Friday, May 9, 2014

Add Windows back to Grub2

My lifesaver:

create and chmod +x the file:


Add this code:

#! /bin/sh -e
echo "Adding Windows" >&2
cat << EOF
menuentry "Windows" {
set root=(hd0,1)
chainloader +1

for grub2:

grub2-mkconfig -o /boot/grub2/grub2.cfg


grub-mkconfig -o /boot/grub/grub.cfg

Tuesday, June 19, 2012

Windows 7 as wifi hotspot

Start your Network and Sharing center from the Control Panel

  1. Create a virtual wifi adapter. From an elevated dos prompt:
    netsh wlan set hostednetwork mode=allow ssid=mobile_hotspot key=password keyUsage=persistent

    In the Network and Sharing center, you’ll notice a new wireless connection, the default name will probably be “Wireless Network Connection 2”. Remember this, you’ll need it in step 2

  2. Choose a network connection you want to share, e.g. your Local Area Network Connection. Choose properties, the Sharing tab and enable the “Allow other network users …”.
    Select the “Wireless Network Connection 2” (or something else from step 1) as Home networking connection.

  3. Start the wifi hotspot. From an elevated dos prompt:
    netsh wlan start hostednetwork

Remember, the wifi hotspot will not start by default, so create a shortcut somewhere. Make sure you enable the “Run as administrator” in the shortcut property.

Tuesday, August 9, 2011

Windows 2008R2 and SCCM 2007 SP2 - Pt7 - Deploy operating systems (Windows 7 SP1)

Another great feature of SCCM is deploying operating systems.
Although you can deploy a whole range of Windows versions, i’m going to focus on deploying Windows 7 with SP1 included.

In order to support Windows 7 (with SP1), you’ll going to have to download and install an extra update from microsoft here kb2489044.

Also, there is an extra issue to deal with.
With the update above installed, it would be possible to support and deploy Windows 7 to known systems, meaning systems that are allready member of the domain and registered with sccm.
Since we’re talking about deploying Windows 7, it is very well possible that a brand new system has been unboxed and you want to deploy it right away. So we’re dealing with unkown systems here.
To support unkown systems, we need to have at least update R2 installed for SCCM 2007 SP2. But update R3 is out so we’re going to install R3.
Before installing R3, there’s a prerequisite here: kb977384.
Then download and install: Update R3 for SCCM 2007 SP2.

Build a reference system
The most easy way to deploy an image is to build a reference system first. This means a plain Windows 7 installation with only the essential software installed that you want to have on every pc. A virtual workstation, like one in VMWare, will do just fine.

  • Download the latest installation media from Microsoft. As of this point: Windows 7 with sp1 included.
  • Create a virtual machine with only the basic requirements (1cpu, 512MB ram, 24GB thin provisioned disk will do just fine). As of Windows 7 we don’t need to think about the fact that hardware we are going to deploy this image to is likely to be using a different HAL since Windows 7 will do a HAL autodetect on boot. If you don’t know what that means, don’t bother :)
  • Boot the virtual machine and boot from the installation medium
  • Keep all the settings default. At the point where Windows setup asks for a username and computername press Control+Shift+F3
  • Windows now boots into audit mode. More on that on my website: Windows 7 Audit Mode
  • Do not close the small sysprep (”Hulpprogramma voor systeemvoorbereiding”) window!!!
  • Now install all the software you want. You can reboot as many times as you like, just don’t close the sysprep window. In my case i’m only installing:
    • vmware client installation
    • from a dosprompt: “powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c” to set the power profile to high performance. This prevents the client from going into standby every time (very annoying!)

    As you’ll see, after every reboot, Windows will automatically reboot into Audit Mode again.

