What’s new with Hyper-V 2016? (PowerShell Direct)

In Windows Server 2016, Hyper-V 2016, Microsoft has created PowerShell Direct. PowerShell Direct allows us Hyper-V administrators to communicate with a VM from the Hyper-V host regardless of the network configuration, firewall settings, security policies,  and/or remote management settings. Provided the VM meets the basic criteria (see below), we can communicate with the VM with simple PowerShell! (Sweet)

*Yes, you could always log in to the VM as well…….<lame>*

PowerShell Direct Requirements:

In order to make use of PowerShell Direct, the following conditions need to be met:

  1. Hypervisor must be either Windows 10, or Windows Server 2016
  2. Virtual Machine must be either Windows 10, or Windows Server 2016
  3. Must have valid user credentials for the VM
  4. The VM must reside on the same Hypervisor
  5. The admin logged into the Hypervisor must be a Hyper-V administrator

Example:

In my example, my Hypervisor is Windows 10, and my guest VM is also a Windows 10 machine. (Sorry too lazy to get my server up =) )

Here are some cmdlets you will need to know:

  • Get-VM will provide a list of all the VMs on your Hyper-V host
    • Get-VM
  • This will establish the connection between you (the host) and the guest VM:
    • Enter-PSSession -VMName <VMName>
  • If you want to run a block of code, rather than single line:
    • Invoke-Command -VMName <VMName> -ScriptBlock { commands }

PowerShell

I got that error as I shutdown the VM too quickly…

As you can see, there was no Network Adapter on my VM. Also in the screenshot above, no information was provided when I queried an IPCONFIG.

VM vNIC Settings

Also, I was able to shutdown the VM from my host.🙂

shutdown VM shutdown VM(2)

 

I hope you’re excited as I am! Cheers!

For more information on Hyper-V 2016 and/or PowerShell Direct, see HERE.

What’s new with Hyper-V 2016? (Shielded VMs)

Not too long ago, I was fortunate enough to attend the MMS 2016 (Midwest Management Summit). During one of the presentations, I learned some pretty neat things about Windows Server 2016 especially around Hyper-V. One cool feature, “Shielded Virtual Machines“.

What shielded VMs ensures that Hyper-V administrators do not have the ability to alter and/or view the VM settings/data/contents, unless specified. This is great for environments, ie. Banks/Financial Institutions, Governments, Education, etc. environments to ensure their data is protected, even from the ones that administer their environments.

There are a few catches:

  • VM must be a Gen-2 (Generation 2)
  • VM must be Windows Server 2012 or higher, or
  • VM must be Windows 8 or higher

When creating the VM, the shielded VM has a virtual TPM (Trusted Platform Module) assigned and BitLocker encryption is applied to only allow designated owners to access the VM. The shielded VM will not run unless the Hyper-V host is on the Host Guardian Server. All of the VMs data and state information is encrypted, and cannot be accessed.

For more information on Shielded VMs, please visit Microsoft’s post HERE.

Azure Automation PowerShell ISE Add-On

Not too long ago, Microsoft released a new PowerShell module add-on for Azure Automation. This is great as it allows us to work locally and connects directly to Azure, connecting us to our existing Runbooks, gather subscription and account information, etc. This is great for anyone that is interested in OMS Hybrid-Runbooks, DSC (Desired State Configuration) and the future!🙂

Here’s a link to Microsoft’s blog post, HERE.

Cheers!

How to disable Windows 10 Lock Screen

After using Windows 10 on my work PCs for the last year and so, I decided it was time to upgrade my home PC. Overall Windows 10 seems great, I am able to use all my applications as I did before, and no issues with the drivers/hardware.

However, I after a few hours I really started to get annoyed with the Lock Screen activating every time I leave my desk for a few minutes. Rather than increasing that threshold, I rather disable the lock screen completely.

Here are the steps I took to disable the Windows 10 Lock Screen.

  • Launch the Registry Editor (you can do this by pressing the Windows icon button on your keyboard, plus the R key on your keyboard (simultaneously).

RunRegedit

  • Next, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\
  • Create the following Key, “Personalization

Registry

  • Create the DWORD, “NoLockScreen” and assign it the value 1

RegKey

And that is it! No reboot for me was required. If you are finding the lock screen still kicking in, try a reboot.

 

Cheers!

New Features in SCOM 2016 – Maintenance Schedules

One very common request I always get with my SCOM 2012 customers is, “how can I put machines into Maintenance Mode for a future date?”

