PowerShell Automation Script for IIS installation and more.

The below script was designed to install IIS with .Net Core Runtime 2.1.x to be used with NOPCommerce. It also enables WinRM (remote management) and changes network settings on the target machine. This is used with Win Server 2019 core to automate deployments with Ansible into AWS.

#
#    The following script changes the Network settings of the Machine
#    disables the firewall, installs IIS and Core Runtime 
#
#Change PS Execution Policy
Set-ExecutionPolicy Bypass -Scope Process -Force

#Enable TLS for Invoke-Webrequest
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols

######################### VARIABLES #############################################

$tmpdir="c:\temp\"
$newhostname="WIN-SRV-CORE-IIS"
$ipAdd="172.18.85.184"
$sMask="28"   #Ex. 24 = 255.255.255.0
$dGate="172.18.85.177"
######################### FUNCTIONS #############################################

function machineNMchange 
{
    #Change the machine name and reboot    
    $curhostname=hostname
    #$localuser="\Administrator"
    #$localcred=$curhostname+$localuser

    if ($newhostname -ne $curhostname)
    {
        Rename-Computer -ComputerName $curhostname -NewName $newhostname -Force -PassThru    
        # Add -LocalCredential $localcred to the above line if you want to be prompted for credentials, otherwise run as Admin
        # Add -Restart at the end if you want to automatically restart
    }
}

function installCoreRT 
{
    #Note that this installs CoreRuntime 2.1.8
    $url = "https://download.visualstudio.microsoft.com/download/pr/c2b2968d-022d-4889-afd0-b02010813c94/bd315e931f55eecfdaea258cf3dee48e/dotnet-hosting-2.1.8-win.exe"
    $outFile = "dotnet-hosting-2.1.8-win.exe"

    if (Test-Path -Path $tmpdir -PathType Container)
    { 
        Write-Host "$tmpdir already exists" -ForegroundColor Red
    }
    else
    { 
        New-Item -Path $tmpdir  -ItemType directory 
        Write-Host "$tmpdir created" -ForegroundColor Red
    }
    
    Invoke-Webrequest $url -OutFile "$tmpdir$outFile"    
    Start-Process -FilePath $tmpdir$outfile -ArgumentList "/quiet /norestart"
}

function installIIS 
{
    #Install IIS
    # To list all Windows Features: dism /online /Get-Features
    # Get-WindowsOptionalFeature -Online 
    # LIST All IIS FEATURES: 
    # Get-WindowsOptionalFeature -Online | where FeatureName -like 'IIS-*'
    # Source: https://weblog.west-wind.com/posts/2017/May/25/Automating-IIS-Feature-Installation-with-Powershell
    $arr = "IIS-WebServerRole","IIS-WebServer","IIS-CommonHttpFeatures","IIS-HttpErrors","IIS-HttpRedirect",
            "IIS-ApplicationDevelopment","NetFx4Extended-ASPNET45","IIS-NetFxExtensibility45","IIS-HealthAndDiagnostics",
            "IIS-HttpLogging","IIS-LoggingLibraries","IIS-RequestMonitor","IIS-HttpTracing","IIS-Security","IIS-RequestFiltering",
            "IIS-Performance","IIS-WebServerManagementTools","IIS-IIS6ManagementCompatibility","IIS-Metabase",
            "IIS-BasicAuthentication","IIS-WindowsAuthentication","IIS-StaticContent","IIS-DefaultDocument","IIS-WebSockets",
            "IIS-ApplicationInit","IIS-ISAPIExtensions","IIS-ISAPIFilter","IIS-HttpCompressionStatic","IIS-ASPNET45"#,"IIS-ManagementConsole"
            #Enable the last value for GUI servers only, for Core leave out.

    foreach ( $iis_value in $arr)
    {
        Enable-WindowsOptionalFeature -Online -FeatureName $iis_value
    }
}

function setNet ([string]$ip, [string]$sm, [string]$dg)
{
    #Disable Firewall
    Set-NetFirewallProfile -Name Domain,Public,Private -Enabled False

