How to add your KMS keys for Windows 8 and Server 2012

Posted on by Adam Fowler
Hi,
Now that Windows 8 and Windows Server 2012 are out, any company that uses KMS keys needs to add the new ones from Microsoft’s Volume Licensing Service Center
https://www.microsoft.com/Licensing/servicecenter/Downloads/DownloadsAndKeys.aspx

First, there’s a hotfix for your existing KMS server available here:

Once you request the hotfix, get the email and download it, and install. The install will require a reboot, so if you’ve got this on a critical server you’re going to have to schedule a reboot.
A few change request forms and approval signatures later, you’ll be finally ready to add your shiny new keys in.
Now, here’s the installation instructions from the link above:

Installation instructions
If you have a KMS host that is running Windows Server 2008 R2 SP1 or Windows 7 SP1, follow these steps to perform an upgrade: Install this update (KB2691586). Restart the computer when you are prompted.

To install a new KMS host key for Windows 8 activation or for Windows Server 2012 activation, run the following command: cscript %windir%\system32\slmgr.vbs /ipk
Note In this command, replace  with the new KMS host key for Windows 8 activation or for Windows Server 2012 activation.Important Every KMS host key is associated with a group of Windows editions. Additionally, a KMS host key that is associated with Windows client operating systems cannot be installed on Windows server operating systems, and vice-versa. This is true for all Windows operating systems except for Windows Server 2003.

If you install a KMS host key on a Windows operating system that is not associated with that host key, you receive the following error message: 0xc004f015: The Software Licensing Service reported that the license is not installed.SL_E_PRODUCT_SKU_NOT_INSTALLEDFor example, you receive this error message if you try to install a KMS host key for Windows 7 on a computer that is running Windows Server 2008 R2.For more information about KMS host keys and about associated groups of Windows editions, see Table 5 in the “Determine Product Key Needs” section of the Volume Activation Planning Guide (http://technet.microsoft.com/en-us/library/dd878528.aspx#E3IAC) .
To activate the new KMS host key on the host computer, run the following command: cscript %windir%\system32\slmgr.vbs /ato

I had to read this more than once. Using the command cscript %windir%\system32\slmgr.vbs /ipk  worked fine with the Server 2012 KMS key, but not with the Windows 8 key. You can’t mix both Windows 8 and Server 2012 keys on the same box, but it appears that as long as you enter the Server 2012 key, it also allows Windows 8 clients to register.

The secondcommand cscript %windir%\system32\slmgr.vbs /ato makes the server ‘phone home’ and completely register the keys.

Once you’ve got a client registered, you can use the command cscript %windir%\system32\slmgr.vbs /dli to show you when you registered, to which server etc.
Note: The Volume Activation Management Tool is useless for this, as it won’t recognise your new keys.
Good luck!

Disabled Add-ins in Microsoft Office

Posted on by Adam Fowler

Hi,
Another little fix here. Many companies will have certain add-ins in their Microsoft Office products, and sometimes things go wrong. Often if an Office product crashes, it will blame an active plugin and bring up the prompt asking if you want to disable the add-in:

For most people presented with more than a line of text and a ‘Yes/No’ option, they’ll just click ‘Yes’ and continue on their merry way – not realising they’ve just crippled some functionality.

In Office 2010, it’s a bit of a pain to re-enable an add-in manually: Click File > Options > Add-ins > Drop down Manage and choose ‘Disabled Add-ins’ > Go > Choose the add-in > Click Enable > Click OK > Click OK > Have a nap. Hard work!

So, what I decided to do was use Group Policy to automatically wipe from the registry anything that’s disabled. This will happen on 90 minute intervals, and at login time – so for some users, it’s easier to train them to log off and back on (or reboot) if they’re having that important add-in disabled.

The relevant keys to delete are:

HKCU\Software\Microsoft\Office\14.0\Outlook\Resiliency\DisabledItems
HKCU\Software\Microsoft\Office\14.0\Word\Resiliency\DisabledItems
HKCU\Software\Microsoft\Office\14.0\Excel\Resiliency\DisabledItems

I am doing this with a Registry Group Policy Preference set to ‘Delete’

Of course this could be added to a login script if you use those, or if it’s a really common problem a desktop shortcut or reg file that deletes the key when the user choose to. All it needs to contain is this:

[-HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DisabledItems]
[-HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\DisabledItems]
[-HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DisabledItems]

Note that this is for Office 2010, but the same works for 2007 and 2003, just the version path needs to be changed – for 2003, it’s 11.0 and 2007 is 12.0 (no unlucky 13.0).

