Since we are still moving things, we had to update the home drive location.

1. Get a list with all users who have a Home Drive set.

2. I cleaned the list out and saved it as a .txt file

3. Then go through the list and update the Home Directory for each user in the list.

 

A quick rundown how to NIC Team in Server Core:

1. We connect to the remote host and check what NICs are available to Team. We want to make a not of the adapter names.

2. We create a new team and specify a name. Then we add NIC01 and NIC02 to the team.

3. Once we do that, the it will ask if it is ok and it will add the default settings:
TeamingMode:’SwitchIndependent’ and LoadBalancingAlgorithm:’Dynamic’

TeamingMode

In this “Switch Independent Mode” the switches are not aware that different interfaces on the server comprise a team. Instead, all the teaming logic is done exclusively on the server.

There is also the option for “Switch Dependent Mode”, wherein all NICs that comprise the team are connected to the same switch for aggregation rather than redundancy.

LoadBalancingAlgorithm

— Dynamic:
Uses the source and destination TCP ports and the IP addresses to create a hash for outbound traffic. Moves outbound streams from team member to team member as needed to balance team member utilization. When you specify this algorithm with the TeamingMode parameter and the SwitchIndependent value, inbound traffic is routed to a particular team member.
— TransportPorts:
Uses the source and destination TCP ports and the IP addresses to create a hash, and then assigns the packets that have the matching hash value to one of the available interfaces. When you specify this algorithm with the TeamingMode parameter and the SwitchIndependent value all inbound traffic arrives on the primary team member.
— IPAddresses:
Uses the source and destination IP addresses to create a hash, and then assigns the packets that have the matching hash value to one of the available interfaces. When you specify this algorithm with the TeamingMode parameter and the SwitchIndependent value, all inbound traffic arrives on the primary team member.
— MacAddresses:
Uses the source and destination MAC addresses to create a hash and then assigns the packets that have the matching hash value to one of the available interfaces. When you specify this algorithm with the TeamingMode parameter and the SwitchIndependent value, all inbound traffic arrives on the primary team member.
— HyperVPort:
Distributes network traffic based on the source virtual machine Hyper-V switch port identifier. When you specify this algorithm with the TeamingMode parameter and the SwitchIndependent value, inbound traffic is routed to the same team member as the switch port’s outgoing traffic.

4. Once that is done you should have a team

We can check which NICs are the member, the status it is in, if it is up , or degraded
(mine was degraded since I only connected one NIC :oP)

Sources:
– https://technet.microsoft.com/en-us/library/jj130849(v=wps.630).aspx
http://www.windowsnetworking.com/articles-tutorials/windows-server-2012/windows-nic-teaming-using-powershell-part1.html

As I found out today, Hyper-V Server 2012 R2
(the FREE version!) does support Bitlocker! Hooray!

Here is how to set it up:

1. You have to install the Bitlocker feature.

2. If you don’t have a TPM you will need to allow the use of Bitlocker without a TPM via GP. Either in your domain or via the local group policy snapin on the machine in question. To do that edit the following group policy key to “Enabled”.
Since we are on the Hyper-V Core machine, you have to setup remote management first, and make use of the MMC -> Group Policy Object editor.

Make sure to check “Alllow BitLocker without a compatible TPM

BL

3. Encrypting a drive with Bitlocker requires that a system administrator provides Bitlocker with one or more security protectors to protect the drive. I will be using a password, however one can also use a USB key and other methods to lock and unlock the Bitlocker volume.

You should be prompted to enter you self defined password twice and you should receive a randomly generated recovery key printed on the screen. You should copy this down immediately so it’s not lost as it will be the only way to recover the volume if the user password is forgotten.

HINT: To have the recovery key automatically saved to a USB thumb drive add the following to the end of the command:

Where X: should be the drive letter of the USB thumb drive.

Once the protectors have been put in place we can start the encryption of the volume with the following command:

After the command is executed you will be prompted to restart your computer to complete the Bitlocker drive test. The test checks that you are able to log in to your system with Bitlocker enabled. Once the computer has restarted and you have made it back into Windows Bitlocker should start encrypting the drive.

You can keep an eye on the status of the encryption process with the following command:

Source:
http://jack-brennan.com/bitlocker-on-server-2012-and-hyper-v-server-core

We are still working on a migration for a LOT of users from a local infrastructure to solely working in the cloud. As part of that we have to move their roaming profiles in the cloud as well (why oh why did the previous MSP recommend roaming profiles… ;o( …). Anyways, so we moved the data via VPN and robocopy on the data server in AWS, however we still have to re-point the roaming profile path in AD. Sure enough there is no (or none that I found of anyways) way to easily re-point the TSProfilePath.

So I wrote a little script. I first got the SAMAccountName from all the users with a roaming profile and put them in a list.

Then went trough the list and updated the ADSI value for the TerminalServicesProfilePath value for each user in the list.