  • Copy the content of “C:\Program Files\VMware\VMware Tools\Drivers” to a shared folder on your SCCM server, e.g. “\\sccm01\clientdrivers\x86\vmware client\”. This is to ensure we have the appropriate drivers for this system. We’re going to need this to create bootable media for capturing this system.
  • Leave the computer as it is for now

Create capture media
Capturing the installation of the reference system is done through capture media.
This is basically a Windows PE cd/dvd or usb stick that copies the content of the harddisk to a .wim file on an external disk or network share.
When you think about that, it’s easy to understand that the PE environment needs to have access to the local harddisk and network interface.
And that’s why you have to make sure these drivers are available and that’s why we have copied al the drivers to “\\sccm01\clientdrivers\x86\vmware client\” in the last step above.
Now we have to update the capture media with those drivers.

  • From the SCCM Console, expand site database, computer management, operating system deployment, drivers and rightclick drivers and click Import
  • Choose “import all drivers in the following network path” and browse to “\\sccm01\clientdrivers\x86\vmware client\” and click Next
  • In the overview you’ll see that all drivers for the audio, mouse, scsi controller and network controllers are found. Click Next
  • Click “New Package”, Name = “VMWare Client” and Drive Package Source = “\\sccm01\clientdrivers\x86\vmware client\”, select “Update distribution points when ready” and click Next
  • Do not update any boot images at this point and click Next, Next, Close
  • From the SCCM Console, expand site database, computer management, operating system deployment, Boot Images and rightclick “Boot Image (x86)” and click Properties
  • On the tab “Windows PE” select “enable command support (testing only)” and then click the yellow icon to import drivers
  • Add all drivers, one by one (although only the scsi and network drivers are really relevant) . Eventually click OK and click YES to update the distribution point, Next, Next, Close.
  • Repeat the steps for the x64 boot image
  • From the SCCM Console, expand site database, computer management, operating system deployment, Task sequences, rightclick Task sequences and click Create Task Sequence Media
  • Select “Capture media” and click Next, select “CD/DVD set” and click browse to select an output .iso file (e.g. sccm2007capture.iso) and click Save and click Next
  • Click on Browse and select the boot image that matches your installation (x86 or x64) and click OK and Next, Next, Close

Capture the image

  • Make sure you have a shared folder on your sccm server e.g. “\\sscm01\images” to store the image on.
  • If you are working with a physical system, make sure you have burned the iso that has been created above. If you are working with vmware, put the iso on the datastore.
  • Put the capture media in the dvd player. Autorun will start.
  • “Welcome to the Image Capture Wizard” click Next
  • Destination = “\\sccm01\images\win7sp1referencesystem.wim” and specify the correct network credentials so that after rebooting into PE mode, the capture media knows how to store the image on the SCCM server! Click Next
  • Specify the information asked, click Next and Finish
  • You may see some screens popping up, just wait and the client will reboot automatically and you´ll see the System Center background and the capture in action
  • If all goes well, you’ll eventually get a message “Image successfully captured …”. press OK and the client will reboot. You can then power it off.
    If you let it run, it’ll do some sort of “unattended” installation, but it’s pretty useless since the machine isn’t instructed properly what to do (e.g. like joining the domain, install extra components etc).

Import the image in SCCM

  • Now that the image has been captured, we have to import it to SCCM
  • From the SCCM Console, expand site database, computer management, operating system deployment, Operating System Images and rightclick “Operating System Images” and click “Add Operating System Image”.
  • Point to the share where the images is located, e.g. “\\sccm01\images\win7sp1referencesystem.wim” and click Next, Next, Next, Close
  • Rightclick the just created Operating System Image and click “Manage Distribution Points” and click Next, select “Copy the package to …” and click Next, select your SCCM server and click Next, Next, Close.

Prepare the PXE server

  • Expand (in order) site database, site management, <your site>, site settings, site systems, <your server> and rightclick your server, select New Roles, Next, select “PXE service point” + Next
  • Click yes at the warning.
  • Select “Enable unkown computer support” and click OK at the warning dialog
  • Deselect “require a password …” and click Next, Next, Next, Close

