From ff0ecee0a4b167954b505e75bf9265d6351a0856 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 22 Jul 2016 10:32:51 -0700 Subject: [PATCH 01/53] back to work --- windows/deploy/windows-10-poc.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index c24209c3e2..816cecc5ea 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -8,7 +8,7 @@ ms.pagetype: deploy author: greg-lindsay --- -# Step by step guide: Demonstrate Windows 10 deployment in a test lab +# Step by step guide: Deploy Windows 10 in a test lab **Applies to** @@ -16,7 +16,7 @@ author: greg-lindsay ## In this guide -This guide provides instructions for configuring a test lab to be used as a proof of concept (PoC) environment where you can deploy Windows 10. The PoC enviroment is configured using Hyper-V and a minimum amount of resources. Additional guides leverage the PoC environment and provide detailed steps for deploying Windows 10 under common scenarios with current deployment tools. The following topics are available in this guide: +This guide provides instructions for configuring a test lab that can be used as a proof of concept (PoC) environment where you can deploy Windows 10. The PoC enviroment is configured using Hyper-V and a minimum amount of resources. Detailed steps are provided for setting up the test lab, and for deploying Windows 10 under common scenarios with current deployment tools. The following topics are available in this guide: From 888dd08418445d053a0469be2ab744d9cd2000dc Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 22 Jul 2016 11:34:04 -0700 Subject: [PATCH 02/53] cosmetic changes --- windows/deploy/windows-10-poc.md | 34 ++++++++++++++++---------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 816cecc5ea..375bf3b9eb 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -18,26 +18,26 @@ author: greg-lindsay This guide provides instructions for configuring a test lab that can be used as a proof of concept (PoC) environment where you can deploy Windows 10. The PoC enviroment is configured using Hyper-V and a minimum amount of resources. Detailed steps are provided for setting up the test lab, and for deploying Windows 10 under common scenarios with current deployment tools. The following topics are available in this guide: -
+
- - + + - + - + - + - +
TopicDescription**Topic****Description**
[Hardware and software requirements](#hardware-and-software-requirements)Prerequisites to configure the PoC environment.Prerequisites to configure the test lab environment.
[Lab setup](#lab-setup)A summary of the PoC environment.A summary of the lab configuration.
[Configure the PoC environment](#configure-the-poc-environment)Step by step instructions to configure the PoC environment.Step by step instructions to configure the test lab environment.
[Step by step: Deploy Windows 10](#windows-10-poc-guides)Child topics that provide step by step instructions to deploy Windows 10 using the PoC environment.Instructions to deploy Windows 10 in the lab environment.
@@ -47,52 +47,52 @@ Two computers are required to complete this guide: - + - + - + - + - + - + - + - + - + - + From 72c85dc7e6748d1e4438d1826a3b743b5c7cdac9 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 26 Jul 2016 10:12:14 -0700 Subject: [PATCH 03/53] draft --- windows/deploy/windows-10-poc.md | 33 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 375bf3b9eb..e9504c9238 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -48,8 +48,8 @@ Two computers are required to complete this guide:
**Computer 1** **Computer 2**
RoleRole Hyper-V host Client
DescriptionDescription This computer will run Hyper-V, the Hyper-V management tools, and the Hyper-V Windows PowerShell module. This computer is a test system on your corporate network that will be converted to a VHD.
OSOS Windows 8/8.1/10 or Windows Server 2012/2012 R2/2016 Windows 7 or a later
EditionEdition Enterprise, Professional, or Education Any
ArchitectureArchitecture 64-bit Any*
RAMRAM 8 GB RAM (16 GB recommended) Any
DiskDisk 50 GB available hard disk space (100 GB recommended) Any
CPUCPU SLAT-Capable CPU Any
NetworkNetwork Internet connection Any
- - + + @@ -127,15 +127,18 @@ See the following diagram: ### Install Hyper-V -Use one of the following procedures to install Hyper-V on the Hyper-V host computer: - -- [Install Hyper-V on a computer running Windows 8/8.1/10](#to-install-hyper-v-on-a-computer-running-windows-8-8-1-10)
-- [Install Hyper-V on a computer running Windows Server 2012/2012 R2/2016](#to-install-hyper-v-on-a-computer-running-windows-server-2012-2012-r2-2016) - -####To install Hyper-V on a computer running Windows 8/8.1/10 - 1. Verify that the computer supports Hyper-V. + To install Hyper-V, the computer must be running one of the following operating systems, or a later operating system: + - Windows 8 + - Windows 8.1 + - Windows 10 + - Windows Server 2012 + - Windows Server 2012 R2 + - Winodws Server 2016 + + Note: A 64-bit operating system is requried to run Hyper-V. + Starting with Windows 8, the host computer’s microprocessor must support second level address translation (SLAT) to install Hyper-V. See [Hyper-V: List of SLAT-Capable CPUs for Hosts](http://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx) for more information. To verify your computer supports SLAT, open an administrator command prompt, type systeminfo, press ENTER, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example: @@ -148,27 +151,23 @@ Use one of the following procedures to install Hyper-V on the Hyper-V host compu Second Level Address Translation: Yes Data Execution Prevention Available: Yes ``` - In this example, the computer supports SLAT and Hyper-V. + In the example above, the computer supports SLAT and Hyper-V. - If one or more requirements are evaluated as "No" then the computer does not support installing Hyper-V. However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the "Virtualization Enabled In Firmware" setting from "No" to "Yes." The location of this setting will depend on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings. - - Note: A 64-bit operating system is requried to run Hyper-V. + If one or more requirements are evaluated as "No" then the computer does not support installing Hyper-V. However, if only the **"Virtualization Enabled In Firmware"** setting is incompatible, you might be able to enable virtualization in the BIOS and change this setting from "No" to "Yes." The location of this setting will depend on the manufacturer and BIOS version, but is often found associated with the BIOS security settings. 2. Enable Hyper-V. - The Hyper-V feature is not installed by default. To get it, open an elevated Windows PowerShell window and type the following command: + The Hyper-V feature is not installed by default. To get it, open an elevated Windows PowerShell window and type the following command. This command works to install Hyper-V on both Windows client and server operating systems: ``` Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V –All ``` - When you are prompted to restart the computer, choose Yes. The computer might restart more than once. + When you are prompted to restart the computer, choose **Yes**. The computer might restart more than once. You can also install Hyper-V using the Control Panel in Windows, under Turn Windows features on or off, as shown below: ![hyper-v feature](images/hyper-v-feature.png) -####To install Hyper-V on a computer running Windows Server 2012/2012 R2/2016 - ### Download VHDs ### Configure Hyper-V From 82caf3d8e04df2101e01774e423936d8cf790148 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 15 Aug 2016 12:25:31 -0700 Subject: [PATCH 04/53] draft --- windows/deploy/images/convert.png | Bin 0 -> 14876 bytes windows/deploy/images/download_vhd.png | Bin 0 -> 10737 bytes windows/deploy/images/svr_mgr2.png | Bin 0 -> 62287 bytes windows/deploy/windows-10-poc.md | 252 ++++++++++++++++++++----- 4 files changed, 209 insertions(+), 43 deletions(-) create mode 100644 windows/deploy/images/convert.png create mode 100644 windows/deploy/images/download_vhd.png create mode 100644 windows/deploy/images/svr_mgr2.png diff --git a/windows/deploy/images/convert.png b/windows/deploy/images/convert.png new file mode 100644 index 0000000000000000000000000000000000000000..224e763bc055fd766f052dad8dc657d3fdc584f7 GIT binary patch literal 14876 zcmb7rbyQn#*Cmu9#R3#57Tk*zDON0n;!wOmv0_1sLvV_=XmQu#?k&M-ad(&E?k<_j z@BL=xop;unHQygBZjzguJh}Uvv(Mh=`TAZ-8V8dM6A1|kM^;8s6$$AHDiRX1F~$?% z8Cv+EFYpi9QB@j(R5nPl4Lo>iE}494s-rKSAm+=$EO z@-o|&+r`~W{idR_b%d~2`oZPGx{b!Ai*s=UCjb1y>1$eAOIRTJ;dGu9aAXwdbG72a zPJpk1#pby>h+ZQjDal@9Hx>yVr^Uywt!U>*+>_|g(`FNEUQONv*SJ9>5NSIybJo^a zHi11oJu@NiIb`}|edHz8IdQ>nu71?!_UUAak1OIKEttheRAZrU^DO!4U@o&6S4kbZYdxr8VNwYW|_7?W+9%(QF! zJZy8e?C_OK!@6Q3_3gL&K%fXY4gHM^m&NMihq0kMoY>D-oKuT8tB2SkcNOaExtpnu zWghFgi|3K`Rv$IPTzgsa`;&M!$JLbes!V!zCW=+`n>__J12;2#yiH6b$?@?gk|1rj zJuZBPCJWM)1*gzOCnuk~uR9f&p9q^BFLNG{rtuX8$i$W!D5rg_Gs?? z{rxB-lK;b)NMsL5dTug1A)ciLYt59ZHuMsyUaPeR2YZj92W$f^%;kE9F3WNKYaFCc zn{4l}ai`r;)T;&w=k;yh5thNLqrY+=RY`uO;`vT9Y7#drsCfPkwsPm0xU zP6lUSnfyrdvo~Rec~QeF0#lWxjVKHpvAQs&4Yrc`RCYukLcOHxTkHyUulzQ_GY(y1 z5BI9-V(X}peaG4T%c;<-77`r&O$E{v1v>3Mx;GN`Y=AM&mk_wT=qINA!{nd z`@Q`-UtaAuy?6kH=Lxx=K?~J|?3P1;;wHT%h&l6OVkG}W& zv$a^Ted9LUnl+x46ix#MRPmXBESvy!)Dwba)_Tq6C&Bou@we$U==SKmsBmkNCmPev z)W*Hk>#eVcsiP`~{*+bC`BI|w&J@+Cn~|XxDL~0&W;mV}S-O0+wk;nHvsUCD_9a6F z6J(x#^fviWjTQ6txaDDI>>|M|rzg>jMBmKwhmG}%xz?%L{7XHUCE~F0yrqZ#fq&^t zgN54v&PwYnCwvZ{lvLBji0#+rnDEcjurYVDw8l^CvQ1qX-iCb(u7@+#=*8_9-@j|6 z`}7u1J#5G_rJe1*?K)__J)l&6<1ivc;>;nS=n;?F$(u#!y*V0(s5)lp!B|`Pk@k%8 z=w?YsjVv+Vg(McG=~JfG-NBxY(d<)PI<8ojIoYv494Tmdy$7`LYMyoxb?aR1O#2{K zkE3A@w03b6E*rB8f@l1n&G)LBgsl|?htqZ_z#tD01?+B{gg1Ss68+&cNtzbnH21BV z^Mls|8*gG!y&J*1cy#i*t9LL&Yo_|2t9{q|uY?chK`n7l_NWAkatnn*pPP|X9Il{e z+#HC>%{ZfVZi}1`d`9GydmfZCoTh{BW?*mOL(|?qXVKCd>3Z*5kCAul{f@*4fPA@XsHufPCCcOib+TjwW?KPuQAn z|O*dXibxPq*}Nt;?O+A8@=KZGk0xyU%cNw9ZAd*04en|6>sLfun-Q`V_P2_9Q>4j zS^RNEPNG-WJmbM|XmkiMVDJe-%uMIs$jj_>w%k`k!da=~?}%^&^PVP!b$t$YHYH|bTy3?| z;`?eNz=A1WjCpef3}uP(KKEOqw|YH8hdIF5z$mv+4Tr-AG%+iFU7p$KF?nq~ry@PS z9}>IAdJKojMN{a^YRttbiNOn=JETS_qaw#45!a3&9FNO`rkkB&CMG7IlbDQompPl3 zhx2lu>plY)CnpLqZ_mM0K@xqpl>z>xM$6*=x6g*K%y~SEt>m-0oBzsHB%dk#v_VF+CKUfg zmu*y5Z>$QC;81nprqsNY3qStzG+7di0R`Q>pd)|X&)2OUi^tOkZ^@Kv_n8pKeHjQz zl&)W#_X7!c8yaK^weA*6o6RTTQ+lo6UzsvavXS z9gR8zC%f5h-iysOJDmSw_Bl9DSUAd!JZRdKRwc3{N_=7_ zL`ZC4e-2-~>;ZWq^n1tysqUN-h?S3oYN*7x1q1|++Ii;cKZ{-6@f2&7FaES&tu*dx zxQQ?M_{-rubWm)+W=v?~<-yJl8E5PdT^`s%Uwoh*sgPen$j;1V%k7ZQU9+p`HRS5h znn(Eb$BfTqF1Z0BZ%K-Dw~bBzBKlss2?0;a39Ob!T#wmQf$tWqIGeURTNZr|-2pDu z-Z$BFpXPJXg{V_mt%}MZf%Qpb*)%#TX(6JeiaDCsYCqqXE_q*Om8r$2-k*e)!%oQ; zFVc(4Ja&6eIrsG%tHyae8U@xT)W%wKM+l^r8M1}6UJ{>6b6r2X3!}_>_(UUi!EyAG z&3WiM)s5>JlqRxVaAjy|u3j_}Gv#(_dzL9OGAt}ClA>cBdYBwY2mXBOEyU=vKPbG$ z=&&D{Z@8;Z%!anpe^;?wpuiRDMltChN=ODjBl6?vBVUwViaV1Rm8wMT-di~r&1YLotaedl6j z083|^Zan?%L8#PNm>d$KLpp^*OM7A`LQP8x`fnU6OZl`Ew6qw=H~aY^v&R+hh2d+M zMiS4e{0@7WXJe=U?`C?WbEN){FSA~)s_~EjtEa0!r?#|}0?#whM1B71SMu;HihBwb@h1GwB39g8A^agf}cN(07oISs@9*0$&Pe5Bs#qWCJie>bt8nnl=oYa^2{fn^C> z=dHXth*byF=xP~fQN-QTB|ADQR`#4%IBrtAmMp)2y2iHQ!tec0*%kvkW}MNO1Blx8 zfVu%~QPJKma{4q1@qi{{xjnU=+w!2K3whx{d?kbRp-aH9$-&wCc3e@Kvk6uAxHE?A zqTZk2Zi;+AR2V)+o5>F(RhN2It|z3=Xz*sE5;|gD`&J2~Xd2tf3FOUTcM(raQNS{B zAV!dCz9&Y^@Nki2ySLSRcZ}fhQhik4*Gb$qKm5}?<(0Ufn#qtrx038IRN-cl)N&sH=l~_ClXn(dHIM=;wauhFEP8qz8ih`^@L1;NX_)=MdE&= ziS*13feO2+j~DfjBVE+1A)oNEevAu&WQWApWXcS+s(8$Fbf_s}L68tMvRHCBDMkRY zDjVLraKpNp=?+WQFy1jkR<(89T#0L6z7SDUqsW-X+`JHI9?<~|8X5bp6YH1H19JNQ zK_gyrSagxSxM5k(8(e&q>e)uenqn{2Ugw)z6ovKdXjuv`n`8#sY_17C5X5|iUaeZp z&x4ndHk;Mz9AO|SDfuPC2Z*UrC!FO?Dm?t}%Rt8~nJ(v}KaN;oT9;qlrvIFzSlcy3 zQjUf{AfSh`ycm2bYq@o0GJ8p7*g$%9mSijFj|nG-h4WOq@fF0sww}(+{g7bb{VTrU ztM#Jb>{wPgIuNkI6uiF3XRf72ozc9*Kn58W@)81m!?T9qh zfW1S=NoAy$g1pgRt3n3{cvkilx|^cm5J}eiK(kR*HBtV^sx;SP>KZL-6x-_LuS?GA zr76-ggK!PJS+*$T`Xnxx+PYb5fZrRwjIUM4$MyjL38H-QA}R?&7Sj4O&84|+&ateV zE$*RFW+NogqFp_UniL2qrrld?0@o*W*CmJ8OJoe`0p<)QQ*pOGl=dxCpH4}Vpm1nnj+hED2Fh4{j|_PXp-UVW&b)qX z`6p?kkIlT_gOc`+7*5lSAY+Wf)Z)oWkZ2A={>j*(wR}n%&J84pt4;4Skix$`Z~9bi z7x%!dK&tx(0-#qw3+rfSXE#-*hq3<0uTDmM!wMy9_~)l8db?NMY1*imDPUph!ki9c znAZcc`E&Aew25Chv7e@^r@`p>TpP7;SCKOjYkj`)_3PNFC{>SPmlte5r}invV_>j%Po ztgW%jK^J>7{wKY0Y|5h7Ydt-(+Mt7c=8$M`beKL+u?LfVu72cyG{4|XONjlpF86+ zbj2Qh5bMnyN^5LsuEWfruPj+~y@gbg$&YU#mdca9$zJKreGkSizvPA8G(dUaM2$?B z7O_^>8(OEbDWQyjXr}Ds5#_PZ4MSsH`q+vSQ3uoch35bn-g$=92@VI2dJJ4d$Tspz5rNj2TW!7u`Ys7Dj8?j@ZAyC#QjIK5b zhGtVPqKf#n^hvlocc*8o+k@>c`HnVw)@)u9tG|aCyw|Y%eYt9lC_guxo4-ox zR(L0qSLCEDs>r}NRyM58_DbHj9xPKd%Qf+>Ce*Kl|I=)t!@d?KNYWTJL)o}@2)gK=;;YvmB_Sr~nxgj^PirtV7RLU3-4F@kF; zLt*@j8L$qT;py?@H`K z@!V4=*_vHLV;S06r`|TiD35SuIyxj7C?PcfX};W%FmiCHI=VWQroZiPrg>yO?0-to zTU%TeCC7Kxm;!i?E?GlD3cS1TBH91JbpFxr@(8)@?I!=Rhlk}E^9-+@!hBwUQSE&A z<*;s%pOz=VXR|2i-uYLbg~X*X^Yb5f>!Gch-8P_g_X1QLcHKG!V_MqYxiUSt_eFI^ zsUBQ&wF-C^p!o_43Q&sD4=-Juo%KAA|By*{xL3G;9lR@?^5<_p4iCoNmM+4_S2?)3 zxoN&^Iz*lH4=3lR^;v{%4kYu*tBpiZ3STVygFcltpN-1%5w+=qu5N*NMDtBRebiMx ze?GK(0uAbv)t8-aJU1*UMKK@%NFil%YU=NoV%*%>_Ahzgt_Ju-ypKonB#KmyA7(PD zuMsu7*Nc!_G01v$>rPjYR@k0-TJ_SP%pVSw)hqjl4q>x_jhFF)%9rdn?x9enj^zfQOd!E zz$;Y0VLgJq*DlgDG*F7yReFrHmSoaF5q+#t9SF{oP37D|E;FUB$^I#CCWa)Pb|Z`# z;X1Me5C|167cD8N$P#?snjsd~BV(j9Di38PP0BQ_s*_Tj&$FLR(i6(tfk=*rTs=H? z6Y8cSb}cp}7A;e_Hr6157sED@VewVo`J8%t_8}q3suKoOCW#6o`qPfCIE#l2a8 znzji1NXspe0wG3rb`{0N@~a^sd~vfq=q|iNJ?60G=Qg1jrTWu13cE~l_Ysf zg@*#2<5gxf9QVYJUwx z?}dgGRE}>Cg>v;^hTn(9@Ay-Iq5Tg8ID=p*eoZtzKe5VIn}S3$dO5sg}xnCAJJHl_a5^(juOMpsQuA0CwW&p~!!g^4HQ zN;7bqDa3%XTi|?r8Uvs`1SpC4u%BRn&j$bJ;pn~37^mkoxehID_Pe8p%jUQ8Mtg|Q z$?hT{R6uvT(^V7WlDjKmV35%{E)YQ>$ZbAIfwS|L60GX*#;wTlXW#SZ&jG&hh?I~w zAAy_I-Ep3&p`fH>S!g@HLc`GIpD&cK!r}Pu?J<<-4yMxVcBHMn0 zJ4)5s^%H@TqTTb>7JE6hSlO)iQJ+cwu4LsU2w!}$!pg`Sm3Nb=rOz*y z*t3|NYui=1$>x4XsegU*eT^k^LR2yC4}D-B_Xv$=^0)YX4s&f#1^LwSGBpQ79l`9t z59`lT)X$lx*A_N9nV45jP7~gYwICQw_XsILZY(zGfFvEryOJ_<=*#xa&Npbk5)2V{CZS=Zz*CJ zo@0N_!F%I1^7axn!k~IEx8QWl2~_Kc+Z=!P?W*5&L||`J)?d66cYvD1!VD8KJ4f1L zBhwjYlG(6fk5Qls0NTpQ!ds9c~c)Rr*woFeA}V)4GXhjb-up^l$9Mp_p^d{v+gh|ae$uI z1PC=+;oOV=ZBt8&fdeOz8c=m}6jqL}gj;QO5rEQnC=MK0?_l^qbXVOWvKQd4Rtl1m z=azs|SNPzg(%JI4=oKGsqg$-5zSz!DRP-uvp$V*dYW)Io$;2Y|UE|h4 zA=v9|TS?Bs^QXsW27fV{M`88yUj&j zeBKp+&0t;&t&j7>XH?!yhI<^`{5b+NW%35FWLpUnZ{2jyFq&Zd)g#?DSx@U6Hzp=y z>Kpex7|k#I@GM1RaPhm36F58{uBnrd=|yb;VZkVrlevxcuz1fXThWI+O2CWT7a~3y zpo*s|bv+uY+uTSNiyBRU23;7};YacN@hq46N0EadLiE>%mxCE%K7fyrsGI;$9LtF! z^^BPyecCRbRD1z%!SCW24wkaqe1?aFyt?RnY|Hwj{KoQgqTgI(#u%KW$!_VN^JEG` zwi3riaV;9&L$X{YjSbYv>1rnF85AJ1{_s$12VIc6hX={a55p4^8p+jb9%Al>-p9j- zdes}1ub%G4Vsc_PZ=nBiV7%%&}0yJGLS2(#NA;x(cc1%b7R!%7{b%LM9Q_?7C-;nd;IWtc$ZKv#vG1dIQ!n&?FEuAG ztb0!S{|O}lQsQSo*$28;(3_)vKNNH&povRpcDml$DyWm8J4;<)qeZ3Bc%{IjCeGc1 zp+h+-MfQ_aTop? z^}?SUo#)=dg>ChG5Qde9t_JsioBztVy4KgpyzFw6hmI(ldP@pp#OpOV@K-Q_MdZ_uwPaX?w~nQrvM9!;JX8d z^h0G1Ld;xM3kL@WPfrS6+4iaCi`wB!rn!84M>)ZC8%XVvv7W{87?UMq?SluA&bNsV zyT~;ssom$k1s3B@0Ak=^et~Q~w9mnze>0wNa4;Xh4*#>(+ zm9p>Hh-ApyIx#KTg!<`aYjl`l^_)LF9|pPDyR9;s_mjl<{#I$q+*tzwB4jeE{;}xF zaTp&hZ<_-aQOCrM4aV=Qq)}uoqn7jrZA4_wVFC`eWFPvq*WH2$QAlRENUP(%ummqw zS=zY<7#G+bzM@kX{mJfB(8|HRSN0mXmW(qUI z-bb==u~tK(1hIhuq)^0fI_PeRveeisvw#BD&*h@wV`C56pma;|!}rst95mawuzxZ{ zqbMjia>4yQlPk>;v$QrfXBI;8NCrh0TDml6%w#hPrXQai**DI_60&>`*2auRj@^G9 z)S_%!AGx{T%9M36Ie5wK zy#-#I4=o@<%kAco|BkQoifwJ{tDrWOWfW{vzY|##q}EWf#e`DGrzm-)K21c^h#qo} zx;VA7lgq-=(J!Xpt5J8%U6}T|qbFtE8A()(7740*)fKg4cp~Cfgm&v<4%g;`_g$Bu zCy9Z&hD!oLXR}eepbZ+UL=XBbLWK_+54J>*+mTNZJa}kNE#FFW?dd3Lcj48BGS3d= zvjl4bf(fyE0dtCtcr&_k(u!qD>CvJ16+1>#-z!VU1oM+qyS%tnm@2crQTB%BZi`k{ z?uU<{o#*9TDvrh5k8-gy+k|`6(BWg_GGhO~dGFDw9niXID*9yf4|UMc7U}XF-J0A} zq*h^yf%3)n6!|43)ir>xZ6O9i=V?}~RyTiA|IU^e`q9*nvZss&4^wuwrkzw$9@paK zJQsU?f^h6yXH+L1Mj*Y7&WhvPqNG;T1YIODdY($2A3bpC#+!4_qu2bciV5c+NB z1=!KO{_b+Xs?PEW9Ag3ADcbWQYahjUcJG2(7H2f0d~PwU-2Siss{!5%+0KebEEn_) z(Bl6b&$=A3vx=!l|97-z^|P$Ixf6n>{sq-odo_ABa-su{8jtZrfi}+}4lbRoE7<<4 zOaJ_S)rAoCa4VODQ*98pClEjHp$a@tBYBJtP%$xbUuvilyX^O$fJH>ZDOFRhp}E59 z-pxYqQ6pXUGu)oq=<)N1LS`;8bf3|z=#5QY|ASTRj9~xgcx3q>xeDDs*-A!4HmX;s z!RGyYUNDm48SI_}U&=5qw3%>^`BmZOrg^E*xpnQwyw}~dKZ*_i=$XY5>=g+Z;Moms z#@7I<|G6d#1s-r4wpU&Slb1>iT!TC!J2l?#9~T#8fts~@6p_Q(;t!!^KqUn-%yZUq zhKM2~GZK^zig#N%f9Taj;<*fqE;I-nv0rI8I~)sA^Xjtz`F zN&c>j1c0$y59wL%OW>VVSRT?3w#pPg1Yd^;I&jqj!1G6LE5n&A(x zEsP+&;zCT^bncFc*Saf9en+~?i)#GF)mD5Of$)zl8No5DvZ{poCjSQ{Il2G8AxQyb zpgL>BQfx>FD=$im^5jrkZWZ1qYb|gT{a5*w8OBxIHPOHxxBvzOxaq6oC;R(tig5s(rxg;!G5p%v%1{BMJ}k3Tx8^E&Pbrkj%0d50 z&E1C_n{{AAhOGnW?)FP3XIE!;D+wlj3X@w87r}I}B36RVbe104^W@Th6jsit?_7d! z&}!5-%tqUd0&of9hDzE;R4J7YfV6;WD|zQ-Z)I$2I`B_^(??%MMb;-iySNxk=EKsB zt$cBIb_T^l9~>SgoS@(k1)D?uVM`wLvMlmMGNr=mTNpflL{9>SrGD%u2H;ZKYuA*0 z3C+7Nc07vxc&CRkE{8#&B(J;a`WQA1axqPMQYFYAknX4mjo6u2*m^cse0ya4ET4fG z*%=I%=wQ@-v%3YD4xlH5)zj4RjcO;*zxs$$>>v8dv@beH1m zs@Lb_eUqkS<1~V=ho|ukk_&@eoMn_mT9q)OxLRX_0S4yXKH1+4=|30|5!^w(IC=Fa4UFIUhnGLK=ea! zSW0E!BpM_Ih#n$}H>N?wHg$OJR5(N!m8HRKqD=BG_q!5bOQVS!Js$S$S4XyJXlyVX3ZLE?#$xVy+Mf`%j3 zfR$ZJDkz;**qBQ;(|l!dD57$oa)E!qXq=950JVJ=t;(gq6V7gH+(9`%@N>`8)1x#5 z5b@=vPy|2XyzCAY#{kBzqN--dymO_EGx9uLpuOH~kpb=hu9rj*%_=m!rGDBoUDIx9 zjR}F^V|>-YOGh=Ewcn)TH=Yev(kv6_@o+60UXZ0(IoM-zzH814Z06RfvoAWiMG+)4 zQqov`DxXxB;{FLj_8VitnQ*M1Fe;1+nKaA(#ki%9)zk2_SNomGCxIIbg~%#ctth}q z;P+L3v3;lmQl`D!R-%ckZ8d9}cP#0xS5+z#W?ZT{hyPEmhYy|Q^&04i96CFm6@4}*b61!!fiM75Ol_j6XVqluAZRe!F z`-a{vx8g+Vo}O)8Pa-$IsXr5bx*VB$23+{?>;BkuHj#In^{T8f;Mm2Lp$o+J$HbnM z9+^0h(#u7w^?BaNJ{^=-()5SAq!e(gV704d$~guOyczlAVy?CR@VnnLLaj zQ4iVhRpQ2>A{c31G0F!}7GB0|%{UkEa^rUjgwLbG@SjNiHz|>6;dbPmv@|g7+H-$< z`KUoSTd%YSny16e%+1&4ZCj|=7u=7kGw!Vse{Q?XBG2p3htd*56_jlBB_s$x`aE zV7H+NGjS+)JR7UBWY5gf@k~_LbNxwwx_xO}B3w#Vu>0*uy*zs@87y^Lx0OEZaCNFw zmnn*;2fH4Jik*^jSMVkt z<+FqgJ4WPFZ4~T)YV)DTF*owXBQ%?}?q;y(C4A}r3})c*(B1ac__?vMakrt5u?<5B z1}dT+<9XWilijC;6+|Bhe)wMGiA!?8$Wp#E;^O@op{;Z4lts?{3l&c9IeF5g&PrrX zq@2Wan0GvMOQ+J;X58^wR5T*E=kK4;dfSDYJpLwGa>2cG-$QA-|Bq=a<%UbDd51oB zpUYA5OYn?`X9fMC*b6GE%SE5z^`^Pj#%u9jRitKwFEh)Zzaepd2qqx!0YYi11FMDAXFO3d-`r)gjOZh4D7xnNZb)jlAZ4I*II z^_Nt0Vgf?j2>jBz5tqaL?;p^RP9NN|P*6Qy`L?<*JJV%jxIub|_s)?ju$M^}MPU>$ zSl#Ng3Bdy~8;@CcVJs|j_BHq6sw1~n|KIvVhJb1fm?-Xjy0lBR>0TmN7xgXowZ+Z9 ze3qH@DX=49_myJSO+Ab5ioU2w#b08jg&Iq1Ua_lC(@@smx{tEW~Tg8Y#X+B%kL+%jOm{H zFAhevJ#@|r^|K+t;;2pS3`o1g9oO34qXI?~N`Vb8tzIZ=fYc&<4 zED8gzZb1iN+z<-giV!{!a68KE1W0Pv#z4wt@>FA9e!jFZ@G{^{B!6uJKbrcIYmb{) z{%e5j|8bb^bSQn>30RuN2KSc0CXiLMsfh{alOCp)Rm#KRMCMswit(sB;|L)x{~Sms zZg&QcZfLMY+olKB;(FMj^213&%lzEj?FN4f49JDamUg$7hb`9|Dd_0vOSg-cmfx8B zfh_~T2Ae_Q!$$3DGmD}&N@171Hgu{tPFusd3Hn8ag*r#qi(gzxxyyhV_3?bsvnh07d4yT=Y03()u_uHa4cP^b&-Fvj7nI1U;9eygbW) zzLshC)g@~Lm6#}?XXU}{kOooB15QU1ncLUa=$o}|lP#XuaR|_*CUiy+dp6fE>*2~= z-kOBXd7jOOKv}(lcu7R~F=GJpU|Y(D*j-bS@LdMe0A%PJ?f5M)^08E&yE9x3Ojg~z zDI_OS!f@B*yPO&F)|5YIKOYKhj9l#LXoQ{CtYHP9xfJE@B(?=()Dre%1m%r(PZmRn zM3;_#yyn$-MG+UzT{v^9XInF@PM26Yh3=P?{cg}cGOJOIwuoB+ld1+ySjMLpbH|7mt}@2Uejlg9L9ze$(o_#^sddlI~||{_{Z>c4=@H< z;eG~-CP>c*D#}MX#Z1hQGM z&lU7h6B4Cfyl40sKgfaRdGO*^8F_sSnkOsuuylfq^&;U5LV-tp2M zrA|eQ;bVk%aKA1seu&K)iiyn@+Hv&Qsn!Lg*aFJ-1{2?db4I)8>vdl`Yc&jj(7Uh? zO}iw!enQC>FcM;x>M75R_ep5DRfoq~XLC&58ThGkha=3>oa03+seC??O%KdtQ;*|{ z_Q+_w-qP1v!=1(QH3=}WWLa?c#VXph{==0V?@2J*qfxABw7Y>q$)+9*!nfph`;=mS zTN7PRXfc-`eSQ6~l@r-}Iu(RmOL*T{$72|L5fG(~lYUreTaS@;Q|xY@^W*APiVAVn zC3aq@yg&a-ZM8SmaZnH>c2|L>8S=$MA>@nfmxW@7z64GL0N*caV~NcDK{(`PO&7Cr z4{rYVXYni@>8L>ShBj-=MhdrXw+71E=a&16KF*eptA(sS&2Z&8@ptJ91j$tv&xw*b zNPmkhv9R%t6{d>r5a_8alGbH0~jmdRyI?EoXX-kUJeJd-Nw|inc zKjUE}(i<2U`qO8hS3osZhR$>DS)P9N7{ZUSvKP>NP*l3Juch=Y1hRelLwieGC1AWo zED;}2(0${J#D~H|@N97h~;xL79rBO)UF(Lo$~4eANAoxzT6q$`bQ*k5UvC(f3a z4YjlqI>SMmUwEQ32m<~UkL$jKEn-)_TFqZZ%3B_8nwv!x`F_3)#$5nv79AbkA#BKl zSBlVVEKkvKbFgXo3zoaPJMYADP*70a=Oyo}qZN6MUy^ESwaceXsE;f4;`ZE@H)ww{ z$4f=+e@OV41c4b0W#eop(8mA1OjJBYL4Sh)`s@BKW(bz(lI{_Q`9J=8)(R?>K5xl~ zN=W;+hexu+W3|*(j03E;a)*&6Q}8?mDJKT85ng&~;#d|5QKuV=DiS;G`dq9ZY(zeA zm8wujc2d*PIoI&CMC*&(13t01mQY#{^X(4Tn>PhFHI!*ouIWTV%DJt^B{+2q*F6bjrBV*>6vUKkL&A-P>8{GC7roW; zoUNH-KS03Pm9znJ(u`phde4lvgBG5jyVv&aDOZ&7Zw-mD%RlHpe(crnLM5cvNPizO z6H;7UTBu#aW5y)E@k?XhgLzc0ip3H6o6Vr$xN(4))Z5`C2fjJazm#09go zE5!nrY+VCAJ(FZ+?y_OKum5`Vnlaw;*O+PqNY|Ov_Ce5_b@6oDv6_Vwt*@F{8x#-W zTR}no=?S=Zc@3ks_X7hR8)I7&4a7PM zGkspnF&B0fVpX;gUUp_iYPdj@>YvO@cT?f^&6?0nIj0S`$9BbRqaagZARFpi4P==s zoVUvG-4@F5KZo`!v*yEt;fFCcQbIpkaMf&I%GV7bM4X|cTV=Z5EW8k8#zEnaX5TNU z!vjHmzS3nC=GBib^tmRqE13fzO8En;mxuw7(T)LssnKVe!#0@PYF6}iLO>?cuL|y! zZ2r=@EI^(TzTPFQQEop%ck_2+Mi~7>#6T5{<%gTao?gkb2{T(gl&ipCD>Xp6OzAmj z_Fb2|ST)p5ziH@fFi(SjKQ@#iW#Z*+mg1Po;1*k|D&O#Wk}6oUY=-GkIb7SKNlwPt zTb35$SC!4O^}JEzZcFaqi3|>I`#uukYwq}wl$`GoYCYv$E^*Yy>qHy+$dRg=b~P!A zdZX>62T|N@8~*gaoFN}|{7DDNvE4o2p-;0+@pkev=`DPvPyYHS5dSL=#}>#iGt`n% z%`DZR2V7qa>DoTv{xU^<$pz&!LaimKtK1%2E2t3N+}!@ocJ49ca-#p?{`3aq!LFu1 z%Qy0k9v2bNb7Ow8dLyo8kYH6QX|kv>d-0~hJ)QT00Sab;SJG4D?tLS#k6O|b9JtZP z19TE)y%cGd&XRJ=UfBZz%*Ro3{(H1(;@Q&W`N$cx>nC*Yzgp~C~No`Bs4JUV%YKf8oGgoLqz|`POQnp78p9W z&3N;DjHK<-*xh>jsHyXM-O{*x$*J^v1u`9=`pX7H!c?uqe?H%_F20j|R%w@Nq7G6e^6Ps|)_sp_%)cDnm|a=5zscU5h`L9K5f(#!^Dhk*sD z_Xgl?Gk%KR&Z@1W4)}skOep-1p&qGh`yjkq#Vg4OHC1J1|8D-951%L`nT59N?gzes z$Zpx;JU!w!i5H}LZ^pW^bM1Q#6U%yBLk`+8723geUlPi)@GDs*_*{0MNx{e1tYPpb zoe|z{SB|zanUF`svE9o%L?ZW-HpT9(QY4M!rTMTF+*iUX zh{OD(`u={K=N35KDaOhl26aFqJn_-f-2P<(=<7_;UZ{~sRKe+Zpru#9_p#8>iW&#B zghFj%*^rZ;n`ErL_-t<~U2nOp0(ZcUDFhc7#X4|e+Msv4H5TG!kUwQ_LfVv?FDRmt z z+nyzUA&qMq_$*gTU|}q=&bk2<{ip%YJK0C^@N12NN>7C#k|H=gVRU{F zs^O!pbaLI7pUDTyuo`71$Xt7xk3BY+6}rt2XXkd(8ub@-85N$|EoXhw>RMm;ADNTWX7r;+MVww2;2D+N?iZH$3$w@+!) z`|87;~l?>j8tDDf#Fde*rna@ZxA8khUSlgq%B?&Bh9SFeCBD zVh8S&N{YJCsUuzuEtvBix@-$1zhK%QnA?7Nqw{V8_HY5W;CLXA17< zY#Rf#@~>|DaSLSrcxBiJe&ISs)n@jIbV~g@&nO|pOK~grF=55+KA94fd#3leqb=;! z(9wB_gGZ_C(rAf4{0ZFAUTT|$;Qa%9$ebM+_q)Y(q39di#0IF=uS#J%3z*Aq^i~!Z zbheRtm&c@4be$=9)yNtX^sUg7E>5vI6SQiVg|$1=>s`!l z51abl*&^pvvt__#jzcX5oWfK!l!X+QOwkw5Y1hPdx71KXHhM50c_+a}<57@HTy-e? zve2{62+a$AmqD4EO4?m(yzsWY;@lc@z!U@WtEZ}hj*0U$d(Uny3Qu*VSe^0jZMPM9 z7wmCtN5Vt{*7_SL4_n)&pF}M4)}GbeJu!2^R$eDMF;kOo*KS*_7|3c$DyG`Y@6p6I zw$*Lq6hRLj|1d!_9tkjii>mu{aiW#MEyz$<1ahE~Ni)AWa|+3IaKf9n%*soz?lhb& zM1}A8>e*(GES1-8&4e!TRzgs0&j+9J$qvH94f@cEJegmS#$`s#`e#G->_kiFKabm1 zM2K%R7A=M5Mr0%~+FJ6S7dWVHHoBxoWPHn-Xe^yK#_3u7vX%%wctwS+L~vF1sD+%t zt(7ytEOh>q=Zi71XXsw!BSnW5ab{mE(2!5bXU&jb?JYQGqj z$jkQW;>$+d#U)LxPF2>4=)s$ zABT_V@66&ooPjAXCei^EBsDhdD#9jfOg4li zfU(+Y-IeD{KfB5?E8i?_ff13RP63px)%KR^a&loYfb%if>oV7h?DjssSy~EK77-9a z!q~zOx0#8^sf5xoIKS*q!p+mX)@dRaWm`32=0wrZ-Bx8Rya3G2(lo)e@a#jE)j1 zC|Kw?3!suAFB<8dbW6HPQ#2y_BR5-Ug&{eR!lgU1KrttM8T1=Ya_dtuoN0ZCy73bz zzvnx)o5ucf^LeJ8=gHyN!{KirB*ao({&H=}(GAN>bO){WW#073y-9gqZmZA{IR+)4 zzy_C2WQlf)wpf237NS8?3C+zHE3JD6dW#T9NiC-o)6axe#F5a*Nt}_%Af^3s3ZT>5 zGh$3e{I<@J4fm{H*(kR`i|s6!Ip*sGpD(Wyo4~`G-2-u4--eV$g#6Ft_5%}CC4okJ40q^XilvsG|%7orvy5~ zVxm$bzT`;06Kv4%)DYY$;QA7$u>^9Mc#B)|n9@@@&RaUWl|=7bPrht8SX5NlHm)8* z6#5nyZE8*wGZ^xs4yI*R%)`X9RCHFN{)xloQ3*eZ(vc@^%(02pwdg%4b^KMA51%%6e@i6OijO z;w0EC!*l%ehIXO*8h8e3k?@$ew^~D=s+qhRG->-}EsHIOgV8Zw1>x54<5u#Xnu52) z2W6pH7w0j);a5oI>(scG7pz5>u|JUms`?HZ#=whkJ0KdLRGIKqkIlh;AICZV^UgE< z_5|OTulc-rn_F)M_{PP~$j^z(b9~6!!Rk9kl@Tbyl{~1YfU{l{l2rbt<|9-vh;>lm zjYXvQOELChIq-H>RFF9`Y$%nPImGiCM9w$k#6+oJfT0;PP5x}+^Y(V@$9Uc9Mak>k z0X9pOKN3G9tP)elCQgY~eCtjs3{9w{?+wrt6}ftN1sNaoheM=z`AdHVm~^S(B42ro zO8Xl+#`Y$f99?n58lZx^L-9dqO?0NOSFR48;y&;I=>0yVEU@eqY*yo;0c!ALw2(Tw zQ$`)VeaGJ#eV!n4ak)WK2wk}S?=BGhi%P^IpU|Y<6`t0<_UY!+1X#CS?XEDEF`>Js zUcgkCiEX$LTKm*Z{(t8WusXVJf4l7R==ar$>)eUN!w47V8wuUuz8(`W!}_SH(!NcS zsp1tgG-$;!e>3ZgT`gseLB>Yd`99`sZ|)+FaUF9phUs2>Z0rq-19ZL+WJ<7%rLKSq zjE0>J=WApHcs3VmLsMIB-rkM>+p7_{k7?LQF6@2xK6A&->ZhBjZu0oEjmb+YzO&w| zQ%~8e_?rW1ldfU=Ww}aB3Dho8f|HA3Cp;3Xo>!O2a#y9J(XsMj@XM#dQiar|(6Cd} zupx2Nl^N$xw#9)fiQRTQ)0)^4QdC-g_KF>*8pKVbs^64_raLE1fjgD)i&}t2|T`in&uk^6v zWhQ&K%+}!ZGU&T68?ox#1jkqXAgC7ZB>_KOd7%m5#&E0b3P(1Gxh|44j9Mh%VA`8DQ82=1R^gh0#ibnG0`dVUNcF68Vv#-LJ8(!bf!O0eIP*5sem`EWO;|Cx(U@ z{gJ9|=Ie6g zeJ#bEjZ~{Dm6mv{uNZHJL7pzUQvG|vbyK^tx(_`5Rr3O-n}+VZc-gBtCYheeJjN6)5Z{DwPV;;<5TQ=VNwLAc|21qHs$q z{M96%7P(?|zE1ADZ0^ za_e){_+rOwzbN=tDc^PF8bh)($;v(u#{T?&* z1{?E1{jAsu$!b)DnYnu zy&BOR@-|&&spSY;YA!XMJEDbgKLH4L>XFlDnpL5zs^q(rsjGA+@@XWP`vw^pRr9)v zN|Ay%`RlZUx7bW2d6LWWz_e^-S@WB^Tn?v5KmRdOe1xoz%?UD|y!o_j%ay?2sPdf?I?xgh%Hr6xtA z5o+4n00VN3yRBwXm3I!(TQJNm6(65UaTzYe-G$=j`^>VPSk!}Z1}ysmA@tNIUb{eD zV4lW`FLUu>C*AystW-|@*e4@(v|oq9@+G-D&w?diGZyLpt~@vfzjWG7rm4zjGS8Wo>|dX!8xd{JS)Kg|+-yE+G~O@-IGW73`MADZ z$jko~Y^$>@!NTJAgY0mZnBXVRKJUV51(h8d5A%?=%D428&@J&I-bS9^&zTduS|Ua@ z6f`@3m^v8Z3~uc?sVFO$j2CA|W}lEyRJ&V7Oq;k`apQcmEd5nCN@48v^K^lw6`*(n zbbmYFVYAPu7p$UifK_JP1k1C^oIF{@CZd+g+0vL=PxIrm?`%X@X6fG- z#hiJRTub*ZYbxe$0|ur1;9?C>nrm1!OD<1iKL9_Qjqj6*d2BTx>*|$EegFj7up*ExkM_=vw_!GgIxCXbBAhw%rqe01BpB|>0&?J zg@;JUp9;#g>2kh$&yJ8Qna^RwS3C4J2U@lWHflX^wVp;h!Bs$10Hswam96x;9xYwj z)HIu8jqvkmK|_ag@DDxnX~dI`&{?hw?;+i>m{#RpWl|EoZeRR=)ojTF=Y(-NNDHIH3!Sc<#-s-;K58tsT?hLj#~Q0^U-9v z3+1*If-;k&!?%Q^zk_pS7I^CrN&Lvbfx-Y~wjTe!C|xN3^0o;9j)ihBFC!}jCh3Gn53ZdQ zK^IyGM!RH~_qX!S&Eu&-SuG*jsilaL>V^&TH5;SMdTjI~Vo5g9!QexDWg!~-05I{@ z%-Ih!0*&!o06-q1Y>n}IKeXPtE5Uo?_=$ml_5*RHM z4LR3Ror-wjbcw@>9eW(V-Fm^eH2UEi(O8Nc^qfUn0kGmNL_WCiixM+jQ|BBld0oKO z4ekQ+t&+dr#rHsF;Q6v>yh)y%!|OB?nj?Tj2;7vr?&z0Tm4u4CL_@w+I+Pq&v~0K1 z@K!{CFkN^Ve?RVQ0T{zs1Xjxdd27zcA4>Ga0il+3P&jCz-h9p6nRlL>+|IWNnI7)r z7YM-M2@s(78%Uyd@lTh-uQL%jvS+ui*^bOS)>Z@hYu(ao*RN#`4)mSyLgGHFMhiK<#$9D??=exO3mU)OY?QP8Sg zMmV@IyC8L(TsC_r(F;`e9&5*vOX%}RVDg|N+Cs>|m6e8Y)I z_Vxj&Jy3c;!rvD3;$hH|F?J+ZkGPoT;8)7{00~lVAzD`z!m9q^p)NPZ!oUQXaX#elt~zHHC7({*I^p7t%hRwmVEjY4Sf>1cB3!RlyHnO^=Sp~P5%6>^Y2VZ5Q* zELjL`RnBYsGyD7U@)+ZJD6}&_$76N&%r~q!i0tn|?8i>#8%Jb?8~HhO_Qj8Ylf9S8 zZC`|=y$I69Jx@Nc?y~X=#LnCy$?>J<%(uy52~)BKDnhGIr_0%AvlDbszEa5Y4u9#S zXLU#5iSOa{w=Lmk8Wwv(hNda1kp0`t+uVeXtU?ZPCg#r-daR{iooRjm9h$jmpl@F@ zzW0>ZKkddgIpLO}7t5;k2M#6r-Cv(h+GwBy9;W5bBkaDc)C$c!AUrVVG#LC0_@Uxy zR5%jiZ<5|0Drg#mY+>kB;Knu%zQ1aERcE}Q7Jg1<(r;G=gIB3GdlDk=y*KBh(@0+F zz;w53@!jHKjT8jTRjSw=^EYT)z`$Qq6y2l0KLwN|I$jLxJMvxEQjG)HiZKaO?2Wvc zG{X~jzdC!u+!?}!g_C^Zdy#tek)@NJ>;HDA8%}b{Imtb9lMpzWEh7(AvIi;z0(>3o zn`8J>^P&qFbChD9_Iq=;7p9^pDH09;Z&9)g{NaTEh2!KTGXdw#$~Jymp=r`4vsF!Z z&E{VTiHgmjtjG#^hoE(MK5<{*4g{c*h%--=jWy0 z&kl<3cb8)p%nbz?+(ACvBn0WU+>(c;;vgtoDwE{H|LJcGchN zlVMLi*unQgSeuD=dz+Q`P{*GkSsUUNzG!B;CMI_xI() z=vABj{(}L!f1Y)`q~+9Aa@*)w@FC$;3LU^Lx7@ukHkEVmwZz0M)&NgW-E~79-L!Cz zd)UNiitYs6a?o^hYP|sf|IQ$sHJ+?FtCub`Lr(~Xyv!n-M4m!$tjp^Da`(66ZWBU5 zqmrKBxWWClMyh+|h7R0Fv4}KKbwGfm`nRS~C7#Y_21S)3NSpz-q-oyPNt2a)pp;?( zOc>_!fM>i0nJ`gmtTP%*s;OvfWe86HD*EN|?PDQk_bqQ-t2kf(Vqk_^GeNO7$?U(U zd~;2~(aa9;z6R`zjhsU?>m8gS)bq1hW%9>{2~x36ICK109J(Ik&mxyYk* z(VH)Gu`&6vsuf9w;H>g{S>(d<6klZAP0uKPUi6|82BCEjdb@wELO$`v zHiH4`Gnbych4=KK+pB!dwm z)NyqeE*zbfJpVSD?f<3Oq~?FntTD`}Qqcy9Mzt3WFMY#NaCArC_@5LL>Yo@6yWIB- z-Ov7nh|fnp_GG(|>Aybs?d8>$0a%8JANOM1n(PiC4 zyoTdo?u(ug7n_bsKNvPB}M(5#Ww0( zeC+=CGiZZ8|AZu~n=n0WTr~+C#MZV!qU|$Wr4*z8{GEhn=X@^CCNU;N!-QNEoDLg( z0~#`+T?i#$n{w|&F;xxiiRTf-bvk-cf2@v}wH9?T*wVT>DO0gq33uRKMg<^EqT z$N%L-_>a*wJO8quvj;pdT}9nRho3I}aX=`t`MGx05L~||6|zZOIXf*POh|PtI-IQl z*N;+Ee*y0?)(dX`|InoRyEW#>kydd?PU+7x=K5Zat1iymu@?;Xepz?-x4^RvjTUUN ze1zD1Tr+)wJtS1vvc#&>ulA}hKV65uP03uE3p_T;4J#YnS?+1_FwcBseeq-k;xkZMj&d2#+;b_!^3Aaa#gF^?5~Z{j+lfJ2 zB6KN3=!2swOT~iNPIPI5%cG10)F+!TRX9zVefPcH1>ERxwM?B?5Y zXI_qaJ7be@EVe?>X=(kj!vMW^DEXUnk{{IplBS7w%VCx!3KJggEPtn!*-~rKT+Sl# z#I?lJW>Dhdx{t+0E)4GO(70f@Hx(;}f@#%78eFF>qJPU+7Q5iA{gnmaKv9r`o5Sy_ z%R5j=x@ne?~Ni0xChxODlq<35`m4}q`g>{QhH~iNg?R-DM$KmR4)t9=R zg;GD*%R|8LX{&gUFrBpfr?qDIIzR=_>zPuw+_7sWjoKW*k#P@W^peuVKd=)r$)Fq? z{WYU4sLVfgS7yXu@_n=}x)~83bcuXc$$xBvK*u5Cji39wbEl!>&Pm3w_9lr~)(kAG zAv?O{k&eVo*o2_JZTzS@4fo)%kVC?}!GH52UqXzou$P!6lWfnsq!M`--DhP`Pyzy2 zh>T3F7GPd(kUgc4%601#wu;pC*0xK`d518<@A0))uT=|~Zkg`x*&|qw+nl#1Vr>a2 zYRvsCTby%oh_lu2AE3>>S*z%!y<5xH_>XHO&5t?m)xll=8B4Nd_&-3mXSVsL$M3*@ tu%+ln^#7*GzbO9y+rCYFy)t~I#NXm<37sJ-BYdU_(9+OVN2%IG{tvccs$2j7 literal 0 HcmV?d00001 diff --git a/windows/deploy/images/svr_mgr2.png b/windows/deploy/images/svr_mgr2.png new file mode 100644 index 0000000000000000000000000000000000000000..dd2e6737c65351ca656c8a4079e48586875acdf6 GIT binary patch literal 62287 zcmdSAbx<5z^ahxO1PD%W50C)C-C=?S5;O#N*Wj)bf+oNKA-Dwy9^7^C!GgmO7-SgS z2G)qzG$c^;^R=`Jb3T`|E-d|=7R?q zbPpap62!*5zv8PZ|L6Yip@*iT?1PF?+U@(3$F?%6G7lb9$Kj&PpWL56byd>$c<_Lr z`=8%KGPZZ09y~Z+dn+%a`u3FzPbhtx z9U%SfAmC!{w~b_RSV(_nEJznSFvGqu5s0hB%9r1Nc;Ct}IUX zo7}n-{VUJK4A0QWqt?TCAV<3{(6@Xo!031t%YW?c8JLkW!u;08X}gI67RuWo?QfHumQf8NF|KWep_ z;DoiIQXGvtNU;=HaI3}FO#saq`jCh_7|_ivNX3Lo9>Apq zi*zjoiI<1kYeRW1B<@XzbMuZSuRLcbqpP#AL^kcVJ9}oEQx?w7x%5Drp6UjrfhN({ zbAMJ3tP9ghtnDsLKDHAR)%R&58q@pNo_DwIlGwf*?PY&DJij&{CA!ic2Md$q1Cf5Y z8(NIq@okNgc1O+^*&A)F7&JrfO{F|czaQrv!Q~Dy{H+U|7FavJm`nEXADA>Y9grkg z&#{aog6~80<&#zRHAIxYQT!!ZGisTp0lujj6f+K~Je<10>zRHFYp+{sIHB{l`4Be!RAf2W#G#(IN z@zhPAzF9RfOZSEYEe14K-M5nwC|7pFx zH7>|wJu{bT$G)fgWIt)&SMtfFJ9YAum{`Pa!g@6xv*+Lzb3s0T7Ne@IWCv7!Rh*H# zV`=Zy0o@`-2Y^XEG=3EFS!GIyo2#2pM7|42U9TME=G$Ym!|&8DwK^rlxeQM4aK5*W z9t75I+&5ZrqJ#W-Mn6MNcem&960=bnB9WI@ss-2>ZV00vH)!^li026JE0`I~ z`TNb4jwjF8at+@BNyq$5CqF()vCul1w{Nx(S6jCoZrtxSj(RIIqFu8RKs({QbBjA% zzNq&r`bit!$D~pShpn8W)YRfCQ_qgi=R@&7DG;A%JOi@5L2lM43pBRwfV;NRhu<+S z4^Y>OVGQp&CT=4Y4w2y+oy) zw}K_+#b&+6-8TI}IDGPDB~H?@UkvX`gLni+o`C!w{m3gXJk)9^+W#o?sAq1(SHgrw z>#ZluN6usK_X3L)O&xK+ttD`h139ptsA?GY0DeY~*P}&Z{?kbWPwF>Afc(?Y+b6b4 zBe(6BeIMl=(yx|(0-oO6i4T!Iw(cI!jL5R#!Syqj{2uK%zv_N*_5hQAOn42CKgN5$ zg=tec$Rxl+`WYn1kNvwcC2=@wvzwpe=G-gK)=@JRBZ_a1UE2C!!KC^|@ut&i7D!6( zlR7=V0N6ODF6FNHnrJ`ckIBB%zJUN6YO`k{nA$B7w(dLv_g|)E=?n4hiq^;BH^H5$ zbHS6XaQho*{)GiB9-OzefMItBc_Yr+!>ckA&v$x&x%R{UIF)%edv$w;6?yrsQ1kjZ zs!xgJZG=*S6PS8A>P@%sVtsJITAh7wN`%C|^j-`sjddt1P z&7>=>FJ!j=V{irjGi-kDJz{uUjmo+Ag#M)Yp8E~%akd4qtE+VC@yDm%86Wm7OB}w8 z<=NuR+V5vF=UMm9h)wn#MvMv(GJdr{{XR>Z5ZG(vaf|q))HA2+;GlxXz6(ujfd1gm zZ!PTCm7@=1nC*iD`B4%$&4Dq6(gyJNv%Z}kETxlvj8H*qO}4Tn;Cgw zx#R5jAGLriAYz)EdUz+wjG^ITHPyFoBw%a&yw`R1^R zCRsmcuwgle>)H{tc0D*md=H|Z3`s#gMbtul&0VN-ZR-Zwzrx=M3A3c*+^j1H)U&?b zNKtpq(_lN3eWSgki0uo+tk5iJ*JMUG{y++SZ>7-QN*d1dBn*_0Ab+w7g!WxnNU_^vt%o(bz{;2>?L^u z$@dLd2AM?4nn&?AUa>IZJfcv{dX6_=) z{zDl@56S8NZv6L~06VAnf7eU2^*sMW2_MR;w*GsdP{(}YFA}<+it^Q?gyt0bt0yV9 z*SOS~6)h}cUc`WNkU6(j=}DHkt8}1`>s|BRO!&=M14d6KA?g+~d=yYSe3s2&vOIO< zu*q@C`X2yF{px208N2@AR|??zuK_#+#{bnGb>AbFzc!>Ag#YhAEwcYRCjbAu0j=ms zD6`v9AB9B2Cq*YwyT%j=DDTSqIf8j}o*=ped>ZjMGV9gB-I)%@dCfNI4QyDQrP#r0=x12J+##X)&!WwTBeQ-GyZRi)U?)SHn@t2&-HBM0UhO5dXgSd!UsZ z?A#$2##%fA&bYQ+(Zrl#9BoZ5n_n;C{&QfL1nGPqx0hH;I88pIzR7pu3-uc1m@sd2 zfuynuR5fJdNq-2)92tDw)8}`;I_@Vlbv~Ewn|DsI0#JFkvtsqI6kZS0QJV3`t>&ti85rIuyC~7l*NWVu2meZq6GENw`O6 zrs(S6_R@vbi{~G;W<{c1k#c264A-bZ<|dPD?Re}h@jnau#Qqv(8;9*?NGC(C#}*5_OuS*L8-k&xofSxI;fwS<6!F%|9tDNKcsVG@;wgo_^s z8+W0(ep+mH*xU>)?;5g>1CN#BC0%GG+*WBMKb)$!ISv`7h_U7&dP5eK)ZX^Rj&XMO zC6fPuC*qDf^lRb;+G2Isc6I){6h9!V^tcr-r=ndKuFp(*yBNkdc8rylukx2FAMMkJ z3kAQ7ka!$Ra{TU>DU_B_N*D*qrTmRPY3PcagW?vHvJBLVe(V5dh|otIy`3~DCU5A; zw*WI$hi*KyyIU~i&g;^>rJdIqh~L=q-1H)-mS@^nfBBo3Y^SiL?Pyb@uH6V&fynfl zaLeN*0S4G}=onK+eFx(8O>EM49{~xvC_?4P^MH-`V<@3Vx>4xf?B3q62iRIg)=>H^Z0_pu zTSuvsSK&kH)^^u=%!=4)s}!8=Ck`_{5Vy_hH`R(qBg1Id0wT%Z5{uhJ%8@?h-Oy@F zBEN!XvS7}35}^Iu_{-B_(b?knoFM6w8fGWs&0k*$T7!7LO`flewPTqpc-ne49rFv4 zhC12L(*o_G#Du5F7##zrS**QtwBEHlJ9&_CJ%IXOAC-FYt*3A9gAL_L;UPPnxBOCk z)F!z52w_zmsr}Yh2?Kbp>Wj#6JW785|{q6$!3jQ-lDaDNcctMfm;}-Unt(0boK4re)NpX=UIo5j&1xA*u*2ejq;klST_O4Z@6G_O4fr`daj6t>|Z`lor5_SbgR z%4+nP;$PoiNRPnFb(m&*w7}x*H8Ri|raS1$ekRX0U&LjxfN=@9AVWyI?svX#IzSK} zhF)^^BwU}m>8DH-xe(uO_w4KpGiO6uE|a!?Zg>g z=1QjKMRm{nrH1o$B}{VxGqmT-IhMV9Mn+`l2R6$v4Tf@B1K-=(Ql2B=GU_u@&0xIg z=;ao)gKh(_jmjxQoCi;;edp-yjT;nvAPW!)-*=?K^bVlv7=?x1L-5cMImlrK8P&IJX)7<9=x|df^`;RF zR}=BNS$2_DoQ(AIy}HR4^=)~WE@BUw%aA?#xcuB`NsIMaCdx+O`d8J;8LRlpN~ub( z3-P-fJvqtX3pUhl!w1p#O_;{ZlCde-R~*icYt2ECB5jdn?v>pgknZtgiy%YP#RHw- zx~Br(=+7{OY`zKXaXZE%-jm8k_=Y2Ou^_eKv7;W@A@(g<75-Sq$rF=nxZobNPVOL; zzUhDoX{o8d@G_6iQP@dg^_(FAy=zbFWR_y-2El)L36^l~_eyC>R#&fdXeq*1i`goU zV^hl#4|l17T566q>IEppM7KXQsCNk8Zg=TI=W_MdyC!>FpV|lBe8ET5fIWUXT@`Im zLN6+PQ5(u$_bBz>4d3@Kd>F0Rs>*rYg~j1I1$vW8GJ{1JsnY?w9ap2l1p5$)oE?CQ zS}<2|7>Pi)DEwL6m;QH*fHg_-kaPT`+$~j4tpdF6;5^D%-C4wPESe7tRo$YW##42D z21Z|U)yyIxNpk)xt2Dm|11$;9^$8=vSMy%)9-X@0tZ5J%uR zy`YJ>`F?)ab-MiM$V7|6=+Bl93aMpjG+P%^d=W6BZtw**esg4yGi*gKko*B)Hpqd5 zPZ5lsu$~7+L?)gbg5wR30>_>kO|?A)(Oo?>tQBy(Yf!GbWbnyz!L^Qw}Sp2$9v^VqibhSn z%y}-o@HvH{orc*3jmzy6m~a|pG$Bq&C^b$<$S@bN*_bt3g8%ghi9{Wle`GT-v4JSW zawoizFt?w>Y4rIRv2IGXy7km=Ae`i;Lw1NTIBGZ7=J4&$whn%Zl=GOb1&q*w`xZr7 zam*W+LwzJ}V{QPPM5_a5*ZVO2&&dfs%m99dEtq*($KI6-!&H?DK{X+ znE)9n@vyNDB6WjXeH?k566A9L74@`?XFlCYDbF!`G!NfixP5-{JH87z_1kHp`jEql z-Uq+>`qy9%Z;jlH3x|u--S){C-;rKGTcF}6LDXVyL)|XL*GR(s{>jR=WvokUtXuRK zx)0Y8{A#${^S#=7ELae~gJ4k=t|RoW z?1B8bew=_lF0NuZJWl;?!kAkt09%2kT3~ z*6%o$mf$;d;z1upl9A#eP2Nst#AY`l;FbQ}3Xh6?S41Azh_Qc*_v?A9bn7n5o#S|( z%)izbd3!oDd^$Iomob`d!tk$`jwJ+N#Yt;sPlYeTvjC={&d?nU=Q$dq@ZCEYkpw|W zwV2n$*`?#*tF|^qtbkiX<%>uE2B1ftbn6>W!SQc$rBZJ;Y$QFzu_Ykk%o^B_Tcrr^ zE`S+)yLx??IeoVjzh)gpVNg%4`k0POd=Aq9T*uFd>gR38;RiGNQ!;wN?46GG8AsE% z!@T@^EHSP7{#2S)W`FKp9jL)Trg~UM6g%DlA?vhMKedPM)*R5GJ!AFqhP}uCJU%|E*5oDR& zo$*AHM^FOn>wF~P>%WAyIlfo`caWnySROlqLK@>b?)9V-e!ba%LK#+RmC{1~)?qu| zag5$(&?lZ&P{rv}EqN~mEE(LsI8vm1jT6OfGnkS7V1Yz{`Ibp8O34#;HYp={3wv;S zRIO*KfK{%Yibkpk((}@igeowo(JJ)QywamP^npA&E~UJ&*=gBoayE^0SFb&OVo-Gp zFLX+++kMg9x*U^o;IJta7W*&pIi8Cv@0UwaF#kee>vG(=vgCOfVG#SZ_(Ej?;*ATWq_z49{VJ%F2w^5)?aI9)%uaFJvh z`%~%68G~dVsI-ff6>2W-^13t}SGe>!aQ0ehlu|;U8$cep=gEYUH(ke3z)$2%cbPXa zO&4SyRjhTI*WHC)6y+Lw{3)>WJR~~Lb~g<)6$7?i`@=3SZmN7>TwAE$n5Sx7+>M{^ zg@Aju_tl=?t=&JwRG+)hdhE@y$WG(*g4@mDV(OhNNes3xmcDp)ru>j7qin|{4+aXI zZ?5T@3CoH)h~<`>reQZ$wP?)gJ?NG86^{nqjD@u@i@TCq%hDK4G<|_FKXjd{S54?} zAym_<(r9BU{m{=9tP770x;b(Z+WkeKI`7$YLafVFZv}=m=6sB#zXf-lYtJlAZgXTg zx6vD)e;;5KN(wajltov`ad803sIX`3hqu1V!PZ{zwD%C};JhX`)wNp7nG5}e#y@Hl z22NlNSvKGDPERQ$p!l)8>!QyQ(J*TL=g^jHPrB+ z3w-Cz#lkuNi$K^ecK2?Vlo6A{hcY@7ai?&Nas7$r#k-d6l)ZXiab=wJUgv&gGqN|Rh5x!M&@zRL3V{WIz zLu6}0{JJ0A<8~_-mm{Bhm91&DpXLZy-YCGUQDVCX+v0ap0ME+WIPiZyZBIF01h`YF}oL0w}D4naBt$(lWw4tpa=Ointg8;KkN zTVL?4c5iQq>9Iw%W$1983BUm;=lip`(+KHSC#`|AQMsF&7r~@$2yS z(frlsW9H^fIm!J2gXgiS-z*^`@n%`?DAC5PmPhztvlV3qvx%a+E+pi8=Z}<=pay9S zv`tWqPe-LyZZiej$L)%7a=q(q3g5eLyS%5@#}N(fer(w-2!pk`Nurxu=RLqLy!|Q2 zUF5fWgjv^Ii5OMqFij2W7sT&m4wXA9+7~|6Yax?(2U0qcu?RK!o_ei=(|vLq6Nj~| z1sBJC=H7ne11Xj>oH(2LJ$L=vg?qgXJ-c9+lNpD;cI!W%S~&VR8R;vc8!J_CrWDE^+j1F-@7PwtfF&x+3-QQfHFXyfhWvC zr-{8x#?WY4ANU5Nu475x#&~n@D~LN+kJ^`S)@8Ieb_@)PQ0ICRP2uEQ_rRC!+Bxu2 z1el_@Fo}CLe*wl?pvRUErAym79DCB_JNd{+_$DZ3;Rzmy>T~0bm=tq%u^JVADAOU_ zvJsw3vTUYdQKPcFwO!D3mal2F>cbUNRH6CD+z0j<3%K+}_(QP@O>)vsqDj+M`Y!KE z4Z~6I!tl87F_U0c%VV?%8U!XlanOsj)5b3`J|p)4c%%0fIIrZmS{| zxG)7#5iUl)646B|>Ja~SagI|AMpNy(Z0(&@H*vMXKwNR&GEjzwTnH_7BXoQ#hr@OG zI%k4!k9!SL2Yuz3qCCG8;lo1ENusKJSS+M!6di717)DTu>}CDkYL1+{-7-0HdR}cr z6|;@Vt2*R~kXss^0!oRfW-ftT8g;lW~dS>bD zLCB2nFdcn8lK#h2n^zmftVHJY*OQPpM?JYfK%l@V7m8OrA(>~(V)!{!r9D61GvKxP zuy&MK73TEzc+G#vi^H~DeBr7_X5nPO{5XxZqkUD1C*0Rb%0kb@v;6$Y{$>n#1j{n2#i@hw-d+!Cfr>QC+n#+{2l@1a zAMv}UZNJj0lV0sJAq_sGba&QJZ>`az&PV3)98FXSv&Sw>m5r!(v|Q&$(yF)Rv09-8 z^PiaP5r6%X^Fi!4uNzuDl}^o%zN<5o#5!$yLlKL!f4w$=_J7`q zx*|O`-HR(Qo*is}KH2GG_PCeG|3%*=;ORKU4gUWTA3RL{e;!!BS3~|kX+b}RgwMfr z&R@clD)4`#iFlA#FBIl|C{pv!z{yyw81sEonBy=NpkmzR+-P1(2(4_WqR`{}nY^3g zg;$;TdfH7GDc9QmV3twNj7wC)((z#P&#KWf;C@CoAKgnV9?8!UEZ$7KtRfVx-utr7 zrGR(Poy7VFxXCT*Uic=;t-hSgNuQLW6&Q}PTI>$z3%$Fw4ABCeW8r4^Ur0&iz37x$ zt6=~17%NNyPl2Bn!CdAn`1gC67P(iaM*ifPieg%+^b$FSNUz9;f2TCpU9t_be>10K z$qjk=G1|tYFLCrBcE&bF;BVT}{N2bqjWI4Xg^hf_IPtZ73nL}j& z03R8XPjIB)04b;K4ulyc^Ch|@?dv-EIK^!qX?PjVc#YRWxe+@r8Qwdi&h&Hyb*69U zQeUiXvNE!~=$#1mp!d+X84=hcGp;<|uQ4|mkhh8gk|<*(xGWRa z&5rwCA=}_Iua>uXMhP| z9BI5h`jAD9!}dY^L_C@E&s_IHj?nZNh7WVI73)WK6ltGeVi=zudh}MWN4ae7yl2E< zvoSXPNu6t=WxZ!n^pF*=)b9bFnbYw`PA>P| zJGQ#t#JZsehJNZ9*Uizg3z9~F$}5Fd%Ww1I2L;=!2c+UQf5YX7Jr_1stu%6^aTNf^dghJ&)=@Sdi4aSHhhB5#x4mjV)9vn^)oFP02(7U&c3CG9<-l7UrSmv@ru^sA;k0q zb@gPI#{FL9m>O0~7&QtE5L)QwimwoTc(E0cj>nyV+v9a(9dJ6*@v$*8i<>zAAmm{W zoi+K_QG!%~o|m-Fm!I%NTXJ(fhw^{gBv^hsPEZe(-7nC0HI)y2ZEVSiX(I|@vFmlk z8yH|`^&Eo3{mF1n7Av_Hb=SkcNmzZ?5f{!rgo}$_%VkUF43l3(xdAcngMn4o0f*wV zEYm@VdF0pI;F0giQODn=e?D+p3;Cl=R{2{tVteT@q7ij)@vW`mIFW`Pnf9)OL1jPB zkq6Th-SI^jNw$oO?#qDFz z{3yIayh_KMPM`F=<`v$=b3e%Wz6_p7b#UJ|yEZST}Mz>)%H^T>* zy4J00!aLNHFU!soDbMZjpp25S^%4hYo%3dwi;B~x)XDh95P7*OaE{u0zUQRR0?nyVcSM&t%Sns3Z;cy_Y5N^0$>XW?8`lQP)fGCDCtXqCW z)W$^$wu|l#_dOy4X%h$EzWyfGYqziY;;BcUdA_gwSf=jz#hcoCD)wJt@o+|Ee%?>3 zk`6dC4~f}_O<$?rrBwC+CCzg+L~w}tZGN=> zsBpt%Nw;anrQnf?*oI@w$lw^^XbS|?2u5IaG8)*wF%3G7Ej5ay{!vpcjF@*>J}?H{ znZ+@hO@^B76p6I0rvUQ{5yve<>e+nD0^!nu07|w>3&UTAEu_2i?1V}R%X9|=b`L<0 z%_s|#MG3phdMWtXPUV8$w)o3_r|1SHN1OBGO$- zhLIBfa+IO3eyV1rsE3{wZtO2W^Fz37m!f^qru-BO6c1o?jo{RpR)c!v1;5|avXsdk ze4e~SJvCQ_^)q5ig!EQfD+B?4YJ^|=@uCW@aIAnzSmeXRBL zCYDt2N!