. (Updated)

Friday, February 13th, 2015

Hi Folks,

today i got my first hands on the UCBOX coming from the german Vendor Bressner.

What is the UCBOX? Last but a not least a small and handy Microsoft Lync 2013 Server Box/Appliance designed with a very simple setup and handling for SMB customers. The UCBOX is available in different versions, this one is a UCBOX Lync Express OS version coming with the following content:

  • BRESSNER UCBOX Lync-in-a-box
  • with Auto installer for
  • Microsoft® Lync ™ 2013 Standard,
  • Telephony-Addon FonComfort Server
  • incl. Windows SRV 2012 R2
  • Embedded System 2U, 9,5″ Width
  • External power supply 19V DC,
  • Prerequisite Active Directory,
  • Lync-Licenses,
  • can be combined with 2. System to 19″,
  • incl. 19″ rack mounting kit

Today i don’t have much time available to run some more test’s with the UCBOX but here are already some pictures (click to enlarge) showing the UCBOX and also to compare the size of the UCBOX with a Surface Pro Tablet and an IGEL UD5 Thin Client.

UCBOX Front View

UCBOX Front View

UCBOX Back View

UCBOX Back View

Comparing UCBOX size with the Microsoft Surface Pro and an IGEL UD5

Comparing UCBOX size with the Microsoft Surface Pro and an IGEL UD5

Currently the UCBOX is available in Germany thru the distribution company ADN and in Switzerland thru BCD-Sintrag, if you’re intrested to get more information’s you can also visit various road shows in Germany (Road shows in Germany). For simple product details and features you can also go to the Bressner website here: Lync related products.

At the moment the UCBOX looks very promising and I will provide you some test results during the next week.

Updated:

After the first tests, the UCBOX is not only a stupid hardware box. The main advantage is the software which is also sold seperatly and can be used with your own server hardware. The installer will take a lot of tasks away from the Engineer to focus on the main work and it’s also Skype for Business ready, so it can not be compared with other “more” or “less” efficient hardware appliances available.

ucboxsetup

 

More will follow soon after some more tests…

Cheers

Michael

Windows Update KB3013455 breaks Font Smoothing on Windows XP, Server 2003R2 and 2008

Thursday, February 12th, 2015

Hello Folks,

if you are using Windows XP as VDI or have old Terminal Server’s (incl. Citrix solutions) running Microsoft Windows Server 2003R2 or 2008 (32-Bit) you should not deploy KB3013455 which was released during the last Microsoft Patch Day.

The Update will cause a general font smoothing issue with a bunch of fonts and the users will/can get a much lower user experience if working with a lot of text content.

There is currently no work around for this issue, Windows Server 2008R2/2012(R2) and Windows 7/8(.1) do not show any issue once the update is applied.

The issue is already confirmed by Microsoft, read also here: MS15-010

The MS15-010 article currently doesn’t mention Windows XP (or Vista) but i was able to reproduce it also with a Windows XP 32-Bit VM.

Cheers
Michael

P.S.: Some Users also reporting issues with Windows Vista 32 Bit but i believe this is less important for VDI environments.

Tip: Business Card Scanners for Linux / MacOSX in virtual environments and without USB Redirection.

Monday, February 9th, 2015

Hi Folks,

from time to time customers are asking what type of Business Card Scanners can be used with the IGEL Linux or any other “none” Windows Client devices together with XenApp or Microsoft Remote Desktop Services. Typical these customers don’t want to deal with USB Redirection (XenApp 7.x or Microsoft Remote FX) or don’t have USB Redirection available (XenApp <=6.5 / Windows Terminal Server <= Windows 2008 R2)

If you run in a situation like this you should look out for solutions like IRIS Card Anywhere (Canon). Devices working in the same way don’t need a “special” driver installed, they come with an internal memory or SD-Card and can be used like an regular USB Memory and this means: It can be used with Windows, Linux, MacOSX or an Android Tablet providing a USB Port. Disadvantage: They are a little bit more expensive but if you calculate the work to get a driver installed or deployed in your environment than you will have a much cheaper TCO.