    #Disable IPv6
    Disable-NetAdapterBinding -Name "Ethernet" -ComponentID ms_tcpip6
    
    #Change IP
    Set-NetIPInterface -InterfaceAlias "Ethernet" -Dhcp Disabled
    Remove-NetIPAddress -InterfaceAlias "Ethernet" -Confirm:$false
    New-NetIPAddress -InterfaceAlias "Ethernet" -IPAddress $ip -PrefixLength $sm  $ip -DefaultGateway $dg
    #Ex. New-NetIPAddress -InterfaceAlias "Ethernet" -IPAddress "172.18.85.184" -PrefixLength "28" -DefaultGateway "172.18.85.177"
    Set-DnsClientServerAddress -InterfaceAlias “Ethernet” -ServerAddresses "172.18.85.177"   

    #Connection-specific DNS Suffix  . : mshome.net
    #Link-local IPv6 Address . . . . . : fe80::29bf:1ecc:e589:3e2c%4
    #IPv4 Address. . . . . . . . . . . : 172.18.85.182
    #Subnet Mask . . . . . . . . . . . : 255.255.255.240
    #Default Gateway . . . . . . . . . : 172.18.85.177

}

########################## MAIN ####################################################
setNet $ipAdd $sMask $dGate
installIIS
installCoreRT
machineNMchange

#Enables Win RM for remote management
winrm quickconfig -force
shutdown /r /t 0
Advertisements

Windows 10 (1803) UEFI Autounattend.xml network installation.

In Windows 10 version 1803 a new installation prompt has been added. As such in pass 7 oobeSystem, you need to add input locale Component which is located in amd64_Microsoft-Windows-International-Core_neutral.

One other thing that I have changed in the newer version of the Autounattend.xml is that the installer now formats the drive to boot as UEFI and the install.wim (Windows image) is located on my network. Custom wim files over 4GB will not fit on a FAT32 formatted flash drive. As such because you are now grabbing the installation image of the network you may need to inject network drivers into the boot.wim image in the sources folder on the flash drive/installation media. This will allow the installation media to connect to the network and grab the windows installation image from a shared folder. Note that there are two images in the boot.wim file, index 1 and index 2, you want to inject the network drivers into the index 2 in the image file which is the Microsoft Windows Setup image.

C:\>dism /Get-ImageInfo /ImageFile:c:\temp\bootwim\boot.wim

Deployment Image Servicing and Management tool
Version: 10.0.17134.1

Details for image : c:\temp\bootwim\boot.wim

Index : 1
Name : Microsoft Windows PE (x64)
Description : Microsoft Windows PE (x64)
Size : 1,394,055,012 bytes

Index : 2
Name : Microsoft Windows Setup (x64)
Description : Microsoft Windows Setup (x64)
Size : 1,553,327,748 bytes

The operation completed successfully.

DISM GUI no longer seems to support the latest version of Windows 10 either, so all DISM commands need to be performed from the Deployment and Imaging Tools Environment.

Mount the boot.wim and perform the following commands to add the network driver(s) to your image. Note in the above example that the image is 64 bit so only 64 drivers are required for your hardware.

C:\>dism /Mount-Image /ImageFile:c:\temp\bootwim\boot.wim /Index:2 
/MountDir:c:\temp\mount

Deployment Image Servicing and Management tool
Version: 10.0.17134.1

Mounting image
[==========================100.0%==========================]
The operation completed successfully.

C:\>dism /Image:c:\temp\mount /Add-Driver:c:\temp\drivers\64 /Recurse

Deployment Image Servicing and Management tool
Version: 10.0.17134.1

Image Version: 10.0.14393.350

Searching for driver packages to install...
Found 1 driver package(s) to install.
Installing 1 of 1 - oem1.inf: The driver package was successfully 
installed.
The operation completed successfully.

