Eric's Technical Outlet

Learning the hard way so you don't have to

Category Archives: Operating Systems

Announcing Windows Admin Center Certificate Selector

Have you started using Windows Admin Center (WAC) in your environment? If not, I strongly encourage you to try it out. It creates a single HTML 5 web page to control multiple Windows and Windows Server installations. It can make a lot of your maintenance tasks easier, even if you only have a few Windows systems to manage. Eventually, it might replace all those pesky MMCs.

Unfortunately, it still has a number of usability problems, especially when it comes to managing WAC itself. Of these, the supported procedure for installing or replacing the PKI certificate that WAC uses on its web page is particularly onerous.

So, I’ve created a simple application to make the process easier. You bring a WAC installation and a good certificate, and I’ll handle the rest.

The tool looks into the local certificate store and presents you with a list. Select one, and if it checks out, it will install it for you:

If it doesn’t like something about the certificate, then one or more of the checks will fail and it will not allow you to use the certificate:

It uses Microsoft’s supported certificate update method in the background, essentially acting as a front-end.

How to Obtain the WAC Certificate Selector

You can find the latest release on its GitHub page. I have only been able to test on a handful of systems, so I’m marking it as a public beta for now. Please exercise caution when running on production systems. Report any problems using the GitHub Issues page.

I look forward to your feedback!

Using PowerShell for Consistent, Repeatable Windows Features Selection

Deploying Windows Servers can be a pain, even when you’ve got a templating system. How do I know that the template matches my current requirements? What do I know now that I didn’t know when that template was built? How do I easily manage the one-off differences between that template and the needs of this new system?

It’s even worse when you don’t have a template system or have overriding reasons to not to use one. You’re stuck building each new server from scratch, checking those boxes like it’s your first time.

Or, are you?

If you’re looking for a fast way to save or copy the list of selected Windows Server features and roles and apply them to a new system, PowerShell can easily help.

Read more of this post

Defrag (Is) For Dummies

Kind of funny how one little word really changes the meaning of a sentence, doesn’t it? The title is a bit harsh but there is more than a little truth in it.

Read more of this post

Corefig for Hyper-V 2012

I have updated the scripts from Core Configurator 2.0 so that it can run on the 2012 editions of Windows Server and Hyper-V. The download is available on CodePlex. Details about the release are available on the Altaro blog.

Dell OpenManage Server Administrator 7.1 on Server Core or Hyper-V

Dell has done something to the installer for the recent version of OpenManage Server Administrator so that it doesn’t work on Server Core, which includes native installations of Hyper-V.


  1. Running “X:\windows\PreReqChecker\RunPreReqChecks.exe /s” errors out with “omchecks has stopped working”
  2. The installer (accessed by running “msiexec /i X:\windows\SystemsManagement\SysMgmt.msi” stops with the error “Failed to load OMIL library”


Install OpenManage Server Administrator 6.5 first (the command on that CD is “msiexec /i X:\SYSMGMT\srvadmin\windows\SystemsManagement”). As soon as that installer finishes, you’ll be able to install 7.1 without error. If you haven’t got the older installation media, you can download it from Dell’s site. If your particular server is too new to have 6.5 available, check the download list for earlier servers, such as the PowerEdge R515.

You do not need to perform any cleanup on 6.5 as 7.1 replaces it very cleanly.

Additional Information

I’ve had some strange and not always reproducible problems installing other Dell update packages, usually drivers, on Server Core and Hyper-V whenever OMSA is not installed or is out-of-date. The one I remember most clearly was related to the Lifecycle Controller.

Take Ownership of and Reset Registry Key Permissions with VB.Net

Windows programming has begun a trend away from using the registry to store application data. There are a lot of reasons for that, most of them are pretty good, and I have no intentions of debating them in this post. There are still plenty of valid reasons you might wish to use the registry. Unfortunately, the .Net Framework’s abstraction of the registry is nowhere near as robust as it is for other system objects, such as files and folders. The area that it’s most critically lacking is that the only thing you can do without an active handle to a registry key is open a handle to a registry key. Most of the time, that’s not a big deal. Any key you can’t open is probably a key you shouldn’t open. Then again, there are those few times that you need to open a key but can’t. This post is intended to show you how to do that in VB.Net. C# users should be able to read along without a lot of difficulty, although you’ll probably want to refer to or a similar resource for the exact methods of calling the specified Windows API functions from within C#. Read more of this post

It’s NOT the Network, the Hypervisor, or the OS!

I’ll do my best to keep this posting on an even keel and not let it devolve into a rant, but no promises. As I poke around in various technical forums, whether LinkedIn or Spiceworks or TechNet or whatever, a new theme is popping up. People are complaining that they’ve dropped in a shiny new 10G network and just can’t figure out why it’s not any faster than their old 1GB network, or they’re using internal/private networks inside Hyper-V or ESX and they don’t go any faster than a standard copper line. In a couple of cases, I’ve actually taken the effort to try to explain what’s going on, but usually it falls on deaf ears. This post serves as both an explanation and an appeal to the more sensible administrators out there to look at what’s really going on.

Read more of this post

iSCSI Disk Appears Two or More Times in Disk Management

Scenario: You connect your Windows or Hyper-V system to a new iSCSI target device that supports multi-path I/O (MPIO) and add a session for each iSCSI NIC in the server. When you get the disk established in Disk Management, it shows up twice. You can bring one online, but any others show “Offline (The disk is offline because it has a redundant path with another device)”.

Read more of this post

Adventures in Least User Privilege: Explorer and Control Panel

Have you noticed that “RunAs” doesn’t work for Windows Explorer or Control Panel items? That’s because the shell (the program you use to communicate with the operating system itself) is Windows Explorer. Windows Explorer is (normally) running all the time, and while it’s running, it doesn’t allow you to start other instances in other security contexts (a very long way of saying that “RunAs” doesn’t work for Windows Explorer). Control Panel items don’t work either because they’re not actually programs; they are applets that run within the context of Windows Explorer. So, you can’t connect to a user’s station and use RunAs to, say, change TCP/IP settings.

Read more of this post

Installing the WSUS Server component on Server Core 2008 R2

There is a key limitation to installing WSUS on Server Core: Neither Microsoft SQL Server nor Windows Internal Database will install on Server Core, so you will have to install a SQL instance somewhere else in order to do this. That means that no matter what, you’ll still need a full GUI install of Windows Server somewhere.

The best case I can conceive of in which this is desirable is when you need multiple WSUS servers in the same location for some reason and it’s not a problem to set up a centralized or multiple SQL Server. In our case, we want our remote users laptops to get install approvals from our central server during VPN sessions but to download the actual updates from Microsoft using their own Internet connections. We want our in-house computers to get approvals and updates from the in-house WSUS server. One WSUS installation cannot handle that. Therefore, it made sense for us to add a SQL Server Express instance to the existing WSUS Server and install WSUS separately (because you can’t have two instances of WSUS on the same Windows Server), using Core to minimize resource usage.

Update: SQL Server 2012 is supported on Server Core. The continued relevance of this document is primarily to show you how to install the WSUS component itself. Also, if you look, you can find instructions for installing earlier editions of SQL Server on Server Core, but be advised that these are not supported configurations.

  1. Read more of this post