Community

Rubrik at Cloud Field Day – Backup your Cloud Today

Theresa Miller - Thu, 08/17/2017 - 05:30

During Cloud Field Day in the Bay area we met with the Rubrik Team, Chris Wahl, Rebecca Fitzhugh and Andrew Miller.  I was excited to learn more about what they are doing with their product and the ability to do backups in the cloud.  More specifically their solutions work great with Amazon Web Services (AWS) […]

The post Rubrik at Cloud Field Day – Backup your Cloud Today appeared first on 24x7ITConnection.

Microsoft announces two new Azure regions in Australia

Theresa Miller - Tue, 08/15/2017 - 16:54

Australia’s capital city, Canberra, is a very important battle ground for the major technology vendors. Google and Microsoft both like to be seen in the press among the nation’s government heads and decision makers. While Google have had a few wins, Microsoft’s latest wins may give it the advantage in the Cloud wars within the […]

The post Microsoft announces two new Azure regions in Australia appeared first on 24x7ITConnection.

Can rock stars fuel impostor syndrome, and what you need to know to protect yourself

Theresa Miller - Mon, 08/14/2017 - 05:05

If you’re in tech, you’ve probably heard of impostor syndrome. You’ve also most likely encountered so-called rock stars. But have you ever wondered if one feeds into the other? If the two are related, what can you do to protect yourself and keep a healthy view of your own talents and accomplishments? Words construct our […]

The post Can rock stars fuel impostor syndrome, and what you need to know to protect yourself appeared first on 24x7ITConnection.

Amazon Connect Expands to Europe

Theresa Miller - Tue, 08/08/2017 - 05:30

Recently, Amazon Connect expanded its offering to Europe, in the Frankfurt AWS Region.  Previously, Amazon Connect was only available in the in the US East and Asia Pacific regions.  When we think of AWS, many of us technologists begin to think of instances hosting our applications in the cloud.  The fact of the matter is […]

The post Amazon Connect Expands to Europe appeared first on 24x7ITConnection.

ServiceNow at Cloud Field Day – Not just for IT Anymore

Theresa Miller - Mon, 08/07/2017 - 13:10

Recently I attended Cloud Field Day in the Bay area an one of the product presentations was delivered by ServiceNow.  I have used ServiceNow, and I instantly think helpdesk solution.  As the team unveiled their current initiatives it became clear that they are doing quite a bit more for the business side as well, and […]

The post ServiceNow at Cloud Field Day – Not just for IT Anymore appeared first on 24x7ITConnection.

UK Citrix User Group 2017, Autumn Meeting – London

Citrix UK User Group - Thu, 08/03/2017 - 22:08

Our 22nd event will take place in London on 27th of September. Save the date. Full agenda will be released nearer the event – if you’d like to contribute, by all means drop your session idea to us Venue Blue Fin …

Read more »

The post UK Citrix User Group 2017, Autumn Meeting – London appeared first on UK Citrix User Group.

NetApp at Cloud Field Day

Theresa Miller - Thu, 08/03/2017 - 05:30

I recently attended Cloud Field Day in the Bay area and one of the companies I had the privilege of meeting with for a product strategy review was NetApp.  If you are familiar with NetApp they are traditionally a storage provider, but they are moving forward with a new visionary shift that will change them […]

The post NetApp at Cloud Field Day appeared first on 24x7ITConnection.

Implement Windows Server 2016 Active Directory

Theresa Miller - Wed, 08/02/2017 - 05:30

Windows 2016 has been out some time now.  As as older operating systems continue to become outdated, and become closer to end of life Windows 2016 should be on your mind for your next Active Directory upgrade.  IT professionals and security teams are also are very interested in the why and how of the latest […]

The post Implement Windows Server 2016 Active Directory appeared first on 24x7ITConnection.

All-New Cisco Catalyst 9000 Series Switches

Theresa Miller - Thu, 07/27/2017 - 05:30

Earlier in my career I did quite a bit of work with Cisco Catalyst switches. Lately, I’ve been mostly working with Cisco Nexus products, due to the time I’ve been spending in the data center. I was excited to see Cisco recently refreshed their Catalyst line of switches by introducing the Cisco Catalyst 9000 Series […]

The post All-New Cisco Catalyst 9000 Series Switches appeared first on 24x7ITConnection.

