About Nerd Drivel

Knowledge is power. Empower yourself! I've been a computer nerd since I was 7 years old. I started in the days of the Power PC with a Commodore 64. As I grew so did my knowledge and curiosity, anything I could take apart with a screw driver would be opened and investigated. Later on I went on to graduate from a post secondary Computer Engineering program. Today I work in an IT department for a mid sized company, I get to tinker and toy with gadgets of all types, fuelling my passion for technology and software. I understand computers more than I understand some people.

Vivaldi mobile Beta is here.

1560035641

On Sept 9th 2019 Vivaldi finally delivered their Mobile experience in beta form.

First impressions are good, it’s fast and the UI is fairly intuitive. The menus aren’t buried 10 layers deep, so intuitive in fact it took me all of 30 seconds at first boot to sync my data with Vivaldi servers. I hope they keep it this way. If their desktop experience is anything to follow they probably will.

I have been using their desktop browser for a while now, it’s a good alternative to Chrome and Firefox. Their desktop browsing experience is built on chromium, so all Chrome plugins work in Vivaldi as well.

For those curious about Vivaldi’s hostory, the President of this company used to run the show at Opera before it was sold to the Chinese.

He took the money from that sale and started his own browser company, which is now Vivaldi. Me, I can finally ditch the Opera Mobile experience and start using Vivaldi mobile.

Still in beta mind you so I’m sure it will have some hiccups. I also have yet to figure out how to sync my passwords and bookmark data.

While I was writing this post, the mobile browser ended up syncing all my data. Have to be patient I guess.

Advertisements

PowerShell Automation Script for IIS installation and more.

The below script was designed to install IIS with .Net Core Runtime 2.1.x to be used with NOPCommerce. It also enables WinRM (remote management) and changes network settings on the target machine. This is used with Win Server 2019 core to automate deployments with Ansible into AWS.

#
#    The following script changes the Network settings of the Machine
#    disables the firewall, installs IIS and Core Runtime 
#
#Change PS Execution Policy
Set-ExecutionPolicy Bypass -Scope Process -Force

#Enable TLS for Invoke-Webrequest
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols

######################### VARIABLES #############################################

$tmpdir="c:\temp\"
$newhostname="WIN-SRV-CORE-IIS"
$ipAdd="172.18.85.184"
$sMask="28"   #Ex. 24 = 255.255.255.0
$dGate="172.18.85.177"
######################### FUNCTIONS #############################################

function machineNMchange 
{
    #Change the machine name and reboot    
    $curhostname=hostname
    #$localuser="\Administrator"
    #$localcred=$curhostname+$localuser

    if ($newhostname -ne $curhostname)
    {
        Rename-Computer -ComputerName $curhostname -NewName $newhostname -Force -PassThru    
        # Add -LocalCredential $localcred to the above line if you want to be prompted for credentials, otherwise run as Admin
        # Add -Restart at the end if you want to automatically restart
    }
}

function installCoreRT 
{
    #Note that this installs CoreRuntime 2.1.8
    $url = "https://download.visualstudio.microsoft.com/download/pr/c2b2968d-022d-4889-afd0-b02010813c94/bd315e931f55eecfdaea258cf3dee48e/dotnet-hosting-2.1.8-win.exe"
    $outFile = "dotnet-hosting-2.1.8-win.exe"

    if (Test-Path -Path $tmpdir -PathType Container)
    { 
        Write-Host "$tmpdir already exists" -ForegroundColor Red
    }
    else
    { 
        New-Item -Path $tmpdir  -ItemType directory 
        Write-Host "$tmpdir created" -ForegroundColor Red
    }
    
    Invoke-Webrequest $url -OutFile "$tmpdir$outFile"    
    Start-Process -FilePath $tmpdir$outfile -ArgumentList "/quiet /norestart"
}

