Why I can’t convert my Windows Server 2012 R2 Core to GUI

Error:

Install-WindowsFeature : The request to add or remove features on the specified server failed.
Installation of one or more roles, role services, or features failed.

The source files could not be downloaded.

Use the “source” option to specify the location of the files that are required to restore the feature. For more information on specifying a source location,see http://go.microsoft.com/fwlink/?LinkId=243077. Error: 0x800f0906

Coretech Blog » Blog Archive » Why I can’t convert my Windows Server 2012 R2 Core to GUI
Here are the commands to update the source files with PowerShell

# Create folders
New-Item -Path C:\WS2012R2 -ItemType Directory
New-Item -Path C:\TEMP -ItemType Directory

# Copy the install.wim to temporary folder
Copy-Item H:\sources\install.wim C:\TEMP

# Remove the read-only attribute from the copied file
Set-ItemProperty -Path C:\TEMP\install.wim -Name IsReadOnly -Value $False

# Get the Windows Image Index
Get-WindowsImage -ImagePath C:\TEMP\install.wim

# Mount the Image
Mount-WindowsImage -Path C:\WS2012R2 -ImagePath C:\TEMP\install.wim -Index 2

# Add the Updates to Windows Image
$Updates = Get-ChildItem C:\Users\kaj\Desktop\Updates
foreach($item in $Updates){
Add-WindowsPackage -PackagePath $item.FullName -Path “C:\WS2012R2”
}

# Commit the changes
Dismount-WindowsImage -Path C:\WS2012R2 -Save -Verbose

source: http://blog.coretech.dk/kaj/why-i-cant-convert-my-windows-server-2012-r2-core-to-gui/

Mount and Modify a Windows Image Using DISM

source: http://technet.microsoft.com/en-us/library/hh824814.aspx

Applies To: Windows 8, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Mounting an Image


You can mount an image using the /optimize option to reduce initial mount time. However, When using the /optimize option, processes that are ordinarily performed during a mount will instead be completed the first time that you access a directory. As a result, there may be an increase in the time that is required to access a directory for the first time after mounting an image using the /optimize option.

To mount an image


  1. Open a command prompt with administrator privileges. If you are using a version of Windows other than Windows 8, use the Deployment Tools Cmd Prompt installed with the ADK or navigate to the DISM directory on your local computer.
  2. Mount the image.
    Copy
    Dism /Mount-Image /ImageFile:C:\test\images\myimage.wim /index:1 /MountDir:C:\test\offline
    
    noteNote
    To mount a Windows image from a VHD file, you must specify /index:1

     

    You can also add options to mount the image with read-only permissions or to reduce the initial mount time with the /Optimize option. For example,

    Copy
    Dism /Mount-Image /ImageFile:C:\test\images\myimage.wim /index:1 /MountDir:C:\test\offline /ReadOnly /Optimize
    

    For more information about the options available for the /Mount-Image option in DISM, see DISM Image Management Command-Line Options.

 

Modifying an Image


After you mount an image, you can browse the directory of the image. You can review the file and folder structure, and add, edit, or delete files and folders.

You can also use the DISM tool to add and remove drivers and packages, including language packs, enumerate drivers and packages, modify configuration settings, and more. For more information, see Service a Windows Image Using DISM.

To view and modify an image


  1. On your technician computer open the mounted directory. For example,
    Copy
    cd C:\mounted_images
    
  2. Delete, edit, or add additional files and folders to the location where they must appear after they have been applied to the destination computer. For example, C:\program_files\application_name.
    ImportantImportant
    If you must add an application or a device, verify that you included all of the required files. Although you can add application files and folders, you cannot install applications. 

     

Committing Changes to an Image


You can commit changes to an image without unmounting the image.

To commit changes to an image


  1. At the command prompt, type:
    Copy
    Dism /Commit-Image /MountDir:C:\test\offline
    

    Use /CheckIntegrity to detect and track .wim file corruption when you commit changes to the image. When you apply or mount the image, use /CheckIntegrity again to stop the operation if file corruption was detected. /CheckIntegrity cannot be used with virtual hard disk (VHD) files.