My Solution to Online Password Management

Posted on by Adam Fowler

Hello,
Today’s blogpost is about password management. I have (what I think) is a good solution that means you’ll only need to remember a few small details for all your online passwords.

An entirely unexciting topic for most – including myself. You’ve all heard and possibly uttered phrases such as ‘the longer the password the better’ and ‘use complicated passwords’ which are of course true. Here’s a blurb taken from Intel’s Supplier Password rules via https://supplier.intel.com/Auth/PasswordRules.asp :

In order to protect your security, Intel has certain rules for choosing passwords. Please read the following rules so that you will know how to choose a good password.
The following rules apply to all passwords:

  • The password must be at least 8 characters long.
  • The password must contain at least:
    • one alpha character [a-zA-Z];
    • one numeric character [0-9];
    • one special character from this set:
      ` ! @ $ % ^ & * ( ) – _ = + [ ] ; : ‘ ” , < . > / ?
  • The password must not:
    • contain spaces;
    • begin with an exclamation [!] or a question mark [?];
    • contain your login ID.
  • The first 3 characters cannot be the same.
  • The sequence of the first 3 characters cannot be in your login ID.
  • The first 8 characters cannot be the same as in your previous password.
  • Passwords are treated as case sensitive.

*yawn* Please don’t give up on this post yet, I do have a point to make! Now, the next commonly quoted rule is ‘never usethe same password on multiple sites’. So, how do you remember the wacky combination? XKCD has half the answer:

Via http://xkcd.com/936/

Great for a single password, but again how do we manage 100’s? Many people use databases such as KeePass, or notepad files inside encrypted zip files with another password on top. Cumbersome in my opinion, you don’t want to have to go checking for passwords each time you log in somewhere. There’s also other solutions that save the websites, usernames and passwords in a centralised location – a big risk in itself I say. So, here’s my two layer solution:

1) Have your own email domain, and use a different email address for every single site you sign up to. On top of that, make the email address something that always identifies with the site.

For example, I could buy the domain passwordssuck.com, set up Google Apps with it, and have a catch all. This means I can tell people I like an email address like “[email protected]” but also if I were to sign up for Blogger, I could use “[email protected]”.

Why do this? The first reason is spam. If you sign up to a site that gets compromised, or sells off email addresses, the most likely impact to you is getting a bunch of spam. If you no longer use the site, you can blacklist the email address you signed up with (in this example, [email protected]) and you’ll never see spam on that address again. If you still use the site, you’ll have to either live with the spam that gets by any spamfilters, or change your email address. I don’t like the idea of changing it, because for this overall formula (coming up!) to work, you just want to look at a site and immediately know what the login is.

The second reason – again if the site gets compromised, is that your email address and password combination are now useless anywhere else. Even if you used the same password anywhere, the email address to log in is a one off.

2) The password part. You need a formula. Once you remember the formula, you don’t need to remember anything else.

You can adjust this how you like, but I’ll give an idea of a decent formula (and no, this isn’t exactly what I use!). First, come up with two words. Let’s go with ‘keyboard’ and ‘mouse’. Now, let’s use some special characters. Now we have ‘K3yboard’ and ‘mou5e’ – these will never change.

Between our two words, let’s go back to the site we’re on. Blogger.com. What I’ll do is take the first and last letter of the domain. B and R. We’re going to put this in between our two chosen words. ‘K3yboardBRmou5e’ – but let’s get even trickier! Instead of B and R, we’ll go up two letters in the alphabet. B goes to D, and R goes to T.

Now we have ‘K3yboardRTmou5e’ as our final password. This means, when I go to blogger.com and think ‘hmm what’s my username/password’ it’s going to be “[email protected]” and password “‘K3yboardRTmou5e'”.

