Windows Deployment: PXE booting between VLAN’s

If you’re looking to PXE boot between VLAN’s (ie. a vlan for servers and a vlan for clients), you’ll need to add a couple of extra options into your DHCP server settings.

Its an easy enough process, following these steps should get things working for you:

In Windows DHCP, expand your VLAN’s DHCP scope, and select scope options.

svr-nja-dhcp-scope-options

add option 66 – enter the FQDN of your deployment server.

add option 67 – enter \boot\x64\wdsnbp.com (or if you’re deploying 32bit images: boot\x86\wdsnbp.com). 

For reference you’ll find this file is in your deployment servers REMINST directory.

svr-nja-dhcp-for-pxe

When you boot up your client computer, it will now receive the correct tftp response and will be able PXE boot!

tsn signoff

Unlimited business broadband from £15.99 a month

Defeat Ransomware: Use Microsoft File Server Resource Manager (FSRM) – with a twist!

You may have seen some advice floating about on the internet, showing  you how to use Microsoft’s File Server Resource Manager (FSRM) to prevent Ransomware.

The problem with these articles is that they all involve maintaining a block list. You’ll find those block lists rarely keep up with new variants of Ransomware. So, in this article, i’m going to show you how to defeat ransomware – with a twist!

Lemons... good for lemonade. Not so good at beating Ransomware!

Lemons… good for lemonade. Not so good at beating Ransomware!

Continue reading

Using a Raspberry Pi as a Squid proxy cache

I was looking to build *something* that would possibly benefit several customers that have slow or laggy internet access (ie 2mb broadband or satellite).

The solution needed to be cost effective and unobtrusive.

I did some research and decided to use Squid.

Squid (amongst other things) can cache web objects (such as images and executables), speeding up page load times and download times.

 

Next, I needed some hardware to run Squid on.

Squid can run on Linux and Windows computers, but i ruled out Windows as thats a paid licenced product, thus not cost effective.  I also didnt want to install Squid on a desktop computer, i’d either have to buy a new computer, or re-purpose an old computer – (which can be noisy and unsightly). Both options would also consume significant amounts of energy per year, again not very cost effective.

 

Enter the Raspberry Pi!

pi pic

Continue reading

Windows Deployment – Advanced – Part 1. Performing Domain Joins Securely

In the first of this new multi-part series, I will show you how to take you Windows Deployment to the next level.

(For this series, we're assuming your running Server 2012 R2 with the latest updates, and the latest release of MDT 2013).

This article looks at locking down the os.deploy account that you use to automatically join computers to the domain.

So, let us improve the security of the mdt join account. This account which we have specified in CustomSettings.ini (Windows Deployment, Part 1: Configuring the Deployment Environment) and which is used by MDT to join the target computer to the domain.

If we leave this account as a Domain User, then MDT will be able to join the first few computers it installs into the domain but then will fail to join any others.

This is because by default Domain Users can only join 10 computers to the domain.

In our initial article, we made the account a member of the domain admins group – of course, perfectly acceptable in a lab environment, but not so in the real world.

This is because of these three facts:

  • The domain admin password is visible in the customsettings.ini
  • The domain admin password is sent in plain text across the network
  • The domain admin password is temporarily stored on the remote pc

So, how do we overcome this??

Continue reading

Death from above: The silent server room killer

It was a Tuesday morning after a bank holiday. 90 minute trek into the office, which was quicker than the usual two hour slog out of Cornwall.

Turned the laptop on, and grabbed a coffee whilst the laptop finished installing its selection of updates for Windows 10 tech preview.

Upon firing up our service board application, I was greeted with hundreds of server alerts from the evening before.

Careful inspection of the alerts showed that the aircon had failed in one of our customers backup server rooms.

Luckily, the extractor fan we insisted on having installed (after a secondary aircon unit was considered too expensive) was able to assist with cooling the room. Not enough to keep the room cool, but helped prevent damage to the hardware.

The local aircon maintenance company were called out to perform an urgent repair.

After under an hour onsite, the aircon engineer had resolved the problem and the disaster had been averted.

The problem? Dandelion seeds.

An excess of dandelion seeds had blocked the external inverter units fan, causing it to overheat and trip out the power. This of course shut down the aircon to the server room.

Unbelievable, but true. If you have external aircon inverters, its worth getting them checked out!

What can I do to prevent this:
Of course having redundant aircon units on separate supplies is a great idea (with an annual maintenance contract) , if funds allow, but having email alerts coming through is a great warning system, and its little to no cost to implement. It’s also possible to shutdown servers if they get hot (though of course that can have its own issues with regards to continuity of service).

I recommend taking a look at this guide from the guys over at howtogeek

Enable Hyper-V replication between two workgroup servers

Hyper-V replication is an essential ‘server availability’ tool for any organization. Whilst it is not a substitute for good backups; it will allow you to restore an up-to-date copy of your virtual servers very quickly, should your primary host hardware fail.

In this tutorial, i have built two Windows 2012 R2 servers using a pair of old Dell Optiplex 580’s (AMD Phenom CPU, upgraded to 8GB RAM each), and a single 8 port Netgear GB switch.

Hyper-V-logo

The Primary server name is: Truro

The Secondary server name is: Exeter

Lets get started…

Continue reading