Enabling vPro for full KVM (quick and dirty method on a Dell workstation)

I get asked this question so often I thought I’d better write it down for future reference.

I always buy computers that have Intel vPro. It costs me more but I can debug BIOS/UEFI issues and blue screen as I have total control of my machines with a hardware based KVM on all workstations as well as servers. This has been the case for servers for long but only for the past few years has it been available for workstations and laptops as well.

The machine I’m using for demonstrations is a Dell Optiplex 7010. I’ve ordered it with vPro and made sure it’s compatible with the latest KVM-mode. You can find info and the software I’m using from here: http://realvnc.com/products/viewerplus/

NOTE! This is a very simple and small environment so it’s super Quick&Dirty approach. You can use certificates and stuff for an Enterprise environment to make it more automated and secure.

- To get it up and running boot up your new machine and press F10 to get to the boot menu:

- Choose the Intel Management Engine BIOS Extension (MEBx)

- Now Login using the default password admin

(that might be different on other systems though) 

- Change the password to what you want and make sure you remember it!

- Now choose AMT Configuration

- Choose Network setup

- Choose Network name settings

- Give the computer a name

This can be the same as your Windows’ computer name. I use the same name but a different suffix.

- Give the Domain Suffix

I use a different DNS Zone that accepts Dynamic Updates without authentication. Makes it easy to find my vPro enabled machines and doesn’t require the encryption, authentication and certificates that I would use in a more enterprise environment.

- Next enable Dynamic Updates

- The last thing is to remember to active the Network Access!

There you go! Now on you can access your vPro chip with a browser by typing in the address: http://computername.elaiho.vpro:16992/ The username is Admin.

And in my case I mostly only use the VNC Viewer Plus. Here you can see a few pictures on how it looks like in both ends:

And this is what it looks like at the client end by default. You can see the the red/yellow lines that tell the client it’s been remote controlled:

I love it! Makes my life so much easier!

Sami

New Group Policy settings in Windows 8.1 Update

As there’s no official list yet here’s my own. I dug it from the ADMX-files.

Let users turn on and use Enterprise Mode from the Tools menu
        This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the Tools menu. If you turn this setting on, users can see and use the Enterprise Mode option from the Tools menu. If you turn this setting on, but don't specify a report location, Enterprise Mode will still be available to your users, but you won't get any reports.If you disable or don't configure this policy setting, the menu option won't appear and users won't be able to run websites in Enterprise Mode.
     
Use the Enterprise Mode IE website list
        This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode IE, instead of Standard mode, because of compatibility issues. Users can't edit this list.If you enable this policy setting, Internet Explorer downloads the website list from your location (HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\Main\EnterpriseMode), opening all listed websites using Enterprise Mode IE.If you disable or don't configure this policy setting, Internet Explorer opens all websites using Standards mode.
     
Prevent the usage of OneDrive for file storage
        This policy setting lets you prevent apps and features from working with files on OneDrive.If you enable this policy setting:* Users can’t access OneDrive from the OneDrive app and file picker.* Windows Store apps can’t access OneDrive using the WinRT API.* OneDrive doesn’t appear in the navigation pane in File Explorer.* OneDrive files aren’t kept in sync with the cloud.* Users can’t automatically upload photos and videos from the camera roll folder.If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
     
Prevent OneDrive files from syncing over metered connections
        This policy setting allows configuration of OneDrive file sync behavior on metered connections.

Save documents to OneDrive by default
        This policy setting lets you disable OneDrive as the default save location. It does not prevent apps and users from saving files on OneDrive. If you disable this policy setting, files will be saved locally by default. Users will still be able to change the value of this setting to save to OneDrive by default. They will also be able to open and save files on OneDrive using the OneDrive app and file picker, and Windows Store apps will still be able to access OneDrive using the WinRT API. If you enable or do not configure this policy setting, users with a connected account will save documents to OneDrive by default.
     
Show Windows Store apps on the taskbar
        This policy setting allows users to see Windows Store apps on the taskbar.If you enable this policy setting, users will see Windows Store apps on the taskbar.If you disable this policy setting, users won’t see Windows Store apps on the taskbar.If you don’t configure this policy setting, the default setting for the user’s device will be used, and the user can choose to change it.

PS. There are some policies related to Japanese language that are not here…

Running my VM’s and using external drivebays – TIP

Hello everyone and cheers from Build in San Francisco!

I always have a backup plan but it’s still always horrifying when your hardware fails just before an important presentation.