$Dt4!Xoy2EZ0wWX=3B;`$-0rC5V!v1Rg-uow2b$WjKWi#jV6%LsmIwj87Q zV&fC{+#g0C#pU`txk1_y-+0zr-R#O{3iDB60tu?$nI0Zkh~l0>u4K)pC=%#4X%w7q@UuIqmCeTW~8X~XFHKK-yF@t z#>bxt_=_P`tR-s@w&)Vcv#F_SsFh)dqt6tg4 zZFbfvO*a$Ov#&pkXtbQ4d=|FLk5j8`WFu}(HFcBMYsg4uVM5wU5Ol`giL;=e8v9HN zu_-DN6ysrDf!oE68*~%i$OYC*{flMI1J@+=reva@c)`5PU(Kc&k86H^ktC36pA06w zWozUdA2X$$sT0b&s5TO)Yrwc2WyP70GZ`vpeVR93wPR*7C9{N!jvD$pzg_)s$<^@2 zf}Y|(l+1J%tQvW&aajhz!eQ>Hyh&8;-Jn-it3_>i5fOx$bE}*jU+Ot4jQcA?m>q74D64wU zn$Mz(Si3F^{zA+9q_ycgAv#7rHmZZbJQXk%sk4=&SeWpb`gXj!%#rD;5`}E^0Ee%C zT;;mIoHW|X_e;s5R`%|2-iq&hoZWC{$8nQwrlYu>p@jhiUY<3?yc+j%<2o`<#xzH+ z;(u$SwMdswDDvuyb_@sV^sj`JTIzNy)&8}FpH$7dR&2SEv1gDa4;DT8-$RAw6K)~T zDaKONe8P;w!#G30krY|~r8}$kz_sxZ4+$zQ{=L0~n%1Q6Zw3SJh*;?V%NayGbGW}! z9k?`doIdc)*reqAuUv`xOwDs{|4EfveO{-D6tP*OzByMh-9z(Q@dX9hf+?*Glo825 zFyVHXS{AIaq)OX^^M8!r_}G~ZGU$Gm_R08ZfcT)KR1N9(5bB(VB>j3cjcKYUsZh3NbZ~ z`({}$VeYfjNzQ2;9|1Eh)rngS#=&af?E742gz8TGI^rkaPEI!&MG}$fRC;91-`f}c z-i&VbGB5X#ZJsbKHSA|9k(-JiHd~BC6k>Ql2+S&3AQIF4gM_x-55Sz%dpUrJ7cLA8#TtUX6LDyTorMqQ8Q(_%v?wGMs@D&+3I(3(*Ka< zX&hCT{yC^_G;%4)*J;&B^m-{V>h|W*o}_*NIKaA3OeyHZ_~Sw)p>LNn08|OMWIdoc zWs*(;_gJ%yzU|9EI?KJ(rz$jge|ciU;*oKw_1AqmYOQ*{!n5CVQ8~7kSYdqsdCHGst-Gjz@p*cBiLhV5W8AoIY(v zxT`~@BlPkc1=ip(I~Q|O!%0D;$k$7768ABSX3|9#tCd7+W>*YF ze%?*uGgHsUac-1zlMh@BKWo-UfAjjIZFoaW8qvYjIOZ3q0v5(i6_69re7&E^hc)0n zcZtCpC?AiKf5h^ON5g>4Cn(Rfsh0D&%8C(h|CD0plh`oPvRY7KjUpb@9=A3GEo@B|o$Sg;u2O5|{n1Ka>#(b{tFu$tN_kmI@ z_(s_0-PoSw%lcc67M1>T&Wm|Afq65C9`HXSMxBvgJ0oN0FI2i}V5U~B)?0dw#J+A_ zR({fTyRTIS*}C7}a@p=YzaRLzGY`tSupBTLWlDW6I9S<})n;z;gYMb0(4XzsVHBl_ z9i+GS^#}wgRNs45L+FXjs!Meb`1?yLN3J3w;W z+ThspN<}8&&4b>EO_#ouF{#MuHe=tDW?k2n%C`f9zxzgipAdP)@}5GaBNc6ezx-g; ztg=TeP|mCpeSiD_6pSXBS6}+1PTu?dZV^&B*Md~1Y_wpW<)Mn@5MeRfsBxLNsoAVQ^&PgQ@)!+x~nN0@tT0|S)_lf_0?tI^4X$>=T0-o$rZuf+0j@QN9mp; zJGv3tmA|?PyzWauNH@=9-I+<*MI>?MRCYP=w4xFOP*DwHL1%9XwS=T(mYx7a+j$7W zCQS1H*{{@i6du+P9~^%44WpJ_4wDTOrO2mQIR1LVFC=?U2tFE~@ZeQdLNXjLRz!a* z?a#%;Ftl2%_4qLT`18_^oHq6b(oL7J3Ws~nB?N&xxCLh)Wr(~e;5A{x_J8H~G#PJq$ZjV$E7*8fUwn=sOK!am`^ z6GM+%JT_W=!R;Bom41=JMj`~<&#E6V!Lq@Kl3H_T{QhWy!<$z&c>a@B54i1%?Eib*f=ERhM8QwVUD>}Bw4$1TJ4`a!!#n; zf6LDGWX@ObIT+upDKn%(?sRu9D8P=5~9tF=$8q~k$%Jt>jFp6 z!VJCur5E%-pB%N{_d5mUTpw}?2p)O;rmLQkC^%HoyT#2>^1Q`^iQ5OtqO!L{i!S`t zE5RfAsSMYo@38B_{HTKeds0%aTVj9HbVWy223A8)POp!bwb92r3~u}4y-3V+5>f9- z5t6;tM2dX-sX~8sx1GEEGnl4<9kx~C}%8}*! zBMtRRgXmz&9dIwPiF|ZB$FUJx+~ayWH#|PC;J+QB2+w{ zI`r-*+?p<;ncq46I=VGk%hg-u!-zXvmt_SMSryM3LiwXt9D{^($6# z_fQn|T{!d@U zgbb=92Hbi-16#F+7vu=Z#hp934NVep-A&^asnK<-1F|Md$W(cpLo3Y7s}bcCRjBCY z!<&T4>ZAROD%KSOPke9HVO}q~f6Dg!>-bIg1H*57r?KoFUe)dKzUXb7QvA+pLv1s_ z>cgjP`5%W63OyAJSLt2iyAK-3pqMHqK7BDfY`kKCR}X9Qt>2l*&59_x=9Mrw#|AtT zVAu`;}qLCO);%3n>QheZE23Q-P!R zU3^A?e{zV$?Ig4P_Y8h9h|yN=arP*v8a_V+L5@&AWttB1mYghLyDb97{ zr}}c-u?TGPkbME2h_vlI>hjfxKfBv*!_NFmQ%Vx6wu(0?)wlS&y++0jo}Ih@4;bI1 z{x564UTKQkvdSI$hM?Sn+wT8NnZo~Lf%*R_=V(3rw{+n?ns*-$=aRsCdbEE^ykS)9 zv8fgo5wX*r&d9~33jBvqL~U)^p}*XhcZ4WUpq`f(_$Tb5IKSk^OFpnR<5!b!<-foz?6%3+ z5mk%0)td6l>l7!OeN@mD$W=sp8$?Y06VNK-MKEFQO>LnNvY5X_;TJ`$jI~6 zD{5El9Zll*urG{^Eh-5%rL`YZ#21GIF2aT5(Emf4Qw4r5eIbZ``7HP)A3eTREANk@ zXyCn6@NL19(<=)5IR;5>_xjQL+IwuAP~h8!DbdD-s=60O{%oaMAR0949T7=uQ|6C& z`t0$Ch99Qx+QhFh7v&5EF?vqt^)KNUnPd zr0189l521J?ucsm-8a3spj;>4LC-0%e^__P9qnRv7-Rm2_ZHX24GfE*pXMHiB?~TR ze^y@a*uk!j3EGRQ7JxlPcl4jDscy~^YI_Ekr6J(FYs8Gx`fnNW3s{h4b*UCZF=O!Z zvE)Hkd<<&xa|{aVIl}+E+;Xh=aO&54+QD`-nGy_l zdav1I%KdNbM6{W`O{4<7MY6|>n|*iCzrkaWYq}+L-T4Q;3V_AD-F7@2P%S!3NQd0! z2*z{>JZ;@$JxdTD=u>swO=Ng(xrcxK`nM*DY?<2EdUj10hO~u$cu|2@rOm;h8IN&F z7$uItBwUt}ktAWQDsQ2CjBD=|+sLx{Cz|wp@%1LT&lXqQFJtiF@AX;;-tvv|+h?R| zJ<_EClfHaQVmukv`@-C~#Lm+GDSP=Gew_Yi)Ji2Fc{e%-yiNPBGAcBx4c`jdSG=?; zTB1PtT-XFolu|gOl+i+LRE7LI9N%;EM zDY(^T+8_!gN_-xD_MZIDsA~(AQp2>?XE1Ugt_-gY$dH<@|K;O{N`YDrkr&fU0)mhS0_1X>MK>12eMor=*vL zoF9`!nTH6T?|VOP&p+H}X+O>Zo)FKqK*zpu?nbeB=W5!nO&7AxZPh|jr?IN#Js+QgQWsqUx0gYhEP&8%OaVwkNe0OB}2Z zJZf2Tx7#-34J=YVBf7%55{g;bYU%F?)WKCr?iwt==HG0(S3U3dKz&ko|rbpdZBBr8{slw+y-j~X%yf<<}@GJiX^`rA(AwKr8_634h zIlxzAPL~1Fg&j>;=b>fsnSThCJsO7*2k^JaV0lFS%+v&W-j{Rn_USXM;=}43C{OqG zIgcgue5~rwCE#d2!1NtL>Wrbs)y_AY(=lLn*seKHty$=$bq-g5fGUaE0{484Wf^DU zV@MA(xCh|97w^}IDkIZ08R;ZUM#vU?H{Zu9T5I+iHti0ARw$lR#9HY?j)g50%a*pT zQ$D!o{P1qOS@VU6PR?mwQauF`FW<@0k?aTO&Mf#kpEc4iSZ+)@tFNMUBlCg)2^$_6 z%-@}szctrXdS(?Gp}CU-T|0?4tf#Blm<;JJblwEz-@YyQp~)!(bW_2Ka9~cK{ZL#_ zzeDRpkMAq+0&})&{mX|LcE#6uxt=9roXWy#6(v8O915Ho5Gpo*a1t*fIR=H^1ZnX7$=*iY{*w`1=&jf6{<7nGhoiT@ ze|0klm`qRjjA=8SWwD5EYT>Y$Cp+;~Rpo{a82 z^)J!~!WaT5Y2>>t3;G5`o~9kz&gOq~dG!+{gZs(=)#p;ac*~_D9h`yixqNx_%uogaLR%Fb!( zI*r|Y;5Q@tmmStV@|WdF{pW-Erc93Nq7ln8nuP+QHFsD>7i%OLN^g!hJ8l5SG@>t{g9sXiJ1A1j)tG+g&^Hb=;Lx z_AOIbcDb&bZ@DjEx3$|6p3`{>Y4g|z(WRH?e16Y^oK%#*IS-0;xwY&YkLTuhX^c!} z0vA(a?c?{p7L>`kwDYVn;)MKk83V5%_KaS2cn2MmF{S4K>@J+_sz5ML z2Dc*tZ2HGOUiW!EpWnNXu4cFdAI;I59sui_r4?=mUWff+E&@4w+k1olxx^(x}u|7 z8gfOpPOvC8*D&l8<*e)xK4nw4CO!ztbzd#3(#R??jG+;!7^3+{NlZvf`=Ty=^%!_} zv+Op^)o9imMLfxzlaP@6VOo__we`8PlE5n#(8u}D`Gm`%h8&k!B6h@$=q$$Z$Ws^7C^Mq0zXLG`? zUXnNZ|9P3YeY`Zk@Z%&n?MT%56A_&=szmYU>Gj^Fo6yqS+*5NAdZ;bw3$tMR%{UHq zp=m`y*|t+Pz5S0Fa|5-Aa;bZP4m77CZ(SVxD`!$QM+{J$BV&&Dzc6-IL2_ zxHqoB-Q6v?ySo$IAvgpN?(Xgm!5VjI+}$-eoaX!fea`;xP8C&Ltb(Fny4RX>%x8?* z>t?*x?#^fTeqV)g=Y&MS4aKpQXFjjcYD&b99!p~%d1;ld%Uqqb?&YFccKF<3$M`)& zxGcs-Lk5OSXn)EnGt>9aG;?MpCT$BvzBk1>I8I`V#J@0NQvxNAI;# zrR+;LVp38&p|H=+Yl-kZ;qE7NG3Oc`4?5e$YlJ-?pRitT!^uBBl;AJ}=1$%FN~4ZX zVW=eSM<`v#`o17dy4j(hJ-+khkNjrPYOKu%(P|{w50F@vyRg2UcdXX#tePGUJ}}UK z2rd}(h%$7=7fqJtPmuJbYa=8e=}I46=D)0QQ#ry= zNj6v5`-q*ZoseOZ<8Qr`IWyCxlBkkE_`9(wRd77RLgt(eQe`gcc z$Ya*BmR6IN08Eu;u_(?b5fPDW@o0PxIb;+Re~3?z2OV7C!#%FS z$G(u0&!&kubUc>F^XW`gRPS46i%#L`N(<&1g2!A9aAT{GJ^S3b<*J)AGxN9e;g}J_ zH?Iy7k;CqeCa#_`31u4hayYp+nV>K%=EuGM<=IBrH(agpP=0R}xf{#V)|eI4oyf3P zkl{)zrRp3J+rURF)V(jKt7P8M%>z&ysfhuXTUMLuoYOYQ9pr&O51f{77g`>g#V_~x zqJTnI{Ni1qq6Wvf+eWx|v-o#VA1R2KTc$-fWNfkga(twW@iOdM5!>jBy2w>95~dE1 zi>A)^e3JF#Fn?>k`|P)y{+4A_O=f{pJpOI#EA)>_u=5KFh{(vq&gXd0=v2@VgR2ft zzl0;jDMtKpGEm+b6M2&q`Y=d%l8oiITK9NN!W!V&Vk|Fr$bm0vG*fM8{DA4431i%@ zWmE{ktjIWx_FFw}&^}UDWMhSA^r-5n8rDGH22Zbm3l;+&$TE7t0g0Yb_I0kMu++Cd z6m$o7s&yCEdDzKxn=NX*5hNx<1O`SI%JGNAfy4cr-*y?XMr zqijQ+_IKcr-J{v6;4C2KZ*3w&T~3BXt5Qe<3M(%Lqq1&`uBwZ`xjbJfSFDBg`=mug z3P|dn>k!AWFr<7(N7KUp^u^b4dFm-GC~AL!GC1U~ofjF`Fw;>u-Gh(E&U*z?CnjQ!@qM8i@ zyHi)h3t58@r$+De@rX(I)kxq%0z-&`l__F}t>QZ*W^Lm4D-iCGiiWHPN01}?p1nxL zT%GC{S-U);XN+ln8!@WS9%IYyQKE%j85fEV+1~~~Eufq^%VhEZrotWu;1(nft4$S5{+92)hRLmC zL;Ic%ZV6)8>0ISvLChvxLghQ0Rv)Gnb+TSf$Ax1Ald)n$QexSXo{gUs4&*GO$K+$B zOL6a>A=jcjsrYLrk5F1gAd8#0D7skxu!@ZEwoC3sHxe<)oR8F06APRSKq+*LGtl3) zM*L0T#XhrGVFUurfkHJX#7JtXGd%^2TF-e#({B z#j|_ZzLP=zSOjf!%hC3C%>7MtNrY<^UlLUZ_uN6xt!<6CEDz4^#nfxt3l==REHvG? z0MA29gJ_xY6g;@rPE-hYTHGeY>d3V_P=*6g2nh0feq5mo78L6vUxX>-ea-Y*ibXGzAn$o+_>=4{^m0!$Nkd)u-1$(%ZfDyYb9Bm@Li+&ZO z9HGP=pEa;fH_R7@ny8BoP@&^zRceYv<41 zGrT)n9k=P1$m)X|GuN8=w7DM+f0h%K-J^*11uEXN@ij#t*u~2$8-)}f&LoJ*2OeS{ z<_a!(*~*R0@*@hXpKZY2&04X?^`6)vb0#!UJ!5=fG!xf#=MhIClbL5?;28lz4Z5rW zI+k~Z{)P{2-?QZv|D2N6-}J+bM9dGjIjkDrw^!yRuv%KJ56;SnFbnKXKQnEfif~qL zMW62>oFsMHs;3$Uhyx9*703#WF*wbNw4eyp<2B~QSBH_Xv4nPoizAx2@)goTEmW`D zo_Ptc!pFI;;`}myQ?x3LL(hwd5l%K@sZPnsS;R9Si{0M?lGxB`QfcnApgxnVYI@dP zDn3VMZK>}Q5OHKC#}J`{NnT91GrixA-Qmj~ zB$u!{ZXM7AqQ-ry1_CRVmpD8|7Y(KtBMEY2MWDf4%Tu|XmJcJbmPAIp1=!+C62`29R7lbO@5JAuLeqdPB5s6ty>jgsMH9GiLFknKHl6tKsF9}z$mfXiSze_HT zMDN*ZI-;o)U)l~gPr zD94979W_gmTsNPl)htIFdQJ<7V|DC#9d&4zdJdYmw`kUX&pZyED*4t*N-owqi=vcv z+iA5p{>-E;0RokzF<1HBIP@U|u<}E}d=fI|hPh$^oZiGw{84&{Z&LGDi72Xz-n-Hs zP}*n3E2`g|C?Cj)SBPSoyJejAz;bldS{V?~wo1!`-?K9BlwG~JXj=z2pz&>DwK|1= z)6Txh85JF2`A^wZy4>_~B2?b}YN1K;39l``?q4{v+Br=HiK{!!66t#8QtQsJ6ZSIP z#=X{=PrZDtvf=~>4|%d2;)WRHl*M$YoF<(PiOG(H*vo-PBnSwiFspP!b=q8r*j=f0 zVSI29JF`(A2V-xB+*scDjCb~i9Vny+4K1Slu3Zit>KIB6z1pqNv=RfsVCz%hk6D`t5fsUo8%>)l*%%jYfVW6RhAVF*}%W z7fiiv&8eFY-~A1skGG0Oqv_S{n}bzp)zQM>=&3`fSPD)IYgwozgdCe07?G!(v%{Xa zyIA?%OFeKxt;I@lZy~-hez$vnpj1`^O2I=pb)I;rswK?{0 z(JW|7{yCCkl*2u4dL{?mv6z>^)zpZEPo-TLQc6x(b&3sI5pq}AHnlV;=!bD3n=cIB z^tOPYw+e-dxP4&R<8Dhu72$oye*3T9R@oOcJoezNjq475-<;@`tGwg!4gL%HYXDyOpw#-F zihGc7CB6l9su!|%eXNXYU7v zB+%R?Z4S+=wUbn!i8xgtB647BKW3o5f|art$h!L++0S0kMQGdTC=<{o!2IJYtM?y~ z@B;(IpT$?d5pCDN=foR;%KLS3eK2S^vTc{BX@XkK8o#kZoV&7Q|1h?I?I$m6DnCUQv=vX0?c} zUQ^?Iv~si128NvVpSNur@cto1+73RPpK93>mcS|)$ftHM`cuVRyLge?{oqPsgOX`_!hEWh0sXk?K!%7NsQ zrO>dZ`EP9?*Q0`>?Wgmu0UTXhpSq&W4PmvzJT527*0SsS$ecm;403$8V(R(z;?MpQ zyUIN{us(fvzD(XE4@U)z1>BsxXo!GHVHBOrC~#041Dq0ms?FK&5NA6RBhLW_lL&T; zPhBHQ7xjMu5=Ly_u(;3Rgw;6nR;4|}NyXWSW|U|U5|&>+?6m|jeJ9}^M7&DM3LFon z!fu~!RBc(fNEsH-guElBs1E^uJnin`_$AImC<8~J%p1ER*LNitgXk3wRIkRlk@xnd z2%`nfhiC9XYJlP^O`-we=H!X(sRcxcvGh%;Od^QOPyY4O*DP$i7GxbdV#Nve6&=B9 z5B_LhC4VTod)Bg>(}%d`iU=B+aYE71t6H6Otk(w+1zU6eM-$@o~I%2<-b5j3W za~Iv63GYJ$`5H+alC%kP&n@!#2aH%fCrz~8!xG}3#`DV;0<9Lnb=<2Pz`GMkPfUff z2u0WPY9g2J6pDn%;O}(AMDHE@4MReO{q>&qGX#T0{o^N3eJ3SrwkWyvLlv)oIJP{v zt-l63)i(BgXADB>G-JrD)K~$v8Jhz2Y}>amI(VDxIby|=**49y!ZcCRcj`=JtTKN- z;4O)S`wrEicnaXb9%cjv2qwt(w+YxBzl)@#a4{x-Wx1g9ph={|qFlXM2war_^4EUJ z2|Un?T%QNb#X0LGm@s~`ho=VZ2riCS(F0>VrB{ZWMxf z7{9CTbC~g^G6M@+*XyyutKq4z(|(y_-17BiUJ~Tp)ec!9Ir>Jy7ZG<1HTe^BEf3$krSZFuXE6YBhG+Ui_Q08#2a*{ zl+}7cjTLm_S1X-Sli!|JtdK4T_P7RMPF4%~E!P%Y;3{kt@dH6iAJW#*2}%{BsK;6H zU=eY9?+VG&oZm=>_g7ue&Jb-qH{_CX?z{^h``NZyf!S3qM|XQ{9YF@Ts%yeM?=pA< zEZT7G-k6C41Sc#);kctQ{F?SWZiih-YDhVsyq#!B-_@tb=k;jwxweew_PZxN2J3c5 zyXlI=1q&)u_k;Q(Sd4e%6UL7cB)TzQaldt#Pv(3hnh1V)!6VwF z-#T)4-mkc1{r-ZA$F95E>ZS=ey}zw~zMqtfytM21+f6P}@AauK()QOmJK90O9K`@m zqR{g(Xb&O!v%9Kob6K4Q-jIsAubPpy?#ADfI@jpj1kQ{wQ0^^>o9MDqCx0Oya|Cb( z_Ctpa_$>ChW!fUThjor9CE=7Xa~cGJPuxdOGbL1cuVGO(V~mIE9e4)fO#r7B zT9=h%1k^46xsy07?&=D48bJbVehhaqrx;OU+8CFrra1lndiyAob>7a<@9e}Pj)dQUsmBu;Bt8Yseh%-HE*vfCuB z9r)mC(NxvFgAh|0QCOG8H=EM(5U8s54Gu z0o74s6l^0?AV(!C8rZ|*4w8ehq8dl+qy8gg=-rW_&bnzK#}ons|5nV;12lS#CT0P7LJSXz#OUp&>T6#lb0zT$jc*&^aPJRwxCxMsTZ;-rR3_c zG+yCGc9eLFy_|VF-iYF>fd&|Dl?!F}8BZh|X_2Rtc&Nd~i@v?$^VwHSBE(z{@WeT07mmjQ6g`Ue_a5gp5~_(mGDmwgE%tiGM+ zWUWIhm{;R*LTGJ;g3z*(qp{~33nc~L+Bbf8d8EZpf z{=?}(gI|xTWx|4KnPhGSt?M3}guN`Wfsjx})~OQokD@?F>3aCsdbtM^2*yHI_(LJ8 zQKWrULT8}5!hvbXV6{mhiR4X(4mwCLmeB@ZPo-c8mN-zS@IX&D)7)yx&1v>!L<;rR z>O8uC8i7Qu*r&uvmHwDvnlV!dWXvn1?QzivFd6#-BdKN}>L0LVIE!kLwpTu2kJq=* z#~oCLQtt$74hjR#c#HZQNe)Ph0E}YE@)ubwx3Tj{Aq^|R2YUap!^vi&omMx?e76ij zJBfo*io2(`5w!%^&ll0nGro<92-atMS zXnt0jT*;YxF`z;D5Ufy7)Vxm&-~tw{4cGvEh5C&nR`>IfqxfzIQ2i)AnvjRsY()Et zYQ)X=(HN+n)XIn($xC_h80{h?LTONHfQZ09qDP}NT4ZFI(`CmeY|L40Pl+E+^^hFx zkUN2;FvbK8;^G#Br|3+PRYm<5rkfU0-$k<1u*)twQMURwUt*SN7%PXLezSi{7V{76 zEd#I*8ZlObaJ@=JOPE~K4h+j11e8UE+_>W}%Vq@c&N6z%I%Uy-F0e(h%W>|N;6LXc!M`=oc3+I+5*xe!vJexqKz-P#gw)S8&Nv~}1zCrUT}2I9IA zAp{es$UXY9mO_ydsS$l7_E2!Yo>LGTmrs2G%Rm&gIS@{Ac=; zY_yFNGSLczGG}Kp2aBsNT-UVlrm2x5E#~pj`5~ls2JS7?XL}!Z$PAcCm?CGRpt1yv zKYui0>%~?lZ9NGmMtLFfW6+I|T9RhXtOdVyB?VDn>{L8*W3-WkRup`MMTmtm%BWb@ zl-Tb6&={o;dWuAfAU%J)X5{M+j^ztv7X?NJv6_4h#162B1;iv@y6MH*c0FSGC9K|1 z@hx$8Z?GwmpySDsr@8uDW*R@B!v6E&`GK)5$65_Ta3?{u;eZsP;pQ*z1Fn0jj2`9? zMQ~PpkM_>^l3$WxNY33_N$#1pcEbxgoVy`sV?U2y8r`A4{rR4s?zSZ4SvZLz-)lOBv*n4cvM+5H{X7PfatG1uis$`fjFsnjR$f3aNqf!x1iU0m5kbTa+IraT#xapkOk#Ikr0c=>#>eN+?9H(v4o#@%OTzXHyN z;`a@i-}X^5!~Xr9Nkb)wwc-qSx+3K-SsxrzY8i%-%exPKCKwr&TMmA@T=j0H4uO-==r253F zltFKHxg4qO*Wx!G^KF2p4lc)@j+8wwVwgA|GbPhs1akX7is0z+7wwqcQWm^hY*;;f z`r`@&PNOVIxj(;LaEpS*gDi!ZnA@m-%!79-F zqFas&NKcI3TC?5d{Zy-MQ2)DTjk+Dj#rKZD8#q)GUiIgNIWzua&ssZXkFC;f=6xaB zH~x;u%?x3a3>^aPP+rmg`;r_2O}$Gpd~X&R4|pDfOuus!Ms%FvUp01FOpI>}&bXPl z4y-5e*m>U3y3G#fKF|9%3MWsSUwIyO^tG*8)Ek@DU-Gmcb&(T;n>er7EY|TlDjy;H z*AsK{^FQ+!@Q^Os3-700X0uLg1Jo-+fu9&bN4#n$n5<%M&m9h4QF>0e>)vr8ql>OX zOm=WB@Dr6!SqIB}EFEkgWY$tQwoEu1eFyg`=z< ztxU-}Bk=bqLN4YLx9qyaf9g>ikNNy*IV*_zhs2DQKj|b7$c)0#g?K!HcAZk1G$tJX zJunNFfgJ{moe;BfzZ{HLW0^geuFN#kE34fq4n~S%4^n%T_b%!-VA&*`<{OE1tz6+8 zj^4Iz(=Cm147*zIj{LyVn{i*nn2GOlkI(^j7ueM?NEMMNusQ@`^WXhdnj+xh@ zGTL6huN3prrHQ@%91yal!PFJ?7xrL~l~s1e z{Ljw)EWvsL%!jnGxQl_Kw?{^c>;)9I(-=M#{p%es3~X5B<1sVvujFQ@^mAK14sIk4 zH^Mxx0A#g2T1^*=C@5^T~Vc`iE`tg?g2gwVknrgH7Fh zrU1L+Gev|=YpK$K#+W9Gqo9cz<3VI&+f{PmjsqC$wRWX{Gbu6!>@cg2fU`U|_v+}6 z{W*N##xUC%^R%~>(C!8KrnA2(`Ht+J@%gDK@!B&_c7V$cmqVFntS&VOmQR$qS!PpX z(IURW2uchRS~JTk$3Z5}R4?Fc)W0Y?;k$GpVNxjHGoV!UlQl@;U{GzBar;o--&szhFIc* zlaCi;rY+Ye*I*|FlcUQ*sE@^5TsiyU6%1BA6^hBUnKw|+j@gdwl^IO}!QVB&PuXUJ zQUWJB4=tq|KJQq|kY$dRBw<8~1qTI^)x^(DjT{7~0z@X!yNEsaL_V$3@i-HXVecm5 zTNTIMxpB1vIXK77n*Ys8!~Yl3{O$%@ZA(*SQu9ks$7Qjcg`S$4dV~hI^Pm0$ntT3# z#MGC#<_4^(TjAwm&L7x>&W$j?c>mGW51QMv*MR*88UtO74LPW5;Jv)Z@P)=S_` z0KSFbfPC-;@RxJIHC6lYd+5cKHk}Z(_ zZ8>TSE9T7nz@B})%-Gq^<7(yfS`jirc4s)?Xb#T^vYkg;4LcLr5m({>iTNpuH0E1` zLy=Jl8eQL#wSMbnn^7XcHDjLpx?2Mkdu+;7adq5?F)=?_3spj5BV6>GfcquDfZDs8$*gT_%W%~jTX+o z=ka4fkVlo}=V+{>Vk4Up{=#VJ-&tYV$eRLUPDBS@1s{TnjR)-L1BrHxn*(UTvr97mpgFBu45Q`>l#ciBkg$KBVhL8i5Gk z2NzI%vDK0ZoN8vk(}lJpe)-`f{;z2iJhI*NvC!|D`;!=ZKghq9ER`Xsr8N3T8poIw zIAv%&hdKz85trmEXP&bgaWQ0!w*tEy^@mBk-P3o++o1R#aMRQl{BfWI=1#!}D?@Ew1so#_diB8WsMmSz#j8$0 zyF_r?drFOS(zTgPNLCj@oMMiwsi2TQNg~Tnk{e5e$0O?m;y!8jeWH?cmy6@$)@&VH zuJ~W$1N0yR-J0+RsMwM&G}~ZWhOd5Ml-ZEWzDQ zO14*gr--i_myjjJj(O3#dtH0 zjj9dv(N!P`+|k&a1h#~G>rf1Z*<1QcqRrec_90w*)Ig1wPGub}-RWG`y0%S3gH;P1 z=#Ox7EN8?BbOY1Uro}V$(We|>mDhSP&D}*2QC>x|oYATkRbeFJ0P`^-k%@BXiJ2eI zIj(1d?p@b!Hl*>JN>Ciz07vQwV~}^r1?&E$Ygbap@t6JR1L&`x5~Z(CRFHadPA`z7 z2nrfz$P6={^C=jEG`~C~=nok-(1XHghGMdKr{wZ8DrZu2yx7tVphbyS%!0uG$mpIi zw$EatA|lFMOvjVV$b$@-lz|~thM}AxX#a{_PApV9ZLzH1M6iHR!wx760^(!b*S~fmcYG4Oe4|y%mmTG&7g4prefWz;>-uA1x*S#B!{=u+G8=)k?NH>N2CU z3ZNcK2Ps7uc>QpV@U&#mB=|mXFL&C+EF|waYUO1rSaeimETu|BM;mzA;mUUtrYzzIs9|M zcmevpniF(TAG4y6wNSX!M?mK;D48)(_nht@VsL~?n*CpJQ*$7+j4nwBF5W=Vr^9VL zA{HQAtF+bC&%qx!co^H*9?Xko$b!H!Fxn&$^S{t060gyNfgRQ_)j$yvMt*{@DLgzI zm$CDkuYg;+|Dl^y=Pn3TG8Lj{mbW~-nAk@0WX;nf8?kPwtKtAqM_JYZEpTRB!)0`7 z2UR2)77g(@a&G>@zoHV z6d{(^buYu_3Ev7{pr9AJ{i!ErEiNM<5pjK+XiXQ8QAb|9J?25YH7^v8KUoBqS}(4C z*SkQd9KvGWgxlYH7td}k8o)zv2f;Ky#Epa^RCjK&pmlV??Un=68to}rp<;d#^1)yM z+nN0@><_@Cshp6+`y90qv*3ve8&Roc_Iypv-8TGy8f%(mPi6_+h^r{m{V1;oJdiO; ztYw0yr;2cHflF&NU$*g8iHA@#pR(mFi{V${4cv@T8*#k>ne?&y+X%9QB1kYt!q4lO(Eo|VNdpOWKJ`p zB8zd)5F4b4#gUT+0`nw7jCOZLvpE>`l5*irr5Dw>l7c0cS^Fp4ZrurHSS7y0^=Z$%jA(Pj5K0jEa`T-f68RPlIp#<=8Bx%_ zLfE`erH=eXp!KpPnAaK4$2^nhz9Q+cm%9CR1q~Cm05fnIk0jsHq7{p)rxcWAFd$Wv z{NtID6`$ppE}XCKvKa1g75Nq`jR=}I2c!7BCs+ZBK@|YDE~rfZxLbf?$L*;`;#N%D zmN?gHpVx41k2LDX{hmd072%@cb$)g6X^Bl%1Y{%>p-ilQ#I!Hx2F^odjbce28Y5!x zL=XKHVIkN2KMHT;yTbcf$Y~&InlK^rckZ-9aG9$=^2VVQuN%!)M3IVTg%Lc{OrA0~ zmC(+>0u}28W+%MTSN(?+U~RpGCnbfP_-=vyGlOV9XaU~_X=Z*n06 z1$zE899Wl#y}E%#5A0KxjvKcJOk1-icGlss!z(dAtK@#ixo;RwSVPIRmSbZ(=z_UI zct+X@Nvv0DgjxiKF^h$T6Y^`+mW(qKAlk(w6{Lh9H4JB0H{VgV+o&{ZrM2I7qoV|8 zYzJpA9u>Hmfe{2%1)em_)cQ-|GVNVjqMAB#&w$spYj8-OghbS9Gmb834OS>IYnw%g|iE;oFMhD;teFJ)m$x|MB=A%6r@MTCg z-K;qDn?y_~10Xto9%_Ibzwl2L@Q~X6l%QZcA~LnWVaD$*82T;bPQrGlgs8WLxLyr7 z+oka`0{ZSx(#oNmNxrRjoLKh@m*5m$v9`Yne2`_d-;n)w@tlDllQ2M6z8M zby2PShh)q{j8K`LRIjEgMcefUp~27cF4t+n&xiDsEv7p^kEA5dNpV?Z(;3lc-GjF` z;ZYEW;!=qXes4ZBfP7!^_UJtEVHf?WI@KfwW=;971`RaRZ-_#To%|Lg69^3? zM{l#OxLg?j48Qe!d&+3?`1lVL3_ITwnZm$Sq|4b#*yN;qhZ^($gPm_`yGq-A^J;I< z_~v4JOr;ITsg(PF{j68MS-{QfDO1$xz&m@0xWHl}{a&taq$rQ89{96anN#T$Ze8JN z?FYTuE-G+eJI|UV!nBY%U9xFR3$K(H+z~wo(mHEnY}7>V*@q(5avrhv1@RCl{rV|j zKy>WWD*RC&+q8L3YBvhXDGM&b1!ExXskEnpfp?HFZ0G|g9}-qNZH%8VlW3${Yj_J*{} z@j{ujYTq{>r}H%(f)Z>_PEPaLV&vSsyjx`Os1gc)@v`n!8UOD;ps1sHf?ul5cv9W{ zsaWNo6#=us-$sS%!QC8~zteIw&hTSJCFq%Whl*Dv^2gzo!y6mK`*E+&{b|$+4k_Rb z&V%!@?3@QR?vyo`H?*|`!xL1vH`OK1GP8u@7(jK&ggYEzHQxiRpyf^EJ5wx-6pXLv zh8`PS|8T4+00tq**hP0nSt4j1q9U96?_<%xPtYa%RE9N~OoYRr+$$*hX?$o=m8UZp zDw5m1!uW1Fe#oj#f(GD8tNZx2l7XNm3+t1}%l zrQ(CN@qo~Q`$NBqllAqgzZLpFyKIx|ps`Yg#foxwaIsTw$WBkc3sZR!t*6MN?t)x! z%A{l(!*zc*J8X+&=_;zP|LBd|L&^k$Z_CGPjUN*Z!gMYj`d18*c1BqF~CWP{gjt#-Lxjqf5@_yV4p6k`r{IF8 z9i78_kqssR)lQTS<^NOfkK2e|Wn1&S_#5bY2KQJbej6ZZeo~$)1gE6jLQfBrUE$fd zpL2%PXe3@^_!K$X5^KBnUn<>I+J9J4N9HPpT{qLt_9h!GK@A*FAoqo8;31 z6X^g{-qS3ch6|_`&+V`~sFuDKPa}G}tw?XuuzPl*{JS|-#3>kjO*pL0gcsGk`ig0^ zWN4w;>BVJ$4SMe>7~XUiRi$R=0Cf&YXTD63Hd4S}-ZH}p250;*Q8$;HZkIUyChF6B*ix1_XjaF_f zrAvY9$?9cT{R~S{zvT~0r)=sKUp&rFjGDkn_(Q!l^~KLYybrrV&yE(cYevaSe!2+i zbKrFhdtSkCGcqaM$h_9o;WcW1Whi~Z(jvo}N{x(ffbg*WrPekZtcOwdawR;GFCPO1 z+yHkHWi5=)A2mlve~}&Vol*APYsKeOM85tq3BfU0&#u2mQWOgsTs(}a>;*5z5jli# zZVk(`Rr}{Toc=j3mezb86*;GjuuTE{T<08{dPy`tIJ;;n9{-OyB@ZqDFo3BH$S2RTZo-bVbXm_=xDJu{FKhc~EU5i>rixc4~L z^%fB{?E5<&eQ;2spKm$IRV>s{4_lZLD0!L37=NtM?R2hVoI?w4QMQ+s0ycHt z!N_AGMCoUZW--=ocS(7H#_3T7rAA-3$@i}EY3ENRzv3qA#2HTp=e?YgaFkM7wjlcY*!7)zAUl(!f+npLpZe?(kuEFEGiz z$2Utd1GbLcd5P;VgRCs+2Ac0iK`nGf^`HYOnUy;c@3y96G?^um@+XMVJbBC+Z)xVY zq#_PsOLG}P$t&3vtiA36c_Nd+)r%AwE$jfwp#^udWCpgh+(I&xvt2 zw;`o#FkJbY%>M9nzSJr`DK}4#Bc?(19O*sApg!v{oe_DapIjz%ftI)5+?Vb#y#x8|N*+g^~9Lzjs#nD|;^nAP8)Kl8iLy zS^ZGJ?o(+kI36ZZEQ5(VU7I_Md4S z_(H~^4GUCgH{bggywRNKGNPQ0=kq3f&8HY08*$VIwE)hMxWHR(-;FGFk690_-*{j; zQv2AxVK)x4i0f_Dw1@>7$gC}6Vq4k>f+5QS(PgTeAdF9O$Q;z}NVRxGGSS3uognI4 zy7(d(|JR!@z+bh(LaoCMBvm*$v@hr4ClD%j?=>czgRFQQ!vWpIEf7{KjmT1!3DP9m zLE6JZljRhFmP-}3mOJM-@1a>Mg!X&RoCyxb{`w{~>Q#DTk8A7p&zi}$?`AxS;H5o) z)9jRoqoq13oG`iZq?%ifuK2l>O zMG1K2e`zccmgjQ9+M<4#ZX(c%v~Z*o?uq}gAmGmRH;YDKqF zi?P1kAsAe1PcbttZWCU|nFl-?N>qTeg@Df3rpi(=u|!p=n0m5Ev-8QyBBG#nE}L)X z$@F)cDx7hQRS|Xe6SLpgY?cCFp6>EI@6H}2<_3p`1oOlqk?`;;qG$P)lVNEke8!E; z$6InM8;`AfjDDQ`XCd8DQBmG0AU}0`uP-r;8_N6E0-SiVIjE@ntH(P2K178Gk7qiX2S@oLydgNpF)701?%2Ux_>+U;{ zvq^XNtkz)6k~OSI;N(^;vVz2f6TCPn$v7?sN#w-kp}?aXIA8JW;LrREK*~HWmr*K2 zQdXoxDT9<8^B-h|!)((Ov-|(c(+PUBg!D=43ImN;P_D0I0jpC}rl9BX7=pYtQ3o2x za1Whc%l!R;5TtKCJY<3HUQqO!%Hshw6WDnZWi_f|&u;nQzT4ctF$YAimNX<8jBR^6s>eS+KpaL@FK3PCmikiXUp0a3b;b`0rn;!Wg6V_?*0x69q-Ewn$N{k68~gB?tHjHLY%=7(&F!Nv4Z z;V?zER~(=))hLmVmBU!~IPxRCy+wfwZkQF9^qtW2-89WXBlaXLo-8%(aprVKV`c4E zSy6^HIKU8>PpL!F5X3tp0{`59!+8Y}W;nzaSyv+;4W%KqxvZ0k#w!GlB5HEw&D0~` z?R>fCD)0)wx6=Rz(7dTcmPiicVFy_%^DQ_Qxx;;EX=nz_qRY8XgNl}3h@U@W`t8XM z{wW|rq?-o)?Aa5L%b=WPzS-+cU{4=1C(vV=x9=eN6_h-=Pby^o+tq)33|(l_k~V(R zuq4;MyPIk~#gi@&i6$z>c{Ji?&2~|hL-=yAZpwD&E2C^TG`gbR=-&(QolCN~dZnq?R3Lqlw%`;w_6jz=I}8&ex}n%`znUo(`;{@>P zDH|Mf)0HNyyq=|RpmE4i3w>K8-iu8M@YgySrnxL2ZM6ej`lScnPOJXIM6bU zwrL z2j2OsL6~Gyk0v003sjWgt6&x+@~?RlIsn9oy2|yTJ9o4cTbOEx64}quTb<#w0^u-0 zf+eWcO>hS@!+D2XFcECs+%{=U6Po%6j=y(iJShui;j0+GEMUM&x}egF^`;S%B#R#q zZM4BI7mbydu>#A2=m@*;y+%Sr+K_CFAMi8x?ZqUz1&=L0X5d4gyV*8v(iXFb&<`T| zf#((39KSq4t&3#+Y25L?Q^sZz30Hl^a>L6T%QNdduaU_y#M4gnC{EsB zvQMWnn)?Qg^J}l8$3D25bDLW#P*>Z0_k>gR;A)y=!?k)@G|N9f{;Qlolxsh2 zYD?IPVO5DrxB}X@0R1l$@J@k4lcu_%r~Z^81$j|ccP1G>o49sJ#g4Q;5BK*UabV>j zkZ93^i7vSup5)^fN>PXOz6H|UEiC(nVvRW|s}G}lgk$n)1Foqt2y~k&x<3G`#933~ zoO|+hd!;r#*ik1$T?D+5enmm&4tt%0oUbVmwwo$zlRe{4LJo7PRB=82JCE4(x*wR) z8@L@zQ>C;bpT1+ASQ51~don1gZ;BSikd`hlzZgdt<YV2oT)eA-KB-cXt>xxCM7ef(3WC;O_438r%u)?wYU3{XXZMZ+>tAGgH&k-Bo+n z+H0+i({0u)v9FyUPVaCX%VD=6A8};zh{vq*s;B;OX!Xe&pHndG+nfOoi94`UH%s-n z8(bOwwMh9O2@d;wSdGGv-SbQZ4lIK4`NH6skNwfp8%3<0n4h=ScBv=FYyv8x@3#Pq z{}mL=AFHG2mYeX$>p|VEvZ;~XqdQGih+$syv$h4U3w7_@-CwR;t=E5qYrV=(86NZR zJbUH2A__QUJIkE^cn*vv>&`caw0<%Q>Usl6hIhX#& zPSSBXJ==4AW_w?T1F!CZZ-S;2lmdhqWEC~V{iS9 zeL?*J_GhuJ?3l==P=HT*@*m<2BOgW>{&%;!aEMo)lr$g3c-D!LBuq%0fzv13_eRMM zEc$HTWh>W;^xf!ABMI{&^N5LZi(0bZg(Lv`_anvORRC%AI41ys&!;I6WQKoIb-_yy zLFH}BRcc%BzSthtdoy86q5L5n4vlNUa|0-2#q=&6-uAzMgpwwgSG*u$ur}k+UU2Ox z;N&vt)8JMV+hiGoyR0{5A)N$~C~yCP1Fth)_zY@%py_}{1nckt<+8*JwvlD5@jA@O z(8TBNZ^+!Hrxs%;obx$TZNansTq)yCTNk*B>w#hYsU_je>Nd`2HO=ZG+uSq*USLlO z&7CA16ZL|!V%b#VQNW(MVW`tx*ZMKzVhQOW59WV$>Jfe=6CXKOU8|hGmyfB-e_YOH zF#Zo)b6gYY*BrjgNlJ;P%~WhM`3$d}1JA1$(wFmaM?$7SFyZmc8|LXI#+_4Xk;trB zlxf?@jTBV8Ya_xLx{%?@gM%)le6WCrrw|FoqZpaJO)kr8_Z z?m1~i{)-H~CIjKuVs1?? z*UVck5_@a7?;U^W2xwPf!144IT8kOh)*Ti}12>fP*|YX)3OCD3q_*`eGY3Af=HK@X zo8@etk%?6%DQLufGb8z$@(+vRTqayhMW%fIiJ7DSUv(I}$82(e5j3XU-{fX; z2nQHJzR{Gp&;BtATET>J?OWfayByvz9jacr@)nKd4z zKa5BtTtdNhTA`LxlZ_TJf+b7LGEB}?I^dec!^iHh%!LA$YJHx>^fBAW%V<~ev8M56 z!N!?aX2S1E;ary(s7ygtGLsMG>Ph{@vBS-K7bS7}0%)I|4N8$k|7XPSC|}7&^s`AP zwvIE0`MF%+n>!1>6pk5sMs=yXU8CrE93Vp8q%<#~zb8v&snYXt5DWgHKKR>^3))h= zt%Zy)=$8jyfJRmo(Yus9l0_I^md}R#IfAEw@B|KGCcojmO41&vu*S&4Z_v#aBE|Eu z#HrmK25BpS`WMn>N$~#sj^uA=Q~)ZCYQ2)bFNSChmotgdJof!dyzR~PK_@~WY#5)j zID^&7%0$xcN6=(`vC#Zft6n~37V|!fDMfV#dqDmy#Q!tljr9!hrf!tB*X6S0@OYgMb%UVF&w9FhFO!l``MYU?p(2*kzyZH0s)Qq9y-h>_8 z|7t}f>?tWMABg#sWzh{v*Jq3nXhn?;YKu$_L=Zm$>PsC|p>r9N%`sX-eo!LP%?9)trz%W<4X$`h11a5^g{HD2Rg$s4S2c2mqxxv;#T z3LQZ0Jfssz)@Enl#IRNvT(AD#9WCY)yR(016C=yrdvIh1${}HKNMc!W64vB&8=t4} z>Nz~ha|UAIg^;(`e@e+sAh-a+6*WJ7#6c!C|F@s;TLk|kP(J`gi)!>E4NoyCX>khB z`?deuo5m&M4`3hk*WwDBCgI? zDa;)x%L|kh_G=X`Pq?zDOxU4^o$IlTlRD+#M^^W6ft-ot+qTcfR)l`6U2c%g1(!1m zbGqOgoUOC2Mq74!J2deozJ7p1SD{;(-NWJhQ^I&%&!A7$>ie_rAo7`bBimFNN1F!k zf{hA6=yx9H%N0Glg|~iXsnYreb>00&KZ+OvQVlXLdM}c4*+RqCw{{Vf=>IKOSn@EG# z+to!iO!v1zQ*au1n=LV4(tdd_w(Yt#zm{k)={Awg}neJsqd_Sdw-=S!JaYoT0@8kdsf^dqE zbUP3!KXelYQJS-y^cX4ZVEQR+w4Ix|5+wNc8=$)G4e{;5GzHaxP z_hLtJ_MV#~*B8wQw2)bc9)?RvcZ+&hr`@hdGKL?AE{#6OU=8p@sC2+@yX|jT!jC%R z4wUSM8y*S-cHxk~j}QK&%55n^OhnEavdT@&*}8Wk_HO0M=YtZ5iSitbg5Sewm0XSG zsg;OleK_aKYVyqDZzAJ!v35)<=-Bk~?mTHu?N_ez40q&{d$~;*aDMLNuNjd_N&-OIn|q;XdG-g$Mmyd!j7QYvofB!VO@6wiq=(3#UKT*}rwZ;3 zTTu zsgzTpKG6`^Xf`6`Cn`Q#LSaLVGFbV4;q7gql+D5@N>(p8Ek|S};`Un#7QdP-xCjkI z%rwq8WEoyJn1$m+l1gB!zYhucY)$FyMM)~!Q7ET$Ff8+VL(9V0&-p%Kzr!3XZA84A zQXbE#9a^8#CQ(018W!&8>^OMN$ggK%9BNR<(;<0n3-^94Rw@^|8t4k7N}ULg#Q z#6(UJeB^935onkE)<7o)gy?#Uab~Rfc_6Xm+=ZqjZ8mmaF9x$<^^`M*V69&y zu;ak9_vI|&BI04k`q~!q?oOF$kMO}Zo+O9A-Cv>2HShAyYXPaEw^7fr_*%HT`CS{V z?@r_JI)t)*<1eh358*HpL&`k{Sb@%%$fmEmoU8_J;W#rd-OJgzs%LKBMU|c}!7vlq zSQA|QAEoIa;=mzcF&o&Y`o%u?Z~^9*e+ZaGNJ&NnXJz(hLGVOb&_Z+58Z#mt$pMR< z=QxPW#wgiVg@x1R(>(MZNmob~Ow%(BZ=y{amVEw=!+1r)xO+GIjuTq(b|&JSp`T=s zX?zr7j~TbY2JhY6x)LgJH!9=X=Bl8R50r}kXI#ZB@sH8NL?dVN{w7LXAf0q8dU#$$ z6VX_1V5QJY3F0DlcrU z6-sItLK%}}HkYT-scKP4_-O~@YhalBu*e-m04+|oxX)SN$KN!Hdy?4uR&z@3nfPkK zN4z4DGDjd(SbJ?^Mg1MahjdNy_gUyLs^U)BjYuH`j60V$$HO9-hAPE*f+e8vp2g(VK+6dmUpwU3#W(`d7-{RMjV z!#={ra%>=%D0G|RS3ozbiA)CHarNz^wo}vvegvHf-^ZTjUcu24h}pSy1>a)AU9k-k zG}i0i!z2m;*L41}j@S>MeJG+_+A(o_6bbRBpnWi`5VJ^o!;klFAA`HdvuXH6f^Uz9F7CFh` z_)Ti!KrTxLxnkuOPpV8+OzHuGD%-P1OK`w!2llCf^Fe$%@qhS{f{R1SGjBPP%XQ+h zv_IN!p7#%xwccenzwevq)TC#E6%pm(U?ild@cn>`%G8w+UpsKYB&sM%`BLWa1_?RG z0%r*MrJDr7jb*_C!abZM45|l5{0CWYEfpWYy)VwzlENR8ypfnQdKt;bv-ufDeDFvm z%5eZ2-_1)-UfisywvEF&fD^GpC~Xof8#Rz0>buk3mGl^zX5-906V8NgWf&D=!x>O~ zFZu<)AJfDrg!@YYAmVg3mr+wBQ3!^ashP#t{6B!G>wf?d84rb$)4(c}0W!{ap=DD| zF~PQc<}5yJv7Me_r>8Jv3bhI=H#N1&TD)LYcZBo}e!|~35elkD?z&NHkOhjwks5h! zL&l?zcvr%%u`?H3yp1}^}K6YhY)Y$V(T*Tm&=6H3Wj=3D%f z3$X77mlL8TwjWK@$8R|`Wen8n@(eRR9nA?gAk$2cr~#RT0ALX$=pUy`t}@S(5$v^h2#;gdA-mB?=Eu|!dTc2^~trLExdO(j}|Z8|0)-wjgX@%G(+ zZEspK@311G7M)bG`!Q>!xzx1%1B+nzTV`M$g%5)jiC1|I*ac z>ik@x88s3I@8Icaqkh{OZhj_1?-KI-q~>t$+Tl(Z5t5uhqh&R^wp)Mfnmvb;AV-oW z9F{Z>QA`p*^-G4Z(e&N&cl~W4_Qx+HhH&}^g~n^%$q%>cLD$l`F^Qkc%6^3ltE%!^ zbX8u$HSV1)*z++pJmbPca?2Z8qi*1ms-ReogzX<5B?Po**#gN7UGMuHv|l_#rudQeCed3l*MS1+0}Q6vF7&0W{Ta9j@G zjK~^*VH=jYLUVD6TyDJQ!cQ8KZs?K!^sN=4R=sbZ%x0}SedcB7(bXXT`K5Si!-j7( z^x7gl9>t}fDg|&KjrZubwz?#?meC_YkW`4OlIlMR)nJS}aCB_gjQ`Vc@#mw?_kJIk zMoUI%YRhtKq-w{MKgF%q7GD$ItiI3$Yx%07?b?X~13VD60Ry$-AMA2G1BROWG+#nD zVUjC$dKwE#Sc>`Qj>r;rA(=Ukw5}~sJ{?YUJ$GqHk=?$rXtI`LZ|+^O?4ge5T7~jsqOJ?p+ml-)m`&>)gNSDV_BPH>w579R!<4+bXNzhEnc7|38G9 zCK`W|FRd56nX$a#w)_541m(`KXECDlHIko;Yr!W{Kw@W7z(%1=&qn`O zkW_Wk09JVU;!&(+71?mt+nj9F5zdp9wEZ2{1U9c{$x$hBp+OW7B zYrYI|0(-b3Tp~dNYv0GMX^)EC!ZL>=I8V$q;|{Y8!nT1KH4fVqbKk2m&J%s#7w0;T zVVU*djCNWp4_^DtPfsn8$vzz(d}b4v9cmrk9P>U3&&#)Mn^y{F0;Xpdy7e!;cA1NN zh-!NT556AruSug&#{Onv-82j5yw{whr9c9dH z8|an?>{%kqp18Lb7MJ)e;EatGf;y*p=?7DzqJEjWTdWHI2>PU27pl*Ik#})TbA?un zN=k-O@pg^uaT3sR7&+ARTkhXSew^9y6#nnx2sx)N<0t=l+@^ADim1MxF40}id1Np< zN7XfMpr4V?fp6d=9N`H%V>d+K>JPtiH?~Boo9lggcX_C+vonW5gP>!aM3Ze=W;Zaf z%Cdc?%HaO)x~X{jJ)n8qIuD#sRP{h6=y}XCYcO3nUrb!6-GT8~pVDTuT?;_SK{T+I z{5kN+i2cY{5PHYNnATmUe%;^D&&oj!M+Jv|Gwwsr!l2crzHxo%WiQvr9ni;x53LF< zVyj5^gg#g>*7FzqdYn%raYuqj$LSlvZyarRELCF%usqza%BQ&=396$MFz{g%kxS6g zUsRTQp-Qai^JsntRrYLL$DYZd~+EK5R<>J?@&iX;o-2v#)PH225zWdxXuIo zrsl*G;luh}m?N6^q7$~}w`+8Cf>U_Hj$FT@%I^X?VZnLb6}skAgofbD%F{Ay>$Ae) zvck1;bNG&LrkW+Bbd}*4C_tcfMVY|vYEvRX6<3O?jw8{4Q7{e4dtpcAV=B>KU zr5x!oQ*J~X)So6>@8})sbs5a(Lfu8W^?PRlIfxS_T|$1h}I(2dw0|J z_oa$UD6~Kf+!l*SI_O80?Zi)}nrgn`%$?fYXT$XzVOfFyh~Wx`a*R4 z^5Zyd+Xw$>qU!?2+)pJd&JK8XO;qcCog{V|#}M%hxvr>)hlnMfA}}y*Q7e;*@xODg zB>6&0GNl2 zsT?-luP;x(+dN&pb1k>Gw|^<+i2sa;n3G_j3xgV)cpwHP4U<%H`b_Grv}CmomPnmo4uK7A)W!WHS$xE@6K;L+W(${xcmwamo-o| z&TF^EGM474+x<8k;5SRa)f!^R*9kNg?O|Hmcyr|C>-zV{zqh5a{(o7uUx9?w?Uz8H zhT2|$?{hi8?=6N5(qM+)f(6=Q4;kP8c zQY_VVb$k3)v!RnEa7yqCrh?1x0xl*~(|aY$`!32P3FE?* z+OV=sj2IjmD9LU+y;@u14|V)F*OAb6iaa>vTh(@E-7ISgqKZYRYpU+_)NX$rEA6*c z0!qSUomgXggV&b!AZhkchXb;<+DXz!{>a080aH0)6%}_A?g~Zw(;K(g9;qedr$d~f#IOT?dP-Km!N|Mb`_%rpgVQhJ5>2G4{`I>m*! z6|CizPSM<-f-*9HwX)m)d2+SCBU|S74clH*@*GC?4Zd?2fUBi+|Qzg`BAP%+ud+ znlrOuu?72(9Umm=)J-N1^>3nB0}WR!-olk6GforW?^=s=6w!kx5X*Wf!C_*wmu|Sf zl#B4Jy+gdwg+;@(5SdlWMZ^sYxef0n`G4Hryrp}Lz^7waunB?9^Sen>k0ij!>KGLN zKKuoF@=d6xw{d9yRk3|6!yJVZ56zB!*cK=y`E4+^m!#IB>>RPp_8r&3kT6Ov>S2Se z-#Eai{cX4dZ?!7wTQw$z{}sl>{8|joCDE9D%0%6fc%afh%JJ#-ENPx~&){R#7vz-P zlWCU-wp6(s@O0{X*K3kSSJFa6*SWE(+>1Y7?)>D$0h|HKnc+>klU`h5fveQf!xa(M zqiN`1$8mi2rz#1Bh+J@LDg0i#yXFh{;=+9I*46YDF3K^daHg;m?@5tP+h|5kw7&`N zTVWGxUX-%;utZhjdbJVZGBF3C^04K+lE z8_I<{?ALE!X*`%6Vn1C_X#IC@cvXL23!1KF0p zP23W6<X1 zaJRZz6n3XKV&1q{8D^~ln#%}qBad6_u2=|sC3J9Hmsob~#Rgsn%Lf+8w{`p;q){g( zHMi-ofwsL!b#oS4&%>rTo+j@+{zsbeCyLpE1x=}X)j_iI@=Q_XV*aqBNGTM}88TTJ zk2tz!5b+ly)EJ{)qS)K)!B%mCsTO4cA|;`lMOm9kLY%-NsoX3&vZOeBYwVX@)df?qL&xGJw0WE*jkKnrHJFZ+VGKA0H@;DF<@>$^pK{ucJ0K$8Ei2UJ)FQsNE%{0q7gL`CAzansAz!g>Mzp2 zKYp}g3K9=iJ#Gn%9YJoXC;o6!5!)>tEt6Ag+|8*;wdVYfoq6+f1aL%}h-VX+KJkHvIk8)$CulXPSZ8P~jiO+LD;v&IGjxjKN*1sTV=5 zSW+@+Hj+2`Mmz&d?Eds<2e$q8O<&0!8!-ZmNKpCVkGR(lZip`o859710=T;d z<`VAxhi}IasOPCR4~K36wc_8*gITwOQxd4+{D$@`-Zu&Kw9e&JqKiEmN9hw^dV9ra zD0=a|>ubzi0H{Dwa}Y4Ms8fIlZ!8-Vy9Aa8?!o=Sk|2iMe69vBg)(n*f`@L%R{NUZ zU(vBl&|(=MwvucPk>e1-y8ur#En&`y?iO!DQYHhjxN&{S0`RYt{OOcnSR1+|q8F3r zGlIV-1tT|tDDnfD8;E!M>ymo$iLYu28JN1$9td}JP);kjQGu!*=uV^l$Rr1niDubA zt`b0B3fB>(K!ci@oWY% z8aOJrBod-o<6$3~t}%h}zgzxF5*jlwZ2&{M+Cvcpg6M-2PWk2@}g-&27*F z!=j+ae~yjme($vv%Zze3(}^gu4YjQbL$`D=_wbNMr~LH;zlEkFg`nJbArOLw zVJW3ev?8(&C2E|wy!jc&+*l^?Ko-im52}rr=5>gF{p=xQo19-NHaUN~wqj3Uyk|Qt zHr7#|=lIUMJ@btFDo8AaX701KW~FYx`}D`MqLM<5-sR)g!Dc7|dbw%_ecYxjH}{gd z(bo3~A-Iy@C1j0|%pjDQEH4GggDVd0T+dN>I9G(*xrtruv)?2=FWUA)T@Qt1-FGQ!Zc85=! ze~;mW6ul1h^{hR(`bxg(!4BJN<>x&D9$HpUb~%&nDyhSn+!cl=cifyDspkhcKOt3% z>2kO>tg9f-K{cI|awITm-HZIolFI^_t|mj3i|LclZ+edo?n>9+-aSkC(s`EYAcG>l zt5MeG?O`kB5p}pd9P~$Sd|eVd$>+fE;K_}~Tq#5ycLSBaDe5DnHhRjIxs$O(8JiUf zhuQkjkpx|^Lm$tg6||a-s$b74KLL*}`l;TIV#7WGKCPF$+*5rV(WiI#NX?>!xz>Y9 z+8j^@H&(fqG@uc?F+_5G>2c7xhrj^jND0b^7|2csEdS?#HE9q{fH zuSttF$yX3)u2w~XUrq0(Si@c366af8_@q+F9A)yl8kOf#qicE?0?XVxP-Q&&esv}z2-K%NsN4+Hp2q4!pnjLf$&+`O?!@9nk*e6 z_dt~#C_EtGF@xb+@s5vebG0O5_q#7&31sK*^JY&q`bJNTN*=XlPmCD-h@xGcpfI6*+2cJ5E+X;fNYXUWTnvgi^Q5n3+cN zeU2k)Dvk9gw#>nxL?JuniPRKnX)XdVGL`DRl+#Tx{BowoQQc_4m@)`72?Ij_DxRBT zWf)p3B}c6>l{YC4GGaSzxa_t)_`0gyoKs-dRhB<{Qpgzu8I#VqdW(`gB1(>4zg~3X z;lXpv2^ZO zYOGxZXul_zUX`=7Xo!-xHqDMw?_)bixBPgh{8iY=OzihiU1oUT2<0D_dsA(XgLh01 zCw(v!Cn{`6z|{;b3N3dqKT|2Wj#%JCOLox|l_5CO1t|mp;==St1l3(}?u_K5G2@K0 z#UICi(<7Z)+D;r@LAe@FMbrNAncdb{)?=v^@4mQJ#zr6N<0m)#y@d>hu(3hDQmFMZ$lPA8S+B8A=VDn)gd!;&C& z$Jy4V^Y>a7x5QM<21-XMQDYG77{aK7;jz4ZJX$3%Z|gvyZ^l)oB0;w2`YsuW2muxa zxh3$RCS7gYmMbG1-mgOK=sF97Me%EyqC32oxvtH(H`T(L$yK;Yv!|S2=_ntU^B9+D z{p69lNxf|NQE71^vj$|YvDQ5rQ27OVyg#ljx(}r!j?qI%Y5D%0wJu@DMDz7f6`y_; zM*4{;28)xtv5o`+-PG25@^DyBXKic*5zS41uX3(--P(yMtcR%1QZ!PwE7mYsPv~wJ zc+Oj>_U4?c4(rWvIf!P^k1`|Sp=){Tyjd{F*+rh!0yW-GOQM}jRU!)39K zAQP{P@bqy<$#T-I36%9A_emw@5(~P%M3If-n31R7VFC^U1d^~D6NuIY+q7By(OYC| ztSh|8@nC{3<@oJ9zgV}@l-*e4F3RH(Q`b+mW0uGEJpFlmdd-5|u#jSc5mNCiD*15u+MgIc(Y)vL2%X2u=G z^hbMxW22_4db<>Q^(|B!J|@cL`o-ld%asOO)WsHigU>i>_su~j*2^4CdM8_nMwDNV zW9iEY(@GFshsJBKn*6HGD!3_WzZM!)jR0NhR>2Obrw6~YtbJsBUbW%y!)2j@Ek6Ob z(vI-{`DCqa`pahORkf`~)+bS@PcEMu3oa)9ZU`*r;qZk$$s*kd%KA2@)6;`PrSL&v&No3nfuTDhg$&z)K7Z8P`2 z-Ko$b2bAJ z@T|Egq~uvW$EQcl<4Z7y9+fxtw$i#tO&cyc$6jr`W6z*C34>JHF?z^A1wQi^hZV0A zJ{>jvQUSC)mIupB{Of1u`1QI74Xs%1vk+&`(E6=wr+t>Zl2Uww`VGC^{JG`YQ~5T* z3?#f(R}Dj=QVU=bHipm19c|02LAz)Po6i1n@;+Mc7C2irT9+CLJ!Dsc99msg_Zy#O z9ulaTz$=Tb9OA77J{uIORnssEMPt#cv-_^oVI!dl)cSQq_wAVhgtssW5&|pfLAjaF ze2SS5F>?lS;l^n|oGSw*k4XsNzmrNbKMS3`L0^HW;btiN;af_P*>IRsy^Lpz)geB0 zbJ-OT2-!RIDWz?1_W?mNf+YHaMI9vyUl!K-XH=E7cd^P-Q*lr{*=zKw#rV{L z14RH1=$EAp|5nWLm^A5z$FDD3lx>Tm?PfU(|AO2X!EHUk$oztW9-l3jFY+wWQBGVF zgBC~88Hi_QBfuQ#7ug3X#?FnY|ByU$jn`tAq1#Qo7c%NXyYX&EgcVbsny>q+75!C` zv`F9p|H6$a-z2+3F=MARXQb*;;uy7ZT>ikCG0utlkX4>K5e#h#e8a50qP6&O`J*e3 z`&F2fH2|`Gdg?`_0(O5F;ssnEH0-_C=Xf9;M zcO#OJ#EhneZm*0s5A zZr)-mtzsL-YTM3-cv_kyQRP?+nPjJmfv>=C<1Qf|YDz2yty(3HOkriTZzsm3Nu%S> zchze;hbc{oTUf*IYLh8IAOr5V6i6JhKlf$z7M7 z6*g9-Xa}!%64mgp2@rz?<54>tTj)Y*PL#Lgu9Hw-9yTHNfQkDGtoOmX9tGAbuWHdU z6^TI=ISZa;o59;4MM4Gg4}bEe(1!3hoVFb-a26WDrEXEK2R9$Kn=9`y7Ay-tmvDl8 zQrT7os0=d|rg$e}y>%jNQbUua$iMg;slRyNGM~iKe>grHxR?eqPIchAO88AebdD5% zB={HioHfg}H~X6q2_Wx=^SjDSMkEqac%2M(%zGyxKqCRbOJ(vVe}6URabjwe`!Y}Z zUF1eN%{3#Lffk-r?YoH?DShxr+72&;4SkI#PV<)ujXTNt{%{8^qkg#eycC9(9n-vJ zH&eVfW-}~mfpx6u3F+gm$FfH@jqAKK0$A-6udUg)RaO&(i?-gGZIN>xyrFkDEM}f_ zwXER5pi{uo84XxHG%axLh#!vINOfrLM7d0qkOZGAGZ1y1HJhQ^EfPZTS86o!Fg+I+ zfSm;W)k8Onn}KXSxLK|r5kHEtPui~NL2a?!F7!35=D1{8jXJI^{Rr3;%;YKEK2flp^Cc5r)Rd=B5C>~%U`x(1AMH$?hPz8I7>BdS zlyaWdkvjOdL*vF}bQ&c}=-JJ~nq97(2mzhiV*}A*F3r0+s{-s1-#dE3mggL+OLwKV zBF{>^{I-hMgFU>n8g^pn6QvE7F&^&9QW+AQAJv#Kgi6IW`BF>M7Cn(h`dZ*Nq`hsA z%0qX~+r~eH-tEQE<87a}y1%WbrNkv?2~9QXBc9+`ca_Q7a%2dO#)Oi7uUHKpO#?qR zcfpiSQ=9G07!1Ugm_FIfYA=UiX~Gkj_k4e%?R;^iM51!bqCyJ_SBDyvJIWv&|Oi zD@`R|!#qGQZvoQ!12B*|I)av7UcWiMqF?DOI8%0L%6$)ghqEqumCY>&lMQ$*TuQ0LnkEChxgwu z-Q+)j7)vgLw}trGE%ys4L}!`>KwQ8Er?s>=2=bjKp(W6q!>pyY0W1F%cESpsJsIbK z&br1iH)L5267)@60$9#J3wgw4kxKw(Wp6bw<;4h@brX%6U=sufLB?#WWDd zA{-*-#tfs~W@=Fnm*e-HYUV9h0 zFhaHW4)muH*ftgt8=LqWC?TIe@O&AJ(~*-y2o)4477?Eni?s4}JV=&3^Jy7ru9 z8FwP}d-6LUi)d^UAa%f(06v9X={p$@7ArrT)B!>gl(bds{n$ufpJI5d3)y7#5o^8vnc#Z3yBQ zAFvewmfcS=XgnaKa9kcsv3<~2wzqp0ndciWyV3r?R2=jtPkG-!Rsu?apMy4%Urdhc zZAQ`oGjiKOVaPa=?^lH=@ANU+4HC2h|7{Xq*Duw#xnUZQDj3|jrRPGbDr&BsZqQI}OLV-(VTwoOuq8V!&J-R@Saquj|v$;@XOOtM= z9(eD!+0v{5C+iirz}EXn`KZ`YYxl?b%N0h%y^)L=r$0kx+pZnT5Zkicd%!UfdMOen zd3SsL+5g|0%QrHnv-+*^J+3XdPw=N(E_zG(X!iC|Kg~|t?@vlO+%Cr7fxS%+=gkJ2 z<~%HA2c(WpY^V=8niMi!B2MY4eO{8DhqcduuGl?o^reI}mBmv{dA&Ul5T%%W1(4qo zXJ67HG%`p&@mWPKEAk`zKDT`0%PfobJcM=cPX0Trvi;>LK8<{0C|0mqzhv@qn=zwd zo$kD)+u(*}`JLrWZ02)st2Qo;C;;|>Ky-<-_IJf9K8Z+(6}3khmpf`md`wpB@^`hd z+w-RFxF0SDj!vTY3d#h*+k$Xc3hqs={#+-uXxmLaNQW&N{9scZp|aN-{lCsbegn!w zJEmW9Yrsp(A65Q}$~&--Bz3VocnV}|Q-T6z|`l^=@ z@pI-aY!+EENS8=ZS5$i2RF)KBfGnX%GeE|$q& zxk`7xeKeCkvH}CQ9pEZLuW$F zSDT_J9C-N<(NTE7Z&7lT+jXciH-{JVJ!WQwoJapj$7+re!=Jg(3S-H@7kiwt7xZ_X zA#?XTYC?X?)h06F9|PJsxZPKa-~2fnQn*P8`1z;me=x$0j+;>+ucfU^=u1Ri*Oslk zjMZpAS@_DHmDtYQp?Aw!#jdw%^AL#8Ou|bIwz}48b=V2~s^u7(^1Zr1K@=lrmpTMh zHUmq@mi5cy4FU!qO}r{b{9+vSiIPS{o3#Bg?XU~1+`(SxuzBgkXzGJ)@kI+a9V%nf zQdz~Ys~APbkmksbhZD@iUG#F(WfQ&^mh8yBQv&LSiM%KF&1M?gyK;1aJ?FaC*)_un z6M63Fmj_|SaBv{25#v#vA7j?hJxBNff zPc_+OXT0gLy**B{xZ?b2#@a=%`a34|i|HNrP)7#Uu|%GuYOVg`GkS%}SUV!A_V-8c}CTHSgq^L@JmsHZ-*AIl1KB1bWAsO^Xc05@=xJPGni&g>cN>8p*kd+%%V7aiM(S@>U?91ilRpQSa(&VYii$Dvvi2& zxqvEBfjbC8=;kZmpgG#(VJB5Mfl!WXMeeJ?&H|Fd`fk}=#4NmEU z=eA&mtt)3qs+i~|vN>62C|;JdiXjbz8%-&jj@05{ji-_UOeYN7L$Qd_;A_O)NC|KK zhS^uyy$`CQA-LliPo)*5chas4dIfGB5rb*dHAdc)*vBFjQr>HDoXMkUb!s}l8hG{9w;B4B_>uDv>@W-{Rr&^U3JGCpcMeWUs4dw&SP%V6 zSn_0BckOX#oS>Z{mtPUEG_TW$2v#c_IvR)V@#faAe{oBcrBWQTou=xL8>AyuWDsx` zxKd%)dQMyeXKaqyY^KS{N8%|`!gO{$=z93qgWRzr%47wEK^>_RXdoF5zc@$)3UPMp z_uw^#A%Ws?(KStzcbzAL;6107oQMqj%IJu8Z9jCGDfltzgK6TbS)KlCKAgrJ8H=@m zu|m8^DjdDvsdyuXdDT;h;!(->#N&)yFq!^z@Xa~kn;6x2JnO`ASNmq~HtsPSkMqmsT#?h%LdQ?hm< z?5<4J6)|Qe4gUPz!|yA?!7|Sv*~wbZsL>w|PG`Xqun7-xY3uU>Sf_&OHw{Nv zk#HO!b4`E5KU^MNAN3RyJ1?Rmy>gFL8H=m(`+2$Y$TN(Ex>u*H*z0F_y8e6{eZV?9 zPz*m@?Rgb0n)+6U6G=PjaV&0Lt~iW(jD}NR@eK<)S!d+&({UC0sZH}7_}8d_#uB3^ z{!ryTc*peg`%=VPx;MHvJM*ch*;UeR+49`%Mic4k0nRUB_S>~J&C%kwyCp1V4E=zR zTnzOzR0gwlI0boXEyeJzbMu*_&dnK&qLSNkR8mjv`_k}~ad!+=P})TE06s>jVsQ`4WYNUc))Pn#ZW6GQY$lCl1|nyQL2Osb0r*ZZ0XwSq44G zT(SMm=WjvA-+y<_e%UhCe#$MQU`~JEN9k$)th#8r~S>W#{6~eh4#FJ z$?YElwIj#lJOSEOZJxQU&#UZKEUG8i@mpINo~O|RM83KVjep*;7I56Hx@Hn~V1|p2 z;e$%LJ`j2hw`%_ckUY)u$*MTjpM@A%#s}L+F9QknD`t7xRs$`%xI3+=0JcZs1Y)=B zo&3IIqJN^{%EZEY-Fd;{YWq$dM;O?q#S4Eh<^lboDs1-JOGda=-8}_%R^I>|0!Uli zf%F%69ELCxd<*gjKNxI3zu6@KvE^T-D8#E|rket&Ar!VG;!I&i)>gG*Xfh-y{FCFo z8IY@Izz_(9!w`_-y}sIB6*J>MF9hsjeDeS%C{<94#@pyzw)+PlJ~ktTfxk{_HgWaQXi$?mMHJ>e_9ihy@j2QADXWdWlk{ zOA`U5S1D0xO7Ecuk@70iLWy*c-VuaIjfhGI>4X+(2?-?j0hI9C>MJ1AyrCh3t)AUO49%tipfL0lHX~f7K6UpgJ{XeeBKl>4iGDrlKKn`5 zalVVu7?HG+K$=50mByA*QQXt8w(rz~a4KC7*$Zy1coBlErdV++E*3_zluw{k2T~mE zw=wHT;2P|Kkt_en55TGqzcx4HVOGqX_pXbIib^rxq}^)#oyCS@2v2vD#cAw*sOC)7 zlGSL+impIW3%v%C^m;VN)AqW!mifY3S_d?S=)M8Z2n|RNCQxbLnK@xNw*7QP%mn#! z7srw14fRaVw>ExXtD=`otG!C$EW*W~dc3UxiQqYqf=qhOaLZtV>t;MVxk$B$)<3}0Bk*I99-FXw&Hpg@+m181DB%V8cs5(Uxb?8n~ zx^!|5N*=jc?H}1wb+w>!MPWM!47u@ihx1$Z`lBKYHnPfVb&C>8oJ zZ)~_xQ9}M!FzOEJD_fiX?i%`*V|GAMHp*a5Ie#Lk@lVSw9 z(Us}Z-x`@apGt9i#swXWHhNyDT^@>O5~RjGd}#QE?t7gOq8ov2K7VPLILT>Jdxhd2X2bl`ls8Yvn2zf-1nJ5 zApIWl9FaC!S2bT(Ej!zCd^|gvJMiIvGA($^?d9zxt!`kEds&ox@3TNlQ>e38lWT+x zL$=JDdP;Kk2;IgKoR5o=5BV#1qMY2`$Fu#ypq*q{iiGSA`eguRvvWE8tk@lIXKzdh zx%&-&w!qMf(Y|9f?7_d%pd4j)xISe{L4Zw05_YXB|-VUT5}%+DznZ5Jt}4u85?x#CK2#5bP%%g=DXQ zH(cd$xv+&ju5vXVok;2gD#rJn@G}V4KI(?|k-VluAKccKXLSLk40^i!hdjFe$^~N} zWyj`x8=TQqLpKe)G(T{1+B*n#9hOiMRpU~UaAefc)0SpQbh+ti#gJzisA)VrZ+ArL zw4=e-G6pAZsEsTRkBoy*XF>OYfh-Z=T(vehkG7?k8xqiOEtb~9Nfu|IP#yE(TG)7> zLYy(UGg$iie1D}w+(S*h_)q(%nLssH=oI@nXVQCRF@`h5R2Me~b-653;cjSJ&DS@C z<V_fXExOmP32p}_r;6YQ<$K>YEI-jijBHy@<432xiP~)u#XsQSV$M=Se0=M= z>b1deTa#AVDx#>_uF>x2(csmsO9!7v#V4SwDSQ^43e}E5h8X#@^S#({Q#5D8@rPQ3 z_ucN8bQ0?I;oe!yYO9-PT5=r?(3JuTae6x}r6F%Lp)062h8l(LSWfI9@*v1y8YpUl zdNa4AY>&7z*Twd%`+}>f!q6E|*a5Jb&5Z$}es7T>I~HGcEU~>*&{|1CN@N&$OSCQS z#;WhPWa(HP7w?!8wOf9R!G5R$-s|Y@Pjf%kLRVpy>FcfKSrPM{JPKJyK|-nmv*2LuPoSrbz`7FA9{Wk;-oTxsl!O&3~=*^=@0!l;Wg*e81NpIL^1m!nyMSdIxjb7=w0|`g+!E{T7RN@p+xV z>jH053mjj|=#d-D53hXcc*C7@R~~F3{Fkh))Tqh6xyVhyOA!hICzxCt@3XHscUh_xwEmoyIUbc>`SV3q=ZCp><9wUtm^r4jloAl(M9d2WSAzqt zZXcuZcwYaVY&)IH2*!~2P zUCMDj&{I5p#b{cO4eoY_OBXrkHe@RVa?ZqV-SQ4S6WPH+Dv$D9sO~yP0XUH=kSS4I?4W;g8(MO*S@Hd}T=vg`Y@A6pcAT9< zguu$Q6vWXdIrsp8G5Jm+9la9v-YF}(m!Q}Z)k1jC&m8wO;RO)B#&&KG!7c;($uvcLbr#gMk z==Vdr4bAXIkT}y4a0FI zw5X3Gtz`wC4?o!=G!Ne^8T*Fp^#4}5Wi@(unOW9!Fs?{ z?uZej&jTP&6C<-0TT|PC#?#ev@ujuG-YKmsZ;>x2vDJL#wK)}I9)9e*<6h22`}zh= zmATyBcN<>xw>l{he$BJrZ@FqMR`kR4bB{Zz(9B*$Vf-t(6vT==J{&&G6Jx}l0^Uh8 zj(i?d*Euvhx z;TIiq(*4xf`?u{2EMg%ud5x<0tW~nH3NJdNzBBN>YqBu3HmJK6E;Mq>bOU;Zs7uI} zbvzshCf^T`8vicn$^aT=15`-`Kw=raseGsD(VM?&rho>>Mo2L+^B*~1She%xNTHs! zL0ZgXlQqF(rkCjWK7u*-LF`qz8j8;aO^Eh|w@Rrhg!}nGP4L@L(C1DO11Jve&42qi zAPA)Z^ZQRy{l`4;@0**M%>PyGQQ-Wm#2`N^?un{;&~uyHzMwBdz_pj?0-E-zT5)CPIhlKq&IDEk3JcHU z4B7Gyfad|sYFoMmmBo%jcTR)uw*uck+SfL$^c(^4jq7?RRBZ^nfeBq`I==cQQP*g} z7GYm%6UWuAq-8;yU^^!!Fk+!UU|+R_3(_2grrT35MGBJ%J#7*w;k)iwQ$bGnLnm>} zrC)QVFZWG`#GNtPL9R1IwvD=UqMVX<)!HB{57OI3*Zo1BagWP%I?tNUn}UOifU`Pt zU-SO1?`l5PIR|zOiX1E>uJ9P}daaMUJ90S=9kIsgRO8klX|8yxA66cA$v*BPsK$>j z%=0S>d7kOTnr{b zeT*M5HU#7>vko+qP|^*fEA~=lm(Dcbb(Zn~h>*GLC(;5ho%{3iRW<0@3Y{v3B6x+w zJEOPtqxX$@BSUm|9V&CBat9Gg(yNckn6Hdo)$>7b?LY}&-;^4Q_UGbuV2(II+<7mh zD0$ID*rA^Xk=?LhbFS42@s+XiWE5n3iW9X z8u)2A3H~q_Nw^di!!#svWSqCZJj+fVJb}eY@duMqeYFyhbfPs{5cTjn- z(6l)vrZV<}Ge#?8WbfU#E0X?O$6Lj(*5yB3#nu3bVE>0J?|=#Ee>y4{g-X_>dDY6G zHzoL;hSq||oq~u1GJjjz-gWM0XM9qCKFGP{eY5p-)#6zwjspX@9DP4m*_#Nic{?X5 z!`h5L8@jt{+6~AJP-MpyRjOE|h0X7s_ZfSgD43b>cI~b--#y01f2U<38(hfZc;ee1 zytV`R3!FJq%B%cIpR~B}-4)w@Y(4d#(A4oXds{)}S+a@G+oi-U2>psXkc9e&R!=*D?`x#fxT&fe#IsY(5o6q+d znR2fcWYfx~sk0MU!VTAQoP5iAa;sH}HPndpa^+}VFP6o^jF{S?{US{qC;BtP#}$(v zB}cmPLjR=C)jR;PkJFJjs|tiy=DdXolca@4Rx&s0sdnXMuAAHC-|=2TCh7Kpx6&=u z7plDSRb?&8+ena4kDOCe!^%~vdlLG33Fv8kdm|nD4;X7hDO*N9s-Z6ucuNw(SM)(- z#Cv7Y{PCX9YHn`DD@E=q{`!h?X?rj76e`p$2R~bLBa~l)!s^3+9(#%|@#M<;n|$BP zn%!R8JG@{yLJ2rq^QQ6hMay+&2FFuw3$ZN~>6&z)}|&~JGDIk{nG*{-m66y$Ca zbvdR~W!iyC@N4{g?#Cp68HXsLji)>j_UzPbhVEv|+w+`icZBdBhKLvVyHedY-Aw~3 zjnf-K^9c|`LDXlrh!muU@A`ngc>R}H{EzkJ|6LSry|bg|ZCoLD8wvKTsZNeDa#uR2_R8$(#=p~ zFK0#O@0()H{NqCj&z7El3}@yEc3+VfLn#Owfo-r zXydxn+a$}q?S3T7i;4_+4MH380%cjO4c<74v&5e)Y=u3aZ_2v0+@TIQndbY4%T(d@ zorl&pN{5wj$n{`|RzO-E#^x|F<65GwBey-kO^DnFmiViedzP{IUtwLp%pXk!E6w_2 zE@meGOg0L%mm;2G*}tCfhQA`E*v`oba8{L^;8)uX?6|1KyS8Jzs5r?lzBc#3Cz|!r z6JF`mh%rW9r%q)KnZ{NDG_V$)y8vJ1& zvk@Z@gYYj6Ivor1lYPH!)m08JnQg^%Hb^2*RLri*5$*~AGPoabLt{vQp@CcjS;((a z|7%5bn^~lT_2|C)@Q(F304-B51C{~Hd492>4|nXo4kyZX?`6FG8c7&>KX?-Gk@X3% zbd$eMCe2C=-z^AKQWY<4>qs`M-+5=bbyDNxDA~}45p-V=h#Q26=0cfi$9UHlt}Ljr z&rrvNC-u_%yvt1-sqAct4>fKZ4`0eF@s-#ddK(+SdcC60Kp;fisMc()1^|n$&em`+%jy-BSfE3kG;xxnCXJpkY2^yGJ60(@8~TIeGaAZhKQxgS;q z3Pw=@!#p*FVBWd5DKJ1rx3WjJFSkE69)8yR&gBE9!uD~9xQH6p&g$kdQ0_&*M*M{V zKxu&g<)$n^tY$ydT>%JAfMWpm9()<1?>JCh`9n@H{NXdh5ZZaK@BYKE{)=#}`X7Yr zzi;AvK-~WKu7i?0y#aoAem)EcB~m`4EH|C3c|e@>=mH!KOJDYq5FbX1t*=Lx!oF^? ze}9{pu>zjL*rFW|_vG#E9QNY^K49vJ)JqNVRq)k>N#8~0JC!GTO=ZNY#j>f#HQDhzP9lL7;DMu@IP6MQ-EQD zZsf@t?`L7Qvkx6_aR(_uqSqS2qm`AKM4sWz0f*wl+n1$@>QjM%1s$6Dz@1~JN0zi% z@Jl*mIdrAN!+r50)#`}Zvv(4~{f3IiH){EzX?mWr$*t$ddJ|XPYAYlq`b)kCO9(wd zdaFB>ox3RHA8}JK?a?%`*R|7n%6KX!5iC_Vo>LPCW*>aW$6Y_ZKJknXHG{4ym(+Ge z!oK=e^{fTmyPRkYK{yh1|L`D#8ARjl2F*45tgI}JY2dB)^=_Wk28EbPADT{l42vj$ zB7s0&@yJrS? zRB>&Ga#4M<`ncx5L`K_uOTCGi{3drBI&KT-^aPfs#>Sr4uJ+yCmCw-C(-vZ>-L3w@ z>~m0%5yFMYmd;`3WDtLWMITl(JP0&iI8yCq<9z}O%Lg1W`mbhxo6X;VdrG}<#PJFX z;?JhvXNlF}li=6vTewfmb?bX8sT0F=VYUcA{a+*3nM44wKd<6GBU4{B<~0cMoKQUP zJ%BX1bzQWdwP9rH_R%A&4^=-}ZYlnitghpw@|WPfo8G40usaS-VIuPzHmk1>w{G-> zWES?$jLKd`vXgi9FH3}CyE1*=k1V8SpSatu_VNRNBNwzs0FEIhtaJq(fA$AZ|)R}4n@b99qKCzF^gbWgJ<9}BS&s1DC)T3;X1{TGn> z6A+zy+#U^v$-f>gtM3L2PR!P%Ewa5bW%c2CLDV8Qcjs=M&Tou`)g{-Oeoa&b55nc{g3?X)~*DUN`D37w31pW|y9(G*XD) zo;%glu|qGW&K_K8^6QSzb_%YFaQej`R9D3!>RhfR&v~yKc}*jL!b7n-7np3dxv z*APH*vFc{NnmUkpeb*Dp;&TqY$eH=^N|R>$x!cIj+(}!rOxH3?OjGa2o6pI){-WLy zbi|bzldJeZeI3cfVq1pjephK=ROnUg(Z%E~h;sBFQ8d*+Whf?CMKVc^e-oVVxj=xP zZ<<(i_X~2l3huL}BQc@P%@He@uo`S*i-ELYgrFNOvwvxcz^|h~#shx* z@p1qEY^D%fF|?NhEn=j3#L?Flx^@uOqqMVycyD$#!5dg3&e^@{gUs!Y1s z+@AZxozw#>lfav@z=+j+D53H1fa&dHIbAp<6ePw z7tcW;TQ+%?^Ja!!+t2|nCS8v29^5HYwQ{1UFp(s5u z88CF#D`v(uB>Hg2Y3p!Jl+s6C{Y0jh?!%+C0*n3m!M=0G#9>zwQhD+gl1rMn zDnO3zTpEY2r4oPEbZl-kOpXqqFvEhhIJBgWA!<)bEc;z9`5P z6xP}IeW(YaL_M_j>iu04d@z!eYPoTg=bWbK?!V^^jH2e!D;m`v4PC;CLkC60gL`L5 zYO`CLvaNA8dV`kTuyUP6B)M>T6=D7U0%u`1su=a#{btv}B{0@y%X6tg)G@l7;DvePVe~TUN$k!ArTu4(%0bcFpR!)08t*Py=cIs< zK3xIeIt;CIo!pZqb*mXEHLeiK3uOYcyVj_r zUn8;s2d`j=eMFl@)!KSWTN^4F*;Zs>bJzgwO2s0ydo!w%+l0Z%b-~5Gt4BCU&lsVu zm6-Z7hcoez=b#b2LGWGjFddlw&9vo~cL^g|K${y&-k-7Xnq@;drc!j9 z_O^*`%E4Mc=~K&NrERuKuZ8F5cOaCQ7BUKLb_M*<>N;faTclUieqV2OAgX0KMaek> zmB=$-zsw)>0n21}e~wgoYAI1o8895p-DIQUCYFzQEP4EQl^Su4@!F0CSpT_$wZSE| z9CYf1^ZacG;HB!hJA6r}wx`8)lj{a#t=;^|5NwbJdpjc!$|C$V^2!AvTE`+h!Kif-dusTs&1t%XfXUvSspShQIq);Ba@ zFZUpt*gxyMNvMRR;v}}7YersLLP44>HWG-N7eS4j)jYI#Ihcf{9U z9+U7|`h8&u{Y}0f7BrBk%n_WsK$d0)Qf%&x{oraia&G%?yE;U7#|@Or-|xEmwpiKo zt6nXgq79nL7Q5t= z(R6Wr%%PAVyZq!RZ1%NbmF9`g9}_-_R_FRxrVU13#kaPLI0pmJ>Au?5z72l}Mp*zon0X^7a8}CX{B5u%V_4mj0k}NvS+Gh6 zL^Nmz@@?tUrsdLEvMZcSiy!9ecr)$@;gboj(bwIfTxb)Ztu|YKD67#`Sml%raWMqf z_13kOO?d9vTuvZ|?5OPbeNen5thu$ElVA!6~(cWf=%6jw+B#}91(yKrR%zjCY4 z#YQiLU}ISk@~d^#as=C`*@%W&Pf8x5cf_>g^Cu4io*#AtC5P8rvIm=(VR5{N9mRd{ zv2{j{IYAf|C)1rW8`*4vukoDyO!-aL>&lnFy(w!mY-NpZ%VNRhsL6uOX%F_d9F=X1 z<(9Wv^~oi{xF&F5RK}lRXU-a29auiI-Bs+w{m_Px{2SA2hVd;{-y$!<@+pgIMHfAK z7)eElS-wLXHWDY)-~heb%L6CJO)s1Jm5!YcOvBI|NmxMM4CPy} zkWgF6s*pBculerVGtNtAjhr7~kD zcN5aKyWcHLyy|OGwHZurE{*0sNK!m&C%ZRy zNX-f4?&qhDo&UiAdMda+Rj;G8op&J(Du9dPaQlfXgU7T{SgtkiB?Lr!HEmddp{uEc4S28wfD!-GbOJz$|7&a;pp-}{ zaHLgd1OE!jWk<;^>uoQ6m-usfUkvHA`v0*@t~V6rf=3ti&hZU=qxYhvp{rh{`ZWAM E0L+_V9{>OV literal 0 HcmV?d00001 diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index e9504c9238..259bbf8b8a 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -16,89 +16,110 @@ author: greg-lindsay ## In this guide -This guide provides instructions for configuring a test lab that can be used as a proof of concept (PoC) environment where you can deploy Windows 10. The PoC enviroment is configured using Hyper-V and a minimum amount of resources. Detailed steps are provided for setting up the test lab, and for deploying Windows 10 under common scenarios with current deployment tools. The following topics are available in this guide: +This guide provides step-by-step instructions for configuring a proof of concept (PoC) environment where you can deploy Windows 10. The PoC enviroment is configured using Hyper-V and a minimum amount of resources. Detailed steps are provided for setting up the test lab, and for deploying Windows 10 under common scenarios with current deployment tools. The following topics are available in this guide: -
