Convert Group Policy to PowerShell DSC with ADMXtoDSC

In this post, I will look at a popular community script called ADMXtoDSC. It allows you to convert your existing computer-based Group Policy and registry settings to a PowerShell DSC (Desired State Configuration) file.

Nano Server and Group Policy

Nano Server promised a minimal operating system designed for certain tasks and cloud-native applications, with less disk space, faster installations, and fewer updates and restarts. To achieve this promise, the Nano Server team included only a minimum number of components in the default installation.

Continue Reading…

Windows Docker networking – Part 2: Custom network types

In Part 1, we had a look at general networking details of Windows Container technology, and I explained how to configure NAT in Docker. In this part, we are going to talk about custom networks such as transparent networks, Layer 2 (L2) bridging, and L2 tunnelling in Docker for Windows.

Removing container networks

You may remember from the first part that we can easily change the IP prefix of the default NAT network by playing with the daemon.json Docker configuration file. The Docker engine also gives us a chance to create fully custom networks (for NAT and other types of drivers) using the command line.

Continue Reading…

Windows Container networking – Part 1: Configuring NAT

In this two part series, we are going to discuss general networking architecture, the types of network created by default, and how to create your own custom networks in Windows Container environments. In today’s post I will focus on the NAT configuration.

Containers are certainly one of the hottest topics today. This year, Microsoft partnered with Docker to bring the Docker platform to Windows Server 2016 by introducing Windows/Hyper-V containers as well as native Docker engine support. That’s a huge step for overall container technology to push them through to production in enterprise organizations.

Continue Reading…

Install Azure Stack in a nested Windows Server 2016 VM

If you want to test Azure Stack, you can install Microsoft’s hybrid cloud solution in a nested Windows Server 2016 Virtual Machine. In this post, I will walk you through the installation of Azure Stack TP2.

Azure Stack hardware requirements

TP2 has similar minimum hardware requirements as those of TP1:

  • 4 disks, each with a minimum of 140 GB of capacity (SSD or HDD); all available disks will be used.
  • 12 physical CPU cores
  • 96 GB of RAM
  • Hyper-V enabled (with SLAT support)

Continue Reading…

Setup and Boot Event Collection in Windows Server 2016

Windows Server 2016 introduced a new feature called “Setup and Boot Event Collection,” which allows you to remotely connect and start collecting events during the boot process of a Windows Server. That’s pretty useful, especially when it comes to troubleshooting problems that occur during the boot process.

One of the challenges during the Windows boot process is that you can’t actually see what’s going on under the hood. If your machine never booted, or you think the boot process takes tremendous time, it’s a challenge to start troubleshooting, as you have a limited number of ways to get boot events.

Continue Reading…

Install Nano Server with Microsoft’s Nano Server Image Builder

Microsoft released a new Nano Server Image Builder tool that allows you to install Window Server 2016 with a minimal footprint. For the last couple of months, everyone is talking about the new smaller, headless Windows Server 2016 deployment option: Nano Server. Microsoft is calling Nano Server the future of Windows Server.

In a nutshell, Nano Server is a new installation option for Windows Server 2016 that is designed and fully optimized for cloud-born applications, containers, or specific services you want to run on a small footprint. You can use it as a host for Hyper-V VMs, a DNS server, an IIS server, or containers.

Continue Reading…

Just Enough Administration (JEA) – Part 2: An example

In the first part, we had a quick look at Just Enough Administration (JEA) and discussed some use cases. In this part, we are going to implement a JEA example to solve a common problem we have had for years: assigning appropriate rights to DNS admins.

I’m sure that the majority of DNS implementations in Windows environments are co-located with Active Directory domain controllers. That brings a lot of flexibility when it comes to DNS management, troubleshooting, integrated zones, and secure replication. But it’s also quite difficult to separate Active Directory and DNS management layers. In most cases, our domain administrators are also responsible for DNS. The main reason for this is that to have separate DNS admins, you need to grant “Domain Admin” rights to them.

Continue Reading…