function installIIS 
{
    #Install IIS
    # To list all Windows Features: dism /online /Get-Features
    # Get-WindowsOptionalFeature -Online 
    # LIST All IIS FEATURES: 
    # Get-WindowsOptionalFeature -Online | where FeatureName -like 'IIS-*'
    # Source: https://weblog.west-wind.com/posts/2017/May/25/Automating-IIS-Feature-Installation-with-Powershell
    $arr = "IIS-WebServerRole","IIS-WebServer","IIS-CommonHttpFeatures","IIS-HttpErrors","IIS-HttpRedirect",
            "IIS-ApplicationDevelopment","NetFx4Extended-ASPNET45","IIS-NetFxExtensibility45","IIS-HealthAndDiagnostics",
            "IIS-HttpLogging","IIS-LoggingLibraries","IIS-RequestMonitor","IIS-HttpTracing","IIS-Security","IIS-RequestFiltering",
            "IIS-Performance","IIS-WebServerManagementTools","IIS-IIS6ManagementCompatibility","IIS-Metabase",
            "IIS-BasicAuthentication","IIS-WindowsAuthentication","IIS-StaticContent","IIS-DefaultDocument","IIS-WebSockets",
            "IIS-ApplicationInit","IIS-ISAPIExtensions","IIS-ISAPIFilter","IIS-HttpCompressionStatic","IIS-ASPNET45"#,"IIS-ManagementConsole"
            #Enable the last value for GUI servers only, for Core leave out.

    foreach ( $iis_value in $arr)
    {
        Enable-WindowsOptionalFeature -Online -FeatureName $iis_value
    }
}

function setNet ([string]$ip, [string]$sm, [string]$dg)
{
    #Disable Firewall
    Set-NetFirewallProfile -Name Domain,Public,Private -Enabled False

    #Disable IPv6
    Disable-NetAdapterBinding -Name "Ethernet" -ComponentID ms_tcpip6
    
    #Change IP
    Set-NetIPInterface -InterfaceAlias "Ethernet" -Dhcp Disabled
    Remove-NetIPAddress -InterfaceAlias "Ethernet" -Confirm:$false
    New-NetIPAddress -InterfaceAlias "Ethernet" -IPAddress $ip -PrefixLength $sm  $ip -DefaultGateway $dg
    #Ex. New-NetIPAddress -InterfaceAlias "Ethernet" -IPAddress "172.18.85.184" -PrefixLength "28" -DefaultGateway "172.18.85.177"
    Set-DnsClientServerAddress -InterfaceAlias “Ethernet” -ServerAddresses "172.18.85.177"   

    #Connection-specific DNS Suffix  . : mshome.net
    #Link-local IPv6 Address . . . . . : fe80::29bf:1ecc:e589:3e2c%4
    #IPv4 Address. . . . . . . . . . . : 172.18.85.182
    #Subnet Mask . . . . . . . . . . . : 255.255.255.240
    #Default Gateway . . . . . . . . . : 172.18.85.177

}

########################## MAIN ####################################################
setNet $ipAdd $sMask $dGate
installIIS
installCoreRT
machineNMchange

#Enables Win RM for remote management
winrm quickconfig -force
shutdown /r /t 0

Windows 10 (1803) UEFI Autounattend.xml network installation.

In Windows 10 version 1803 a new installation prompt has been added. As such in pass 7 oobeSystem, you need to add input locale Component which is located in amd64_Microsoft-Windows-International-Core_neutral.

One other thing that I have changed in the newer version of the Autounattend.xml is that the installer now formats the drive to boot as UEFI and the install.wim (Windows image) is located on my network. Custom wim files over 4GB will not fit on a FAT32 formatted flash drive. As such because you are now grabbing the installation image of the network you may need to inject network drivers into the boot.wim image in the sources folder on the flash drive/installation media. This will allow the installation media to connect to the network and grab the windows installation image from a shared folder. Note that there are two images in the boot.wim file, index 1 and index 2, you want to inject the network drivers into the index 2 in the image file which is the Microsoft Windows Setup image.

C:\>dism /Get-ImageInfo /ImageFile:c:\temp\bootwim\boot.wim

Deployment Image Servicing and Management tool
Version: 10.0.17134.1

Details for image : c:\temp\bootwim\boot.wim

Index : 1
Name : Microsoft Windows PE (x64)
Description : Microsoft Windows PE (x64)
Size : 1,394,055,012 bytes

Index : 2
Name : Microsoft Windows Setup (x64)
Description : Microsoft Windows Setup (x64)
Size : 1,553,327,748 bytes

The operation completed successfully.

DISM GUI no longer seems to support the latest version of Windows 10 either, so all DISM commands need to be performed from the Deployment and Imaging Tools Environment.

Mount the boot.wim and perform the following commands to add the network driver(s) to your image. Note in the above example that the image is 64 bit so only 64 drivers are required for your hardware.

C:\>dism /Mount-Image /ImageFile:c:\temp\bootwim\boot.wim /Index:2 
/MountDir:c:\temp\mount

Deployment Image Servicing and Management tool
Version: 10.0.17134.1

Mounting image
[==========================100.0%==========================]
The operation completed successfully.