**Computer 1****Computer 2****Computer 1****Computer 2**
Role
+
- - + + + + + + - + - + - + - +
**Topic****Description**TopicDescription
[10 steps for pros](#10-steps-for-pros)A high level overview of the instructions provided in this guide.
[Hardware and software requirements](#hardware-and-software-requirements)Prerequisites to configure the test lab environment.Prerequisites to complete this guide.
[Lab setup](#lab-setup)A summary of the lab configuration.A summary of the PoC environment.
[Configure the PoC environment](#configure-the-poc-environment)Step by step instructions to configure the test lab environment.Step by step instructions to configure the PoC environment.
[Step by step: Deploy Windows 10](#windows-10-poc-guides)Instructions to deploy Windows 10 in the lab environment.Step by step instructions to deploy Windows 10 using the PoC environment.
+## 10 steps for pros + +The following are 10 high-level steps you can use to complete this guide without detailed instruction. + +1. Configure an internal network on a Hyper-V host computer. +2. Download a Windows Server evaluation VHD and copy it to create two VHDs for use in the lab. +3. Convert a physical computer to VHD using the Disk2vhd utility. +4. Download a Windows 10 evaluation .iso file. +5. Download tools. +6. + ## Hardware and software requirements -Two computers are required to complete this guide: +One computer is required to complete the guide; two computers are recommended. + +If you do not use a client computer on your corporate network to clone and mirror in the POC environment, you can use an arbitrary VM to represent this computer. - - - + + + - + - + - - + + - + - + - + - + - + - + - +
**Computer 1****Computer 2****Computer 1** (required)**Computer 2** (recommended)
RoleRole Hyper-V host Client
DescriptionDescription This computer will run Hyper-V, the Hyper-V management tools, and the Hyper-V Windows PowerShell module. This computer is a test system on your corporate network that will be converted to a VHD.
OSWindows 8/8.1/10 or Windows Server 2012/2012 R2/2016OSWindows 8/8.1/10 or Windows Server 2008 R2/2012/2012 R2/2016* Windows 7 or a later
EditionEdition Enterprise, Professional, or Education Any
ArchitectureArchitecture 64-bitAny*Any
RAMRAM 8 GB RAM (16 GB recommended) Any
DiskDisk 50 GB available hard disk space (100 GB recommended) Any
CPUCPU SLAT-Capable CPU Any
NetworkNetwork Internet connection Any
->*Retaining applications and settings during the upgrade process requires that architecture (32 or 64-bit) is the same before and after the upgrade. +>Retaining applications and settings during the upgrade process requires that architecture (32 or 64-bit) is the same before and after the upgrade. + +*Hyper-V can be installed on a computer running Windows Server 2008 R2. However, the Windows PowerShell module for Hyper-V is not available on Windows Server 2008 R2. Steps to configure Hyper-V on Windows Server 2008 R2 using WMI are provided in [Appendix A: Configuring Hyper-V settings on 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2). + +Note: The Hyper-V role cannot be installed on Windows 7 or earlier versions of Windows. You can host virtual machines (VMs) on Windows 7 with [Windows Virtual PC](https://www.microsoft.com/en-us/download/details.aspx?id=3702) however this guide does not support using Windows Virtual PC. Note: Server Manager and other role management tools can be installed on Windows 7 SP1 by installing the [Remote Server Administration Tools](https://www.microsoft.com/en-us/download/details.aspx?id=7887) (RSAT). The RSAT for Windows 7 enables you to manage a remote computer running Windows Server 2008 R2. ## Lab setup @@ -120,8 +141,9 @@ See the following diagram: ### In this section [Install Hyper-V](#install-hyper-v)
-[Download VHDs](#download-vhds)
+[Download VHD and ISO files](#download-vhd-and-iso-files)
[Configure Hyper-V](#configure-hyper-v)
+[Convert PC to VHD](#convert-pc-to-vhd)
[Configure VHDs](#configure-vhds)
[Verify the configuration](#verify-the-configuration) @@ -129,16 +151,6 @@ See the following diagram: 1. Verify that the computer supports Hyper-V. - To install Hyper-V, the computer must be running one of the following operating systems, or a later operating system: - - Windows 8 - - Windows 8.1 - - Windows 10 - - Windows Server 2012 - - Windows Server 2012 R2 - - Winodws Server 2016 - - Note: A 64-bit operating system is requried to run Hyper-V. - Starting with Windows 8, the host computer’s microprocessor must support second level address translation (SLAT) to install Hyper-V. See [Hyper-V: List of SLAT-Capable CPUs for Hosts](http://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx) for more information. To verify your computer supports SLAT, open an administrator command prompt, type systeminfo, press ENTER, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example: @@ -151,29 +163,183 @@ See the following diagram: Second Level Address Translation: Yes Data Execution Prevention Available: Yes ``` - In the example above, the computer supports SLAT and Hyper-V. + In this example, the computer supports SLAT and Hyper-V. - If one or more requirements are evaluated as "No" then the computer does not support installing Hyper-V. However, if only the **"Virtualization Enabled In Firmware"** setting is incompatible, you might be able to enable virtualization in the BIOS and change this setting from "No" to "Yes." The location of this setting will depend on the manufacturer and BIOS version, but is often found associated with the BIOS security settings. + If one or more requirements are evaluated as "No" then the computer does not support installing Hyper-V. However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the "Virtualization Enabled In Firmware" setting from "No" to "Yes." The location of this setting will depend on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings. + + You can also identify Hyper-V support using [tools](https://blogs.msdn.microsoft.com/taylorb/2008/06/19/hyper-v-will-my-computer-run-hyper-v-detecting-intel-vt-and-amd-v/) provided by the processor manufacturer, the [msinfo32](https://technet.microsoft.com/en-us/library/cc731397.aspx) tool, or you can download the [coreinfo](http://technet.microsoft.com/en-us/sysinternals/cc835722) utility and run it, as shown in the following example: + + ``` + C:\>coreinfo -v + + Coreinfo v3.31 - Dump information on system CPU and memory topology + Copyright (C) 2008-2014 Mark Russinovich + Sysinternals - www.sysinternals.com + + Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz + Intel64 Family 6 Model 42 Stepping 7, GenuineIntel + Microcode signature: 0000001B + HYPERVISOR - Hypervisor is present + VMX * Supports Intel hardware-assisted virtualization + EPT * Supports Intel extended page tables (SLAT) + ``` + + Note: A 64-bit operating system is requried to run Hyper-V. 2. Enable Hyper-V. - The Hyper-V feature is not installed by default. To get it, open an elevated Windows PowerShell window and type the following command. This command works to install Hyper-V on both Windows client and server operating systems: + The Hyper-V feature is not installed by default. To install it, open an elevated Windows PowerShell window and type the following command: ``` Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V –All ``` - When you are prompted to restart the computer, choose **Yes**. The computer might restart more than once. + When you are prompted to restart the computer, choose Yes. The computer might restart more than once. - You can also install Hyper-V using the Control Panel in Windows, under Turn Windows features on or off, as shown below: - - ![hyper-v feature](images/hyper-v-feature.png) -### Download VHDs + You can also install Hyper-V using the Control Panel in Windows under **Turn Windows features on or off** (client OS), or using Server Manager's **Add Roles and Features Wizard** (server OS), as shown below: + + ![hyper-v feature](images/hyper-v-feature.png)
+ ![hyper-v](images/svr_mgr2.png) + +### Download VHD and ISO files + +1. Create a directory on your Hyper-V host named C:\VHD and download a single [Windows Server 2012 R2 VHD](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2012-r2) from the TechNet Evaluation Center to the C:\VHD directory. + + **Important**: This guide assumes that VHDs are stored in the **C:\VHD** directory on the Hyper-V host. If you use a different directory to store VHDs, you must adjust steps in this guide appropriately. + + After completing registration you will be able to download the 7.47 GB Windows Server 2012 R2 evaluation VHD. + + ![VHD](images/download_vhd.png) + +2. Rename the VHD file that you downloaded to **2008R2-poc-1.vhd**. This is not required, but is done to make the filename simpler to recognize. +3. Copy the VHD to a second file also in the C:\VHD directory and name this VHD **2008R2-poc-2.vhd**. +4. Download the [Windows 10 Enterprise ISO](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise) from the TechNet Evaluation Center to the C:\VHD directory on your Hyper-V host. During registration, you must specify the type, version, and language of installation media to download. +5. Rename the ISO file that you downloaded to **w10-enterprise.iso**. Again, this is done so that the filename is simpler to type and recognize. + + In this example, a Windows 10 Enterprise, 64 bit, English VHD is chosen. You can choose a different version if desired. Note that Windows 10 in-place upgrade is only possible if the source operating system and installation media are both 32-bit or both 64-bit, so you should download the file version that corresponds to the version of your source computer for upgrade testing. After completing registration you will be able to download the 3.63 GB Windows 10 Enterprise evaluation ISO. The following commands and output display the procedures described in this section: + + ``` + C:\>mkdir VHD + + C:\>cd VHD + + C:\VHD>ren 9600*.vhd 2008R2-poc-1.vhd + + C:\VHD>copy 2008R2-poc-1.vhd 2008R2-poc-2.vhd + 1 file(s) copied. + + C:\VHD ren *.iso w10-enterprise.iso + C:\VHD>dir /B + 2008R2-poc-1.vhd + 2008R2-poc-2.vhd + w10-enterprise.iso + ``` + +### Convert PC to VHD + +1. Download the [Disk2vhd utility](https://technet.microsoft.com/en-us/library/ee656415.aspx), extract the .zip file and copy disk2vhd.exe to a flash drive or other location that is accessible from the computer you wish to convert. +>Note: You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media. +2. On the computer you wish to convert, double-click the disk2vhd utility to start the graphical user interface. +3. Select checkboxes next to the volumes you wish to copy and specify a location to save the resulting VHD or VHDX file. If your Hyper-V host is running Windows Server 2008 R2 you must choose VHD, otherwise choose VHDX. +4. Click **Create** to start creating a VHDX file. See the following example: + + ![disk2vhd](images/convert.png) + + In this example, the source computer has two hard drives, C: and E: and a system reserved partition. The VHDX file (w7.vhdx) is being saved to a flash drive (F:) in the F:\VHD directory.
+ **Note**: Disk2vhd can also save VHDs to local hard drives, even if they are the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those being converted. + +>If you have experience with Microsoft Virtual Machine Converter and prefer to use this tool instead of Disk2vhd, see [Appendix B: Microsoft Virtual Machine Converter](appendix-b-microsoft-virtual-machine-converter). + +5. When the Disk2vhd utility has completed converting the source computer to a VHD, copy the VHDX file (w7.vhdx) to your Hyper-V host in the C:\VHD directory. There should now be four files in this directory: + + ``` + C:\vhd>dir /B + 2008R2-poc-1.vhd + 2008R2-poc-2.vhd + w10-enterprise.iso + w7.VHDX + ``` ### Configure Hyper-V + Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2008 R2. If your Hyper-V host is running Windows Server 2008 R2, you can use the Hyper-V manager interface to configure Hyper-V, or you can use Hyper-V WMI. Some instructions to configure Hyper-V using WMI are also included in this guide for convenience. For instructions to configure Hyper-V on Windows Server 2008 R2, + +1. Open an elevated Windows PowerShell window and type the following command to create a virtual switch: + + ``` + New-VMSwitch -Name poc-internal -SwitchType Internal -Notes "PoC Network" + ``` + +2. At the elevated Windows PowerShell prompt, type the following command to determine the megabytes of RAM that are currently available on the Hyper-V host: + + ``` + (Get-Counter -Counter @("\Memory\Available MBytes")).countersamples.cookedvalue + ``` + **Note**: On a Hyper-V host computer with 16 GB of RAM installed, 12,000 MB of RAM or greater should be available if the computer is not also running other applications. If the computer has less than 12,000 MB of available RAM, try closing applications to free up more memory. + +3. Determine the available memory for VMs by dividing the available RAM by 4. For example: + + ``` + (Get-Counter -Counter @("\Memory\Available MBytes")).countersamples.cookedvalue/4 + 2775.5 + ``` + In this example, VMs must use a maximum of 2700 MB of RAM so that you can run four VMs simultaneously. + +4. At the elevated Windows PowerShell prompt, type the following command to create two new VMs using the resource values that were calculated in the previous step: + + ``` + $maxRAM = 2700MB + New-VM –Name "2012R2-DC1" –VHDPath c:\vhd\2008R2-poc-1.vhd -SwitchName poc-internal + Set-VMMemory -VMName "2012R2-DC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 + New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2008R2-poc-2.vhd -SwitchName poc-internal + Set-VMMemory -VMName "2012R2-SRV1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 + ``` + >Use the following Windows PowerShell commands to add VMs on Windows Server 2008 R2: + + ``` + + ``` + ### Configure VHDs +## Appendix A: Configuring Hyper-V on Windows Server 2008 R2 + +For more information, see [Hyper-V](https://technet.microsoft.com/library/cc730764.aspx) in the Windows Server TechNet Library. + + >To install Hyper-V on Windows Server 2008 R2, use the Add-WindowsFeature cmdlet: + + ``` + Add-WindowsFeature -Name Hyper-V + ``` + >Use the following Windows PowerShell commands to create a virtual switch on Windows Server 2008 R2: + + ``` + $SwitchFriendlyName = "poc-internal" + $InternalEthernetPortFriendlyName = $SwitchFriendlyName + $InternalSwitchPortFriendlyName = "poc" + $SwitchName = [guid]::NewGuid().ToString() + $InternalSwitchPortName = [guid]::NewGuid().ToString() + $InternalEthernetPortName = [guid]::NewGuid().ToString() + $NumLearnableAddresses = 1024 + $ScopeOfResidence = "" + $VirtualSwitchManagementService = gwmi Msvm_VirtualSwitchManagementService -namespace "root\virtualization" + $Result = $VirtualSwitchManagementService.CreateSwitch($SwitchName, $SwitchFriendlyName, $NumLearnableAddresses, $ScopeOfResidence) + $Switch = [WMI]$Result.CreatedVirtualSwitch + $Result = $VirtualSwitchManagementService.CreateSwitchPort($Switch, $InternalSwitchPortName, $InternalSwitchPortFriendlyName, $ScopeOfResidence) + $InternalSwitchPort = [WMI]$Result.CreatedSwitchPort + $Result = $VirtualSwitchManagementService.CreateInternalEthernetPortDynamicMac($InternalEthernetPortName, $InternalEthernetPortFriendlyName) + $InternalEthernetPort = [WMI]$Result.CreatedInternalEthernetPort + $query = "Associators of {$InternalEthernetPort} Where ResultClass=CIM_LanEndpoint" + $InternalLanEndPoint = gwmi -namespace root\virtualization -query $query + $Result = $VirtualSwitchManagementService.ConnectSwitchPort($InternalSwitchPort, $InternalLanEndPoint) + $filter = "SettingID='" + $InternalEthernetPort.DeviceID +"'" + $NetworkAdapterConfiguration = gwmi Win32_NetworkAdapterConfiguration -filter $filter + ``` + +## Appendix B: Microsoft Virtual Machine Converter + +You can also use [Microsoft Virtual Machine Converter](https://www.microsoft.com/en-us/download/details.aspx?id=42497) (MVMC) to create VHDs from a physical computer. The MVMC utility has enhanced functionality compared to the Disk2vhd utility in that it can be run from any network location, enables you to specify both a remote source computer and remote destination Hyper-V host, and automatically configures and installs the VM on the Hyper-V host. However, MVMC requires that the destination Hyper-V host be running the BITS compact server service, which is only available on Windows Server operating systems. Therefore, you cannot use MVMC if Hyper-V is running on Windows 8 or Windows 10. If you choose to use the MVMC utility instead of disk2vhd, complete the steps in the [Configure Hyper-V](#configure-hyper-v) section first so that you can specify a virtual switch and allocate RAM appropriately to the destination VM when asked to specify these parameters in the MVMC utility. + ## Windows 10 PoC guides - [Step by step: Deploy Windows 10 PoC with System Center Configuration Manager](windows-10-poc-sccm.md) From 4fea4bca030f49497ff38c8cf4392fea3d09807e Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 17 Aug 2016 10:08:38 -0700 Subject: [PATCH 05/53] upd --- windows/deploy/windows-10-poc.md | 34 +++++++++++++++++++------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 259bbf8b8a..dc93c24491 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -23,7 +23,7 @@ This guide provides step-by-step instructions for configuring a proof of concept Topic Description - [10 steps for pros](#10-steps-for-pros) + [Overview of procedures](#overview-of-procedures) A high level overview of the instructions provided in this guide. @@ -41,20 +41,21 @@ This guide provides step-by-step instructions for configuring a proof of concept [Step by step: Deploy Windows 10](#windows-10-poc-guides) - Step by step instructions to deploy Windows 10 using the PoC environment. + Detailed, step by step instructions to demonstrate a Windows 10 deployment. -## 10 steps for pros +## Overview of procedures -The following are 10 high-level steps you can use to complete this guide without detailed instruction. +The following is a high-level summary of procedures documented in this guide: 1. Configure an internal network on a Hyper-V host computer. -2. Download a Windows Server evaluation VHD and copy it to create two VHDs for use in the lab. +2. Download a Windows Server evaluation VHD for use in the lab. 3. Convert a physical computer to VHD using the Disk2vhd utility. -4. Download a Windows 10 evaluation .iso file. -5. Download tools. -6. +4. Download a Windows 10 Enterprise evaluation .iso file. +5. Configure Windows Server virtual machines. +6. Download and install tools. +7. Upgrade the client VM to Windows 10 Enterprise. ## Hardware and software requirements @@ -117,17 +118,18 @@ If you do not use a client computer on your corporate network to clone and mirro >Retaining applications and settings during the upgrade process requires that architecture (32 or 64-bit) is the same before and after the upgrade. -*Hyper-V can be installed on a computer running Windows Server 2008 R2. However, the Windows PowerShell module for Hyper-V is not available on Windows Server 2008 R2. Steps to configure Hyper-V on Windows Server 2008 R2 using WMI are provided in [Appendix A: Configuring Hyper-V settings on 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2). +***Important**: The Hyper-V server role can be installed on a computer running Windows Server 2008 R2. However, the Windows PowerShell module for Hyper-V is not available on Windows Server 2008 R2. Therefore, you cannot use many of the steps provided in this guide to configure Hyper-V. If your Hyper-V host is running Windows Server 2008 R2, steps to configure Hyper-V using WMI or the Hyper-V manager console are provided in [Appendix A: Configuring Hyper-V settings on 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2). -Note: The Hyper-V role cannot be installed on Windows 7 or earlier versions of Windows. You can host virtual machines (VMs) on Windows 7 with [Windows Virtual PC](https://www.microsoft.com/en-us/download/details.aspx?id=3702) however this guide does not support using Windows Virtual PC. Note: Server Manager and other role management tools can be installed on Windows 7 SP1 by installing the [Remote Server Administration Tools](https://www.microsoft.com/en-us/download/details.aspx?id=7887) (RSAT). The RSAT for Windows 7 enables you to manage a remote computer running Windows Server 2008 R2. +The Hyper-V role cannot be installed on Windows 7 or earlier versions of Windows. For more information, see [Hyper-V and Windows 7](#hyper-v-and-windows-7). ## Lab setup -The Hyper-V host computer is configured to host four VMs on a private, proof of concept network. Links are provided to download trial versions of Windows Server 2012 and all deployment tools necessary to complete the lab. -- Two VMs are running Windows Server 2012 R2 with required network services and tools installed. -- Two VMs are client systems: One VM is intended to mirror a host on your corporate network and one VM is running Windows 10 to demonstrate the hardware replacement scenario. +- The Hyper-V host computer is configured to host four VMs on a private, proof of concept network. + - Two VMs are running Windows Server 2012 R2 with required network services and tools installed. + - Two VMs are client systems: One VM is intended to mirror a host on your corporate network and one VM is running Windows 10 Enterprise to demonstrate the hardware replacement scenario. +- Links are provided to download trial versions of Windows Server 2012, Windows 10 Enterprise, and all deployment tools necessary to complete the lab. -See the following diagram: +The lab architecture is summarized in the following diagram: ![PoC](images/poc.png) @@ -340,6 +342,10 @@ For more information, see [Hyper-V](https://technet.microsoft.com/library/cc7307 You can also use [Microsoft Virtual Machine Converter](https://www.microsoft.com/en-us/download/details.aspx?id=42497) (MVMC) to create VHDs from a physical computer. The MVMC utility has enhanced functionality compared to the Disk2vhd utility in that it can be run from any network location, enables you to specify both a remote source computer and remote destination Hyper-V host, and automatically configures and installs the VM on the Hyper-V host. However, MVMC requires that the destination Hyper-V host be running the BITS compact server service, which is only available on Windows Server operating systems. Therefore, you cannot use MVMC if Hyper-V is running on Windows 8 or Windows 10. If you choose to use the MVMC utility instead of disk2vhd, complete the steps in the [Configure Hyper-V](#configure-hyper-v) section first so that you can specify a virtual switch and allocate RAM appropriately to the destination VM when asked to specify these parameters in the MVMC utility. +## Appendix C: Hyper-V and Windows 7 + +The Hyper-V role cannot be installed on Windows 7. You can host virtual machines (VMs) on Windows 7 with [Windows Virtual PC](https://www.microsoft.com/en-us/download/details.aspx?id=3702) however this guide does not support using Windows Virtual PC. Note: Server Manager and other role management tools can be installed on Windows 7 SP1 by installing the [Remote Server Administration Tools](https://www.microsoft.com/en-us/download/details.aspx?id=7887) (RSAT). The RSAT for Windows 7 enables you to manage a remote computer running Windows Server 2008 R2. + ## Windows 10 PoC guides - [Step by step: Deploy Windows 10 PoC with System Center Configuration Manager](windows-10-poc-sccm.md) From 0aa21ac882a73554aeff0abf936038d7a9948ef6 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 17 Aug 2016 13:27:53 -0700 Subject: [PATCH 06/53] upd --- windows/deploy/windows-10-poc.md | 67 +++++++++++++++++--------------- 1 file changed, 35 insertions(+), 32 deletions(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index dc93c24491..11c482e012 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -16,7 +16,9 @@ author: greg-lindsay ## In this guide -This guide provides step-by-step instructions for configuring a proof of concept (PoC) environment where you can deploy Windows 10. The PoC enviroment is configured using Hyper-V and a minimum amount of resources. Detailed steps are provided for setting up the test lab, and for deploying Windows 10 under common scenarios with current deployment tools. The following topics are available in this guide: +This guide provides step-by-step instructions for configuring a proof of concept (PoC) environment where you can deploy Windows 10. The PoC enviroment is configured using Hyper-V and a minimum amount of resources. Detailed steps are provided for setting up the test lab, and for deploying Windows 10 under common scenarios with current deployment tools. + +The following topics are available in this guide: @@ -24,7 +26,7 @@ This guide provides step-by-step instructions for configuring a proof of concept - + @@ -32,7 +34,7 @@ This guide provides step-by-step instructions for configuring a proof of concept - + @@ -47,7 +49,7 @@ This guide provides step-by-step instructions for configuring a proof of concept ## Overview of procedures -The following is a high-level summary of procedures documented in this guide: +The following procedures are documented in this guide: 1. Configure an internal network on a Hyper-V host computer. 2. Download a Windows Server evaluation VHD for use in the lab. @@ -59,9 +61,9 @@ The following is a high-level summary of procedures documented in this guide: ## Hardware and software requirements -One computer is required to complete the guide; two computers are recommended. +One computer that meets the hardware and software specifications below is required to complete the guide; A second computer is recommended to validate the upgrade process. -If you do not use a client computer on your corporate network to clone and mirror in the POC environment, you can use an arbitrary VM to represent this computer. +The second computer is used to clone and mirror a client computer (computer 2) from your corporate network to the POC environment. Alternatively, you can use an arbitrary VM to represent this computer, therefore this computer is not required to complete the lab.
Description
[Overview of procedures](#overview-of-procedures)A high level overview of the instructions provided in this guide.A list of procedures provided in this guide.
[Hardware and software requirements](#hardware-and-software-requirements)
[Lab setup](#lab-setup)A summary of the PoC environment.A diagram of the PoC environment.
[Configure the PoC environment](#configure-the-poc-environment)
@@ -72,16 +74,16 @@ If you do not use a client computer on your corporate network to clone and mirro - + - + - + @@ -118,15 +120,15 @@ If you do not use a client computer on your corporate network to clone and mirro >Retaining applications and settings during the upgrade process requires that architecture (32 or 64-bit) is the same before and after the upgrade. -***Important**: The Hyper-V server role can be installed on a computer running Windows Server 2008 R2. However, the Windows PowerShell module for Hyper-V is not available on Windows Server 2008 R2. Therefore, you cannot use many of the steps provided in this guide to configure Hyper-V. If your Hyper-V host is running Windows Server 2008 R2, steps to configure Hyper-V using WMI or the Hyper-V manager console are provided in [Appendix A: Configuring Hyper-V settings on 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2). +*The Hyper-V server role can also be installed on a computer running Windows Server 2008 R2. However, the Windows PowerShell module for Hyper-V is not available on Windows Server 2008 R2, therefore you cannot use many of the steps provided in this guide to configure Hyper-V. The performance and features of the Hyper-V role are also much improved on later operating systems. If your host must be running Windows Server 2008 R2, steps to configure Hyper-V using WMI or the Hyper-V manager console are provided separately in [Appendix A: Configuring Hyper-V settings on 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2). -The Hyper-V role cannot be installed on Windows 7 or earlier versions of Windows. For more information, see [Hyper-V and Windows 7](#hyper-v-and-windows-7). +The Hyper-V role cannot be installed on Windows 7 or earlier versions of Windows. ## Lab setup -- The Hyper-V host computer is configured to host four VMs on a private, proof of concept network. +- The Hyper-V host computer (computer 1) is configured to host four VMs on a private, proof of concept network. - Two VMs are running Windows Server 2012 R2 with required network services and tools installed. - - Two VMs are client systems: One VM is intended to mirror a host on your corporate network and one VM is running Windows 10 Enterprise to demonstrate the hardware replacement scenario. + - Two VMs are client systems: One VM is intended to mirror a host on your corporate network (computer 2) and one VM is running Windows 10 Enterprise to demonstrate the hardware replacement scenario. - Links are provided to download trial versions of Windows Server 2012, Windows 10 Enterprise, and all deployment tools necessary to complete the lab. The lab architecture is summarized in the following diagram: @@ -140,16 +142,16 @@ The lab architecture is summarized in the following diagram: ## Configure the PoC environment -### In this section +### Procedures in this section -[Install Hyper-V](#install-hyper-v)
+[Verify support and install Hyper-V](#verify-support-and-install-hyper-v)
[Download VHD and ISO files](#download-vhd-and-iso-files)
[Configure Hyper-V](#configure-hyper-v)
[Convert PC to VHD](#convert-pc-to-vhd)
[Configure VHDs](#configure-vhds)
[Verify the configuration](#verify-the-configuration) -### Install Hyper-V +### Verify support and install Hyper-V 1. Verify that the computer supports Hyper-V. @@ -197,10 +199,10 @@ The lab architecture is summarized in the following diagram: ``` When you are prompted to restart the computer, choose Yes. The computer might restart more than once. - You can also install Hyper-V using the Control Panel in Windows under **Turn Windows features on or off** (client OS), or using Server Manager's **Add Roles and Features Wizard** (server OS), as shown below: - ![hyper-v feature](images/hyper-v-feature.png)
+ ![hyper-v feature](images/hyper-v-feature.png) + ![hyper-v](images/svr_mgr2.png) ### Download VHD and ISO files @@ -240,7 +242,7 @@ The lab architecture is summarized in the following diagram: ### Convert PC to VHD 1. Download the [Disk2vhd utility](https://technet.microsoft.com/en-us/library/ee656415.aspx), extract the .zip file and copy disk2vhd.exe to a flash drive or other location that is accessible from the computer you wish to convert. ->Note: You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media. + >Note: You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media. 2. On the computer you wish to convert, double-click the disk2vhd utility to start the graphical user interface. 3. Select checkboxes next to the volumes you wish to copy and specify a location to save the resulting VHD or VHDX file. If your Hyper-V host is running Windows Server 2008 R2 you must choose VHD, otherwise choose VHDX. 4. Click **Create** to start creating a VHDX file. See the following example: @@ -250,7 +252,7 @@ The lab architecture is summarized in the following diagram: In this example, the source computer has two hard drives, C: and E: and a system reserved partition. The VHDX file (w7.vhdx) is being saved to a flash drive (F:) in the F:\VHD directory.