C:\>dism /Unmount-Image /MountDir:c:\temp\mount /Commit

Deployment Image Servicing and Management tool
Version: 10.0.17134.1

Saving image
[==========================100.0%==========================]
Unmounting image
[==========================100.0%==========================]
The operation completed successfully.

As you can see they are 3 simple commands and with the Recurse switch you can add multiple network drivers to the image if you have varying pieces of hardware deployed on your network.

Below is an example of an UEFI Autounattend.xml used to install windows from the network.

  • In pass 1, windowsPE, the Autounattend.xml, formats 2 drives in the machine, a primary one and a secondary one.
  • Also in pass 1 the image is then installed from a network location using domain credentials. You need to make sure the account has read permissions to the network location. The image is installed to disk “0” partition “4”.
  • In the specialize pass, pass 4, the machine is added to the domain using the “joinadmin” account using the Microsoft-Windows-UnattendedJoin component.
  • Finally in version 1803 of windows maybe even 1709 a new installation component was added that asks for Network and Locale information, you can fill this in using the Microsoft-Windows-International-Core component in pass 7

My suggestion would be to copy and paste the below text into a blank text file and save it as an .xml extension. Then take that and open it in Windows System Image manager.

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="windowsPE">
        <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <SetupUILanguage>
                <UILanguage>en-US</UILanguage>
            </SetupUILanguage>
            <UserLocale>en-CA</UserLocale>
            <UILanguageFallback>en-CA</UILanguageFallback>
            <SystemLocale>en-US</SystemLocale>
            <InputLocale>en-US</InputLocale>
            <UILanguage>en-US</UILanguage>
        </component>
        <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <DiskConfiguration>
                <Disk wcm:action="add">
                    <CreatePartitions>
                        <CreatePartition wcm:action="add">
                            <Order>1</Order>
                            <Type>Primary</Type>
                            <Size>250</Size>
                        </CreatePartition>
                        <CreatePartition wcm:action="add">
                            <Order>2</Order>
                            <Type>EFI</Type>
                            <Size>100</Size>
                        </CreatePartition>
                        <CreatePartition wcm:action="add">
                            <Order>3</Order>
                            <Size>128</Size>
                            <Type>MSR</Type>
                        </CreatePartition>
                        <CreatePartition wcm:action="add">
                            <Order>4</Order>
                            <Extend>true</Extend>
                            <Type>Primary</Type>
                        </CreatePartition>
                    </CreatePartitions>
                    <ModifyPartitions>
                        <ModifyPartition wcm:action="add">
                            <Order>1</Order>
                            <PartitionID>1</PartitionID>
                            <Format>NTFS</Format>
                            <Label>Recovery</Label>
                            <TypeID>de94bba4-06d1-4d40-a16a-bfd50179d6ac</TypeID>
                        </ModifyPartition>
                        <ModifyPartition wcm:action="add">
                            <Order>2</Order>
                            <PartitionID>2</PartitionID>
                            <Label>System</Label>
                            <Format>FAT32</Format>
                        </ModifyPartition>
                        <ModifyPartition wcm:action="add">
                            <Order>3</Order>
                            <PartitionID>4</PartitionID>
                            <Label>SOCO</Label>
                            <Format>NTFS</Format>
                            <Letter>C</Letter>
                        </ModifyPartition>
                    </ModifyPartitions>
                    <DiskID>0</DiskID>
                    <WillWipeDisk>true</WillWipeDisk>
                </Disk>
                <WillShowUI>OnError</WillShowUI>
                <Disk wcm:action="add">
                    <CreatePartitions>
                        <CreatePartition wcm:action="add">
                            <Extend>true</Extend>
                            <Order>1</Order>
                            <Type>Primary</Type>
                        </CreatePartition>
                    </CreatePartitions>
                    <ModifyPartitions>
                        <ModifyPartition wcm:action="add">
                            <Label>Storage</Label>
                            <Format>NTFS</Format>
                            <Order>1</Order>
