Path to using in-place upgrades for Windows Server OSs

So I believe its safe to assume that all of you Sysadmins out there are as busy as I am with upgrading all of those legacy servers still running 2008 / 2008 R2 in anticipation of the “end of life” (January 14, 2020 to be exact) date soon approaching.

It’s been a heck of a ride thus far but there’s a question that came to mind: Which version of Windows Server are you upgrading to?  2012?  2012 R2?  2016?  2019?

Believe it or not…if you have the time or if it needs to be done out of necessity, Microsoft has published a road map of how to perform in place upgrades (3 to be exact) to get from 2008 (R2 or not) to 2019.

Obviously in a perfect world, you may not want to take this route but if you have no other choice, it may be worth giving this road map (found here) a look!

Also, don’t forget to let us know which version of Windows Server is your final destination… 🙂

New Windows XP and Server 2003 Updates?!?!

So it appears that Microsoft has discovered a “wormable flaw” that could possibly “fuel a fast-moving malware threat” similar to the WannaCry ransomware attacks from a couple years ago.

Apparently the vulnerability directly affects the Remote Desktop Services component that’s part of all of Microsoft’s client and server OSs so needless to say that it’s very important you get the patch in place as soon as possible!

For more details, check out the Krebsonsecurity.com breakdown here.

How to Generate a Group Policy Report

Depending on the size of your organization, you could have a few Group Policy Objects (GPO) or you could have many.  Sometimes it is very hard to find out why a workstation or server is acting the way it is.  I would say that GPOs are the heart of security in a Windows domain environment.

A nice way to view which policies are being applied to the target Workstation/Server is by generating an .html file that shows all GPOs applied.  The GPRESULT command displays the Resultant Set of Policy (RSoP) information for a remote user and computer.

Open a Command Prompt and type the following:

cd Desktop
GPRESULT /H GPReport.html /f

Now open the file GPReport.html that is present on the desktop.  It should look similar to the image below.

I used to only run this command minus creating the report but realized quickly that it was hard to read and find the relevant info I was looking for.  Ever since finding this a few years back, I can’t imagine going back to the old way!

Step By Step Guide to Enabling “Disk Cleanup Utility”

While the vast majority of the servers present in the environment I work in are running 2012 R2 and 2016, we still have some 2008 R2’s lingering.  One of the features that is noticeably missing is the fact that the Disk Cleanup utility is not present on anything running 2012 or 2008 R2.  Since our local C: drives are reaching capacity and need some cleanup, it was imperative that this feature be installed.  Here’s a simple step by step guide provided by Microsoft on how to get this accomplished…

1. Open The Roles and Features Wizard

To open the Roles and Features Wizard, launch the “Server Manager”:

2. Click on “Add Roles and Features”

3.  Choose installation Type

Choose “Role-based or feature-based installation” to install to the local machine:

4. Click Next all the way to features

Locate “User Interface and Infrastructure”.  Click on “Desktop Experience” and install additional required features:

5.  Proceed with the installation and Reboot

6.  Verify that the Utility is indeed installed

See screen shot below:

7.  Disk Cleanup in Action

Below is a sample snapshot of disk cleanup in action:

Heads up Server Admins…watch out for these updates!

After three years of using System Center Configuration Manager, we are finally leveraging it to manage the security updates for our server collection and a significant part of that task is to ensure that we research as to whether there are any known issues with the updates that may potentially cause issues with our servers.  While browsing online for any problems that may have been documented with the October release of updates, I came across this post from Microsoft regarding three updates to look out for…

Other than that…good luck and Happy Patching!

Security update for Microsoft Exchange Server 2013 and 2016: October 9, 2018
When you try to manually install this security update in “normal mode” (not running the update as an administrator) by double-clicking the update file (.msp), some files are not correctly updated. When this issue occurs, you do not receive an error message or any indication that the security update was not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update does not correctly stop certain Exchange-related services.
To avoid this issue, run the security update in elevated mode, as an administrator. To do this, right-click the update file, and then click Run as administrator.
This issue does not occur when you install the update from Microsoft Update.

October 9, 2018—KB4462917 (OS Build 14393.2551) – Windows 10, version 1607; Windows Server 2016
After installing this update, installing Window Server 2019 Key Management Service (KMS) host keys (CSVLK) on Window Server 2016 KMS hosts does not work as expected. Microsoft is working on a resolution and will provide an update in an upcoming release.

October 9, 2018—KB4462923 (Monthly Rollup) – Windows 7 Service Pack 1; Windows Server 2008 R2 Service Pack 1
After you apply this update, the network interface controller may stop working on some client software configurations. This occurs because of an issue related to a missing file, oem<number>.inf. The exact problematic configurations are currently unknown.
[1] To locate the network device, launch devmgmt.msc. It may appear under Other Devices.
[2] To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.
Alternatively, install the drivers for the network device by right-clicking the device and choosing Update. Then choose Search automatically for updated driver software or Browse my computer for driver software.