**Note**: Disk2vhd can also save VHDs to local hard drives, even if they are the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those being converted. ->If you have experience with Microsoft Virtual Machine Converter and prefer to use this tool instead of Disk2vhd, see [Appendix B: Microsoft Virtual Machine Converter](appendix-b-microsoft-virtual-machine-converter). + >If you have experience with Microsoft Virtual Machine Converter and prefer to use this tool instead of Disk2vhd, see [Appendix B: Microsoft Virtual Machine Converter](appendix-b-microsoft-virtual-machine-converter). 5. When the Disk2vhd utility has completed converting the source computer to a VHD, copy the VHDX file (w7.vhdx) to your Hyper-V host in the C:\VHD directory. There should now be four files in this directory: @@ -264,9 +266,9 @@ The lab architecture is summarized in the following diagram: ### Configure Hyper-V - Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2008 R2. If your Hyper-V host is running Windows Server 2008 R2, you can use the Hyper-V manager interface to configure Hyper-V, or you can use Hyper-V WMI. Some instructions to configure Hyper-V using WMI are also included in this guide for convenience. For instructions to configure Hyper-V on Windows Server 2008 R2, +Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2008 R2. For more information, see [Appendix A: Configuring Hyper-V settings on 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2). -1. Open an elevated Windows PowerShell window and type the following command to create a virtual switch: +1. Open an elevated Windows PowerShell window and type the following command to create a virtual switch named "poc-internal": ``` New-VMSwitch -Name poc-internal -SwitchType Internal -Notes "PoC Network" @@ -296,17 +298,16 @@ The lab architecture is summarized in the following diagram: New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2008R2-poc-2.vhd -SwitchName poc-internal Set-VMMemory -VMName "2012R2-SRV1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 ``` - >Use the following Windows PowerShell commands to add VMs on Windows Server 2008 R2: - - ``` - - ``` ### Configure VHDs +And now.... + ## Appendix A: Configuring Hyper-V on Windows Server 2008 R2 -For more information, see [Hyper-V](https://technet.microsoft.com/library/cc730764.aspx) in the Windows Server TechNet Library. +If your Hyper-V host is running Windows Server 2008 R2, you can use the Hyper-V manager interface to configure Hyper-V, or you can use Hyper-V WMI. Some instructions to configure Hyper-V using WMI are also included in this section for convenience. + +For more information about the Hyper-V Manager interface in Windows Server 2008 R2, see [Hyper-V](https://technet.microsoft.com/library/cc730764.aspx) in the Windows Server TechNet Library. >To install Hyper-V on Windows Server 2008 R2, use the Add-WindowsFeature cmdlet: @@ -338,14 +339,16 @@ For more information, see [Hyper-V](https://technet.microsoft.com/library/cc7307 $NetworkAdapterConfiguration = gwmi Win32_NetworkAdapterConfiguration -filter $filter ``` + >Use the following Windows PowerShell commands to add VMs on Windows Server 2008 R2: + + ``` + + ``` + ## Appendix B: Microsoft Virtual Machine Converter You can also use [Microsoft Virtual Machine Converter](https://www.microsoft.com/en-us/download/details.aspx?id=42497) (MVMC) to create VHDs from a physical computer. The MVMC utility has enhanced functionality compared to the Disk2vhd utility in that it can be run from any network location, enables you to specify both a remote source computer and remote destination Hyper-V host, and automatically configures and installs the VM on the Hyper-V host. However, MVMC requires that the destination Hyper-V host be running the BITS compact server service, which is only available on Windows Server operating systems. Therefore, you cannot use MVMC if Hyper-V is running on Windows 8 or Windows 10. If you choose to use the MVMC utility instead of disk2vhd, complete the steps in the [Configure Hyper-V](#configure-hyper-v) section first so that you can specify a virtual switch and allocate RAM appropriately to the destination VM when asked to specify these parameters in the MVMC utility. -## Appendix C: Hyper-V and Windows 7 - -The Hyper-V role cannot be installed on Windows 7. You can host virtual machines (VMs) on Windows 7 with [Windows Virtual PC](https://www.microsoft.com/en-us/download/details.aspx?id=3702) however this guide does not support using Windows Virtual PC. Note: Server Manager and other role management tools can be installed on Windows 7 SP1 by installing the [Remote Server Administration Tools](https://www.microsoft.com/en-us/download/details.aspx?id=7887) (RSAT). The RSAT for Windows 7 enables you to manage a remote computer running Windows Server 2008 R2. - ## Windows 10 PoC guides - [Step by step: Deploy Windows 10 PoC with System Center Configuration Manager](windows-10-poc-sccm.md) From 92e2c90cbab470463e9bc053102e153842362930 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 17 Aug 2016 14:20:09 -0700 Subject: [PATCH 07/53] upd --- windows/deploy/windows-10-poc.md | 88 +++++++++++++++++--------------- 1 file changed, 46 insertions(+), 42 deletions(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 11c482e012..b93bea51c1 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -45,6 +45,10 @@ The following topics are available in this guide: + + + +
Role Hyper-V hostClientClient computer
Description This computer will run Hyper-V, the Hyper-V management tools, and the Hyper-V Windows PowerShell module.This computer is a test system on your corporate network that will be converted to a VHD.This computer is a Windows 7 or Windows 8/8.1 client on your corporate network that will be converted to a VHD for upgrade demonstration purposes.
OSWindows 8/8.1/10 or Windows Server 2008 R2/2012/2012 R2/2016*Windows 8/8.1/10 or Windows Server 2012/2012 R2/2016* Windows 7 or a later
[Step by step: Deploy Windows 10](#windows-10-poc-guides) Detailed, step by step instructions to demonstrate a Windows 10 deployment.
[Appendix A: Configuring Hyper-V settings on 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2)Instructions for configuring a Hyper-V host on Windows Server 2008 R2.
## Overview of procedures @@ -215,8 +219,8 @@ The lab architecture is summarized in the following diagram: ![VHD](images/download_vhd.png) -2. Rename the VHD file that you downloaded to **2008R2-poc-1.vhd**. This is not required, but is done to make the filename simpler to recognize. -3. Copy the VHD to a second file also in the C:\VHD directory and name this VHD **2008R2-poc-2.vhd**. +2. Rename the VHD file that you downloaded to **2012R2-poc-1.vhd**. This is not required, but is done to make the filename simpler to recognize. +3. Copy the VHD to a second file also in the C:\VHD directory and name this VHD **2012R2-poc-2.vhd**. 4. Download the [Windows 10 Enterprise ISO](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise) from the TechNet Evaluation Center to the C:\VHD directory on your Hyper-V host. During registration, you must specify the type, version, and language of installation media to download. 5. Rename the ISO file that you downloaded to **w10-enterprise.iso**. Again, this is done so that the filename is simpler to type and recognize. @@ -227,15 +231,15 @@ The lab architecture is summarized in the following diagram: C:\>cd VHD - C:\VHD>ren 9600*.vhd 2008R2-poc-1.vhd + C:\VHD>ren 9600*.vhd 2012R2-poc-1.vhd - C:\VHD>copy 2008R2-poc-1.vhd 2008R2-poc-2.vhd + C:\VHD>copy 2012R2-poc-1.vhd 2012R2-poc-2.vhd 1 file(s) copied. C:\VHD ren *.iso w10-enterprise.iso C:\VHD>dir /B - 2008R2-poc-1.vhd - 2008R2-poc-2.vhd + 2012R2-poc-1.vhd + 2012R2-poc-2.vhd w10-enterprise.iso ``` @@ -252,14 +256,14 @@ The lab architecture is summarized in the following diagram: In this example, the source computer has two hard drives, C: and E: and a system reserved partition. The VHDX file (w7.vhdx) is being saved to a flash drive (F:) in the F:\VHD directory.
**Note**: Disk2vhd can also save VHDs to local hard drives, even if they are the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those being converted. - >If you have experience with Microsoft Virtual Machine Converter and prefer to use this tool instead of Disk2vhd, see [Appendix B: Microsoft Virtual Machine Converter](appendix-b-microsoft-virtual-machine-converter). + >If you have experience with Microsoft Virtual Machine Converter and prefer to use this tool instead of Disk2vhd, see [Appendix B: Microsoft Virtual Machine Converter](#appendix-b-microsoft-virtual-machine-converter). 5. When the Disk2vhd utility has completed converting the source computer to a VHD, copy the VHDX file (w7.vhdx) to your Hyper-V host in the C:\VHD directory. There should now be four files in this directory: ``` C:\vhd>dir /B - 2008R2-poc-1.vhd - 2008R2-poc-2.vhd + 2012R2-poc-1.vhd + 2012R2-poc-2.vhd w10-enterprise.iso w7.VHDX ``` @@ -293,9 +297,9 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 ``` $maxRAM = 2700MB - New-VM –Name "2012R2-DC1" –VHDPath c:\vhd\2008R2-poc-1.vhd -SwitchName poc-internal + New-VM –Name "2012R2-DC1" –VHDPath c:\vhd\2012R2-poc-1.vhd -SwitchName poc-internal Set-VMMemory -VMName "2012R2-DC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 - New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2008R2-poc-2.vhd -SwitchName poc-internal + New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc-internal Set-VMMemory -VMName "2012R2-SRV1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 ``` @@ -309,41 +313,41 @@ If your Hyper-V host is running Windows Server 2008 R2, you can use the Hyper-V For more information about the Hyper-V Manager interface in Windows Server 2008 R2, see [Hyper-V](https://technet.microsoft.com/library/cc730764.aspx) in the Windows Server TechNet Library. - >To install Hyper-V on Windows Server 2008 R2, use the Add-WindowsFeature cmdlet: +To install Hyper-V on Windows Server 2008 R2, use the Add-WindowsFeature cmdlet: - ``` - Add-WindowsFeature -Name Hyper-V - ``` - >Use the following Windows PowerShell commands to create a virtual switch on Windows Server 2008 R2: +``` +Add-WindowsFeature -Name Hyper-V +``` +Use the following Windows PowerShell commands to create a virtual switch on Windows Server 2008 R2: - ``` - $SwitchFriendlyName = "poc-internal" - $InternalEthernetPortFriendlyName = $SwitchFriendlyName - $InternalSwitchPortFriendlyName = "poc" - $SwitchName = [guid]::NewGuid().ToString() - $InternalSwitchPortName = [guid]::NewGuid().ToString() - $InternalEthernetPortName = [guid]::NewGuid().ToString() - $NumLearnableAddresses = 1024 - $ScopeOfResidence = "" - $VirtualSwitchManagementService = gwmi Msvm_VirtualSwitchManagementService -namespace "root\virtualization" - $Result = $VirtualSwitchManagementService.CreateSwitch($SwitchName, $SwitchFriendlyName, $NumLearnableAddresses, $ScopeOfResidence) - $Switch = [WMI]$Result.CreatedVirtualSwitch - $Result = $VirtualSwitchManagementService.CreateSwitchPort($Switch, $InternalSwitchPortName, $InternalSwitchPortFriendlyName, $ScopeOfResidence) - $InternalSwitchPort = [WMI]$Result.CreatedSwitchPort - $Result = $VirtualSwitchManagementService.CreateInternalEthernetPortDynamicMac($InternalEthernetPortName, $InternalEthernetPortFriendlyName) - $InternalEthernetPort = [WMI]$Result.CreatedInternalEthernetPort - $query = "Associators of {$InternalEthernetPort} Where ResultClass=CIM_LanEndpoint" - $InternalLanEndPoint = gwmi -namespace root\virtualization -query $query - $Result = $VirtualSwitchManagementService.ConnectSwitchPort($InternalSwitchPort, $InternalLanEndPoint) - $filter = "SettingID='" + $InternalEthernetPort.DeviceID +"'" - $NetworkAdapterConfiguration = gwmi Win32_NetworkAdapterConfiguration -filter $filter - ``` +``` +$SwitchFriendlyName = "poc-internal" +$InternalEthernetPortFriendlyName = $SwitchFriendlyName +$InternalSwitchPortFriendlyName = "poc" +$SwitchName = [guid]::NewGuid().ToString() +$InternalSwitchPortName = [guid]::NewGuid().ToString() +$InternalEthernetPortName = [guid]::NewGuid().ToString() +$NumLearnableAddresses = 1024 +$ScopeOfResidence = "" +$VirtualSwitchManagementService = gwmi Msvm_VirtualSwitchManagementService -namespace "root\virtualization" +$Result = $VirtualSwitchManagementService.CreateSwitch($SwitchName, $SwitchFriendlyName, $NumLearnableAddresses, $ScopeOfResidence) +$Switch = [WMI]$Result.CreatedVirtualSwitch +$Result = $VirtualSwitchManagementService.CreateSwitchPort($Switch, $InternalSwitchPortName, $InternalSwitchPortFriendlyName, $ScopeOfResidence) +$InternalSwitchPort = [WMI]$Result.CreatedSwitchPort +$Result = $VirtualSwitchManagementService.CreateInternalEthernetPortDynamicMac($InternalEthernetPortName, $InternalEthernetPortFriendlyName) +$InternalEthernetPort = [WMI]$Result.CreatedInternalEthernetPort +$query = "Associators of {$InternalEthernetPort} Where ResultClass=CIM_LanEndpoint" +$InternalLanEndPoint = gwmi -namespace root\virtualization -query $query +$Result = $VirtualSwitchManagementService.ConnectSwitchPort($InternalSwitchPort, $InternalLanEndPoint) +$filter = "SettingID='" + $InternalEthernetPort.DeviceID +"'" +$NetworkAdapterConfiguration = gwmi Win32_NetworkAdapterConfiguration -filter $filter +``` - >Use the following Windows PowerShell commands to add VMs on Windows Server 2008 R2: +Use the following Windows PowerShell commands to add VMs on Windows Server 2008 R2: - ``` - - ``` +``` +command here +``` ## Appendix B: Microsoft Virtual Machine Converter From 09bf367fe6d865a01d3c68348c87e504d67c419b Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 18 Aug 2016 14:04:56 -0700 Subject: [PATCH 08/53] upd --- windows/deploy/windows-10-poc.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index b93bea51c1..6eaff387fa 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -293,7 +293,7 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 ``` In this example, VMs must use a maximum of 2700 MB of RAM so that you can run four VMs simultaneously. -4. At the elevated Windows PowerShell prompt, type the following command to create two new VMs using the resource values that were calculated in the previous step: +4. At the elevated Windows PowerShell prompt, type the following command to create two new VMs. **Important**: Replace the value of 2700MB with the RAM value that you calculated in the previous step: ``` $maxRAM = 2700MB @@ -305,7 +305,7 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 ### Configure VHDs -And now.... +Start-VM 2012R2-DC1 ## Appendix A: Configuring Hyper-V on Windows Server 2008 R2 From 6fa7beaf7155a6947ccb1793083032d9d34b932d Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 18 Aug 2016 17:14:31 -0700 Subject: [PATCH 09/53] upd --- windows/deploy/windows-10-poc.md | 42 ++++++++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 6eaff387fa..4e0d558c21 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -303,9 +303,47 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 Set-VMMemory -VMName "2012R2-SRV1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 ``` -### Configure VHDs +### Configure Windows Server 2012 R2 VHDs -Start-VM 2012R2-DC1 +1. Open an elevated Windows PowerShell window on the Hyper-V host and start the first VM by typing the following command: + + ``` + Start-VM 2012R2-DC1 + ``` +2. Wait for the VM to complete starting up, and then connect to it either using the Hyper-V Manager console (virtmgmt.msc) or using an elevated command prompt: + ``` + vmconnect localhost 2012R2-DC1 + ``` +3. If the VM is configured as described in this guide, it will currently be assigned an APIPA address, have a randomly generated hostname, and a single network adapter named "Ethernet." At an elevated Windows PowerShell prompt on the VM, type the following commands to provide a new hostname and configure a static IP address and gateway: + + ``` + Rename-Computer DC1 + New-NetIPAddress –InterfaceAlias Ethernet –IPAddress 192.168.0.1 –PrefixLength 24 -DefaultGateway 192.168.0.2 + ``` +4. Install the Active Directory Domain Services role by typing the following command at an elevated Windows PowerShell prompt: + + ``` + Install-WindowsFeature -Name AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools + ``` + +5. Before promoting the server to a Domain Controller, you must reboot so that the name change in step 3 above takes effect: + + ``` + shutdown /r + ``` + +5. When the VM has rebooted, sign in again and open an elevated Windows PowerShell prompt. Now you can promote the server to be a domain controller. The directory services restore mode password must be entered as a secure string: + + ``` + $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force + Install-ADDSForest -DomainName contoso.com -InstallDns -SafeModeAdministratorPassword $pass -Force + ``` + Ignore any warnings that are displayed. The computer will automatically reboot upon completion. +6. When the reboot has completed, sign in again and open an elevated Windows PowerShell prompt so that you can add the DHCP Server role: + + ``` + + ``` ## Appendix A: Configuring Hyper-V on Windows Server 2008 R2 From d7219a98cea8f552619f2321667e10b4278c083d Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 19 Aug 2016 17:21:50 -0700 Subject: [PATCH 10/53] upd --- windows/deploy/images/installing-drivers.png | Bin 0 -> 30900 bytes windows/deploy/windows-10-poc.md | 109 +++++++++++++++++-- 2 files changed, 98 insertions(+), 11 deletions(-) create mode 100644 windows/deploy/images/installing-drivers.png diff --git a/windows/deploy/images/installing-drivers.png b/windows/deploy/images/installing-drivers.png new file mode 100644 index 0000000000000000000000000000000000000000..22d7808fad540e5ead7973e2909f11118304577a GIT binary patch literal 30900 zcmZsidpOhYAO8_$PT3siyaVPC83`fH%$#Blp&Y{IP|i^(5~JZA8*>Ob4N2utq>!AN zp)k=&l0z9vh$N}sKHuy5{r>u0m)SLcc;CBU_v`e0J?;#rlh&d_azZ>jJfb#utTXq0 zp8FaQ+|T{J@^B%P`^J00*&4&sFru);{lFh|!r=rDPjim&A3p)^XHX>G^8yc#Sl@py z-hqfZA`efTjScpMYn;!wTLQ@n12^kr?4y3IK25zes2X2*>B-?^>B$lUHVOlJ&kIOd z?^FWQ^R)v5zer8_2NpbU@;_ZhO8>Wa)opKj^2ntAL*($!iyKes@7}$88MpV+*KJx~ zeycm#Akrp((|t3q|L60T2%#_Db=vKhOiahr1^f+^mceWHO0e4}(+_mq7Dh#A&Hvdq zy;dr&Ie!J^-!bcq?u3bX79^S?6S^G?fM&8-jQPcTTN)wM5J{a@BX17 z?(wj9T-^`FxTaU%RFpVzcH&dBwbzS&9xa{7;aq%^N;!A=5c<7W+JX0K7NI3}VDPKo z@cvHqjHK@vkE)Mm2if2Ke~-k28nQOO>5K3ETvGA>Xf6e2-#=-4I;lDeGd}k?zv#pX?&XY;C0T-Au5;9wx9920_35UgEKqTu}HzFmKtuA`U9N#9jz2RFNmPevZZ z9@X4QfkhTzV~BKra|#@y_gHDNkVwZ^ z@!33oKx@%1_i4zgi(tg+1XU%d#=njQL348i5cc2<-A()0g;%7B6{j=p6r@TG5|)J@ zzX|z0i1%-fq~Y-%H4m@Bm#flpbCC-Mr2xh#mpZJC#_bNt-lSHNT7;pmOg-?8fHds9 z6SK$(4R033GZPyChfws-OFx>6a=zW>*r8w=n4ea>&8GFf7Wbz5g#~O#L-^07jrD*+ zPYei@o9U85Mt~il#-m#v7;kKLdIGiu6f8kIyS`~^ITv+qh!uhtfm#v>P-CfhIvY`q z2xy`@GuJRC=tmoQY;k8waGsuhObihl0~OG&%Ara_y}_2OI&uu@!wvLmx1lEvLWO~D zsz5>R%(qFX@nriKw@q?sXAf?_5Z9PgeG#rTT)Sw4v~}=6=bp4Kq_5;2E`?~9>ByXz zOKf&8MpWv+dv=@1z(>_dKbVb)3*N=T#q`20m3J>Xbr{*@MUo&bII;(BQc+qobgO_pLfzv~`=<{Gie`=}oT)JMa%BI6Kuv-n^oc`34*U7IRlp9OIl5&BiMQP{ z(MGfm5(*Gi8i=gmJT{%`$Ah_!vvpac%NHwgJ1>lg-E zMn|9Xw+%`qF-$?V!;6Ipb$ItlNj97z?lkP8XpMbZB8Oy1j)R->3uKDW%kwx(mgaCB z*?`m{Gst&9F8hENAQ_8AL5?FN+k|DpK5C0Eni?|Yr}kE$2OtsteX ztt7m$CqV@)`iPgh(zhJ2n2R?)o6c{?;;^YI>-ON6c-fN}rlhWdwm*KyzzF`nKVXxE z_rJ*|$j}5Pez;n*g7OFwXy%DQYc$#rMqtY30L9cp+L&}Y+Zu0;bHH0NIf6u>As5)a z>&QHCIMej)ilOO*gs!Y4f(~?!5OT+?Cj4Mq^lkQ!iCUc!(BSR9&q(+sN8@_Pha)7g zvC#V}Se6GA8ao(DLKb(Oq@K;s*DIxCk?3U(`TWNb&hFUr>+b;T*48%fRv{V=nNJl+#Vc*+Z0VnJ|Ft#?Pxf!a} z(YZH%n0Q@(^vWaybLY^UUhNe%uN(xdwZ_^KLY)ofs8=~K>#{SzgLvxMQnVrH$p=Yx zqdluGN6HgFTtpadWwJ%nc7*GQ2_6`OM4(1)rrltd8J!r63;Sc%)ul7(ws4+Y}lUy5G zuAJ--B>`Q^)|jW~>$6zsWeDyP^B}~*La~4b8`MNFlxyQoY@|_Xq%2n)tjr3hMh99} zam?jB_A9shhR|5B<*+OotqE0xdG=R?Yx-vZ&EP>+n?VW@X%Br0Z;nIemId_$-y#`U z(ZiX6bO4FpEQ=F)B6SAZs+FmR$OPNKkCLEsn#cAoYK=CyUrg3mu1U zffNd8!>03AM*>CohK-$K|yE3f3h(@q?;gFhA-_+J`GE~YFt1tI}66gvn z(~)CVBI*Iv&X6xA47;FSh!F4A6+tMpfcE1AToZ4e=q(t;s&i39?;owz1Z$}>toqLt zJG2Ui4Ap@`usC;IarZil;v7#z^5$PT;iQ;x1wQaC6H*_2EIcEajMUQYGA>*z{VbDXvx3d&7Ddum<2NF>|8{jAJs8|z3c5pPgj2g73t z;aE!-+o$%{GGj0FwJSB0h6g?;m=yqrYZlN?v$xW(3fhC9>dvp}fD-sFiXrZt>G4iI z(iEc!PGpm?{!Xj|a$nPAqh8IZA#6X*+2Z4@L=GYP9xQF>B}^IeLXU%>4c3s~8NnBA zY%FY-rW6wl3`oFIwB5WKR{s`4fV50biNSc9c&Bl)->B3gaBX7zLu$?+KJvCnd;{H6 ze>?}v47p@X;amiX-$=1>(&kf@sM}hm(pGLl_7l9(Ch${*Krv;u%wfwEb#iBD7zMBC zmO>X-1w5S=cR4tag>@+)NTh-aMlJAGa9e2nSNvL=iPCtS$2^#?<2j$?((Gf&UtS7B z2!jPM+o!?I1NBn(e>0&=yuoJ0QXVWtgI1!F^AQnyrYwbfy5K}z)$Nr zIGqjFLqnG|6hOADIAV(+w3%BIJ#U9qL)iH=E0Jsf8L)W`tcN3D3-cg(2OOLU z=PvxRDnkVVr8S`;+LdBiEHaG^)t`%_A@Aj24BxII7~-QHe=B$dkOtuR&|fM;C~QAP zU4U+CLZz}t^A9pgM|L4F_=c*U8WQS4uz-NKWgu#dWTaoNq&S%7ghyFPLf{9f6jR&; z@!l0zq?5^ApqQLZ(XQ+TbK^vo>}jSfE{`CCu73(->)GOSX)tIkuLfqBO(WiG;NXqW z=ivJXQ5)vy1nj*kpo|qP=;;T|*e9+?)?r9GpX9`mVuDp(wAbKd9!J=AX|3z$D0oFd;Qwok#x8%NMagaXJzT# zE1Pb$nGYrjYrre9BB}w4XTde(BsgT26oYl8QnV5GOVCU?w2%Q*(X&d>ljkSUeN&Ub#sZd|m{HbXD>f=BkO zT9vj|jlFI!x{N-lh~sNr&0jab8l!U~^Yip-`OrA1M|pn~5lg1zQ=7qH?P@KCBw>j1 zIUP7S`xY(Tao6AQ2#T8>{jcDs2@d_EqCzTkNJxtH9j(j_5J+*ysUH@y_PG+BUoB*c z7Q4u(QgC-BTk-12nJ?grL=IL`oO_X~uoOP#VT`$`q>gPLeeExmATuUKaI%30OgyGJ z_o^{;sx%lUosLQ&ZtF1UdGJaxAx`9}Pb>=G@8Mt}=xOFzm?#wNf>ratX%LN|_aSHu zu2-v?PU9C*o%f+fJ^RJHDrp88nAt4k8^WVhu_!*F_3>HuHk9t9(!p@Xe$9LUWG6dg zvNN^Iv?|C!r|;a=D(kOoMrHmI&-_&Zp&?_i{lT2fxHsYiXJaTxvcVY*X$O2@PtotO zNH3^rL)@uQv?jQQ`==0$b>ZPspbYJTV@ru57!;sBD>K*4ohWjMA&C}Z1jG)>I^*vG zn&_%45CY2a?BaxxB;f0^P#rZsU}z(tpr{Cjs#ZM%_-)-^q4$GAGG(s;6n9)Noh{}3qCs=# z1q-#H&%6OcFkk_IN(-P}^@mVDh8}-&8(v5_K$3+2<`%GbhJ&-AM_~6M%W>Fyb--l; zPC@_mR66N;4RCP&ts|c0?IgwP*{yrF`of7GgBXxmFgzVXRi(pgDZc7CR$vm+l|3fT z%|~Y7SKLwup*k5QV3pDAqh0H4{^8?|p;bXsXCb{XNW0*=6OMLU@{L1(wP>csMrl&<)(jcR=x#sXut&K>6|y{D7OZJFpgKf~_58gi(iXbQ=ViT*naRW)E}ZaAE* zLaAfrrZy!_-~JIX{V;bAuiU*=#Pnzb54{uYXb>gzrdu~>QO1|3EvP#Bwo$*qF>-X3 z7i`T`Oh%~vd)?x#1N(kHxg!9ZM;HV$Y$P2p%L%zxeEZkSg>BWkqsni$ z0;dmuBl-LFLXKmEP^zwDNB>=}B$^QnrJWqcBMsX zP*xGc3{Lc>sQH1so#5BJ7K5QyG{PXNs#;0P;e8%JwzAmIsN@va$0n%dt8T(oV~9v6 z>@^6RMpK<2NkZDuOhNF=V2&;84%ZHGuk)$vc?7dO&F4QdITnN_DIv0x+_X^5l@ber zp5qGpP*ewxYG}q>Yk%Dv2t)A|pB_>20b#R$!qGk_GKsUXG?zxDg3&^tRun$q__f?M zyAx>5!+a(L=U8`WHU<4(TqGZY)CZ#wRsHz{A?P72QUpZv>q|fJ{o~V0_eP(w8oR>N z=KEs4zn4f*neGrbt2h%>?Q)5BQRdUd53l#NZE?mGmom3Pp6QH-tPsY6S%=}rJ*vR`a^xgx^f$p8sbUT&-ygyv9uKsA)i zG8+_3NCv~~Nj=c_IBNbA^M<^Wk67z)5K%)z>)QAOXM5T>1f^yx*_lnJ7x+I#cmK0A zc21wN%i5@v96r9Pdi=O@_)M3mg!)M`%rgBkjh&H7AQ|I~GWh1bJd${%9dtAKY(ZrHpIGl}80=R9ZCu5s80{Qeh#@zwW^K z&%cfbXbijG+zohgVX=Xdn+^EN6^QvNm1XnQ_PJYE_Z^4%D$@4*9;rscJiRij{Zp)O z=s(}HF6OWD^lW#iQYy)tQ`K<7Vg~WgI^^5xK&L$fbyrS1(cg7Rx~x? zvCmJNTM9lG-0|I?s$7pRwuL!J4G%}2(eTlw5B&RZaBRzN`jj+lVL%zI8P3_Ig@a0VuvoB$rY$$7NkUVJk_18?EzpU8O8|fVm3eL_^jd?B zZ6{r8$kwSHaxZxU^uu=j`13lHGx_tx%huN2sM&m4zY8B4S!a!zR8<9~C8tK(qmb26 zFc_jzQco%^08Dast*D-`njlrLhS)dKKZV!7wmL%6etz^l(R0AW>9*K-l(AP^Xrt24 zzB&^{zjv{StBJ-jF+=D1_8v=BGe-{f8&7uYt^ZET^^dtP_)@DoJP5|L^cwJkOTKz5 z{=fNgu8NBuB%fIc>^l=%e!b0PH2s*>XQ%YA>4Rgj3e%C->FZj3`%q_j(y%C7 zG2ydVdu#BkTdOF$Un~pB94E+l+fm{rI-)WKiB(uaP5OcJ0Run80FVyMJxc3^2Y|YE zdstZkOGl<2MPl0ny$b5NoS%w*oar`k{`IsXP#66Yh_l0FNzsv!{=FiAi1HL3^8X2Nd zb!7vW4a%pWW-a$cez2C%KNp?ewWQl#ZfmiQa5K=a4|frq4HcY4qBZBbY;k%en&F)D zm|RLaARzEu`e!f2MDgr8>Ho7%4fRHzOkp9F?VrZr9~x>7Zv)3p72q~ zg0%dZqdi#3Z1KI~Fxjy`%cM@{5ZYg6GWN|1@K$U2n*!J?&@A2eV?rp>Pow41P~o{< zD7pT2*j<+(mH z*@I!$-=*X0Z-2l2M%lPUzjK{=_-zKQ=x2zF`|Ho>`tz2oU%MyHz2G)yVD6r|LxvVz zYbZw2{ZW-}TwNFzP@fB~#H+WL`+T_R;*AqsBpmGkT5kDZPli{fO&?bH2bS@fGwq7% zyEGhj%m$z}rT*{=pMKLHdNj9lw0ZK;>@f{rK^YmgK+v)9x`f}&;-Sy>sCq2t*)zHeLY0K?quDC@u|u8S)5Ly*^_7Q3Xoerp{%#Ya;HZg^X=S;ccNYv z4gch!xARko!=C%zbXZA+>LvocDN(WKYtmDouSzYAlKhys5>|AvnP=m0S;=;{|0hb%+pG0*f?uyMlZb?e=Q&%75?7EaKd@*_S=;dClDLM)CneiPy9wt<< z=C=Uz#$f;M7aPJgkvH>hBpQ$@xw04*WxW0wCNwq4-pIK>N8~(BPphN5H(WOT-(z8& zqWFNlUjOxw4@tA6)|aQ0-kHV_$E8eQ>)ayPJC@%^w(LUDDJl$kwmJzw@W@OJStUX8c$9A7Rzbk z(Fyv}Q$YLXH~YxSf6xE5s>fI*!$tSPvBZj@3s=0qMV!xKRJq9b9t?YU;!V_M!2KGa zTwcKfv=8OS!#Haqgqm$UmGRx=Cu7FW3g*-$%WIoXaO(DU-UG?)Dna@1dA{fIN8*DnZj@}7!`Oa;D63fF7t6Ar#xSHkmST|)oyG=76=(wZeRZyYPu z6Dw7@96$0>_-XA$VMwXLT%u*mlK94lmv3gh+sX>RbA1GvQNt7R#EN=#UdYS$nE0~U zUnP;59QHc%z}l+3w;y{e2LH0ZA#_#Lp1#xv@+1f@7e?DV%wA(5e*Q zA)_-q@7_KWcpYkivLQvUPk z)c6WJ!N?SCjz)RoS?~ws%^&j4So$?TsAs>>(A#^S56`9gU=vhEdr!)qzHRp6*!eGE zE4lhVrYt*lKs{4!{;r{If+J3Uzrs6%L%-p2+rsYdvuqm*i}_iAS zt)k-xynW7#1YBI`4(nvSI;oph(AawYrSTK0>|5T{m6o*p0p16%>{O04oe?znXKzjn zB!Wg>^qsHpz8svT4CyovjCSRY-67{AlwcV(`rC*7>$u569~6g6lsHrj4Bnlb~Fv4O{NK72A8! ze6`Ecus(Xm@W_=>jTh%1mC5*<)jnxNuFomq-yaw7N&FTc_cTc&ZtKa;+6lw%{0nDz zvqMt@w@ffu?sAq>Ooy{CM+_eO@Hr&}33qM>>K9#T5E&oefN2~NHWWQ2p>5e5khLO z!snEmKINi68+~s7ht51+8(H)3A4j^s-Hb$-K^p?6Q#wLCsYSW*GoNUBkB$pjSH$U& ztJj}#b#3<(hmsSIlG(C>X9zQXqlN?YG)*5Hio+qYJ^wDZalZ|0w(L%K{0f}uIl3(|U|jTk+PCMhN5p;itif-`cn7^Zi`Hk#8?JSr zZg)!K%|EEIESmm))9z8^ea+bD-`q{1FStf29z!$FzA>mRKjB+dO#JGpPow$tPu@Mc zrkwuw+PR&37U1vFwu{xQFdy}Bflpr?0H6((vn3!4waO$teyPSB=xM$CMilD6oyvhU z{0**cfRUAW2k`f1V6(>lcXSk{*X?nXzA8ugeu1OviR^anN?Y!1bgxv@-gs;%O>Y|3u1l*`0Yf$X`_c94=gwhpr_WuzIRDVP ztzloqoDlWgd26rTRN0r>4z6|ni{PU0-(yW=m2iqy+qv&?@ z@)c8bvG86spP66Omlsfvt}9Q@PSg=vWljJ7nitU)=A*_UkSb4Sf8uVRw@`XIQ`8-PrUuz(aYM zadlk>Yxa?C2?Ptrd)4e`$0&?w#czH~h$m4J5-Q38qzVHoqQ!tX%d7_!5M&-m>yDcK z5W((|Qu_9d-bkxkZ0US-gR(a)tEG1p`t9>*5B6UOUH!AE#MW(EkLme_oaDOWa1W)u zph>0L2cm6Bo8>rslX<>flldeg(dt+q>}QUpf`1uQp@4I|^ZVdb#iHH)ir})&u7>>U zG`3^^!eOqwaNdI1+l$G6sH@G;A;w1i`4x43N1f*GnbwI9XY7VQ1kbIx*&3!O~S(#KHt%8*wIG*_uO1Mop|UUa=gjUl5#Ez z9zF3rE1`Si?U(D%zXOmz$ErI=#v-z#hvE}&Wt=;=qv))-b*7pvdeI^#F|dPan0jB_ zYC``VpWcm&2^A6VCFU9hr@DWZP8|GU6cGl}WaxrlU6-vfAw+~5lCVqn(8ciIEY210 zAv(ca%=+MEcQ;%+wfB%VF;+s5|K8_vY_VaO(A@3aNnP@k_*H4IKftp;XMjIJy-&w{ zD={CAN(HqA~|Wucdzx1+GbE6$vpk_ zQfg{&!o<$H|N6D$@eAkD%*Bn4RL&eHadJLzR=m>V7Tigj5C3ts%rOfYTJsPd{_z;} z)%dvU>PKDW#pb)0E3Y2-I~nKV&>d8Hm|W5gT$)~9n_N44kF>}HyM!j(`q}O>l-q$#+sVKn*1jXST zurTh-d#Fh5l{gyb*JVQNys()4%j*8+r(=3cZ_5kP{wmsoj7R4L23aWtx+_>;GW&{2 zF@zw!1Kc7?8}>KO}h#5 z)knTQVT=9z$Pv8UxRpE&+Vh*4ycYTC{aK@gODF{!1>OP3K=*q8degUPg^BWY`nj4f zGWy(E_{KZr!nXu7i5!4yFzs6p!|5yV1Y*ozl;#O|b1-cdi#vVkJ$tB*t1<`VQ`rI& zuvw!cKe(3tQC5|0jkSts1lXv67+ENzopg#D0%JJhbo$!CSHE@TNAIN$b}%vD-ELKG zJ^11jF{`z<8#0rs?D)&%&$-_1vtJ*9o09hSyB+(38K@4peg-uZ*6~~Hh0$O13!`fa z_k|xGG)!#`+TU9#Z|C=Y@=24KpPaVwN5z6$tGrsen<+;MfA_HaZTx30w{mfYXg#FV zZNs{bEI^Znv zi=M6+2?8tl6IWfPArK%>H|X})cl(|{-^^oI7HV`1SdJc1tYm*MaSH00`Lq=BEP3F| z711Pv?U`8_m%qveo`eIh@9$bniaqZu3h0Bd3UwyK7U;$5UrUeruQ-t{hwY+V0!!YxoCJcKWwj+{K-Mri3lI z|7Qh!-PU4BchR(N&lll&w>w@V$nfiyZ`|vSJSlB|C?&15vTry1M#mz0yc~S{@(n%* zLq*82eJs}{C8VH`5lM-(`9b+9q*wqBw;t42qQAM=2a3I%$|NK6l7k#m*IB_8SwVAx zLHGgpt{=jJ%vk>SVjKfW~O^s~nULxkg^7jiyX_dOGMR`M?( z4kBeSi5b@UZ`4R?|{1)=jf85B2fy`Qgc8 zFZ1@NQeTu-K^@`1lWlbLe=I@iL2D{dOEJM=k(#;zabVDY4Grd2aUp>c3?2v52$205 zcv<*4^r<)eBk7{@@Z2b7*WlVPcqUCb#{w#|$DbteFHv&cCT^=gVm7DbD&H$}xdU0! zy5KhL;99z1>@YdoWSTAaHTm&Szn9a-zEoH2mU=Zz6bioXi~{Yd0YUs92jlFC^078Vl1 zx=%Q=GFe7j!527>cecm2`W7pP4~(Xfmt)@l0p2dob3rYzr`pKWP%qdSyH77r1c3nC z;u1f2z@Rqf4jA5YN7VvRH7>!GI^v#?hepGr5<7) z0p}fYeDSx8Q|ydYI38j8XX@%7@viMY-@c!UmsO07q0Y|E{TCXOFsHE0r~_v#Iz+D~ zhbwoAEZq#D-nw<@?L~8?Q%MGsp6dI|zd7myly9zpW&r7&a$2+CuXapuOu-5Ir zO^XY134XG1bnWBDv+gf0>vK0x`S%T~HZ6?t2knj3C{~G0)+DaB0;bn2;pkbSaNDh> zOgsnv;L4YTYOdJ%Bx{*FUMuyM7yL#>2yn+u?@1B4(Y+gWcDq+TpdXyARC%}ADe4O{ zj^JwbIb61bCM!v!eA&IRDW3d8C0UID8LNJPMt4DQnl;?j6%*~9?_mBwBU3ge<)Lk% z@0?FSgG^}a%dIPsJ40?o<`<;@3_rW-J4wa-oof#A8=AN|ry*ZL{a@-#BcFTr=g_Z# ziSk~%yd<6oha@3f!#A-v4c@6W9kqQE4wl%Y*98QB`N_)mmQk}pLY`AjCckh{Rm6O| z+6f3c2`wi$3(qGcqi>?+_|W+`0OV=zM7I29dM_L{KNMU-*pi|h=Bjx@y#L`^Im>xb zizBzB3TVjEYtxfIWORF$^cT;*--NC``}gf~eYzK(RlYX|EixsgyZzt&d)iT<(`mYD zz1F5TllCn8x7Y-9mw(f9LI`(%RW!BWQgYAwE$q7)+*QYk{}wr*ipb&!)^;^l3Nu&A z63mUzTqAQUfVUff7V^s;_8u523Kpp9a>p0YUQtNM|2BInk;(1A(7BXiKogQc#Ded- zFcWuwx&^y9=%Y3qA;NJ8Gh_aAtVj8k>-EgT;=X5oQC?pHHNRtnd!9EBOg2Cr!MUsfH0ys=bUOcEIkZ0M*6Z3mM0mK;G2x!^1!i z0phD4h8|2V5&%46aq_`d0kF%gpH6|8{=oxE*Sw zZ1V6-N0?q(O|izC=nU35E?>!&IS%z~&twJ9v1Dv7P(43ECSvV*HGUhfv;)kixW%@pO%@0I>RWxgx5w`u%~a-f0XE!>tdZ($ zQc;a}MJP&AgX=752SY4AB_vjVOrnH5KA;rbDd8{wE#2dG$+94)){x6Th(ZaN-fvZ} zOM#e&rDaQ-XFRY4hm}))i@m0yEPXrFqQy&Jv{I&%}I=TK;#)!?lfoS z8g?PLZn&-wQoLsPunSR2$&~YIu-u5M=VHSYS!A7r6xac`eMa5~%HTgYhnt1k31wRt z*m49&k`-jKnjc*`y@>r*;06wyQMX?fn(_NGp+9j=CCnPeko($ukmpZR5HvNz2}gGv zs@p*M094xAkcZ;5YcYOZqDNA%vCfNCSbTt5DomyCqZYdeg*+jxMa=wauzaj~Mj4_58v^}%y-Gt$kMz0joTo-tne&I* zr)nQiaNVO$`?7Qp^Ay~}JLf(G_enYpAj%yuS;+~|OOBp+X}wZ_PnxUmOgma*Epd>S zw8I#v8G&GhmG9y<>_?!=6(&_zj+VV*FXz%WywdN8kK4r#%GPJ$pHFZR*?l|CU1x6c zywQ*Bgz`L2`5;6W;u2}fd&^h5=dA3o3kcrbZF!!RH;pnge${8>CLC%85zA_?4q%L+ z-?zCPUktA&z96$^{u`Hlg)MDf!NU@fk`J)8JS&q=2~S2J?OqQ`q&NMQmb{>T(Oqk;;;}ncAd3sVHnBXs z4`%Kj(uP}Ev5(YH@bEx-Z;e6nLk*swTuLsR>2crA-s-mCHaP;mme(M5wlyouJ6aN3vSpQq(r*549ZS&r_auZ z&^RP~jv{*pu*F*AxX?JjZU-jJVu>G=F*t9mFBC*~NRIznoIpTdZ0urj+PG9JlRP2y z^p?%l?@vWesu%Rorbv;$PTfh~Kq4}J?OgpWXJ6VZ_&VYv@3Y_Ee9wL>j-^tmJkR#_ z%KccMDlxcXho`YC1>!XL1tQ#evmv}b!VhX?fE?sU(c5Rg&noKb(YtOeO)W|-N+R>@ zV(wm$9TWsg;Wc_NtH-Zk8Rz1Ks!mr>#SE^c8mPxTz~ymg_M6k%%#;CLv1X~AhnD6ebb@u zM4!@~g>J8MkByz*=n+ZqD@2=j}L7h6nDhy&Ly2^~1rL!FjZW z0N7ow)3*V2+B}0F`Sa%rSaivc2SOWyU)^9z-Z81`dhUzMqAG!# zhi%CJkrEDZ*p^`q1;2s{;08gfk`pzzqcB4pb^n)x!BV-T2`g9hIR8kWhdQ2{_0Hp% z#ib7SGtwApRxelxxUS(%%5FgA)$4Vy-C@g5wWOhXWyPpmgingAzCV$vnRj7oSX zKxqWpDchC*jaYw)zpfnkRJB#|w+AkV=5|&UMDSpdwhH*T4XwF8%b~B{`IfLXj?0p; z!88z;xyD}8V5D2&j>1np1Y&a5m4;b@P)$L zq<9R%WxbGt_?+Gy!4NPzpH0c+-tb5^QQ{VUmP5hdjrjsSIu*ruTr;a4kh)h4JbsxE z{_NaD_OlX^hwhO&uW0Rcsm-1`m)6u8rK;hZ%ZWDDYqa(1%!iV{y`@zQb9CVZFt=XI z25_z-xwOXzxJo2WlYywR!j&YOU~mbWqNG>I7!sYPm)?G76R3B$V9rdBqV6dxuG-p%%kH6wZu3^z<| z6*?g;hJ?Km=wgF|EhK6&q@}{Yvv~oXNclGk$^&!MKl4YKp;u`43;lE+k?6K zG5p-A@b%keKq=(dliU}!1cm>;xzj^*J7)hd%Yz()1zfqeK&)~72!yRPe}Q`km-JSG zKDoQhJ)uBtGx6yyDH`}Q8ar{P4tN)@TAs9)GCKH>;2iQm+apJjSDPWLe_E9Yrx7H^ zxy^j@e+0V?PF=IgV-gmC@Wxr1a}}>z>Za+kPa|+*dcu~1=g-3P53{CSr=G7bF+9%7 zzRPN1#9EwO5%e4?7YamXJuH{uMZ@PhvYhej@ z@+QzV1Omb!w+ug)ulgt?4<*zIVv*-an*;ex_)N;Q`@!r|9nUV;X8^Yeqn#p`123M^ zX-I5k3^a|BPL-mv)yic6vUU{}ye+JbC~M^2-m27MIG7d^Kb5blSI2Qd9hfD2L&E4$ z*1U^#l7>I4=*$8>xWpAC{OHUrw8=IXU4&>?xie)UToydlYC=^+wTdf`aiw3|ASqf! z6k?E)5=D%GSHh|g47Dn*X=HVO+ps9>Rr-OhG&VYr{_qYGVU5cI=B`t?7^F7*iO#HxpUyM z_Hqc5d8|9v19w8}f58GwWw?hA4$&^RX#)7H`yJZ=Pow?B&?)_VU_t(Mj#) zOZMt?(vRLyIixP^96b)BmK-qlD7asjoz+%Vy~sx-6;HeQIk}RT6!9R?&i-kOaQVV_eKf!0qb*!g_ zpKnvczdQlex2-rVbzJsA7EEze|6zqf^o3zEwSn?B(F(mGWHr>L_u-N4^YfqH_*E%C zgmbSIP*7L*Zu|#GpH2htICm^lhoM%j2DjrR!-t-k*35DP3-_d=uoEOC7&N2>vmC0! zP7r}wmU>03=FB3ClXTuP)@5loYsCJX;|u));57?R^wsS zyAJ^wLbtF`!FU=Hh$Wg{-=I;^q^i?+jnqi&#Ky}SvZ)U}Uh^Mo$Jnvy6n^El~}pC!&va^9+(ma|(Y zd{ZYpik&5F_ISFu!ib@uKkSb*86zBNe^j=VP5m zYp>%5B@?;-W&rI}iWH6JytVkrsUPKl`+KA0EUbnisqy)cXh*V7HHB`1&g9@B&IU1L z>@{sFP$j&KJ?YL2{#pR>@5DPh`wV(ahHKtvjgC^lfz|iqe0a99`+f}Q83giqX>><= z#L4|u6flaG(Y^S!Dv%U#^vJ#+Mf*2~n@fUofX$T%-8rlAz33;gmutGC4yAFhrqlA= zYm65in@gGP?|zv?AI1bO$XME*;H_p~7s2g*Ermx&G?E{Ess=|4bA&iU zsPHv;_%auquOv!NyFwf#oWDOvAXZb}Dhz`l?95DH`B6GT`J!C_m*2fhmO~*fx$O}R zz|pxtRn`!gEiL5@4LGb@)>(Nw@*dy0x;p&Pf2r^QBj^tMs0QM;5A@ccd@i`7?t{bq zdf}pnX_HqIAns&QKzer@B(! z^SPvI>ePJ@)MZ1TqtCZypaLGqwlWAwrRl036@CRrbqhjKsI+6x)2JBl*Y?2NuSx={ zz4`N7;qD7KXDhn;&6gR98QcQlEDl!!tQN6__s|M^DsGa!$KP?36<_Myb->YISmT-< zR2T>=oU|Suce>36r2_VbX2?#p?TUIqw^r{s;M%fm(Hk%S7DZ0Gl>p8y2C58*OCFU? z0#;9MM3)Vd42Z!Swe7^})j*}_-5BXVj|WK}88QiK7r&1`x61Z5r8iT_{h#mDmQ-#x zoT29FTpe1v^JS`HcgL006CU2y^-Ha-TaSNZ?yo`IY}nVi`mH*fr8$p~H{pF(+f0_} z{}P``-hBS;i5C0a$tkgW&sX#6cW1PIsI;2$6h?eVE==%ACLQGw)9Dv(d}$xY?TF*n zZYjhCufP#nV(F8Pe=|O`InItGAxY26r?}9%3lyR(aWW z;}HnQFW9zR=LGc#FK}4on@P!Wy3>H-vD{K;9OMO^Ejh-$TQ%ZetR(fe{~<===!DfI zF{Y+vnC18}k|;Tkalxb&*;sL=Jdtz^wNb=Bg^xGHOaL%W$uLkSD8G$g>P$9K`4<9~!&xVO<-1Z^LV zp139LUa|EuTJY=BWx;_W8tt`>lQgye&(CAG`!9Z!p40+~&A)YPxy@hQ?!R}7zvz~O zvdA5$+iX&BVk?icP&3cJt4H^wO{W)B?E8GSZfpv#VWxhJZEIWDg0m$qm8N{x(Y>}& zZNJW&=jkD4)XD#~$G=+l-bLs%3l+8CYIJqT!E#2azAQDfLhNl~tTW%tCEs9NzRPt9 zo!>K`+x%XKqzB+mA_Si2Up=jm_Hg#kx1@c=Zd<8=PN0#yuB z-$YOpZkv01RkIm*JLHw2f9l{&AAh~Yj2I|mH4y@($phwQ)ePG_N7)KQ&~LF3vT6E- zIQ5u7_M!+@Qz4LBIh`4qnv3po%Dp zLtWD=D#EQ)4nby$=NVVDOW~|wQg@Qb3}l~1)0DD1H%}MRVecEv);T`JfhlUBX-xPVaO+(f(vdQ#|Y0I4)~Bt#Vii)!7ru?pwAo z)Bq95&~7G86u3ZQLqik-7|@MpMMw)a+G6AK>4$m_sB7p#`phn!4SMA*%#~?%z!{mZ zF#5{U@WSL|qu>mbNf`u@&MKP8(cH6c+E8)2{kTa~j1L;X-a~h5FjdXJfQD;7-?yp# zhCsH>nbJ@sfyq*9JfAPNiBz|8JmiaZ(Niv!y2FMW3%g8!AW6@TZg!9WhJ|`4@<{6; z63al%+*le-H?Z9gcwg}nMncnRPV}T|DDmzM;l6+;t>SyI(ZCOlY|}+9^wR`!)y-k? z6xipDLS75GAZObIYUKB+hJVh$Y#ZMo<6@)Q!dew_;KF{V;V^9k9vcft(K`vEWwH7U z3r+R)YX8l->x?+d6Zs5cJZ_*_$nmD6w();0F^e>ip>i!{n{(iZE}4G%7i-sdkSs>*TA(idch23in# zF=pc=tB>;vtV!dmLKDgd#2hx50-Q!essk$IFUezcYejv$Amz^~cBij_Gk35)!y3WJF_Q z{it5_(ECD)97S*j;+oufpHjn@QzL28IBQ>0Cu zSQD4K?B=dP>?7m-mE7$!=C&~?Gc|2$aj#XOsw$&LQdi1%qi!S>bO!I$%xCfoB3R$_ z1n%8Addgzc7I4xQr2GU9UKujs&B5$+CWLVlA=4N4A{xXXWUsz;R4+?`Xe{1ZT7Grh z#))d8!v%{SOKD3UD8b=RR7EUWs;AMxu4AL^4}-(fAdNtx#9gN0^k}BUd^gZPh$F8k zMoY@w`dR&DK7qU}6|#_J!SZKBcdIB~q}VXz_E99to~9)mC6#+>WI!#3+0SR_3Ehvd<%2=q17$Ku+h&e;AKop>{;mk>^!UgqxidP?0_Krk> zU>MKHLn4s=HBt3weMHn$ZhRG4WB99SC_9VlwOY@_E6gP^HI95{BSlE?=qPJwB4r{T zWBySZnb))u_x;+laFf41r(#-Gl!56XUA`E|^U?K?dfLl;XCq9Sv(jqXN%2h;!p#Ur z|3#O;M8#;U{vZcSfOI0f-5@?>CpMbE?9BikvhaoC%6*F3;;IPj-7CyfU-e#uP-*XM z0a8hB$M6UmqOJVj>G2vlbr|uZsEWjOS+cxZ6vX%%C)otROD+v1ozQ1iK6BNU_FJ0% zz;BL?qENik1MK~XD)PbefN<*%Z9yx7O(czm*3+dm$Y4g8g@kt2NuM>=Y=rVmj0H-w zzr4L;tT(e&;1f=8-~0g=bM0xKcttUGCI1bGF)_uQVzBu#K+5Q*8xKzwQ^whhiZ&NZ zJVFL3sw%YXJua*tvk>E-cuk?Y#-RgfBT9Wq{BCMV8OHo@DfUs8;1wW zA~>n54gy2y65({xp8`+#K|3qx+z9Ze^>$b2S*NP2VR zA!-qKWG5+hRfL@aQ@UGtRR9{!1aa+9uL#~0;JeIOdA;&H0LDKfUWYLbm75njeeM?r z>M!Y>sSO;Z(b25A(GaMIGxQtARcrUO%Ad);8H<@o#;8}kZ{zg^Kz5q(`rZ-*(!=4q z1OU`KvF`iW(HP4n!diUGgtH$M3p_NP)`mX$L z$aT#~xaU4#sY3KJGW4);Ez3*Y*fPX@JpNbgFsmhL8y7dLBM}8B0M@B5yGZ*M zz*?0TRT?!=ZA+5@CqZ=Uju?CofjYeEjnary1rY9F!-ish+>_yBLZ-JCgA$PXVy(|_i5 zCJ7uwiol^umVBuhzIvE!3p04TDHf2y`ZcC9S)t$kp^uL%q`&P>(ojKN_vbT zx+%|DKMu~nH>^mu;CT6l)@b@njFDojQUEPd#+virN><}5B5MRyOS1BKSUwnB>nOsIV)TpVL!1T;ucCH8xb;*=)~hQj>O;pW&Sr2_ z;vf9pcQX)$Or8R!#vkp-ku1!Xi{NCHz@ydcRXl9g{La1NVUhb9H`@~}hT9?Q;=I>% z1kJX^uCOikGDN)0yF~X`~7(8WWjzly_ zT5gqZXN7n%g8xHY13DLDK`;D-#zTe#-uzn$H>NYEI60OINuNR5ln#YQ?Nu1w5bX=wqMfM+j3ul&^h zCoo2@2MXSAwV4?QGnG;XLI8CNJ_*l^dtBqtHkyYC2Y7hbDj`-QaE}1o>?vS7btgrq zS*|n~YfcGL0sVH%@D!*31J4xhU2e{h#$o~TGEnOQTHKRMZzTc|DLT7WFCyOL<;;(> zO6>;NBP}rQe(J#RZvW#944QC*P|oT5MtHHgG7J8X)b)RFFw!swt&fW1&AlaviXE9K zajsfbpm@oH*1(Jp1(Y74o=I^$n!ql^gy)@!!Y>&_4dp~oqUn-m8p)bSw~ZA3U(&D1 zH>RTQD(?o~Rv_FcLZwqCxwxt$tmuQ`NLsQVKC*%UxByM0yg47Ut1`Zu?fSpdq`1P1 zAe29ae6&MC{5)14_UKC4RmcVTt&vp7`2+gp6QJLoY*=g#ksYjT2P!c}H@v%M%@hC4 zmtubWMMi)=9g9DuCeYuol&G#i8vOPqtCMz8sNO`;YMnVx1xiQ~L(eeu!2m4r(0y>K zu$o4?{MG9D(=)p?>rUHDoUy@rOyKNV%s3lMRfDh_%Js%4QQt#!{Hm4Cd3z2T z3Q3(bDnejQHZ%Rwm>g;1W5lMk zM3QAPGWNu6b}gMMpOC$qL1V^zyT$Z%BhK}crlKXqLWiK68i|Le%e?VFG!9w z20A!G@mmBFG@zP=R=_-tPk>7ig%q8Qc@mS3jVz~3L~uOYagzsZaBi4*6B?b(wxnlr-<>ZqVxbCDX(yztZ(#L$A+9`(UI zmd)3RPN$drrxL?L)^8()+!%ZF;K)pUGA|LAF@b?_W_4vO=Zuu+jV;N}uMuQA_=;%8 zdgnB#2jK!XMr~Qc1uq4>4N>3!e@sUXR2Hy6VKF&~G6SkXT?HkBEJBn8tFcZKH-3qZ zt1P=b#zL+qg4oU1Af%r=TmdO7*5^a&KMAr%S3I~uD;AV% z9wGo8?OX%eJr0Pi;Eg-P=aL3@=^iJ9(+^dq#4sq=EGA&0QqSLdp@^pLct+0E z#>n$W7qdpcjOr)1$MZIp4STW{b5b})ywgt-kWPPnI{f>i1<~Bf;WOc;`#;93^&fJC zoYxAZtY(bWbrvm6pUcSp*R1}F!L9Ly>aMVHaN_HNHyCqya+%?Qb}iRI9-^0ljk@mL zXBIxC(}h{7b6(GXymRP_y+ z=8|Lk`wzKAg$M#%SN3dek#R~hDQ%=ME@rB+ZmL@29lD#RA1qw$R{|A=9lyT?&Jo+q z)=SpyEt00!?P0iOczhL6S@6mo%Gxo~0CO&TfsToz+!=DiQ;gTHqpFQ5YOjzYJ*l_t zgu}quQXsVgc!_#{f^@N6Yk!`%hY(bwNw}8HwRzqw%i>ar3NiRt6fr z*GG~jl9_*k2?C39LKNm35?wPK>%JwI58d80bI`(;EO#fwRpsRkCby67J2QTZc2lS< z=;eX_cC?>=`~lA)20hR*%ziynN`z}FTR~HsSKgPz&zaZ#xsXPh3!XarzL7N6p>LFO z_Y;F<(?rEHa8tEuYua-2@rNp}cCE8`>yj5j-ToYnuInyaGXUlgG{+XZabD5|!nP=O zDuT+wWnlAfk@w{DIrBUrw?cXU)`j4X$O9a`M13xFMyDti^v+%A{{$d<5AG4+x)={z zB15aP+&Lm5QDdgTSd}ypa8Xi?axB#)BhIRH_;|-M(KeSJ*6)RzfMPoznWx4UsVqw> znJK?j>)VTwt1lKa7QR)pEIhFcoMnyv){+O>JRCYUIwa!IkAuTHXF z=4g+!>D&E}=1!XD`*L}^h40@Y&L$j2#jGDyJ$Ct>5!(&pA?wSb8q%r^EaeK_!=;l_xoUBsPdr|FGOc^9P20Y(6H;fGJ(6x5fJJ{OC9U6AA9r#X& zlB4}X{|s9X%NvYRcxbM!CuKNFta%sZJ(W>?=90%mQIenNzDtj<9WNFBZ;|gjgs`pt zxM|)93941j2la1Fq-a*i>^_{LkbH!OZcd}KnaPrNG)6l#{-J%JaWC+Pe`!}yhYB43 zp3st$fNsjAJZ_?WR{eH_4d;smAD|_9!p;2Uh@zU)qHkmE|Cu=v&Ti5HdlK7gd|tVs z-`}WwX%DXBJ9AnoCOQo~wwmpAWvU ztZDA@`w(AJwjlIlXCNdFv6m<0)Mx}bcP+V%il?WUz>n}xFo1Q?VBl6{d_K=Ne|x>H%FTBY4Pc; zI}(1sm{alJ=$V2k2q2jevy2K}LM_evG}f^kV9Mxv;wNM)Th{JZ&o^YouAZ4-q8 zp#Yz%@8fI-Y3peWD)&PSS7$A=KN`n^YY_CrjkHmIzy1*WH+e(oX!7se6+C})JFNjG zdaeT4qY&lO(Isstu*9;j`LVk&iJ4~qGH|K{(mM*64kj+Q>XrN6<0Q>{%g`XxHnP! zU@WgZgdI3+(_)zOzv0Ya5qY^(dtoda=Wcqy}tv#HhNV$ZS|%$>t+2kzospmH(Lq%R&d*YB%HDndA#DMLRW)mz4)H z>|NhpU(=YcyTu`iAjy8m0{Go-V8qACTtUqdcC8N&;OaWH8eaHaGJfm8hYp6n~IJkYVbkl7FR5 zj#q7uvkGOQ5htH|zLZH_spY!NXnnuve<;pFeP2FA2141(cWKG59fkP*iGmHkLLnLN zf%WI=OpZOtNg*e)Yl_^^;Bd_hlZja_)?ILq>ivSq3KrkQD$t3Dzj*Uf<_bCkB8rkD zZ$BV-Veng;YeOUR8R(>pzT2EHvN_(e83j||^>xQp!4$%q?j_q%rkaxMPYJk)BV`EfJkPm;lY=y;ouGyp4b-Kc4BiR@WX=f_4zm4X_6m7Jku%NrwUksxz6*Ivn5YuS?WK_;40AdD<-?VC7Ne; zK=rC7aqo3|rPUGe;rqv~jSio&`Q&KW7qjL3t#vZKqVyGd+)Bx79HHBKF6n=9ZQ9`l zLnBtXu00Y>=W}W`8TSs=)yE6BuvKlRZp=fNX>fs0yrOIsd_E-ngl6gcAur;=#=}2{ zVN7drw@4+*1iV%Klp|RZAb> z*dx}O zY)1*fi9WCC)f*GWJ}5=Fm70s`aK`?Lx)4*5*$o$W|p@=cf4NxYW}m zjQkvt0p+MU6P_GrwS2)u!ep5ln;J8+Mzw6p*+iY$3^ z-ycpCO|DlYkE_fby=*d^d*fmpvSJSh%*Oqj7}chIm~;Gon3=FmDUJ56jt(DSC<>U?AM*5lN}%8ye)>4Vu-7*$!;Im%9b-vM+eMBBm&rsmkt_s{%dBi~Sl3Z+JJsh3 zkX5o3UHBTjRnE9adk4wOQ%GrYny8b}@5Kg5%00TP{(z^$ahCTm_1tNQ8yS;*tH1w$ zthOSQDe>CrGOZ1R#fH<z;5Z!1VPqtfQHnL@a^RsoOyr#5=#H_U{qlj zLWkRuWwuip1Uo;ufz)%!agxSybnT*xWy z-kCch98T{_s{_@EF^6Z=lB24;Agrhz&PN*{QCazarQvX0n?|8|q-2G#I;63p{y11C zGo|gaW1+mWvx8Q{=8lSW7jD)HLOZCZ|@SOjluXS{bSGn55la7SZe6&#IXP`r*GuhArMr!q&CP1zez*Sa=CO4>F(IpbVxpDz zp)n7i*S%l!j4-Ai{24q2QCb-*dGMR*t6;Bt@w?*iXTU9>Sjs#RhqZfN^VxTQrv0$u zgjHk9b1D1F+sumwp3CQ>coKGdr%1`A38*7K$2ol^0ikH;w4Y5XiADURL{-s66m)YM zjUt~7Y6&bR3*Y@%&WJb=d>^Brv%uZqOPS{Te9$#1M8wtp2lGBA9p&Vj62z0RT}dPf z(`PH7-6%znYK(cgu{ISh;7Bl>*H#A)m23^ttOIQkZzrbSC9y&*+Q50yuR zN+OQz630`EoPeE4E-8M#4$bS-TZ<>r*v;RL(jPz2HlI0z-yGWQCh!v!7|!t&sPw<=C6Oan3fTS#04Vrr66lM%g06j35!8^xK5pA z%WYDVE=ZCdTpNz<-=`4HXr35;q;0ewSz@L*h~0a0{$z8>eDg7Cf%5W-Z2{%MX8RA+ z&UiTgYQpdKFkI(;&HjwdsU8f20xDM7yxwuX;Sl3BwEpP2UHf~&W#%zlr`@FL)};J@eVEFT_vq6An<#qG5(G_o#Q}o8 z2St4RHY(|vdZW6WkA`2SsJAQUIiHc-3ws?Fjo3D<6#8K-VF)O+_o~|P!PZ+k?nuUt z*N5E;w!07av9d2q%*TP zjb+Sghwm(lAFc0m$vC6>zCACeY8vL-4cM8iJ&n5I<%omsPONq%SE^nBgZA_Lg2xb{ zdAUK)=SQ#7qGVkO2{12j5j?T%zt4uBEh>tVAA)s3U&^*5fPa^+#93isVduY}RwkFb zliZ(YSZ-H?@QkO6Rn~6;nN%~;mzv#z(s-@90mx;=!$S?=;MZ;!qZY9JhoR?jOz7KW zBg(E*OC;d1Y`RqPc4k;x=^MBEVbf=`;l#4PX0OZ2${bHurAoC*qGO$ULUBx=dLsxO zFLyPxe>pS4LAyM0d{(Ar@8Q9#qh)moYyLX`K^&WuALSZO8BI^bESv|(?xfVid3|L32t;VUf ze_DPEkA3xIJ_Iz7XSdLx-e_-7a|F1b|2Bl{HQIM2bLbi0mE#$2{56o4j|@Ke`-4y& zcBDJ%F!wgN)p0E_e6*qAt>O=O{R}z-i9$W>DHOBDZo$3D^DJH-a6LvY{r*jBvDoe> z>bgIp@YrnV>)WagFe*j(tS8=8TTjxZO8QFx1|qcm*($E)ikYJNdPt^-o1&{qnNlr2xH_bCO#zyG!C#S6cZax2AZ+3xv`M9`RTrXl&iVSNLtGHAgSy`~IibxH2- zO^bT_>dD~oVuvd@$*C(4<<#iq%E+|Va;-ZgUr)sSP+JZf@7fOsnTq{u_wxylj0{9Z z!_{7(b3dAAq@x*XGVN2GYxQzbrxHPRGy7suu|WvZ|{?&X^j<%g|&~tsTb`EY1<LK_t7f(% zc$_drO8$iHX$F#!POVh80m-aj5j?N|S)mXy?p^m+oAl(m9sD)1VEENNB+py>sZu{+B!x?kPn3dHu^(Iij=|U; zzus4Q)sq|WbphwMA!eBwI4hBc&yWAqsCwMJVI<*`DAsUgPUUuWH*p0?Lg3p62>5##iOU z)pRgWh3+rPzoxL?kz3WD?+Aq4&gln7xOxR#&K75c@8c0|_CT?T(yS4gsKPps90pK* zRBrMET0F9oc`ugeYxK_C8?*xWY>kgM!Zw!y;&+KT^l3}3uR$zZ-9=986_0m%Te{a&5IubmAGl-9szmBAv7B*0w6(yLt*RAUt8C~gQIMLT04ZRqkU|#iOCpjg2(;#`_4ka2J`eZS)uqWX6YaL zDJP2_?`J!36PQ#868JXyzlCucG_ z$QFh2t`}nlb0MTh`&Seu8x2|9R%-;Qjn<%wg(hN>fvQj&7m`j&A~znzYV$w3@aO~e zMbEjq2X1Kpmg9c6#qI8)7a2cpOWB;gNF+;3nP=C=*={PshX3=9edYBq6k)duCOCG>jKlA=&I~=laZ}r~d$MQD7sXPh%%rU=s8W~DaE*ji2|@X3PWEznII z;cuhWNX4kpE*Lfh+s|+)c~wa#^z_$f#3TCt-K5oLcp4Z>g)R352uv)Y(lYyZK`f&`%yl zVOH>RlOJ01^&yVr?H$)zn4~{8>^91%OO4ux0Cs)ru$t2GEH3tZ`SX;mi)PKk|Bm8u z-($R!u<3cE#Bsp^78B=;GwexbL5T+X$3j!ju}QmDCYp&DMZ!T6=QNfnZ2C9J-UORk zOdDMxLC}u}d@T(M!=}Q_YH@XAcAT2-OXZ~~8tN{E?6f*>y%q99rKgAVDWzDLw|eTh zYQwn z!Jl&R@WxgVy6sD639bY-U+wqk z;gCx`K~-{{qCQTnFa4c3Zxfh!O~2=JBx*eCE*d?K+s%?Vnx#?{1saI4v5CzDuu947 z0VlpYqNa2^Pd6*1_;Hq6C_;t|_$|4?^gO1xl$R1>U(Nc(eQqNC%0#mQG%X8@qy-x8 zx|;D;*`fU|JDlBn(>sojo~T=e4(mpN8v|)}aUF(_|7^IeF;qRE>6rzTUG7LION+Y?l1x=hb^W}fOtd0J2S*KBIuT}PcvGu&UF|8sU@|vN%7xuDn)tWSb2qTf%O!0ii>9NoAmG?n3 z40eGC#;5*B<@XU7&E%)B9L)?F?R8s}aG)N|5~Q&-zEjrE3Arj(&cZYs_||iy{jKk` zEqBAhtdXCYnF3(Cq2rLxgzexD`V zXuAtpmNP9W{U>|-%E4)dG4OtIwm24$Q-lTwD*?G3M83%t;{t<>RjntkC#;W9q{ZXN zeXhj{?{K9N4`PTM!e|kjk%E@SVkQDzm`P-K?35?09na*!DY%hlVP);Uzzd&kHP;b? zu@JBMxT87q&ZKG#ZsD^V7h+cKgc*LKr)d0lYS;785Cp$)Twn@-J1@9Xtu$ZiO4pI% zsy$r7!aT>X&V6umD85zMTF29|t#6q8t1VhTt1FsIDm*S6TW5@d%*N-{7HQ{PPtF1z zNBlBd*=27L9~(O!7OjB4+a2P^Vh%pwe;O=29R8r>ZDJo;|CfCQVUsF9G)$>C*!0+jht?7 zmq+`lxcbL^OF65}=QI-^<&vGmsXjE4pGhVoS;P|3EJtyowHW{MbeeufOcyTnR`mf# zifBgMa1c6k?{9^_m)>Zkw52Dd&q26&uhtN<>NGX2Maw9RA5U;%Y(9_N=6(J3laUt& zz<0#X5@`sdp0hiet-`B=oluoN^dIE=ZVs-IT@jqNYW7uFl0$#+5it`F4UUB2H5`A9 z;I-^xfa@k$z9FkG8BIr?-X06HaoO&<6viULGMPX0;&x+#9`Es*oY(DDQ?z{F6Z%*T zGV+$(Z5u2&d(%#H3Daz^eq+>1egAr>TRt-*Bc_VM-5Vw(jV2{Dr5H{!te~b>dzUjq;OvV`g%pKCewRyOxpb4)fdCN+an#c;V&Kdr zLS(p?tHyw;qm zUHzLyboR(>H!{W%*uCytleM7Ib)i%=3*Sjdj=oELKiC|#i}_dKX*94<`am7 zA*F)NI7fA>u`v}DY3W6gF}(!%sag>B$P}kvAwGu9=DI-uzV%z?6RdWO$am;jH@69@PYt6zw#NG0)YM4@!Q4E}mFd>0}3P}zXOF7)vFGfm@@@#Zvx^LkLfwkgu9 zaT&3)HOko#`qqjtb-r@CF+x6Iu-e?XYxj(29CItFk}-PkN?Yl^YJ?qcMQrRIUGU5t zyf#zz&2g=*{vu~4oGy$r@epv7rk-(5>)`8us!f^2`c{K9b}R*kOV5Ebju;aMSu*qv z&#)BDazAsM@KHTTEva-sRcTUh%;@xGikFfu7o%;6tMIhL7jBX~N=Z(qGZdxD=?^X{ z;!}g0N&9l}vA%!*p5^aP_4bk3N@-XGr3`AVRvx$BP-@&a=FFr}(hqN+3(Wk4KZI8P!o+;mW^iq@PysWg8o>D%kn<0 zxqu@PV^Ppdv5>#W4MKE}d?=B;N;_6Soq5f-G02KsY}dpuO$w3sq*Y46$5^NV1HtgAew4nPjT~=knRfS f#50f67esF^p$goeg+#zj!w3oxRoO~uNote: You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media. 2. On the computer you wish to convert, double-click the disk2vhd utility to start the graphical user interface. @@ -272,11 +274,13 @@ The lab architecture is summarized in the following diagram: Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2008 R2. For more information, see [Appendix A: Configuring Hyper-V settings on 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2). -1. Open an elevated Windows PowerShell window and type the following command to create a virtual switch named "poc-internal": +1. Open an elevated Windows PowerShell window and type the following command to create two virtual switches named "poc-internal" and "poc-external": ``` New-VMSwitch -Name poc-internal -SwitchType Internal -Notes "PoC Network" + New-VMSwitch -Name poc-external -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and $_.NdisPhysicalMedium -eq 14}).Name -Notes "PoC External" ``` + **Note**: Since an external virtual switch is associated to a physical NIC on the Hyper-V host, this NIC must be specified. If your Hyper-V host is dual-homed and both interfaces are up, the second command above will fail. In this case, you will need to edit the previous command and insert the specific value desired for the -NetAdapterName option (the name of the network interface you wish to use). 