Unmounting an Image


After you modify an image, you must unmount it. If you mounted your image with the default read/write permissions, you can commit your changes. This makes your modifications a permanent part of the image.

To unmount an image


  1. Open a command prompt with administrator privileges. If you are using a version of Windows other than Windows 8, use the Deployment Tools Cmd Prompt installed with the ADK or navigate to the DISM directory on your local computer.

    For Windows 8.1:

    Copy
    cd C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\ <architecture>\DISM
    

    For Windows 8:

    Copy
    cd C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\ <architecture>\DISM
    

    where <architecture> can be x86 or amd64.

  2. Unmount the image.
    Copy
    Dism /Unmount-Image /MountDir:C:\test\offline /commit
    

    where C:\test\offline is the location of the mount directory. If you do not specify the parameters to unmount, this option lists all of the mounted images but does not perform the unmount action.

    ImportantImportant
    You must use either the /commit or /discard argument when you use the /unmount option. 

     

After modifying an image, you can apply the image from a network share or from local media, such as a CD/DVD or a USB flash drive (UFD).

Troubleshooting


If the DISM commands in this topic fail, try the following:


  • Make sure that you are using the Windows 8.1 version of DISM that is installed with the Windows ADK.
  • If you are using a Windows 8 or Windows 7 PC, use the Deployment and Imaging Tools Environment to access the tools that are installed with the Windows 8.1 version of the Windows ADK.
  • Don’t mount images to protected folders, such as your User\Documents folder.
  • If DISM processes are interrupted, consider temporarily disconnecting from the network and disabling virus protection.
  • If DISM processes are interrupted, consider running the commands from the Windows PE environment instead.

Easily audit and install patches on your servers in the network by providing a graphical interf

Project Description
PoshPAIG allows you to easily audit and install patches on your servers in the network by providing a graphical interface

The utility works in any environment, but the optimal environment is a where you have a local WSUS server and your systems have Windows Update settings configured to “Download updates and do not install” either through Group Policy or local policy.

Due to licensing issues, please download PSExec.exe from the link below and place in the root of the UI folder, otherwise the Install portion will fail
http://technet.microsoft.com/en-us/sysinternals/bb897553

Version 2.1.5 has been released!
Please see release notes in the downloads section for new features/bug fixes.
http://poshpaig.codeplex.com/releases/view/100929

Capture

Hey, Scripting Guy articles:
http://blogs.technet.com/b/heyscriptingguy/archive/2011/08/13/use-powershell-to-audit-and-install-windows-patches.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2011/08/14/lessons-learned-while-writing-the-powershell-poshpaig-module.aspx

A list of new features available are:

  • Updated ListView UI
  • PSJobs replaced with Background runspaces for better performance
  • New reports for installed updates
  • Keyboard Shortcuts
    • F1: Display Help
    • F5: Run the selected command. Ex. Audit Patches,Install Patches
    • F8: Run a select report to generate
    • Ctrl+E: Exits the PoshPAIG applicaton
    • Ctrl+A: Select all systems in the Computer List
    • Ctrl+O: Opens up the Options menu
    • Ctrl+S: Opens window up to add more systems to Computer List
    • Ctrl+D: Removes a selected System or Systems
  • Services Reporting for non-running services set to Automatic
  • New UI changes
  • Better interaction with Windows Update Service
  • New reporting options available
  • Options menu to adjust some settings
  • MultiThreading of operations (Supports running 20 jobs at one time) without UI freeze
  • Add multiple computers with Add Server button using comma to separate each server
  • Select multiple computers in server list and perform operations on only those servers
  • Able to reboot systems with a monitored reboot
  • Ping sweep of all systems in server list
  • View windowsupdate.log on an individual server
  • View installed updates on servers
  • Remotely run wuauclt /detectnow on servers
  • Generate host list of servers
  • Sort columns
  • Notes column to track running operations
  • Error report

The PowerShell Patch Audit/Installation GUI started out as a project for work to build an interface to perform the patching of our systems to those who were not familiar enough with PowerShell to run a set of scripts I build to perform the same auditing and installation of patches. This product is currently in Alpha as there are some bugs that need to be squashed as well as other features I need to add to the tool as well as updating some some current features.