Setting up Windows Defender Advanced Threat Protection

Aaron Parker's stealthpuppy - Tue, 07/25/2017 - 08:22

Understanding what Windows Defender Advanced Threat Protection (ATP) actually is had eluded me for a while – it’s not included in something like EMS, it’s not available with a Visual Studio Enterprise subscription and you’ll need to request an evaluation from Microsoft (and hope it’s approved) to test it out. Windows Defender ATP is licensed as a component of the Windows 10 Enterprise E5 or the Secure Productive Enterprise (soon to be Microsoft 365) E5 subscriptions.

So what is ATP? According to Microsoft, Windows Defender Advanced Threat Protection is:

Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks.

Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft’s robust cloud service:
Endpoint behavioral sensors:

  • Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system (for example, process, registry, file, and network communications) and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP.
  • Cloud security analytics: Leveraging big-data, machine-learning, and unique Microsoft optics across the Windows ecosystem (such as the Microsoft Malicious Software Removal Tool, enterprise cloud products (such as Office 365), and online assets (such as Bing and SmartScreen URL reputation), behavioral signals are translated into insights, detections, and recommended responses to advanced threats.
  • Threat intelligence: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Windows Defender ATP to identify attacker tools, techniques, and procedures, and generate alerts when these are observed in collected sensor data.

In short, Windows Defender ATP is a cloud-based threat management/protection solution for Windows 10 that does not require deployment of agents (because they’re inbox features), that will also work with 3rd party anti-virus solutions. 

Microsoft positions ATP for enterprise customers, but given the integration with their other products and that it’s a completely cloud-hosted platform, this should be for everyone (budget concerns aside). Many small to medium organisations (and partners) that I talk to are actively looking at ways to reduce their on-premises infrastructure.

Setting up Windows Defender Advanced Threat Protection

To give you an idea of what does the setup process for ATP looks like, I’ve documented the experience during setup in my own tenant. The gallery below shows a screenshot of each step including onboarding a device and performing a detection test.

Provisioning ATP is as easy process – the hardest part for me was working out where to access to the console – if you’re looking for it, here it is: https://securitycenter.windows.com/

Onboard a Windows 10 device with Intune

With ATP deployed, you can now use Intune (or another MDM solution) to onboard a device into ATP. You could also use Group Policy, ConfigMgr, or a script

Previously you would have to need to create a custom Intune policy to push out an OMA-URI setting. Now in the Azure portal, pushing out the policy is easier.  Intune provides an in-built profile for onboarding and offboarding devices using configuration packages downloaded from the ATP console. 

Create a new profile for Windows 10, choose the ‘Windows Defender ATP (Windows 10 Desktop)’ profile type and select the onboarding package. In the screenshot below, I have populated both the onboarding and offboarding packages, but you would only deploy an onboarding package.

Configure the Windows ATP onboard and offboard package in Microsoft Intune

With the profile created, assign it to a group. In my example here, I’m assigning the profile to a Windows 10 dynamic group.

Target the Intune policy to a device (or user) group

With devices onboarded, you can start monitoring them in the Windows Defender ATP console:

Machines List in the Windows Defender ATP console

I may dig further into Windows Defender Advanced Threat Protection features in a future article.

This article by Aaron Parker, Setting up Windows Defender Advanced Threat Protection appeared first on Aaron Parker.

Categories: Community, Virtualisation

Troubleshooting Splunk Error “Search Process Did Not Exit Cleanly”

Helge Klein - Thu, 07/20/2017 - 22:30

When Splunk displays an orange warning triangle instead of a chart or table it is time to investigate. Start by clicking the triangle to bring up a dialog with the error message. In my case that looked like this:

Search process did not exit cleanly, exit_code=255

Finding the Root Cause

In many cases, the best resource for troubleshooting Splunk searches is Search job inspector. You can open it by clicking the i icon below a chart:

This opens Search job inspector in a new browser tab. The top of the page summarizes search properties and lists the errors that have occured:

Sometimes that is all you need. Not in this case, though. We have a distributed deployment with search head and indexer clusters. In such a scenario it is not always trivial to get to the right log file from the right machine.