2. At the elevated Windows PowerShell prompt, type the following command to determine the megabytes of RAM that are currently available on the Hyper-V host: @@ -293,16 +297,24 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 ``` In this example, VMs must use a maximum of 2700 MB of RAM so that you can run four VMs simultaneously. -4. At the elevated Windows PowerShell prompt, type the following command to create two new VMs. **Important**: Replace the value of 2700MB with the RAM value that you calculated in the previous step: +4. At the elevated Windows PowerShell prompt, type the following command to create three new VMs. The fourth VM will be added later. **Important**: Replace the value of 2700MB in the first command below with the RAM value that you calculated in the previous step: ``` $maxRAM = 2700MB New-VM –Name "2012R2-DC1" –VHDPath c:\vhd\2012R2-poc-1.vhd -SwitchName poc-internal Set-VMMemory -VMName "2012R2-DC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 - New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc-internal + New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc-internal,poc-external Set-VMMemory -VMName "2012R2-SRV1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 + New-VM –Name "PC1" –VHDPath c:\vhd\w7.vhdx -SwitchName poc-internal + Set-VMMemory -VMName "PC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 ``` - + +^^^^^^^ +Stopping right here for now. I need to change: +New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc-internal,poc-external +--this won't work as written. I need to figure out how to add a VM with two NICs, or add a NIC to an existing VM via PowerShell + + ### Configure Windows Server 2012 R2 VHDs 1. Open an elevated Windows PowerShell window on the Hyper-V host and start the first VM by typing the following command: @@ -310,40 +322,115 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 ``` Start-VM 2012R2-DC1 ``` -2. Wait for the VM to complete starting up, and then connect to it either using the Hyper-V Manager console (virtmgmt.msc) or using an elevated command prompt: +2. Wait for the VM to complete starting up, and then connect to it either using the Hyper-V Manager console (virtmgmt.msc) or using an elevated command prompt on the Hyper-V host: ``` vmconnect localhost 2012R2-DC1 ``` -3. If the VM is configured as described in this guide, it will currently be assigned an APIPA address, have a randomly generated hostname, and a single network adapter named "Ethernet." At an elevated Windows PowerShell prompt on the VM, type the following commands to provide a new hostname and configure a static IP address and gateway: +3. Accept the default settings, read license terms and accept them, provide an administrator password of **pass@word1**, and click **Finish**. +4. If the VM is configured as described in this guide, it will currently be assigned an APIPA address, have a randomly generated hostname, and a single network adapter named "Ethernet." At an elevated Windows PowerShell prompt on the VM, type the following commands to provide a new hostname and configure a static IP address and gateway: ``` Rename-Computer DC1 New-NetIPAddress –InterfaceAlias Ethernet –IPAddress 192.168.0.1 –PrefixLength 24 -DefaultGateway 192.168.0.2 ``` -4. Install the Active Directory Domain Services role by typing the following command at an elevated Windows PowerShell prompt: + **Note**: The default gateway will be added to a member server at 192.168.0.2 later in this guide. +5. Install the Active Directory Domain Services role by typing the following command at an elevated Windows PowerShell prompt: ``` Install-WindowsFeature -Name AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools ``` -5. Before promoting the server to a Domain Controller, you must reboot so that the name change in step 3 above takes effect: +6. Before promoting the server to a Domain Controller, you must reboot so that the name change in step 3 above takes effect: ``` shutdown /r ``` -5. When the VM has rebooted, sign in again and open an elevated Windows PowerShell prompt. Now you can promote the server to be a domain controller. The directory services restore mode password must be entered as a secure string: +7. When the VM has rebooted, sign in again and open an elevated Windows PowerShell prompt. Now you can promote the server to be a domain controller. The directory services restore mode password must be entered as a secure string: ``` $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force Install-ADDSForest -DomainName contoso.com -InstallDns -SafeModeAdministratorPassword $pass -Force ``` Ignore any warnings that are displayed. The computer will automatically reboot upon completion. -6. When the reboot has completed, sign in again and open an elevated Windows PowerShell prompt so that you can add the DHCP Server role: +8. When the reboot has completed, sign in using the CONTOSO\Administrator account, open an elevated Windows PowerShell prompt, and use the following commands to add the DHCP Server role, authorize it in Active Directory, and supress the post-install alert: ``` - + Add-WindowsFeature -Name DHCP -IncludeManagementTools + netsh dhcp add securitygroups + Restart-Service DHCPServer + Add-DhcpServerInDC dc1.contoso.com 192.168.0.1 + Set-ItemProperty –Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles\12 –Name ConfigurationState –Value 2 ``` +9. Next, add a DHCP scope and set option values: + ``` + Add-DhcpServerv4Scope -Name "PoC Scope" -StartRange 192.168.0.100 -EndRange 192.168.0.199 -SubnetMask 255.255.255.0 -Description "Windows 10 PoC" -State Active + Set-DhcpServerv4OptionValue -ScopeId 192.168.0.0 -DnsDomain contoso.com -Router 192.168.0.2 -DnsServer 192.168.0.1,192.168.0.2 -Force + ``` + **Note**: The -Force option is necessary when adding scope options to skip validation of 192.168.0.2 as a DNS server because we have not configured it yet. The scope should immediately begin issuing leases on the PoC network. The first DHCP lease that will be issued is to vEthernet interface on the Hyper-V host, which is a member of the internal network. +10. Lastly, add a user account to the contoso.com domain that can be used with client computers: + ``` + New-ADUser -Name "User1" -UserPrincipalName user1 -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true + ``` +11. Minimize the 2012-DC1 VM window but **do not stop** the VM. + + Next, the client VM will be started and joined to the contoso.com domain. This is done before adding a gateway to the PoC network so that there is no danger of duplicate DNS registrations for the physical client and its cloned VM in the corporate domain. + +12. Using an elevated Windows PowerShell prompt on the Hyper-V host, start the client VM, and connect to it: + ``` + Start-VM PC1 + vmconnect localhost PC1 + ``` +13. Sign on to the client VM using an account that has local administrator rights. **Note**:The client VM will be disconnected from its current domain, so you cannot use a domain account to sign on unless these credentials are cached and the use of cached credentials is permitted by Group Policy. If cached credentials are available and permitted, you can use these credentials to sign in. +14. After signing in, the operating system detects that it is running in a new environment. New drivers will be automatically installed, including the network adapter driver. The network adapter driver must be updated before you can proceed, so that you will be able to join the contoso.com domain. Depending on the resources allocated to the VM, this might take a few minutes. + + ![PoC](images/installing-drivers.png) + +15. When the new network adapter driver has completed installation, you will receive an alert to set a network location for the contoso.com network. Select **Work network**. If you receive an alert that a restart is required, click **Restart Later**. +16. Open an elevated Windows PowerShell prompt on the client VM and verify that the client VM can communicate with the consoto.com domain controller. **Note**: If the client was configured with a static address, you must change this to a dynamic one: + ``` + ping dc1.contoso.com + + Pingng dc1.contoso.com [192.168.0.1] with 32 bytes of data: + Reply from 192.168.0.1: bytes=32 time<1ms TTL=128 + Reply from 192.168.0.1: bytes=32 time<1ms TTL=128 + Reply from 192.168.0.1: bytes=32 time<1ms TTL=128 + Reply from 192.168.0.1: bytes=32 time<1ms TTL=128 + + nltest /dsgetdc:contoso + DC: \\DC1 + Address: \\192.168.0.1 + Dom Guid: fdbd0643-d664-411b-aea0-fe343d7670a8 + Dom Name: CONTOSO + Forest Name: contoso.com + Dc Site Name: Default-First-Site-Name + Our Site Name: Default-First-Site-Name + Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_FOREST CLOSE_SITE FULL_SECRET WS 0xC000 + ``` +17. From an elevated Windows PowerShell prompt, type the following commands to forcibly remove the computer from its previous domain, join the contoso.com domain, and then restart the computer: + ``` + cmd /c start /B /W wmic /interactive:off ComputerSystem Where "Name='%computername%'" Call UnJoinDomainOrWorkgroup FUnjoinOptions=0 + $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force + $user = "contoso\administrator" + $cred = New-Object System.Management.Automation.PSCredential($user,$pass) + Add-Computer -DomainName contoso -Credential $cred + shutdown /r + ``` +18. After the computer restarts, sign in to the contoso.com domain with the (user1) account you created in step 8. +19. Minimize the client VM and but do not turn it off while the second Windows Server 2012 R2 VM is configured. This ensures that the Hyper-V host has enough resources to run all VMs simultaneously. Next, the member server VM will be started, joined to the contoso.com domain, and configured with RRAS and DNS services. +20. On the Hyper-V host computer at an elevated Windows PowerShell prompt, type the following commands: + ``` + Start-VM 2012R2-SRV1 + vmconnect localhost 2012R2-SRV1 + ``` +21. Accept the default settings, read license terms and accept them, provide an administrator password of **pass@word1**, and click **Finish**. When you are prompted about finding PCs, devices, and content on the network, click **Yes**. +22. Sign in to the member server VM using the Administrator account, open an elevated Windows PowerShell prompt, and type the following commands: + ``` + Rename-Computer SRV1 + New-NetIPAddress –InterfaceAlias Ethernet –IPAddress 192.168.0.2 –PrefixLength 24 + ``` + + ## Appendix A: Configuring Hyper-V on Windows Server 2008 R2 From d13df64d6d0cde7364595dd6404ff27995d8ea59 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 22 Aug 2016 17:04:54 -0700 Subject: [PATCH 11/53] upd --- windows/deploy/windows-10-poc.md | 98 ++++++++++++++++++++++++-------- 1 file changed, 75 insertions(+), 23 deletions(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index fc857cd662..d56cc42bf7 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -256,7 +256,7 @@ The lab architecture is summarized in the following diagram: ![disk2vhd](images/convert.png) In this example, the source computer has two hard drives, C: and E: and a system reserved partition. The VHDX file (w7.vhdx) is being saved to a flash drive (F:) in the F:\VHD directory.
- **Note**: Disk2vhd can also save VHDs to local hard drives, even if they are the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those being converted. + >Disk2vhd can also save VHDs to local hard drives, even if they are the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those being converted. >If you have experience with Microsoft Virtual Machine Converter and prefer to use this tool instead of Disk2vhd, see [Appendix B: Microsoft Virtual Machine Converter](#appendix-b-microsoft-virtual-machine-converter). @@ -280,14 +280,14 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 New-VMSwitch -Name poc-internal -SwitchType Internal -Notes "PoC Network" New-VMSwitch -Name poc-external -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and $_.NdisPhysicalMedium -eq 14}).Name -Notes "PoC External" ``` - **Note**: Since an external virtual switch is associated to a physical NIC on the Hyper-V host, this NIC must be specified. If your Hyper-V host is dual-homed and both interfaces are up, the second command above will fail. In this case, you will need to edit the previous command and insert the specific value desired for the -NetAdapterName option (the name of the network interface you wish to use). + >Since an external virtual switch is associated to a physical NIC on the Hyper-V host, this NIC must be specified when adding the virtual switch. In the previous step, we attempt to automate this by filtering for active ethernet adapters. If your Hyper-V host is has multiple active ethernet adapters, this automation will not work and the second command above will fail. In this case, you will need to edit the command used to add the "poc-external" VM switch by inserting the specific value needed for the -NetAdapterName option (the name of the network interface you wish to use). 2. At the elevated Windows PowerShell prompt, type the following command to determine the megabytes of RAM that are currently available on the Hyper-V host: ``` (Get-Counter -Counter @("\Memory\Available MBytes")).countersamples.cookedvalue ``` - **Note**: On a Hyper-V host computer with 16 GB of RAM installed, 12,000 MB of RAM or greater should be available if the computer is not also running other applications. If the computer has less than 12,000 MB of available RAM, try closing applications to free up more memory. + >On a Hyper-V host computer with 16 GB of RAM installed, 12,000 MB of RAM or greater should be available if the computer is not also running other applications. If the computer has less than 12,000 MB of available RAM, try closing applications to free up more memory. 3. Determine the available memory for VMs by dividing the available RAM by 4. For example: @@ -297,24 +297,19 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 ``` In this example, VMs must use a maximum of 2700 MB of RAM so that you can run four VMs simultaneously. -4. At the elevated Windows PowerShell prompt, type the following command to create three new VMs. The fourth VM will be added later. **Important**: Replace the value of 2700MB in the first command below with the RAM value that you calculated in the previous step: +4. At the elevated Windows PowerShell prompt, type the following command to create three new VMs. The fourth VM will be added later. + >**Important**: Replace the value of 2700MB in the first command below with the RAM value that you calculated in the previous step: ``` $maxRAM = 2700MB New-VM –Name "2012R2-DC1" –VHDPath c:\vhd\2012R2-poc-1.vhd -SwitchName poc-internal Set-VMMemory -VMName "2012R2-DC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 - New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc-internal,poc-external + New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc-internal + Add-VMNetworkAdapter -VMName "2012R2-SRV1" -SwitchName "poc-external" Set-VMMemory -VMName "2012R2-SRV1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 New-VM –Name "PC1" –VHDPath c:\vhd\w7.vhdx -SwitchName poc-internal Set-VMMemory -VMName "PC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 ``` - -^^^^^^^ -Stopping right here for now. I need to change: -New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc-internal,poc-external ---this won't work as written. I need to figure out how to add a VM with two NICs, or add a NIC to an existing VM via PowerShell - - ### Configure Windows Server 2012 R2 VHDs 1. Open an elevated Windows PowerShell window on the Hyper-V host and start the first VM by typing the following command: @@ -333,7 +328,7 @@ New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc- Rename-Computer DC1 New-NetIPAddress –InterfaceAlias Ethernet –IPAddress 192.168.0.1 –PrefixLength 24 -DefaultGateway 192.168.0.2 ``` - **Note**: The default gateway will be added to a member server at 192.168.0.2 later in this guide. + >The default gateway will be added to a member server at 192.168.0.2 later in this guide. 5. Install the Active Directory Domain Services role by typing the following command at an elevated Windows PowerShell prompt: ``` @@ -343,7 +338,7 @@ New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc- 6. Before promoting the server to a Domain Controller, you must reboot so that the name change in step 3 above takes effect: ``` - shutdown /r + Restart-Computer ``` 7. When the VM has rebooted, sign in again and open an elevated Windows PowerShell prompt. Now you can promote the server to be a domain controller. The directory services restore mode password must be entered as a secure string: @@ -353,9 +348,10 @@ New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc- Install-ADDSForest -DomainName contoso.com -InstallDns -SafeModeAdministratorPassword $pass -Force ``` Ignore any warnings that are displayed. The computer will automatically reboot upon completion. -8. When the reboot has completed, sign in using the CONTOSO\Administrator account, open an elevated Windows PowerShell prompt, and use the following commands to add the DHCP Server role, authorize it in Active Directory, and supress the post-install alert: +8. When the reboot has completed, sign in using the CONTOSO\Administrator account, open an elevated Windows PowerShell prompt, and use the following commands to add a reverse lookup zone for the PoC network, add the DHCP Server role, authorize DHCP in Active Directory, and supress the post-DHCP-install alert: ``` + Add-DnsServerPrimaryZone -NetworkID "192.168.0.0/24" -ReplicationScope Forest Add-WindowsFeature -Name DHCP -IncludeManagementTools netsh dhcp add securitygroups Restart-Service DHCPServer @@ -367,7 +363,7 @@ New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc- Add-DhcpServerv4Scope -Name "PoC Scope" -StartRange 192.168.0.100 -EndRange 192.168.0.199 -SubnetMask 255.255.255.0 -Description "Windows 10 PoC" -State Active Set-DhcpServerv4OptionValue -ScopeId 192.168.0.0 -DnsDomain contoso.com -Router 192.168.0.2 -DnsServer 192.168.0.1,192.168.0.2 -Force ``` - **Note**: The -Force option is necessary when adding scope options to skip validation of 192.168.0.2 as a DNS server because we have not configured it yet. The scope should immediately begin issuing leases on the PoC network. The first DHCP lease that will be issued is to vEthernet interface on the Hyper-V host, which is a member of the internal network. + >The -Force option is necessary when adding scope options to skip validation of 192.168.0.2 as a DNS server because we have not configured it yet. The scope should immediately begin issuing leases on the PoC network. The first DHCP lease that will be issued is to vEthernet interface on the Hyper-V host, which is a member of the internal network. 10. Lastly, add a user account to the contoso.com domain that can be used with client computers: ``` New-ADUser -Name "User1" -UserPrincipalName user1 -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true @@ -381,14 +377,29 @@ New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc- Start-VM PC1 vmconnect localhost PC1 ``` -13. Sign on to the client VM using an account that has local administrator rights. **Note**:The client VM will be disconnected from its current domain, so you cannot use a domain account to sign on unless these credentials are cached and the use of cached credentials is permitted by Group Policy. If cached credentials are available and permitted, you can use these credentials to sign in. -14. After signing in, the operating system detects that it is running in a new environment. New drivers will be automatically installed, including the network adapter driver. The network adapter driver must be updated before you can proceed, so that you will be able to join the contoso.com domain. Depending on the resources allocated to the VM, this might take a few minutes. +13. Sign on to the client VM using an account that has local administrator rights.
+ >The client VM will be disconnected from its current domain, so you cannot use a domain account to sign on unless these credentials are cached and the use of cached credentials is permitted by Group Policy. If cached credentials are available and permitted, you can use these credentials to sign in. +14. After signing in, the operating system detects that it is running in a new environment. New drivers will be automatically installed, including the network adapter driver. The network adapter driver must be updated before you can proceed, so that you will be able to join the contoso.com domain. Depending on the resources allocated to the VM, installing the network adapter driver might take a few minutes. ![PoC](images/installing-drivers.png) -15. When the new network adapter driver has completed installation, you will receive an alert to set a network location for the contoso.com network. Select **Work network**. If you receive an alert that a restart is required, click **Restart Later**. -16. Open an elevated Windows PowerShell prompt on the client VM and verify that the client VM can communicate with the consoto.com domain controller. **Note**: If the client was configured with a static address, you must change this to a dynamic one: + >If the client was configured with a static address, you must change this to a dynamic one so that it can obtain a DHCP lease. + +15. When the new network adapter driver has completed installation, you will receive an alert to set a network location for the contoso.com network. Select **Work network** and then click **Close**. When you receive an alert that a restart is required, click **Restart Later**. +16. Open an elevated Windows PowerShell prompt on the client VM and verify that the client VM has received a DHCP lease and can communicate with the consoto.com domain controller. + ``` + ipconfig + + Windows IP Configuration + + Ethernet adapter Local Area Connection 3: + Connection-specific DNS Suffix . : contoso.com + Link-local IPv6 Address . . . . . : fe80::64c2:4d2a:7403:6e02%18 + Ipv4 Address. . . . . . . . . . . : 192.168.0.101 + Subnet Mask . . . . . . . . . . . : 255.255.255.0 + Default Gateway . . . . . . . . . : 192.168.0.2 + ping dc1.contoso.com Pingng dc1.contoso.com [192.168.0.1] with 32 bytes of data: @@ -409,13 +420,15 @@ New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc- ``` 17. From an elevated Windows PowerShell prompt, type the following commands to forcibly remove the computer from its previous domain, join the contoso.com domain, and then restart the computer: ``` - cmd /c start /B /W wmic /interactive:off ComputerSystem Where "Name='%computername%'" Call UnJoinDomainOrWorkgroup FUnjoinOptions=0 + (Get-WmiObject Win32_ComputerSystem).UnjoinDomainOrWorkgroup($null,$null,0) $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force $user = "contoso\administrator" $cred = New-Object System.Management.Automation.PSCredential($user,$pass) Add-Computer -DomainName contoso -Credential $cred - shutdown /r + Restart-Computer ``` + >The VM client is removed from its domain in this step while not connected to the corporate network so as to ensure the computer object in the corporate domain is unaffected. + 18. After the computer restarts, sign in to the contoso.com domain with the (user1) account you created in step 8. 19. Minimize the client VM and but do not turn it off while the second Windows Server 2012 R2 VM is configured. This ensures that the Hyper-V host has enough resources to run all VMs simultaneously. Next, the member server VM will be started, joined to the contoso.com domain, and configured with RRAS and DNS services. 20. On the Hyper-V host computer at an elevated Windows PowerShell prompt, type the following commands: @@ -424,11 +437,50 @@ New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc- vmconnect localhost 2012R2-SRV1 ``` 21. Accept the default settings, read license terms and accept them, provide an administrator password of **pass@word1**, and click **Finish**. When you are prompted about finding PCs, devices, and content on the network, click **Yes**. -22. Sign in to the member server VM using the Administrator account, open an elevated Windows PowerShell prompt, and type the following commands: +22. Sign in to the member server VM using the administrator account, open an elevated Windows PowerShell prompt, and type the following commands: ``` Rename-Computer SRV1 New-NetIPAddress –InterfaceAlias Ethernet –IPAddress 192.168.0.2 –PrefixLength 24 + Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.0.1,192.168.0.2 + $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force + $user = "contoso\administrator" + $cred = New-Object System.Management.Automation.PSCredential($user,$pass) + Add-Computer -DomainName contoso -Credential $cred + Restart-Computer ``` +23. Sign in to the contoso.com domain on the member server VM using the domain administrator account, open an elevated Windows PowerShell prompt, and type the following commands: + ``` + Install-WindowsFeature -Name DNS -IncludeManagementTools + Install-WindowsFeature -Name Routing -IncludeManagementTools + Install-RemoteAccess -VpnType Vpn + cmd /c netsh routing ip nat install + cmd /c netsh routing ip nat add interface name="Ethernet 2" mode=FULL + cmd /c netsh routing ip nat add interface name="Ethernet" mode=PRIVATE + cmd /c netsh routing ip nat add interface name="Internal" mode=PRIVATE + ``` + > The previous commands assume that network interfaces were added to the VM in the order specified by this guide, which results in an interface alias of "Ethernet" for the private interface and an interface alias of "Ethernet 2" for the public interface. If the interfaces on your VM are not named the same, you must adjust these commands appropriately. + + To view a list of interfaces and their associated interface aliases on the VM, you use the Get-NetAdapter cmdlet. See the following example: + + ``` + Get-NetAdapter + + Name InterfaceDescription ifIndex Status MacAddress LinkSpeed + ---- -------------------- ------- ------ ---------- --------- + Ethernet 2 Microsoft Hyper-V Network Adapter #2 14 Up 00-15-5D-83-26-06 1 Gbps + Ethernet Microsoft Hyper-V Network Adapter 12 Up 00-15-5D-83-26-05 10 Gbps + ``` +24. The DNS server role was installed on the member server VM so that we can forward from the DC to the member server to resolve Internet names without having to configure a forwarder outside the PoC network. The last step to configure network services on the PoC network is to add this forwarder. To add a server-level DNS forwarder on the DC, type the following command at an elevated command prompt on the domain controller VM: + ``` + Add-DnsServerForwarder -IPAddress 192.168.0.2 + ``` +25. If your corporate network has a firewall that filters recursive DNS queries, you might be forced to configure a DNS forwarder outside the PoC network in order to resolve Internet names. To do this, open an elevated Windows PowerShell prompt on the member server VM and type the following commands: + ``` + Add-DnsServerForwarder -IPAddress (Get-DnsClientServerAddress -InterfaceAlias "Ethernet 2").ServerAddresses + ``` +26. Verify that all three VMs on the PoC network can reach the Internet. + +## Install tools From c16ed0b09a6b3ff3af8ffa7909ae202e8178e141 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 23 Aug 2016 10:52:08 -0700 Subject: [PATCH 12/53] upd --- windows/deploy/windows-10-poc.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index d56cc42bf7..7439ce314c 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -479,6 +479,11 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 Add-DnsServerForwarder -IPAddress (Get-DnsClientServerAddress -InterfaceAlias "Ethernet 2").ServerAddresses ``` 26. Verify that all three VMs on the PoC network can reach the Internet. +27. Because the client computer has different hardware after coping it to a VM, its Windows activation will be invalidated and you might receive a message that you must activate Windows in 3 days. To extend this period to 30 days, type the following commands at an elevated Windows PowerShell prompt on the client VM: + ``` + slmgr -rearm + Restart-Computer + ``` ## Install tools From f93012c4991da9f8c547c2d27a366df93bdcfc21 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 25 Aug 2016 10:55:56 -0700 Subject: [PATCH 13/53] upd --- windows/deploy/windows-10-poc.md | 154 +++++++++++++++++-------------- 1 file changed, 84 insertions(+), 70 deletions(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 7439ce314c..99c169f0b3 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -18,50 +18,17 @@ author: greg-lindsay This guide provides step-by-step instructions for configuring a proof of concept (PoC) environment where you can deploy Windows 10. The PoC enviroment is configured using Hyper-V and a minimum amount of resources. Detailed steps are provided for setting up the test lab, and for deploying Windows 10 under common scenarios with current deployment tools. -The following topics are available in this guide: +The following topics and procedures are provided in this guide: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TopicDescription
[Overview of procedures](#overview-of-procedures)A list of procedures provided in this guide.
[Hardware and software requirements](#hardware-and-software-requirements)Prerequisites to complete this guide.
[Lab setup](#lab-setup)A diagram of the PoC environment.
[Configure the PoC environment](#configure-the-poc-environment)Step by step instructions to configure the PoC environment.
[Step by step: Deploy Windows 10](#windows-10-poc-guides)Detailed, step by step instructions to demonstrate a Windows 10 deployment.
[Appendix A: Configuring Hyper-V settings on 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2)Instructions for configuring a Hyper-V host on Windows Server 2008 R2.
- -## Overview of procedures - -The following procedures are documented in this guide: - -1. Configure an internal network on a Hyper-V host computer. -2. Download a Windows Server evaluation VHD for use in the lab. -3. Convert a physical computer to VHD using the Disk2vhd utility. -4. Download a Windows 10 Enterprise evaluation .iso file. -5. Configure Windows Server virtual machines. -6. Download and install tools. -7. Upgrade the client VM to Windows 10 Enterprise. +- [Hardware and software requirements](#hardware-and-software-requirements): Prerequisites to complete this guide.
+- [Lab setup](#lab-setup): A description and diagram of the PoC environment that is configured.
+- [Configure the PoC environment](#configure-the-poc-environment): Step by step guidance for the following procedures: + - [Verify support and install Hyper-V](#verify-support-and-install-hyper-v): Verify that installation of Hyper-V is supported, and install the Hyper-V server role. + - [Download VHD and ISO files](#download-vhd-and-iso-files): Download evaluation versions of Windows Server 2012 R2 and Windows 10 and prepare these files to be used on the Hyper-V host. + - [Convert PC to VHD](#convert-pc-to-vhd): Convert a physical computer on your network to a VHDX file and prepare it to be used on the Hyper-V host. + - [Configure Hyper-V](#configure-hyper-v): Create virtual switches, determine available RAM for virtual machines, and add virtual machines. + - [Configure VHDs](#configure-vhds): Start virtual machines and configure all services and settings. + - [Verify the configuration (optional)](#verify-the-configuration-optional): Verify network connectivity and services in the PoC environment. ## Hardware and software requirements @@ -302,11 +269,11 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 ``` $maxRAM = 2700MB - New-VM –Name "2012R2-DC1" –VHDPath c:\vhd\2012R2-poc-1.vhd -SwitchName poc-internal - Set-VMMemory -VMName "2012R2-DC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 - New-VM –Name "2012R2-SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc-internal - Add-VMNetworkAdapter -VMName "2012R2-SRV1" -SwitchName "poc-external" - Set-VMMemory -VMName "2012R2-SRV1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 + New-VM –Name "DC1" –VHDPath c:\vhd\2012R2-poc-1.vhd -SwitchName poc-internal + Set-VMMemory -VMName "DC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 + New-VM –Name "SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc-internal + Add-VMNetworkAdapter -VMName "SRV1" -SwitchName "poc-external" + Set-VMMemory -VMName "SRV1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 New-VM –Name "PC1" –VHDPath c:\vhd\w7.vhdx -SwitchName poc-internal Set-VMMemory -VMName "PC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 ``` @@ -315,18 +282,19 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 1. Open an elevated Windows PowerShell window on the Hyper-V host and start the first VM by typing the following command: ``` - Start-VM 2012R2-DC1 + Start-VM DC1 ``` 2. Wait for the VM to complete starting up, and then connect to it either using the Hyper-V Manager console (virtmgmt.msc) or using an elevated command prompt on the Hyper-V host: ``` - vmconnect localhost 2012R2-DC1 + vmconnect localhost DC1 ``` 3. Accept the default settings, read license terms and accept them, provide an administrator password of **pass@word1**, and click **Finish**. -4. If the VM is configured as described in this guide, it will currently be assigned an APIPA address, have a randomly generated hostname, and a single network adapter named "Ethernet." At an elevated Windows PowerShell prompt on the VM, type the following commands to provide a new hostname and configure a static IP address and gateway: +4. If DC1 is configured as described in this guide, it will currently be assigned an APIPA address, have a randomly generated hostname, and a single network adapter named "Ethernet." At an elevated Windows PowerShell prompt on DC1, type the following commands to provide a new hostname and configure a static IP address and gateway: ``` Rename-Computer DC1 New-NetIPAddress –InterfaceAlias Ethernet –IPAddress 192.168.0.1 –PrefixLength 24 -DefaultGateway 192.168.0.2 + Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.0.1,192.168.0.2 ``` >The default gateway will be added to a member server at 192.168.0.2 later in this guide. 5. Install the Active Directory Domain Services role by typing the following command at an elevated Windows PowerShell prompt: @@ -335,13 +303,13 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 Install-WindowsFeature -Name AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools ``` -6. Before promoting the server to a Domain Controller, you must reboot so that the name change in step 3 above takes effect: +6. Before promoting DC1 to a Domain Controller, you must reboot so that the name change in step 3 above takes effect: ``` Restart-Computer ``` -7. When the VM has rebooted, sign in again and open an elevated Windows PowerShell prompt. Now you can promote the server to be a domain controller. The directory services restore mode password must be entered as a secure string: +7. When DC1 has rebooted, sign in again and open an elevated Windows PowerShell prompt. Now you can promote the server to be a domain controller. The directory services restore mode password must be entered as a secure string: ``` $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force @@ -368,25 +336,25 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 ``` New-ADUser -Name "User1" -UserPrincipalName user1 -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true ``` -11. Minimize the 2012-DC1 VM window but **do not stop** the VM. +11. Minimize the DC1 VM window but **do not stop** the VM. Next, the client VM will be started and joined to the contoso.com domain. This is done before adding a gateway to the PoC network so that there is no danger of duplicate DNS registrations for the physical client and its cloned VM in the corporate domain. -12. Using an elevated Windows PowerShell prompt on the Hyper-V host, start the client VM, and connect to it: +12. Using an elevated Windows PowerShell prompt on the Hyper-V host, start the client VM (PC1), and connect to it: ``` Start-VM PC1 vmconnect localhost PC1 ``` -13. Sign on to the client VM using an account that has local administrator rights.
- >The client VM will be disconnected from its current domain, so you cannot use a domain account to sign on unless these credentials are cached and the use of cached credentials is permitted by Group Policy. If cached credentials are available and permitted, you can use these credentials to sign in. -14. After signing in, the operating system detects that it is running in a new environment. New drivers will be automatically installed, including the network adapter driver. The network adapter driver must be updated before you can proceed, so that you will be able to join the contoso.com domain. Depending on the resources allocated to the VM, installing the network adapter driver might take a few minutes. +13. Sign on to PC1 using an account that has local administrator rights.
+ >PC1 will be disconnected from its current domain, so you cannot use a domain account to sign on unless these credentials are cached and the use of cached credentials is permitted by Group Policy. If cached credentials are available and permitted, you can use these credentials to sign in. +14. After signing in, the operating system detects that it is running in a new environment. New drivers will be automatically installed, including the network adapter driver. The network adapter driver must be updated before you can proceed, so that you will be able to join the contoso.com domain. Depending on the resources allocated to PC1, installing the network adapter driver might take a few minutes. ![PoC](images/installing-drivers.png) >If the client was configured with a static address, you must change this to a dynamic one so that it can obtain a DHCP lease. 15. When the new network adapter driver has completed installation, you will receive an alert to set a network location for the contoso.com network. Select **Work network** and then click **Close**. When you receive an alert that a restart is required, click **Restart Later**. -16. Open an elevated Windows PowerShell prompt on the client VM and verify that the client VM has received a DHCP lease and can communicate with the consoto.com domain controller. +16. Open an elevated Windows PowerShell prompt on PC1 and verify that the client VM has received a DHCP lease and can communicate with the consoto.com domain controller. ``` ipconfig @@ -427,14 +395,14 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 Add-Computer -DomainName contoso -Credential $cred Restart-Computer ``` - >The VM client is removed from its domain in this step while not connected to the corporate network so as to ensure the computer object in the corporate domain is unaffected. + >PC1 is removed from its domain in this step while not connected to the corporate network so as to ensure the computer object in the corporate domain is unaffected. We have not also renamed PC1 to "PC1" here so that it maintains some of its mirrored identity. However, if desired you can also rename the computer. -18. After the computer restarts, sign in to the contoso.com domain with the (user1) account you created in step 8. -19. Minimize the client VM and but do not turn it off while the second Windows Server 2012 R2 VM is configured. This ensures that the Hyper-V host has enough resources to run all VMs simultaneously. Next, the member server VM will be started, joined to the contoso.com domain, and configured with RRAS and DNS services. +18. After PC1 restarts, sign in to the contoso.com domain with the (user1) account you created in step 8. +19. Minimize the PC1 window but do not turn it off while the second Windows Server 2012 R2 VM (SRV1) is configured. This ensures that the Hyper-V host has enough resources to run all VMs simultaneously. Next, SRV1 will be started, joined to the contoso.com domain, and configured with RRAS and DNS services. 20. On the Hyper-V host computer at an elevated Windows PowerShell prompt, type the following commands: ``` - Start-VM 2012R2-SRV1 - vmconnect localhost 2012R2-SRV1 + Start-VM SRV1 + vmconnect localhost SRV1 ``` 21. Accept the default settings, read license terms and accept them, provide an administrator password of **pass@word1**, and click **Finish**. When you are prompted about finding PCs, devices, and content on the network, click **Yes**. 22. Sign in to the member server VM using the administrator account, open an elevated Windows PowerShell prompt, and type the following commands: @@ -448,7 +416,7 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 Add-Computer -DomainName contoso -Credential $cred Restart-Computer ``` -23. Sign in to the contoso.com domain on the member server VM using the domain administrator account, open an elevated Windows PowerShell prompt, and type the following commands: +23. Sign in to the contoso.com domain on SRV1 using the domain administrator account, open an elevated Windows PowerShell prompt, and type the following commands: ``` Install-WindowsFeature -Name DNS -IncludeManagementTools Install-WindowsFeature -Name Routing -IncludeManagementTools @@ -458,7 +426,7 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 cmd /c netsh routing ip nat add interface name="Ethernet" mode=PRIVATE cmd /c netsh routing ip nat add interface name="Internal" mode=PRIVATE ``` - > The previous commands assume that network interfaces were added to the VM in the order specified by this guide, which results in an interface alias of "Ethernet" for the private interface and an interface alias of "Ethernet 2" for the public interface. If the interfaces on your VM are not named the same, you must adjust these commands appropriately. + >The previous commands assume that network interfaces were added to the SRV1 VM in the order specified by this guide, resulting in an interface alias of "Ethernet" for the private interface and an interface alias of "Ethernet 2" for the public interface. If the interfaces on SRV1 are not named the same, you must adjust these commands appropriately. To view a list of interfaces and their associated interface aliases on the VM, you use the Get-NetAdapter cmdlet. See the following example: @@ -470,24 +438,70 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 Ethernet 2 Microsoft Hyper-V Network Adapter #2 14 Up 00-15-5D-83-26-06 1 Gbps Ethernet Microsoft Hyper-V Network Adapter 12 Up 00-15-5D-83-26-05 10 Gbps ``` -24. The DNS server role was installed on the member server VM so that we can forward from the DC to the member server to resolve Internet names without having to configure a forwarder outside the PoC network. The last step to configure network services on the PoC network is to add this forwarder. To add a server-level DNS forwarder on the DC, type the following command at an elevated command prompt on the domain controller VM: +24. The DNS server role was installed on SRV1 so that we can forward DNS queries from DC1 to SRV1 to resolve Internet names without having to configure a forwarder outside the PoC network. The last step to configure network services on the PoC network is to add this DNS forwarder. To add a server-level DNS forwarder on DC1, type the following command at an elevated command prompt on DC1: ``` Add-DnsServerForwarder -IPAddress 192.168.0.2 ``` -25. If your corporate network has a firewall that filters recursive DNS queries, you might be forced to configure a DNS forwarder outside the PoC network in order to resolve Internet names. To do this, open an elevated Windows PowerShell prompt on the member server VM and type the following commands: +25. If your corporate network has a firewall that filters recursive DNS queries, you might be forced to configure a DNS forwarder outside the PoC network in order to resolve Internet names. To do this, open an elevated Windows PowerShell prompt on SRV1 and type the following commands: ``` Add-DnsServerForwarder -IPAddress (Get-DnsClientServerAddress -InterfaceAlias "Ethernet 2").ServerAddresses ``` 26. Verify that all three VMs on the PoC network can reach the Internet. -27. Because the client computer has different hardware after coping it to a VM, its Windows activation will be invalidated and you might receive a message that you must activate Windows in 3 days. To extend this period to 30 days, type the following commands at an elevated Windows PowerShell prompt on the client VM: +27. Because the client computer has different hardware after coping it to a VM, its Windows activation will be invalidated and you might receive a message that you must activate Windows in 3 days. To extend this period to 30 days, type the following commands at an elevated Windows PowerShell prompt on PC1: ``` slmgr -rearm Restart-Computer ``` -## Install tools +## Verify the configuration (optional) +Use the following procedures to verify that the PoC environment is configured properly and working as expected. +1. On DC1, open an elevated Windows PowerShell prompt and type the following commands: + + ``` + Get-Service NTDS,DNS,DHCP + DCDiag -a + Get-DnsServerResourceRecord -ZoneName contoso.com -RRType A + Get-DnsServerForwarder + Resolve-DnsName -Server dc1.contoso.com -Name www.microsoft.com + Get-DhcpServerInDC + Get-DhcpServerv4Statistics + ipconfig /all + ``` + **Get-Service** displays a status of "Running" for all three services.
+ **DCDiag** displays "passed test" for all tests.
+ **Get-DnsServerResourceRecord** displays the correct DNS address records for DC1, SRV1, and the computername of PC1. Additional address records for the zone apex (@), DomainDnsZones, and ForestDnsZones will also be registered.
+ **Get-DnsServerForwarder** displays a single forwarder of 192.168.0.2.
+ **Resolve-DnsName** displays public IP address results for www.microsoft.com.
+ **Get-DhcpServerInDC** displays 192.168.0.1, dc1.contoso.com.
+ **Get-DhcpServerv4Statistics** displays 1 scope with 2 addresses in use (these belong to PC1 and the Hyper-V host).
+ **ipconfig** displays a primary DNS suffix and suffix search list of contoso.com, IP address of 192.168.0.1, subnet mask of 255.255.255.0, default gateway of 192.168.0.2, and DNS server addresses of 192.168.0.1 and 192.168.0.2. + +2. On SRV1, open an elevated Windows PowerShell prompt and type the following commands: + + ``` + Get-Service DNS,RemoteAccess + Get-DnsServerForwarder + Resolve-DnsName -Server dc1.contoso.com -Name www.microsoft.com + ipconfig /all + netsh int ipv4 show address + ``` + **Get-Service** displays a status of "Running" for both services.
+ **Get-DnsServerForwarder** either displays no forwarders, or displays a list of forwarders you are required to use so that SRV1 can resolve Internet names.
+ **Resolve-DnsName** displays public IP address results for www.microsoft.com.
+ **ipconfig** displays a primary DNS suffix of contoso.com. The suffix search list contains contoso.com and your corporate domain. Two ethernet adapters are shown: Ethernet adapter "Ethernet" has an IP addresses of 192.168.0.2, subnet mask of 255.255.255.0, no default gateway, and DNS server addresses of 192.168.0.1 and 192.168.0.2. Ethernet adapter "Ethernet 2" has an IP address, subnet mask, and default gateway configured by DHCP on your corporate network. + **netsh** displays three interfaces on the computer: interface "Ethernet 2" with DHCP enabled = Yes and IP address assigned by your corporate network, interface "Ethernet" with DHCP enabled = No and IP address of 192.168.0.2, and interface "Loopback Pseudo-Interface 1" with IP address of 127.0.0.1. + +3. On PC1, open an elevated Windows PowerShell prompt and type the following commands: + + ``` + whoami + hostname + nslookup www.microsoft.com + ping -n 1 dc1.contoso.com + + ``` ## Appendix A: Configuring Hyper-V on Windows Server 2008 R2 From 80529bb3b692430a6d7644c7b885e859e76567ac Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 25 Aug 2016 14:23:25 -0700 Subject: [PATCH 14/53] upd --- windows/deploy/windows-10-poc.md | 114 ++++++++++++++++--------------- 1 file changed, 59 insertions(+), 55 deletions(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 99c169f0b3..520619085c 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -14,9 +14,14 @@ author: greg-lindsay - Windows 10 +**Are you interested** in upgrading to Windows 10 ...but are not sure how some devices and apps will be affected?
