3D Printing

3D Printing

Overview

I wanted a 3D printer for a while since being introduced to it from our current hackerspace in the city; Skullspace. Check em out. Many of the awesome guys I know are right on the homepage. Amazing people.

Anyway, they had some first couple version that had many issues which had me worried when getting into it. However it turns out the Ender 3 has amazing reviews, and a solid following with it being introduced into some good software we will cover aa bit later in this blog.

Buy a 3D printer

So I finally pressed the trigger and bought a 3d Printer… since I got an amazon gift card I searched 3D printer on amazon and the main thing that showed up was a Ender-3 as their choice pick.

Set up Printer

Was a really good price specially with the gift card I had. I got it really quickly too, and on top of it came really well packaged with minimal assembly required. I was a confused at only a couple steps during the setup so I watched this guys YouTube video to get it assembled. Which was an amazing help, he even provides upgrade parts you can print once you get the printer running, which I’m currently printing as I write this.

However there was one part I was a bit confused about and that was how to level the bed.

Leveling the Bed

Now as mentioned by Vlad in his setup video, he was surprised to find there was no auto leveling. This doesn’t surprise me for the price of this amazing machine, beggars can’t be choosers and let’s level the bed.

For this I watched this great video by 3dprintingcanada on youtube.

After following these 2 video I was ready for printing and my first couple prints came out amazing. Of course this requires other basic knowledge I haven’t covered yet.

How 3D Printing Works

Now in order to understand what’s going on in the next bit it’s important to understand how 3D printing works. and that’s basically like this: “A 3D printer essentially works by extruding molten plastic through a tiny nozzle that it moves around precisely under computer control. It prints one layer, waits for it to dry, and then prints the next layer on top.”

In order to do this normally you model your object (with FreeCAD, or Fusion360, or whatever) and once you export your model out it usually comes in an STL file for a normal object file you can use to CnCing or other things… like “slicing” which takes the object and well “slices” it into layers which will determine the resolution of the final print (that and the diameter of the extrusion nozzle being used by the 3D printer.

Slicing

Now normally you have to do some math’s and calculate all these things and enter their values into the Slicer of choice. Two top ones right now in the FOSS area are Cura and Slic3r. I have most of my experience with Slic3r and then I read about this gem; PrusiaSlicer!

“PrusaSlicer now comes with Ender3 profile”

Sure enough running it, out of the box I could select a profile for my Ender3 (having profile is a specific set of the variables I mentioned above already configured for specific printers out of the box). Since my Endor-3 was out of the box without any modifications (to the extruder nozzle mainly) I was good to go.

With the setup and testing off all parts good (as mentioned and linked to the two YouTube video to accomplish this) it was time to grab an object and slice it.

The First Print

The first thing I printed was a Ghost from Packman.

Then I quickly went to upgrades to the Ener3, starting with the main upgrade which was the upgraded blower nozzle.

Final Thoughts

Over all the first couple prints without changing any infill settings, or supports were super easy going, and I’d say the industry has finally got it down pretty well and cheap enough I’d say go for it. This is a great starter printer.

Watch this video on more about how to customize supports in PrusiaSlicer.

If you run a 3D printer let me know what you run in the comments, or if you have suggestions.

Thanks for reading!

Manage iPhone4 Music Library in 2020

What a pain… tried linux could easily see the photos, but then again I could also see that in Windows, so stuck with using Windows. Since it an older phone figured older OS would work just fine, I tried an older copy I had of CopyTrans manager but would constantly not show the phone in the app when connected.

I wanted to see if iTunes could see it, the latest download says to go to the Microsoft Store (gross), so you have to find an alternative download for 12.5 or something to grab an actual executable installer.

I was getting this weird error installing it about the service not starting and I read all these posts, here and here all full of advise that was useless, you check the service it shows up, do all the things shows up fine at boot but complains with iTunes. and I’d always get this annoying pop up

“This iPod cannot be used because the required software is not installed.”