Create the Configmgr package

  • Expand site database, computer management, software distribution and packages
  • Rightclick Packages, select New, Package from Definition and click Next
  • Select the “Configuration Manager Client Upgrade” and click Next
  • Select “Always obtain files from a source directory” and click Next
  • Select UNC path and your SCCM server should have a default share called \\<SERVERNAME>\sms_<SITECODE>\ with a client folder in it, so in my case “\\Sccm01\sms_vl3\Client”. Point to that directory and click Next and Finish
  • Rightclick the just created “Microsoft Configuration Manager Client Upgrade 4.0 ALL” package and select “manage distribution points” and click Next
  • Select “Copy the package …” and click Next
  • Select only the primary distribution point and click Next, Next, Close
  • Rightclick the just created “Microsoft Configuration Manager Client Upgrade 4.0 ALL” package and this time select “Update distribution points” and click Yes

Specify network access
If we’re going to boot from the network later on, and we need to access the distribution points, we need to authenticate.

  • On the SCCM console expand site database, site management, <your site>, site settings, client agents and rightclick “Computer Client Agent” and select properties.
  • Click on the “Set” button at Network Access Account.
  • Specify the Administrator account for now and click OK and OK
  • As of a security perspective this might not be best practice but for now it’s OK

Pretty much everything is covered now.
So if we would unbox a new computer, connect all the wires and execute a network boot, this is what we would see:
In red: The WDS (or SCCM) server is not responding.
In green: the mac address of this client.

What we need to do next is create a task somehow to deploy Windows 7 to this computer.

Create a collection

  • On the SCCM console expand site database, computer management, collections, and richtclick collections en click on “New Collection”.
  • Name = “Deploy Win7 with SP1” and click Next
  • No membership rules are needed so just click Next and click OK on the warning.
  • Click Next Next Close.

Add the computer (mac address) to the collection

  • On the SCCM console expand site database, computer management, operating system deployment, computer association, and richtclick computer association and click on “Import Computer Information”.
  • Select “Import Single Computer” and click Next.
  • Provide the desired computername, e.g.”win7-001”, and provide the mac address of the client. Click Next, Next
  • At “Choose Target Collection” select the collection that we’ve created above “Deploy Win7 with SP1”, Next, Next, Close

Create a Task Sequence

  • On the SCCM console expand site database, computer management, operating system deployment, Task Sequences, and rightclick Task Sequences and click on “New, Task Sequence”.
  • Select “Install an existing image package” and click Next.
  • Give the sequence a name like “Install Windows 7 with SP1 on new systems” and select the boot image that corresponds with the architecture, e.g. x86, and click Next
  • Select the Image Package (which is your previously captured image) and at Image select “All Images” (this is because a normal Windows 7 installation also contains a 100MB boot partition). Fill in the rest of the information, like the license code and type, and click Next.
  • Specify the domain to join with the right credentials and the OU you want to place the computeraccount in and click Next
  • Click Browse to select the Configuration Manager package. Click Next.
  • Deselect all Stage Migration settings, we’re not going to do that on new systems. Click Next
  • “Don’t install any software updates” and click Next, Next, Next, Close.

Modify the task sequence
There is a small “bug” in the default task sequence if you ask me.
If you edit the task sequence, you’ll see that the network configuration is taking place before the device drivers are installed. This should be in reversed order.

  • On the SCCM console expand site database, computer management, operating system deployment, Task Sequences, and rightclick the sequence created above and click on Edit.
  • Select the green item called “Apply network settings” and drag it just below “Setup Operating System”

With that out of the way there is something with the partitioning to worry about:

  • Select the green item called “Partition Disk” and in the “Volume” overview, you’ll see two volumes. One Primary volume with a fixed size of 100MB and one Priamary volume with a fixed size of the original disk of the reference system. Select that volume and click edit. Select “Use a percentage…” and set it to 100%. Click OK and OK.
  • Select “Apply Operating System” and make sure that at “Apply operating system from a captured image” image 2-2 is selected
  • Select “Apply data image 1” and make sure that at “image” image 1-1 is selected
  • Drag task “Apply data image 1” above “Apply Operating System” and beyond “Partition disk”

If you want you can add custom taks or edit. Just look around, very cool! :-)
Hint: look at the partitioning settings and when formatting the disks, make sure you select quick format. Saves a lot of time!