Cheers

Michael

P.S.: I used the IRIS Card as sample regarding my past experience, it’s not an advertisement. 🙂 In any way there are several solutions out there and you should test it in advance and before ordering a bunch of these devices. 😉

Windows Server vNext will not be available before 2016

Saturday, January 31st, 2015

Hi Folks,

yesterday Microsoft released an update to the Windows Server roadmap. Reduced to the main information it announced a new Version for Windows Server in 2016 and not in 2015.

You can read the full article from Microsoft here: Windows Server and System Center roadmap update

Cheers

Michael

Microsoft strikes again… I should think about OneDrive and how Microsoft handles my data. (Updated)

Wednesday, January 14th, 2015

Hi,

are you using OneDrive by Microsoft? A new case in Germany demonstrates how secure OneDrive is…

I really like OneDrive and also Google Drive, maybe you are using it too to store photos and other data. For OneDrive i’ve now a very bad feeling and i hope Microsoft can clearify this.

What happens?

Microsoft seams to perform a scan for every file uploaded to your private OneDrive account, all these files seams to be verified with a hash database or/and something similar. So in the case that you’ve uploaded a file with the same hash like a child pornography picture you are in trouble? Regarding the reports US Law enforcement agencys will be informed about this and they will inform the law enforcement agencys in your country. A german OneDrive customer got a visit from the german police in this case.

A lot of questions… You have a daughter or a son and using OneDrive with the automatic Photo sync feature.. Bad luck if you sync a beach picture in your private picture folder? You upload a image that fit’s to forbidden content in the US to your private OneDrive area? Bad luck? Your childs using an own mobile and sync content to a account related to your Office365 account.. Bad luck? Some one hacked your account and upload “Bomb plans” to your private folder? Bad luck, you’re now in a US terrorist database by accident?

Microsoft is fighting for User rights but it seams that Microsoft ignore these rights at the same time… Crazy? What about foreign law? Microsoft can you please make this a little bit more transparent for customers incl. company customers please.. What happens if the OneDrive User is related to company?

All reports related to this are currently in german but you can translate it with Google translate or similar.

Report 1 Report 2 Report 3 and if you search for it you will find a lot of more.

Update: Here is the link to the original blog by the german lawyer Udo Vetter

If Microsoft believes that this will create any trust for customers in Europe they are wrong, companies and also private customers (like myself) really don’t like someone who scan files “in general” and just report this to any foreign law enforcement agency or who ever. It’s also not important if the file was child pornography (or what someone i don’t know at Microsoft/any unknown US Guy defines to be “forbidden” or to be a content of “interest”).. The fact that private files will be scanned by default and without any suspect of a crime is the issue.

I really hope for Microsoft that they will provide a very detailed statement for the general file handling with OneDrive.

…and don’t misunterstood me, i don’t want to protect any crime but how would you like if someone from a foreign Company came into your house without any reason or point of suspect and verify every private item in your house and you don’t know what they’re doing with it. People can sale the biggest “piece of sh*t” as long they tell you it’s for law enforment or to fight terrorism. Huh… “We only will watch the bad guys but not you..”, do you really believe it? Do you feel better if you thing “Heh.. They will watch only the bad guys!”, did you ask “Who is the guy that got unlimited access to my files?” and do you know what they’re doing with it at the end of the day? The truth is, the only things they sale is fear, hate and doubt.

Update: And if you believe you do nothing wrong and you have nothing to fear… In the year 2013 150 Million Adobe accounts were hacked and this is only one figure. Also there is a clear difference between public available content and private content, for example DropBox is known to scan files for copyright protected material but.. If i offer a copyright protected file as public content and the file will be scanned it’s fine but if iam a legel owner of this file and i put it into my “private” file area, is this file now also scanned or will someone else be imformed that i do a “license” violation? Why? Where do file hosters inform users in details what they’re doing with the data or not.. To be honest.. I’ve no clue and trust looks different.

If you are a European company and you want to host files in the cloud than place it in your own datacenter/your private cloud or a hosting company located in your area where you know the law and how this law protects your data incl. the people working for this company. Do the same for any Servers hosting confidential data; this is currently the only advice i can provide to a customer. News like this are really a killer for any “public” cloud offering like OneDrive, Office365 and Azure.