Well what kind of rubbish lies is this, everything was installed just fine and for the proper version (x64), like what the heck gives. Then I stumble upon this random post from over 11 years ago…

“I got it. I just first uninstalled iTunes then this:
1.Open up the Command Prompt as an Administrator (Go to All Programs > Accessories and Right Click on Command Prompt and then choose Run as administrator)
2.Type cd C:\Windows\SysWOW64
3.Type regsvr32 vbscript.dll (This registers VB Script with your computer.)
4.Now install iTunes as you normally would by double clicking on the install program and wait for iTunes to finish installing.
5.Type regsvr32 /u vbscript.dll (This unregisters VB Script with your computer.)”

I followed the same steps and low and behold I saw my iPhone 4 in iTunes. I was like Woah… but also like… I don’t want this I wanted simple drag n drop with CopyTrans Manager.

If you grab the latest copy of it.. it’s now shareware with limited use, when running it.. I couldn’t even get a delete context menu when (this version even wanted to install drivers even though itunes was installed, and wanted to uninstall itunes in the process…. well don’t let me stop you). But still now the phone shows up in the app but I couldn’t delete. I managed to find an older copy I think version 1.2 or something. Will have to double check which I ran standalone after the most recent version install, and I was able to get the add and delete buttons to show up. And then updated my playlist and finally updated the phone and it worked!

I now created a backup of this VM for future use as is.

FreeNAS Volume Down.

Quick Note, This is NOT a deep dive post into troubleshooting a downed volume, in this case I knew the drive was unavailable since boot and my goal was to re add the logical drive after correcting the physical connection issue.

This happened to me due to a Hardware issue. A power surge killed my UPS, like fully in that it wouldn’t turn on. SO had to rip it out and rebuild my DataCentre since I’m a poor man without proper servers, or server mounts. It’s a ghetto mans DataCenter.,.. anyway. The single USB enclosure housing a 2 TB HDD which was mounted and shared via SMB on the FreeNAS server didn’t power on. I decided to open the case to see if I could find the issue  (the PSU was fine as I was reading 12 v from the standard barrel connector. After I removed the case I was shocked find it was powering on… ok what gives. Put the case back on and nothing, it’s like the power barrel isn’t reaching the internal pins all of a sudden. I’m not sure if this was cause I swapped it with another 12v unit within the rack, either way I found an adapter to fit the same female and male ends and amazingly it worked lol, how useless but randomly came in use in my life.

So now back to FreeNAS with the USB drive powered on and connected.

First thing on the UI was the critical alert of the Volume being down. I wasn’t sure how to bring it back online with commands like lsusb being useless.

I found this FreeNAS form post with someone having a similar issue were the logs stated the simplest solution:

Recovery can be attempted by executing ‘zpool import -F vol1′

I SSH’d in and ran that command ageist the known volume that was down and lo and behold it appeared to have fixed my mounted USB drive…. but my SMB share just wasn’t available…

SO restart the SMB share… nothing… OK what gives… I dont’ remember documenting exactly how I set this up and it older FreeNAS 11.1-U1… so now I check the source server via SSH…

“zpool status” now shows the volume is there. checking “df -h” shows it’s mounted as /SMB… yet going to the Sharing -> Windows Shares and checking the shared volume states it should be /mnt/SMB but it’s not mounted as such hence why it’s not showing up…

Now 2 questions pop in my head 1) did I mis-configure something or 2) is the mount process different during boot in which it will mount the volume under /mnt instead of the root… not sure what happened here.. also not sure exactly how I should fix it. I want to avoid a reboot as it hosts iSCSI based VMFS volumes for my ESXI hosts.. what a pain…

ok… sigh mmmm I can either link or mount the volume accordingly at this time, but not sure how that will affect the server at boot….

So after talking to the “experts” apparently I did something wrong (how classic) due to a mix of my ignorance and … ahem… a system design in which the backend shouldn’t be touched outside the frontend… like lame SharePoint… anyway to read the details see this snippet:

Though have to give credit where it’s due and it’s nice to get clarification on things that piss me off so much it actually triggers my “flight or fight” response in my brain and I get like raged.

