Tuesday, October 16, 2007

Sysprep - Generalize - SID

I create millions and billions of Virtual Machines - ok, maybe not that many but it feels like it. Everytime I have copied the physical files (VHD/VMC) a number of things must be done if I want to join those virtual machines to my domain(s) - most importantly: the machines SID (Security ID) must be re-generated to be unique and the computer must be renamed of course.

So, heres the thing. Back in the good old days you had to find the Windows CD, find and extract the Deploy.CAB file to you hard drive and then execute the SYSPREP.EXE tool. But, with Windows Vista and Windows Server 2008 the SYSPREP file(s) can be found below:

%WINDIR%\System32\Sysprep - ready "out of the box", just waiting for you to go for it!

And this is the important thing (and the reason why I started this blog): If you want to create a new SID, remember to CHECK the "Generalize" checkbox - or else you have to go all over again...


During the following reboot a new SID is automatically generated - and you will have to type in your Product/License Key, provide a new Computer Name, select an Administrator Password etc.








You may have known this already - personally I didn't because I tend to use the wonderful Sysinternal NewSID tool for this purpose in most cases (it's much faster)... However, that tool is not officially supported for Windows Server 2008 (or even Vista) at this time - but hopefully it will be soon?


_

Tuesday, October 02, 2007

Starter GPO's - what are they?

With Windows Server 2008 (Codename Longhorn) you will notice a new container called "Starter GPOs" inside the GPMC (version 2.0 - BTW this version will also be available as a separate download for Windows Vista with SP1).

This new container can hold what I would call "templates" for creating new GPO's - with the limitation that only Administrative Template settings are available. When creating new GPO's you can choose to use a Starter GPO as the source (read: template) - which makes it easy and fast to create multiple GPO's with the same baseline configuration.

But, the very cool thing is that you can now "export" those GPO templates (Starter GPO's) to a Cabinet file (.CAB) and then import into another environment - completely independent of the source domain/forest! So, you can create the PERFECT Starter GPO and then bring it around the world, share it on the Internet (if legal?), deploy it on all systems you can get a hold on etc. etc.

When you 'enable' Starter GPO's in the domain for the first time, a folder called "StarterGPOs" is created inside the SYSVOL folder (\\domain.com\SYSVOL\domain.com\StarterGPOs) - this is where all the "magic" is done... For each new Starter GPO you create, you will see a new folder below this StarterGPOs folder - each will have a unique GUID (just like normal group policies). So, when you create a new GPO with a Starter GPO as source a nice and simple COPY process is actually performed - the subfolders and files from the Starter GPO's GUID folder is just copied into the \\domain.com\SYSVOL\domain.com\Policies\[SomeNewGUID] folder - and wupti, you are ready to deploy...

Well, it may not be the same as the Templates we got with AGPM (Advanced Group Policy Management from Desktop Optimization Pack) - but, even if you don't have the required DOP license you still get a few cookies for "free"...

One last thing - remember to create a separate backup process for Starter GPO's, as they are not backed up though the GPMC "Backup All" method you have for the regular GPO's - the yhave a seperate backup procedure. So far there's no script for backing up the Starter GPO's, but I'm pretty sure it will show up (just like the "BackupAllGPOs.wsf script).

And don't worry - if you should get an error like this:



"The overall error was: The system cannot find the path specified. Additional details follow"
&
"[Error] The backup configuration file [C:\xxx\Backup.xml] cannot be saved. The following error occurred: The system cannot find the path specified."

when performing a backup of your Starter GPO's you are probably testing the RC0 release... That build has a known bug which has been corrected already (RC1)!



But besides from this minor detail I say: Thumbs up for Starter GPO's!


_

Moskowitz videos

Hi,

Microsoft MVP, Jeremy Moskowitz, has 2 video interviews out there... Check them out:

Part 1 & Part 2


_