Youtube.com? That’d be “[email protected]” and “‘K3yboardAGmou5e'”

If someone obtained your credentials for Youtube, there’s no way these details will work anywhere else. If someone targets you specifically for some reason, they’re still going to need to know your formula. They have no idea which parts of your password are static, and which change, and even if they thought the AG was the bit that changed, they then need to work out what that means.

In summary, once you remember your formula, that’s the last thing you’ll need to remember. You don’t have to go down the full path of having a different email address for each site, but I’d put a bit more work into varying your password formula.

If you have any feedback on the above, or think it’s a terrible idea for any reason please let me know!

SCSM 2010 and SCOM 2012 Consoles

Posted on by Adam Fowler

Hi,
Thought I’d share this quick one, not many people will run into it, but anyway:

It seems that the SCSM 2010 console and the SCOM 2012 console can’t co-exist on the same box. A bit of a pain if you’ve built your centralised tool box.

I found this Microsoft Technet thread about the issue: http://social.technet.microsoft.com/Forums/en-US/systemcenterservicemanager/thread/33de3e93-207b-44cc-8afb-7c8aa7d774f4

The symptom is trying to launch the SCSM 2010 console and getting the error:

Failed to connect to server ‘scsmserver’
The container could not find a component with name ‘ConfigurationExtension’…

The fix, is pretty much to uninstall SCOM 2012 console, and reinstall SCSM 2010. Bit of a pain, and hoping that SCSM 2012 can co-exist with SCOM 2012.

HP Cloud Day – Part 2

Posted on by Adam Fowler

13th April
I had to rush off to the airport and crashed out, back home in Adelaide now. It was a very interesting event, and was great to get the opportunity to talk to some key HP staff. I’ll summarise the whole event in a few days once I’ve absorbed it all.

3:30pm
Bit of a gap as this section was particularly technical around layers, zones, repositorys, pools, catalogues – you get the idea :)

3:00pm
Architecture Deep Dive for HP Cloud:
IT becomes the service broker, and also needs to choose where to put what. It should also be designed to be able to be moved from one environment to the next.
This requires a common foundation. There are three layers for an Integrated cloud platform to cover all IaaS, PaaS and SaaS (hmm most things seem to be in threes today) – Demand – User Interraction, Deliver – Service Orchestration and Supply – Resource Operation.

2:25pm
If someone uses your hosted severs for an attack, who is at fault? The provider or the consumer? I’m not sure this one was actually answered (please correct me if I’m wrong!) but regardless it’s a good question, and there are a lot of grey areas because laws never keep up with new technologies.
Consumer responsibility vs Provider responsibility in order: IaaS, PaaS and SaaS. So if you want the least responsibility, SaaS is the way to go.

2:10pm
Cloud Security is about perspective. HP have a lot of considerations and understanding of this, read some cloudy stuff here:
http://www8.hp.com/us/en/business-solutions/solution.html?compURI=1079449#tab=TAB2

2:00pm
Had a walkthrough of HP’s Comms Room Showcase Extravaganza, check my twitter feed @AdamFowler_IT for the pics (later because all forms of internet are now crawling here).

12:53pm
HP Networking – When you’ve got a single network switch that has 100’s of blades connected to it with 1000’s of VM’s, the MAC table is going to grow huge, and there are limits. HP manage the networking for your cloud to make sure these issues don’t occur… plus it’s their own switches and routers in use!
HP will support VMWare, Microsoft, Citrix and HP ux virtualisation technologies.

12:30pm EST
Welcome to part two, and I’ve now converted to local Sydney time to keep things confusing.

The building blocks that HP has to make your cloud: Private, Managed and Public all used converged infrastructure. The three key steps are: Standardize, Virtualise and finally Automate.

HP CloudSystem is 45% cheaper than Amazon EC2 as long as you buy enough. Based on 4 Chassis, 64 blades with 768 VM’s etc – that’s a rather decent deployment!

There are two stages to cloud; Step-by-step and fast track.

Step-by-step includes Standardize and consolidate, then Virtualise and automate.

Fast Track is then Self service infrastructure, self service applications with full lifecycle management and finally becoming a service broken in a hybrid environment.

The above is a bit deeper defining what I was talking about in Part 1. You’re smart, you’ll find where that is if you need to.