C:\>dism /Image:c:\temp\mount /Add-Driver:c:\temp\drivers\64 /Recurse

Deployment Image Servicing and Management tool
Version: 10.0.17134.1

Image Version: 10.0.14393.350

Searching for driver packages to install...
Found 1 driver package(s) to install.
Installing 1 of 1 - oem1.inf: The driver package was successfully 
installed.
The operation completed successfully.

C:\>dism /Unmount-Image /MountDir:c:\temp\mount /Commit

Deployment Image Servicing and Management tool
Version: 10.0.17134.1

Saving image
[==========================100.0%==========================]
Unmounting image
[==========================100.0%==========================]
The operation completed successfully.

As you can see they are 3 simple commands and with the Recurse switch you can add multiple network drivers to the image if you have varying pieces of hardware deployed on your network.

Below is an example of an UEFI Autounattend.xml used to install windows from the network.

  • In pass 1, windowsPE, the Autounattend.xml, formats 2 drives in the machine, a primary one and a secondary one.
  • Also in pass 1 the image is then installed from a network location using domain credentials. You need to make sure the account has read permissions to the network location. The image is installed to disk “0” partition “4”.
  • In the specialize pass, pass 4, the machine is added to the domain using the “joinadmin” account using the Microsoft-Windows-UnattendedJoin component.
  • Finally in version 1803 of windows maybe even 1709 a new installation component was added that asks for Network and Locale information, you can fill this in using the Microsoft-Windows-International-Core component in pass 7

My suggestion would be to copy and paste the below text into a blank text file and save it as an .xml extension. Then take that and open it in Windows System Image manager.