+**Did you know** that you can test drive Windows 10 and check out the upgrade process for free without having to actually upgrade any production devices? + +If you have a computer running Windows 8 or a later OS with 16GB of RAM, you have everything you need to quickly set up a Windows 10 test lab. You can even clone computers from your network and see exactly what happens when they are upgraded to Windows 10. To see how, keep reading. + ## In this guide -This guide provides step-by-step instructions for configuring a proof of concept (PoC) environment where you can deploy Windows 10. The PoC enviroment is configured using Hyper-V and a minimum amount of resources. Detailed steps are provided for setting up the test lab, and for deploying Windows 10 under common scenarios with current deployment tools. +This guide provides step-by-step instructions for configuring a proof of concept (PoC) environment where you can deploy Windows 10. The PoC enviroment is configured using Hyper-V and a minimum amount of resources. Simple to use Windows PowerShell commands are provided for setting up the test lab. The following topics and procedures are provided in this guide: @@ -28,7 +33,15 @@ The following topics and procedures are provided in this guide: - [Convert PC to VHD](#convert-pc-to-vhd): Convert a physical computer on your network to a VHDX file and prepare it to be used on the Hyper-V host. - [Configure Hyper-V](#configure-hyper-v): Create virtual switches, determine available RAM for virtual machines, and add virtual machines. - [Configure VHDs](#configure-vhds): Start virtual machines and configure all services and settings. - - [Verify the configuration (optional)](#verify-the-configuration-optional): Verify network connectivity and services in the PoC environment. + +The following optional topics are also available: +- [Appendix A: Configuring Hyper-V on Windows Server 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2): Steps to configure a Hyper-V host running Windows Server 2008 R2. +- [Appendix B: Verify the configuration](#verify-the-configuration): Verify and troubleshoot network connectivity and services in the PoC environment. + +When you have completed the steps in this guide, see the following guides for step by step instructions to deploy Windows 10 using the PoC environment under common scenarios with current deployment tools: + +- [Deploy Windows 10 in a test lab using MDT](windows-10-poc-mdt.md) +- [Deploy Windows 10 in a test lab using System Center](windows-10-poc-sccm.md) ## Hardware and software requirements @@ -453,7 +466,50 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 Restart-Computer ``` -## Verify the configuration (optional) + + +## Appendix A: Configuring Hyper-V on Windows Server 2008 R2 + +If your Hyper-V host is running Windows Server 2008 R2, you can use the Hyper-V manager interface to configure Hyper-V, or you can use Hyper-V WMI. Some instructions to configure Hyper-V using WMI are also included in this section for convenience. + +For more information about the Hyper-V Manager interface in Windows Server 2008 R2, see [Hyper-V](https://technet.microsoft.com/library/cc730764.aspx) in the Windows Server TechNet Library. + +To install Hyper-V on Windows Server 2008 R2, use the Add-WindowsFeature cmdlet: + +``` +Add-WindowsFeature -Name Hyper-V +``` +Use the following Windows PowerShell commands to create a virtual switch on Windows Server 2008 R2: + +``` +$SwitchFriendlyName = "poc-internal" +$InternalEthernetPortFriendlyName = $SwitchFriendlyName +$InternalSwitchPortFriendlyName = "poc" +$SwitchName = [guid]::NewGuid().ToString() +$InternalSwitchPortName = [guid]::NewGuid().ToString() +$InternalEthernetPortName = [guid]::NewGuid().ToString() +$NumLearnableAddresses = 1024 +$ScopeOfResidence = "" +$VirtualSwitchManagementService = gwmi Msvm_VirtualSwitchManagementService -namespace "root\virtualization" +$Result = $VirtualSwitchManagementService.CreateSwitch($SwitchName, $SwitchFriendlyName, $NumLearnableAddresses, $ScopeOfResidence) +$Switch = [WMI]$Result.CreatedVirtualSwitch +$Result = $VirtualSwitchManagementService.CreateSwitchPort($Switch, $InternalSwitchPortName, $InternalSwitchPortFriendlyName, $ScopeOfResidence) +$InternalSwitchPort = [WMI]$Result.CreatedSwitchPort +$Result = $VirtualSwitchManagementService.CreateInternalEthernetPortDynamicMac($InternalEthernetPortName, $InternalEthernetPortFriendlyName) +$InternalEthernetPort = [WMI]$Result.CreatedInternalEthernetPort +$query = "Associators of {$InternalEthernetPort} Where ResultClass=CIM_LanEndpoint" +$InternalLanEndPoint = gwmi -namespace root\virtualization -query $query +$Result = $VirtualSwitchManagementService.ConnectSwitchPort($InternalSwitchPort, $InternalLanEndPoint) +$filter = "SettingID='" + $InternalEthernetPort.DeviceID +"'" +$NetworkAdapterConfiguration = gwmi Win32_NetworkAdapterConfiguration -filter $filter +``` + +Use the following Windows PowerShell commands to add VMs on Windows Server 2008 R2: + +``` +command here +``` +## Appendix B: Verify the configuration Use the following procedures to verify that the PoC environment is configured properly and working as expected. @@ -502,58 +558,6 @@ Use the following procedures to verify that the PoC environment is configured pr ping -n 1 dc1.contoso.com ``` - -## Appendix A: Configuring Hyper-V on Windows Server 2008 R2 - -If your Hyper-V host is running Windows Server 2008 R2, you can use the Hyper-V manager interface to configure Hyper-V, or you can use Hyper-V WMI. Some instructions to configure Hyper-V using WMI are also included in this section for convenience. - -For more information about the Hyper-V Manager interface in Windows Server 2008 R2, see [Hyper-V](https://technet.microsoft.com/library/cc730764.aspx) in the Windows Server TechNet Library. - -To install Hyper-V on Windows Server 2008 R2, use the Add-WindowsFeature cmdlet: - -``` -Add-WindowsFeature -Name Hyper-V -``` -Use the following Windows PowerShell commands to create a virtual switch on Windows Server 2008 R2: - -``` -$SwitchFriendlyName = "poc-internal" -$InternalEthernetPortFriendlyName = $SwitchFriendlyName -$InternalSwitchPortFriendlyName = "poc" -$SwitchName = [guid]::NewGuid().ToString() -$InternalSwitchPortName = [guid]::NewGuid().ToString() -$InternalEthernetPortName = [guid]::NewGuid().ToString() -$NumLearnableAddresses = 1024 -$ScopeOfResidence = "" -$VirtualSwitchManagementService = gwmi Msvm_VirtualSwitchManagementService -namespace "root\virtualization" -$Result = $VirtualSwitchManagementService.CreateSwitch($SwitchName, $SwitchFriendlyName, $NumLearnableAddresses, $ScopeOfResidence) -$Switch = [WMI]$Result.CreatedVirtualSwitch -$Result = $VirtualSwitchManagementService.CreateSwitchPort($Switch, $InternalSwitchPortName, $InternalSwitchPortFriendlyName, $ScopeOfResidence) -$InternalSwitchPort = [WMI]$Result.CreatedSwitchPort -$Result = $VirtualSwitchManagementService.CreateInternalEthernetPortDynamicMac($InternalEthernetPortName, $InternalEthernetPortFriendlyName) -$InternalEthernetPort = [WMI]$Result.CreatedInternalEthernetPort -$query = "Associators of {$InternalEthernetPort} Where ResultClass=CIM_LanEndpoint" -$InternalLanEndPoint = gwmi -namespace root\virtualization -query $query -$Result = $VirtualSwitchManagementService.ConnectSwitchPort($InternalSwitchPort, $InternalLanEndPoint) -$filter = "SettingID='" + $InternalEthernetPort.DeviceID +"'" -$NetworkAdapterConfiguration = gwmi Win32_NetworkAdapterConfiguration -filter $filter -``` - -Use the following Windows PowerShell commands to add VMs on Windows Server 2008 R2: - -``` -command here -``` - -## Appendix B: Microsoft Virtual Machine Converter - -You can also use [Microsoft Virtual Machine Converter](https://www.microsoft.com/en-us/download/details.aspx?id=42497) (MVMC) to create VHDs from a physical computer. The MVMC utility has enhanced functionality compared to the Disk2vhd utility in that it can be run from any network location, enables you to specify both a remote source computer and remote destination Hyper-V host, and automatically configures and installs the VM on the Hyper-V host. However, MVMC requires that the destination Hyper-V host be running the BITS compact server service, which is only available on Windows Server operating systems. Therefore, you cannot use MVMC if Hyper-V is running on Windows 8 or Windows 10. If you choose to use the MVMC utility instead of disk2vhd, complete the steps in the [Configure Hyper-V](#configure-hyper-v) section first so that you can specify a virtual switch and allocate RAM appropriately to the destination VM when asked to specify these parameters in the MVMC utility. - -## Windows 10 PoC guides - -- [Step by step: Deploy Windows 10 PoC with System Center Configuration Manager](windows-10-poc-sccm.md) -- [Step by step: Deploy Windows 10 PoC with the Microsoft Deployment Toolkit](windows-10-poc-mdt.md) - ## Related Topics [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) From ca08f33d9e9781668b96d2c1e20d93f8d9aa02c3 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 25 Aug 2016 16:16:20 -0700 Subject: [PATCH 15/53] upd --- windows/deploy/windows-10-poc-mdt.md | 19 +++++++++++++++++++ windows/deploy/windows-10-poc.md | 2 +- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/windows/deploy/windows-10-poc-mdt.md b/windows/deploy/windows-10-poc-mdt.md index 04cb2496e2..ee4760dc1b 100644 --- a/windows/deploy/windows-10-poc-mdt.md +++ b/windows/deploy/windows-10-poc-mdt.md @@ -14,8 +14,27 @@ author: greg-lindsay - Windows 10 +**Important**: This guide leverages the proof of concept (PoC) environment configured using procedrues in [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md). Please complete all steps in the prerequisite guide before attempting the procedures in this guide. + +The PoC environment is a virtual network running on Hyper-V with three virtual machines: +- **DC1**: A contoso.com domain controller, DNS server, and DHCP server. +- **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network. +- **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been cloned from a physical computer on your corporate network for testing purposes. + ## In this guide +Yadda yadda + +## Install the Microsoft Deployment Toolkit (MDT) + +1. Temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt on SRV1: + ``` + $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" + Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0 + Stop-Process -Name Explorer + ``` +2. Download and install the 64-bit version of [Microsoft Deployment Toolkit (MDT) 2013 Update 2](https://www.microsoft.com/en-us/download/details.aspx?id=50407) on SRV1. + ## Related Topics   diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 520619085c..2e48f82a36 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -120,7 +120,7 @@ The lab architecture is summarized in the following diagram: ![PoC](images/poc.png) **Note**: ->If you have an existing Hyper-V host, you can use this host if desired and skip the Hyper-V installation section in this guide. If your Hyper-V host is running Windows Server 2008 R2, you must enable PowerShell functionality to complete the steps in this guide. +>If you have an existing Hyper-V host, you can use this host if desired and skip the Hyper-V installation section in this guide. >The two Windows Server VMs can be combined into a single VM to conserve RAM and disk space if required. However, instructions in this guide assume two server systems are used. Using two servers enables Active Directory Domain Services and DHCP to be installed on a server that is not directly connected to the corporate network. This mitigates the risk of clients on the corporate network receiving DHCP leases from the PoC network (i.e. "rogue" DHCP), and limits NETBIOS service broadcasts to the corporate network. From 1ca29adc6d6c4897e3fef5873499f14f3f88af3b Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 31 Aug 2016 10:37:22 -0700 Subject: [PATCH 16/53] stuff --- windows/deploy/windows-10-poc-mdt.md | 291 ++++++++++++++++++++++++++- windows/deploy/windows-10-poc.md | 1 + 2 files changed, 291 insertions(+), 1 deletion(-) diff --git a/windows/deploy/windows-10-poc-mdt.md b/windows/deploy/windows-10-poc-mdt.md index ee4760dc1b..7d53b5e1bd 100644 --- a/windows/deploy/windows-10-poc-mdt.md +++ b/windows/deploy/windows-10-poc-mdt.md @@ -14,7 +14,7 @@ author: greg-lindsay - Windows 10 -**Important**: This guide leverages the proof of concept (PoC) environment configured using procedrues in [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md). Please complete all steps in the prerequisite guide before attempting the procedures in this guide. +**Important**: This guide leverages the proof of concept (PoC) environment configured using procedures in [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md). Please complete all steps in the prerequisite guide before attempting the procedures in this guide. The PoC environment is a virtual network running on Hyper-V with three virtual machines: - **DC1**: A contoso.com domain controller, DNS server, and DHCP server. @@ -35,6 +35,295 @@ Yadda yadda ``` 2. Download and install the 64-bit version of [Microsoft Deployment Toolkit (MDT) 2013 Update 2](https://www.microsoft.com/en-us/download/details.aspx?id=50407) on SRV1. +3. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) on SRV1 using the default installation settings. + +3. Re-enable IE Enhanced Security Configuration: + ``` + Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 1 + Stop-Process -Name Explorer + ``` +>Alternatively, you can download the MDT and ADK installation files on the Hyper-V host, and then copy or share these files to SRV1. + +## Create a deployment share + +1. In [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md) the Windows 10 Enterprise .iso file was saved to the c:\VHD directory as **c:\VHD\w10-enterprise.iso**. The first step in creating a deployment share is to mount this file on SRV1. We can use PowerShell on the Hyper-V host to do this. To mount the Windows 10 Enterprise DVD on SRV1, open an elevated Windows PowerShell prompt on the Hyper-V host computer and type the following command: + ``` + Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\w10-enterprise.iso + ``` +2. Connect to SRV1 and verify that the Windows Enterprise installation DVD is mounted as the D:\ drive. + +3. The Windows 10 Enterprise installation files will be used to create a deployment share on SRV1 using the MDT deployment workbench. To open the deployment workbench, click Start, type deployment, and then click Deployment Workbench. + +4. In the Deployment Workbench console, right-click Deployment Shares and select New Deployment Share. + +5. Use the following settings for the New Deployment Share Wizard: + - Deployment share path: **C:\MDTBuildLab**
+ - Share name: **MDTBuildLab$**
+ - Deployment share description: **MDT build lab**
+ - Options: click **Next** to accept the default
+ - Summary: click **Next**
+ - Progress: settings will be applied
+ - Confirmation: click **Finish** + +6. Expand the Deployment Shares node, and then expand MDT build lab. + +7. Right-click the Operating Systems node, and then click New Folder. Name the new folder **Windows 10**. + +7. Right-click the Windows 10 folder created in the previous step, and then click **Import Operating System**. + +8. Use the following settings for the Import Operating System Wizard: + - OS Type: **Full set of source files**
+ - Source: **D:\\**
+ - Destination: **W10Ent_x64**
+ - Summary: click **Next** + - Confirmation: click **Finish** + +9. For purposes of this test lab, we will not add applications (such as Microsoft Office) to the deployment share. If you wish to add applications before proceeding, see the [Add applications](https://technet.microsoft.com/en-us/itpro/windows/deploy/create-a-windows-10-reference-image#sec03) section of the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) topic in the TechNet library. + +10. The next step is to create a task sequence to reference the operating system that was imported. To create a task sequence, right-click the Task Sequences node and then click New Task Sequence. Use the following settings for the New Task Sequence Wizard: + - Task sequence ID: **REFW10X64-001**
+ - Task sequence name: **Windows 10 Enterprise x64 Default Image**
+ - Task sequence comments: **Reference Build**
+ - Template: **Standard Client Task Sequence** + - Select OS: click **Windows 10 Enterprise Evaluation in W10Ent_x64 install.wim** + - Specify Product Key: **Do not specify a product key at this time** + - Full Name: **Contoso** + - Organization: **Contoso** + - Internet Explorer home page: **http://www.contoso.com** + - Admin Password: **Do not specify an Administrator password at this time** + - Summary: click **Next** + - Confirmation: click **Finish** + +11. Edit the task sequence to add the Microsoft NET Framework 3.5, which is required by many applications. To edit the task sequence, double-click **Windows 10 Enterprise x64 Default Image** that was created in the previous step. + +12. Click the **Task Sequence** tab, under **State Restore** click **Tatto** to highlight it, then click **Add** and choose **New Group**. + +13. On the Properties tab of the group that was created in the previous step, change the Name from New Group to **Custom Tasks (Pre-Windows Update)** and then click **Apply**. + +14. Click the **Custom Tasks (Pre-Windows Update)** group again, click **Add**, point to **Roles**, and then click **Install Roles and Features**. + +15. Under **Select the roles and features that should be installed**, select **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** and then click **Apply**. + +16. Enable Windows Update in the task sequence by clicking the **Windows Update (Post-Application Installation)** step, clicking the **Options** tab, and clearing the **Disable this step** checkbox. + >Note: Since we are not installing applications in this test lab, there is no need to enable the Windows Update Pre-Application Installation step. However, you should enable this step if you are also installing applications. + +17. Click **OK** to complete editing the task sequence. + +18. The next step is to configure the MDT deployment share rules. To configure rules in the Deployment Workbench, right-click MDT build lab (C:\MDTBuildLab) and click Properties, and then click the Rules tab. + +19. Replace the default rules with the following text: + + ``` + [Settings] + Priority=Default + + [Default] + _SMSTSORGNAME=Contoso + UserDataLocation=NONE + DoCapture=YES + OSInstall=Y + AdminPassword=pass@word1 + TimeZoneName=Pacific Standard Time + JoinWorkgroup=WORKGROUP + HideShell=YES + FinishAction=SHUTDOWN + DoNotCreateExtraPartition=YES + ApplyGPOPack=NO + SkipAdminPassword=YES + SkipProductKey=YES + SkipComputerName=YES + SkipDomainMembership=YES + SkipUserData=YES + SkipLocaleSelection=YES + SkipTaskSequence=NO + SkipTimeZone=YES + SkipApplications=YES + SkipBitLocker=YES + SkipSummary=YES + SkipRoles=YES + SkipCapture=NO + SkipFinalSummary=YES + ``` + +20. Click Apply and then click Edit Bootstrap.ini. Replace the contents of the Bootstrap.ini file with the following text, and save the file: + ``` + [Settings] + Priority=Default + + [Default] + DeployRoot=\\SRV1\MDTBuildLab$ + UserDomain=CONTOSO + UserID=administrator + UserPassword=pass@word1 + SkipBDDWelcome=YES + ``` + +21. Click **OK** to complete the configuration of the deployment share. + +22. Right-click **MDT build lab (C:\MDTBuildLab)** and then click **Update Deployment Share**. + +23. Accept all default values in the Update Deployment Share Wizard by clicking **Next**. The update process will take 5 to 10 minutes. When it has completed, click **Finish**. + +24. Copy **c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso** on SRV1 to the **c:\VHD** directory on the Hyper-V host computer. Note that in MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI). + +>Hint: Right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**. + +25. Open a Windows PowerShell prompt on the Hyper-V host computer and type the following commands: + + ``` + New-VM –Name REFW10X64-001 -SwitchName poc-internal -NewVHDPath "c:\VHD\REFW10X64-001.vhdx" -NewVHDSizeBytes 60GB + Set-VMMemory -VMName REFW10X64-001 -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 1024MB -Buffer 20 + Set-VMDvdDrive -VMName REFW10X64-001 -Path c:\VHD\LiteTouchPE_x86.iso + Start-VM REFW10X64-001 + vmconnect localhost REFW10X64-001 + ``` +26. In the Windows Deployment Wizard, select **Windows 10 Enterprise x64 Default Image**, and then click **Next**. + +27. Accept the default values on the Capture Image page, and click **Next**. Operating system installation will complete after 5 to 10 minutes and then the VM will reboot automatically. Allow the system to boot normally (do not press a key). The process is fully automated. + + Additional system restarts will occur to complete updating and preparing the operating system. This step requires approximately 15 to 30 minutes, depending on the speed of the Hyper-V host. Setup will complete the following steps: + + - Installs the Windows 10 Enterprise operating system. + - Installs added applications, roles, and features. + - Updates the operating system using Windows Update (or WSUS if optionally specified). + - Stages Windows PE on the local disk. + - Runs System Preparation (Sysprep) and reboots into Windows PE. + - Captures the installation to a Windows Imaging (WIM) file. + - Turns off the virtual machine. + + The entire process requires one to several hours, depending on the speed of the Hyper-V host and network. After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the C:\MDTBuildLab\Captures folder on your deployment server. The file name is REFW10X64-001.wim. + + ## Deploy a Windows 10 image using MDT + +This procedure will demonstrate how to deploy the reference image to the PoC environment using MDT. + +1. On SRV1, open the MDT Deployment Workbench console, right-click Deployment Shares, and then click New Deployment Share. Use the following values in the New Deployment Share Wizard: + - **Deployment share path**: C:\MDTProd + - **Share name**: MDTProd$ + - **Deployment share description**: MDT Production + - **Options**: accept the default + +2. Click **Finish** and verify the new deployment share was added successfully. + +3. In the Deployment Workbench console, expand the MDT Production deployment share, right-click **Operating Systems**, and then click **New Folder**. Name the new folder **Windows 10**. + +4. Right-click the Windows 10 folder created in the previous step, and then click **Import Operating System**. + +5. On the **OS Type** page, choose **Custom image file** and then click **Next**. + +6. On the Image page, browse to the C:\MDTBuildLab\Captures\REFW10X64-001.wim file created in the previous procedure, click **Open**, and then click **Next**. + +7. On the Setup page, select **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path**. + +8. Under **Setup source directory**, browse to **C:\MDTBuildLab\Operating Systems\W10Ent_x64** click **OK** and then click **Next**. + +9. On the Destination page, accept the default Destination directory name of **REFW10X64-001**, click **Next** twice, and then click **Finish**. + +10. In the Operating Systems > Windows 10 node, double-click the operating system that was added to view its Properties. Change the Operating system name to **Windows 10 Enterprise x64 Custom Image** and then click **OK**. + +### Create the deployment task sequence + +1. Using the Deployment Workbench, select Task Sequences in the MDT Production node, and create a folder named Windows 10. + +2. Right-click the Windows 10 folder created in the previous step, and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: + - Task sequence ID: W10-X64-001 + - Task sequence name: Windows 10 Enterprise x64 Custom Image + - Task sequence comments: Production Image + - Select Template: Standard Client Task Sequence + - Select OS: Windows 10 Enterprise x64 Custom Image + - Specify Product Key: Do not specify a product key at this time + - Full Name: Contoso + - Organization: Contoso + - Internet Explorer home page: http://www.contoso.com + - Admin Password: pass@word1 + +### Configure the MDT production deployment share + +1. On SRV1, open an elevated Windows PowerShell prompt and type the following commands: + + ``` + copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\Bootstrap.ini" C:\MDTProd\Control\Bootstrap.ini -Force + copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\CustomSettings.ini" C:\MDTProd\Control\CustomSettings.ini -Force + ``` +2. In the Deployment Workbench console on SRV1, right-click the MDT Production deployment share and then click Properties. + +3. Click the **Rules** tab and replace the rules with the following text: + + ``` + [Settings] + Priority=Default + + [Default] + _SMSTSORGNAME=Contoso + OSInstall=YES + UserDataLocation=AUTO + TimeZoneName=Pacific Standard Time + AdminPassword=pass@word1 + JoinDomain=contoso.com + DomainAdmin=CONTOSO\administrator + DomainAdminPassword=pass@word1 + MachineObjectOU=OU=Workstations,OU=Computers,OU=Contoso,DC=contoso,DC=com + HideShell=YES + ApplyGPOPack=NO + SkipAppsOnUpgrade=NO + SkipAdminPassword=YES + SkipProductKey=YES + SkipComputerName=NO + SkipDomainMembership=YES + SkipUserData=YES + SkipLocaleSelection=YES + SkipTaskSequence=NO + SkipTimeZone=YES + SkipApplications=NO + SkipBitLocker=YES + SkipSummary=YES + SkipCapture=YES + SkipFinalSummary=NO + ``` +4. Click **Edit Bootstap.ini** and replace text in the file with the following text: + ``` + [Settings] + Priority=Default + + [Default] + DeployRoot=\\SRV1\MDTProd$ + UserDomain=CONTOSO + UserID=administrator + SkipBDDWelcome=YES + ``` +5. Click **OK** when finished. + +### Update the deployment share + +1. Right-click the MDT Production deployment share and then click Update Deployment Share. + +2. Use the default options for the Update Deployment Share Wizard. The update process requires 5 to 10 minutes to complete. + +3. Click **Finish** when the update is complete. + +### Configure Windows Deployment Services + + + +1. Initialize Windows Deployment Services (WDS) by typing the following command at an elevated Windows PowerShell prompt: + + ``` + WDSUTIL /Verbose /Progress /Initialize-Server /Server:SRV1 /RemInst:"C:\RemoteInstall" + ``` + +2. Click **Start**, type **Windows Deployment**, and then click **Windows Deployment Services**. + +3. Expand SRV1.contoso.com, right-click **Boot Images**, and then click **Add Boot Image**. + +4. Browse to the **C:\MDTProd\Boot\LiteTouchPE_x64.wim** file, click **Open**, and accept the defaults in the Add Image Wizard. + +### Deploy the client image + +1. + + + + ## Related Topics   diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 2e48f82a36..85fa231234 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -432,6 +432,7 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 23. Sign in to the contoso.com domain on SRV1 using the domain administrator account, open an elevated Windows PowerShell prompt, and type the following commands: ``` Install-WindowsFeature -Name DNS -IncludeManagementTools + Install-WindowsFeature -Name WDS -IncludeManagementTools Install-WindowsFeature -Name Routing -IncludeManagementTools Install-RemoteAccess -VpnType Vpn cmd /c netsh routing ip nat install From 93d5448f521e44ff2a07dbddad722151565a877f Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 1 Sep 2016 17:15:39 -0700 Subject: [PATCH 17/53] update --- windows/deploy/windows-10-poc-mdt.md | 76 ++++++++++++++++++++++++---- windows/deploy/windows-10-poc.md | 14 ++--- 2 files changed, 74 insertions(+), 16 deletions(-) diff --git a/windows/deploy/windows-10-poc-mdt.md b/windows/deploy/windows-10-poc-mdt.md index 7d53b5e1bd..61819f03b0 100644 --- a/windows/deploy/windows-10-poc-mdt.md +++ b/windows/deploy/windows-10-poc-mdt.md @@ -257,19 +257,23 @@ This procedure will demonstrate how to deploy the reference image to the PoC env _SMSTSORGNAME=Contoso OSInstall=YES UserDataLocation=AUTO - TimeZoneName=Pacific Standard Time + TimeZoneName=Pacific Standard Time + OSDComputerName=PC_#Left("%SerialNumber%",5)# AdminPassword=pass@word1 JoinDomain=contoso.com - DomainAdmin=CONTOSO\administrator + DomainAdmin=administrator + DomainAdminDomain=CONTOSO DomainAdminPassword=pass@word1 - MachineObjectOU=OU=Workstations,OU=Computers,OU=Contoso,DC=contoso,DC=com + ScanStateArgs=/ue:*\* /ui:CONTOSO\* + USMTMigFiles001=MigApp.xml + USMTMigFiles002=MigUser.xml HideShell=YES ApplyGPOPack=NO SkipAppsOnUpgrade=NO - SkipAdminPassword=YES + SkipAdminPassword=YES SkipProductKey=YES SkipComputerName=NO - SkipDomainMembership=YES + SkipDomainMembership=YES SkipUserData=YES SkipLocaleSelection=YES SkipTaskSequence=NO @@ -280,6 +284,10 @@ This procedure will demonstrate how to deploy the reference image to the PoC env SkipCapture=YES SkipFinalSummary=NO ``` + **Note**: The contents of the Rules tab are added to c:\MDTProd\Control\CustomSettings.ini. + + **Important**: In this example a **MachineObjectOU** entry is not provided. Normally this entry describes the specific OU where new client computer objects are created in Active Directory. However, for the purposes of this test lab clients are added to the default computers OU, which requires that this parameter be unspecified. Similarly, the default domain administrator account is being used as a user account. These parameters and some other settings would be different in an actual production deployment. + 4. Click **Edit Bootstap.ini** and replace text in the file with the following text: ``` [Settings] @@ -288,7 +296,8 @@ This procedure will demonstrate how to deploy the reference image to the PoC env [Default] DeployRoot=\\SRV1\MDTProd$ UserDomain=CONTOSO - UserID=administrator + UserID=administrator + UserPassword=pass@word1 SkipBDDWelcome=YES ``` 5. Click **OK** when finished. @@ -301,27 +310,74 @@ This procedure will demonstrate how to deploy the reference image to the PoC env 3. Click **Finish** when the update is complete. +### Enable deployment monitoring + +1. In the Deployment Workbench console, right-click **MDT Production** and then click **Properties**. + +2. On the **Monitoring** tab, select the **Enable monitoring for this deployment share** checkbox, and then click **OK**. + ### Configure Windows Deployment Services - - 1. Initialize Windows Deployment Services (WDS) by typing the following command at an elevated Windows PowerShell prompt: ``` WDSUTIL /Verbose /Progress /Initialize-Server /Server:SRV1 /RemInst:"C:\RemoteInstall" + WDSUTIL /Set-Server /AnswerClients:All ``` 2. Click **Start**, type **Windows Deployment**, and then click **Windows Deployment Services**. 3. Expand SRV1.contoso.com, right-click **Boot Images**, and then click **Add Boot Image**. -4. Browse to the **C:\MDTProd\Boot\LiteTouchPE_x64.wim** file, click **Open**, and accept the defaults in the Add Image Wizard. +4. Browse to the **C:\MDTProd\Boot\LiteTouchPE_x64.wim** file, click **Open**, click **Next**, and accept the defaults in the Add Image Wizard. Click **Finish** to complete adding a boot image. ### Deploy the client image -1. +1. Before using WDS to deploy a client image, you might need to temporarily disable the external network adapter on SRV1. This is just an artifact of the lab environment. **Note**: Do not disable the *internal* network interface. To disable the *external* interface on SRV1, open a Windows PowerShell prompt on SRV1 and type the following command: + ``` + Disable-NetAdapter "Ethernet 2" -Confirm:$false + ``` +2. Next, switch to the Hyper-V host and open an elevated Windows PowerShell prompt. Create a generation 2 VM on the Hyper-V host that will load its OS using PXE. To create this VM, type the following commands at an elevated Windows PowerShell prompt: + + ``` + New-VM –Name "PC2" –NewVHDPath "c:\vhd\pc2.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2 + Set-VMMemory -VMName "PC2" -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 2048MB -Buffer 20 + ``` +3. Start the new VM and connect to it: + + ``` + Start-VM PC2 + vmconnect localhost PC2 + ``` +4. When prompted, hit ENTER to start the network boot process. + +5. Choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**. + +6. When prompted to enter computer details, next to **Computer name** type **PC2** and then click **Next**. + + **Important**: When lite touch installation has started, be sure to re-enable the external network adapter on SRV1. This is needed so the client can use Windows Update after operating system installation is complete. + +7. To re-enable the external network interface, open an elevated Windows PowerShell prompt on SRV1 and type the following command: + + ``` + Enable-NetAdapter "Ethernet 2" + ``` +8. When OS installation is complete, the system will reboot automatically and begin configuring devices. When the new client computer is finished updating, click **Finish**. You will be automatically signed in to the local computer as pc2\administrator. + +9. Turn off the PC2 VM before starting the next section. To turn off the VM, right-click Start, point to Shut down or sign out, and then click Shut down. + +### Refresh a computer with Windows 10 + +This topic will demonstrate how to export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings. The scenario will use PC1, a computer that was cloned from a physical device to a VM, as described in [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md). + +1. Sign on to PC1 using the CONTOSO\Administrator account, open an elevated command prompt, and type the following command: + + ``` + \\SRV1\MDTProd$\Scripts\Litetouch.vbs + ``` +2. ## Related Topics diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 85fa231234..1bfca3370f 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -452,23 +452,25 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 Ethernet 2 Microsoft Hyper-V Network Adapter #2 14 Up 00-15-5D-83-26-06 1 Gbps Ethernet Microsoft Hyper-V Network Adapter 12 Up 00-15-5D-83-26-05 10 Gbps ``` -24. The DNS server role was installed on SRV1 so that we can forward DNS queries from DC1 to SRV1 to resolve Internet names without having to configure a forwarder outside the PoC network. The last step to configure network services on the PoC network is to add this DNS forwarder. To add a server-level DNS forwarder on DC1, type the following command at an elevated command prompt on DC1: +24. The DNS server role was installed on SRV1 so that we can forward DNS queries from DC1 to SRV1 to resolve Internet names without having to configure a forwarder outside the PoC network. To add this server-level DNS forwarder on DC1, type the following command at an elevated command prompt on DC1: ``` Add-DnsServerForwarder -IPAddress 192.168.0.2 ``` -25. If your corporate network has a firewall that filters recursive DNS queries, you might be forced to configure a DNS forwarder outside the PoC network in order to resolve Internet names. To do this, open an elevated Windows PowerShell prompt on SRV1 and type the following commands: +25. The DNS service on SRV1 also needs to resolve hosts in the contoso.com domain. This can be accomplished with a conditional forwarder. To add a conditional forwarder, open an elevated Windows PowerShell prompt on SRV1 and type the following command: + ``` + Add-DnsServerConditionalForwarderZone -Name contoso.com -MasterServers 192.168.0.1 + ``` +26. If your corporate network has a firewall that filters queries from local DNS servers, you might be forced to configure a server-level DNS forwarder to resolve Internet names. To do this, open an elevated Windows PowerShell prompt on SRV1 and type the following commands: ``` Add-DnsServerForwarder -IPAddress (Get-DnsClientServerAddress -InterfaceAlias "Ethernet 2").ServerAddresses ``` -26. Verify that all three VMs on the PoC network can reach the Internet. -27. Because the client computer has different hardware after coping it to a VM, its Windows activation will be invalidated and you might receive a message that you must activate Windows in 3 days. To extend this period to 30 days, type the following commands at an elevated Windows PowerShell prompt on PC1: +27. Verify that all three VMs on the PoC network can reach the Internet, and each other. +28. Because the client computer has different hardware after copying it to a VM, its Windows activation will be invalidated and you might receive a message that you must activate Windows in 3 days. To extend this period to 30 days, type the following commands at an elevated Windows PowerShell prompt on PC1: ``` slmgr -rearm Restart-Computer ``` - - ## Appendix A: Configuring Hyper-V on Windows Server 2008 R2 If your Hyper-V host is running Windows Server 2008 R2, you can use the Hyper-V manager interface to configure Hyper-V, or you can use Hyper-V WMI. Some instructions to configure Hyper-V using WMI are also included in this section for convenience. From 1a56af26da349a9fc4ea69445001920db0ad4563 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 7 Sep 2016 10:09:59 -0700 Subject: [PATCH 18/53] upd --- windows/deploy/windows-10-poc-mdt.md | 68 ++++++++++++++++++++++++---- windows/deploy/windows-10-poc.md | 49 +++++++++----------- 2 files changed, 81 insertions(+), 36 deletions(-) diff --git a/windows/deploy/windows-10-poc-mdt.md b/windows/deploy/windows-10-poc-mdt.md index 61819f03b0..6ea9f3fdf3 100644 --- a/windows/deploy/windows-10-poc-mdt.md +++ b/windows/deploy/windows-10-poc-mdt.md @@ -21,6 +21,8 @@ The PoC environment is a virtual network running on Hyper-V with three virtual m - **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network. - **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been cloned from a physical computer on your corporate network for testing purposes. +This guide leverages the Hyper-V server role to perform procedures. If you do not complete all steps in a single session, consider using [checkpoints](https://technet.microsoft.com/library/dn818483.aspx) and [saved states](https://technet.microsoft.com/library/ee247418.aspx) to pause, resume, or restart your work. + ## In this guide Yadda yadda @@ -245,7 +247,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\Bootstrap.ini" C:\MDTProd\Control\Bootstrap.ini -Force copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\CustomSettings.ini" C:\MDTProd\Control\CustomSettings.ini -Force ``` -2. In the Deployment Workbench console on SRV1, right-click the MDT Production deployment share and then click Properties. +2. In the Deployment Workbench console on SRV1, right-click the **MDT Production** deployment share and then click Properties. 3. Click the **Rules** tab and replace the rules with the following text: @@ -258,7 +260,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env OSInstall=YES UserDataLocation=AUTO TimeZoneName=Pacific Standard Time - OSDComputerName=PC_#Left("%SerialNumber%",5)# + OSDComputerName=%hostname% AdminPassword=pass@word1 JoinDomain=contoso.com DomainAdmin=administrator @@ -272,7 +274,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env SkipAppsOnUpgrade=NO SkipAdminPassword=YES SkipProductKey=YES - SkipComputerName=NO + SkipComputerName=YES SkipDomainMembership=YES SkipUserData=YES SkipLocaleSelection=YES @@ -283,10 +285,11 @@ This procedure will demonstrate how to deploy the reference image to the PoC env SkipSummary=YES SkipCapture=YES SkipFinalSummary=NO + EventService=http://SRV1:9800 ``` **Note**: The contents of the Rules tab are added to c:\MDTProd\Control\CustomSettings.ini. - **Important**: In this example a **MachineObjectOU** entry is not provided. Normally this entry describes the specific OU where new client computer objects are created in Active Directory. However, for the purposes of this test lab clients are added to the default computers OU, which requires that this parameter be unspecified. Similarly, the default domain administrator account is being used as a user account. These parameters and some other settings would be different in an actual production deployment. + >In this example a **MachineObjectOU** entry is not provided. Normally this entry describes the specific OU where new client computer objects are created in Active Directory. However, for the purposes of this test lab clients are added to the default computers OU, which requires that this parameter be unspecified. 4. Click **Edit Bootstap.ini** and replace text in the file with the following text: ``` @@ -304,7 +307,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env ### Update the deployment share -1. Right-click the MDT Production deployment share and then click Update Deployment Share. +1. Right-click the **MDT Production** deployment share and then click Update Deployment Share. 2. Use the default options for the Update Deployment Share Wizard. The update process requires 5 to 10 minutes to complete. @@ -316,6 +319,10 @@ This procedure will demonstrate how to deploy the reference image to the PoC env 2. On the **Monitoring** tab, select the **Enable monitoring for this deployment share** checkbox, and then click **OK**. +3. Verify the monitoring service is working as expected by opening the following link in Internet Explorer: [http://localhost:9800/MDTMonitorEvent/](http://localhost:9800/MDTMonitorEvent/). If you do not see "**You have created a service**" at the top of the page, see [Troubleshooting MDT 2012 Monitoring](https://blogs.technet.microsoft.com/mniehaus/2012/05/10/troubleshooting-mdt-2012-monitoring/). + +4. Close Internet Explorer. + ### Configure Windows Deployment Services 1. Initialize Windows Deployment Services (WDS) by typing the following command at an elevated Windows PowerShell prompt: @@ -372,12 +379,57 @@ This procedure will demonstrate how to deploy the reference image to the PoC env This topic will demonstrate how to export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings. The scenario will use PC1, a computer that was cloned from a physical device to a VM, as described in [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md). -1. Sign on to PC1 using the CONTOSO\Administrator account, open an elevated command prompt, and type the following command: +1. Create a checkpoint for the PC1 VM so that it can easily be reverted to its current state for troubleshooting purposes and to perform additional scenarios. Checkpoints are also known as snapshots. To create a checkpoint for the PC1 VM, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: + ``` + Checkpoint-VM -Name PC1 -SnapshotName BeginState + ``` + +2. Sign on to PC1 using the CONTOSO\Administrator account. + + >Specify **contoso\administrator** as the user name to ensure you do not sign on using the local administrator account. You must sign in with this account so that you have access to the deployment share. + +3. Open an elevated command prompt on PC1 and type the following command: ``` - \\SRV1\MDTProd$\Scripts\Litetouch.vbs + cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs ``` -2. + **Note**: Litetouch.vbs must be able to create the C:\MININT directory on the local computer. + +4. Choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**. + +5. Click **Next** to accept the default for **Computer name**. <--- delete this step + +6. Choose **Do not back up the existing computer** and click **Next**. + + **Note**: The USMT will still back up the computer. + +7. Lite Touch Installation will perform the following actions: + - Back up user settings and data using USMT. + - Install the Windows 10 Enterprise X64 operating system. + - Update the operating system via Windows Update. + - Restore user settings and data using USMT. + + You can review the progress of installation on SRV1 by clicking on the **Monitoring** node in the deployment workbench. When OS installation is complete, the computer will restart, set up devices, and configure settings. + +8. Sign in with the CONTOSO\Administrator account and verify that user accounts and data have been migrated to the new operating system. + +9. Create another checkpoint for the PC1 VM so that you can review results of the computer refresh later. To create a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: + ``` + Checkpoint-VM -Name PC1 -SnapshotName RefreshState + ``` +10. Restore the PC1 VM to it's previous state in preparation for the replace procedure. To restore a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: + ``` + Restore-VMSnapshot -VM PC1 -Name BeginState + ``` + +### Replace a computer with Windows 10 + +1. Type the following commands at an elevated Windows PowerShell prompt on SRV1: + +``` +New-Item -Path C:\MigData -ItemType directory +New-SmbShare ?Name MigData$ ?Path C:\MigData +``` ## Related Topics diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 1bfca3370f..3c1f858a8d 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -227,18 +227,15 @@ The lab architecture is summarized in the following diagram: **Important**:Before you convert a PC to VHD, verify that you have access to a local administrator account on the computer. Alternatively you can use a domain account with administrative rights if these credentials are cached on the computer and your domain policy allows the use of cached credentials for login. +>For purposes of the test lab, you must use a PC with a single hard drive that is assigned a drive letter of C:. Systems with multiple hard drives or non-standard configurations can also be upgraded using PC refresh and replace scenarios, but these systems require more advanced deployment task sequences than those used in this lab. + 1. Download the [Disk2vhd utility](https://technet.microsoft.com/en-us/library/ee656415.aspx), extract the .zip file and copy disk2vhd.exe to a flash drive or other location that is accessible from the computer you wish to convert. >Note: You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media. 2. On the computer you wish to convert, double-click the disk2vhd utility to start the graphical user interface. 3. Select checkboxes next to the volumes you wish to copy and specify a location to save the resulting VHD or VHDX file. If your Hyper-V host is running Windows Server 2008 R2 you must choose VHD, otherwise choose VHDX. -4. Click **Create** to start creating a VHDX file. See the following example: +4. Click **Create** to start creating a VHDX file. - ![disk2vhd](images/convert.png) - - In this example, the source computer has two hard drives, C: and E: and a system reserved partition. The VHDX file (w7.vhdx) is being saved to a flash drive (F:) in the F:\VHD directory.
- >Disk2vhd can also save VHDs to local hard drives, even if they are the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those being converted. - - >If you have experience with Microsoft Virtual Machine Converter and prefer to use this tool instead of Disk2vhd, see [Appendix B: Microsoft Virtual Machine Converter](#appendix-b-microsoft-virtual-machine-converter). + >Disk2vhd can save VHDs to local hard drives, even if they are the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those being converted, such as a flash drive. 5. When the Disk2vhd utility has completed converting the source computer to a VHD, copy the VHDX file (w7.vhdx) to your Hyper-V host in the C:\VHD directory. There should now be four files in this directory: @@ -275,7 +272,7 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 (Get-Counter -Counter @("\Memory\Available MBytes")).countersamples.cookedvalue/4 2775.5 ``` - In this example, VMs must use a maximum of 2700 MB of RAM so that you can run four VMs simultaneously. + In this example, VMs can use a maximum of 2700 MB of RAM each, to run four VMs simultaneously. 4. At the elevated Windows PowerShell prompt, type the following command to create three new VMs. The fourth VM will be added later. >**Important**: Replace the value of 2700MB in the first command below with the RAM value that you calculated in the previous step: @@ -408,10 +405,10 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 Add-Computer -DomainName contoso -Credential $cred Restart-Computer ``` - >PC1 is removed from its domain in this step while not connected to the corporate network so as to ensure the computer object in the corporate domain is unaffected. We have not also renamed PC1 to "PC1" here so that it maintains some of its mirrored identity. However, if desired you can also rename the computer. + >PC1 is removed from its domain in this step while not connected to the corporate network so as to ensure the computer object in the corporate domain is unaffected. We have not also renamed PC1 to "PC1" in system properties so that it maintains some of its mirrored identity. However, if desired you can also rename the computer. 18. After PC1 restarts, sign in to the contoso.com domain with the (user1) account you created in step 8. -19. Minimize the PC1 window but do not turn it off while the second Windows Server 2012 R2 VM (SRV1) is configured. This ensures that the Hyper-V host has enough resources to run all VMs simultaneously. Next, SRV1 will be started, joined to the contoso.com domain, and configured with RRAS and DNS services. +19. Minimize the PC1 window but do not turn it off while the second Windows Server 2012 R2 VM (SRV1) is configured. This verifies that the Hyper-V host has enough resources to run all VMs simultaneously. Next, SRV1 will be started, joined to the contoso.com domain, and configured with RRAS and DNS services. 20. On the Hyper-V host computer at an elevated Windows PowerShell prompt, type the following commands: ``` Start-VM SRV1 @@ -442,17 +439,17 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 ``` >The previous commands assume that network interfaces were added to the SRV1 VM in the order specified by this guide, resulting in an interface alias of "Ethernet" for the private interface and an interface alias of "Ethernet 2" for the public interface. If the interfaces on SRV1 are not named the same, you must adjust these commands appropriately. - To view a list of interfaces and their associated interface aliases on the VM, you use the Get-NetAdapter cmdlet. See the following example: + To view a list of interfaces and their associated interface aliases on the VM, use the following Windows PowerShell command: ``` - Get-NetAdapter + Get-NetAdapter | ? status -eq ‘up’ | Get-NetIPAddress -AddressFamily IPv4 | ft IPAddress, InterfaceAlias - Name InterfaceDescription ifIndex Status MacAddress LinkSpeed - ---- -------------------- ------- ------ ---------- --------- - Ethernet 2 Microsoft Hyper-V Network Adapter #2 14 Up 00-15-5D-83-26-06 1 Gbps - Ethernet Microsoft Hyper-V Network Adapter 12 Up 00-15-5D-83-26-05 10 Gbps + IPAddress InterfaceAlias + --------- -------------- + 10.137.130.118 Ethernet 2 + 192.168.0.2 Ethernet ``` -24. The DNS server role was installed on SRV1 so that we can forward DNS queries from DC1 to SRV1 to resolve Internet names without having to configure a forwarder outside the PoC network. To add this server-level DNS forwarder on DC1, type the following command at an elevated command prompt on DC1: +24. The DNS server role was installed on SRV1 so that we can forward DNS queries from DC1 to SRV1 to resolve Internet names without having to configure a forwarder outside the PoC network. To add this server-level DNS forwarder on DC1, type the following command at an elevated Windows PowerShell prompt on DC1: ``` Add-DnsServerForwarder -IPAddress 192.168.0.2 ``` @@ -473,16 +470,11 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 ## Appendix A: Configuring Hyper-V on Windows Server 2008 R2 -If your Hyper-V host is running Windows Server 2008 R2, you can use the Hyper-V manager interface to configure Hyper-V, or you can use Hyper-V WMI. Some instructions to configure Hyper-V using WMI are also included in this section for convenience. +If your Hyper-V host is running Windows Server 2008 R2, several of the steps in this guide will not work because they use the Hyper-V Module for Windows PowerShell, which is not available on Windows Server 2008 R2. -For more information about the Hyper-V Manager interface in Windows Server 2008 R2, see [Hyper-V](https://technet.microsoft.com/library/cc730764.aspx) in the Windows Server TechNet Library. +To manage Hyper-V on Windows Server 2008 R2, you can use Hyper-V WMI, or you can use the Hyper-V Manager console. -To install Hyper-V on Windows Server 2008 R2, use the Add-WindowsFeature cmdlet: - -``` -Add-WindowsFeature -Name Hyper-V -``` -Use the following Windows PowerShell commands to create a virtual switch on Windows Server 2008 R2: +An example that uses Hyper-V WMI to create a virtual switch on Windows Server 2008 R2 is provided below. Converting all Hyper-V module commands used in this guide to Hyper-V WMI is beyond the scope of the guide. If you must use a Hyper-V host running Windows Server 2008 R2, the steps in the guide can also be accomplished by using the Hyper-V Manager console. ``` $SwitchFriendlyName = "poc-internal" @@ -506,12 +498,13 @@ $Result = $VirtualSwitchManagementService.ConnectSwitchPort($InternalSwitchPort, $filter = "SettingID='" + $InternalEthernetPort.DeviceID +"'" $NetworkAdapterConfiguration = gwmi Win32_NetworkAdapterConfiguration -filter $filter ``` - -Use the following Windows PowerShell commands to add VMs on Windows Server 2008 R2: +To install Hyper-V on Windows Server 2008 R2, you can use the Add-WindowsFeature cmdlet: ``` -command here +Add-WindowsFeature -Name Hyper-V ``` +For more information about the Hyper-V Manager interface in Windows Server 2008 R2, see [Hyper-V](https://technet.microsoft.com/library/cc730764.aspx) in the Windows Server TechNet Library. + ## Appendix B: Verify the configuration Use the following procedures to verify that the PoC environment is configured properly and working as expected. From 1e12192094ce428862dca1c17c0bbccb30383d58 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 7 Sep 2016 10:11:22 -0700 Subject: [PATCH 19/53] upd --- windows/deploy/windows-10-poc-mdt.md | 180 +++++++++++++++++++-------- windows/deploy/windows-10-poc.md | 133 +++++++++++++------- 2 files changed, 214 insertions(+), 99 deletions(-) diff --git a/windows/deploy/windows-10-poc-mdt.md b/windows/deploy/windows-10-poc-mdt.md index 6ea9f3fdf3..d0c059068e 100644 --- a/windows/deploy/windows-10-poc-mdt.md +++ b/windows/deploy/windows-10-poc-mdt.md @@ -25,36 +25,35 @@ This guide leverages the Hyper-V server role to perform procedures. If you do no ## In this guide -Yadda yadda +Description here. ## Install the Microsoft Deployment Toolkit (MDT) -1. Temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt on SRV1: +1. On SRV1, temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt: ``` $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0 Stop-Process -Name Explorer ``` -2. Download and install the 64-bit version of [Microsoft Deployment Toolkit (MDT) 2013 Update 2](https://www.microsoft.com/en-us/download/details.aspx?id=50407) on SRV1. +2. Download and install the 64-bit version of [Microsoft Deployment Toolkit (MDT) 2013 Update 2](https://www.microsoft.com/en-us/download/details.aspx?id=50407) on SRV1 using the default options. -3. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) on SRV1 using the default installation settings. +3. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 1607. Installation might require several minutes to acquire all components. -3. Re-enable IE Enhanced Security Configuration: +3. If desired, re-enable IE Enhanced Security Configuration: ``` Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 1 Stop-Process -Name Explorer ``` ->Alternatively, you can download the MDT and ADK installation files on the Hyper-V host, and then copy or share these files to SRV1. ## Create a deployment share -1. In [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md) the Windows 10 Enterprise .iso file was saved to the c:\VHD directory as **c:\VHD\w10-enterprise.iso**. The first step in creating a deployment share is to mount this file on SRV1. We can use PowerShell on the Hyper-V host to do this. To mount the Windows 10 Enterprise DVD on SRV1, open an elevated Windows PowerShell prompt on the Hyper-V host computer and type the following command: +1. In [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md) the Windows 10 Enterprise .iso file was saved to the c:\VHD directory as **c:\VHD\w10-enterprise.iso**. The first step in creating a deployment share is to mount this file on SRV1. To mount the Windows 10 Enterprise DVD on SRV1, open an elevated Windows PowerShell prompt on the Hyper-V host computer and type the following command: ``` Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\w10-enterprise.iso ``` -2. Connect to SRV1 and verify that the Windows Enterprise installation DVD is mounted as the D:\ drive. +2. Connect to SRV1 and verify that the Windows Enterprise installation DVD is mounted as driver letter D. -3. The Windows 10 Enterprise installation files will be used to create a deployment share on SRV1 using the MDT deployment workbench. To open the deployment workbench, click Start, type deployment, and then click Deployment Workbench. +3. The Windows 10 Enterprise installation files will be used to create a deployment share on SRV1 using the MDT deployment workbench. To open the deployment workbench, click **Start**, type **deployment**, and then click **Deployment Workbench**. 4. In the Deployment Workbench console, right-click Deployment Shares and select New Deployment Share. @@ -69,7 +68,7 @@ Yadda yadda 6. Expand the Deployment Shares node, and then expand MDT build lab. -7. Right-click the Operating Systems node, and then click New Folder. Name the new folder **Windows 10**. +7. Right-click the Operating Systems node, and then click New Folder. Name the new folder **Windows 10**. Complete the wizard using default values and click **Finish**. 7. Right-click the Windows 10 folder created in the previous step, and then click **Import Operating System**. @@ -80,9 +79,9 @@ Yadda yadda - Summary: click **Next** - Confirmation: click **Finish** -9. For purposes of this test lab, we will not add applications (such as Microsoft Office) to the deployment share. If you wish to add applications before proceeding, see the [Add applications](https://technet.microsoft.com/en-us/itpro/windows/deploy/create-a-windows-10-reference-image#sec03) section of the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) topic in the TechNet library. +9. For purposes of this test lab, we will not add applications (such as Microsoft Office) to the deployment share. For information about adding applications, see the [Add applications](https://technet.microsoft.com/en-us/itpro/windows/deploy/create-a-windows-10-reference-image#sec03) section of the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) topic in the TechNet library. -10. The next step is to create a task sequence to reference the operating system that was imported. To create a task sequence, right-click the Task Sequences node and then click New Task Sequence. Use the following settings for the New Task Sequence Wizard: +10. The next step is to create a task sequence to reference the operating system that was imported. To create a task sequence, right-click the **Task Sequences** node and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: - Task sequence ID: **REFW10X64-001**
- Task sequence name: **Windows 10 Enterprise x64 Default Image**
- Task sequence comments: **Reference Build**
@@ -98,7 +97,7 @@ Yadda yadda 11. Edit the task sequence to add the Microsoft NET Framework 3.5, which is required by many applications. To edit the task sequence, double-click **Windows 10 Enterprise x64 Default Image** that was created in the previous step. -12. Click the **Task Sequence** tab, under **State Restore** click **Tatto** to highlight it, then click **Add** and choose **New Group**. +12. Click the **Task Sequence** tab. Under **State Restore** click **Tatto** to highlight it, then click **Add** and choose **New Group**. 13. On the Properties tab of the group that was created in the previous step, change the Name from New Group to **Custom Tasks (Pre-Windows Update)** and then click **Apply**. @@ -111,7 +110,7 @@ Yadda yadda 17. Click **OK** to complete editing the task sequence. -18. The next step is to configure the MDT deployment share rules. To configure rules in the Deployment Workbench, right-click MDT build lab (C:\MDTBuildLab) and click Properties, and then click the Rules tab. +18. The next step is to configure the MDT deployment share rules. To configure rules in the Deployment Workbench, right-click MDT build lab (C:\MDTBuildLab) and click **Properties**, and then click the **Rules** tab. 19. Replace the default rules with the following text: @@ -147,7 +146,7 @@ Yadda yadda SkipFinalSummary=YES ``` -20. Click Apply and then click Edit Bootstrap.ini. Replace the contents of the Bootstrap.ini file with the following text, and save the file: +20. Click **Apply** and then click **Edit Bootstrap.ini**. Replace the contents of the Bootstrap.ini file with the following text, and save the file: ``` [Settings] Priority=Default @@ -168,7 +167,7 @@ Yadda yadda 24. Copy **c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso** on SRV1 to the **c:\VHD** directory on the Hyper-V host computer. Note that in MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI). ->Hint: Right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**. +>Hint: Top copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**. 25. Open a Windows PowerShell prompt on the Hyper-V host computer and type the following commands: @@ -183,23 +182,23 @@ Yadda yadda 27. Accept the default values on the Capture Image page, and click **Next**. Operating system installation will complete after 5 to 10 minutes and then the VM will reboot automatically. Allow the system to boot normally (do not press a key). The process is fully automated. - Additional system restarts will occur to complete updating and preparing the operating system. This step requires approximately 15 to 30 minutes, depending on the speed of the Hyper-V host. Setup will complete the following steps: + Additional system restarts will occur to complete updating and preparing the operating system. Setup will complete the following procedures: - - Installs the Windows 10 Enterprise operating system. - - Installs added applications, roles, and features. - - Updates the operating system using Windows Update (or WSUS if optionally specified). - - Stages Windows PE on the local disk. - - Runs System Preparation (Sysprep) and reboots into Windows PE. - - Captures the installation to a Windows Imaging (WIM) file. - - Turns off the virtual machine. + - Install the Windows 10 Enterprise operating system. + - Install added applications, roles, and features. + - Update the operating system using Windows Update (or WSUS if optionally specified). + - Stage Windows PE on the local disk. + - Run System Preparation (Sysprep) and reboot into Windows PE. + - Capture the installation to a Windows Imaging (WIM) file. + - Turn off the virtual machine. - The entire process requires one to several hours, depending on the speed of the Hyper-V host and network. After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the C:\MDTBuildLab\Captures folder on your deployment server. The file name is REFW10X64-001.wim. + This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host. After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on your deployment server. The file name is **REFW10X64-001.wim**. ## Deploy a Windows 10 image using MDT This procedure will demonstrate how to deploy the reference image to the PoC environment using MDT. -1. On SRV1, open the MDT Deployment Workbench console, right-click Deployment Shares, and then click New Deployment Share. Use the following values in the New Deployment Share Wizard: +1. On SRV1, open the MDT Deployment Workbench console, right-click **Deployment Shares**, and then click **New Deployment Share**. Use the following values in the New Deployment Share Wizard: - **Deployment share path**: C:\MDTProd - **Share name**: MDTProd$ - **Deployment share description**: MDT Production @@ -207,7 +206,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env 2. Click **Finish** and verify the new deployment share was added successfully. -3. In the Deployment Workbench console, expand the MDT Production deployment share, right-click **Operating Systems**, and then click **New Folder**. Name the new folder **Windows 10**. +3. In the Deployment Workbench console, expand the MDT Production deployment share, right-click **Operating Systems**, and then click **New Folder**. Name the new folder **Windows 10** and complete the wizard using default values. 4. Right-click the Windows 10 folder created in the previous step, and then click **Import Operating System**. @@ -225,7 +224,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env ### Create the deployment task sequence -1. Using the Deployment Workbench, select Task Sequences in the MDT Production node, and create a folder named Windows 10. +1. Using the Deployment Workbench, select Task Sequences in the MDT Production node, and create a folder named **Windows 10**. 2. Right-click the Windows 10 folder created in the previous step, and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: - Task sequence ID: W10-X64-001 @@ -260,7 +259,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env OSInstall=YES UserDataLocation=AUTO TimeZoneName=Pacific Standard Time - OSDComputerName=%hostname% + OSDComputername=#Left("PC_%SerialNumber%",7)# AdminPassword=pass@word1 JoinDomain=contoso.com DomainAdmin=administrator @@ -307,7 +306,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env ### Update the deployment share -1. Right-click the **MDT Production** deployment share and then click Update Deployment Share. +1. Right-click the **MDT Production** deployment share and then click **Update Deployment Share**. 2. Use the default options for the Update Deployment Share Wizard. The update process requires 5 to 10 minutes to complete. @@ -319,13 +318,13 @@ This procedure will demonstrate how to deploy the reference image to the PoC env 2. On the **Monitoring** tab, select the **Enable monitoring for this deployment share** checkbox, and then click **OK**. -3. Verify the monitoring service is working as expected by opening the following link in Internet Explorer: [http://localhost:9800/MDTMonitorEvent/](http://localhost:9800/MDTMonitorEvent/). If you do not see "**You have created a service**" at the top of the page, see [Troubleshooting MDT 2012 Monitoring](https://blogs.technet.microsoft.com/mniehaus/2012/05/10/troubleshooting-mdt-2012-monitoring/). +3. Verify the monitoring service is working as expected by opening the following link on SRV1 in Internet Explorer: [http://localhost:9800/MDTMonitorEvent/](http://localhost:9800/MDTMonitorEvent/). If you do not see "**You have created a service**" at the top of the page, see [Troubleshooting MDT 2012 Monitoring](https://blogs.technet.microsoft.com/mniehaus/2012/05/10/troubleshooting-mdt-2012-monitoring/). 4. Close Internet Explorer. ### Configure Windows Deployment Services -1. Initialize Windows Deployment Services (WDS) by typing the following command at an elevated Windows PowerShell prompt: +1. Initialize Windows Deployment Services (WDS) by typing the following command at an elevated Windows PowerShell prompt on SRV1: ``` WDSUTIL /Verbose /Progress /Initialize-Server /Server:SRV1 /RemInst:"C:\RemoteInstall" @@ -334,13 +333,13 @@ This procedure will demonstrate how to deploy the reference image to the PoC env 2. Click **Start**, type **Windows Deployment**, and then click **Windows Deployment Services**. -3. Expand SRV1.contoso.com, right-click **Boot Images**, and then click **Add Boot Image**. +3. In the Windows Deployment Services console, expand Servers, expand SRV1.contoso.com, right-click **Boot Images**, and then click **Add Boot Image**. 4. Browse to the **C:\MDTProd\Boot\LiteTouchPE_x64.wim** file, click **Open**, click **Next**, and accept the defaults in the Add Image Wizard. Click **Finish** to complete adding a boot image. ### Deploy the client image -1. Before using WDS to deploy a client image, you might need to temporarily disable the external network adapter on SRV1. This is just an artifact of the lab environment. **Note**: Do not disable the *internal* network interface. To disable the *external* interface on SRV1, open a Windows PowerShell prompt on SRV1 and type the following command: +1. Before using WDS to deploy a client image, you must temporarily disable the external network adapter on SRV1. This is just an artifact of the lab environment. In a typical deployment environment WDS would not be installed on the default gateway. **Note**: Do not disable the *internal* network interface. To disable the *external* interface on SRV1, open a Windows PowerShell prompt on SRV1 and type the following command: ``` Disable-NetAdapter "Ethernet 2" -Confirm:$false @@ -362,18 +361,15 @@ This procedure will demonstrate how to deploy the reference image to the PoC env 5. Choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**. -6. When prompted to enter computer details, next to **Computer name** type **PC2** and then click **Next**. - - **Important**: When lite touch installation has started, be sure to re-enable the external network adapter on SRV1. This is needed so the client can use Windows Update after operating system installation is complete. - -7. To re-enable the external network interface, open an elevated Windows PowerShell prompt on SRV1 and type the following command: +6. After MDT lite touch installation has started, be sure to re-enable the external network adapter on SRV1. This is needed so the client can use Windows Update after operating system installation is complete.To re-enable the external network interface, open an elevated Windows PowerShell prompt on SRV1 and type the following command: ``` Enable-NetAdapter "Ethernet 2" ``` -8. When OS installation is complete, the system will reboot automatically and begin configuring devices. When the new client computer is finished updating, click **Finish**. You will be automatically signed in to the local computer as pc2\administrator. +7. On SRV1, in the Deployment Workbench console, click on **Monitoring** and view the status of installation. +8. When OS installation is complete, the system will reboot automatically and begin configuring devices. When the new client computer is finished updating, click **Finish**. You will be automatically signed in to the local computer as administrator. -9. Turn off the PC2 VM before starting the next section. To turn off the VM, right-click Start, point to Shut down or sign out, and then click Shut down. +9. Turn off the PC2 VM before starting the next section. To turn off the VM, right-click **Start**, point to **Shut down or sign out**, and then click **Shut down**. ### Refresh a computer with Windows 10 @@ -388,7 +384,7 @@ This topic will demonstrate how to export user data from an existing client comp >Specify **contoso\administrator** as the user name to ensure you do not sign on using the local administrator account. You must sign in with this account so that you have access to the deployment share. -3. Open an elevated command prompt on PC1 and type the following command: +3. Open an elevated command prompt on PC1 and type the following: ``` cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs @@ -397,13 +393,11 @@ This topic will demonstrate how to export user data from an existing client comp 4. Choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**. -5. Click **Next** to accept the default for **Computer name**. <--- delete this step - -6. Choose **Do not back up the existing computer** and click **Next**. +5. Choose **Do not back up the existing computer** and click **Next**. **Note**: The USMT will still back up the computer. -7. Lite Touch Installation will perform the following actions: +6. Lite Touch Installation will perform the following actions: - Back up user settings and data using USMT. - Install the Windows 10 Enterprise X64 operating system. - Update the operating system via Windows Update. @@ -411,26 +405,102 @@ This topic will demonstrate how to export user data from an existing client comp You can review the progress of installation on SRV1 by clicking on the **Monitoring** node in the deployment workbench. When OS installation is complete, the computer will restart, set up devices, and configure settings. -8. Sign in with the CONTOSO\Administrator account and verify that user accounts and data have been migrated to the new operating system. +7. Sign in with the CONTOSO\Administrator account and verify that user accounts and data have been migrated to the new operating system. -9. Create another checkpoint for the PC1 VM so that you can review results of the computer refresh later. To create a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: +8. Create another checkpoint for the PC1 VM so that you can review results of the computer refresh later. To create a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: ``` Checkpoint-VM -Name PC1 -SnapshotName RefreshState ``` -10. Restore the PC1 VM to it's previous state in preparation for the replace procedure. To restore a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: +9. Restore the PC1 VM to it's previous state in preparation for the replace procedure. To restore a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: ``` - Restore-VMSnapshot -VM PC1 -Name BeginState + Restore-VMSnapshot -VMName PC1 -Name BeginState -Confirm:$false + Start-VM PC1 + vmconnect localhost PC1 ``` +10. Sign in to PC1 using the contoso\administrator account. ### Replace a computer with Windows 10 -1. Type the following commands at an elevated Windows PowerShell prompt on SRV1: +At a high level, the computer replace process consists of:
+- A special replace task sequence runs the USMT backup and an optional full Window Imaging (WIM) backup.
+- On the new machine, a standard bare-metal deployment is performed. At the end of the bare-metal deployment, the USMT backup from the old computer is restored. -``` -New-Item -Path C:\MigData -ItemType directory -New-SmbShare ?Name MigData$ ?Path C:\MigData -``` +#### Create a backup-only task sequence +1. On SRV1, right-click the MDT Production deployment share, click **Properties**, click the **Rules** tab, and change the line **SkipUserData=YES** to **SkipUserData=NO**. +2. Click **OK**, right-click **MDT Production**, click **Update Deployment Share** and accept the default options in the wizard to update the share. +3. Type the following commands at an elevated Windows PowerShell prompt on SRV1: + ``` + New-Item -Path C:\MigData -ItemType directory + New-SmbShare -Name MigData$ -Path C:\MigData -ChangeAccess EVERYONE + icacls C:\MigData /grant '"contoso\administrator":(OI)(CI)(M)' + ``` +4. On SRV1 in the deployment workbench, under **MDT Production**, right-click the **Task Sequences** node, and click **New Folder**. +5. Name the new folder **Other**, and complete the wizard using default options. +6. Right-click the **Other** folder and then click **New Task Sequence**. Use the following values in the wizard: + - **Task sequence ID**: REPLACE-001 + - **Task sequence name**: Backup Only Task Sequence + - **Task sequence comments**: Run USMT to backup user data and settings + - **Template**: Standard Client Replace Task Sequence +7. Accept defaults for the rest of the wizard and then click **Finish**. The replace task sequence will skip OS selection and settings. +8. Open the new task sequence that was created and review it. Note the type of capture and backup tasks that are present. Click **OK** when you are finished reviewing the task sequence. + +#### Run the backup-only task sequence + +1. If you are not already signed on to PC1 as contoso\administrator, sign in using this account. +2. On PC1, open an elevated command prompt and type the following: + ``` + cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs + ``` +3. Complete the deployment wizard using the following: + - **Task Sequence**: Backup Only Task Sequence + - **User Data**: Specify a location: **\\SRV1\MigData$\PC1** + - **Computer Backup**: Do not back up the existing computer. +4. Click **Finish** when the capture is complete. +5. On SRV1, verify that the file USMT.MIG was created in the C:\MigData\PC1\USMT directory. See the following example: + ``` + PS C:\> dir C:\MigData\PC1\USMT + + + Directory: C:\MigData\PC1\USMT + + + Mode LastWriteTime Length Name + ---- ------------- ------ ---- + -a--- 9/6/2016 11:34 AM 14248685 USMT.MIG + + ``` +#### Deploy PC3 + +1. On the Hyper-V host, type the following commands at an elevated Windows PowerShell prompt: + ``` + New-VM –Name "PC3" –NewVHDPath "c:\vhd\pc3.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2 + Set-VMMemory -VMName "PC3" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20 + ``` +2. Temporarily disable the external network adapter on SRV1 again, so that we can successfully boot PC3 from WDS. To disable the adapter, type the following command at an elevated Windows PowerShell prompt on SRV1: + ``` + Disable-NetAdapter "Ethernet 2" -Confirm:$false + ``` +3. Start and connect to PC3 by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: + ``` + Start-VM PC3 + vmconnect localhost PC3 + ``` +4. When prompted to press ENTER for network boot, press ENTER. +5. On SRV1, re-enable the external network adapter by typing the following command: + ``` + Enable-NetAdapter "Ethernet 2" + ``` +6. On PC3, ue the following settings for the Windows Deployment Wizard: + - Task Sequence: Windows 10 Enterprise x64 Custom Image + - Move Data and Settings: Do not move user data and settings + - User Data (Restore): Specify a location: \\SRV1\MigData$\PC1\USMT +7. Setup will install the Windows 10 Enterprise operating system, update via Windows Update, and restore the user settings and data from PC1. + +Note: If there are problems with deployment, you can review logs in the following locations on the client computer: +- Before the image is applied: X:\MININT\SMSOSD\OSDLOGS +- After the system drive has been formatted: C:\MININT\SMSOSD\OSDLOGS +- After deployment: %WINDIR%\TEMP\DeploymentLogs ## Related Topics diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 3c1f858a8d..efb0a8c295 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -201,10 +201,10 @@ The lab architecture is summarized in the following diagram: 2. Rename the VHD file that you downloaded to **2012R2-poc-1.vhd**. This is not required, but is done to make the filename simpler to recognize. 3. Copy the VHD to a second file also in the C:\VHD directory and name this VHD **2012R2-poc-2.vhd**. -4. Download the [Windows 10 Enterprise ISO](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise) from the TechNet Evaluation Center to the C:\VHD directory on your Hyper-V host. During registration, you must specify the type, version, and language of installation media to download. -5. Rename the ISO file that you downloaded to **w10-enterprise.iso**. Again, this is done so that the filename is simpler to type and recognize. - - In this example, a Windows 10 Enterprise, 64 bit, English VHD is chosen. You can choose a different version if desired. Note that Windows 10 in-place upgrade is only possible if the source operating system and installation media are both 32-bit or both 64-bit, so you should download the file version that corresponds to the version of your source computer for upgrade testing. After completing registration you will be able to download the 3.63 GB Windows 10 Enterprise evaluation ISO. The following commands and output display the procedures described in this section: +4. Download the [Windows 10 Enterprise ISO](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise) from the TechNet Evaluation Center to the C:\VHD directory on your Hyper-V host. During registration, you must specify the type, version, and language of installation media to download. In this example, a Windows 10 Enterprise, 64 bit, English VHD is chosen. You can choose a different version if desired. Note that Windows 10 in-place upgrade is only possible if the source operating system and installation media are both 32-bit or both 64-bit, so you should download the file version that corresponds to the version of your source computer for upgrade testing. +5. Rename the ISO file that you downloaded to **w10-enterprise.iso**. Again, this is done so that the filename is simpler to type and recognize. After completing registration you will be able to download the 3.63 GB Windows 10 Enterprise evaluation ISO. + + The following commands and output display the procedures described in this section: ``` C:\>mkdir VHD @@ -252,19 +252,26 @@ The lab architecture is summarized in the following diagram: Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2008 R2. For more information, see [Appendix A: Configuring Hyper-V settings on 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2). 1. Open an elevated Windows PowerShell window and type the following command to create two virtual switches named "poc-internal" and "poc-external": + >If the Hyper-V host already has an external virtual switch bound to a physical NIC, do not attempt to add a second external virtual switch. Attempting to add a second external switch will result in an error indicating that the NIC is "**already bound to the Microsoft Virtual Switch protocol.**" In this case, choose one of the following options:
+    a) Remove the existing external virtual switch, then add the poc-external switch
+    b) Rename the existing external switch to "poc-external"
+    c) Replace each instance of "poc-external" used in this guide with the name of your existing external virtual switch
+ If you choose b) or c), then to not run the second command below. ``` New-VMSwitch -Name poc-internal -SwitchType Internal -Notes "PoC Network" New-VMSwitch -Name poc-external -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and $_.NdisPhysicalMedium -eq 14}).Name -Notes "PoC External" ``` - >Since an external virtual switch is associated to a physical NIC on the Hyper-V host, this NIC must be specified when adding the virtual switch. In the previous step, we attempt to automate this by filtering for active ethernet adapters. If your Hyper-V host is has multiple active ethernet adapters, this automation will not work and the second command above will fail. In this case, you will need to edit the command used to add the "poc-external" VM switch by inserting the specific value needed for the -NetAdapterName option (the name of the network interface you wish to use). + >Additionally, since an external virtual switch is associated to a physical NIC on the Hyper-V host, this NIC must be specified when adding the virtual switch. This step is automated in the example here by filtering for active ethernet adapters using the Get-NetAdapter cmdlet. If your Hyper-V host has multiple active ethernet adapters, this automation will not work, and the second command above will fail. In this case, you must edit the command used to add the "poc-external" virtual switch by inserting the specific value needed for the -NetAdapterName option. This value corresponds to the name of the network interface you wish to use. + + 2. At the elevated Windows PowerShell prompt, type the following command to determine the megabytes of RAM that are currently available on the Hyper-V host: ``` (Get-Counter -Counter @("\Memory\Available MBytes")).countersamples.cookedvalue ``` - >On a Hyper-V host computer with 16 GB of RAM installed, 12,000 MB of RAM or greater should be available if the computer is not also running other applications. If the computer has less than 12,000 MB of available RAM, try closing applications to free up more memory. + >This command will display the megabytes of RAM available. On a Hyper-V host computer with 16 GB of physical RAM installed, 12,000 MB of RAM or greater should be available if the computer is not also running other applications. If the computer has less than 12,000 MB of available RAM, try closing applications to free up more memory. 3. Determine the available memory for VMs by dividing the available RAM by 4. For example: @@ -281,15 +288,18 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 $maxRAM = 2700MB New-VM –Name "DC1" –VHDPath c:\vhd\2012R2-poc-1.vhd -SwitchName poc-internal Set-VMMemory -VMName "DC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 + Enable-VMIntegrationService –Name "Guest Service Interface" -VMName DC1 New-VM –Name "SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc-internal Add-VMNetworkAdapter -VMName "SRV1" -SwitchName "poc-external" Set-VMMemory -VMName "SRV1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 + Enable-VMIntegrationService –Name "Guest Service Interface" -VMName SRV1 New-VM –Name "PC1" –VHDPath c:\vhd\w7.vhdx -SwitchName poc-internal Set-VMMemory -VMName "PC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 + Enable-VMIntegrationService –Name "Guest Service Interface" -VMName PC1 ``` ### Configure Windows Server 2012 R2 VHDs -1. Open an elevated Windows PowerShell window on the Hyper-V host and start the first VM by typing the following command: +1. At an elevated Windows PowerShell prompt on the Hyper-V host, start the first VM by typing the following command: ``` Start-VM DC1 @@ -298,35 +308,36 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 ``` vmconnect localhost DC1 ``` -3. Accept the default settings, read license terms and accept them, provide an administrator password of **pass@word1**, and click **Finish**. -4. If DC1 is configured as described in this guide, it will currently be assigned an APIPA address, have a randomly generated hostname, and a single network adapter named "Ethernet." At an elevated Windows PowerShell prompt on DC1, type the following commands to provide a new hostname and configure a static IP address and gateway: +3. Click **Next** to accept the default settings, read the license terms and click **I accept**, provide an administrator password of **pass@word1**, and click **Finish**. +4. Sign in to DC1 using the local administrator account. Right-click **Start**, point to **Shut down or sign out**, and click **Sign out**. The VM connection will reset and a new connection dialog box will appear enabling you to choose a custom display configuration. Select a desktop size, click **Connect** and sign in with the local Administrator account. Note: Signing in this way ensures that [enhanced session mode](https://technet.microsoft.com/windows-server-docs/compute/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect) is enabled. +5. If DC1 is configured as described in this guide, it will currently be assigned an APIPA address, have a randomly generated hostname, and a single network adapter named "Ethernet." Open an elevated Windows PowerShell prompt on DC1 and type the following commands to provide a new hostname and configure a static IP address and gateway: ``` Rename-Computer DC1 New-NetIPAddress –InterfaceAlias Ethernet –IPAddress 192.168.0.1 –PrefixLength 24 -DefaultGateway 192.168.0.2 Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.0.1,192.168.0.2 ``` - >The default gateway will be added to a member server at 192.168.0.2 later in this guide. -5. Install the Active Directory Domain Services role by typing the following command at an elevated Windows PowerShell prompt: + >The default gateway at 192.168.0.2 will be configured later in this guide. +6. Install the Active Directory Domain Services role by typing the following command at an elevated Windows PowerShell prompt: ``` Install-WindowsFeature -Name AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools ``` -6. Before promoting DC1 to a Domain Controller, you must reboot so that the name change in step 3 above takes effect: +7. Before promoting DC1 to a Domain Controller, you must reboot so that the name change in step 3 above takes effect. To restart the computer, type the following command at an elevated Windows PowerShell prompt: ``` Restart-Computer ``` -7. When DC1 has rebooted, sign in again and open an elevated Windows PowerShell prompt. Now you can promote the server to be a domain controller. The directory services restore mode password must be entered as a secure string: +8. When DC1 has rebooted, sign in again and open an elevated Windows PowerShell prompt. Now you can promote the server to be a domain controller. The directory services restore mode password must be entered as a secure string: ``` $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force Install-ADDSForest -DomainName contoso.com -InstallDns -SafeModeAdministratorPassword $pass -Force ``` Ignore any warnings that are displayed. The computer will automatically reboot upon completion. -8. When the reboot has completed, sign in using the CONTOSO\Administrator account, open an elevated Windows PowerShell prompt, and use the following commands to add a reverse lookup zone for the PoC network, add the DHCP Server role, authorize DHCP in Active Directory, and supress the post-DHCP-install alert: +9. When the reboot has completed, sign in using the CONTOSO\Administrator account, open an elevated Windows PowerShell prompt, and use the following commands to add a reverse lookup zone for the PoC network, add the DHCP Server role, authorize DHCP in Active Directory, and supress the post-DHCP-install alert: ``` Add-DnsServerPrimaryZone -NetworkID "192.168.0.0/24" -ReplicationScope Forest @@ -336,35 +347,36 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 Add-DhcpServerInDC dc1.contoso.com 192.168.0.1 Set-ItemProperty –Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles\12 –Name ConfigurationState –Value 2 ``` -9. Next, add a DHCP scope and set option values: +10. Next, add a DHCP scope and set option values: ``` Add-DhcpServerv4Scope -Name "PoC Scope" -StartRange 192.168.0.100 -EndRange 192.168.0.199 -SubnetMask 255.255.255.0 -Description "Windows 10 PoC" -State Active Set-DhcpServerv4OptionValue -ScopeId 192.168.0.0 -DnsDomain contoso.com -Router 192.168.0.2 -DnsServer 192.168.0.1,192.168.0.2 -Force ``` >The -Force option is necessary when adding scope options to skip validation of 192.168.0.2 as a DNS server because we have not configured it yet. The scope should immediately begin issuing leases on the PoC network. The first DHCP lease that will be issued is to vEthernet interface on the Hyper-V host, which is a member of the internal network. -10. Lastly, add a user account to the contoso.com domain that can be used with client computers: +11. Lastly, add a user account to the contoso.com domain that can be used with client computers: ``` New-ADUser -Name "User1" -UserPrincipalName user1 -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true ``` -11. Minimize the DC1 VM window but **do not stop** the VM. +12. Minimize the DC1 VM window but **do not stop** the VM. Next, the client VM will be started and joined to the contoso.com domain. This is done before adding a gateway to the PoC network so that there is no danger of duplicate DNS registrations for the physical client and its cloned VM in the corporate domain. -12. Using an elevated Windows PowerShell prompt on the Hyper-V host, start the client VM (PC1), and connect to it: +13. Using an elevated Windows PowerShell prompt on the Hyper-V host, start the client VM (PC1), and connect to it: ``` Start-VM PC1 vmconnect localhost PC1 ``` -13. Sign on to PC1 using an account that has local administrator rights.