                            <Letter>D</Letter>
                            <PartitionID>1</PartitionID>
                        </ModifyPartition>
                    </ModifyPartitions>
                    <DiskID>1</DiskID>
                    <WillWipeDisk>true</WillWipeDisk>
                </Disk>
            </DiskConfiguration>
            <UserData>
                <ProductKey>
                    <WillShowUI>Never</WillShowUI>
                </ProductKey>
                <AcceptEula>true</AcceptEula>
                <Organization>Some Company</Organization>
                <FullName>Some Company Inc.</FullName>
            </UserData>
            <EnableFirewall>false</EnableFirewall>
            <EnableNetwork>true</EnableNetwork>
            <ImageInstall>
                <OSImage>
                    <InstallTo>
                        <DiskID>0</DiskID>
                        <PartitionID>4</PartitionID>
                    </InstallTo>
                    <InstallFrom>
                        <Path>\\server\IT\WIM\Win10-image.wim</Path>
                        <Credentials>
                            <Domain>domain.local</Domain>
                            <Password>MyP@ssw0rd!</Password>
                            <Username>netadmin</Username>
                        </Credentials>
                        <MetaData wcm:action="add">
                            <Key>/IMAGE/NAME</Key>
                            <Value>Windows 10 Pro</Value>
                        </MetaData>
                    </InstallFrom>
                    <WillShowUI>OnError</WillShowUI>
                </OSImage>
            </ImageInstall>
        </component>
    </settings>
    <settings pass="specialize">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <BluetoothTaskbarIconEnabled>true</BluetoothTaskbarIconEnabled>
            <ComputerName>DTPC-0032</ComputerName>
            <TimeZone>Mountain Standard Time</TimeZone>
            <ShowPowerButtonOnStartScreen>true</ShowPowerButtonOnStartScreen>
            <RegisteredOrganization>Some Company</RegisteredOrganization>
            <ProductKey>VK7JG-NPHTM-C97JM-9MPGT-3V66T</ProductKey>
            <DisableAutoDaylightTimeSet>false</DisableAutoDaylightTimeSet>
            <DoNotCleanTaskBar>true</DoNotCleanTaskBar>
            <RegisteredOwner></RegisteredOwner>
            <OEMName></OEMName>
        </component>
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <Identification>
                <Credentials>
                    <Domain>domain.local</Domain>
                    <Username>joinadmin</Username>
                    <Password>MyP@ssw0rd!</Password>
                </Credentials>
                <JoinDomain>domain.local</JoinDomain>
                <MachineObjectOU>OU=DesktopOU,OU=ComputersOU,DC=domain,DC=local</MachineObjectOU>
            </Identification>
        </component>
    </settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <OOBE>
                <VMModeOptimizations>
                    <SkipWinREInitialization>true</SkipWinREInitialization>
                    <SkipNotifyUILanguageChange>true</SkipNotifyUILanguageChange>
                    <SkipAdministratorProfileRemoval>true</SkipAdministratorProfileRemoval>
                </VMModeOptimizations>
                <HideEULAPage>true</HideEULAPage>
                <HideLocalAccountScreen>true</HideLocalAccountScreen>
                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                <ProtectYourPC>2</ProtectYourPC>
                <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
                <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
            </OOBE>
            <UserAccounts>
                <LocalAccounts>
                    <LocalAccount wcm:action="add">
                        <Password>
                            <Value>BAAcwADAAcgBCEAUAAcwG8Ak=</Value>
                            <PlainText>false</PlainText>
                        </Password>
                        <Description>Local User Account</Description>
                        <DisplayName>LocalUser</DisplayName>
                        <Group>Administrators</Group>
                        <Name>User</Name>
                    </LocalAccount>
                </LocalAccounts>
            </UserAccounts>
            <TimeZone>Mountain Standard Time</TimeZone>
            <RegisteredOrganization>Some Company</RegisteredOrganization>
            <RegisteredOwner>IT Department</RegisteredOwner>
        </component>
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>en-US</InputLocale>
            <SystemLocale>en-CA</SystemLocale>
            <UILanguage>en-US</UILanguage>
            <UILanguageFallback>en-CA</UILanguageFallback>
            <UserLocale>en-CA</UserLocale>
        </component>
    </settings>
    <cpi:offlineImage cpi:source="wim:d:/iso/install_w10_1803.wim#Windows 10 Pro" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

CredSSP, Windows RDP connection error.