Scroll to the bottom of the page and expand Search job properties. Scroll down once more. The last row has what we need: links to the relevant search logs on the indexers:

As you saw above we got the same error on both our indexers splunk-l3 and splunk-l4. We’ll just look at splunk-l3 for now by clicking the link in the additional info row in search job inspector. This is what we get:

07-20-2017 22:39:24.810 INFO dispatchRunner - Search process mode: preforked (reused process) 07-20-2017 22:39:24.811 INFO dispatchRunner - registering build time modules, count=1 07-20-2017 22:39:24.811 INFO dispatchRunner - registering search time components of build time module name=vix 07-20-2017 22:39:24.812 INFO BundlesSetup - Setup stats for /opt/splunk/var/run/searchpeers/13A7F4FB-8087-49CF-9097-2497E1AB27B3-1500582939: wallclock_elapsed_msec=67, cpu_time_used=0.0360000, shared_services_generation=2, shared_services_population=1 07-20-2017 22:39:24.812 INFO UserManager - Setting user context: splunk-system-user 07-20-2017 22:39:24.812 INFO UserManager - Done setting user context: NULL -> splunk-system-user 07-20-2017 22:39:24.812 INFO UserManager - Unwound user context: splunk-system-user -> NULL 07-20-2017 22:39:24.812 INFO UserManager - Setting user context: helge 07-20-2017 22:39:24.812 INFO UserManager - Done setting user context: NULL -> helge 07-20-2017 22:39:24.814 INFO dispatchRunner - search context: user="helge", app="uberAgent", bs-pathname="/opt/splunk/var/run/searchpeers/13A7F4FB-8087-49CF-9097-2497E1AB27B3-1500582939" 07-20-2017 22:39:24.814 INFO SearchParser - PARSING: tstats sum(Process_NetworkTargetPerformance.NetTargetSendMB) AS "Send volume (MB)" sum(Process_NetworkTargetPerformance.NetTargetReceiveMB) AS "Receive volume (MB)" sum(Process_NetworkTargetPerformance.NetTargetSendReceiveMB) AS "Send+Receive volume (MB)" from datamodel=uberAgent.Process_NetworkTargetPerformance where (nodename = Process_NetworkTargetPerformance) (Process_NetworkTargetPerformance.NetTargetRemotePort="*") (Process_NetworkTargetPerformance.AppName=*) (host="*") groupby Process_NetworkTargetPerformance.AppName prestats=true | addinfo type=count label=prereport_events | fields keepcolorder=t "Process_NetworkTargetPerformance.AppName" "Process_NetworkTargetPerformance.NetTargetReceiveMB" "Process_NetworkTargetPerformance.NetTargetSendMB" "Process_NetworkTargetPerformance.NetTargetSendReceiveMB" "prestats_reserved_*" "psrsvd_*" | prestats dedup_splitvals=t sum("Process_NetworkTargetPerformance.NetTargetReceiveMB") sum("Process_NetworkTargetPerformance.NetTargetSendMB") sum("Process_NetworkTargetPerformance.NetTargetSendReceiveMB") by "Process_NetworkTargetPerformance.AppName" 07-20-2017 22:39:24.873 INFO UserManager - Unwound user context: helge -> NULL 07-20-2017 22:39:24.874 ERROR dispatchRunner - RunDispatch::runDispatchThread threw error: Comparator '=' has an invalid term on the right hand side: NetTargetSendLatencyMs*NetTargetSendLatencyCount

Bingo! The last row has an error message pointing to a problem with the expression NetTargetSendLatencyMs*NetTargetSendLatencyCount. At last we know what’s wrong.

