Since managing it remotely in anon domain environment is a pain in the neck and I’ll have to setup quite a few servers in the next couple of weeks, here a quick ‘how to’ mange Hyper-V Server 2016 remotely.

SERVER CONFIGURATION

1. Run

2. Configure Remote Management + ping (Opt. 4 -> Opt. 4 -> Opt. 1)
3. Enabled Remote Desktop (Opt. 7 -> e -> Opt. 2)
4. Run this command to allow RDP through the server’s firewall:

5. Launch Powershell and execute this command:


CLIENT CONFIGURATION

1. Add an entry to the hostfile as you can not add a Hyper-V server via IP
(e.g. 192.168.1.1 HOSTSRV01.WORGROUP HOSTSRV01)

2. Run -> dcomcnfg, right-click on ‘My Computer’ -> Properties -> COM Security Tab -> Access Permissions -> Edit Limits -> Anonymous Logon -> Allow ‘Local & Remote’ Access

3.

4. Install the RSAT Tools for your Operating system. Open the Server Manager and add the Hyper-V host as a server.

5. You should get a permission error, run the following command:

Now you should be able to remote manage / create / edit your Hyper-V Server.

 

Alright so one of our customer’s shared drive broke, we were able to restore it and such, however the needed rights were gone. I found a cool nifty tool called “SubInACL” to help me out. The default install is in

The syntax for SubInCAL is like so:

So in my case I used:

The <access>parameter follows this list:

F : Full Control
R : Generic Read
W : Generic Write
X : Generic eXecute
L : Read controL
Q : Query Service Configuration
S : Query Service Status
E : Enumerate Dependent Services
C : Service Change Configuration
T : Start Service
O : Stop Service
P : Pause/Continue Service
I : Interrogate Service
U : Service User-Defined Control Commands

To get all the sub-directories you can use the switch ‘/subdirectories

Such an easy command saved the day!

We are still working on a migration for a LOT of users from a local infrastructure to solely working in the cloud. As part of that we have to move their roaming profiles in the cloud as well (why oh why did the previous MSP recommend roaming profiles… ;o( …). Anyways, so we moved the data via VPN and robocopy on the data server in AWS, however we still have to re-point the roaming profile path in AD. Sure enough there is no (or none that I found of anyways) way to easily re-point the TSProfilePath.

So I wrote a little script. I first got the SAMAccountName from all the users with a roaming profile and put them in a list.

Then went trough the list and updated the ADSI value for the TerminalServicesProfilePath value for each user in the list.