Recently Microsoft changed the security in regards to Remote Desktop connections. This was to address a vulnerability that existed with RDP that allowed an attacker to take complete remote control of a Windows PC.

With this came some security changes and you will need to add a registry entry to your machines if you get Security Connection errors in Windows OS and Server OS when you try and use RDP to connect to an older remote machines. When I say older I mean Windows 7 and Server 2008, Windows 8.x might be affected as well.

For more information on CredSSP see this Microsoft article: https://support.microsoft.com/en-ca/help/4056564/security-update-for-vulnerabilities-in-windows-server-2008

In Windows 7 the error looks like the following…

win7

In Windows 10 the error is a little more detailed and looks like this…

To get past this issue all you need to do is add the following registry entry to your machine.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters]
“AllowEncryptionOracle”=dword:00000002

Alternatively here is a reg file in a zip file that you can just run. Make sure you reboot after adding the registry entry.

https://drive.google.com/file/d/13vDjZQqwEGZYNL5wnbig5iOzOs26EKn-/view?usp=sharing

I created a group policy on my Domain to push this registry entry to all computers.

Disabling Automatic Updates on Server 2016

The server 2016 GUI does not provide a means to disable Windows Updates and by default the updates are set automatically download. There is a spot for updates in the GUI but it is a placebo. If you wish you can disable Windows Updates and run them manually at your hearts content, you need to do this via the sconfig text based applet.

Do the following. Start Powershell as admin and run the sconfig command. This is the server configuration text based applet.

Once you have run this applet option 5 is for Windows updates. For productions server the Manual option is probably the best choice.

A pop up will notify you of the changes once selected and from here on in all your updates will have to be downloaded and installed manually.

Virtual Machine Queues and Broadcom NIC Issues

Broadcom network adapters have a very big issue in Windows with Hyper-V. The issue is so big that at one point a year or so ago when I deployed a new Hyper V server with Broadcomm NICs my domain users were unable to use VPN properly due to a crippling network latency. I’m sure Broadcom is aware of this problem and the issue is documented all around the internet. The problem are Virtual Machine Queues, and on Broadcom network adapters they delay traffic to the VM and create latency issues.

There is a quick fix for that though. All you need to so is disable Virtual Machine Queues on your network adapter. It takes 5 min to fix.

To fix it, start up Powershell as an Administrator, then check to see if VMQ is enabled on your adapters, specifically anything by Broadcom.

Run the following command;

Run the Get-netAdapterVMQ

If you see True in the Enabled column, disable VMQ with the following command;

Disable-NetAdapterVmq -Name 'Adapter Name'

See the below example for reference. I even included an error where my name of the adapter wasn’t being caught because there was a space in the name. Use single quotes on the name to avoid this.

Windows PowerShell
Copyright (C) 2014 Microsoft Corporation. All rights reserved.