Cheers

Michael

P.S.: This might also work for Google Drive or any other cloud storage provider in the US, but for OneDrive we’ve now a concrete case. The article is also written in a rainbow press style related to the content… How to tell someone that the way how it works is wrong in a more polite way?

Tip: Running out of storage? Slim down Windows 8.x and Windows Server 2012 R2 HDD use Part 2

Wednesday, January 14th, 2015

Hi Folks,

this is the second part of our “Slim down Windows 8.x and Windows Server 2012 R2 HDD use” series, the first part can be found here: Slim down Windows 8.x and Windows Server 2012 R2 HDD use Part 1

In this part we will get a closer look on Windows Server 2012 R2 incl. virtual Windows OS’s runinng on Hyper-V which is also available with Windows 8.1 Pro and Enterprise.

 

1) Compress VHD(x) files (in the right way)

You are using virtual Windows Systems together with the Hyper-V role or VHD boot to have multiple Windows systems available on a PC/Server?
VHD’s are available in different types, one is the dynamic mode and this is very common to use. Why? If you create a VHD with an size of 80GB in dynamic mode the VHD file size will be only a few MB. The VHD will increase the size everytime you add data to it and will max. grow to the defined size (in this case 80GB). But what will happen to the VHD if you remove content from it? Will the VHD size decrease? No… You need to run a compression to perform this task and most Users or Administrators are using the compression offered in the Hyper-V console. Is this a problem? For my point of view yes… In the Hyper-V console you can only run the compression for 1 VHD per Time and you have to repeats this for other VHD’s, boring right? Do you know that they are different compression types available? No? Of cause most people don’t know this because the Hyper-V console doesn’t offer any compression type selection and the “default” compression is not the most efficient one.

So what do we want to do… A simple command or script to compress all VHD or VHDX files in a folder with the best possible compression to gain the most possible free disk space. Here it is…

Attention: If using VHD(x) Boot do not use it for the used boot VHD, it will also not work for running VM’s and the current used VHD(x) files.

Command (Powershell, 1st line for VHDX and 2nd for VHD files):

Get-VHD *.vhdx | where {$_.VhdType -eq "Dynamic"} | Optimize-VHD -mode full

Get-VHD *.vhd | where {$_.VhdType -eq "Dynamic"} | Optimize-VHD -mode full

Supported by Microsoft: Yes
Require Administrator Permission: Yes
Produced space on HDD: Depends on VHD(x) use
Can be used with WIM boot installation: Yes
Disadvantage: Installed Hyper-V role is required to run the command, it will not work for VHD(x) files used by runinng VM’s. Do never use it for a VHD(x) with existing snapshots or VHD(x) files that work as parent disk for one or more differencing disks (See 2,).

 

2) If running multiple VM’s on Hyper-V use differencing disks

You want to run several VM’s with the Hyper-V role? You copy always your Master VHD(x) for each VM? So one 80GB Master Disk is required for 5 VM’s and you have now 480GB used on the HDD? This can be done much lower storage demand by using differencing disks. To explain this a little bit more in details.. A differencing disk (aka as fast clone/linked clone for other Hypervisors) is some sort of a snapshot, so it will take the data from the Master Disk and will add modified or added content to the differencing disk. This means if you use Windows in this way all Windows files will come from the Master Disk, if you now install office to a VM that is using a differencing disk Office will be installed in the differencing disk but the Windows OS files are still coming from the Master Disk. For my sample it means.. If i create a 80GB Master Disk and based on this Master Disk i created 5 VM’s based on a differencing disk, the differencing disk size per VM is only 4MByte at the beginning. So i don’t use 480GB like shown in the sample, i use only 80GB + 5x4MB for the VM’s, you can reduce this even more if the VHD(x) Master Disk is a dynamic expanding disk (see also 1.).

Command (Hyper-V console, no commands available to complete the full task):
– Prepare a Master Disk by installing and configure a VM (don’t forget to run a sysprep in the VM if a Windows OS is installed)
– Delete the VM but not the VHD(x) file used by the VM to prevent changes to the Master Disk in the future.
– In the Hyper-V console (right site) click on “New”->”Harddisk” and follow the assistant, important for the VHD(x) selection.. The differencing disk must be the same type as the Master Disk.
– Select “Differencing” in the Harddisk Type selection and click on next.
– Select the Path where the differencing disk should be created and type in the differencing disk name and click on next.
– Select the Master Disk and click on next and confirm the task to create the disk.
– Now create a new VM and assign the fresh created differencing disk to the VM.
– Create more differencing disks/VM’s if required.