Fixing the Error

The search is against a data model, so let’s look for the problematic expression NetTargetSendLatencyMs*NetTargetSendLatencyCount in the app’s data model JSON file, located in the app subdirectory default/data/models. The expression is used in a field calculated by the following eval expression:

(NetTargetSendLatencyMs*NetTargetSendLatencyCount)

Exactly what Splunk was complaining about. Apparently Splunk has recently become a bit finicky when fields are NULL in calculations. Let’s replace the expression with something a bit safer:

if (isnotnull (NetTargetSendLatencyMs), if (isnotnull (NetTargetSendLatencyCount), NetTargetSendLatencyMs*NetTargetSendLatencyCount, null()), null())

And that’s it. Happy splunking!

The post Troubleshooting Splunk Error “Search Process Did Not Exit Cleanly” appeared first on Helge Klein.

Microsoft Inspire delivers new Cloud products

Theresa Miller - Tue, 07/18/2017 - 05:30

Washington DC recently hosted Microsoft Inspire, the rebranded name for the company’s Worldwide Partner Conference. Alongside the One Commercial Partner announcement (a restructure of how the company engages with partners of all sizes), they snuck in some Cloud product news too. Microsoft 365 Not known for their brilliance with product names, Microsoft released Microsoft 365 […]

The post Microsoft Inspire delivers new Cloud products appeared first on 24x7ITConnection.

Protecting a Cloud Jump Box with Duo Free

Aaron Parker's stealthpuppy - Sun, 07/16/2017 - 01:45

Deploying a jump box into a cloud environment such as Azure or AWS, is a common way of providing access into said environment through a single entry point. Often access to the jump box will be restricted by source IP, but that approach isn’t completely secure for many reasons – admins don’t update the rules, source IP doesn’t identify the user etc.

One of the best ways to protection authentication to a remote Windows box is via multi-factor authentication (MFA). Keep source IP rulesets if you want, but add MFA to ensure that even if a user’s password is compromised, additional authentication information is always enforced.

In most Azure environments I’ve deployed, the customer is licensing Azure AD Premium which we could integrate with RD Gateway and RD Web Access for securing authentication to the jump box via the Azure MFA Server. The issue there is that it requires deploying more complexity than necessary for a jump box and likely extra licensing for the RD Gateway role. Less than ideal.

So I went looking for a more cost effective way of securing remote access to cloud environments – something that’s light weight, runs on a single VM and ideally wouldn’t require additional licensing.

Fellow CTP and all round knowledgeable guy, Jarian Gibson recommended checking out Duo. Duo are an identity provider including MFA who have a a free version that gives you two-factor authentication for up to 10 users.

Adding MFA to a Jump Box

Signing up for Duo and adding MFA to a Windows Server VM running in Azure is a simple process:

  1. Sign up for Duo. A Duo account is free – this provides you with a control panel used to add Duo support for multiple applications. Install the Duo Mobile app on your phone to enable MFA prompts as phone calls and SMSs are not free. Duo gives you 490 ‘Telephone credits’, but you’ll need to add a credit card to purchase more.
  2. Add a user account to Duo that matches the account on the jump box. My jump box is a stand-alone server, so the account in Duo matches the username of an account local to the VM
  3. Choose to add MFA to ‘Microsoft RDP‘. Duo have about 125 applications they can add authentication features to, and their documentation for setup is very good.
  4. Install the Duo Authentication for Windows Logon on the target VM. The hardest part about this step was actually finding the binaries to install the agent. It’s linked in the documentation (of course) but for whatever reason, I just couldn’t see it.
  5. Keep the bad guys out

Here’s what the process looks like:

Setup

Adding Microsoft RDP (and local logon) support is as simple as clicking the ‘Protect this Application’ link. When you added, you’ll find an Integration Key, Secret Key and API hostname that will be used by the Duo agent on the target VM to authenticate against Duo for MFA prompts.

Authentication details for Microsoft RDP

As you can see in the screenshot there’s a number of options for customising authentication; however, in this case I’ve accepted all of the defaults.

Next, add a user to Duo that matches the username in the target environment. This can be a user in Active Directory or a local user account. In my test environment, my jump box is not a member of AD, but I could make the VM a member of a domain. The ability to target domain or local users is great because it provides flexibility.