PS C:\Windows\system32> Get-netAdapterVMQ

Name                           InterfaceDescription              Enabled BaseVmqProcessor MaxProcessors NumberOfReceive
                                                                                                        Queues
----                           --------------------              ------- ---------------- ------------- ---------------
Front End                      Microsoft Network Adapter Mu...#2 True    0:0                            16
Embedded LOM 1 Port 4          Broadcom NetXtreme Gigabit Eth... True    0:0              16            16
Embedded LOM 1 Port 3          Broadcom NetXtreme Gigabit E...#2 True    0:0              16            16
Embedded LOM 1 Port 2          Broadcom NetXtreme Gigabit E...#4 True    0:0              16            16
Embedded LOM 1 Port 1          Broadcom NetXtreme Gigabit E...#3 True    0:0              16            16
Back End(PA)                   Microsoft Network Adapter Mu...#3 False   0:0                            0
Back End(NeoTech)              Microsoft Network Adapter Mult... False   0:0                            0


PS C:\Windows\system32> Disable-NetAdapterVmq -Name Front End
Disable-NetAdapterVmq : A positional parameter cannot be found that accepts argument 'End'.
At line:1 char:1
+ Disable-NetAdapterVmq -Name Front End
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Disable-NetAdapterVmq], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Disable-NetAdapterVmq

PS C:\Windows\system32> Disable-NetAdapterVmq -Name 'Front End'
PS C:\Windows\system32> Disable-NetAdapterVmq -Name 'Embedded LOM 1 Port 1'
PS C:\Windows\system32> Disable-NetAdapterVmq -Name 'Embedded LOM 1 Port 2'
PS C:\Windows\system32> Disable-NetAdapterVmq -Name 'Embedded LOM 1 Port 3'
PS C:\Windows\system32> Disable-NetAdapterVmq -Name 'Embedded LOM 1 Port 4'
PS C:\Windows\system32> Get-netAdapterVMQ

Name                           InterfaceDescription              Enabled BaseVmqProcessor MaxProcessors NumberOfReceive
                                                                                                        Queues
----                           --------------------              ------- ---------------- ------------- ---------------
Front End                      Microsoft Network Adapter Mu...#2 False   0:0                            16
Embedded LOM 1 Port 4          Broadcom NetXtreme Gigabit Eth... False   0:0              16            16
Embedded LOM 1 Port 3          Broadcom NetXtreme Gigabit E...#2 False   0:0              16            16
Embedded LOM 1 Port 2          Broadcom NetXtreme Gigabit E...#4 False   0:0              16            16
Embedded LOM 1 Port 1          Broadcom NetXtreme Gigabit E...#3 False   0:0              16            16
Back End(PA)                   Microsoft Network Adapter Mu...#3 False   0:0                            0
Back End(NeoTech)              Microsoft Network Adapter Mult... False   0:0                            0

WMI Filtering in Group Policy

Item level targeting is great and all, it works well for granular targeting. But with Item Level Targeting you are limited to only Active Directory components.

WMI or Windows Management Instrumentation consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification.

What if I told you you could set up policies that that allow you to target specific users, specific user names, specific hardware, and specific software. Even specific hardware types. You could deploy hardware specific drivers on your domain using WMI flitering.

It’s actually pretty slick, and far superior to anything that SNMP can offer. It is a very powerful tool set for a Sys Aadmin. The level of control for WMI filtering is absolutely amazing and robust. But is it secure? Well that depends, it can be, if you follow best practices there is no reason it shouldn’t be.

WMI filters are similar to SQL queries, for example…

select Version, ProductType from Win32_OperatingSystem where
 ((Version like "10%") and (ProductType = 1))

The above version 10 followed by the wildcard character will select Windows 10 and Server 2016 operating system versions. ProductType = 1 means the desktop OS version, where as type of 3 would mean the server OS version. Finally ProductType = 2 means that the machine is a Domain Controller.

select Version, ProductType from Win32_OperatingSystem where
 ((Version like "6.1%") and (ProductType = 1))

The above is for Windows 7.

select Version, ProductType from Win32_OperatingSystem where
 ((Version like "6.3%") and (ProductType = 3))

Finally the last one is Server 2012 R2.

Note that the name space that this is available in, is root\CIMv2.

If you want to find and query WMI you can use the official tool available from Microsoft, it’s called The WMI Code Creator tool and it’s available here. If the link is dead just search for it. An alternative to this is the NirSoft SimpleWMIView available here, and Wmi Explorer available here.

