Windows 7 now the most used OS on campus

It’s been a while since I did these stats, and I don’t think I’ve ever blogged them before, but I was prompted to check this after hearing Microsoft say that Windows 7 has overtaken previous versions worldwide.

It turns out that even though there hasn’t been any particular institutional drive towards Windows 7, thanks to the efforts of pro-active staff across the University, it does now significantly outnumber all other operating systems in our Active Directory combined! In the last 3 months, the breakdown of computers is…

Windows 7: 7155
Everything else: 5385

There are an unknown number of machines that aren’t connected to Active Directory, but the spread of those won’t affect this a great deal.

Another interesting stat that I heard recently came from Dell. They now predict that 50% of all server workloads are virtualised. Thats probably about true here – I’ll see if I can get those stats later.

Incidentally, the breakdown of Windows servers in our AD sees roughly equal numbers of Server 2008 R2 and Server 2003 (just over 200 of each), and just over a hundred running Server 2008.

If anyone is interested in grabbing these stats in their own organisation (or OU), then it’s just a simple bit of PowerShell using the Quest AD cmdlets

$computerObjects = Get-QADComputer `
-IncludedProperties pwdLastSet -SizeLimit 0
$recentComputers = $computerObjects | `
Where {$_.pwdLastSet -ge ((Get-Date).AddDays(-90))}
$recentComputers | Group OSName | `
Sort Count -Desc | Format-Table Count,Name -AutoSize

(That’s just 3 lines of code, but it could be fewer. The ` character extends the line in PowerShell)

Shift & Right Click!

Thought I would blog on something that I only learnt last year but has been a great time saver for me.

Holding down ‘Shift’ when right clicking in explorer gives some extra very handy options including ‘Open a Command Window here’ and ‘Copy as Path.’

Also, several files types have other contact sensitive options for instance Office files can ‘Open as read only’.

CAP

Mouse and keyboard not detected by Windows 7 setup

We recently got a batch of new workstations on campus that are using USB3 for half of the supplied USB ports. We had some problems during the WDS setup of these as there is no native support for USB3 in WinPE 3.0 as supplied with Windows 7 Service Pack 1, and of course our WDS boot menus use WinPE 3.0.

After hitting F12 to initiate the WDS setup WinPE happily loaded but obviously offered no mouse or keyboard support when using the USB3 ports. Okay, you could swap mouse and keyboard to USB2 and this would immediately resolve the issue. However, best to get the USB3 drivers into PE. I did this using the driver injection method as blogged about previously: WDS How To – deploy drivers See the section titled: “Boot image driver injection has become very easy!” (WDS dynamic driver management is excellent, I may have mentioned that before… )

For those of you who don’t know, USB3 ports are coloured blue on the inside, so you can easily spot them if they’re there:

usb3 image

Pre-staging Computers in Active Directory for WDS with PowerShell and Quest AD cmdlets

One of the most common issues when buidling computers with Windows Deployment Services (WDS, and RIS before that) are typos in the GUIDs used to net-boot the PCs. When you’re entering them by hand as you pre-stage the computer objects in Active Directory it’s very easy to make mistakes, especially when you’re entering a lot of them. It’s also extremely time consuming if you have to boot each machine to the point of PXE displaying the MAC and GUID – that’s why the smart move is to request that information from the supplier, preferably before they deliver the machines.

Anyone who has pre-staged a computer object before will be aware of the jiggery-pokery that goes on with switching round the first half of the GUID, so that when you view it later in ADUC, you see something significantly different to what you typed in. It appear that this conversion is done by the GUI when you create the object, so when you’re adding them programatically, you need to change the format yourself.

Microsoft published a VBScript function to reformat the GUIDs so they could be added to AD by a script, but I haven’t seen similar in PowerShell, so here it is:

function flip-guid ([string]$g) {
$g = $g.replace("-","").replace(" ","")
-join $g.substring(0,16).tochararray()[6,7,4,5,2,3,0,1,10,11,8,9,14,15,12,13] + $g.substring(16,16)
}

The function takes the GUID as a string and first removes any dashes or spaces (since I’ve received them from suppliers with both at different times). Next it converts the first half into an array of characters, selects them back in the new order and uses the join operator to make them back into a string, to which it concatenates the second half, unchanged from the original. As with most things in PowerShell it could be reduced down to a single line, or expanded further to enhance readability.

So, given the ability now to change the format, I use Quest’s AD cmdlets (if you haven’t come across these before, take a look now!) to create the computer objects. Assuming that you have a CSV file containing the new PC’s name and GUID, just do this…

Import-Csv newpcs.csv | foreach {
New-QADComputer $_.name -ParentContainer "SomeOU" -ObjectAttributes @{netbootguid = ([guid](flip-guid $_.guid)).ToByteArray()}
}

That’ll leave you with a load of new computer objects ready for WDS. 🙂

NB. It’s likely that the code snippets above have been wrapped to fit the page layout. In the function there are only two lines – everything from “-join” to the end is the same line. In the foreach scriptblock that’s just a single line.

Free PowerShell eBooks

Windows PowerShell is slowly taking over the world in terms of automation and administration of Microsoft products and beyond. For many Windows IT pros who are used to working with GUI interfaces there can be quite a learning curve, but thankfully the PowerShell community is producing some really great resources to help people learn and use PowerShell, including a collection of free eBooks. Jason Hofferle has helpfully compiled them into a single blog post: List of Free PowerShell eBooks

These books are authored by some of the brightest and best names in PowerShell, so I can’t recommend them highly enough.

Ten Immutable Laws Of Security

Interesting article on TechNet:

Law #1:

If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore.

Law #2:

If a bad guy can alter the operating system on your computer, it’s not your computer anymore.

Law #3:

If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.

Law #4:

If you allow a bad guy to run active content in your website, it’s not your website any more.

Law #5:

Weak passwords trump strong security.

Law #6:

A computer is only as secure as the administrator is trustworthy.

Law #7:

Encrypted data is only as secure as its decryption key.

Law #8:

An out-of-date antimalware scanner is only marginally better than no scanner at all.

Law #9:

Absolute anonymity isn’t practically achievable, online or offline.

Law #10:

Technology is not a panacea.

http://technet.microsoft….y/hh278941.aspx

Exchange Activesync Statistics Update

Activesync Logo

It has been about a year since I last published some statistics on the different mobile devices that are connecting to the Exchange servers for email/calendaring. Those statistics can be found here.

There have been 5161 unique mobile devices that have accessed the Exchange service in the month from 09/05/11 to 08/06/11.

Stats May 11

As you can see there has been a huge increase in the number of mobile devices accessing the Exchange service and can surely be seen as an indication towards the reliance on mobile technology as a way of accessing University services.

A surprising statistic is that 4299 of the 5161 have used the service within the last 24 hours!