So taking a few minutes to cool down to hopefully resolve what should have, as usual, been a rather easy process became a royal pain in the fucking ass. But a “learning” experience none the less. Say that shit more than enough times in this stupid field of shit… ughhhh

OK now not pissed…. I went to Storage -> Volumes via the front end, and even though it showed green and healthy from the backend import command, I clicked the volume and selected “detach” from the bottom. I chose not to destroy my data (default, good stuff), and to not remove the share configuration (SMB service stopped anyway).

Then I clicked import volume (no encryption) and lucky for me the volume in question was the only one available in the dropdown list. The wizard successfully imported the volume, and sure enough doing a “df -h” on teh backend showed it mounted as /mnt/SMB ands retarting the SMB services worked and navigating the share also worked.

Yay well this sure was a learning experience…. don’t mess with the backend too much with FreeNAS (soon to be TrueNAS CORE).

Cheers

 

Windows MPIO to FreeNAS iSCSI Target

Intro

Well I made some mistake, the system worked but not utilizing its max capabilities..

I had been successfully using FreeNAS as a iSCSI target for  a disk mounted in Windows Server, but only one path being used at all times…

Windows Side

Source

I first needed the MPIO feature installed:

  1. Click Manage > Add Roles And Features.
  2. Click Next to get to the Features screen.
  3. Check the box for Multipath I/O (MPIO).
  4. Complete the wizard and wait for the installation to complete.

Noice.

Then we need to configure MPIO to use iSCSI

  1. Click Start and run MPIO.
  2. Navigate to the Discover Multi-Paths tab.
  3. Check the box to Add Support For iSCSI Devices.
  4. Click OK and reboot the server when prompted.

For me I didn’t get prompted for a reboot and reopening MPIO showed the checkbox unchecked, I had to click the add button then I got a prompt to reboot:

Now before I continue to get MPIO working on the source side, I need to fix some mistakes I made on the Target side. To ensure I was safe to make the required changes on the target side I first did the following:

  1. Completed any tasks that were using the disk for I/O
  2. Validated no I/O for disk via Resource manager
  3. Stopped any services that might use the disk for I/O
  4. Took the disk offline in Disk Manager
  5. Disconnected the Disc in iSCSI initiator

We are now safe to make the changes on the target before reconnecting the disk to this server, now on to FreeNAS.

FreeNAS Side

Source

I much like the source specified added an IP to the existing portal.. which I apparently shouldn’t have done.

Stop the iSCSI service for changes to be made.

Now delete the secondary IP from the one portal:

Now click add portal to create the secondary portal with the alternative IP.

There we go now just have to edit the target:

Now, that you have multiple portals/Group IDs configured with different IP addresses, these can be added to the targets.

Editing the existing targets to add iSCSI Group IDs

Once you have a target defined, you can click the Add extra iSCSI Group link to add the multiple Port Group ID backings.

Add extra iSCSI group IDs to each target in FreeNAS

Make sure you have the iSCSI service running. It does hurt at this point to bounce the service to ensure everything is reading the latest configuration, however with FreeNAS the configuration should take effect immediately.

Make sure iSCSI service is running in FreeNAS

Now we can go back to Windows to get the final configurations done. 🙂

Back on Windows

Configuring iSCSI

Launch iSCSI on the application server and select the iSCSI service to start automatically. Browse to the Discovery tab. Do the following for each iSCSI interface on the storage appliance:

  1. Click Discover Portal.
  2. Enter the IP address of the iSCSI appliance.
  3. Click OK.
  4. Repeat the above for each IP address on the iSCSI storage appliance.

Browse to Targets. An entry will appear for each available volume/LUN that the server can see on the storage appliance.

Configure Each Volume

For each volume, do the following:

  1. Click Connect to open the Connect To Target dialogue.
  2. Check the box to Enable Multi-Path.
  3. Click Advanced. This will allow us how to connect the first iSCSI session from the first NIC on the server. We can connect to the first interface on the iSCSI appliance.
  4. In the Advanced Settings box, select Microsoft iSCSI Initiator in Local Adapter, the first NIC of the server in Initiator IP, and the first NIC of the storage appliance in Target Portal IP.
  5. Click OK to close Advanced Settings.
  6. Click OK to close Connect To Target.