Adding a user in the Duo Console

For this user account, I’ve added a phone number which then allows me to send a link for adding the account to the Duo Mobile app on the user’s phone.

Activating an account on the Duo Mobile app

Send a link to the user which can be customised:

Send an activation link to the user

Here’s what appears on the user’s phone – tap the link and it will open in the Duo app.

Duo activation link sent to the phone

And the account now added to the phone. Here’s I have my Duo admin account, plus the account on the jump box. I’m not sure whether the display name can be changed, but it does show my customised logo configured in the Duo admin console.

Accounts in the Duo Mobile ap, but t

So setup of Microsoft RDP and a user account in the Duo console is quick and easy, so onto installing the Duo agent on my target VM.

Installing the Duo Agent

Logon to your target VM, download the Duo Authentication for Windows Logon agent and run the installer. During install you’re asked for the account details setup previously in the admin console. 

Adding the Duo account details to the agent

The installer supports a silent install, so you could for example, add the agent with authentication details with PowerShell DSC during deployment of the VM.

One the agent is install, no reboot is required. Yes – no reboot!

Logon Experience

When connecting to the jump box via RDP, you authenticate with username and password from the local device as normal; however, once the connection is made, Duo displays a security prompt, where you’ll need to respond to a push notification, phone call or provide a passcode.

Duo security prompt on the jump box

The screenshot shows the Duo logo, even though I’ve set my own logon in the Duo console. While my custom logo displays on the phone, I would have liked for it to display on the Windows logon screen to provide users with the extra visual feedback when logging in.

Responding to a login request in the Duo Mobile app on the iPhone is as simple as acknowledging the request with an Approve (or Deny, if need be).

Duo login request on an iPhone

If you have an Apple Watch, you can approve the login request from your wrist without finding your phone, so responding to the notification is even quicker.

Duo login request on the Apple Watch

Denied Logons

There may be many reasons why logins are denied, so here’s what the experience looks like for a couple of scenarios. The first screenshot shows what happens if I tap Deny on the authentication prompt on my phone or watch:

Logon request denied

If I click Dismiss and close the Duo dialog box, Windows displays a login request button.

Login request denied

I can re-enter my password at the point and the Duo Security dialog will come up again and send me an authentication notification.

What happens for other users on the system that aren’t enrolled in Duo? If login is successful, they’ll see a prompt that says “The username you have entered is not enrolled with Duo Security. Please contact your system administrator.” Shown here:

When a user is not enrolled in Duo

This looks pretty good. I’m not sure if there’s ways around the Duo authentication, but I presume standard credential provider hooking into GINA is used, so it should be as rock solid as Microsoft makes in and Duo adheres to the standard.

Summary

In this article, I’ve shown you how to integrate Duo into a RDP login to provide MFA for a jump box hosted in Azure. This provides the additional security needed to protect logins into these environments that could augment source IP rules for remote access or allow you to open RDP access for administrators needing to get into the cloud environment from anywhere. Best of all, we’ve added this extra security with minimal infrastructure additions and no extra licensing.

This article by Aaron Parker, Protecting a Cloud Jump Box with Duo Free appeared first on Aaron Parker.

Categories: Community, Virtualisation

Office 365 ProPlus Deployed with Intune in under 5 Minutes

Aaron Parker's stealthpuppy - Fri, 07/14/2017 - 12:05

Intune has simplified the process for deploying Office 365 ProPlus to Windows 10 PCs with a wizard driven process that will get you deploying the Office suite in less that 5 minutes. I’m not exaggerating either – the process is so simple, it will take you longer to make a cup of coffee.

Until now, you can deploy Office 365 ProPlus to MDM-managed Windows 10 PCs by using the Toolkit available from GitHub. Because traditional applications can only be deployed to Windows 10 MDM PCs via a single MSI, the Toolkit steps you through creating a custom Office deployment (e.g. specific apps, update channel etc.) and generating an MSI that you then upload into Intune. It too is a simple process; however it does require you to download software, create the package (or multiple packages) and upload into Intune.