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="windowsPE">
        <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <SetupUILanguage>
                <UILanguage>en-US</UILanguage>
            </SetupUILanguage>
            <UserLocale>en-CA</UserLocale>
            <UILanguageFallback>en-CA</UILanguageFallback>
            <SystemLocale>en-US</SystemLocale>
            <InputLocale>en-US</InputLocale>
            <UILanguage>en-US</UILanguage>
        </component>
        <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <DiskConfiguration>
                <Disk wcm:action="add">
                    <CreatePartitions>
                        <CreatePartition wcm:action="add">
                            <Order>1</Order>
                            <Type>Primary</Type>
                            <Size>250</Size>
                        </CreatePartition>
                        <CreatePartition wcm:action="add">
                            <Order>2</Order>
                            <Type>EFI</Type>
                            <Size>100</Size>
                        </CreatePartition>
                        <CreatePartition wcm:action="add">
                            <Order>3</Order>
                            <Size>128</Size>
                            <Type>MSR</Type>
                        </CreatePartition>
                        <CreatePartition wcm:action="add">
                            <Order>4</Order>
                            <Extend>true</Extend>
                            <Type>Primary</Type>
                        </CreatePartition>
                    </CreatePartitions>
                    <ModifyPartitions>
                        <ModifyPartition wcm:action="add">
                            <Order>1</Order>
                            <PartitionID>1</PartitionID>
                            <Format>NTFS</Format>
                            <Label>Recovery</Label>
                            <TypeID>de94bba4-06d1-4d40-a16a-bfd50179d6ac</TypeID>
                        </ModifyPartition>
                        <ModifyPartition wcm:action="add">
                            <Order>2</Order>
                            <PartitionID>2</PartitionID>
                            <Label>System</Label>
                            <Format>FAT32</Format>
                        </ModifyPartition>
                        <ModifyPartition wcm:action="add">
                            <Order>3</Order>
                            <PartitionID>4</PartitionID>
                            <Label>SOCO</Label>
                            <Format>NTFS</Format>
                            <Letter>C</Letter>
                        </ModifyPartition>
                    </ModifyPartitions>
                    <DiskID>0</DiskID>
                    <WillWipeDisk>true</WillWipeDisk>
                </Disk>
                <WillShowUI>OnError</WillShowUI>
                <Disk wcm:action="add">
                    <CreatePartitions>
                        <CreatePartition wcm:action="add">
                            <Extend>true</Extend>
                            <Order>1</Order>
                            <Type>Primary</Type>
                        </CreatePartition>
                    </CreatePartitions>
                    <ModifyPartitions>
                        <ModifyPartition wcm:action="add">
                            <Label>Storage</Label>
                            <Format>NTFS</Format>
                            <Order>1</Order>
                            <Letter>D</Letter>
                            <PartitionID>1</PartitionID>
                        </ModifyPartition>
                    </ModifyPartitions>
                    <DiskID>1</DiskID>
                    <WillWipeDisk>true</WillWipeDisk>
                </Disk>
            </DiskConfiguration>
            <UserData>
                <ProductKey>
                    <WillShowUI>Never</WillShowUI>
                </ProductKey>
                <AcceptEula>true</AcceptEula>
                <Organization>Some Company</Organization>
                <FullName>Some Company Inc.</FullName>
            </UserData>
            <EnableFirewall>false</EnableFirewall>
            <EnableNetwork>true</EnableNetwork>
            <ImageInstall>
                <OSImage>
                    <InstallTo>
                        <DiskID>0</DiskID>
                        <PartitionID>4</PartitionID>
                    </InstallTo>
                    <InstallFrom>
                        <Path>\\server\IT\WIM\Win10-image.wim</Path>
                        <Credentials>
                            <Domain>domain.local</Domain>
                            <Password>MyP@ssw0rd!</Password>
                            <Username>netadmin</Username>
                        </Credentials>
                        <MetaData wcm:action="add">
                            <Key>/IMAGE/NAME</Key>
                            <Value>Windows 10 Pro</Value>
                        </MetaData>
                    </InstallFrom>
                    <WillShowUI>OnError</WillShowUI>
                </OSImage>
            </ImageInstall>
        </component>
    </settings>
    <settings pass="specialize">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <BluetoothTaskbarIconEnabled>true</BluetoothTaskbarIconEnabled>
            <ComputerName>DTPC-0032</ComputerName>
            <TimeZone>Mountain Standard Time</TimeZone>
            <ShowPowerButtonOnStartScreen>true</ShowPowerButtonOnStartScreen>
            <RegisteredOrganization>Some Company</RegisteredOrganization>
            <ProductKey>VK7JG-NPHTM-C97JM-9MPGT-3V66T</ProductKey>
            <DisableAutoDaylightTimeSet>false</DisableAutoDaylightTimeSet>
            <DoNotCleanTaskBar>true</DoNotCleanTaskBar>
            <RegisteredOwner></RegisteredOwner>
            <OEMName></OEMName>
        </component>
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <Identification>
                <Credentials>
                    <Domain>domain.local</Domain>
                    <Username>joinadmin</Username>
                    <Password>MyP@ssw0rd!</Password>
                </Credentials>
                <JoinDomain>domain.local</JoinDomain>
                <MachineObjectOU>OU=DesktopOU,OU=ComputersOU,DC=domain,DC=local</MachineObjectOU>
            </Identification>
        </component>
    </settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <OOBE>
                <VMModeOptimizations>
                    <SkipWinREInitialization>true</SkipWinREInitialization>
                    <SkipNotifyUILanguageChange>true</SkipNotifyUILanguageChange>
                    <SkipAdministratorProfileRemoval>true</SkipAdministratorProfileRemoval>
                </VMModeOptimizations>
                <HideEULAPage>true</HideEULAPage>
                <HideLocalAccountScreen>true</HideLocalAccountScreen>
                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                <ProtectYourPC>2</ProtectYourPC>
                <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
                <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
            </OOBE>
            <UserAccounts>
                <LocalAccounts>
                    <LocalAccount wcm:action="add">
                        <Password>
                            <Value>BAAcwADAAcgBCEAUAAcwG8Ak=</Value>
                            <PlainText>false</PlainText>
                        </Password>
                        <Description>Local User Account</Description>
                        <DisplayName>LocalUser</DisplayName>
                        <Group>Administrators</Group>
                        <Name>User</Name>
                    </LocalAccount>
                </LocalAccounts>
            </UserAccounts>
            <TimeZone>Mountain Standard Time</TimeZone>
            <RegisteredOrganization>Some Company</RegisteredOrganization>
            <RegisteredOwner>IT Department</RegisteredOwner>
        </component>
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>en-US</InputLocale>
            <SystemLocale>en-CA</SystemLocale>
            <UILanguage>en-US</UILanguage>
            <UILanguageFallback>en-CA</UILanguageFallback>
            <UserLocale>en-CA</UserLocale>
        </component>
    </settings>
    <cpi:offlineImage cpi:source="wim:d:/iso/install_w10_1803.wim#Windows 10 Pro" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

CredSSP, Windows RDP connection error.