Supported by Microsoft: Yes
Require Administrator Permission: Yes
Produced space on HDD: “Size of Master Disk” x “amount of VM’s”, applying Windows Updates to VM’s will decrease the saving by time.
Can be used with WIM boot installation: Yes
Disadvantage: Not recommended for production use by Microsoft! Do not change or delete the Master Disk or all related differencing disks will fail! I do use this only for VM’s that don’t require Windows Update (like Test environments), as more Windows Updates are installed to the VM’s based on a differencing disk as more space will be required for the differencing disks and as lower is the saving. Do never ever use this for Domain Controllers incl. CA’s / Exchange / SQL / Lync / Dynamics / Windows Storage / Sharepoint Servers, this is my personal opinion; it’s great to setup fast Test Systems / Web / Print or Terminal Server and to perform development/security audits to check/verify Software incl. load tests. Each differencing disk will highly increase the IOPS for the Master Disk, the Master Disk should be always placed on a very fast storage (SSD’s or similar).

 

3) Remove not used or required Windows components

We already got a closer look on the winsxs folder in Part 1 of this series, we already removed superseded files/updates but why not removing files that are not required? If you prepare a couple of Terminal Server, why should you keep files related to the IIS or the Active Directory Domain controller role in the Master Image? You’re right.. There is no reason to do this but still most Administrators are doing it.

Removing the components also reduce the Windows Update footprint because the removed components will not updated anymore.

Commands (commandline):
This command will show all available Windows components and the current use state, the command will create a feature.txt file in the folder where the commandline is executed. Why? It’s more easier to read a txt file with all these components than a simple commandline output:
DISM /online /get-features /format:table > features.txt

This command will remove a not used (active) component from the hard disk (open the features.txt file created with the first command to get the current state), in the sample i will remove DirectPlay from a Windows 8.x:
DISM /online /disable-feature /featurename:DirectPlay /remove

Commands (powershell):
If you want to remove all not active used components you can do this also with a simple powershell command, this is the hardcore way:
Get-WindowsFeature | where-object{$_.Installed -eq 0 -and $_.InstallState -eq 'Available'} | uninstall-windowsfeature -remove

Supported by Microsoft: Yes
Require Administrator Permission: Yes
Produced space on HDD: Depends on amount of removed features
Can be used with WIM boot installation: Yes but mostly useless. Installing a component again will increase used space for drive c:
Disadvantage: Removed roles and features can not be installed without an external winsxs folder source once the files are removed/the above commands are executed. Execute the powershell command to remove all not used components only when you are really sure that you have finished the component setup for this system.

4) The simple way… Use the Microsoft Disk Cleanup Tool

In Part 1 i forgot to mention the “basic” tool, the default disk cleanup tool coming with Windows.

Commands (commandline):
cleanmgr.exe

Supported by Microsoft: Yes
Require Administrator Permission: Yes
Produced space on HDD: Depends on current data hold in Windows
Can be used with WIM boot installation: Yes
Disadvantage: Removed log files/data is not available anymore and maybe need to be recreated or can not be used for future troubleshooting as example.

This is the end of Part 2, maybe there will be a Part 3 (dealing with low-end tablet/low storage mobile cloud clients) but this depends on the available time and future ideas how to slim down a Windows.

Cheers

Michael

P.S.: No warranty at all, if you have no idea what iam talking about don’t use any of these solutions. Don’t blame me if you crash your system.. Dealing with Windows and the components can be always tricky.

Tip: Fix Windows Server 2012 R2 Update issues after moving to core mode

Tuesday, January 13th, 2015

Hi Folks,

this issue happens sometimes for me, Windows Server 2012 R2 is a cool product and a couple of Administrator are using it in core mode. This is quite easy because you can switch between core and GUI mode quite simple now.

The pain starts if you have installed some Apps in GUI Mode, as example Microsoft Silverlight and than you switch to the core mode. Why? Windows can not use Silverlight in core mode and related roles/applications are not available in the core mode. When it now comes to Windows Updates it still download Silverlight related updates but this will cause in error during the update installation (the related Applications are not available…).