A blog post about this is available at http://learn-powershell.net/2011/06/03/powershell-patch-auditinstall-gui-poshpaig-released/

What this tool gives you is a way to first audit your systems which you can supply one of many ways. You can supply a list of systems, pull a list from Active Directory or manually add the systems yourself into the utility.

One of the best features about this tool is that it uses background jobs to perform all of the actions while the front end GUI is not affected. This means that you can freely move the GUI around as it does not get locked up like a normal WPF gui would in PowerShell if you attempted to run a job of some kind. You will also notice that the data in the GUI updates automatically as each job finishes for a server. For instance, if you are Auditing for patches, you will start seeing the number of patches waiting to be installed start updating next to each respective server. Same for Installing patches, the total number of installed patches, along with patches that gave an error when installing will be displayed in the GUI’s data window. Also, a progress bar is at the bottom of the GUI and status bar to show you how far along the process is.

After an Audit or Installation is performed, there are options to generate a Grid-View report for viewing or a CSV report can easily be generated to the default location of the GUI in no time!

Next version
The next version will have the following items that I am working on:

  • Better displaying of services report to allow restart
  • UI updates for grid view
  • Updated code and reporting
  • Various feature/bug requests

 

Project page: http://poshpaig.codeplex.com/

Download software: [wpdm_file id=84]

Shrink disks in Windows

First delete all VSS snapshots (e.g. disk F):

vssadmin delete shadows /for=f: /all

 

Optimize the disk with powershell:

Optimize-Volume -driveletter F -defrag -verbose

Resize the disk with powershell (e.d. to 450 GB):

Resize-Partition -Driveletter F –Size 450GB

Shrink the disk with diskpart (e.d. 1784 MB):

shrink minimum 1784

To check the Maximum size and the Minimum size to where a disk can shrink, use the following command:

Get-PartitionSupportedSize -DiskNumber 1 -PartitionNumber 1 | select @{Name=”Minimum Size (GB)”; Expression={$_.SizeMin/1GB}}, @{Name=”Maximum Size (GB)”;Expression={$_.SizeMax/1GB}}

With Diskpart

shrink querymax

How to Configure IPv6 Using Group Policy

By default, Windows Server 2008 R2, Windows 7, Windows Server 2008 and Windows Vista enable and use IPv6 as the default protocol. These versions of Windows will normally use IPv6 for all network communication and will step down to IPv4 as necessary.
You may decide to disable Windows IPv6 for several reasons. Perhaps your IPv4 network doesn’t support it, and you want to disable unnecessary protocols. You may have also read that IPv6 breaks Outlook Anywhere on Exchange 2007 Client Access servers.

Most people think that you disable IPv6 by simply unchecking the Internet Protocol Version 6 (TCP/IPv6) checkbox, as shown above. This method disables IPv6 on the particular LAN interface and connection. For other network adapters or connections, users have to repeat the steps to disable IPv6. However, disabling IPv6 this way does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface. It also must be done manually and cannot be instrumented or enforced using Group Policy.

In order to truly disable IPv6, you must disable it in the registry in the following key:
Normally, the DisabledComponents value does not exist. If the value does not exist or the value data is 0, IPv6 is enabled on all interfaces.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents

Microsoft wrote KB article 929852 to document how to disable certain Internet Protocol version 6 (IPv6) components in Windows Vista (and later) manually using the registry. At the end of the article, Microsoft helpfully wrote, “Note: Administrators must create an ADMX file in order to expose the settings in step 5 in a Group Policy setting.” Nice. So, I decided to do just that.