Assign (advertise) the task sequence to new computers

  • On the SCCM console expand site database, computer management, operating system deployment, Task Sequences, and rightclick the sequence created above and click on Advertise.
  • Click on the browse button to select a collection and select the “Deploy Win7 with SP1” collection that we have created before. Also select “Make this task sequence available to boot media and PXE”. Click Next, Next.
  • At the Distribution Point screen, make sure you also select “When no local distribution point is available, use remote distribution point” and click Next, Next, Next, Next, Close.

If you go to the “Deploy Win7 with SP1” collection, doubleclick on the “Win7-001” and go to the advertisements tab, you’ll see that the “Install Windows 7 with SP1 on new systems” is assigned to this computer.

That’s it. Perform a network boot and sit back!

Thursday, June 23, 2011

Windows 7 point and print / trusted printer dialog

(for mr Face ;-) )

Whereas point and print restrictions was a user policy for clients < Win7, as of Win7 it is a computer policy.
So to prevent installations prompts for printers:

  • Computer Configuration
  • Policies
  • Administrative Templates
  • Point and Print restrictions = Disabled

Friday, May 20, 2011

Disable ipv6 and Teredo

To completely disable ipv6 and the Teredo interface:

reg add "HKLM\SYSTEM\CurrentControlSet\services\Tcpip6\Parameters" /v DisabledComponents /t REG_DWORD /d "255" /f

“255” decimal stands for 0×000000ff hexadecimal.
However, this isn’t listed here: Nonetheless this setting suits my needs best.

Wednesday, May 11, 2011

Windows 7 set environment variables permanently

It’s not that hard to set environment variables for a current (dos) session.
But sometimes you want to set or update variables permanently, e.g. the Path variable.
Windows 7 has a nice built-in tool called “setx” to do these sort of things (and more).

setx /M PATH "%path%;c:\bla"

Where /m makes it system-wide instead of the current user.

Thursday, April 28, 2011

Windows 7 temporary profile after profile cleanup

After cleaning up a userprofile on a Windows 7 station (Deleting folders “c:\users\MyUserAccount” and the roaming profile on “\\fs01\profiles\MyUserAccount”) i thought i would start with a clean profile.
But Windows kept logging user “MyUserAccount” in with a temporary profile.

It seems that Windows keeps a list of profile locations in the registry. If that location for a certain user can’t be found, the user is logged on with a temporary profile.
This is the key:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

What you see there is a lists of profile SID’s, so you have to check them all out to find your user and delete the whole key accordingly.

I thought it would be handy to write a script that automates this.
It checks for a key called “ProfileImagePath” and if the value in that key (e.g. c:\users\JohnDoe) doesn’t exist on the local system, it wipes the whole registry key from the ProfileList.

Save as W7ProfileListCleanup.vbs:


Dim WSHShell, oFSO, strComputer, ProfileListRegistryLocation, ArrayWithProfileSIDS, Subkeys, HKEY_LOCAL_MACHINE

Set WSHShell = CreateObject("WScript.Shell")
Set oFSO = CreateObject("Scripting.FileSystemObject")
strComputer = "."
Set objRegistry = GetObject("winmgmts:\" & strComputer & "\root\default:StdRegProv")

ProfileListRegistryLocation = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
RegistryKeyContainingPath = "ProfileImagePath"

Function CheckAndDelete(LocalProfileDir, ProfileSID, FullPath)
  If not oFSO.FolderExists(LocalProfileDir) then
    WScript.Echo "NOT FOUND: " + LocalProfileDir
    DeleteProfileListKeyRecursive FullPath
    WScript.Echo "OK:        " + LocalProfileDir
  end if
End Function

Function DeleteProfileListKeyRecursive(FullPath)
  WSHShell.Run "reg delete ""HKLM" + FullPath + """ /f", 0, True
  WScript.Echo "- Deleted: " + FullPath
End Function


objRegistry.EnumKey HKEY_LOCAL_MACHINE, ProfileListRegistryLocation, ArrayWithProfileSIDS

For Each ProfileSID In ArrayWithProfileSIDS
  FullPath = ProfileListRegistryLocation & "" & ProfileSID
  objRegistry.GetExpandedStringValue HKEY_LOCAL_MACHINE, FullPath, RegistryKeyContainingPath, LocalProfileDir
  CheckAndDelete LocalProfileDir, ProfileSID, FullPath

Friday, April 22, 2011

Change Windows 7 logon background

Whether it’s just for fun or your company wants to brand their Windows 7 logon background, here’s how:

Prepare the system:

reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "OEMBackground" /t REG_DWORD /d "0x1" /f
mkdir c:\windows\system32\oobe\info\backgrounds

Now, at least place the following file in c:\windows\system32\oobe\info\backgrounds.