The volume is now connected. However, we only have 1 session between the first NIC of the server and the first NIC of the storage appliance. We do not have a fault-tolerant connection enabled:

  1. Click Properties in the Targets dialogue to edit the properties of the volume connection.
  2. Click Add Session.
  3. Check the box to Enable Multi-Path.
  4. Click Advanced.
  5. Select Microsoft iSCSI Initiator in Local Adapter. Select the second iSCSI NIC of the server in Initiator IP and the second NIC of the storage appliance in Target Portal IP.

Click OK a bunch of times.

If you open Disk Management, your new volume(s) should appear. You can right-click a disk or volume that you connected, select properties, and browse to MPIO. From there, you should see the paths and the MPIO customizable policies that are being used by this disk.

I left the load balancing algo to Round Robin, as Noted from here:

MCS

Fail Over Only – This policy utilizes one path as the active path and designates all other paths as standby. Upon failure of the active path the standby paths are enumerated in a round robin fashion until a suitable path is found.
Round Robin – This policy will attempt to balance incoming requests evenly against all paths.
Round Robin With Subset – This policy applies the round robin technique to the designated active paths. Upon failure standby paths are enumerated round robin style until a suitable path is found.
Least Queue Depth – This policy determines the load on each path and attempts to re direct I\O to paths that are lighter in load.
Weighted Paths – This policy allows the user to specify the path order by using weights. The larger the number assigned to the path the lower the priority.
MPIO

As above plus

Least Blocks – This policy sends requests to the path with the least number of pending I\O blocks.

Now did it actually work?

Seems like it.. performance is still not as good as I expected. must keep optimizing!

Hope this helps someone…

Copying Registry Keys from Offline Hives

Intro

So the other day I installed a new version of Windows on a new disk, leaving all my old ones on my old drive available if I need something in particular. in this case there was something particular I wanted that was my putty sessions. I do use mRemoteNG, which saves most of my required sessions. However there were still a couple oldies used by putty and mRemoteNG will list these as well automatically as it simply references the same reg keys that putty uses to save them.

But what if the usual method as outlined here, don’t work as the system that has the stored information is not on my running instance of windows? As the answers all assume on major thing, the old system is able to be powered on and brought online.

In my case not so much…. so what do we do? Well this blog post defiantly provides major help in that regards. Basically covers loading offline hives and some caveats as a result of this procedure. Instead of having to read that whole blog I’ll paraphrase it here:

    1. You have to highlight HKLM or HKU for the load Hive to be ungrayed out.
    2. Loading an offline hive stay loaded until manually unloaded. Ensure you unload the hive after exporting the keys of interest.
    3. Exported Keys will have paths of unwanted nature, the path will need to be edited to be useful/proper.

As for note 2 he uses and App called RegistryViewer. I have never used this app, and I generally avoid 3rd party apps as much as humanly possible. Specially for things that are pretty straight forward. The second method mentioned was to use a notepad editor to replace the problematic lines within the path. He goes on to say notepad can’t do this and to get notepadd++. While being a huge advocate for notepad++. regular notepad CAN do this, CTRL + H. So let’s so this…

Hold on a second.. where are the files “hives” we need to load on the old Windows files? I used this How-to-geek reference to help me answer this question.

*Interesting take away* “The registry contains folder-like “keys” and “values” inside those keys that can contain numbers, text, or other data. The registry is made up of multiple groups of keys and values like HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE. These groups are called “hives” because of one of the original developers of Windows NT hated bees. Yes, seriously.

“On Windows 10 and Windows 7, the system-wide registry settings are stored in files under C:\Windows\System32\Config\ , while each Windows user account has its own NTUSER.dat file containing its user-specific keys in its C:\Windows\Users\Name directory. You can’t edit these files directly.

But it doesn’t matter where these files are stored, because you’ll never need to touch them.”