I wrote the attached ADMX and ADML files to enable the configuration of IPv6 using Group Policy. Copy each file to the computer you will use to configure the policy.
IPv6Configuration.zip [wpdm_file id=82]- This ZIP file contains both the ADMX and ADML files:

  • IPv6Configuration.admx – Copy this file to %SYSTEMROOT%\PolicyDefinitions
  • IPv6Configuration.adml – Copy this file to %SYSTEMROOT&\PolicyDefinitions\en-US (Replace en-US with your country’s language, as necessary)

Now log into the computer and use the Group Policy Management Console (GPMC) to configure the IPv6 settings. The new policy will be located under Computer Configuration > Policies > Administrative Templates > Network > IPv6 Configuration, as shown below:

Here, you can configure the following IPv6 settings:

  • Enable all IPv6 components (Windows default)
  • Disable all IPv6 components (the setting you probably want)
  • Disable 6to4
  • Disable ISATAP
  • Disable Teredo
  • Disable Teredo and 6to4
  • Disable all tunnel interfaces
  • Disable all LAN and PPP interfaces
  • Disable all LAN, PPP and tunnel interfaces
  • Prefer IPv4 over IPv6

Note that you must restart the computer for the configuration to go into effect.

 

source: http://www.expta.com/2009/02/how-to-configure-ipv6-using-group.html

How to disable IP version 6 or its specific components in Windows

To disable certain IPv6 components yourself, follow these steps:

  1. Click Start
    Collapse this imageExpand this image

    Start button

    , type regedit in the Start Search box, and then click regedit.exe in the Programs list.

  2. In the User Account Control dialog box, click Continue.
  3. In Registry Editor, locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters \
  4. Double-click DisabledComponents to change the DisabledComponents entry.
    Collapse this imageExpand this image

    2683283

    Note If the DisabledComponents entry is unavailable, you must create it. To do this, follow these steps:

    1. In the Edit menu, point to New, and then click DWORD (32-bit) Value.
    2. Type DisabledComponents, and then press ENTER.
    3. Double-click DisabledComponents.
  5. Type any one of the following values in the Value data field to configure the IPv6 protocol to the desired state, and then click OK:
    1. Type 0 to enable all IPv6 components. (Windows default setting)
    2. Type 0xffffffff to disable all IPv6 components except the IPv6 loopback interface. This value also configures Windows to prefer using IPv4 over IPv6 by changing entries in the prefix policy table. For more information, see Source and Destination Address Selection
      (http://technet.microsoft.com/library/bb877985.aspx)

      .

    3. Type 0x20 to prefer IPv4 over IPv6 by changing entries in the prefix policy table.
    4. Type 0x10 to disable IPv6 on all nontunnel interfaces (both LAN and Point-to-Point Protocol [PPP] interfaces).
    5. Type 0x01 to disable IPv6 on all tunnel interfaces. These include Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), 6to4, and Teredo.
    6. Type 0x11 to disable all IPv6 interfaces except for the IPv6 loopback interface.

source: http://support.microsoft.com/kb/929852/en-us

 

 

Dell: How to install Server Administrator on Windows 2012 Server Core Edition

Do the following to install Server Administrator on a Server Core. Once installed, you can launch OMSA using a supported remote browser.

1. Enable WOW component. Run the following command from the Server Core command prompt:

 dism /online /enable-feature /featurename:ServerCore-WOW64

2. Install x64 Server Administrator. Run the following command to install

Msiexec /i SysMgmtx64.msi

3. Disable WOW: Run the following command to disable WOW feature.

 dism /online /disable-feature /featurename:ServerCore-WOW64

4. Reboot the system.

Note: Disabling or enabling the WOW component would require system reboot.

5. Server Administrator is installed. You can launch the Server Administrator from a remote device as Server Core does not have the user interface

DiskPart has encountered an error: The media is write protected.

During the creation of a new disk, the error “The media is write protected” pops up.

Check if the disk (or volume) is in a read-only state:

DISKPART> attributes disk
Current Read-only State : Yes
Read-only : Yes
Boot Disk : No
Pagefile Disk : No
Hibernation File Disk : No
Crashdump Disk : No
Clustered Disk : No

If the disk or volume is in a read-only state, clear the attribute with the following command:

 

attributes disk clear readonly

attributes volume clear readonly

Go ahead with the creation of the new disk

Powershell: Enable Remote Desktop on a Windows 2012 machine

Run the following Powershell commands to enable remote desktop.