+14. Sign on to PC1 using an account that has local administrator rights.
>PC1 will be disconnected from its current domain, so you cannot use a domain account to sign on unless these credentials are cached and the use of cached credentials is permitted by Group Policy. If cached credentials are available and permitted, you can use these credentials to sign in. -14. After signing in, the operating system detects that it is running in a new environment. New drivers will be automatically installed, including the network adapter driver. The network adapter driver must be updated before you can proceed, so that you will be able to join the contoso.com domain. Depending on the resources allocated to PC1, installing the network adapter driver might take a few minutes. +15. After signing in, the operating system detects that it is running in a new environment. New drivers will be automatically installed, including the network adapter driver. The network adapter driver must be updated before you can proceed, so that you will be able to join the contoso.com domain. Depending on the resources allocated to PC1, installing the network adapter driver might take a few minutes. ![PoC](images/installing-drivers.png) >If the client was configured with a static address, you must change this to a dynamic one so that it can obtain a DHCP lease. -15. When the new network adapter driver has completed installation, you will receive an alert to set a network location for the contoso.com network. Select **Work network** and then click **Close**. When you receive an alert that a restart is required, click **Restart Later**. -16. Open an elevated Windows PowerShell prompt on PC1 and verify that the client VM has received a DHCP lease and can communicate with the consoto.com domain controller. +16. When the new network adapter driver has completed installation, you will receive an alert to set a network location for the contoso.com network. Select **Work network** and then click **Close**. When you receive an alert that a restart is required, click **Restart Later**. +17. Open an elevated Windows PowerShell prompt on PC1 and verify that the client VM has received a DHCP lease and can communicate with the consoto.com domain controller. + >To open Windows PowerShell on Windows 7, click Start, and search for "power." ``` ipconfig @@ -380,7 +392,7 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 ping dc1.contoso.com - Pingng dc1.contoso.com [192.168.0.1] with 32 bytes of data: + Pinging dc1.contoso.com [192.168.0.1] with 32 bytes of data: Reply from 192.168.0.1: bytes=32 time<1ms TTL=128 Reply from 192.168.0.1: bytes=32 time<1ms TTL=128 Reply from 192.168.0.1: bytes=32 time<1ms TTL=128 @@ -396,7 +408,9 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 Our Site Name: Default-First-Site-Name Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_FOREST CLOSE_SITE FULL_SECRET WS 0xC000 ``` -17. From an elevated Windows PowerShell prompt, type the following commands to forcibly remove the computer from its previous domain, join the contoso.com domain, and then restart the computer: +>**Note**: If PC1 is running Windows 7, enhanced session mode is not available, which means that you cannot copy and paste commands from the Hyper-V host to a Windows PowerShell prompt on PC1. However, it is possible to use integration services to copy a file from the Hyper-V host to a VM. The next procedure demonstrates this. + +18. Open an elevated Windows PowerShell ISE window on the Hyper-V host and type the following commands in the (upper) script editor pane: ``` (Get-WmiObject Win32_ComputerSystem).UnjoinDomainOrWorkgroup($null,$null,0) $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force @@ -405,41 +419,52 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 Add-Computer -DomainName contoso -Credential $cred Restart-Computer ``` +19. Click **File**, click **Save As**, and save the commands as **c:\VHD\ps1.ps1** on the Hyper-V host. +20. In the (lower) terminal input window, type the following command to copy the script to PC1 using integration services: + ``` + Copy-VMFile "PC1" –SourcePath "C:\VHD\pc1.ps1" –DestinationPath "C:\pc1.ps1" –CreateFullPath –FileSource Host + ``` + +21. On PC1, type the following commands at an elevated Windows PowerShell prompt: + ``` + Get-Content c:\pc1.ps1 | powershell.exe -noprofile - + ``` + >PC1 is removed from its domain in this step while not connected to the corporate network so as to ensure the computer object in the corporate domain is unaffected. We have not also renamed PC1 to "PC1" in system properties so that it maintains some of its mirrored identity. However, if desired you can also rename the computer. -18. After PC1 restarts, sign in to the contoso.com domain with the (user1) account you created in step 8. -19. Minimize the PC1 window but do not turn it off while the second Windows Server 2012 R2 VM (SRV1) is configured. This verifies that the Hyper-V host has enough resources to run all VMs simultaneously. Next, SRV1 will be started, joined to the contoso.com domain, and configured with RRAS and DNS services. -20. On the Hyper-V host computer at an elevated Windows PowerShell prompt, type the following commands: +22. After PC1 restarts, sign in to the contoso.com domain with the (user1) account you created in step 11 of this section. +23. Minimize the PC1 window but do not turn it off while the second Windows Server 2012 R2 VM (SRV1) is configured. This verifies that the Hyper-V host has enough resources to run all VMs simultaneously. Next, SRV1 will be started, joined to the contoso.com domain, and configured with RRAS and DNS services. +24. On the Hyper-V host computer, at an elevated Windows PowerShell prompt, type the following commands: ``` Start-VM SRV1 vmconnect localhost SRV1 ``` -21. Accept the default settings, read license terms and accept them, provide an administrator password of **pass@word1**, and click **Finish**. When you are prompted about finding PCs, devices, and content on the network, click **Yes**. -22. Sign in to the member server VM using the administrator account, open an elevated Windows PowerShell prompt, and type the following commands: +25. Accept the default settings, read license terms and accept them, provide an administrator password of **pass@word1**, and click **Finish**. When you are prompted about finding PCs, devices, and content on the network, click **Yes**. +26. Sign in to SRV1 using the local administrator account. In the same way that was done on DC1, sign out of SRV1 and then sign in again to enable enhanced session mode. This will enable you to copy and paste Windows PowerShell commands from the Hyper-V host to the VM. +27. Open an elevated Windows PowerShell prompt on SRV1, and type or paste the following commands: ``` Rename-Computer SRV1 New-NetIPAddress –InterfaceAlias Ethernet –IPAddress 192.168.0.2 –PrefixLength 24 Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.0.1,192.168.0.2 + Restart-Computer + ``` +28. Wait for the computer to restart, then type or paste the following commands at an elevated Windows PowerShell prompt: + ``` $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force $user = "contoso\administrator" $cred = New-Object System.Management.Automation.PSCredential($user,$pass) Add-Computer -DomainName contoso -Credential $cred Restart-Computer ``` -23. Sign in to the contoso.com domain on SRV1 using the domain administrator account, open an elevated Windows PowerShell prompt, and type the following commands: +29. Sign in to the contoso.com domain on SRV1 using the domain administrator account (enter contoso\administrator as the user), open an elevated Windows PowerShell prompt, and type the following commands: ``` Install-WindowsFeature -Name DNS -IncludeManagementTools Install-WindowsFeature -Name WDS -IncludeManagementTools Install-WindowsFeature -Name Routing -IncludeManagementTools - Install-RemoteAccess -VpnType Vpn - cmd /c netsh routing ip nat install - cmd /c netsh routing ip nat add interface name="Ethernet 2" mode=FULL - cmd /c netsh routing ip nat add interface name="Ethernet" mode=PRIVATE - cmd /c netsh routing ip nat add interface name="Internal" mode=PRIVATE ``` - >The previous commands assume that network interfaces were added to the SRV1 VM in the order specified by this guide, resulting in an interface alias of "Ethernet" for the private interface and an interface alias of "Ethernet 2" for the public interface. If the interfaces on SRV1 are not named the same, you must adjust these commands appropriately. +30. Before configuring routing services, verify that network interfaces were added to SRV1 in the right order, resulting in an interface alias of "Ethernet" for the private interface, and an interface alias of "Ethernet 2" for the public interface. - To view a list of interfaces and their associated interface aliases on the VM, use the following Windows PowerShell command: + To view a list of interfaces and their associated interface aliases on the VM, use the following Windows PowerShell command. Example output of the command is also shown below: ``` Get-NetAdapter | ? status -eq ‘up’ | Get-NetIPAddress -AddressFamily IPv4 | ft IPAddress, InterfaceAlias @@ -449,20 +474,35 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 10.137.130.118 Ethernet 2 192.168.0.2 Ethernet ``` -24. The DNS server role was installed on SRV1 so that we can forward DNS queries from DC1 to SRV1 to resolve Internet names without having to configure a forwarder outside the PoC network. To add this server-level DNS forwarder on DC1, type the following command at an elevated Windows PowerShell prompt on DC1: + In this example, the poc-internal network interface at 192.168.0.2 is associated with the "Ethernet" interface and the Internet-facing poc-external interface is associated with the "Ethernet 2" interface. If your interfaces are different, you must adjust the following commands to configure routing services. +31. To configure SRV1 with routing capability for the PoC network, type or paste the following commands at an elevated Windows PowerShell prompt on SRV1: + ``` + Install-RemoteAccess -VpnType Vpn + cmd /c netsh routing ip nat install + cmd /c netsh routing ip nat add interface name="Ethernet 2" mode=FULL + cmd /c netsh routing ip nat add interface name="Ethernet" mode=PRIVATE + cmd /c netsh routing ip nat add interface name="Internal" mode=PRIVATE + ``` +32. Verify that routing is working as expected by + +33. The DNS server role was installed on SRV1 so that we can forward DNS queries from DC1 to SRV1 to resolve Internet names without having to configure a forwarder outside the PoC network. Since the IP address of SRV1 already existed on DC1's network adapter, it will be automatically added during the DCPROMO process. To verify this server-level DNS forwarder on DC1, type the following command at an elevated Windows PowerShell prompt on DC1: + ``` + Get-DnsServerForwarder + ``` + If 192.168.0.2 is not already configured as a forwarder, you can use the following command to add it: ``` Add-DnsServerForwarder -IPAddress 192.168.0.2 ``` -25. The DNS service on SRV1 also needs to resolve hosts in the contoso.com domain. This can be accomplished with a conditional forwarder. To add a conditional forwarder, open an elevated Windows PowerShell prompt on SRV1 and type the following command: +34. The DNS service on SRV1 also needs to resolve hosts in the contoso.com domain. This can be accomplished with a conditional forwarder. To add a conditional forwarder, open an elevated Windows PowerShell prompt on SRV1 and type the following command: ``` Add-DnsServerConditionalForwarderZone -Name contoso.com -MasterServers 192.168.0.1 ``` -26. If your corporate network has a firewall that filters queries from local DNS servers, you might be forced to configure a server-level DNS forwarder to resolve Internet names. To do this, open an elevated Windows PowerShell prompt on SRV1 and type the following commands: +35. If your corporate network has a firewall that filters queries from local DNS servers, you might be forced to configure a server-level DNS forwarder to resolve Internet names. To do this, open an elevated Windows PowerShell prompt on SRV1 and type the following commands: ``` Add-DnsServerForwarder -IPAddress (Get-DnsClientServerAddress -InterfaceAlias "Ethernet 2").ServerAddresses ``` -27. Verify that all three VMs on the PoC network can reach the Internet, and each other. -28. Because the client computer has different hardware after copying it to a VM, its Windows activation will be invalidated and you might receive a message that you must activate Windows in 3 days. To extend this period to 30 days, type the following commands at an elevated Windows PowerShell prompt on PC1: +36. Verify that all three VMs on the PoC network can reach the Internet, and each other. +37. Because the client computer has different hardware after copying it to a VM, its Windows activation will be invalidated and you might receive a message that you must activate Windows in 3 days. To extend this period to 30 days, type the following commands at an elevated Windows PowerShell prompt on PC1: ``` slmgr -rearm Restart-Computer @@ -474,7 +514,7 @@ If your Hyper-V host is running Windows Server 2008 R2, several of the steps in To manage Hyper-V on Windows Server 2008 R2, you can use Hyper-V WMI, or you can use the Hyper-V Manager console. -An example that uses Hyper-V WMI to create a virtual switch on Windows Server 2008 R2 is provided below. Converting all Hyper-V module commands used in this guide to Hyper-V WMI is beyond the scope of the guide. If you must use a Hyper-V host running Windows Server 2008 R2, the steps in the guide can also be accomplished by using the Hyper-V Manager console. +An example that uses Hyper-V WMI to create a virtual switch on Windows Server 2008 R2 is provided below. Converting all Hyper-V module commands used in this guide to Hyper-V WMI is beyond the scope of the guide. If you must use a Hyper-V host running Windows Server 2008 R2, the steps in the guide can be accomplished by using the Hyper-V Manager console. ``` $SwitchFriendlyName = "poc-internal" @@ -552,8 +592,13 @@ Use the following procedures to verify that the PoC environment is configured pr hostname nslookup www.microsoft.com ping -n 1 dc1.contoso.com - + tracert www.microsoft.com ``` + **whoami** displays the current user context, for example in an elevated Windows PowerShell prompt, contoso\administrator is displayed. + **hostname** displays the name of the local computer, for example W7PC-001. + **nslookup** displays the DNS server used for the query, and the results of the query. For example, server dc1.contoso.com, address 192.168.0.1, Name e2847.dspb.akamaiedge.net. + **tracert* displays the path to reach the destination, for example srv1.contoso.com [192.168.0.2] followed by a list of hosts and IP addresses corresponding to subsequent routing nodes between the source and the destination. + ## Related Topics [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) From 209ece11356caa95d9caab319aaa8f207d1025fc Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 8 Sep 2016 09:40:16 -0700 Subject: [PATCH 20/53] upd --- windows/deploy/windows-10-poc-mdt.md | 57 +++++++++++++++++---------- windows/deploy/windows-10-poc-sccm.md | 11 ++++++ windows/deploy/windows-10-poc.md | 3 +- 3 files changed, 50 insertions(+), 21 deletions(-) diff --git a/windows/deploy/windows-10-poc-mdt.md b/windows/deploy/windows-10-poc-mdt.md index d0c059068e..b9da931613 100644 --- a/windows/deploy/windows-10-poc-mdt.md +++ b/windows/deploy/windows-10-poc-mdt.md @@ -349,8 +349,10 @@ This procedure will demonstrate how to deploy the reference image to the PoC env ``` New-VM –Name "PC2" –NewVHDPath "c:\vhd\pc2.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2 - Set-VMMemory -VMName "PC2" -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 2048MB -Buffer 20 + Set-VMMemory -VMName "PC2" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20 ``` + >Dynamic memory is configured on the VM to conserve resources. However, this can cause memory allocation to be reduced past what is required to install an operating system. If this happens, reset the VM and begin the OS installation task sequence immediately. This ensures the VM memory allocation is not decreased too much while it is idle. + 3. Start the new VM and connect to it: ``` @@ -405,7 +407,7 @@ This topic will demonstrate how to export user data from an existing client comp You can review the progress of installation on SRV1 by clicking on the **Monitoring** node in the deployment workbench. When OS installation is complete, the computer will restart, set up devices, and configure settings. -7. Sign in with the CONTOSO\Administrator account and verify that user accounts and data have been migrated to the new operating system. +7. Sign in with the CONTOSO\Administrator account and verify that all CONTOSO domain user accounts and data have been migrated to the new operating system. 8. Create another checkpoint for the PC1 VM so that you can review results of the computer refresh later. To create a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: ``` @@ -422,12 +424,12 @@ This topic will demonstrate how to export user data from an existing client comp ### Replace a computer with Windows 10 At a high level, the computer replace process consists of:
-- A special replace task sequence runs the USMT backup and an optional full Window Imaging (WIM) backup.
-- On the new machine, a standard bare-metal deployment is performed. At the end of the bare-metal deployment, the USMT backup from the old computer is restored. +- A special replace task sequence that runs the USMT backup and an optional full Window Imaging (WIM) backup.
+- A standard OS deployment on a new computer. At the end of the deployment, the USMT backup from the old computer is restored. #### Create a backup-only task sequence -1. On SRV1, right-click the MDT Production deployment share, click **Properties**, click the **Rules** tab, and change the line **SkipUserData=YES** to **SkipUserData=NO**. +1. On SRV1, in the deployment workbench console, right-click the MDT Production deployment share, click **Properties**, click the **Rules** tab, and change the line **SkipUserData=YES** to **SkipUserData=NO**. 2. Click **OK**, right-click **MDT Production**, click **Update Deployment Share** and accept the default options in the wizard to update the share. 3. Type the following commands at an elevated Windows PowerShell prompt on SRV1: ``` @@ -447,8 +449,17 @@ At a high level, the computer replace process consists of:
#### Run the backup-only task sequence -1. If you are not already signed on to PC1 as contoso\administrator, sign in using this account. -2. On PC1, open an elevated command prompt and type the following: +1. If you are not already signed on to PC1 as **contoso\administrator**, sign in using this account. To verify the currently signed in account, type the following command at an elevated command prompt: + ``` + whoami + ``` +2. To ensure a clean environment before running the backup task sequence, type the following at an elevated Windows PowerShell prompt: + ``` + Remove-Item c:\minint -recurse + Remove-Item c:\_SMSTaskSequence -recurse + Restart-Computer + ``` +2. Sign in to PC1 using the contoso\administrator account, and then type the following at an elevated command prompt: ``` cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs ``` @@ -456,19 +467,17 @@ At a high level, the computer replace process consists of:
- **Task Sequence**: Backup Only Task Sequence - **User Data**: Specify a location: **\\SRV1\MigData$\PC1** - **Computer Backup**: Do not back up the existing computer. -4. Click **Finish** when the capture is complete. -5. On SRV1, verify that the file USMT.MIG was created in the C:\MigData\PC1\USMT directory. See the following example: +4. While the task sequence is running on PC1, open the deployment workbench console on SRV1 and click the **Monitoring* node. Press F5 to refresh the console, and view the status of current tasks. +5. Verify that **The user state capture was completed successfully** is displayed, and click **Finish** when the capture is complete. +6. On SRV1, verify that the file **USMT.MIG** was created in the **C:\MigData\PC1\USMT** directory. See the following example: ``` PS C:\> dir C:\MigData\PC1\USMT - Directory: C:\MigData\PC1\USMT - Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 9/6/2016 11:34 AM 14248685 USMT.MIG - ``` #### Deploy PC3 @@ -486,25 +495,33 @@ At a high level, the computer replace process consists of:
Start-VM PC3 vmconnect localhost PC3 ``` -4. When prompted to press ENTER for network boot, press ENTER. -5. On SRV1, re-enable the external network adapter by typing the following command: +4. When prompted, press ENTER for network boot. + +6. On PC3, ue the following settings for the Windows Deployment Wizard: + - **Task Sequence**: Windows 10 Enterprise x64 Custom Image + - **Move Data and Settings**: Do not move user data and settings + - **User Data (Restore)**: Specify a location: **\\SRV1\MigData$\PC1** +5. When OS installation has started on PC1, re-enable the external network adapter on SRV1 by typing the following command on SRV1: ``` Enable-NetAdapter "Ethernet 2" ``` -6. On PC3, ue the following settings for the Windows Deployment Wizard: - - Task Sequence: Windows 10 Enterprise x64 Custom Image - - Move Data and Settings: Do not move user data and settings - - User Data (Restore): Specify a location: \\SRV1\MigData$\PC1\USMT 7. Setup will install the Windows 10 Enterprise operating system, update via Windows Update, and restore the user settings and data from PC1. -Note: If there are problems with deployment, you can review logs in the following locations on the client computer: +#### Troubleshooting logs, events, and utilities + +Deployment logs are available on the client computer in the following locations: - Before the image is applied: X:\MININT\SMSOSD\OSDLOGS - After the system drive has been formatted: C:\MININT\SMSOSD\OSDLOGS - After deployment: %WINDIR%\TEMP\DeploymentLogs +You can review WDS events in Event Viewer at: **Applications and Services Logs > Microsoft > Windows > Deployment-Services-Diagnostics**. By default, only the **Admin** and **Operational** logs are enabled. To enable other logs, right-click the log and then click **Enable Log**. + +Tools for viewing log files, and to assist with troubleshooting are available in the [System Center 2012 R2 Configuration Manager Toolkit](https://www.microsoft.com/en-us/download/details.aspx?id=50012) + ## Related Topics -  +[Microsoft Deployment Toolkit](https://technet.microsoft.com/en-US/windows/dn475741)
+[Prepare for deployment with MDT 2013](prepare-for-windows-deployment-with-mdt-2013)   diff --git a/windows/deploy/windows-10-poc-sccm.md b/windows/deploy/windows-10-poc-sccm.md index 3e43d7c402..c23f225a10 100644 --- a/windows/deploy/windows-10-poc-sccm.md +++ b/windows/deploy/windows-10-poc-sccm.md @@ -14,6 +14,17 @@ author: greg-lindsay - Windows 10 +**Important**: This guide leverages the proof of concept (PoC) environment configured using procedures in [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md). Please complete all steps in the prerequisite guide before attempting the procedures in this guide. + +If you have already completed [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md), you can skip some steps of this guide, such as installation of MDT. + +The PoC environment is a virtual network running on Hyper-V with three virtual machines: +- **DC1**: A contoso.com domain controller, DNS server, and DHCP server. +- **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network. +- **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been cloned from a physical computer on your corporate network for testing purposes. + +This guide leverages the Hyper-V server role to perform procedures. If you do not complete all steps in a single session, consider using [checkpoints](https://technet.microsoft.com/library/dn818483.aspx) and [saved states](https://technet.microsoft.com/library/ee247418.aspx) to pause, resume, or restart your work. + ## In this guide ## Related Topics diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index efb0a8c295..0c86a9ff5f 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -35,7 +35,7 @@ The following topics and procedures are provided in this guide: - [Configure VHDs](#configure-vhds): Start virtual machines and configure all services and settings. The following optional topics are also available: -- [Appendix A: Configuring Hyper-V on Windows Server 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2): Steps to configure a Hyper-V host running Windows Server 2008 R2. +- [Appendix A: Configuring Hyper-V on Windows Server 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2): Information about using this guide with a Hyper-V host running Windows Server 2008 R2. - [Appendix B: Verify the configuration](#verify-the-configuration): Verify and troubleshoot network connectivity and services in the PoC environment. When you have completed the steps in this guide, see the following guides for step by step instructions to deploy Windows 10 using the PoC environment under common scenarios with current deployment tools: @@ -433,6 +433,7 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 >PC1 is removed from its domain in this step while not connected to the corporate network so as to ensure the computer object in the corporate domain is unaffected. We have not also renamed PC1 to "PC1" in system properties so that it maintains some of its mirrored identity. However, if desired you can also rename the computer. 22. After PC1 restarts, sign in to the contoso.com domain with the (user1) account you created in step 11 of this section. + >The settings that will be used to migrate user data specifically select only accounts that belong to the CONTOSO domain. If you wish to test migration of user data and settings with an account other than the user1 account, you must copy this account's profile to the user1 profile. 23. Minimize the PC1 window but do not turn it off while the second Windows Server 2012 R2 VM (SRV1) is configured. This verifies that the Hyper-V host has enough resources to run all VMs simultaneously. Next, SRV1 will be started, joined to the contoso.com domain, and configured with RRAS and DNS services. 24. On the Hyper-V host computer, at an elevated Windows PowerShell prompt, type the following commands: ``` From 50c63e812d6c40523c6d4257123f3a7172059bf0 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 8 Sep 2016 09:50:09 -0700 Subject: [PATCH 21/53] upd --- windows/deploy/windows-10-poc-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deploy/windows-10-poc-mdt.md b/windows/deploy/windows-10-poc-mdt.md index b9da931613..ee52301e60 100644 --- a/windows/deploy/windows-10-poc-mdt.md +++ b/windows/deploy/windows-10-poc-mdt.md @@ -521,7 +521,7 @@ Tools for viewing log files, and to assist with troubleshooting are available in ## Related Topics [Microsoft Deployment Toolkit](https://technet.microsoft.com/en-US/windows/dn475741)
-[Prepare for deployment with MDT 2013](prepare-for-windows-deployment-with-mdt-2013) +[Prepare for deployment with MDT 2013](prepare-for-windows-deployment-with-mdt-2013.md)   From 09e4856074bc47e280c434d63c0a06b95f9f1f53 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 9 Sep 2016 12:27:01 -0700 Subject: [PATCH 22/53] upd --- windows/deploy/windows-10-poc-mdt.md | 2 +- windows/deploy/windows-10-poc-sccm.md | 41 ++++++++- windows/deploy/windows-10-poc.md | 125 ++++++++++++++++---------- 3 files changed, 120 insertions(+), 48 deletions(-) diff --git a/windows/deploy/windows-10-poc-mdt.md b/windows/deploy/windows-10-poc-mdt.md index ee52301e60..cca03a9792 100644 --- a/windows/deploy/windows-10-poc-mdt.md +++ b/windows/deploy/windows-10-poc-mdt.md @@ -259,7 +259,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env OSInstall=YES UserDataLocation=AUTO TimeZoneName=Pacific Standard Time - OSDComputername=#Left("PC_%SerialNumber%",7)# + OSDComputername=#Left("PC-%SerialNumber%",7)# AdminPassword=pass@word1 JoinDomain=contoso.com DomainAdmin=administrator diff --git a/windows/deploy/windows-10-poc-sccm.md b/windows/deploy/windows-10-poc-sccm.md index c23f225a10..31c306e7bf 100644 --- a/windows/deploy/windows-10-poc-sccm.md +++ b/windows/deploy/windows-10-poc-sccm.md @@ -18,7 +18,7 @@ author: greg-lindsay If you have already completed [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md), you can skip some steps of this guide, such as installation of MDT. -The PoC environment is a virtual network running on Hyper-V with three virtual machines: +The PoC environment is a virtual network running on Hyper-V with three virtual machines (VMs): - **DC1**: A contoso.com domain controller, DNS server, and DHCP server. - **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network. - **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been cloned from a physical computer on your corporate network for testing purposes. @@ -27,6 +27,45 @@ This guide leverages the Hyper-V server role to perform procedures. If you do no ## In this guide +Description here. + +## Install prerequisites + +1. On SRV1, type the following command at an elevated Windows PowerShell prompt on SRV1 to enable .NET Framework 3.5: + ``` + Add-WindowsFeature NET-Framework-Core + ``` +2. + +## Install System Center Configuration Manager + + +2. On SRV1, temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt: + ``` + $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" + Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0 + Stop-Process -Name Explorer + ``` +3. Download [System Center Configuration Manager and Endpoint Protection](https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection) on SRV1, double-click the file, enter **C:\configmgr** for **Unzip to folder**, and click **Unzip**. The directory will be automatically created. Click **OK** and then close the WinZip Self-Extractor dialog box when finished. +4. To start installation, type the following command at an elevated Windows PowerShell prompt: + ``` + C:\configmgr\SMSSETUP\BIN\X64\Setup.exe + ``` +5. Provide the following in the System Center Configuration Manager Setup Wizard: + - **Before You Begin**: Read the text and click *Next*. + - **Getting Started**: Choose **Install a Configuration Manager primary site** and select the **Use typical installation options for a stand-alone primary site** checkbox. + - Click **Yes** in response to the popup window. + - **Product Key**: Choose **Install the evaluation edition of this Product**. + - **Microsoft Software License Terms**: Read the terms and then select the I accept these license terms checkbox. + - **Prerequisite Licenses**: Review license terms and select all three checkboxes on the page. + - **Prerequisite Downloads**: Choose **Download required files** and enter **c:\configmgr** next to **Path**. + - **Site and Installation Settings**: Site code: **PS1**, Site name: **Contoso**. + - use default settings for all other options + - **Usage Data**: Read the text and click **Next**. + - **Service Connection Point Setup**: Accept the default settings (SRV1.contoso.com is automatically added under Select a server to use). + - **Settings Summary**: Review settings and click **Next**. + - **Prerequisite Check**: + ## Related Topics   diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 0c86a9ff5f..adb33daea6 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -251,6 +251,10 @@ The lab architecture is summarized in the following diagram: Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2008 R2. For more information, see [Appendix A: Configuring Hyper-V settings on 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2). +**Important**:You should take advantage of [enhanced session mode](https://technet.microsoft.com/windows-server-docs/compute/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect) when completing instructions in this guide. Enhanced session mode enables you to copy and paste the commands. After copying some text, you can paste into a Windows PowerShell window by simply right-clicking. Before right-clicking, do not left click other locations as this can empty the clipboard. You can also copy and paste files directly from one computer to another by right-clicking and selecting copy, then right-clicking and selecting paste. + +Instructions to "type" commands provided in this guide can be typed, but in most cases the preferred method is to copy and paste these commands. + 1. Open an elevated Windows PowerShell window and type the following command to create two virtual switches named "poc-internal" and "poc-external": >If the Hyper-V host already has an external virtual switch bound to a physical NIC, do not attempt to add a second external virtual switch. Attempting to add a second external switch will result in an error indicating that the NIC is "**already bound to the Microsoft Virtual Switch protocol.**" In this case, choose one of the following options:
   a) Remove the existing external virtual switch, then add the poc-external switch
@@ -309,8 +313,8 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 vmconnect localhost DC1 ``` 3. Click **Next** to accept the default settings, read the license terms and click **I accept**, provide an administrator password of **pass@word1**, and click **Finish**. -4. Sign in to DC1 using the local administrator account. Right-click **Start**, point to **Shut down or sign out**, and click **Sign out**. The VM connection will reset and a new connection dialog box will appear enabling you to choose a custom display configuration. Select a desktop size, click **Connect** and sign in with the local Administrator account. Note: Signing in this way ensures that [enhanced session mode](https://technet.microsoft.com/windows-server-docs/compute/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect) is enabled. -5. If DC1 is configured as described in this guide, it will currently be assigned an APIPA address, have a randomly generated hostname, and a single network adapter named "Ethernet." Open an elevated Windows PowerShell prompt on DC1 and type the following commands to provide a new hostname and configure a static IP address and gateway: +4. Sign in to DC1 using the local administrator account. Right-click **Start**, point to **Shut down or sign out**, and click **Sign out**. The VM connection will reset and a new connection dialog box will appear enabling you to choose a custom display configuration. Select a desktop size, click **Connect** and sign in with the local Administrator account. Note: Signing in this way ensures that [enhanced session mode](https://technet.microsoft.com/windows-server-docs/compute/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect) is enabled. It is only necessary to do this the first time you sign in to a new VM. +5. If DC1 is configured as described in this guide, it will currently be assigned an APIPA address, have a randomly generated hostname, and a single network adapter named "Ethernet." Open an elevated Windows PowerShell prompt on DC1 and type or paste the following commands to provide a new hostname and configure a static IP address and gateway: ``` Rename-Computer DC1 @@ -337,7 +341,7 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 Install-ADDSForest -DomainName contoso.com -InstallDns -SafeModeAdministratorPassword $pass -Force ``` Ignore any warnings that are displayed. The computer will automatically reboot upon completion. -9. When the reboot has completed, sign in using the CONTOSO\Administrator account, open an elevated Windows PowerShell prompt, and use the following commands to add a reverse lookup zone for the PoC network, add the DHCP Server role, authorize DHCP in Active Directory, and supress the post-DHCP-install alert: +9. When the reboot has completed, reconnect to DC1, sign in using the CONTOSO\Administrator account, open an elevated Windows PowerShell prompt, and use the following commands to add a reverse lookup zone for the PoC network, add the DHCP Server role, authorize DHCP in Active Directory, and supress the post-DHCP-install alert: ``` Add-DnsServerPrimaryZone -NetworkID "192.168.0.0/24" -ReplicationScope Forest @@ -353,29 +357,45 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 Set-DhcpServerv4OptionValue -ScopeId 192.168.0.0 -DnsDomain contoso.com -Router 192.168.0.2 -DnsServer 192.168.0.1,192.168.0.2 -Force ``` >The -Force option is necessary when adding scope options to skip validation of 192.168.0.2 as a DNS server because we have not configured it yet. The scope should immediately begin issuing leases on the PoC network. The first DHCP lease that will be issued is to vEthernet interface on the Hyper-V host, which is a member of the internal network. -11. Lastly, add a user account to the contoso.com domain that can be used with client computers: +11. Add a user account to the contoso.com domain that can be used with client computers: ``` New-ADUser -Name "User1" -UserPrincipalName user1 -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true ``` -12. Minimize the DC1 VM window but **do not stop** the VM. +12. The DNS server role will also be installed on the member server, SRV1, at 192.168.0.2 so that we can forward DNS queries from DC1 to SRV1 to resolve Internet names without having to configure a forwarder outside the PoC network. Since the IP address of SRV1 already existed on DC1's network adapter, it will be automatically added during the DCPROMO process. To verify this server-level DNS forwarder on DC1, type the following command at an elevated Windows PowerShell prompt on DC1: + ``` + Get-DnsServerForwarder + ``` + The following output should be displayed: + ``` + UseRootHint : True + Timeout(s) : 3 + EnableReordering : True + IPAddress : 192.168.0.2 + ReorderedIPAddress : 192.168.0.2 + ``` + If this output is not displayed, you can use the following command to add SRV1 as a forwarder: + ``` + Add-DnsServerForwarder -IPAddress 192.168.0.2 + ``` +13. Minimize the DC1 VM window but **do not stop** the VM. Next, the client VM will be started and joined to the contoso.com domain. This is done before adding a gateway to the PoC network so that there is no danger of duplicate DNS registrations for the physical client and its cloned VM in the corporate domain. -13. Using an elevated Windows PowerShell prompt on the Hyper-V host, start the client VM (PC1), and connect to it: +14. Using an elevated Windows PowerShell prompt on the Hyper-V host, start the client VM (PC1), and connect to it: ``` Start-VM PC1 vmconnect localhost PC1 ``` -14. Sign on to PC1 using an account that has local administrator rights.
- >PC1 will be disconnected from its current domain, so you cannot use a domain account to sign on unless these credentials are cached and the use of cached credentials is permitted by Group Policy. If cached credentials are available and permitted, you can use these credentials to sign in. -15. After signing in, the operating system detects that it is running in a new environment. New drivers will be automatically installed, including the network adapter driver. The network adapter driver must be updated before you can proceed, so that you will be able to join the contoso.com domain. Depending on the resources allocated to PC1, installing the network adapter driver might take a few minutes. +15. Sign on to PC1 using an account that has local administrator rights.
+ >PC1 will be disconnected from its current domain, so you cannot use a domain account to sign on unless these credentials are cached and the use of cached credentials is permitted by Group Policy. If cached credentials are available and permitted, you can use these credentials to sign in. Otherwise, use an existing local administrator account. +16. After signing in, the operating system detects that it is running in a new environment. New drivers will be automatically installed, including the network adapter driver. The network adapter driver must be updated before you can proceed, so that you will be able to join the contoso.com domain. Depending on the resources allocated to PC1, installing the network adapter driver might take a few minutes. ![PoC](images/installing-drivers.png) >If the client was configured with a static address, you must change this to a dynamic one so that it can obtain a DHCP lease. -16. When the new network adapter driver has completed installation, you will receive an alert to set a network location for the contoso.com network. Select **Work network** and then click **Close**. When you receive an alert that a restart is required, click **Restart Later**. -17. Open an elevated Windows PowerShell prompt on PC1 and verify that the client VM has received a DHCP lease and can communicate with the consoto.com domain controller. +17. When the new network adapter driver has completed installation, you will receive an alert to set a network location for the contoso.com network. Select **Work network** and then click **Close**. When you receive an alert that a restart is required, click **Restart Later**. +18. Open an elevated Windows PowerShell prompt on PC1 and verify that the client VM has received a DHCP lease and can communicate with the consoto.com domain controller. >To open Windows PowerShell on Windows 7, click Start, and search for "power." ``` @@ -398,7 +418,7 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 Reply from 192.168.0.1: bytes=32 time<1ms TTL=128 Reply from 192.168.0.1: bytes=32 time<1ms TTL=128 - nltest /dsgetdc:contoso + nltest /dsgetdc:contoso.com DC: \\DC1 Address: \\192.168.0.1 Dom Guid: fdbd0643-d664-411b-aea0-fe343d7670a8 @@ -408,62 +428,62 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 Our Site Name: Default-First-Site-Name Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_FOREST CLOSE_SITE FULL_SECRET WS 0xC000 ``` ->**Note**: If PC1 is running Windows 7, enhanced session mode is not available, which means that you cannot copy and paste commands from the Hyper-V host to a Windows PowerShell prompt on PC1. However, it is possible to use integration services to copy a file from the Hyper-V host to a VM. The next procedure demonstrates this. +>**Note**: If PC1 is running Windows 7, enhanced session mode is not available, which means that you cannot copy and paste commands from the Hyper-V host to a Windows PowerShell prompt on PC1. However, it is possible to use integration services to copy a file from the Hyper-V host to a VM. The next procedure demonstrates this. If the Copy-VMFile command fails, then type the commands below at an elevated Windows PowerShell prompt on PC1 instead of saving them to a script to run remotely. If PC1 is running Windows 8 or a later operating system, you can use enhanced session mode to copy and paste these commands instead of typing them. -18. Open an elevated Windows PowerShell ISE window on the Hyper-V host and type the following commands in the (upper) script editor pane: +19. Open an elevated Windows PowerShell ISE window on the Hyper-V host and type the following commands in the (upper) script editor pane: ``` (Get-WmiObject Win32_ComputerSystem).UnjoinDomainOrWorkgroup($null,$null,0) $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force $user = "contoso\administrator" $cred = New-Object System.Management.Automation.PSCredential($user,$pass) - Add-Computer -DomainName contoso -Credential $cred + Add-Computer -DomainName contoso.com -Credential $cred Restart-Computer ``` -19. Click **File**, click **Save As**, and save the commands as **c:\VHD\ps1.ps1** on the Hyper-V host. -20. In the (lower) terminal input window, type the following command to copy the script to PC1 using integration services: +20. Click **File**, click **Save As**, and save the commands as **c:\VHD\ps1.ps1** on the Hyper-V host. +21. In the (lower) terminal input window, type the following command to copy the script to PC1 using integration services: ``` Copy-VMFile "PC1" –SourcePath "C:\VHD\pc1.ps1" –DestinationPath "C:\pc1.ps1" –CreateFullPath –FileSource Host ``` - -21. On PC1, type the following commands at an elevated Windows PowerShell prompt: + >In order for this command to work properly, PC1 must be running the vmicguestinterface (Hyper-V Guest Service Interface) service. +22. On PC1, type the following commands at an elevated Windows PowerShell prompt: ``` Get-Content c:\pc1.ps1 | powershell.exe -noprofile - ``` >PC1 is removed from its domain in this step while not connected to the corporate network so as to ensure the computer object in the corporate domain is unaffected. We have not also renamed PC1 to "PC1" in system properties so that it maintains some of its mirrored identity. However, if desired you can also rename the computer. -22. After PC1 restarts, sign in to the contoso.com domain with the (user1) account you created in step 11 of this section. +23. After PC1 restarts, sign in to the contoso.com domain with the (user1) account you created in step 11 of this section. >The settings that will be used to migrate user data specifically select only accounts that belong to the CONTOSO domain. If you wish to test migration of user data and settings with an account other than the user1 account, you must copy this account's profile to the user1 profile. -23. Minimize the PC1 window but do not turn it off while the second Windows Server 2012 R2 VM (SRV1) is configured. This verifies that the Hyper-V host has enough resources to run all VMs simultaneously. Next, SRV1 will be started, joined to the contoso.com domain, and configured with RRAS and DNS services. -24. On the Hyper-V host computer, at an elevated Windows PowerShell prompt, type the following commands: +24. Minimize the PC1 window but do not turn it off while the second Windows Server 2012 R2 VM (SRV1) is configured. This verifies that the Hyper-V host has enough resources to run all VMs simultaneously. Next, SRV1 will be started, joined to the contoso.com domain, and configured with RRAS and DNS services. +25. On the Hyper-V host computer, at an elevated Windows PowerShell prompt, type the following commands: ``` Start-VM SRV1 vmconnect localhost SRV1 ``` -25. Accept the default settings, read license terms and accept them, provide an administrator password of **pass@word1**, and click **Finish**. When you are prompted about finding PCs, devices, and content on the network, click **Yes**. -26. Sign in to SRV1 using the local administrator account. In the same way that was done on DC1, sign out of SRV1 and then sign in again to enable enhanced session mode. This will enable you to copy and paste Windows PowerShell commands from the Hyper-V host to the VM. -27. Open an elevated Windows PowerShell prompt on SRV1, and type or paste the following commands: +26. Accept the default settings, read license terms and accept them, provide an administrator password of **pass@word1**, and click **Finish**. When you are prompted about finding PCs, devices, and content on the network, click **Yes**. +27. Sign in to SRV1 using the local administrator account. In the same way that was done on DC1, sign out of SRV1 and then sign in again to enable enhanced session mode. This will enable you to copy and paste Windows PowerShell commands from the Hyper-V host to the VM. +28. Open an elevated Windows PowerShell prompt on SRV1 and type the following commands: ``` Rename-Computer SRV1 New-NetIPAddress –InterfaceAlias Ethernet –IPAddress 192.168.0.2 –PrefixLength 24 Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.0.1,192.168.0.2 Restart-Computer ``` -28. Wait for the computer to restart, then type or paste the following commands at an elevated Windows PowerShell prompt: +29. Wait for the computer to restart, then type or paste the following commands at an elevated Windows PowerShell prompt: ``` $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force $user = "contoso\administrator" $cred = New-Object System.Management.Automation.PSCredential($user,$pass) - Add-Computer -DomainName contoso -Credential $cred + Add-Computer -DomainName contoso.com -Credential $cred Restart-Computer ``` -29. Sign in to the contoso.com domain on SRV1 using the domain administrator account (enter contoso\administrator as the user), open an elevated Windows PowerShell prompt, and type the following commands: +30. Sign in to the contoso.com domain on SRV1 using the domain administrator account (enter contoso\administrator as the user), open an elevated Windows PowerShell prompt, and type the following commands: ``` Install-WindowsFeature -Name DNS -IncludeManagementTools Install-WindowsFeature -Name WDS -IncludeManagementTools Install-WindowsFeature -Name Routing -IncludeManagementTools ``` -30. Before configuring routing services, verify that network interfaces were added to SRV1 in the right order, resulting in an interface alias of "Ethernet" for the private interface, and an interface alias of "Ethernet 2" for the public interface. +31. Before configuring the routing service that was just installed, verify that network interfaces were added to SRV1 in the right order, resulting in an interface alias of "Ethernet" for the private interface, and an interface alias of "Ethernet 2" for the public interface. Also verify that the external interface has a valid external DHCP IP address lease. To view a list of interfaces and their associated interface aliases on the VM, use the following Windows PowerShell command. Example output of the command is also shown below: @@ -475,8 +495,9 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 10.137.130.118 Ethernet 2 192.168.0.2 Ethernet ``` - In this example, the poc-internal network interface at 192.168.0.2 is associated with the "Ethernet" interface and the Internet-facing poc-external interface is associated with the "Ethernet 2" interface. If your interfaces are different, you must adjust the following commands to configure routing services. -31. To configure SRV1 with routing capability for the PoC network, type or paste the following commands at an elevated Windows PowerShell prompt on SRV1: + In this example, the poc-internal network interface at 192.168.0.2 is associated with the "Ethernet" interface and the Internet-facing poc-external interface is associated with the "Ethernet 2" interface. If your interfaces are different, you must adjust the commands provided in the next step appropriately to configure routing services. + +32. To configure SRV1 with routing capability for the PoC network, type or paste the following commands at an elevated Windows PowerShell prompt on SRV1: ``` Install-RemoteAccess -VpnType Vpn cmd /c netsh routing ip nat install @@ -484,26 +505,38 @@ Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2 cmd /c netsh routing ip nat add interface name="Ethernet" mode=PRIVATE cmd /c netsh routing ip nat add interface name="Internal" mode=PRIVATE ``` -32. Verify that routing is working as expected by - -33. The DNS server role was installed on SRV1 so that we can forward DNS queries from DC1 to SRV1 to resolve Internet names without having to configure a forwarder outside the PoC network. Since the IP address of SRV1 already existed on DC1's network adapter, it will be automatically added during the DCPROMO process. To verify this server-level DNS forwarder on DC1, type the following command at an elevated Windows PowerShell prompt on DC1: - ``` - Get-DnsServerForwarder - ``` - If 192.168.0.2 is not already configured as a forwarder, you can use the following command to add it: - ``` - Add-DnsServerForwarder -IPAddress 192.168.0.2 - ``` -34. The DNS service on SRV1 also needs to resolve hosts in the contoso.com domain. This can be accomplished with a conditional forwarder. To add a conditional forwarder, open an elevated Windows PowerShell prompt on SRV1 and type the following command: +33. The DNS service on SRV1 also needs to resolve hosts in the contoso.com domain. This can be accomplished with a conditional forwarder. Open an elevated Windows PowerShell prompt on SRV1 and type the following command: ``` Add-DnsServerConditionalForwarderZone -Name contoso.com -MasterServers 192.168.0.1 ``` -35. If your corporate network has a firewall that filters queries from local DNS servers, you might be forced to configure a server-level DNS forwarder to resolve Internet names. To do this, open an elevated Windows PowerShell prompt on SRV1 and type the following commands: +34. In most cases, this completes configuration of the PoC network. However, if your corporate network has a firewall that filters queries from local DNS servers, you will also need to configure a server-level DNS forwarder on SRV1 to resolve Internet names. To test whether or not DNS is working without this forwarder, try to reach a name on the Internet from DC1 or PC1, which are only using DNS services on the PoC network. You can test DNS with the ping command, for example: + ``` + ping www.microsoft.com + ``` + If you see "Ping request could not find host www.microsoft.com" on PC1 and DC1, but not on SRV1, then you will need to configure a server-level DNS forwarder on SRV1. To do this, open an elevated Windows PowerShell prompt on SRV1 and type the following command. + + **Note**: This command also assumes that "Ethernet 2" is the external-facing network adapter on SRV1. If the external adapter has a different name, replace "Ethernet 2" in the command below with that name: + ``` Add-DnsServerForwarder -IPAddress (Get-DnsClientServerAddress -InterfaceAlias "Ethernet 2").ServerAddresses - ``` -36. Verify that all three VMs on the PoC network can reach the Internet, and each other. -37. Because the client computer has different hardware after copying it to a VM, its Windows activation will be invalidated and you might receive a message that you must activate Windows in 3 days. To extend this period to 30 days, type the following commands at an elevated Windows PowerShell prompt on PC1: + ``` +35. If DNS and routing are both working correctly, you will see the following on DC1 and PC1: + ``` + PS C:\> ping www.microsoft.com + + Pinging e2847.dspb.akamaiedge.net [23.222.146.170] with 32 bytes of data: + Reply from 23.222.146.170: bytes=32 time=3ms TTL=51 + Reply from 23.222.146.170: bytes=32 time=2ms TTL=51 + Reply from 23.222.146.170: bytes=32 time=2ms TTL=51 + Reply from 23.222.146.170: bytes=32 time=1ms TTL=51 + + Ping statistics for 23.222.146.170: + Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), + Approximate round trip times in milli-seconds: + Minimum = 1ms, Maximum = 3ms, Average = 2ms + ``` +36. Verify that all three VMs can reach each other, and the Internet. See [Appendix B: Verify the configuration](#verify-the-configuration) for more information. +37. Lastly, because the client computer has different hardware after copying it to a VM, its Windows activation will be invalidated and you might receive a message that you must activate Windows in 3 days. To extend this period to 30 days, type the following commands at an elevated Windows PowerShell prompt on PC1: ``` slmgr -rearm Restart-Computer From 725318725d835f59d74210b39c00de442f835c36 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 9 Sep 2016 12:33:04 -0700 Subject: [PATCH 23/53] final draft --- windows/deploy/windows-10-poc.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index adb33daea6..b3965b95f0 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -14,8 +14,8 @@ author: greg-lindsay - Windows 10 -**Are you interested** in upgrading to Windows 10 ...but are not sure how some devices and apps will be affected?
-**Did you know** that you can test drive Windows 10 and check out the upgrade process for free without having to actually upgrade any production devices? +**Are you interested** in upgrading to Windows 10?
+This guide enables you to test drive Windows 10, and check out the upgrade process at no cost, all without having to actually upgrade any production devices. If you have a computer running Windows 8 or a later OS with 16GB of RAM, you have everything you need to quickly set up a Windows 10 test lab. You can even clone computers from your network and see exactly what happens when they are upgraded to Windows 10. To see how, keep reading. @@ -38,7 +38,7 @@ The following optional topics are also available: - [Appendix A: Configuring Hyper-V on Windows Server 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2): Information about using this guide with a Hyper-V host running Windows Server 2008 R2. - [Appendix B: Verify the configuration](#verify-the-configuration): Verify and troubleshoot network connectivity and services in the PoC environment. -When you have completed the steps in this guide, see the following guides for step by step instructions to deploy Windows 10 using the PoC environment under common scenarios with current deployment tools: +When you have completed the steps in this guide, see the following topics for step by step instructions to deploy Windows 10 using the PoC environment under common scenarios with current deployment tools: - [Deploy Windows 10 in a test lab using MDT](windows-10-poc-mdt.md) - [Deploy Windows 10 in a test lab using System Center](windows-10-poc-sccm.md) From 7b05e9faf99ca4a03a0ef11670a07b4aaa39c42c Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 9 Sep 2016 12:47:13 -0700 Subject: [PATCH 24/53] final draft --- windows/deploy/windows-10-poc.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index b3965b95f0..f45551613c 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -309,6 +309,7 @@ Instructions to "type" commands provided in this guide can be typed, but in most Start-VM DC1 ``` 2. Wait for the VM to complete starting up, and then connect to it either using the Hyper-V Manager console (virtmgmt.msc) or using an elevated command prompt on the Hyper-V host: + ``` vmconnect localhost DC1 ``` @@ -352,16 +353,19 @@ Instructions to "type" commands provided in this guide can be typed, but in most Set-ItemProperty –Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles\12 –Name ConfigurationState –Value 2 ``` 10. Next, add a DHCP scope and set option values: + ``` Add-DhcpServerv4Scope -Name "PoC Scope" -StartRange 192.168.0.100 -EndRange 192.168.0.199 -SubnetMask 255.255.255.0 -Description "Windows 10 PoC" -State Active Set-DhcpServerv4OptionValue -ScopeId 192.168.0.0 -DnsDomain contoso.com -Router 192.168.0.2 -DnsServer 192.168.0.1,192.168.0.2 -Force ``` >The -Force option is necessary when adding scope options to skip validation of 192.168.0.2 as a DNS server because we have not configured it yet. The scope should immediately begin issuing leases on the PoC network. The first DHCP lease that will be issued is to vEthernet interface on the Hyper-V host, which is a member of the internal network. 11. Add a user account to the contoso.com domain that can be used with client computers: + ``` New-ADUser -Name "User1" -UserPrincipalName user1 -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true ``` 12. The DNS server role will also be installed on the member server, SRV1, at 192.168.0.2 so that we can forward DNS queries from DC1 to SRV1 to resolve Internet names without having to configure a forwarder outside the PoC network. Since the IP address of SRV1 already existed on DC1's network adapter, it will be automatically added during the DCPROMO process. To verify this server-level DNS forwarder on DC1, type the following command at an elevated Windows PowerShell prompt on DC1: + ``` Get-DnsServerForwarder ``` @@ -431,6 +435,7 @@ Instructions to "type" commands provided in this guide can be typed, but in most >**Note**: If PC1 is running Windows 7, enhanced session mode is not available, which means that you cannot copy and paste commands from the Hyper-V host to a Windows PowerShell prompt on PC1. However, it is possible to use integration services to copy a file from the Hyper-V host to a VM. The next procedure demonstrates this. If the Copy-VMFile command fails, then type the commands below at an elevated Windows PowerShell prompt on PC1 instead of saving them to a script to run remotely. If PC1 is running Windows 8 or a later operating system, you can use enhanced session mode to copy and paste these commands instead of typing them. 19. Open an elevated Windows PowerShell ISE window on the Hyper-V host and type the following commands in the (upper) script editor pane: + ``` (Get-WmiObject Win32_ComputerSystem).UnjoinDomainOrWorkgroup($null,$null,0) $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force @@ -441,11 +446,13 @@ Instructions to "type" commands provided in this guide can be typed, but in most ``` 20. Click **File**, click **Save As**, and save the commands as **c:\VHD\ps1.ps1** on the Hyper-V host. 21. In the (lower) terminal input window, type the following command to copy the script to PC1 using integration services: + ``` Copy-VMFile "PC1" –SourcePath "C:\VHD\pc1.ps1" –DestinationPath "C:\pc1.ps1" –CreateFullPath –FileSource Host ``` >In order for this command to work properly, PC1 must be running the vmicguestinterface (Hyper-V Guest Service Interface) service. 22. On PC1, type the following commands at an elevated Windows PowerShell prompt: + ``` Get-Content c:\pc1.ps1 | powershell.exe -noprofile - ``` @@ -456,6 +463,7 @@ Instructions to "type" commands provided in this guide can be typed, but in most >The settings that will be used to migrate user data specifically select only accounts that belong to the CONTOSO domain. If you wish to test migration of user data and settings with an account other than the user1 account, you must copy this account's profile to the user1 profile. 24. Minimize the PC1 window but do not turn it off while the second Windows Server 2012 R2 VM (SRV1) is configured. This verifies that the Hyper-V host has enough resources to run all VMs simultaneously. Next, SRV1 will be started, joined to the contoso.com domain, and configured with RRAS and DNS services. 25. On the Hyper-V host computer, at an elevated Windows PowerShell prompt, type the following commands: + ``` Start-VM SRV1 vmconnect localhost SRV1 @@ -463,6 +471,7 @@ Instructions to "type" commands provided in this guide can be typed, but in most 26. Accept the default settings, read license terms and accept them, provide an administrator password of **pass@word1**, and click **Finish**. When you are prompted about finding PCs, devices, and content on the network, click **Yes**. 27. Sign in to SRV1 using the local administrator account. In the same way that was done on DC1, sign out of SRV1 and then sign in again to enable enhanced session mode. This will enable you to copy and paste Windows PowerShell commands from the Hyper-V host to the VM. 28. Open an elevated Windows PowerShell prompt on SRV1 and type the following commands: + ``` Rename-Computer SRV1 New-NetIPAddress –InterfaceAlias Ethernet –IPAddress 192.168.0.2 –PrefixLength 24 @@ -470,6 +479,7 @@ Instructions to "type" commands provided in this guide can be typed, but in most Restart-Computer ``` 29. Wait for the computer to restart, then type or paste the following commands at an elevated Windows PowerShell prompt: + ``` $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force $user = "contoso\administrator" @@ -478,6 +488,7 @@ Instructions to "type" commands provided in this guide can be typed, but in most Restart-Computer ``` 30. Sign in to the contoso.com domain on SRV1 using the domain administrator account (enter contoso\administrator as the user), open an elevated Windows PowerShell prompt, and type the following commands: + ``` Install-WindowsFeature -Name DNS -IncludeManagementTools Install-WindowsFeature -Name WDS -IncludeManagementTools @@ -498,6 +509,7 @@ Instructions to "type" commands provided in this guide can be typed, but in most In this example, the poc-internal network interface at 192.168.0.2 is associated with the "Ethernet" interface and the Internet-facing poc-external interface is associated with the "Ethernet 2" interface. If your interfaces are different, you must adjust the commands provided in the next step appropriately to configure routing services. 32. To configure SRV1 with routing capability for the PoC network, type or paste the following commands at an elevated Windows PowerShell prompt on SRV1: + ``` Install-RemoteAccess -VpnType Vpn cmd /c netsh routing ip nat install @@ -506,10 +518,12 @@ Instructions to "type" commands provided in this guide can be typed, but in most cmd /c netsh routing ip nat add interface name="Internal" mode=PRIVATE ``` 33. The DNS service on SRV1 also needs to resolve hosts in the contoso.com domain. This can be accomplished with a conditional forwarder. Open an elevated Windows PowerShell prompt on SRV1 and type the following command: + ``` Add-DnsServerConditionalForwarderZone -Name contoso.com -MasterServers 192.168.0.1 ``` 34. In most cases, this completes configuration of the PoC network. However, if your corporate network has a firewall that filters queries from local DNS servers, you will also need to configure a server-level DNS forwarder on SRV1 to resolve Internet names. To test whether or not DNS is working without this forwarder, try to reach a name on the Internet from DC1 or PC1, which are only using DNS services on the PoC network. You can test DNS with the ping command, for example: + ``` ping www.microsoft.com ``` @@ -521,6 +535,7 @@ Instructions to "type" commands provided in this guide can be typed, but in most Add-DnsServerForwarder -IPAddress (Get-DnsClientServerAddress -InterfaceAlias "Ethernet 2").ServerAddresses ``` 35. If DNS and routing are both working correctly, you will see the following on DC1 and PC1: + ``` PS C:\> ping www.microsoft.com @@ -537,6 +552,7 @@ Instructions to "type" commands provided in this guide can be typed, but in most ``` 36. Verify that all three VMs can reach each other, and the Internet. See [Appendix B: Verify the configuration](#verify-the-configuration) for more information. 37. Lastly, because the client computer has different hardware after copying it to a VM, its Windows activation will be invalidated and you might receive a message that you must activate Windows in 3 days. To extend this period to 30 days, type the following commands at an elevated Windows PowerShell prompt on PC1: + ``` slmgr -rearm Restart-Computer From 6a313f68bd318202c31bb6eef2d496b7bfbca500 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 9 Sep 2016 12:52:29 -0700 Subject: [PATCH 25/53] final draft --- windows/deploy/windows-10-poc.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index f45551613c..8286d2de72 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -14,10 +14,11 @@ author: greg-lindsay - Windows 10 -**Are you interested** in upgrading to Windows 10?