Ahem… There are often times someone may need to “touch” the registry, more often then not devs of alternative apps that did decide to use the registry to store app settings probably didn’t even delete them when running their respective uninstallers I’ve seen this many times. Anyways we won’t go down that rabbit hole instead I need the reg files in the HKCU, and that apparently is in the NTUSER.dat file apparently… well fudge, there might be more steps involved here than I thought…

Found this OLD blog from 2003 with basic info I needed:

“Select the wanted registry database file:
[HKEY_LOCAL_MACHINE \SYSTEM] (%windir%/system32/config/system)
[HKEY_LOCAL_MACHINE \SOFTWARE] (%windir%/system32/config/software)
[HKEY_USERS \.Default] (%windir%/system32/config/default)
[HKEY_CURRENT_USER] (%userprofile%/ntuser.dat)”

Ohhh you really just open the .dat file directly.. huh..

Loading the Hive

*Notes* It’s assumed that the offline Windows files are accessible to an online copy of Windows. how this is accomplished is up to the reader, direct HDD mounting via an open BUS on the mainboard, a USB enclosure with the offline file system mounted. Whatever the case maybe.

    1. Open regedit.
    2. Click on HKU, then File, Load Hive, Point to users’ offline hive…
      ERROR Access denied. “huh, I know I’m not running elevated but I have rights on this dir since it was my old profile path on a domain joined machine.. what gives? fine Whatever I’ll just run an elevated CMD and copy it to a open permission folder (C:\temp) …” Error File not found… seriously What?!

      Really.. huh never knew… “my file was hidden that’s why copy couldn’t do the job” wow…
      xcopy /h source destination

      Weird anyway this might be the reason it fails to load in regedit let’s see…
      Nope, even set the attributes to not be system/hidden on the copy and still permission error. So it turns out you HAVE to run regedit elevated or you can’t load hives? I would rant here but, meh … moving on
    3. Now I can finally check the key of interest …
      HKEY_CURRENT_USER\Software\SimonTatham

Finally Gees man… ok next…

Exporting the Key

Right click Key(folder) and select export… (Holy man finally something dead simple)

I saved my reg file under c:\temp

Editing the Reg File

Now as mentioned in the source blog we need to clear the mounted Hive name from the paths within the reg file, so open reg file up in Notepad, press CTRL+H and enter the mounted name (hopefully picked something very unique) and include one \, while leaving the replace with field empty:

Click “Replace All”

Don’t forget to save the file, and unload the hive. Now I can open regedit as my standard account, unelevated and try to import the reg file…

WHOOPS one thing I quickly noted was due to mounting it on HKU (since you can’t mount it on HKCU, we have to change all HCU to HKCU:

Now save the reg file and import.

Importing the Reg File

Open Regedit, File -> Import Registry, point to file saved in temp folder.

Baaaaaam, imported in proper spot and opening up my mRemoteNG shows my putty saved sessions.

Bonus Material!!

I was having issues with one of my saved sessions which relied on an SSH auth key. It turned out my USB key that held it was not mounted as the same drive letter as my old system. As soon as i corrected the drive path, the sessions worked.

Well I hope this helps someone…

ESXi 6.7 on HPE DL380 G7

I had this long blog post I was going to write about HP screwing me on a ESXi upgrade, but in a nut shell you can read these ones about that how shebang:

  1. MonsterMuffin (crude)
  2. Claud “Admin” (Less crude)

As both of them mention you have to do a clean install, and you probably won’t have a config saved from that exact version as you are just updating to it, so your config on the old 5.x or 6.0 won’t work either. If you have dvswitches and all that fun jazz probably not a huge deal but if you have standard vswitches and lots of custom configurations around them including vlan tagging, well this can be crappy.

I did manage through all my trial n errors to get a working copy but it required workarounds I don’t think would have been supported, so meh just follow those…

I tried everything to get a ESXi system upgraded to 6.7 without loosing or reconfiguring the host, you figure just do anew install and reload the config.