  • backgroundDefault.jpg

This will be the “fallback” image, so if none of the following files is found the image above will be stretched to fit your current resolution.

Optionally you can place the following files:

  • background768×1280.jpg
  • background900×1440.jpg
  • background960×1280.jpg
  • background1024×1280.jpg
  • background1280×1024.jpg
  • background1024×768.jpg
  • background1280×960.jpg
  • background1600×1200.jpg
  • background1440×900.jpg
  • background1920×1200.jpg
  • background1280×768.jpg
  • background1360×768.jpg

Remeber: file size cannot exceed 256 KB (so i’ve heard, not tested)….

Friday, February 18, 2011

(image based) Windows 7 deployment a-z

As i promised to some folks, i’d publish my howto on how to deploy Windows 7. In this howto, i’m using image based distribution.


  • vm or physical machine
  • Windows 7 dvd
  • Windows® Automated Installation Kit (AIK) (download here and mind your language)

Here we go

  • Boot the machine from the Windows 7 dvd
  • Due to our fast deploy method, i’m not interested in the recovery partition. If a system fails, i’m simply going to deploy it again. Also i don’t need to encrypt the who diks with bitlocker. And last but not least, this keeps the partition structure easy. Therefore this is the time to create the partition structure manually before Windows does it for you and creates the first 100MB partition.
    So: on the screen where you can select your language and keyboard, press SHIFT+F10
  • A dos prompt opens, type
    • diskpart
    • list disk
    • select disk 0
    • create partition primary
    • select partition 1
    • format fs=ntfs quick
    • exit
    • exit
  • Now resume installation as normal, but choose “disk 0, partition 1” when selecting a destination
  • Rest of the installation goes automatically
  • At the point where you are prompted for a username, press CTRL+SHIFT+F3. This is called Audit mode. The system will reboot and log in automatically. It will continue to do this untill you sysprep the system. This gives you the chance to “Microsoft Update” your system and put other applications into the installation.
  • As said before, this is the chance to update your system with everything you want, like applications of your choice or Microsoft Updates. Reboot as many times as you want. Press cancel on the sysprep application after every logon. We’re not going to use the GUI anyway.
  • In the meanwhile, install de Windows® Automated Installation Kit (AIK) on another system.
  • Select an installation source (the dvd) and create a new answer file
  • As you can see, the sysprep stages consist of 7 stages now, but as we’re dealing with image based distribution and have allready processed the Audit stage manually, we’re only interested in 2 stages: Specialize and oobeSystem (Out Of Box Experience). This is important to know. More on these stages can be found at Microsoft’s website.
  • There are a lot of things you can do during all the stages, but i’m going to explain the essentials to make the installation after deployment run really unattended
  • Specialize:
    • Microsoft-Windows-Shell-Setup_neutral: Specify at least the Product Key and ComputerName. CopyProfile=True if you are doing weird things with your profile that needs to be inherited by the Default User profile.
    • Microsoft-Windows-UnattendedJoin_neutral: Specify the domain that needs to be joined, and one level deeper specify the credentials
  • oobeSystem:
    • Microsoft-Windows-International-Core_neutral: Specify the inputlocale, systemlocale and userlocale of your choice.
    • Microsoft-Windows-Shell-Setup_neutral: Specify Registered Owner, Registered Organization, TimeZone (F1 for explanation) and one level deeper:
      • Autologon: count 1, and supply the credentials (and domain if needed)
      • LogonCommands: this is one of the interesting things. I always try to keep the image itself as plain as possible. Instead i’m doing a “postinstallation” of some utilities. I’m calling these by the script i’m calling here. So “AsynchronousCommand(Order=1): CommandLine=C:\w7startup.bat, order=1, requires user input=False, Action=AddListItem
      • OOBE: HideEULAPage=True, HideWirelessSetupInOOBE=True, NetworkLocation=Work, ProtectYourPC=1
      • UserAccounts: Now this is the tricky one. You have to specify at least SOME action here or your unattended installation won’t be unattended and asks for some input in this stage. Create a local account or if that’s unacceptable do something irrelevant like add “Domain Admins” to your local “Administrators” group.
  • Now save your answer file and call it sysprep.xml
  • Place this file on the system you’ve installed in c:\Windows\system32\sysprep\
  • Open a dosprompt, go to the above directory and execute
    Sysprep.exe /generalize /oobe /shutdown /unattend:c:\Windows\system32\sysprep\sysprep.xml
  • The system will shutdown, then capture an image (can be a ghost image, drivesnapshot (very nice tool) image, Microsoft’s own imagex, etc)
    from this installation
  • Your unattended installation is ready.

