Tag Archives: Windows Client

Quick Tip: Self signed certificates made easy with PowerShell!

Most solutions today require certificates in some way, which means we need them even when setting up a lab/test environment.
If you for some reason don’t have a PKI/CA infrastructure in your lab environment you will most likely end up with a self signed certificates for web sites or other parts of your environment.

Since Windows 8/8.1 or Server 2012/2012 R2 there is a really nice PowerShell cmdlet that does that for us, without no hassle.
It can even handle multiple SAN’s.
It’s just to use the New-SelfSignedCertificate cmdlet from an elevated PowerShell window.

Example 1: Create and export one certificate with the name test.365lab.net:

New-SelfSignedCertificate -DnsName test.365lab.net -CertStoreLocation cert:\LocalMachine\My
#Export certificate to c:\test_365lab_net.pfx with the password 'Password'. (the thumbprint is found in the output from the New-SelfsignedCertificate command.)
Export-PfxCertificate -Cert cert:\LocalMachine\My\5D46460D29FE8E0C3F644D8ABA3C707AA83AFC79 -FilePath c:\test_365lab_net.pfx -Password (ConvertTo-SecureString -String "Password" -Force -AsPlainText)

2014-01-04 15-57-46

Example 2: Create self signed SAN certificate with the names test.365lab.net,sts.365lab.net and 365lab.net:

New-SelfSignedCertificate -DnsName test.365lab.net,sts.365lab.net,365lab.net -CertStoreLocation cert:\LocalMachine\My

2014-01-04 16-06-34

To check out your newly create certificates in the GUI, fire up the Computer Certificates Store mmc, which from Windows 8 / Server 2012 and above can be started with ‘certlm.msc‘ (OH YES!).
2014-01-04 16-10-55

Note that I generally never recommend doing self signed certificates in production environments, they are only for testing purposes!

/Johan

Quick Tip: Windows 8.1 – PowerShell as default Win+X shell with Group Policy

A massive amount of post out there describes how easy it is to change from the default (cmd.exe) to Powershell when using the “Power User Menu” (Win+X) in Windows 8.1 and Server 2012 R2. One example you find here from my friend Daniel.
I honestly don’t know why they didn’t set PowerShell as the default Shell, which actually was default in the Preview.

Rolling out Windows 8.1 (or Server 2012 R2) in an Enterprise, you would of course want this as the default setting for all users.
Doing the change in the UI, the registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontUsePowerShellOnWinX is set to 0.

Here is how to do it with group policy preferences
* The GP Preferences (except the PowerShell-line) can be created from any machine with gpmc newer than Server 2008. The other policy requires you to have the latest .admx-files or do the change from a Server 2012 R2 Machine

In Group Policy Management, in a new or in an already existing user policy, navigate to User Congfiguration\Preferences\Windows Settings\Registry and create a new registry item configured as below.
(the entire key path used is “Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced“)
2013-12-26 20-07-43
If you want to do the same thing as above against an existing policy, you can do it with the following PowerShell line:

Set-GPPrefRegistryValue -Name "YourPolicy" -Context User -Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -ValueName DontUsePowerShellOnWinX  -Value 0 -Type DWORD -Action Update

If you instead want to prevent your users from changing the shell, there is a policy setting for that under
User Configuration\Administrative Templates\Windows Components\Edge UI 
2013-12-26 20-40-05
Why you would want prevent your users from changing from cmd to PowerShell I don’t know, but someone obviously wanted cmd.exe as the default one…
Note that the registry value for the PowerShell menu does not work if you enable this policy!

Enabling Data Deduplication in Windows 8.1

There are several posts about enabling Data Deduplication in Windows 8 out there. I recently upgraded my Windows 8 laptop to 8.1, and did of course want Deduplication enabled after the upgrade as well.
Of course this is not supported in any way, but it is a very nice way to save some precious disk space on your lab machines.

The process is basically the same as in Windows 8, the only difference is that you of course need to use the cab files from Windows Server 2012 R2.

If you don’t have a 2012 R2 box nearby, I’ve uploaded a copy of the cab-files my SkyDrive (http://sdrv.ms/1aZsWgk) so you alternatively can get them from there, if you dare. (NO WARRANTIES! :))
Otherwise you should look after the following files on a Server 2012 R2 machine:
Microsoft-Windows-Dedup-Package~31bf3856ad364e35~amd64~en-US~6.3.9600.16384.cab
Microsoft-Windows-Dedup-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cab
Microsoft-Windows-FileServer-Package~31bf3856ad364e35~amd64~en-US~6.3.9600.16384.cab
Microsoft-Windows-FileServer-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cab
Microsoft-Windows-VdsInterop-Package~31bf3856ad364e35~amd64~en-US~6.3.9600.16384.cab
Microsoft-Windows-VdsInterop-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cab

After you’ve extracted the files from your 2012 R2 box (or downloaded them from my SkyDrive), go ahead and run the commands as below:

dism /online /add-package /packagepath:Microsoft-Windows-VdsInterop-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cab /packagepath:Microsoft-Windows-VdsInterop-Package~31bf3856ad364e35~amd64~en-US~6.3.9600.16384.cab  /packagepath:Microsoft-Windows-FileServer-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cab /packagepath:Microsoft-Windows-FileServer-Package~31bf3856ad364e35~amd64~en-US~6.3.9600.16384.cab  /packagepath:Microsoft-Windows-Dedup-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cab /packagepath:Microsoft-Windows-Dedup-Package~31bf3856ad364e35~amd64~en-US~6.3.9600.16384.cab

dism /online /enable-feature /featurename:Dedup-Core /all

If everything works as intended, you should now have Deduplication enabled on your 8.1 machine.
You can verify this in add/remove Windows features. (optionalfeatures.exe)
2013-09-23 19-57-13

To enable it for a specific volume, run the following command in an elevated PowerShell prompt:

Enable-DedupVolume -Volume D:
Set-DedupVolume -Volume D: -OptimizeInUseFiles

To force a Deduplication job, simply run the PowerShell command as below (deduplications runs well on open files now as well, as long as you’ve provided the “OptimizeInUseFiles”-switch…):

Start-DedupJob -Volume D: -Type Optimization
You can monitor your DedupJop with the cmdlet Get-DedupJob.

To verify that everything looks alright after the first job, you run the cmdlet:
Get-DedupVolume -Volume D:
Hopefully you will also end up with a nice deduplicated data volume as in my screenshots below:
2013-12-26 19-00-08
2013-09-23 19-18-00

Happy Deduplication!

/Johan