However you can only load config for the same version a backup of that one was created. I eventually came across other things other PSOD’s and had to even at one point edit the boot file to remove a HP dedicated driver from loading. After all that meh, just install new with the custom images mentioned in the above Blogs.

I’m really sorry I would have covered these tasks in far more detail but spent a good couple days smashing my head just trying to get it to work. something are just not worth the effort, and blogging every annoying error and steps along the way on this one… is just one of those things.

Cheers.

SharePoint an Update Conflict

So the other day I was getting my test environment replicated to the latest state of production. Now I did spin up my front end before replicating it, when I noticed it in the CA I powered it down and replicated it fresh, but after I had already replicated the DB server without re-replicating it, this was more than likely the cause of this problem.

So after having replicated the front end and spinning it back up, I went to make a site run from HTTP to HTTPS. So got my cert ready, bound it to my IIS site listener, go to CA to edit the Alternative Access Mappings (AAMs) and….

ERROR … “An update conflict has occurred, and you must re-try this action. The object SPFarm Name=SharePoint_Config is being updated by DOMAIN\username, in the STSADM process, on machine MACHINE-NAME. View the tracing log for more information about the conflict.”

Googling this there are a couple good references like this old one on the sharepointdiary even from SP 2007 so it’s a long known thing. Just not to me. 😛

This one also helped me as it covered the upper two resources point to older directories.

Resolution

    1. Stop the SharePoint Timer Service
    2. On the Front end Navigate to: %SystemDrive%\ProgramData\Microsoft\SharePoint\Config
    3. Find the folder with dedicated numbers and hyphens.
    4. Delete everything but cache.ini (make a backup if you want of cahce.ini)
    5. restart the timer service

I noticed when I went back to the CA almost all my collections were missing in the configure alternative access mappings. So I rebooted the front end.

After that I was able to adjust the AAMs without issue. Hopes this helps someone.

Veeam – Can’t get service content. Soap fault.

So the other day I added a new Windows managed server to Veeam and as usual I came  across some errors and issues that had to be resolved, and some tips on what too look out for to resolve them. Besides the one error being used for two different issues (network vs authorization), it’s generally not that bad and easy to decypher exactly which of the two is the cause. However sometimes you come across an error that seems to have multiple causes and knowing which one it is can be sometimes difficult to diagnose.

Today was one of those things, after adding the newly added managed server as a Veeam vSphere Proxy I was hit with this error when attempting to complete any replication jobs…

Processing configuration Error: Client error: Cannot get service content.
Soap fault. No DataDetail: 'get host by name failed in tcp_connect()', endpoint: 'https://vcenter.domain.local:443/sdk'

Googling this I found one post on the Veeam forms that was a basic dead end.

And this nice thread on Spiceworks.

The only thing different between this Proxy and my other one was that it was not domain joined, which I didn’t see as a pre-req… and sure enough it’s not, but in my case it was phlights response that nailed it for me:

“I attempted to connect to vcenter from my remote proxy and found that it didn’t have an entry for vcenter in DNS.  Remoted into vcenter and performed ipconfig /registerdns.  Remote proxy could then connect to vcenter.  I did a test replication job successfully. Yeah!”

In my case the error showed the vcenter server by the hostname that was not fully qualified, domain joined machines will auto add the domain suffix on a DNS request, but in this case a standalone system, even pointing to the same DNS servers, won’t. As soon as I saw this I had two options:

  1. Add a domain suffix in the DNS settings of the Proxy as to make the vcenter server lookup succeed OR
  2. Just add a static record in the Proxy host file.

since I didn’t need this system to do any other particular domain looks up I simply did #2. Then my Replication job worked. Why it didn’t fall back to another proxy that did work is beyond me…..

Also why the proxy needs to communicate with vCenter is also beyond me…

Veeam – Adding a Windows Managed Server

Unlike most other blog posts that seem to love to follow the “happy path”, that never happens with me so I’m going to go over this cause something WILL go wrong…

Pre-required reading.