My response is, well, with some PowerShell and the Windows Task Scheduler, you can achieve this.  But wait, looks like the System Center/SCOM 2016 team has listened and delivered! Introducing ‘Maintenance Schedules‘.

Now SCOM administrators can put a machine, or a group of machines, or a group into Maintenance Mode (MM) for a future date. Even better, it looks like a lot (if not all) of the functionality has been taken from good old Windows Task Scheduler. What that means is, you can put machines into MM, for that Friday night/Saturday morning Change Request, or even better MM for reoccurring schedule, like Patch Tuesday.

In the example below, I am going to do a quick walk-through for a group of machines for a typical patching schedule.


For this scenario, let’s assume the following:

  1. Machines are patched every 3rd Friday of the month,
  2. Blackout/maintenance window is 6 hours (360 minutes),
  3. Scheduled MM will start @11:00PM.

1

  • Right click either on Maintenance Schedules, or within the middle pane.

2

  • As a rule of thumb, always a good idea to select the second (default) option here, “selected objects and all their contained objects.

3

  • Search for the machine(s) or the group(s) you want to enter into Maintenance Mode

4

  • Once you’re happy, go ahead and hit next

5

  • Next we are presented with an array of options. As per our example, we will be putting our machines in MM every 3rd Friday of the month, starting at 11:00PM, for 6 hours.

6

  • Now we’re ready

7

  • Now we need to provide a name to our MM Schedule… By default, ‘Planned’ and ‘Enable Schedule’ are ticked off. Go ahead and hit finish!

8

  • Now we can see our new Scheduled Maintenance Mode schedule!🙂

As you can see here, for a SCOM Administrator, you can see which user create this task and also to see if it is enabled at the current time

9

  • You can also Edit, Copy, or Disable the schedule. Looks like I just discovered a bug! Also, disabling is not provided here, but it is within the Action pane:

10

11

  • And that is it!

If the schedule was done correctly, you will see the Event ID 1215 within the SCOM Management Server.

12

I hope this helped!

Happy SCOM’ing 2016!!

New Features in SCOM 2016 – Management Packs:Updates & Recommendations

One of the many questions I always ask my customers, “how often do you update your Management Packs?”

Some of the typical responses I get are…

  • Ummm..
  • How do you do that?
  • Where can I get the latest MPs from?
  • Oh, I didn’t know they need to be updated…

Well, Microsoft/System Center/SCOM team has listened and delivered!

In SCOM 2016 you can now simply go into the Management Packs administration, and see if there are any updates pending for any of the Management Packs within your environment. Simply right click and download and install the latest version. Note, this feature is currently only applicable to Microsoft based Management Packs. Third party Management Packs you will still have to download and install manually, and also research if there is an updated version. Who knows, this could change by the time SCOM 2016 RTM, or SP1 or even R2 comes out… Until then, only Microsoft MPs.

1

2

3

 

Cheers!

How to deploy OMS Agent on Linux

There are multiple ways how to deploy the OMS agent on your Linux server. In my post,  I am going to make use of GitHub and do a quick install on a Linux server.

In my environment, I am deploying the OMS Linux (Preview) agent (version 1.1.0-124) on a 64-bit Ubuntu server, version 14.04.4. Your Ubuntu server will of course need an Internet connection (directly or via Proxy). At the time of this post, the following Linux Operating systems are currently supported, and I am deploying the Linux agent version 1.1.0-124.

*image/source, Technet.Microsoft.com

Let’s get started…

Copy and save your OMS Workspace ID and Primary Key, as your OMS agent will need these to authenticate against. These can be found within your OMS Settings > Connected Sources:

4a

Within your Ubuntu shell/terminal, you will need to execute the following three commands in order to download and install the OMS Agent. First we will download the latest OMS Agent from GitHub.

1

  • Followed by,
    • sha256sum ./omsagent-1.1.0-124.universal.x64.sh

2

  • Finally,
    • sudo sh ./omsagent-1.1.0-124.universal.x64.sh –upgrade -w <WORKSPACE ID> -s <WORKSPACE PRIMARY KEY>

3

If all goes well, you should now have an added server to your Connected Sources. Yay!

4b

Very quickly, I can see my Ubuntu server is already transmitting data to OMS.

5

Like Windows servers, we can now start collecting data from the Syslog, collecting performance metrics in Near Real Time, and if your Linux box is deployed with Nagios and/or Zabbix, we can link this data into OMS too!

For additional information on configuring Linux Performance Counters, please visit the following page, HERE.

Lastly, don’t forget to add some important syslog OMS Data Log Collection, here is what I have configured:

6

Cheers!