Recently Microsoft changed the security in regards to Remote Desktop connections. This was to address a vulnerability that existed with RDP that allowed an attacker to take complete remote control of a Windows PC.

With this came some security changes and you will need to add a registry entry to your machines if you get Security Connection errors in Windows OS and Server OS when you try and use RDP to connect to an older remote machines. When I say older I mean Windows 7 and Server 2008, Windows 8.x might be affected as well.

For more information on CredSSP see this Microsoft article: https://support.microsoft.com/en-ca/help/4056564/security-update-for-vulnerabilities-in-windows-server-2008

In Windows 7 the error looks like the following…

win7

In Windows 10 the error is a little more detailed and looks like this…

To get past this issue all you need to do is add the following registry entry to your machine.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters]
“AllowEncryptionOracle”=dword:00000002

Alternatively here is a reg file in a zip file that you can just run. Make sure you reboot after adding the registry entry.

https://drive.google.com/file/d/13vDjZQqwEGZYNL5wnbig5iOzOs26EKn-/view?usp=sharing

I created a group policy on my Domain to push this registry entry to all computers.

Disabling Automatic Updates on Server 2016

The server 2016 GUI does not provide a means to disable Windows Updates and by default the updates are set automatically download. There is a spot for updates in the GUI but it is a placebo. If you wish you can disable Windows Updates and run them manually at your hearts content, you need to do this via the sconfig text based applet.

Do the following. Start Powershell as admin and run the sconfig command. This is the server configuration text based applet.

Once you have run this applet option 5 is for Windows updates. For productions server the Manual option is probably the best choice.

A pop up will notify you of the changes once selected and from here on in all your updates will have to be downloaded and installed manually.

Virtual Machine Queues and Broadcom NIC Issues

Broadcom network adapters have a very big issue in Windows with Hyper-V. The issue is so big that at one point a year or so ago when I deployed a new Hyper V server with Broadcomm NICs my domain users were unable to use VPN properly due to a crippling network latency. I’m sure Broadcom is aware of this problem and the issue is documented all around the internet. The problem are Virtual Machine Queues, and on Broadcom network adapters they delay traffic to the VM and create latency issues.

There is a quick fix for that though. All you need to so is disable Virtual Machine Queues on your network adapter. It takes 5 min to fix.

To fix it, start up Powershell as an Administrator, then check to see if VMQ is enabled on your adapters, specifically anything by Broadcom.

Run the following command;

Run the Get-netAdapterVMQ

If you see True in the Enabled column, disable VMQ with the following command;

Disable-NetAdapterVmq -Name 'Adapter Name'

See the below example for reference. I even included an error where my name of the adapter wasn’t being caught because there was a space in the name. Use single quotes on the name to avoid this.

Windows PowerShell
Copyright (C) 2014 Microsoft Corporation. All rights reserved.

PS C:\Windows\system32> Get-netAdapterVMQ

Name                           InterfaceDescription              Enabled BaseVmqProcessor MaxProcessors NumberOfReceive
                                                                                                        Queues
----                           --------------------              ------- ---------------- ------------- ---------------
Front End                      Microsoft Network Adapter Mu...#2 True    0:0                            16
Embedded LOM 1 Port 4          Broadcom NetXtreme Gigabit Eth... True    0:0              16            16
Embedded LOM 1 Port 3          Broadcom NetXtreme Gigabit E...#2 True    0:0              16            16
Embedded LOM 1 Port 2          Broadcom NetXtreme Gigabit E...#4 True    0:0              16            16
Embedded LOM 1 Port 1          Broadcom NetXtreme Gigabit E...#3 True    0:0              16            16
Back End(PA)                   Microsoft Network Adapter Mu...#3 False   0:0                            0
Back End(NeoTech)              Microsoft Network Adapter Mult... False   0:0                            0


PS C:\Windows\system32> Disable-NetAdapterVmq -Name Front End
Disable-NetAdapterVmq : A positional parameter cannot be found that accepts argument 'End'.
At line:1 char:1
+ Disable-NetAdapterVmq -Name Front End
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Disable-NetAdapterVmq], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Disable-NetAdapterVmq

PS C:\Windows\system32> Disable-NetAdapterVmq -Name 'Front End'
PS C:\Windows\system32> Disable-NetAdapterVmq -Name 'Embedded LOM 1 Port 1'
PS C:\Windows\system32> Disable-NetAdapterVmq -Name 'Embedded LOM 1 Port 2'
PS C:\Windows\system32> Disable-NetAdapterVmq -Name 'Embedded LOM 1 Port 3'
PS C:\Windows\system32> Disable-NetAdapterVmq -Name 'Embedded LOM 1 Port 4'
PS C:\Windows\system32> Get-netAdapterVMQ

