Monday morning, you’re sitting in the comfort of your cubical, playing Minecraft, building a giant pixelated reptile, determined and focused, when suddenly a new outlook toast with “New DNS record creation request” as the subject appears… You feel like:
You know the feeling, that woman is my role model !
Imagine if you could just reply the man with “Use the DNS self-service form, fiend” and continue with your masterpiece.
Fret not, old friend, that is exactly what we are going to do today !
Internet, we meet again!
No, it didn’t take me 14 months to write this article, i just had a bad case of fleas that took a while to shake off (metaphorically, of course).
As you already know, Windows server 2012R2 is already being shipped with the new PowerShell feature/framework: Desired State Configuration. In this article i will list a summary of key differences between group policy and DSC, in ENGLISH.
Microsoft provided us several tools to manage Windows, other than GP and DSC (e.g. SCCM DCM, InTune), but I wanted to compare those two specifically because they are free, mainly.
Enough chit-chat, differences, in no particular order:
- DSC, by using MOF files (which are not proprietary to Windows), can manage Linux boxes, while group policy (currently) can’t.
- DSC can use any MOF file created by any future 3rd party product that can potentially leverage DSC as a policy engine.
- DSC is easy to extend (the only limit is PowerShell’s potency), whereas extending Group Policy can be really daunting.
- DSC writes all errors in the Windows event logs when things go south, while not all Group Policy settings does that.
- DSC periodic configuration refresh checks for updates every 15 mins by default, whereas Group Policy’s background refresh can take up to 120 mins.
- DSC stores the required config and resources locally, so even if there is no network connection, configuration refresh WILL occur, whereas group policy requires connections to AD and SYSVOL to perform its background refresh.
- DSC config/policy can be applied to workgroup machines, thus your DMZ machines will never be out of shape again, whereas group policy requires the machine to be in an AD domain.
- DSC, while declarative, does not have any GUI (yet), while group policies GUI is easy to use and well known.
- DSC is more complex to apply, whereas Group Policy is click-driven.
- DSC provides centralized triggering of configuration distribution, while Group Policy relies on the GP client to trigger refreshes.
- Group Policy uses a combination of event-driven (like computer startup and user logon) mechanisms, while DSC does not have anything like it yet.
- DSC tattooes its changes on the machine, that means when a DSC config item is no longer applied, its changes does not revert back to its original state, whereas “most” Group Policy settings are not tattooed (GPP is another story).
- DSC scripts is more human-readable than a raw Group Policy file.
- In my opinion, DSC is more likely to be used on Servers, while Group Policy is still for both servers and clients (excluding perimeter machines).
That’s it, short and simple, I hope you’ve found it useful. Let me know what do you think by leaving a comment below.
Until next year (hopefully not), have a great one!
There are tons of remote support tools for AD environments, but most of them are commercial, and some of them are user initiated (like Lync 2010+ desktop sharing feature), today we will implement an agentless (sort of), free and pretty effective solution, the end result is a box that you enter the destined Username in (the person you’re trying to help), et voila, you have control over his screen ! (gentlemen, after his permission, of course)
Chapter I :
The base application that we will use is “Windows Remote Assistance” which ships for free with most Windows 7 flavors, the rest is scripting gimmicks.
Out of the box, Windows remote assistance will work if the requester sent an invitation file to the helper, but in our case, we want to initiate the process by offering our help before we even hear the nagging.
To do so, we need to create and link a GPO to our computers OU that enables just that :
Computer Configuration > Policies > Administrative Templates > System > Remote Assistance
Enable the “Offer Remote Assistance” option and select who can offer remote support, typically you will add your Help Desk group
After you gpupdate the end-user’s machine, try it:
Open “Windows Remote Assistance” from your helper workstation, then click on Continue reading
In some cases you may feel an urge to experience a lucid nightmare intentionally: to Generate a Blue Screen of Death !
Why ? You may have some sort of cluster configuration or some kind of HA solution that you want to dirty-test
This can be done using several ways, one including editing the registry and using the NumLock key, but the one we’ll check today is much simpler
First you need to have PowerShell installed (you can produce the same outcome by using any tool that can interface with WMI, PowerShell is the easiest)
Then open a elevated PowerShell console and type :
Get-Process | Stop-Process
A nice BSOD will appear
If you want to produce a BSOD on a remote machine, you need to have PowerShell remoting enabled and some firewall exceptions added to the target. To do so, open an elevated command prompt console (on the remote machine) and run:
Then from your machine, issue the following:
That’s my time for today, see you in a few days (or weeks…or months)
Managing Lync 2010 users is a boring-slash-routine job, especially when you have integrated several VoIP solutions and you want to maintain consistency, for example maybe you use a single extension for the same user across multiple platforms.
In my case, users extensions in Lync is the same as their CUCM’s but prefixed with “5”, Continue reading
Wireless access in the enterprise can be a huge PITA ! Because you have to find the correct balance between usability and security, you don’t want everyone contacting the help desk asking on how to connect, and based on your hardware, it can be tricky.
In my case, we are using Trapeze wireless controllers (Trapeze recently acquired by Juniper), it has all the functions we need to create a robust wireless access scheme.
I decided to go with 3 SSID’s: Continue reading