Here’s how to create an Office 365 ProPlus package in the new Intune console with just a few mouse clicks and no uploads.

Creating the Office 365 ProPlus application

Creating an Office package is very simple – navigate to the Mobile apps section in the Intune console:

Adding an app in the Intune console

Add a new app and select the ‘Office 365 ProPlus Suite (Windows 10)’ option:

Select the Office 365 ProPlus App type

This allows you to select the applications to include in this package – only selected applications will be included in the package. Note that if you have some users who require Project or Visio, create seperate packages that include these applications along with Office, rather than attempting to deploy them separately.

Select the app to be included in this package

Enter information for the application package – you’ll need to specify the Suite Name, Description and optionally add the URL information shown in the screenshot below.

Configure options for the package

Choose whether to deploy the 32-bit or 64-bit version of Office and the Update channel. The 32-bit version on the Deferred update channel will suit most users.

Configure suite settings

Add language support if required. English US will be the default if not languages are explicitly selected.

Select languages to include in this package

Assign the App

In most cases, this application package will be assigned to users so that Office is available on any Windows 10 PC they sign into. Something to note in the assignment types is that only Required and Uninstall are available. The Available type, that allows users to install Office from the Company Portal, is not available, which means that the Office suite will be deployed as soon as you add an assignment.

Adding assignments to deploy the Office suite

If you would prefer to make the Office suite available for users to install themselves, you’ll need to create a custom deployment using the Office Toolkit to create a single MSI installer that you can upload to Intune as a Windows Line of Business application. This will allow you to chose Available as an assignment type.

Summary

In this article, I’ve shown you how to deploy Office 365 ProPlus to Windows 10 PCs enrolled in Intune via MDM via a process that takes no time at all. From zero to deployed in under 5 minutes.

This article by Aaron Parker, Office 365 ProPlus Deployed with Intune in under 5 Minutes appeared first on Aaron Parker.

Categories: Community, Virtualisation

Introducing Cisco UCS M5 C-Series Rack Servers

Theresa Miller - Tue, 07/11/2017 - 16:05

Cisco has just introduced their brand new Cisco UCS M5 platform. Let’s look at some of the improvements from the Cisco UCS M4 platform, which was a formidable platform in itself. The improvements to the Cisco UCS M5 platform are all about taking things to the next level. This Cisco UCS M5 platform comes in […]

The post Introducing Cisco UCS M5 C-Series Rack Servers appeared first on 24x7ITConnection.

UK Citrix User Group: XXI – Welcome to the Jungle

Citrix UK User Group - Tue, 07/11/2017 - 10:12

Covering topics on SD-WAN, IoT, GDPR, Secure access, the state of the VDI/SBC union and the future of Citrix, this was our 21st event, and possibly our hotest ever. Thanks to our excellent sponsors Liquidware Labs, Lakeside Software, FS Logix, Unicon …

Read more »

The post UK Citrix User Group: XXI – Welcome to the Jungle appeared first on UK Citrix User Group.

Automatic Download and Import of Updates into MDT

Aaron Parker's stealthpuppy - Thu, 07/06/2017 - 22:47

A couple of months back, I sent an email to the Microsoft MVP mailing list to see if anyone knew of a JSON feed of Windows 10 updates from Microsoft . I’d found a way to grab the latest Firefox version via PowerShell and was hoping to do something similar for Windows 10. Keith Garner responded with something even better – a working script that pulls from a JSON resource on the Windows 10 and Windows Server 2016 Update History page, to return the most recent cumulative update.

So this gave me what I needed – a way to pull the latest update which I could then import into an MDT share, ensuring that a machine is deployed with the latest cumulative update at deployment time, or ideal for creating reference images.

I’ve taken Keith’s original version of the script Get-LatestUpdate.ps1 and modified it for my own requirements and created an import script – Import-Update.ps1. This enables you to automate downloading the latest cumulative updates and import them into a target MDT deployment share. This could be run as a scheduled task to keep your deployment shares always to date.