This is caused thru the winsxs folder and the available packages/components hold in this folder, so we need to repair it.

Just try to run the following command:

Dism /Online /Cleanup-Image /RestoreHealth

Once the command is finished the issue should be gone and Windows Update should run fine now.

Cheers

Michael

P.S.: If the issue is not gone check in c:\Windows\Logs\DISM\dism.log if you receive any other information related to the issue.

Tip (Updated): Running out of storage? Slim down Windows 8.x and Windows Server 2012 R2 HDD use Part 1

Monday, January 12th, 2015

Hi Folks,

you run several Windows 2012R2 Servers or Windows 8.x VDI’s? You have Windows devices with small HDD’s/SSD’s? You run out of storage or you want to reduce the Windows Footprint in general?

Here are some supported and unsupported steps you can do… “Can be used with WIM boot installation” points to the new Install Option for OEM Vendors, mostly used for Windows 8.1 with Bing and low SSD devices. For a WIM boot description get a look here: WIM boot explained

1) Disable Hibernation

Hibernation could be usefull but I see mostly that Users are using the sleep/standby mode. The difference between the sleep/standby Mode is quite simple to explain. In standby mode the computer hold the current RAM state in the RAM and consume still some power, in hibernate Mode the RAM content will be placed on the HDD/SDD and the computer really shutdown. The disadvantage in this case is quite simple, it always consumes 75% of the total ram size with a file called “hiberfil.sys” on drive C:. So if you don’t need the hibernate mode, disable it…

Command (command line):

powercfg -h off

Supported by Microsoft: Yes
Require Administrator Permission: Yes
Produced space on HDD: 75% of the total RAM Size
Can be used with WIM boot installation: Yes
Disadvantage: Hibernation mode is not available

2) Remove superseded Updates/Windows files

Windows by design increase the used amount of HDD Space.. By default all installed Windows updates and also the old original files will be hold to roll back the updates. So if you have an old Windows System and you run Windows Update all the time, all this files will be hold and consume a lot of HDD space. You can remove this old stuff quite simple, this should be done everytime you create a golden image or after you run Windows Update…

Update: I’ve been asked if this is similar to the Windows Update clean up provided by the Windows disk clean up tool. No it’s not similar and will provide more free space as extension to the disk clean up tool

Command (command line):

dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase

Supported by Microsoft: Yes
Require Administrator Permission: Yes
Produced space on HDD: 0->4GB depending on how much Windows Updates applied
Can be used with WIM boot installation: Yes but smaller effect.
Disadvantage: Windows Updates can’t be rolled back in case of issues, test the Windows before you roll-out it.

3) Compress the “winsxs” and some other Windows folders (UNSUPPORTED!)

Windows comes with a sub directory called “winsxs”, this is one of the most important Windows folders because this folder holds all Windows Installation Files and a lot of active used Windows Files are pointed to the files in the “winsxs” folder. This folder requires a lot of space and it could make sense to compress it if possible. By design this task is not simple to do and we need a more complex script to do it. You can also compress some other folders like the Fonts directory without any issue in the same step.

I use this script since a long time (> 12 Months) now and with a couple of test / low storage system’s like my Surface Pro, until now i never got an issue but i don’t recommend to use this in any Windows Server production environment.

Commands (command line, save as wincompress.bat):

echo Compress Windows folders
compact /s:"%WINDIR%\Fonts" /c /a /i *
compact /s:"%WINDIR%\Temp" /c /a /i *
compact /s:"%WINDIR%\Web" /c /a /i *
compact /s:"%WINDIR%\assembly" /c /a /i *
compact /s:"%WINDIR%\debug" /c /a /i *
compact /s:"%WINDIR%\LastGood" /c /a /i *
compact /s:"%WINDIR%\ShellNew" /c /a /i *
echo Compress winsxs folder
icacls "%WINDIR%\WinSxS" /save "%WINDIR%\WinSxS.acl" /t
takeown /f "%WINDIR%\WinSxS" /r
icacls "%WINDIR%\WinSxS" /grant "%USERDOMAIN%\%USERNAME%":(F) /t
compact /s:"%WINDIR%\WinSxS" /c /a /i *
icacls "%WINDIR%\WinSxS" /setowner "NT SERVICE\TrustedInstaller" /t
icacls "%WINDIR%" /restore "%WINDIR%\WinSxS.acl"

