Zerkana

lunes, 23 de julio de 2018

RDS Web Client


Hello.

Microsoft liberated Remote Desktop Services Web Client last week. This is the last improvement in the RDS roles and for me, it's a significative new feature because it offers us to consume an app or desktop from a client without Rdp or remote desktop app. What is the same, from a client with only a HTML 5 supported browser.

Before installing/adding this new feature you need to know:

- The RDS farm is not using Azure Application Proxy
- RD Gateway, RD Connection Broker and RD Web Access are in Windows Server 2016 or higher
- Kind of license are per User
- Have installed https://support.microsoft.com/en-us/help/4025334/windows-10-update-kb4025334  on the RD Gateway
- Public Certificates are installed.
- Microsoft says. Windows 10, 2008R2 or higher are supported as client but I have this role used by my Mac OS High Sierra and others with Chrome.
- You have published this farm as wildcard or public valid certicates and the user experience connecting to the farm works without any advertisement. If there were a problem with internal certificates connecting from the Wan, you should review this post  https://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/ mainly this part: Set-RDSessionCollectionConfiguration –CollectionName QuickSessionCollection -CustomRdpProperty “use redirection server name:i:1 `n alternate full address:s:remote.domain.com”

Steps to install RDS Web Client

1. Export the current certificated that you are using in the RD Connection broker as .CER
1.1 MMC
1.2 Add Computer Certificates

2. Go to the RD Web Access Sever Or servers and get powershell as administrative elevated credentials.

3. Launch these Powershell commands:

    - Install-Module -Name PowerShellGet -Force
    - Shutdown -r -t 0  (Take care it'll restart the server)
    - Install-Module -Name RDWebClientManagement
    - Install-RDWebClientPackage
    - Import-RDWebClientBrokerCert x:\ExportedCertificatepath.cer  (Exported in the step 1)
    - Publish-RDWebClientPackage -Type Production -Latest  (Accept the appeared Warning)

You can access to this new feature by: https://server_FQDN/RDWeb/webclient/index.html

User Experience:




jueves, 19 de julio de 2018

Automate Windows 10 Updates with Batch Script and GPOS



Hi everyone,


In this entry, we will make a batch file to automate Windows 10 updates to new build 1803. As you know, Windows 10 version updates could block user's computer for about 45min, this batch script could automate all the process and be scheduled to run off hours.

So, let's do it.



1. Download Windows 1803 ISO, you can use Microsoft Media Creation tool: https://www.microsoft.com/es-es/software-download/windows10ISO



2. Unpack ISO and place on a Shared folder, you can make it hidden by using "$" key. Be sure to grant privileges to users or groups that will access.

 



3. Create a Batch file "Download.bat" to download content to the user's computer.

This Batch file will create an Upgrade folder on C:, 6 Gb free needed, execute the upgrade on next startup.
{
mkdir C:\upgrade
start /wait Robocopy \\srvvm1\upgrade$ C:\upgrade /mir
Reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v WIN10 /t REG_SZ /d C:\upgrade\installWIN.bat /f
start /wait MsiExec.exe /X {8097EE64-FDE1-409A-B25D-3DFD862871E1} /passive
}
4. Create a Batch file "InstallWIN.bat" to install the update.
{
C:\upgrade\setup.exe /auto upgrade
}
5. Now automate process

  5.1 We can make a GPO, and apply to computers from a security group or inherit by OU.








  5.2 We can use remote execution with powershell.





  5.3 Add as scheduled task on clients

Finally, just reboot or, if you prefer, you can run directly installWIN.bat and done.




Enjoy :)

martes, 26 de junio de 2018

Azure - Adding Public IP to an existing VM and publishing a port.

Hello,

In this post i'm going to show you how to create and associate a public ip to an existing Virtual Machine.

1. Firstable you have to look for "Public IP" Above in the Azure search option.


2. Then choose +Add in the Public Addresses option.


 3. Create a new IP choosing you custom options & click on Create


4. Go back to the search option above the portal and look for "Nic"


5. Choose doing click on the nic associated to the Virtual Machinne.


6. Go to  IP Configurations Option, do click.
7. Click on the Private IP Addresses 

 8. Click on the Enabled option over Public IP Addreses insomuch it should appears Disabled.


9. Choose the Public IP you created in the thirst step previously.

10. Click on Save



Publishing

1. Go to the VM Configuration you associated a public IP before.
2. Click on "add inbound port rule" in the security group options.


3. Create a public rule where you have to permit communications to the Public IP through the port needed by the service.