How to deploy?
There are very cool ways to automate all these steps but these are the basics:

  • Place the image back onto a different pc
  • Copy a simple batchfile called “w7startup.bat” to the harddisk/partition that has just been filled. Simple example:
    @echo off
    IF NOT EXIST C:\Install\vmtools\setup.exe GOTO SKIPVMTOOLS
    echo - vmware tools detected
    start /wait C:\Install\vmtools\setup.exe /s /v"REBOOT=R /qb"
    echo - default login domain
    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t REG_SZ /d "YOURDOMAIN" /f
    echo - disable uac
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
    echo - activate current license key
    start /wait slmgr.vbs /ato //B
    echo - disable hybernate
    powercfg -h off
    echo - set powerscheme
    powercfg -S 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
    echo - java
    start /wait c:\install\java\jre-6u23-windows-i586-s.exe /s /v/qn
    reg add "HKLM\Software\JavaSoft\Java Update\Policy" /v EnableJavaUpdate /t REG_DWORD /d 0x0 /f
    echo all installs done
    del /f c:\w7startup.bat
  • Don’t forget to delete w7startup.bat (”yourself”) at the end of the file, otherwise this file will run on every logon in the future. (or delete the HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Unattend* registry key)
  • Copy all the recent versions of the installation files to the right directories so that your w7startup.bat will pick them up.

That’s it. That wasn’t that hard was it?

Some more on the underlaying techniques:
You don’t want to create an answer file for every pc.
In Windows XP, if you used c:\sysprep\sysprep.inf while creating your sysprepped pc, after deployment you could change values like e.g. the COMPUTERNAME=”" to a different name and the unattended installation would pick that up.
That won’t work with Windows 7 anymore (considering you’ve used c:\windows\system32\sysprep\sysprep.xml).
What sysprep actually does is create a file called C:\Windows\Panther\Unattend.xml based on the sysprep you’ve created. So that’s pretty interesting.
After you’ve deployed your image and you copy the w7startup.bat file and the other installation files, why not edit the C:\Windows\Panther\Unattend.xml file and replace values like:


or change the license key


or if you want a different domain to join:


Sunday, April 11, 2010

(Remove) The system reserved partition (windows 7 / 2k8 r2)

This “system reserved partition” is used for two things:

  • When booting from an encrypted volume (bitlocker), some bootfiles simply can’t be crypted. They reside on this partition
  • Windows Recovery Environment (WinRE)

If you do not need bitlocker and you want to keep things simple (e.g. for imageing purposes), you might want to remove this partition when installing Windows. In this example i assume there’s only one drive and it’s empty.

  • Start Windows setup as usual
  • At the screen where you select your language, keyboard and locale, press Shift+F10. You now enter a dos prompt.
  • diskpart
  • list disk
  • select disk 0
  • create partition primary
  • select partition 1
  • format fs=ntfs quick
  • exit
  • exit
  • now resume setup as normal, but select the primary partition at the partitioning screen