WMI Code Creator looks something like the following. It allows you to browse all the WMI possibilities and search for property values of WMI classes. For obvious reasons you will need the .NET framework installed on your machine.

 

Creating a WMI Filter is simple. Open up your Group Policy Management application, expand your domain and at the bottom you should have a folder named WMI Filters. In this folder you can also see a collection of WMI Filters and which policies they are applied to.

Right click this folder and select New…

Give your Filter a name and Description, then click Add.

Finish by clicking OK and Save. You have now created a WMI Filter for Server 2016 all versions.

Now you need to apply the filter to a policy. Locate a policy in your Manager, and in the right pane on the bottom under WMI Filtering now you can select the filter you just created.

That’s pretty much it, you can play around with the WMI Code Creator and see that you can do some very granular filtering with this. You can create filters based on OS, CPU, Disk drives anything that you can think of. This is a very powerful tool and if you’re familiar with SQL queries you should have no trouble coming up with some complex filters.

Specific Host Name:

root\CIMV2 – Win32_ComputerSystem – DNSHostName = ‘YourHostname’

 

As a side note if you are a C# .NET developer you can also benefit from WMI using the System.Management namespaces in Visual Studio. You will need to add a reference to it in your Visual Studio project. This allows you to query Microsoft Operating System hardware and retrieve statistics from said machine.

Sample C# Code:

 ManagementObjectSearcher processor = 
 new ManagementObjectSearcher("root\\CIMV2", 
 "SELECT * FROM Win32_PerfFormattedData_Counters_ProcessorInformation");
 foreach(ManagementObject query in processor.Get())
 {
 coreValues.Add((string)query["PercentProcessorTime"]);
 }

My Home Theatre

It’s been a hiatus… I’ve been a bit busy lately, it’s summer time and all… I’ve been enjoying the beautiful weather with my family but I feel like I’m due, so here we go!

Home Theatre! This topic interest me big time, ever since I bought my “new” house 5 years ago I had been planning to do something nice in terms of an entertainment space. The space I had in my mind was a bit different then your typical audio/videophile types dream of but it’s what I dream’t of at this stage in my life.

I will be the first to admit that this post is late to the game, and I anticipate to upgrade my projector and receiver to native 4k within the next 6-8 months. I have my eye on you Optoma UHD60!

Coming from my previous house (a shoebox) I had a big room to actually call my mancave, a 25’x16′ room. The picture below is pretty unflattering… and it only shows the room from one angle, but this is all I could find for the time being… This was a couple days after we moved in. In hindsight I should’ve taken more before and after photos for this project.

mancave_before-1

Here is the original conceptual design of what I envisioned the room to actually become.

mancave-schematic

First step was to build the A/V closet and shelving, the closet did not exist originally so I had to rip out some drywall and attach into the existing framing. Here is a before picture of where I put the closet in.

AVcloset-before

Here are some pictures of the AV closet build out. The shelf design I found on another site, if I can find it again I will give them a kudos link, man is it a solid design – homemade shelf that can hold a ton of weight and gear. All of the supplies for the shelf I purchased at Canadian Tire and Rona. All of the cabling, connectors, wall plates and in ceiling speakers I purchased through Monoprice.

 

Here are pictures of what it looks like today, don’t mind the mess I have a few kids.

Projector Mount

If you look at the projector mount picture below you’re probably saying wow that’s a crazy mount is this guy a nutcase? Actually it’s pretty much mandatory in my mind to design something like this if the projector is going to be installed in a basement like setting.

When I originally mounted the projector I was truly a newbie… I affixed it directly on the floor joists, what a mistake. The feedback was vicious and the projector was bouncing like no tomorrow… and when it started to bounce it really didn’t recover quickly since there was nothing to absorb the movement that reverberated off the joists.