Supported by Microsoft: No, support is lost! (You use the script on your own risk!)
Require Administrator Permission: Yes
Produced space on HDD: ~3GB-5GB
Can be used with WIM boot installation: No, never use it with a WIM installation! Why? The files in the winsxs folder in a WIM boot installation are mapped from the recovery partition. If you compress now the files the files will be shifted/written into the Windows partition and this will highly blow up the used space.
Disadvantage: System requires some CPU resources to handle the compressed files, system is now without any support from Microsoft. Do never abort the script once running, run it only with a 100% stable system! Script needs some time to run… If running on a physical hardware create a recovery partition on a USB Memory in advance: How to create a recovery partition on a USB memory or create a snapshot if used with a VM. Once the script is finished you will receive always a message that the script execution failed for one file, this is by design and no issue at all.
This is Part 1 of this article, Part 2 can be found here: Slim down Windows 8.x and Windows Server 2012 R2 HDD use Part 2

 

Cheers

Michael

P.S.: Figures shown as produced savings are max. savings, on a fresh installed windows the savings will be lower.

How do Office 365 deal with multiple OEM Licenses

Saturday, January 10th, 2015

Hi Folks,

a lot of low priced Windows 8.1 devices are coming up at the moment and mostly these devices include a Office 365 1-Year Subscription. But what happens if you got a second device coming with a second OEM subscription?

Story behind this question is quite simple, i got a Emdoor Surf 7 Tab before christmas and i enabled the Office 365 subscription. In January i got also a Archos Cesium 80 Windows 8.1 tablet coming with the same Office 365 subscription.. Both devices come with Windows 8.1 with Bing and a 1 Year Office 365 Personal License (1 Tablet and 1 PC) Now a big question came up… Will the activation create a second Office 365 subscription, expand the existing one or create a error? Before i start the Archos tablet the first time i tried to find some information’s in the TechNet and also other sources about the license handling but mostly i found nothing or complete nonsense…

So i tried it and here is the result…

If you got a second Windows 8.1 with Bing device incl. Office 365 and you have a subscription in place it will expand the subscription for one year. When i started the Surf 7 Tab it got a Office 365 running until 16th of December 2015 after i started the Archos Cesium 80 and installed Office 365 home the subscription was increased until 16 of December 2016. No second subcription… No error… Just working.

You should be aware about a few things:

1) The subscription type must be similar between the devices..
2) The trouble will start if the device amount will be larger than the license amount… As example.. I have now two Windows 8.1 Tablet’s coming with and using the Office 365 Personal subscription. This license cover two devices,  what will happen if a 3rd device will raise up? Subscription until 2017 but i have to decide which tablet’s should use the subscription?

I believe Microsoft has done a great job with Windows 8.1 with Bing and Office 365 but there are still a few things that needs to be improved or better explained?

1) OEM license handling for Office 365 need to be better explained in general.
2) App installation to SD-Card/Office 365 target path selection… Office 365 will always install to c:/program files and this is a poor selection for typical Windows 8.1 with Bing devices and a 16GB e-MMC/HDD.
3) What is the deal if a company provides these devices to employees? Who owns the subscription? Office 365 Personal and Home is by default not a license for companies and the use in commercial environments is forbidden thru EULA.

From the price point… You pay something between 50 US$ – 80 US$ for a seperate one year Office 365 Personal subscription incl. 1TB OneDrive and 1h Skype World calls, if you pay 100 US$ or less for a Windows 8.1 Tablet incl. the subscription extension.. How much is the tablet? 😉 Can Android or IOS provide a similar deal?

Iam not sure how Microsoft will earn money in this way but for customers and the Windows 8.1 market share it’s really a great deal at the moment.

Want to get a better deal?

I’ve done a last test… You think this is already a great deal? But this deal can be done even better.

1) Install/Activate Office 365 Personal  with the first device coming with Windows 8.1 + Bing and the Office 365 1-Year subscription, you receive the first 12 months.
2) Install/Activate Office 365 Personal with the second device coming with Windows 8.1 + Bing and the Office 365 1–Year subscription.