Now I got this as my first error attempting to add the server:

Things to check here:

  1. Network and services:
    In my case first issue was DNS, and DNS cache, since I added a newly created hostname the Veeam server was attempting to query it’s local DNS cache, I had to ensure all DNS servers had a valid record (nslookup/dig) then validate those on the local system (ping) which failed and required a local DNS cache flush (ipconfig /flushdns).

    Also make sure you didn’t click “No” when connected to the network, else it would have set the firewall zone to “Public”, change it back to Private or open the firewall accordingly.

  2. File and Print Services on target:
    Next I had to create a temp share folder to ensure share services were started (since I was using Windows 10, and not Server 2016/2019), otherwise much like others have mentioned… somewhere (I’ll link if I find the Veeam thread again).
  3. This can also show up if the user account is incorrectly entered or if used as “.\user”. While this was stated as a solution to an alternative issue (to be mentioned below), I got the error above using the account in that syntax. I had to use “HOSTNAME\USERNAME”.

The second error I got was:

Things to check here:

  1. Are you using local accounts? (Managed Server being added not part of domain) More than likely yes (otherwise you haven’t granted the domain account local administrative rights on the server being added).

    In this case as covered in this Veeam thread.

This issue is not Veeam specific rather MS specific, which has been the case since the inception of Windows Vista.

If you are in this boat you have 3 options:

  1. Join the host to the same domain as Veeam. Created a dedicated domain account and place into the managed server local admins groups (preferably via GPO).

    *Most recommend

    If domain joining is out of the question these are the other 2 options…

  2. Enable and use the built in local administrator account “HOSTNAME\Administrator)

    *Recommend if domain join not possible (It’s less likely that this account would be directly compromised vs the alternative solution). This is also mentioned by Gostev directly in the Veeam thread shared above.

  3.  Disable UAC for local account to utilize remote calls:
cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

This adds a reg key to disable UAC. as Mentioned by Gostev why this isn’t done automatically as it’s a security risk. No solution seems good here (besides domain joining). In this case it’s better to just use to local admin account… ughhh.

and sure enough using the local administrator account worked and the wizard moved on…

The rest of it’s a wizard, if you got to this point there should be no other major issues moving on…

Creating a Windows Image for Deployment without WDS/ADM

Creating a Windows Image

Intro

If you got the administrative team in your org to handle all the ins and outs of WDS and ADM deployments including using DISM for driver injection for custom images and ALL THAT jazz. Rock on!

If you find you have only a small amount of OS’s to support and want to keep up with only one image of the latest version with set software without having to learn all the WDS and ADM, and networking with PXE and DHCP and all that fun stuff then this might be a nice alternative for your needs.

Intro

You can technically prep the OS on any laptop or a VM as long as you generalize the image during the final prep stage into OOBE mode. If you want to keep hardware specific drivers and such then do not generalize the image.

Basic Steps

I used a VM and started it as follows:

  1. Boot and install Windows 10 (I gave it a bare minimum 40 Gig drive)
  2. At the OOBE first time boot after install, press CTRL+SHIFT+F3, let the system boot into the admin account using AUDIT mode.
  3. Install Apps, All Updates, run the community decrapifer, clean up the start menu.
  4. in Sysprep Pick OOBE and shutdown
  5. Using Linux Live DD drive to any shared storage.
  6. Use Linux Live to DD image from shared storage to local desktop/laptop drive and boot, which will boot right into OOBE ready for AD joining or whatever.

Caveats

*known caveat…

  1. Don’t open Bitlocker area while configuring the system in Audit mode.

All good right? Well normally after I dd the image and let the OOBE run, I like to extend the partition space from the initial 40 to the remainder of the local disk, whatever size it happens to be until…

You might wondering what the big deal is here, now with the existing system, not much, however if I extend the VM’s drive to replicate copying this image over, you will notice the ability to extend the partition is grayed out this is cause the sectors of the partition would not be contiguous, which is not allowed with partitions on a disk… since MS provides no way to nicely move it using Disk Management we have to rely on other tools. In this case I’m going to rely on gparted.