I was going to speak at the Pacific ITPros user group meeting on Tuesday and about an hour before starting my presentation I lost all my demo VM’s! I wouldn’t writing this if this wasn’t the third time this has happened for the same reason… I’m super happy about running my VM’s now on my current machine. I have a Samsung 9 Series 15” ultrabook and I’m having still hard time on finding anything better on the market although I’d like to buy a new on already. If you know some other competitor at the same size and weight with the following key specs please let me know:

• i7 processor
• 16GB RAM
• 1GBit ethernet + 3 USB ports
• VGA and HDMI ports

This combined with an external USB3 harddisk bay with an SSD harddisk and (the stolen) Disk Dedup from Server 2012 R2 makes a superbly high performance, light and modular demo machine to carry with you on an airplane.

Everything else works fine but the external disk bay. This one I know had until Tuesday was the third one that has broken. And what’s even more annoying is that it’s always the USB3 connector braking. Luckily I have an extra one that has yet failed or even shown signs of failing. It makes replacing the cable a bit harder but the simple tip I have to give is to always use drive bays that have the same interface model that you computer has!

So never this one again:

But always this one:

Troubleshooting Windows Phone (Lumia) battery drain

As it seems many others have had the same problem I decided to share my experiences. I don’t teach or work with phone troubleshooting but it’s a great example of showing that troubleshooting is both methodology and knowledge of the system at hand.

My Lumia 920 suddenly a few weeks ago started to drain it’s battery in a few hours. I did what everyone does and went to Google to find people with the same problem. I did everything suggested and prevented apps from running in the background and disabled my WLAN/BT/NFC etc. Nothing seemed to work. So there I was sitting with my phone and no experience about the OS itself wondering what to do next.

As it seems to me that the phone was working well before something happened a few weeks ago it must have happened because of a software update, change at the telcos end or a hardware fault. To start ruling out stuff I first put the phone in flight mode and realized it would be better but the problem wasn’t solved totally. As I don’t have a proper meter to see the drainage I couldn’t really tell what was just because of less data transfer and what might the “extra” drainage. So first stop was to download something to meter the drainage. I downloaded an app called Battery and waited for a while. It looks like this:

 

You can see the huge drop after charging the phone… Now that nothing has the permission to run on background how does Skype answer a call although it’s not running? So apps can keep running although not allowed to do so? Scary…Annoying… Well the worst thing is that MS doesn’t allow any access to the processes list of the OS so we can’t know what is actually running. One time that I really miss even Task Manager. So it must be because of some software but software have I installed? Luckily you have a list at www.windowsphone.com when you log on to your account and choose Purchase history under My Phone. Using this list I started to uninstall apps. In the morning I would uninstall a few newest installations (after the time this started) and in the afternoon I would use my Battery app to see if it helped. After I had uninstalled all I still had the same problem. Bummer.

What I did next was to make sure all syncs were up to date and all data saved to somewhere outside of the phone. I then reset the whole phone. As I guessed all trouble was gone. I reinstalled Battery and saw that everything actually was fine.

I then upgraded my phone to Black and rechecked that battery was fine. I then reinstalled software that I actually really needed and all the time kept my eye on the battery. I took special care on looking at the meters when installing something that communicates although blocked (Skype, Whatsapp etc.).

Finally after installing a certain app everything went horrible. My battery drained at the speed of 40% per hour and the phone was boiling hot. I won’t mention this software as I promised the developer 24hours to fix it before screaming out in social media. They fixed it and it wasn’t a “big” App like WhatsApp or Skype but a small app you might never bump into.

Baselines, meters, methodology, luck, experience, knowledge of subject and object – all play an important role in troubleshooting.

And MS please give us an API to look what’s actually running on the phone…

Allow computer policy RSOP data for limited users

What I commonly do is allow the limited users to see all RSOP data on GPRESULT or RSOP.MSC. By default this is not allowed so when you troubleshoot a workstation you can’t gather the needed data to single output but instead need to gather it twise: once with the logged on user and once with an admin account.

This is easy to change by changing this delegation in GPMC:

You just need to add this permission to the Authenticated Users group and your done!

Quick guide to Azure VM start/stop with PowerShell

I had a specific need to just quickly start and stop my VM on Azure. Here’s a quick run through.

1. Create your Azure VM (Won’t go through this here)

2. Install Microsoft Web Platform Installer

3. Start Windows Azure Powershell

4. Run Add-AzureAccount (use your Microsoft Account etc. to authenticate)

5. Run Get-AzurePublishSettingsFile and download the settings file

6. Run Import-AzurePublishSettingsFile "Filenameyoujustdownloaded”

7. Run Get-AzureVM (note the name of your service and vm)

8. Run Start-AzureVM -Name erinome -ServiceName xencloud1 (replace names with yours)

That’s it! Same goes for Stop-AzureVM

Free videos from MCT Summit Europe 2013

You can find all the material from the latest MCT Summit Europe in Helsinki here: http://www.youtube.com/channel/UCNEz5G2n4Mm17ofWadyy_-g