Now you have two Years Office 365 Personal for two devices (one User) incl. 1TB OneDrive and 1h Skype World Calls.. You agree? Now make it better… You need a paid Office 365 Home Premium Retail code for this…

3) Open your Office 365 Account and select “Enter a Office Key”. Now enter the more valuable Home Premium Retail Key.. What do you believe will happen? Yes… You’re right, it’s now 36 Months Office 365 Home Premium for 5 Users/Devices incl. 1TB OneDrive per User and 1h Skype World calls for the subscription owner. What did you pay? 2 Tablets and 1 Office Home Premium Retail Pack. Deal? This will make the most out of a low budget Windows 8.1 with Bing device.

Cheers

Michael

P.S.: It might be that Microsoft will change this in the future… But today this is how it works.

Tip (Updated): Getting Drivers for the Emdoor 7″ EM-18270 Windows 8.1 Tablet

Monday, December 29th, 2014

Hi Folks,

maybe you noticed that 7″ Windows 8.1 (with Bing) Tablets are available now very cheap… The cheapeast one is the Emdoor EM-18270 Tablet but in this case cheap means not cheap.

I got one of these tablets and iam very happy with it, it’s a Emdoor EM-18270 Tablet, this tablet is available for less than 100€ and comes with Windows 8.1 with Bing, a one year Office 365 subscription and offers a Micro HDMI, USB and SD Card extension incl. 2×2 MP Cameras incl. Bluetooth 4.0 based on a Intel Atom Z3735G (Baytrail) platform.

The tablet is available in different revisions (EM-18270 seen in the UK as Linx 7″ Tablet or EM-18270-D seen in Switzerland as Surf 7 Tab), there are only two differences i notified: The UK Version is partly available with a 32GB internal e-MMC the Swiss Version in general comes with a 16GB internal e-MMC also the UK Version comes with a plastic instead a metal case which comes with the Swiss Version.

Update: In the US/UK a similar device can be seen as Cube Iwork7 (U67GT), it seams to be the same device based on a EM-18270 but i got this only as report and I was not able to verify this on my own.

For my Swiss Version i tried to optimize the e-MMC/SSD usage, 16GB is not very much and in the default Version there is only ~1GB HDD space available, enough for surfing but to less for working. 🙂

So i wiped the e-MMC and re-installed a regular Windows 8.1 x86 incl. Office (you should enable Office 365 thru the device before wiping the e-MMC 😉 ), compressed the Windows winsxs (script can be provided on demand but on your own risk) and c:/Program Files folder and installed/moved Office 365 by using symbolic links to a fast SD-Card in the slot.. (Microsoft is still not able to provide a simple target selection during the installation for Office 365). Now i got ~5GB free space for the e-MMC and a big issue.. Where do i get the damm drivers for the hardware? Emdoor do not provide any recovery media or driver packages on the website.. Very weak by Emdoor but after a lot of research i found an article here: Article . The drivers for the Linx 7″ incl. the Kionix G-Sensor are working like a charm (don’t forget to install the registry file for the Kionix G-Sensor with Administrator permissions).

So i would really like to thank the author for providing the drivers in a simple way! If you also got the Emdoor Tablet this download is a must have for future recovery and maybe Emdoor should re-thing the way how “support” is provided to customers. The device itself is great but it doesn’t help if you can not recover or reinstall it and not all people do like the “default” installation coming with the device (like me). It should not be so hard to provide simple driver downloads…

Important: Do not perform a new installation without a Windows 8.1 installation media and a valid Product Key, do not wipe the partition without this! You will not get a Windows 8.1 with Bing installation media from Microsoft or the hardware Vendor! You also have to use the x86 Windows 8.1 Version, the 64-Bit Version will not fit on the 16GB e-MMC harddisk.

Cheers

Michael

P.S.: I did not try to install the Linx Bios on a Surf 7 Tab, the BIOS coming with my device is only a few days older than the Linx one but don’t come with the Linx icon. So i can not say if this works or not, i used only the drivers…. You should also get the Windows OEM Key from the BIOS in advance by following these instructions Get OEM BIOS Windows Key