You can grab gparted live from here

GParted to Move WinRE Partition

This is the part that sucks the most cause even though it’s easily possible MS made the install wizard place the WinRE partition at the end of the disk (this might be able to be manually configured, but I did the ol, pick disk, click install.

Normally I’d have my IODD device with a huge drive attach to write stuff to, but in this case since it’s a VM I’ll add a 1 Gig disk to save the WinRE partition to while moving the rest of the data to the end of the disk.

So add drive, then edit VM boot options to force into EUFI menu, then once powered on, upper right click disk icon and mount ISO, once all green dots to indicate they are mounted, boot from CD/DVD…

No keymap changes, enter yeah default lanuage, auto login whatever…

there it is, the two drives we want to work with, now lets quickly format the 1 gig drive..

So create the MBT (Device -> create partition table), new partition, all space, FS NTFS, click green check mark.

Awesome, as you can see I then mounted that partition and used DD to copy the WinRE partition as a whole…

I sort of covered up the gparted window but I know /dev/sda4 was the WinRE partition based on the size and information.

Now for the biggest pain… we have to delete that partition, move the data partition over and then re-create the open space as the same partition we just deleted, and copy the contents back, so that the data partition sectors can be contiguous even though it remains the “3rd” partition.

Weird computer science…

Anyway let’s do this..

Delete the WinRE Parittion, /dev/sda4 in my case:

shift /dev/sda3 to end of disk, I selected move/size and just dragged the partition on the slider all the way to the right, click ok and it should look like this:

Now we re-create the /dev/sda4 as ntfs and hidden,diag flags:

*NOTE* This takes a lot of CPU and Disk I/O as the all the data has to be shifted which is also why the alerts of possible data loss (if there’s any issue with the actual disk). So the time it takes depends on the size of the over data partition, also recommend to only do this after a backup, or some alternative copy is made. In terms of VMware I had this on it’s own VM cloned from another, I avoided a snapshot as it would create a delta v file larger than simply cloning the VM. High CPU and Disk I/O was noticed during this operation.

*Note* Manage flags will be grayed out till the partition is created and applied.

Then we copy the contents back…

Time for the fun part, does windows still boot?

Sweet still boots, still in sysprep audit mode, lets quickly check the disk.

chkdsk /f

all’s good, and here’s a nice picture to show the data drive at the end of the disk as to be extendable to any machine it’s deployed to:

I can now remove the 1GB drive, and fix the WinRE now.

Fix WinRE

Checking with BCDedit

bcdedit

Checking with reagentc

reagentc /info

bcdedit /set {current} recoveryenabled no
bcdedit /deletevalue {current} recoveryenabled
bcdedit /deletevalue {current} recoverysequence

Then mount that recovery partition we moved above (part 4)

diskpart
select disk 0
select part 4
assign letter=r

change dir to c:\windows\system32\recovery

fix up reagent.xml to:

<?xml version='1.0' encoding='utf-8' standalone='yes'?>
<WindowsRE version="2.0">
	<WinreBCD id=""></WinreBCD>
	<WinreLocation path="" id="0" offset="0"></WinreLocation>
	<ImageLocation path="" id="0" offset="0"></ImageLocation>
	<PBRImageLocation path="" id="0" offset="0" index="0"></PBRImageLocation>
	<PBRCustomImageLocation path="" id="0" offset="0" index="0"></PBRCustomImageLocation>
	<InstallState state="0"></InstallState>
	<OsInstallAvailable state="0"></OsInstallAvailable>
	<CustomImageAvailable state="0"></CustomImageAvailable>
	<WinREStaged state="0"></WinREStaged>
	<ScheduledOperation state="4"></ScheduledOperation>
	<OperationParam path=""></OperationParam>
	<OsBuildVersion path=""></OsBuildVersion>
	<OemTool state="0"></OemTool>
</WindowsRE>

Then use reagentc to reset the path:

reagentc /setreimage /path r:\recovery\WindowsRE

This succeeded then

reagentc /enable

and of course error till I read this technet… offf

huh..

reagentc /enable /auditmode

Yay that worked..