The scripts can be downloaded from GitHub in my MDT repository: https://github.com/aaronparker/MDT

Downloading and importing updates into MDT via PowerShell

Get-LatestUpdate

Much like Keith’s original, this version of the script will pull the latest update from the JSON feed, query and parse the Microsoft Update Catalog and return the latest cumulative update. With this, you can optionally download the update to the current folder or one specified with the Path parameter.

Get-LatestUpdates.ps1 – downloading updates

The script outputs an object that lists details about the update that you could use for various purposes. Adding the Download parameter will download the update and the output will include the file name and the download location.

Get-LatestUpdate.ps1 – latest update downloaded

Get-LatestUpdate.ps1 supports a number of parameters, all of which are optional:

  • Build – the Current Branch build (15063) will always be the default. Other build numbers (e.g. 14393) can be specified
  • SearchString – the default cumulative updates returned will be the cumulative update for Windows 10 x64. The search string can be modified to
  • Download – add this switch parameter to download the update returned. If the update already exists in the folder specified by Path, it won’t be downloaded again
  • Path – specify a path to download the update to. If not used, the update will be downloaded to the current directory
Output

Get-LatestUpdate.ps1 will output an object that includes details about the update that has been gathered, including the KB article, the description of the update, the URL to the download. If the Download parameter is used this will also return the update file name and the path where the update has been saved. This object can then be passed to Import-Update.ps1 that will use the UpdatePath property to import updates stored in that folder (note that it will import all updates from that folder).

KB : KB4022716 Note : 2017-06 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4022716) URL : http://download.windowsupdate.com/d/msdownload/update/software/updt/2017/06/windows10.0-kb4022716-x64_72cab17aeb72f4e36df375505ba7325c90044119.msu File : windows10.0-kb4022716-x64_72cab17aeb72f4e36df375505ba7325c90044119.msu UpdatePath : C:\Updates

Import-Update

Import-Update.ps1 is used to import update packages from a target folder into the Packages node in an MDT deployment share. This will accept the output from Get-LatestUpdate.ps1 or can be used to import updates that already exist in a target folder, specified by the UpdatePath parameter.

Import-Updates.ps1 – importing an update into MDT

Import-Update.ps1 supports a number of parameters:

  • UpdatePath – a folder that contains the target update or updates to import into the deployment share. This path can be piped to this script. This parameter is mandatory
  • SharePath – the path to the top-level folder for the MDT deployment share. This parameter is mandatory
  • PackagePath – you can optionally specify a path under the Packages node in the deployment share to import the update packages into
  • Clean – this is a switch parameter that will tell the script to remove any existing update packages in path specified by PackagePath before importing the new updates.
Using Both Scripts to Download and Import Updates into MDT

Because Get-LatestUpdates.ps1 outputs an object that can be passed to Import-Update.ps1 on the pipeline, a single command line can be used to get the latest update for a specific operating system, download the update locally and import it into an MDT deployment share. For example, I can use the following command line to download the Windows 10 x64 Current Branch (build 15063) and import it into my deployment share used to build Reference images:

.\Get-LatestUpdate.ps1 -Download -Path C:\Updates | .\Import-Update.ps1 -SharePath "\\mcfly\Deployment\Reference" -PackagePath "Windows 10\x64" -Clean

Which looks like this:

Using Get-LatestUpdates.ps1 and the pipeline to pass updates to Import-Update.ps1

In the MDT Workbench, we have the latest Windows 10 Cumulative update in the Packages node which will be applied offline during the operating system deployment:

Latest Windows 10 Cumulative update in the Packages node

Now I have something that I could run as a scheduled task to keep my deployment share always up to date without interaction. Note that both script support verbose output so that you can track what’s going on in detail while the script is running.

Future

There are likely some changes and additions I could make to this script, so feedback is welcome. Future changes might include:

  • Add support for Windows 7, Windows Server 2012 R2 etc. into Get-LatestUpdate.ps1. The way that Keith has written the script lends itself to support other Windows versions
  • Compare the existing update in MDT before importing an update – if the existing update matches the latest update, there’s no need to re-import the update

 

This article by Aaron Parker, Automatic Download and Import of Updates into MDT appeared first on Aaron Parker.