This is something I came up with through trial and error, this works for me, it doesn’t eliminate movement entirely, if my kids are bouncing off the walls upstairs it will shake, but it’s absorbed quickly by this design and I can rest well knowing that my investment is safe. To date I have almost 5000 lamp hours using this rig and the projector and lamp still lives on.

I used a large piece of MDF that spans three joists, I tapped into the joists using 2 1/2″ wood screws. From there I lined up where the projector was going to be mounted and penciled in four pilot holes where the bolts were going to be installed. These four bolts affix the actual mount to the MDF base, they are 3/8″ in width in my application, the bolts are fairly long I believe around 3 1/2″. I used several washers, rubber grommets and springs as you can see from the photo, these items are doing a lot of the hard work to minimize any vibration and impact.

projector-mount

Projector

At the end of 2012 I was on the hunt for the right projector for me. I didn’t want to spend a ton but I wanted a projector that was a good bang for the buck, but mandatory was good input lag and 3D. I stumbled across the BenQ W1070 Home Theatre DLP Projector. It’s a great unit, I’ve been using it now for almost 5 years, so it’s done really, really well… no issues whatsoever.benq_w1070

 

Screen

I went the Do-It-Yourself route. After abundant research I ended up using the following for the screen paint:

Sherwin Williams ProClassic Smooth Enamel Satin Finish Extra White – 6260 UNIQUE GRAY. I don’t believe Sherwin Williams carries this formulation anymore.

Down the line I believe I will switch to an actual screen for my next projector install. Don’t get me wrong the paint is great and a money saver, but I found that it cannot cover imperfections in your actual drywall. If you look close enough you can pick up on these subtle things while the unit is on.

I used a somewhat dark color for the rest of the wall around the screen. Sherwin Williams Classic 99 Satin Finish Extra White – 6549 ASH VIOLET.

The screen is approximately 110″ measured diagonally.

Screen Frame

I used 2 1/2″ MDF trim I mitered the corners at 45 degrees and installed L shaped hinges on the back side. I primed and painted with flat black paint and used brad nailer to affix it to the wall.

Speakers

I opted for a 7.1 configuration, the front and center speakers I got a sweet deal on from Newegg, they were on clearance dirt cheap… I could not pass it up. I picked the JBL Studio 1 Series Studio 190 Front and Center speakers. For the subwoofer I went with the Klipsch KW-100, for the sides I went with Klipsch RS-62s. For the in ceiling I went with Monoprice 6-1/2 Inches Kevlar 2-Way In-Ceiling Speakers.

The in-ceiling speakers I cut a plywood template to hold the speaker since I have a drop ceiling with soft fiberglass tiles. The plywood template fits into the 2’x2′ grid and the grid take the weight of the speaker and not the tile.

For the Klipsch surround speakers, I mounted the speaker to a stud on opposing walls using a single screw.

I am not an audiophile but they sound good to me, most would recommend not mixing and matching, but really for me I was going with the best value/deal at the time as speakers can be really expensive for something better then bottom of the barrel.

AV Receiver

For the receiver I went with the Onkyo TX-NR616, I had never purchased an Onkyo before but I can say I have been really happy with it.

The receiver can not fully power my front speakers in it’s current 7.1 configuration, if I used 5.1 it can power them fully, but the sound is still good, I don’t pump it too often… just something to keep in mind if you are purchasing an AV unit.

The one issue I have had which seems to be some kind of glitch where HDMI switching stops working after the projector is turned off, it doesn’t happen all the time… it is a random thing. Simply recycling power on the receiver corrects the issue.

IR Repeater

For extending my IR remotes (satellite receiver, AV receiver, etc…) I went the cheap route. I picked up a USB powered IR repeater from Amazon – Neoteck IR Repeater Infrared Remote 1 Receiver 4 Emitters Control Kit. I just plugged it into my AV receiver’s USB port to get power, and I installed the IR receiver discreetly along the edge of my drop ceiling. It’s cheap but it does the job and I can close my cabinet if need be and not have to fight with pointing remotes directly at the device.