#Enable Remote Desktop
Invoke-Command -computername localhost -scriptblock {(gwmi -class win32_terminalservicesetting -namespace "root\cimv2\terminalservices").setallowtsconnections(1)}

#Configure Firewall for Remote Desktop
Invoke-command -computername localhost -scriptblock {netsh advfirewall firewall set rule group="remote desktop" new enable=Yes }

 

A word on disabling a wireless connection when also connected to a physical network

A nice article from David Pracht about the reason to disable the wireless connection when your laptop is wired. The source can be found here.

 


 

We get questions from customers asking how they can disable a wireless connection when they are connected to a physical network. There can be various reasons for wanting to do this but they are often misguided.

First let me say – Windows does not currently have the ability to disable a Wireless connection when connected to a physical network. There are 3rd party solutions and some hardware will have this ability in the BIOS/Advanced settings of the NIC.

While there are legitimate reasons for doing this, really what you should be asking first is, “why?” What is it you are really trying to accomplish? The answers usually come down to either performance or security.

First let’s tackle performance

This usually comes across as something like, “We are concerned that users are connecting over a slower wireless connection when there is a faster physical connection available.”

In reality this should not be an issue as the interface is automatically given a metric when a route is added to the route table and that metric helps decide which route to use if there is more than one path.

Here is a KB article about how XP handles this:

299540 An explanation of the Automatic Metric feature for Internet Protocol routes

http://support.microsoft.com/default.aspx?scid=kb;EN-US;299540

Note: It is done the same way in Vista and Windows 7 but the metric is more granular.

If you are experiencing this type of behavior, you should really be looking closer at the route table and gateway configuration to see if there is an issue there.

There can be times where you have, say, a gigabit network and a wireless N connection that will get the same metric because they essentially report the same speed. If the physical and the wireless network are both on the same subnet and they both have the same gateway Windows can’t determine which interface to use because the metric is the same. So it uses the first one listed in the route table. While you could change the bindings it is not really a good solution and is difficult to automate. You could also change the metric manually with the route command but again this is difficult to automate.

Really you should be considering why the wireless network is in the same subnet. If your wireless network is given its own subnet you will have much better control of the routing in your network and you won’t see these types of issues.

So what if they aren’t in the same subnet? Then it will depend on what is returned via name resolution and the Destination IP address selection process documented here.

http://blogs.technet.com/b/networking/archive/2009/04/17/dns-round-robin-and-destination-ip-address-selection.aspx

Now let’s talk about security

This usually sounds something like “We are concerned users will connected to an unmanaged network in the vicinity and expose the physical network to traffic from said network.” In Windows XP this was a more legitimate concern but in Windows Vista and Windows 7 this is not as applicable because of various security improvements but most specifically the strong host model. You can read more about this at the following link:

http://blogs.technet.com/b/networking/archive/2009/04/25/source-ip-address-selection-on-a-multi-homed-windows-computer.aspx

Further, with Windows Vista and Windows 7, administrators can use Network Permissions in the Wireless GPO to prevent connections to Ad Hoc networks, neighboring networks, or any non-GPO mandated network.

Another concern is just that users will connect to the unmanaged network and send sensitive data over it. The problem with this concern is that all a user has to do is unplug the physical network and they could do the same thing. The truth is that if it is possible to reach the resource over the unmanaged network you can never be sure this won’t happen. You need to either address the routing issue or encrypt the sensitive data. Disabling the wireless NIC is not going to be a complete solution and you could break connectivity in other places that you are not in control of.

So when would you want to disable wireless?

As suggested earlier there are legitimate reasons for wanting to disable the Wireless connection. Perhaps you have a limited number of access points and no ability to expand the wireless side of the network so you want to ensure all physically connected machines use the wired connection. Or maybe your wireless connection only has a limited number of IPs. Again there are other ways to address these issues but if this is the solution you want, 3rd party solutions are currently the best bet.

Summary

In a world that is increasingly connected, disabling connectivity is only going to cause you problems down the road. While there are ways to disable a wireless connection when a machine is plugged into a physical network, you should really think more about why you are trying to do this and address the root of the problem instead. If you find that you do still require this functionality, you will want to research the 3rd party software/hardware options available.

– David Pracht