Categories: Community, Virtualisation

VMworld Planning time is upon us – strategies to help you plan

Theresa Miller - Thu, 07/06/2017 - 05:15

It’s July, and that means it’s officially time to start your VMworld planning. This is a show for which you really need a game plan. I’m not just saying this because I work for VMware now, I’m saying this from years of experience. VMworld has everything:  You (or your company) has already committed the money […]

The post VMworld Planning time is upon us – strategies to help you plan appeared first on 24x7ITConnection.

Recurring Checklists from Templates the Podio Way

Helge Klein - Fri, 06/30/2017 - 01:10

Podio is a superb tool for team collaboration, structured information handling and even business process management. However, it is not perfect. There are some astonishing gaps in functionality. One of those is the lack of support for checklists and recurring processes. Here is how to work around that.

Our Use Case: Software Release Checklist

In case you were wondering: we are a software company developing the user experience and application performance monitoring product uberAgent. We release new versions several times a year, and we want to get it right, every time. Software releases are far from trivial from a process point of view. We fine-tune the workflow constantly, and we need a reliable and flexible way to manage that. Enter Podio.

Why Podio?

We are using Podio for most of our processes and workflows. That means we already have all the relevant data in there. A golden rule to efficiency I am creating here on the spot in case it does not exist yet:

Do not maintain duplicates of your records.

You will know what I am talking about the second you try to manage customer information in two independent systems. The bottom line: multiple systems will never be perfectly in sync. The only way to avoid that is to have one central repository. For us that is Podio.

Recurring Checklists from Templates in Podio

Podio does not have checklists, nor templates. But it is a flexible product, and the Globiflow extension further enhances its capabilities. Here is how we built a system for recurring release checklists that is easy to maintain and use.

The Checklist Template

We want the checklist template to have an arbitrary number of items that are easy to edit. Given those requirements the template items need to be stored in a dedicated Podio app (which is just a glorified term for a flexible database table). We created an app Release checklist template with just three fields:

You might wonder about the first field, Order. Unfortunately Podio does not allow items to be reordered arbitrarily. That is why we need a numerical field to sort checklist items by. After all, this is a process, and the order of the items matters a great deal. The actual content looks like this:

The Releases App

The place where we need the checklist is in our Releases Podio app. Its fields look as follows:

In real life an actual Releases app item looks like this:

So how does it work?

You may have noticed that we “abused” a Podio category field as a button. That is currently the only (useful) way to trigger click actions in Globiflow. The magic is based on the fact that you can associate tasks with basically anything in Podio, including our humble Releases app.

Whenever the “button” Create tasks from template is clicked, a workflow is triggered in Globiflow. This workflow enumerates the items in the template app shown above. For each template item it attaches a new task to the current releases item. That’s it!

The “button” Delete tasks is not strictly necessary, it is there just for our convenience: when someone triggered the creation of all thoses tasks and later notices there was a mistake, it is useful to have an easy way to get rid of all the tasks in one go.

The Globiflow Add Tasks Workflow

The Globiflow workflow triggered whenever the “button” Create tasks from template is clicked is pretty straightforward:

The one thing to note here is that in Podio tasks must be associated with individual users. That is another one of the product’s restrictions I am not too happy about.

When we run this workflow we have no idea who might later be responsible for each individual task. We cannot leave the field Assign task to empty, so we created a dummy user by inviting a dummy email address to the Podio workspace. Once we start working on the release it is easy to reassign tasks to team members.

The post Recurring Checklists from Templates the Podio Way appeared first on Helge Klein.

No backups in Office 365 – What should you do to protect your data?

Theresa Miller - Tue, 06/27/2017 - 05:30

Recently we discussed the fact that there aren’t any backups in Office 365 at Brianmadden.com.  This can be frightening at first glance, due to many reasons. First and foremost our users are expecting more and more from IT.  In the event that something happens to your data in the Office 365 platform, what can be […]

The post No backups in Office 365 – What should you do to protect your data? appeared first on 24x7ITConnection.

Pages

Subscribe to Spellings.net aggregator - Community