Friday, April 25, 2014

Enabling vPro for full KVM (quick and dirty method on a Dell workstation)

I get asked this question so often I thought I’d better write it down for future reference.

I always buy computers that have Intel vPro. It costs me more but I can debug BIOS/UEFI issues and blue screen as I have total control of my machines with a hardware based KVM on all workstations as well as servers. This has been the case for servers for long but only for the past few years has it been available for workstations and laptops as well.

The machine I’m using for demonstrations is a Dell Optiplex 7010. I’ve ordered it with vPro and made sure it’s compatible with the latest KVM-mode. You can find info and the software I’m using from here: http://realvnc.com/products/viewerplus/

NOTE! This is a very simple and small environment so it’s super Quick&Dirty approach. You can use certificates and stuff for an Enterprise environment to make it more automated and secure.

- To get it up and running boot up your new machine and press F10 to get to the boot menu:

- Choose the Intel Management Engine BIOS Extension (MEBx)

WP_20140425_003

- Now Login using the default password admin

(that might be different on other systems though) 

WP_20140425_004

- Change the password to what you want and make sure you remember it!

- Now choose AMT Configuration

WP_20140425_005

- Choose Network setup

WP_20140425_006

- Choose Network name settings

WP_20140425_007

- Give the computer a name

This can be the same as your Windows’ computer name. I use the same name but a different suffix.

WP_20140425_008

- Give the Domain Suffix

I use a different DNS Zone that accepts Dynamic Updates without authentication. Makes it easy to find my vPro enabled machines and doesn’t require the encryption, authentication and certificates that I would use in a more enterprise environment.

WP_20140425_009

- Next enable Dynamic Updates

WP_20140425_010

- The last thing is to remember to active the Network Access!

WP_20140425_011

There you go! Now on you can access your vPro chip with a browser by typing in the address: http://computername.elaiho.vpro:16992/ The username is Admin.

And in my case I mostly only use the VNC Viewer Plus. Here you can see a few pictures on how it looks like in both ends:

image

image

image

image

And this is what it looks like at the client end by default. You can see the the red/yellow lines that tell the client it’s been remote controlled:

WP_20140425_015

I love it! Makes my life so much easier!

Sami

Friday, April 11, 2014

New Group Policy settings in Windows 8.1 Update

As there’s no official list yet here’s my own. I dug it from the ADMX-files.

Let users turn on and use Enterprise Mode from the Tools menu
        This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the Tools menu. If you turn this setting on, users can see and use the Enterprise Mode option from the Tools menu. If you turn this setting on, but don't specify a report location, Enterprise Mode will still be available to your users, but you won't get any reports.If you disable or don't configure this policy setting, the menu option won't appear and users won't be able to run websites in Enterprise Mode.
     
Use the Enterprise Mode IE website list
        This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode IE, instead of Standard mode, because of compatibility issues. Users can't edit this list.If you enable this policy setting, Internet Explorer downloads the website list from your location (HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\Main\EnterpriseMode), opening all listed websites using Enterprise Mode IE.If you disable or don't configure this policy setting, Internet Explorer opens all websites using Standards mode.
     
Prevent the usage of OneDrive for file storage
        This policy setting lets you prevent apps and features from working with files on OneDrive.If you enable this policy setting:* Users can’t access OneDrive from the OneDrive app and file picker.* Windows Store apps can’t access OneDrive using the WinRT API.* OneDrive doesn’t appear in the navigation pane in File Explorer.* OneDrive files aren’t kept in sync with the cloud.* Users can’t automatically upload photos and videos from the camera roll folder.If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
     
Prevent OneDrive files from syncing over metered connections
        This policy setting allows configuration of OneDrive file sync behavior on metered connections.

Save documents to OneDrive by default
        This policy setting lets you disable OneDrive as the default save location. It does not prevent apps and users from saving files on OneDrive. If you disable this policy setting, files will be saved locally by default. Users will still be able to change the value of this setting to save to OneDrive by default. They will also be able to open and save files on OneDrive using the OneDrive app and file picker, and Windows Store apps will still be able to access OneDrive using the WinRT API. If you enable or do not configure this policy setting, users with a connected account will save documents to OneDrive by default.
     
Show Windows Store apps on the taskbar
        This policy setting allows users to see Windows Store apps on the taskbar.If you enable this policy setting, users will see Windows Store apps on the taskbar.If you disable this policy setting, users won’t see Windows Store apps on the taskbar.If you don’t configure this policy setting, the default setting for the user’s device will be used, and the user can choose to change it.

PS. There are some policies related to Japanese language that are not here…

Saturday, April 5, 2014

Running my VM’s and using external drivebays – TIP

Hello everyone and cheers from Build in San Francisco!

I always have a backup plan but it’s still always horrifying when your hardware fails just before an important presentation.

I was going to speak at the Pacific ITPros user group meeting on Tuesday and about an hour before starting my presentation I lost all my demo VM’s! I wouldn’t writing this if this wasn’t the third time this has happened for the same reason… I’m super happy about running my VM’s now on my current machine. I have a Samsung 9 Series 15” ultrabook and I’m having still hard time on finding anything better on the market although I’d like to buy a new on already. If you know some other competitor at the same size and weight with the following key specs please let me know:

  • i7 processor
  • 16GB RAM
  • 1GBit ethernet + 3 USB ports
  • VGA and HDMI ports

This combined with an external USB3 harddisk bay with an SSD harddisk and (the stolen) Disk Dedup from Server 2012 R2 makes a superbly high performance, light and modular demo machine to carry with you on an airplane.

Everything else works fine but the external disk bay. This one I know had until Tuesday was the third one that has broken. And what’s even more annoying is that it’s always the USB3 connector braking. Luckily I have an extra one that has yet failed or even shown signs of failing. It makes replacing the cable a bit harder but the simple tip I have to give is to always use drive bays that have the same interface model that you computer has!

So never this one again:

WP_20140403_012

But always this one:

WP_20140404_004