Name                           InterfaceDescription              Enabled BaseVmqProcessor MaxProcessors NumberOfReceive
                                                                                                        Queues
----                           --------------------              ------- ---------------- ------------- ---------------
Front End                      Microsoft Network Adapter Mu...#2 False   0:0                            16
Embedded LOM 1 Port 4          Broadcom NetXtreme Gigabit Eth... False   0:0              16            16
Embedded LOM 1 Port 3          Broadcom NetXtreme Gigabit E...#2 False   0:0              16            16
Embedded LOM 1 Port 2          Broadcom NetXtreme Gigabit E...#4 False   0:0              16            16
Embedded LOM 1 Port 1          Broadcom NetXtreme Gigabit E...#3 False   0:0              16            16
Back End(PA)                   Microsoft Network Adapter Mu...#3 False   0:0                            0
Back End(NeoTech)              Microsoft Network Adapter Mult... False   0:0                            0

WMI Filtering in Group Policy

Item level targeting is great and all, it works well for granular targeting. But with Item Level Targeting you are limited to only Active Directory components.

WMI or Windows Management Instrumentation consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification.

What if I told you you could set up policies that that allow you to target specific users, specific user names, specific hardware, and specific software. Even specific hardware types. You could deploy hardware specific drivers on your domain using WMI flitering.

It’s actually pretty slick, and far superior to anything that SNMP can offer. It is a very powerful tool set for a Sys Aadmin. The level of control for WMI filtering is absolutely amazing and robust. But is it secure? Well that depends, it can be, if you follow best practices there is no reason it shouldn’t be.

WMI filters are similar to SQL queries, for example…

select Version, ProductType from Win32_OperatingSystem where
 ((Version like "10%") and (ProductType = 1))

The above version 10 followed by the wildcard character will select Windows 10 and Server 2016 operating system versions. ProductType = 1 means the desktop OS version, where as type of 3 would mean the server OS version. Finally ProductType = 2 means that the machine is a Domain Controller.

select Version, ProductType from Win32_OperatingSystem where
 ((Version like "6.1%") and (ProductType = 1))

The above is for Windows 7.

select Version, ProductType from Win32_OperatingSystem where
 ((Version like "6.3%") and (ProductType = 3))

Finally the last one is Server 2012 R2.

Note that the name space that this is available in, is root\CIMv2.

If you want to find and query WMI you can use the official tool available from Microsoft, it’s called The WMI Code Creator tool and it’s available here. If the link is dead just search for it. An alternative to this is the NirSoft SimpleWMIView available here, and Wmi Explorer available here.

WMI Code Creator looks something like the following. It allows you to browse all the WMI possibilities and search for property values of WMI classes. For obvious reasons you will need the .NET framework installed on your machine.

 

Creating a WMI Filter is simple. Open up your Group Policy Management application, expand your domain and at the bottom you should have a folder named WMI Filters. In this folder you can also see a collection of WMI Filters and which policies they are applied to.

Right click this folder and select New…

Give your Filter a name and Description, then click Add.

Finish by clicking OK and Save. You have now created a WMI Filter for Server 2016 all versions.

Now you need to apply the filter to a policy. Locate a policy in your Manager, and in the right pane on the bottom under WMI Filtering now you can select the filter you just created.

That’s pretty much it, you can play around with the WMI Code Creator and see that you can do some very granular filtering with this. You can create filters based on OS, CPU, Disk drives anything that you can think of. This is a very powerful tool and if you’re familiar with SQL queries you should have no trouble coming up with some complex filters.

Specific Host Name:

root\CIMV2 – Win32_ComputerSystem – DNSHostName = ‘YourHostname’

 

As a side note if you are a C# .NET developer you can also benefit from WMI using the System.Management namespaces in Visual Studio. You will need to add a reference to it in your Visual Studio project. This allows you to query Microsoft Operating System hardware and retrieve statistics from said machine.

Sample C# Code:

 ManagementObjectSearcher processor = 
 new ManagementObjectSearcher("root\\CIMV2", 
 "SELECT * FROM Win32_PerfFormattedData_Counters_ProcessorInformation");
 foreach(ManagementObject query in processor.Get())
 {
 coreValues.Add((string)query["PercentProcessorTime"]);
 }