-This guide enables you to test drive Windows 10, and check out the upgrade process at no cost, all without having to actually upgrade any production devices. +Are you interested in upgrading to Windows 10? -If you have a computer running Windows 8 or a later OS with 16GB of RAM, you have everything you need to quickly set up a Windows 10 test lab. You can even clone computers from your network and see exactly what happens when they are upgraded to Windows 10. To see how, keep reading. +Did you know that you can test drive Windows 10, and check out the upgrade process at no cost, all without having to actually upgrade any production devices? + +If you have a computer running Windows 8 or a later OS with 16GB of RAM, you have everything you need to quickly set up a Windows 10 test lab. You can even clone computers from your network and see exactly what happens when they are upgraded to Windows 10. To see how, keep reading... ## In this guide From 3c0fb1f6d3df5735057bfecaf2047a356795d479 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 9 Sep 2016 12:55:42 -0700 Subject: [PATCH 26/53] final draft --- windows/deploy/windows-10-poc.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 8286d2de72..7da4f1fccb 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -269,8 +269,6 @@ Instructions to "type" commands provided in this guide can be typed, but in most ``` >Additionally, since an external virtual switch is associated to a physical NIC on the Hyper-V host, this NIC must be specified when adding the virtual switch. This step is automated in the example here by filtering for active ethernet adapters using the Get-NetAdapter cmdlet. If your Hyper-V host has multiple active ethernet adapters, this automation will not work, and the second command above will fail. In this case, you must edit the command used to add the "poc-external" virtual switch by inserting the specific value needed for the -NetAdapterName option. This value corresponds to the name of the network interface you wish to use. - - 2. At the elevated Windows PowerShell prompt, type the following command to determine the megabytes of RAM that are currently available on the Hyper-V host: ``` @@ -302,6 +300,7 @@ Instructions to "type" commands provided in this guide can be typed, but in most Set-VMMemory -VMName "PC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 Enable-VMIntegrationService –Name "Guest Service Interface" -VMName PC1 ``` + ### Configure Windows Server 2012 R2 VHDs 1. At an elevated Windows PowerShell prompt on the Hyper-V host, start the first VM by typing the following command: From a6b4e74ea09f7b979f04671f4f6c7298eaac0869 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 9 Sep 2016 13:01:42 -0700 Subject: [PATCH 27/53] final draft --- windows/deploy/windows-10-poc.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 7da4f1fccb..1a0dc24077 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -37,7 +37,7 @@ The following topics and procedures are provided in this guide: The following optional topics are also available: - [Appendix A: Configuring Hyper-V on Windows Server 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2): Information about using this guide with a Hyper-V host running Windows Server 2008 R2. -- [Appendix B: Verify the configuration](#verify-the-configuration): Verify and troubleshoot network connectivity and services in the PoC environment. +- [Appendix B: Verify the configuration](#appendix-b-verify-the-configuration): Verify and troubleshoot network connectivity and services in the PoC environment. When you have completed the steps in this guide, see the following topics for step by step instructions to deploy Windows 10 using the PoC environment under common scenarios with current deployment tools: @@ -134,7 +134,6 @@ The lab architecture is summarized in the following diagram: [Configure Hyper-V](#configure-hyper-v)
[Convert PC to VHD](#convert-pc-to-vhd)
[Configure VHDs](#configure-vhds)
-[Verify the configuration](#verify-the-configuration) ### Verify support and install Hyper-V @@ -300,8 +299,7 @@ Instructions to "type" commands provided in this guide can be typed, but in most Set-VMMemory -VMName "PC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 Enable-VMIntegrationService –Name "Guest Service Interface" -VMName PC1 ``` - -### Configure Windows Server 2012 R2 VHDs +### Configure VHDs 1. At an elevated Windows PowerShell prompt on the Hyper-V host, start the first VM by typing the following command: @@ -550,7 +548,7 @@ Instructions to "type" commands provided in this guide can be typed, but in most Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 3ms, Average = 2ms ``` -36. Verify that all three VMs can reach each other, and the Internet. See [Appendix B: Verify the configuration](#verify-the-configuration) for more information. +36. Verify that all three VMs can reach each other, and the Internet. See [Appendix B: Verify the configuration](#appendix-b-verify-the-configuration) for more information. 37. Lastly, because the client computer has different hardware after copying it to a VM, its Windows activation will be invalidated and you might receive a message that you must activate Windows in 3 days. To extend this period to 30 days, type the following commands at an elevated Windows PowerShell prompt on PC1: ``` From ab6082ff9db9369f976b181bb8d8dabe1a41210c Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 9 Sep 2016 13:28:15 -0700 Subject: [PATCH 28/53] final draft --- ...-sccm.md => windows-10-poc-sc-config-mgr.md} | 0 windows/deploy/windows-10-poc.md | 17 ++++++++--------- 2 files changed, 8 insertions(+), 9 deletions(-) rename windows/deploy/{windows-10-poc-sccm.md => windows-10-poc-sc-config-mgr.md} (100%) diff --git a/windows/deploy/windows-10-poc-sccm.md b/windows/deploy/windows-10-poc-sc-config-mgr.md similarity index 100% rename from windows/deploy/windows-10-poc-sccm.md rename to windows/deploy/windows-10-poc-sc-config-mgr.md diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 1a0dc24077..77dd284d4e 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -14,11 +14,9 @@ author: greg-lindsay - Windows 10 -Are you interested in upgrading to Windows 10? +If you are interested in upgrading to Windows 10 and would like to check out the upgrade process at no cost, and without having to actually upgrade any production devices, then keep reading... -Did you know that you can test drive Windows 10, and check out the upgrade process at no cost, all without having to actually upgrade any production devices? - -If you have a computer running Windows 8 or a later OS with 16GB of RAM, you have everything you need to quickly set up a Windows 10 test lab. You can even clone computers from your network and see exactly what happens when they are upgraded to Windows 10. To see how, keep reading... +If you have a computer running Windows 8 or a later OS with 16GB of RAM, you have everything you need to quickly set up a Windows 10 test lab. You can even clone computers from your network and see exactly what happens when they are upgraded to Windows 10. ## In this guide @@ -42,7 +40,7 @@ The following optional topics are also available: When you have completed the steps in this guide, see the following topics for step by step instructions to deploy Windows 10 using the PoC environment under common scenarios with current deployment tools: - [Deploy Windows 10 in a test lab using MDT](windows-10-poc-mdt.md) -- [Deploy Windows 10 in a test lab using System Center](windows-10-poc-sccm.md) +- [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md) ## Hardware and software requirements @@ -642,10 +640,11 @@ Use the following procedures to verify that the PoC environment is configured pr ping -n 1 dc1.contoso.com tracert www.microsoft.com ``` - **whoami** displays the current user context, for example in an elevated Windows PowerShell prompt, contoso\administrator is displayed. - **hostname** displays the name of the local computer, for example W7PC-001. - **nslookup** displays the DNS server used for the query, and the results of the query. For example, server dc1.contoso.com, address 192.168.0.1, Name e2847.dspb.akamaiedge.net. - **tracert* displays the path to reach the destination, for example srv1.contoso.com [192.168.0.2] followed by a list of hosts and IP addresses corresponding to subsequent routing nodes between the source and the destination. + **whoami** displays the current user context, for example in an elevated Windows PowerShell prompt, contoso\administrator is displayed.
+ **hostname** displays the name of the local computer, for example W7PC-001.
+ **nslookup** displays the DNS server used for the query, and the results of the query. For example, server dc1.contoso.com, address 192.168.0.1, Name e2847.dspb.akamaiedge.net.
+ **ping** displays if the source can resolve the target name, and whether or not the target responds to ICMP. If it cannot be resolved, "..could not find host" will be diplayed and if the target is found and also responds to ICMP, you will see "Reply from" and the IP address of the target.
+ **tracert** displays the path to reach the destination, for example srv1.contoso.com [192.168.0.2] followed by a list of hosts and IP addresses corresponding to subsequent routing nodes between the source and the destination. ## Related Topics From acd3bd79afee8a5b515d09a6f757b5a0676bc67c Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 9 Sep 2016 15:02:19 -0700 Subject: [PATCH 29/53] more stuff --- .../deploy/windows-10-poc-sc-config-mgr.md | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/windows/deploy/windows-10-poc-sc-config-mgr.md b/windows/deploy/windows-10-poc-sc-config-mgr.md index 31c306e7bf..1a4e5e7d83 100644 --- a/windows/deploy/windows-10-poc-sc-config-mgr.md +++ b/windows/deploy/windows-10-poc-sc-config-mgr.md @@ -47,7 +47,33 @@ Description here. Stop-Process -Name Explorer ``` 3. Download [System Center Configuration Manager and Endpoint Protection](https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection) on SRV1, double-click the file, enter **C:\configmgr** for **Unzip to folder**, and click **Unzip**. The directory will be automatically created. Click **OK** and then close the WinZip Self-Extractor dialog box when finished. + +``` +New-Item -Path c:\setupdl -ItemType Directory +New-SmbShare -Name SetupDL$ -Path C:\setupdl -ChangeAccess EVERYONE +cmd /c c:\configmgr\SMSSETUP\BIN\X64\setupdl.exe "\\greglin-xps\SetupDL$" + +Install-WindowsFeature Web-Windows-Auth +Install-WindowsFeature Web-ISAPI-Ext +Install-WindowsFeature Web-Metabase +Install-WindowsFeature Web-WMI +Install-WindowsFeature BITS +Install-WindowsFeature RDC +Install-WindowsFeature NET-Framework-Features +Install-WindowsFeature Web-Asp-Net +Install-WindowsFeature Web-Asp-Net45 +Install-WindowsFeature NET-HTTP-Activation +Install-WindowsFeature NET-Non-HTTP-Activ + + +``` + +OK this is what I need to go with: +https://gallery.technet.microsoft.com/ConfigMgr-2012-R2-e52919cd + + 4. To start installation, type the following command at an elevated Windows PowerShell prompt: + ``` C:\configmgr\SMSSETUP\BIN\X64\Setup.exe ``` From 6814dfdbb692ab4f049d59408448808d91916ba9 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 9 Sep 2016 15:29:12 -0700 Subject: [PATCH 30/53] more stuff --- windows/deploy/windows-10-poc.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 77dd284d4e..d549c32bb2 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -14,9 +14,9 @@ author: greg-lindsay - Windows 10 -If you are interested in upgrading to Windows 10 and would like to check out the upgrade process at no cost, and without having to actually upgrade any production devices, then keep reading... +If you are interested in upgrading to Windows 10 and want to know more about the upgrade process, then keep reading... -If you have a computer running Windows 8 or a later OS with 16GB of RAM, you have everything you need to quickly set up a Windows 10 test lab. You can even clone computers from your network and see exactly what happens when they are upgraded to Windows 10. +Do you have a computer running Windows 8 or later with 16GB of RAM? If so, then you have everything you need to set up a Windows 10 test lab. You can even clone computers from your network and see exactly what happens when they are upgraded to Windows 10. ## In this guide @@ -121,7 +121,7 @@ The lab architecture is summarized in the following diagram: **Note**: >If you have an existing Hyper-V host, you can use this host if desired and skip the Hyper-V installation section in this guide. ->The two Windows Server VMs can be combined into a single VM to conserve RAM and disk space if required. However, instructions in this guide assume two server systems are used. Using two servers enables Active Directory Domain Services and DHCP to be installed on a server that is not directly connected to the corporate network. This mitigates the risk of clients on the corporate network receiving DHCP leases from the PoC network (i.e. "rogue" DHCP), and limits NETBIOS service broadcasts to the corporate network. +>The two Windows Server VMs can be combined into a single VM to conserve RAM and disk space if required. However, instructions in this guide assume two server systems are used. Using two servers enables Active Directory Domain Services and DHCP to be installed on a server that is not directly connected to the corporate network. This mitigates the risk of clients on the corporate network receiving DHCP leases from the PoC network (i.e. "rogue" DHCP), and limits NETBIOS service broadcasts. ## Configure the PoC environment @@ -258,13 +258,13 @@ Instructions to "type" commands provided in this guide can be typed, but in most    a) Remove the existing external virtual switch, then add the poc-external switch
   b) Rename the existing external switch to "poc-external"
   c) Replace each instance of "poc-external" used in this guide with the name of your existing external virtual switch
- If you choose b) or c), then to not run the second command below. + If you choose b) or c), then do not run the second command below. ``` New-VMSwitch -Name poc-internal -SwitchType Internal -Notes "PoC Network" New-VMSwitch -Name poc-external -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and $_.NdisPhysicalMedium -eq 14}).Name -Notes "PoC External" ``` - >Additionally, since an external virtual switch is associated to a physical NIC on the Hyper-V host, this NIC must be specified when adding the virtual switch. This step is automated in the example here by filtering for active ethernet adapters using the Get-NetAdapter cmdlet. If your Hyper-V host has multiple active ethernet adapters, this automation will not work, and the second command above will fail. In this case, you must edit the command used to add the "poc-external" virtual switch by inserting the specific value needed for the -NetAdapterName option. This value corresponds to the name of the network interface you wish to use. + >Also, since an external virtual switch is associated to a physical network adapter on the Hyper-V host, this adapter must be specified when adding the virtual switch. This is automated in the example here by filtering for active ethernet adapters using the Get-NetAdapter cmdlet. If your Hyper-V host has multiple active ethernet adapters, this automation will not work, and the second command above will fail. In this case, you must edit the command used to add the "poc-external" virtual switch by inserting the specific value needed for the -NetAdapterName option. This value corresponds to the name of the network interface you wish to use. 2. At the elevated Windows PowerShell prompt, type the following command to determine the megabytes of RAM that are currently available on the Hyper-V host: @@ -386,7 +386,8 @@ Instructions to "type" commands provided in this guide can be typed, but in most Start-VM PC1 vmconnect localhost PC1 ``` -15. Sign on to PC1 using an account that has local administrator rights.
+15. Sign on to PC1 using an account that has local administrator rights. + >PC1 will be disconnected from its current domain, so you cannot use a domain account to sign on unless these credentials are cached and the use of cached credentials is permitted by Group Policy. If cached credentials are available and permitted, you can use these credentials to sign in. Otherwise, use an existing local administrator account. 16. After signing in, the operating system detects that it is running in a new environment. New drivers will be automatically installed, including the network adapter driver. The network adapter driver must be updated before you can proceed, so that you will be able to join the contoso.com domain. Depending on the resources allocated to PC1, installing the network adapter driver might take a few minutes. @@ -396,7 +397,8 @@ Instructions to "type" commands provided in this guide can be typed, but in most 17. When the new network adapter driver has completed installation, you will receive an alert to set a network location for the contoso.com network. Select **Work network** and then click **Close**. When you receive an alert that a restart is required, click **Restart Later**. 18. Open an elevated Windows PowerShell prompt on PC1 and verify that the client VM has received a DHCP lease and can communicate with the consoto.com domain controller. - >To open Windows PowerShell on Windows 7, click Start, and search for "power." + + To open Windows PowerShell on Windows 7, click **Start**, and search for "**power**." ``` ipconfig @@ -428,7 +430,7 @@ Instructions to "type" commands provided in this guide can be typed, but in most Our Site Name: Default-First-Site-Name Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_FOREST CLOSE_SITE FULL_SECRET WS 0xC000 ``` ->**Note**: If PC1 is running Windows 7, enhanced session mode is not available, which means that you cannot copy and paste commands from the Hyper-V host to a Windows PowerShell prompt on PC1. However, it is possible to use integration services to copy a file from the Hyper-V host to a VM. The next procedure demonstrates this. If the Copy-VMFile command fails, then type the commands below at an elevated Windows PowerShell prompt on PC1 instead of saving them to a script to run remotely. If PC1 is running Windows 8 or a later operating system, you can use enhanced session mode to copy and paste these commands instead of typing them. +>If PC1 is running Windows 7, enhanced session mode is not available, which means that you cannot copy and paste commands from the Hyper-V host to a Windows PowerShell prompt on PC1. However, it is possible to use integration services to copy a file from the Hyper-V host to a VM. The next procedure demonstrates this. If the Copy-VMFile command fails, then type the commands below at an elevated Windows PowerShell prompt on PC1 instead of saving them to a script to run remotely. If PC1 is running Windows 8 or a later operating system, you can use enhanced session mode to copy and paste these commands instead of typing them. 19. Open an elevated Windows PowerShell ISE window on the Hyper-V host and type the following commands in the (upper) script editor pane: From 9027fa2ea3a6ecab1f515e30701b0c58e860c9eb Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 9 Sep 2016 15:42:06 -0700 Subject: [PATCH 31/53] more stuff --- windows/deploy/windows-10-poc-sc-config-mgr.md | 6 ++++++ windows/deploy/windows-10-poc.md | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/windows/deploy/windows-10-poc-sc-config-mgr.md b/windows/deploy/windows-10-poc-sc-config-mgr.md index 1a4e5e7d83..5096e58fdb 100644 --- a/windows/deploy/windows-10-poc-sc-config-mgr.md +++ b/windows/deploy/windows-10-poc-sc-config-mgr.md @@ -71,6 +71,12 @@ Install-WindowsFeature NET-Non-HTTP-Activ OK this is what I need to go with: https://gallery.technet.microsoft.com/ConfigMgr-2012-R2-e52919cd +Configure it as a primary site, add state migration point, distribution point, extend AD + +After running it I need to install the ADK, configure SQL, then run SCCM setup.exe + + + 4. To start installation, type the following command at an elevated Windows PowerShell prompt: diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index d549c32bb2..ef7e487c10 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -630,7 +630,7 @@ Use the following procedures to verify that the PoC environment is configured pr **Get-Service** displays a status of "Running" for both services.
**Get-DnsServerForwarder** either displays no forwarders, or displays a list of forwarders you are required to use so that SRV1 can resolve Internet names.
**Resolve-DnsName** displays public IP address results for www.microsoft.com.
- **ipconfig** displays a primary DNS suffix of contoso.com. The suffix search list contains contoso.com and your corporate domain. Two ethernet adapters are shown: Ethernet adapter "Ethernet" has an IP addresses of 192.168.0.2, subnet mask of 255.255.255.0, no default gateway, and DNS server addresses of 192.168.0.1 and 192.168.0.2. Ethernet adapter "Ethernet 2" has an IP address, subnet mask, and default gateway configured by DHCP on your corporate network. + **ipconfig** displays a primary DNS suffix of contoso.com. The suffix search list contains contoso.com and your corporate domain. Two ethernet adapters are shown: Ethernet adapter "Ethernet" has an IP addresses of 192.168.0.2, subnet mask of 255.255.255.0, no default gateway, and DNS server addresses of 192.168.0.1 and 192.168.0.2. Ethernet adapter "Ethernet 2" has an IP address, subnet mask, and default gateway configured by DHCP on your corporate network.
**netsh** displays three interfaces on the computer: interface "Ethernet 2" with DHCP enabled = Yes and IP address assigned by your corporate network, interface "Ethernet" with DHCP enabled = No and IP address of 192.168.0.2, and interface "Loopback Pseudo-Interface 1" with IP address of 127.0.0.1. 3. On PC1, open an elevated Windows PowerShell prompt and type the following commands: From 2b31ce94df70c5daec570b6ad040101566ba06a9 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 9 Sep 2016 16:06:34 -0700 Subject: [PATCH 32/53] more stuff --- windows/deploy/windows-10-poc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index ef7e487c10..220f984040 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -103,7 +103,7 @@ The second computer is used to clone and mirror a client computer (computer 2) f >Retaining applications and settings during the upgrade process requires that architecture (32 or 64-bit) is the same before and after the upgrade. -*The Hyper-V server role can also be installed on a computer running Windows Server 2008 R2. However, the Windows PowerShell module for Hyper-V is not available on Windows Server 2008 R2, therefore you cannot use many of the steps provided in this guide to configure Hyper-V. The performance and features of the Hyper-V role are also much improved on later operating systems. If your host must be running Windows Server 2008 R2, steps to configure Hyper-V using WMI or the Hyper-V manager console are provided separately in [Appendix A: Configuring Hyper-V settings on 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2). +*The Hyper-V server role can also be installed on a computer running Windows Server 2008 R2. However, the Windows PowerShell module for Hyper-V is not available on Windows Server 2008 R2, therefore you cannot use many of the steps provided in this guide to configure Hyper-V. The performance and features of the Hyper-V role are also much improved on later operating systems. If your host must be running Windows Server 2008 R2, see [Appendix A: Configuring Hyper-V settings on 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2). The Hyper-V role cannot be installed on Windows 7 or earlier versions of Windows. From 9a67c2e8f7153e7876392b7c435909d47751ef08 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 12 Sep 2016 14:08:35 -0700 Subject: [PATCH 33/53] more stuff --- .../deploy/windows-10-poc-sc-config-mgr.md | 25 ++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/windows/deploy/windows-10-poc-sc-config-mgr.md b/windows/deploy/windows-10-poc-sc-config-mgr.md index 5096e58fdb..2b671577a8 100644 --- a/windows/deploy/windows-10-poc-sc-config-mgr.md +++ b/windows/deploy/windows-10-poc-sc-config-mgr.md @@ -73,9 +73,32 @@ https://gallery.technet.microsoft.com/ConfigMgr-2012-R2-e52919cd Configure it as a primary site, add state migration point, distribution point, extend AD -After running it I need to install the ADK, configure SQL, then run SCCM setup.exe +After running it I need to install the ADK, and WDS +To configure SQL I think I have to download SQLEXPR_x64_ENU which is extracted and then run setup to load the install wizard +This defaults to NT Service\MSSQL$SQLEXPRESS +Windows authentication mode +configure SQL - using SQL server installation center (?) + +Maybe use a configuration file +Maybe use: + +Setup.exe /qs /ACTION=Install /FEATURES=SQLEngine,Replication /INSTANCENAME=MSSQLSERVER /SQLSVCACCOUNT="contoso\administrator" /SQLSVCPASSWORD="pass@word1" /SQLSYSADMINACCOUNTS="contoso\administrator" /AGTSVCACCOUNT="NT AUTHORITY\Network Service" /UpdateEnabled=True /IACCEPTSQLSERVERLICENSETERMS + +.\Setup.exe /QUIET /ACTION=REBUILDDATABASE /INSTANCENAME=MSSQLSERVER /SQLCOLLATION=SQL_Latin1_General_CP1_CI_AS /SQLSYSADMINACCOUNTS="contoso\administrator" <--- this worked but I probably just need to add /sqlcollation to the first command (install) + +& sc.exe config "$servicename" obj= "[$domain\$username]" password= "[$password] <--- not this + +then run SCCM setup.exe + +Cripes I can't use SQL server express edition.... currently I only have this and the TCP port as failures. +SQL server tcp is enabled and set to static port... + +So.. +I need to download a full version of SQL somewhere +Install it with command line, set the port and firewall +There seems to be some memory requirement for SQL "Configuration Manager requries SQL server to reserve a minimum of 8 GB of memory for central or primary site... I don't know if this will prevent me from getting it working. 4. To start installation, type the following command at an elevated Windows PowerShell prompt: From 33d495c129c71819624ca13b62cf83bdd259d7e3 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 12 Sep 2016 15:49:52 -0700 Subject: [PATCH 34/53] fixed 2012 R2 issue --- ...tivate-using-active-directory-based-activation-client.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deploy/activate-using-active-directory-based-activation-client.md b/windows/deploy/activate-using-active-directory-based-activation-client.md index cd91b2b614..5d993ea918 100644 --- a/windows/deploy/activate-using-active-directory-based-activation-client.md +++ b/windows/deploy/activate-using-active-directory-based-activation-client.md @@ -24,8 +24,8 @@ localizationpriority: medium **Looking for retail activation?** - [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644) -Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that the forest schema be updated by adprep.exe on a computer running Windows Server 2012 R2 or Windows Server 2012, but after the schema is updated, older domain controllers can still activate clients. -Any domain-joined computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 with a GVLK will be activated automatically and transparently. They will stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. Activation takes place after the Licensing service starts. When this service starts, the computer contacts AD DS automatically, receives the activation object, and is activated without user intervention. +Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that the forest schema be updated by adprep.exe on a computer running Windows Server 2012 or Windows Server 2012 R2, but after the schema is updated, older domain controllers can still activate clients. +Any domain-joined computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012, or Windows Server 2012 R2 with a GVLK will be activated automatically and transparently. They will stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. Activation takes place after the Licensing service starts. When this service starts, the computer contacts AD DS automatically, receives the activation object, and is activated without user intervention. To allow computers with GVLKs to activate themselves, use the Volume Activation Tools console in Windows Server 2012 R2 or the VAMT in earlier versions of Windows Server to create an object in the AD DS forest. You create this activation object by submitting a KMS host key to Microsoft, as shown in Figure 10. The process proceeds as follows: 1. Perform one of the following tasks: @@ -38,7 +38,7 @@ The process proceeds as follows: **Figure 10**. The Active Directory-based activation flow -For environments in which all computers are running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2, and they are joined to a domain, Active Directory-based activation is the best option for activating all client computers and servers, and you may be able to remove any KMS hosts from your environment. +For environments in which all computers are running Windows 10, Windows 8.1, Windows 8, Windows Server 2012, or Windows Server 2012 R2, and they are joined to a domain, Active Directory-based activation is the best option for activating all client computers and servers, and you may be able to remove any KMS hosts from your environment. If an environment will continue to contain earlier volume licensing operating systems and applications or if you have workgroup computers outside the domain, you need to maintain a KMS host to maintain activation status for earlier volume licensing editions of Windows and Office. Clients that are activated with Active Directory-based activation will maintain their activated state for up to 180 days since the last contact with the domain, but they will periodically attempt to reactivate before then and at the end of the 180day period. By default, this reactivation event occurs every seven days. When a reactivation event occurs, the client queries AD DS for the activation object. Client computers examine the activation object and compare it to the local edition as defined by the GVLK. If the object and GVLK match, reactivation occurs. If the AD DS object cannot be retrieved, client computers use KMS activation. If the computer is removed from the domain, when the computer or the Software Protection service is restarted, the operating system will change the status from activated to not activated, and the computer will try to activate with KMS. From ded230295ebde1c7be79cc0b6c0d5f29ce2e8e9b Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 12 Sep 2016 15:55:41 -0700 Subject: [PATCH 35/53] removed poc topics --- windows/deploy/windows-10-poc-mdt.md | 531 -------------- .../deploy/windows-10-poc-sc-config-mgr.md | 133 ---- windows/deploy/windows-10-poc.md | 661 ------------------ 3 files changed, 1325 deletions(-) delete mode 100644 windows/deploy/windows-10-poc-mdt.md delete mode 100644 windows/deploy/windows-10-poc-sc-config-mgr.md delete mode 100644 windows/deploy/windows-10-poc.md diff --git a/windows/deploy/windows-10-poc-mdt.md b/windows/deploy/windows-10-poc-mdt.md deleted file mode 100644 index cca03a9792..0000000000 --- a/windows/deploy/windows-10-poc-mdt.md +++ /dev/null @@ -1,531 +0,0 @@ ---- -title: Placeholder (Windows 10) -description: Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -author: greg-lindsay ---- - -# Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit - -**Applies to** - -- Windows 10 - -**Important**: This guide leverages the proof of concept (PoC) environment configured using procedures in [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md). Please complete all steps in the prerequisite guide before attempting the procedures in this guide. - -The PoC environment is a virtual network running on Hyper-V with three virtual machines: -- **DC1**: A contoso.com domain controller, DNS server, and DHCP server. -- **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network. -- **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been cloned from a physical computer on your corporate network for testing purposes. - -This guide leverages the Hyper-V server role to perform procedures. If you do not complete all steps in a single session, consider using [checkpoints](https://technet.microsoft.com/library/dn818483.aspx) and [saved states](https://technet.microsoft.com/library/ee247418.aspx) to pause, resume, or restart your work. - -## In this guide - -Description here. - -## Install the Microsoft Deployment Toolkit (MDT) - -1. On SRV1, temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt: - ``` - $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" - Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0 - Stop-Process -Name Explorer - ``` -2. Download and install the 64-bit version of [Microsoft Deployment Toolkit (MDT) 2013 Update 2](https://www.microsoft.com/en-us/download/details.aspx?id=50407) on SRV1 using the default options. - -3. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 1607. Installation might require several minutes to acquire all components. - -3. If desired, re-enable IE Enhanced Security Configuration: - ``` - Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 1 - Stop-Process -Name Explorer - ``` - -## Create a deployment share - -1. In [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md) the Windows 10 Enterprise .iso file was saved to the c:\VHD directory as **c:\VHD\w10-enterprise.iso**. The first step in creating a deployment share is to mount this file on SRV1. To mount the Windows 10 Enterprise DVD on SRV1, open an elevated Windows PowerShell prompt on the Hyper-V host computer and type the following command: - ``` - Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\w10-enterprise.iso - ``` -2. Connect to SRV1 and verify that the Windows Enterprise installation DVD is mounted as driver letter D. - -3. The Windows 10 Enterprise installation files will be used to create a deployment share on SRV1 using the MDT deployment workbench. To open the deployment workbench, click **Start**, type **deployment**, and then click **Deployment Workbench**. - -4. In the Deployment Workbench console, right-click Deployment Shares and select New Deployment Share. - -5. Use the following settings for the New Deployment Share Wizard: - - Deployment share path: **C:\MDTBuildLab**
- - Share name: **MDTBuildLab$**
- - Deployment share description: **MDT build lab**
- - Options: click **Next** to accept the default
- - Summary: click **Next**
- - Progress: settings will be applied
- - Confirmation: click **Finish** - -6. Expand the Deployment Shares node, and then expand MDT build lab. - -7. Right-click the Operating Systems node, and then click New Folder. Name the new folder **Windows 10**. Complete the wizard using default values and click **Finish**. - -7. Right-click the Windows 10 folder created in the previous step, and then click **Import Operating System**. - -8. Use the following settings for the Import Operating System Wizard: - - OS Type: **Full set of source files**
- - Source: **D:\\**
- - Destination: **W10Ent_x64**
- - Summary: click **Next** - - Confirmation: click **Finish** - -9. For purposes of this test lab, we will not add applications (such as Microsoft Office) to the deployment share. For information about adding applications, see the [Add applications](https://technet.microsoft.com/en-us/itpro/windows/deploy/create-a-windows-10-reference-image#sec03) section of the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) topic in the TechNet library. - -10. The next step is to create a task sequence to reference the operating system that was imported. To create a task sequence, right-click the **Task Sequences** node and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: - - Task sequence ID: **REFW10X64-001**
- - Task sequence name: **Windows 10 Enterprise x64 Default Image**
- - Task sequence comments: **Reference Build**
- - Template: **Standard Client Task Sequence** - - Select OS: click **Windows 10 Enterprise Evaluation in W10Ent_x64 install.wim** - - Specify Product Key: **Do not specify a product key at this time** - - Full Name: **Contoso** - - Organization: **Contoso** - - Internet Explorer home page: **http://www.contoso.com** - - Admin Password: **Do not specify an Administrator password at this time** - - Summary: click **Next** - - Confirmation: click **Finish** - -11. Edit the task sequence to add the Microsoft NET Framework 3.5, which is required by many applications. To edit the task sequence, double-click **Windows 10 Enterprise x64 Default Image** that was created in the previous step. - -12. Click the **Task Sequence** tab. Under **State Restore** click **Tatto** to highlight it, then click **Add** and choose **New Group**. - -13. On the Properties tab of the group that was created in the previous step, change the Name from New Group to **Custom Tasks (Pre-Windows Update)** and then click **Apply**. - -14. Click the **Custom Tasks (Pre-Windows Update)** group again, click **Add**, point to **Roles**, and then click **Install Roles and Features**. - -15. Under **Select the roles and features that should be installed**, select **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** and then click **Apply**. - -16. Enable Windows Update in the task sequence by clicking the **Windows Update (Post-Application Installation)** step, clicking the **Options** tab, and clearing the **Disable this step** checkbox. - >Note: Since we are not installing applications in this test lab, there is no need to enable the Windows Update Pre-Application Installation step. However, you should enable this step if you are also installing applications. - -17. Click **OK** to complete editing the task sequence. - -18. The next step is to configure the MDT deployment share rules. To configure rules in the Deployment Workbench, right-click MDT build lab (C:\MDTBuildLab) and click **Properties**, and then click the **Rules** tab. - -19. Replace the default rules with the following text: - - ``` - [Settings] - Priority=Default - - [Default] - _SMSTSORGNAME=Contoso - UserDataLocation=NONE - DoCapture=YES - OSInstall=Y - AdminPassword=pass@word1 - TimeZoneName=Pacific Standard Time - JoinWorkgroup=WORKGROUP - HideShell=YES - FinishAction=SHUTDOWN - DoNotCreateExtraPartition=YES - ApplyGPOPack=NO - SkipAdminPassword=YES - SkipProductKey=YES - SkipComputerName=YES - SkipDomainMembership=YES - SkipUserData=YES - SkipLocaleSelection=YES - SkipTaskSequence=NO - SkipTimeZone=YES - SkipApplications=YES - SkipBitLocker=YES - SkipSummary=YES - SkipRoles=YES - SkipCapture=NO - SkipFinalSummary=YES - ``` - -20. Click **Apply** and then click **Edit Bootstrap.ini**. Replace the contents of the Bootstrap.ini file with the following text, and save the file: - ``` - [Settings] - Priority=Default - - [Default] - DeployRoot=\\SRV1\MDTBuildLab$ - UserDomain=CONTOSO - UserID=administrator - UserPassword=pass@word1 - SkipBDDWelcome=YES - ``` - -21. Click **OK** to complete the configuration of the deployment share. - -22. Right-click **MDT build lab (C:\MDTBuildLab)** and then click **Update Deployment Share**. - -23. Accept all default values in the Update Deployment Share Wizard by clicking **Next**. The update process will take 5 to 10 minutes. When it has completed, click **Finish**. - -24. Copy **c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso** on SRV1 to the **c:\VHD** directory on the Hyper-V host computer. Note that in MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI). - ->Hint: Top copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**. - -25. Open a Windows PowerShell prompt on the Hyper-V host computer and type the following commands: - - ``` - New-VM –Name REFW10X64-001 -SwitchName poc-internal -NewVHDPath "c:\VHD\REFW10X64-001.vhdx" -NewVHDSizeBytes 60GB - Set-VMMemory -VMName REFW10X64-001 -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 1024MB -Buffer 20 - Set-VMDvdDrive -VMName REFW10X64-001 -Path c:\VHD\LiteTouchPE_x86.iso - Start-VM REFW10X64-001 - vmconnect localhost REFW10X64-001 - ``` -26. In the Windows Deployment Wizard, select **Windows 10 Enterprise x64 Default Image**, and then click **Next**. - -27. Accept the default values on the Capture Image page, and click **Next**. Operating system installation will complete after 5 to 10 minutes and then the VM will reboot automatically. Allow the system to boot normally (do not press a key). The process is fully automated. - - Additional system restarts will occur to complete updating and preparing the operating system. Setup will complete the following procedures: - - - Install the Windows 10 Enterprise operating system. - - Install added applications, roles, and features. - - Update the operating system using Windows Update (or WSUS if optionally specified). - - Stage Windows PE on the local disk. - - Run System Preparation (Sysprep) and reboot into Windows PE. - - Capture the installation to a Windows Imaging (WIM) file. - - Turn off the virtual machine. - - This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host. After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on your deployment server. The file name is **REFW10X64-001.wim**. - - ## Deploy a Windows 10 image using MDT - -This procedure will demonstrate how to deploy the reference image to the PoC environment using MDT. - -1. On SRV1, open the MDT Deployment Workbench console, right-click **Deployment Shares**, and then click **New Deployment Share**. Use the following values in the New Deployment Share Wizard: - - **Deployment share path**: C:\MDTProd - - **Share name**: MDTProd$ - - **Deployment share description**: MDT Production - - **Options**: accept the default - -2. Click **Finish** and verify the new deployment share was added successfully. - -3. In the Deployment Workbench console, expand the MDT Production deployment share, right-click **Operating Systems**, and then click **New Folder**. Name the new folder **Windows 10** and complete the wizard using default values. - -4. Right-click the Windows 10 folder created in the previous step, and then click **Import Operating System**. - -5. On the **OS Type** page, choose **Custom image file** and then click **Next**. - -6. On the Image page, browse to the C:\MDTBuildLab\Captures\REFW10X64-001.wim file created in the previous procedure, click **Open**, and then click **Next**. - -7. On the Setup page, select **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path**. - -8. Under **Setup source directory**, browse to **C:\MDTBuildLab\Operating Systems\W10Ent_x64** click **OK** and then click **Next**. - -9. On the Destination page, accept the default Destination directory name of **REFW10X64-001**, click **Next** twice, and then click **Finish**. - -10. In the Operating Systems > Windows 10 node, double-click the operating system that was added to view its Properties. Change the Operating system name to **Windows 10 Enterprise x64 Custom Image** and then click **OK**. - -### Create the deployment task sequence - -1. Using the Deployment Workbench, select Task Sequences in the MDT Production node, and create a folder named **Windows 10**. - -2. Right-click the Windows 10 folder created in the previous step, and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: - - Task sequence ID: W10-X64-001 - - Task sequence name: Windows 10 Enterprise x64 Custom Image - - Task sequence comments: Production Image - - Select Template: Standard Client Task Sequence - - Select OS: Windows 10 Enterprise x64 Custom Image - - Specify Product Key: Do not specify a product key at this time - - Full Name: Contoso - - Organization: Contoso - - Internet Explorer home page: http://www.contoso.com - - Admin Password: pass@word1 - -### Configure the MDT production deployment share - -1. On SRV1, open an elevated Windows PowerShell prompt and type the following commands: - - ``` - copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\Bootstrap.ini" C:\MDTProd\Control\Bootstrap.ini -Force - copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\CustomSettings.ini" C:\MDTProd\Control\CustomSettings.ini -Force - ``` -2. In the Deployment Workbench console on SRV1, right-click the **MDT Production** deployment share and then click Properties. - -3. Click the **Rules** tab and replace the rules with the following text: - - ``` - [Settings] - Priority=Default - - [Default] - _SMSTSORGNAME=Contoso - OSInstall=YES - UserDataLocation=AUTO - TimeZoneName=Pacific Standard Time - OSDComputername=#Left("PC-%SerialNumber%",7)# - AdminPassword=pass@word1 - JoinDomain=contoso.com - DomainAdmin=administrator - DomainAdminDomain=CONTOSO - DomainAdminPassword=pass@word1 - ScanStateArgs=/ue:*\* /ui:CONTOSO\* - USMTMigFiles001=MigApp.xml - USMTMigFiles002=MigUser.xml - HideShell=YES - ApplyGPOPack=NO - SkipAppsOnUpgrade=NO - SkipAdminPassword=YES - SkipProductKey=YES - SkipComputerName=YES - SkipDomainMembership=YES - SkipUserData=YES - SkipLocaleSelection=YES - SkipTaskSequence=NO - SkipTimeZone=YES - SkipApplications=NO - SkipBitLocker=YES - SkipSummary=YES - SkipCapture=YES - SkipFinalSummary=NO - EventService=http://SRV1:9800 - ``` - **Note**: The contents of the Rules tab are added to c:\MDTProd\Control\CustomSettings.ini. - - >In this example a **MachineObjectOU** entry is not provided. Normally this entry describes the specific OU where new client computer objects are created in Active Directory. However, for the purposes of this test lab clients are added to the default computers OU, which requires that this parameter be unspecified. - -4. Click **Edit Bootstap.ini** and replace text in the file with the following text: - ``` - [Settings] - Priority=Default - - [Default] - DeployRoot=\\SRV1\MDTProd$ - UserDomain=CONTOSO - UserID=administrator - UserPassword=pass@word1 - SkipBDDWelcome=YES - ``` -5. Click **OK** when finished. - -### Update the deployment share - -1. Right-click the **MDT Production** deployment share and then click **Update Deployment Share**. - -2. Use the default options for the Update Deployment Share Wizard. The update process requires 5 to 10 minutes to complete. - -3. Click **Finish** when the update is complete. - -### Enable deployment monitoring - -1. In the Deployment Workbench console, right-click **MDT Production** and then click **Properties**. - -2. On the **Monitoring** tab, select the **Enable monitoring for this deployment share** checkbox, and then click **OK**. - -3. Verify the monitoring service is working as expected by opening the following link on SRV1 in Internet Explorer: [http://localhost:9800/MDTMonitorEvent/](http://localhost:9800/MDTMonitorEvent/). If you do not see "**You have created a service**" at the top of the page, see [Troubleshooting MDT 2012 Monitoring](https://blogs.technet.microsoft.com/mniehaus/2012/05/10/troubleshooting-mdt-2012-monitoring/). - -4. Close Internet Explorer. - -### Configure Windows Deployment Services - -1. Initialize Windows Deployment Services (WDS) by typing the following command at an elevated Windows PowerShell prompt on SRV1: - - ``` - WDSUTIL /Verbose /Progress /Initialize-Server /Server:SRV1 /RemInst:"C:\RemoteInstall" - WDSUTIL /Set-Server /AnswerClients:All - ``` - -2. Click **Start**, type **Windows Deployment**, and then click **Windows Deployment Services**. - -3. In the Windows Deployment Services console, expand Servers, expand SRV1.contoso.com, right-click **Boot Images**, and then click **Add Boot Image**. - -4. Browse to the **C:\MDTProd\Boot\LiteTouchPE_x64.wim** file, click **Open**, click **Next**, and accept the defaults in the Add Image Wizard. Click **Finish** to complete adding a boot image. - -### Deploy the client image - -1. Before using WDS to deploy a client image, you must temporarily disable the external network adapter on SRV1. This is just an artifact of the lab environment. In a typical deployment environment WDS would not be installed on the default gateway. **Note**: Do not disable the *internal* network interface. To disable the *external* interface on SRV1, open a Windows PowerShell prompt on SRV1 and type the following command: - - ``` - Disable-NetAdapter "Ethernet 2" -Confirm:$false - ``` - -2. Next, switch to the Hyper-V host and open an elevated Windows PowerShell prompt. Create a generation 2 VM on the Hyper-V host that will load its OS using PXE. To create this VM, type the following commands at an elevated Windows PowerShell prompt: - - ``` - New-VM –Name "PC2" –NewVHDPath "c:\vhd\pc2.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2 - Set-VMMemory -VMName "PC2" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20 - ``` - >Dynamic memory is configured on the VM to conserve resources. However, this can cause memory allocation to be reduced past what is required to install an operating system. If this happens, reset the VM and begin the OS installation task sequence immediately. This ensures the VM memory allocation is not decreased too much while it is idle. - -3. Start the new VM and connect to it: - - ``` - Start-VM PC2 - vmconnect localhost PC2 - ``` -4. When prompted, hit ENTER to start the network boot process. - -5. Choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**. - -6. After MDT lite touch installation has started, be sure to re-enable the external network adapter on SRV1. This is needed so the client can use Windows Update after operating system installation is complete.To re-enable the external network interface, open an elevated Windows PowerShell prompt on SRV1 and type the following command: - - ``` - Enable-NetAdapter "Ethernet 2" - ``` -7. On SRV1, in the Deployment Workbench console, click on **Monitoring** and view the status of installation. -8. When OS installation is complete, the system will reboot automatically and begin configuring devices. When the new client computer is finished updating, click **Finish**. You will be automatically signed in to the local computer as administrator. - -9. Turn off the PC2 VM before starting the next section. To turn off the VM, right-click **Start**, point to **Shut down or sign out**, and then click **Shut down**. - -### Refresh a computer with Windows 10 - -This topic will demonstrate how to export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings. The scenario will use PC1, a computer that was cloned from a physical device to a VM, as described in [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md). - -1. Create a checkpoint for the PC1 VM so that it can easily be reverted to its current state for troubleshooting purposes and to perform additional scenarios. Checkpoints are also known as snapshots. To create a checkpoint for the PC1 VM, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` - Checkpoint-VM -Name PC1 -SnapshotName BeginState - ``` - -2. Sign on to PC1 using the CONTOSO\Administrator account. - - >Specify **contoso\administrator** as the user name to ensure you do not sign on using the local administrator account. You must sign in with this account so that you have access to the deployment share. - -3. Open an elevated command prompt on PC1 and type the following: - - ``` - cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs - ``` - **Note**: Litetouch.vbs must be able to create the C:\MININT directory on the local computer. - -4. Choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**. - -5. Choose **Do not back up the existing computer** and click **Next**. - - **Note**: The USMT will still back up the computer. - -6. Lite Touch Installation will perform the following actions: - - Back up user settings and data using USMT. - - Install the Windows 10 Enterprise X64 operating system. - - Update the operating system via Windows Update. - - Restore user settings and data using USMT. - - You can review the progress of installation on SRV1 by clicking on the **Monitoring** node in the deployment workbench. When OS installation is complete, the computer will restart, set up devices, and configure settings. - -7. Sign in with the CONTOSO\Administrator account and verify that all CONTOSO domain user accounts and data have been migrated to the new operating system. - -8. Create another checkpoint for the PC1 VM so that you can review results of the computer refresh later. To create a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` - Checkpoint-VM -Name PC1 -SnapshotName RefreshState - ``` -9. Restore the PC1 VM to it's previous state in preparation for the replace procedure. To restore a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` - Restore-VMSnapshot -VMName PC1 -Name BeginState -Confirm:$false - Start-VM PC1 - vmconnect localhost PC1 - ``` -10. Sign in to PC1 using the contoso\administrator account. - -### Replace a computer with Windows 10 - -At a high level, the computer replace process consists of:
-- A special replace task sequence that runs the USMT backup and an optional full Window Imaging (WIM) backup.
-- A standard OS deployment on a new computer. At the end of the deployment, the USMT backup from the old computer is restored. - -#### Create a backup-only task sequence - -1. On SRV1, in the deployment workbench console, right-click the MDT Production deployment share, click **Properties**, click the **Rules** tab, and change the line **SkipUserData=YES** to **SkipUserData=NO**. -2. Click **OK**, right-click **MDT Production**, click **Update Deployment Share** and accept the default options in the wizard to update the share. -3. Type the following commands at an elevated Windows PowerShell prompt on SRV1: - ``` - New-Item -Path C:\MigData -ItemType directory - New-SmbShare -Name MigData$ -Path C:\MigData -ChangeAccess EVERYONE - icacls C:\MigData /grant '"contoso\administrator":(OI)(CI)(M)' - ``` -4. On SRV1 in the deployment workbench, under **MDT Production**, right-click the **Task Sequences** node, and click **New Folder**. -5. Name the new folder **Other**, and complete the wizard using default options. -6. Right-click the **Other** folder and then click **New Task Sequence**. Use the following values in the wizard: - - **Task sequence ID**: REPLACE-001 - - **Task sequence name**: Backup Only Task Sequence - - **Task sequence comments**: Run USMT to backup user data and settings - - **Template**: Standard Client Replace Task Sequence -7. Accept defaults for the rest of the wizard and then click **Finish**. The replace task sequence will skip OS selection and settings. -8. Open the new task sequence that was created and review it. Note the type of capture and backup tasks that are present. Click **OK** when you are finished reviewing the task sequence. - -#### Run the backup-only task sequence - -1. If you are not already signed on to PC1 as **contoso\administrator**, sign in using this account. To verify the currently signed in account, type the following command at an elevated command prompt: - ``` - whoami - ``` -2. To ensure a clean environment before running the backup task sequence, type the following at an elevated Windows PowerShell prompt: - ``` - Remove-Item c:\minint -recurse - Remove-Item c:\_SMSTaskSequence -recurse - Restart-Computer - ``` -2. Sign in to PC1 using the contoso\administrator account, and then type the following at an elevated command prompt: - ``` - cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs - ``` -3. Complete the deployment wizard using the following: - - **Task Sequence**: Backup Only Task Sequence - - **User Data**: Specify a location: **\\SRV1\MigData$\PC1** - - **Computer Backup**: Do not back up the existing computer. -4. While the task sequence is running on PC1, open the deployment workbench console on SRV1 and click the **Monitoring* node. Press F5 to refresh the console, and view the status of current tasks. -5. Verify that **The user state capture was completed successfully** is displayed, and click **Finish** when the capture is complete. -6. On SRV1, verify that the file **USMT.MIG** was created in the **C:\MigData\PC1\USMT** directory. See the following example: - ``` - PS C:\> dir C:\MigData\PC1\USMT - - Directory: C:\MigData\PC1\USMT - - Mode LastWriteTime Length Name - ---- ------------- ------ ---- - -a--- 9/6/2016 11:34 AM 14248685 USMT.MIG - ``` -#### Deploy PC3 - -1. On the Hyper-V host, type the following commands at an elevated Windows PowerShell prompt: - ``` - New-VM –Name "PC3" –NewVHDPath "c:\vhd\pc3.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2 - Set-VMMemory -VMName "PC3" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20 - ``` -2. Temporarily disable the external network adapter on SRV1 again, so that we can successfully boot PC3 from WDS. To disable the adapter, type the following command at an elevated Windows PowerShell prompt on SRV1: - ``` - Disable-NetAdapter "Ethernet 2" -Confirm:$false - ``` -3. Start and connect to PC3 by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` - Start-VM PC3 - vmconnect localhost PC3 - ``` -4. When prompted, press ENTER for network boot. - -6. On PC3, ue the following settings for the Windows Deployment Wizard: - - **Task Sequence**: Windows 10 Enterprise x64 Custom Image - - **Move Data and Settings**: Do not move user data and settings - - **User Data (Restore)**: Specify a location: **\\SRV1\MigData$\PC1** -5. When OS installation has started on PC1, re-enable the external network adapter on SRV1 by typing the following command on SRV1: - ``` - Enable-NetAdapter "Ethernet 2" - ``` -7. Setup will install the Windows 10 Enterprise operating system, update via Windows Update, and restore the user settings and data from PC1. - -#### Troubleshooting logs, events, and utilities - -Deployment logs are available on the client computer in the following locations: -- Before the image is applied: X:\MININT\SMSOSD\OSDLOGS -- After the system drive has been formatted: C:\MININT\SMSOSD\OSDLOGS -- After deployment: %WINDIR%\TEMP\DeploymentLogs - -You can review WDS events in Event Viewer at: **Applications and Services Logs > Microsoft > Windows > Deployment-Services-Diagnostics**. By default, only the **Admin** and **Operational** logs are enabled. To enable other logs, right-click the log and then click **Enable Log**. - -Tools for viewing log files, and to assist with troubleshooting are available in the [System Center 2012 R2 Configuration Manager Toolkit](https://www.microsoft.com/en-us/download/details.aspx?id=50012) - -## Related Topics - -[Microsoft Deployment Toolkit](https://technet.microsoft.com/en-US/windows/dn475741)
-[Prepare for deployment with MDT 2013](prepare-for-windows-deployment-with-mdt-2013.md) - -  - - - - - diff --git a/windows/deploy/windows-10-poc-sc-config-mgr.md b/windows/deploy/windows-10-poc-sc-config-mgr.md deleted file mode 100644 index 2b671577a8..0000000000 --- a/windows/deploy/windows-10-poc-sc-config-mgr.md +++ /dev/null @@ -1,133 +0,0 @@ ---- -title: Placeholder (Windows 10) -description: Deploy Windows 10 in a test lab using System Center Configuration Manager -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -author: greg-lindsay ---- - -# Deploy Windows 10 in a test lab using System Center Configuration Manager - -**Applies to** - -- Windows 10 - -**Important**: This guide leverages the proof of concept (PoC) environment configured using procedures in [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md). Please complete all steps in the prerequisite guide before attempting the procedures in this guide. - -If you have already completed [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md), you can skip some steps of this guide, such as installation of MDT. - -The PoC environment is a virtual network running on Hyper-V with three virtual machines (VMs): -- **DC1**: A contoso.com domain controller, DNS server, and DHCP server. -- **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network. -- **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been cloned from a physical computer on your corporate network for testing purposes. - -This guide leverages the Hyper-V server role to perform procedures. If you do not complete all steps in a single session, consider using [checkpoints](https://technet.microsoft.com/library/dn818483.aspx) and [saved states](https://technet.microsoft.com/library/ee247418.aspx) to pause, resume, or restart your work. - -## In this guide - -Description here. - -## Install prerequisites - -1. On SRV1, type the following command at an elevated Windows PowerShell prompt on SRV1 to enable .NET Framework 3.5: - ``` - Add-WindowsFeature NET-Framework-Core - ``` -2. - -## Install System Center Configuration Manager - - -2. On SRV1, temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt: - ``` - $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" - Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0 - Stop-Process -Name Explorer - ``` -3. Download [System Center Configuration Manager and Endpoint Protection](https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection) on SRV1, double-click the file, enter **C:\configmgr** for **Unzip to folder**, and click **Unzip**. The directory will be automatically created. Click **OK** and then close the WinZip Self-Extractor dialog box when finished. - -``` -New-Item -Path c:\setupdl -ItemType Directory -New-SmbShare -Name SetupDL$ -Path C:\setupdl -ChangeAccess EVERYONE -cmd /c c:\configmgr\SMSSETUP\BIN\X64\setupdl.exe "\\greglin-xps\SetupDL$" - -Install-WindowsFeature Web-Windows-Auth -Install-WindowsFeature Web-ISAPI-Ext -Install-WindowsFeature Web-Metabase -Install-WindowsFeature Web-WMI -Install-WindowsFeature BITS -Install-WindowsFeature RDC -Install-WindowsFeature NET-Framework-Features -Install-WindowsFeature Web-Asp-Net -Install-WindowsFeature Web-Asp-Net45 -Install-WindowsFeature NET-HTTP-Activation -Install-WindowsFeature NET-Non-HTTP-Activ - - -``` - -OK this is what I need to go with: -https://gallery.technet.microsoft.com/ConfigMgr-2012-R2-e52919cd - -Configure it as a primary site, add state migration point, distribution point, extend AD - -After running it I need to install the ADK, and WDS - -To configure SQL I think I have to download SQLEXPR_x64_ENU which is extracted and then run setup to load the install wizard -This defaults to NT Service\MSSQL$SQLEXPRESS -Windows authentication mode - -configure SQL - using SQL server installation center (?) - -Maybe use a configuration file -Maybe use: - -Setup.exe /qs /ACTION=Install /FEATURES=SQLEngine,Replication /INSTANCENAME=MSSQLSERVER /SQLSVCACCOUNT="contoso\administrator" /SQLSVCPASSWORD="pass@word1" /SQLSYSADMINACCOUNTS="contoso\administrator" /AGTSVCACCOUNT="NT AUTHORITY\Network Service" /UpdateEnabled=True /IACCEPTSQLSERVERLICENSETERMS - -.\Setup.exe /QUIET /ACTION=REBUILDDATABASE /INSTANCENAME=MSSQLSERVER /SQLCOLLATION=SQL_Latin1_General_CP1_CI_AS /SQLSYSADMINACCOUNTS="contoso\administrator" <--- this worked but I probably just need to add /sqlcollation to the first command (install) - -& sc.exe config "$servicename" obj= "[$domain\$username]" password= "[$password] <--- not this - -then run SCCM setup.exe - -Cripes I can't use SQL server express edition.... currently I only have this and the TCP port as failures. -SQL server tcp is enabled and set to static port... - -So.. -I need to download a full version of SQL somewhere -Install it with command line, set the port and firewall -There seems to be some memory requirement for SQL "Configuration Manager requries SQL server to reserve a minimum of 8 GB of memory for central or primary site... I don't know if this will prevent me from getting it working. - - -4. To start installation, type the following command at an elevated Windows PowerShell prompt: - - ``` - C:\configmgr\SMSSETUP\BIN\X64\Setup.exe - ``` -5. Provide the following in the System Center Configuration Manager Setup Wizard: - - **Before You Begin**: Read the text and click *Next*. - - **Getting Started**: Choose **Install a Configuration Manager primary site** and select the **Use typical installation options for a stand-alone primary site** checkbox. - - Click **Yes** in response to the popup window. - - **Product Key**: Choose **Install the evaluation edition of this Product**. - - **Microsoft Software License Terms**: Read the terms and then select the I accept these license terms checkbox. - - **Prerequisite Licenses**: Review license terms and select all three checkboxes on the page. - - **Prerequisite Downloads**: Choose **Download required files** and enter **c:\configmgr** next to **Path**. - - **Site and Installation Settings**: Site code: **PS1**, Site name: **Contoso**. - - use default settings for all other options - - **Usage Data**: Read the text and click **Next**. - - **Service Connection Point Setup**: Accept the default settings (SRV1.contoso.com is automatically added under Select a server to use). - - **Settings Summary**: Review settings and click **Next**. - - **Prerequisite Check**: - -## Related Topics - -  - -  - - - - - diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md deleted file mode 100644 index 220f984040..0000000000 --- a/windows/deploy/windows-10-poc.md +++ /dev/null @@ -1,661 +0,0 @@ ---- -title: Deploy Windows 10 in a test lab (Windows 10) -description: Concepts and procedures for deploying Windows 10 in a proof of concept lab environment. -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -author: greg-lindsay ---- - -# Step by step guide: Deploy Windows 10 in a test lab - -**Applies to** - -- Windows 10 - -If you are interested in upgrading to Windows 10 and want to know more about the upgrade process, then keep reading... - -Do you have a computer running Windows 8 or later with 16GB of RAM? If so, then you have everything you need to set up a Windows 10 test lab. You can even clone computers from your network and see exactly what happens when they are upgraded to Windows 10. - -## In this guide - -This guide provides step-by-step instructions for configuring a proof of concept (PoC) environment where you can deploy Windows 10. The PoC enviroment is configured using Hyper-V and a minimum amount of resources. Simple to use Windows PowerShell commands are provided for setting up the test lab. - -The following topics and procedures are provided in this guide: - -- [Hardware and software requirements](#hardware-and-software-requirements): Prerequisites to complete this guide.
-- [Lab setup](#lab-setup): A description and diagram of the PoC environment that is configured.
-- [Configure the PoC environment](#configure-the-poc-environment): Step by step guidance for the following procedures: - - [Verify support and install Hyper-V](#verify-support-and-install-hyper-v): Verify that installation of Hyper-V is supported, and install the Hyper-V server role. - - [Download VHD and ISO files](#download-vhd-and-iso-files): Download evaluation versions of Windows Server 2012 R2 and Windows 10 and prepare these files to be used on the Hyper-V host. - - [Convert PC to VHD](#convert-pc-to-vhd): Convert a physical computer on your network to a VHDX file and prepare it to be used on the Hyper-V host. - - [Configure Hyper-V](#configure-hyper-v): Create virtual switches, determine available RAM for virtual machines, and add virtual machines. - - [Configure VHDs](#configure-vhds): Start virtual machines and configure all services and settings. - -The following optional topics are also available: -- [Appendix A: Configuring Hyper-V on Windows Server 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2): Information about using this guide with a Hyper-V host running Windows Server 2008 R2. -- [Appendix B: Verify the configuration](#appendix-b-verify-the-configuration): Verify and troubleshoot network connectivity and services in the PoC environment. - -When you have completed the steps in this guide, see the following topics for step by step instructions to deploy Windows 10 using the PoC environment under common scenarios with current deployment tools: - -- [Deploy Windows 10 in a test lab using MDT](windows-10-poc-mdt.md) -- [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md) - -## Hardware and software requirements - -One computer that meets the hardware and software specifications below is required to complete the guide; A second computer is recommended to validate the upgrade process. - -The second computer is used to clone and mirror a client computer (computer 2) from your corporate network to the POC environment. Alternatively, you can use an arbitrary VM to represent this computer, therefore this computer is not required to complete the lab. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
**Computer 1** (required)**Computer 2** (recommended)
RoleHyper-V hostClient computer
DescriptionThis computer will run Hyper-V, the Hyper-V management tools, and the Hyper-V Windows PowerShell module.This computer is a Windows 7 or Windows 8/8.1 client on your corporate network that will be converted to a VHD for upgrade demonstration purposes.
OSWindows 8/8.1/10 or Windows Server 2012/2012 R2/2016*Windows 7 or a later
EditionEnterprise, Professional, or EducationAny
Architecture64-bitAny
RAM8 GB RAM (16 GB recommended)Any
Disk50 GB available hard disk space (100 GB recommended)Any
CPUSLAT-Capable CPUAny
NetworkInternet connectionAny
- ->Retaining applications and settings during the upgrade process requires that architecture (32 or 64-bit) is the same before and after the upgrade. - -*The Hyper-V server role can also be installed on a computer running Windows Server 2008 R2. However, the Windows PowerShell module for Hyper-V is not available on Windows Server 2008 R2, therefore you cannot use many of the steps provided in this guide to configure Hyper-V. The performance and features of the Hyper-V role are also much improved on later operating systems. If your host must be running Windows Server 2008 R2, see [Appendix A: Configuring Hyper-V settings on 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2). - -The Hyper-V role cannot be installed on Windows 7 or earlier versions of Windows. - -## Lab setup - -- The Hyper-V host computer (computer 1) is configured to host four VMs on a private, proof of concept network. - - Two VMs are running Windows Server 2012 R2 with required network services and tools installed. - - Two VMs are client systems: One VM is intended to mirror a host on your corporate network (computer 2) and one VM is running Windows 10 Enterprise to demonstrate the hardware replacement scenario. -- Links are provided to download trial versions of Windows Server 2012, Windows 10 Enterprise, and all deployment tools necessary to complete the lab. - -The lab architecture is summarized in the following diagram: - -![PoC](images/poc.png) - -**Note**: ->If you have an existing Hyper-V host, you can use this host if desired and skip the Hyper-V installation section in this guide. - ->The two Windows Server VMs can be combined into a single VM to conserve RAM and disk space if required. However, instructions in this guide assume two server systems are used. Using two servers enables Active Directory Domain Services and DHCP to be installed on a server that is not directly connected to the corporate network. This mitigates the risk of clients on the corporate network receiving DHCP leases from the PoC network (i.e. "rogue" DHCP), and limits NETBIOS service broadcasts. - -## Configure the PoC environment - -### Procedures in this section - -[Verify support and install Hyper-V](#verify-support-and-install-hyper-v)
-[Download VHD and ISO files](#download-vhd-and-iso-files)
-[Configure Hyper-V](#configure-hyper-v)
-[Convert PC to VHD](#convert-pc-to-vhd)
-[Configure VHDs](#configure-vhds)
- -### Verify support and install Hyper-V - -1. Verify that the computer supports Hyper-V. - - Starting with Windows 8, the host computer’s microprocessor must support second level address translation (SLAT) to install Hyper-V. See [Hyper-V: List of SLAT-Capable CPUs for Hosts](http://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx) for more information. To verify your computer supports SLAT, open an administrator command prompt, type systeminfo, press ENTER, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. - - See the following example: - - ``` - C:\>systeminfo - ... - Hyper-V Requirements: VM Monitor Mode Extensions: Yes - Virtualization Enabled In Firmware: Yes - Second Level Address Translation: Yes - Data Execution Prevention Available: Yes - ``` - In this example, the computer supports SLAT and Hyper-V. - - If one or more requirements are evaluated as "No" then the computer does not support installing Hyper-V. However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the "Virtualization Enabled In Firmware" setting from "No" to "Yes." The location of this setting will depend on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings. - - You can also identify Hyper-V support using [tools](https://blogs.msdn.microsoft.com/taylorb/2008/06/19/hyper-v-will-my-computer-run-hyper-v-detecting-intel-vt-and-amd-v/) provided by the processor manufacturer, the [msinfo32](https://technet.microsoft.com/en-us/library/cc731397.aspx) tool, or you can download the [coreinfo](http://technet.microsoft.com/en-us/sysinternals/cc835722) utility and run it, as shown in the following example: - - ``` - C:\>coreinfo -v - - Coreinfo v3.31 - Dump information on system CPU and memory topology - Copyright (C) 2008-2014 Mark Russinovich - Sysinternals - www.sysinternals.com - - Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz - Intel64 Family 6 Model 42 Stepping 7, GenuineIntel - Microcode signature: 0000001B - HYPERVISOR - Hypervisor is present - VMX * Supports Intel hardware-assisted virtualization - EPT * Supports Intel extended page tables (SLAT) - ``` - - Note: A 64-bit operating system is requried to run Hyper-V. - -2. Enable Hyper-V. - - The Hyper-V feature is not installed by default. To install it, open an elevated Windows PowerShell window and type the following command: - - ``` - Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V –All - ``` - When you are prompted to restart the computer, choose Yes. The computer might restart more than once. - - You can also install Hyper-V using the Control Panel in Windows under **Turn Windows features on or off** (client OS), or using Server Manager's **Add Roles and Features Wizard** (server OS), as shown below: - - ![hyper-v feature](images/hyper-v-feature.png) - - ![hyper-v](images/svr_mgr2.png) - -### Download VHD and ISO files - -1. Create a directory on your Hyper-V host named C:\VHD and download a single [Windows Server 2012 R2 VHD](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2012-r2) from the TechNet Evaluation Center to the C:\VHD directory. - - **Important**: This guide assumes that VHDs are stored in the **C:\VHD** directory on the Hyper-V host. If you use a different directory to store VHDs, you must adjust steps in this guide appropriately. - - After completing registration you will be able to download the 7.47 GB Windows Server 2012 R2 evaluation VHD. - - ![VHD](images/download_vhd.png) - -2. Rename the VHD file that you downloaded to **2012R2-poc-1.vhd**. This is not required, but is done to make the filename simpler to recognize. -3. Copy the VHD to a second file also in the C:\VHD directory and name this VHD **2012R2-poc-2.vhd**. -4. Download the [Windows 10 Enterprise ISO](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise) from the TechNet Evaluation Center to the C:\VHD directory on your Hyper-V host. During registration, you must specify the type, version, and language of installation media to download. In this example, a Windows 10 Enterprise, 64 bit, English VHD is chosen. You can choose a different version if desired. Note that Windows 10 in-place upgrade is only possible if the source operating system and installation media are both 32-bit or both 64-bit, so you should download the file version that corresponds to the version of your source computer for upgrade testing. -5. Rename the ISO file that you downloaded to **w10-enterprise.iso**. Again, this is done so that the filename is simpler to type and recognize. After completing registration you will be able to download the 3.63 GB Windows 10 Enterprise evaluation ISO. - - The following commands and output display the procedures described in this section: - - ``` - C:\>mkdir VHD - - C:\>cd VHD - - C:\VHD>ren 9600*.vhd 2012R2-poc-1.vhd - - C:\VHD>copy 2012R2-poc-1.vhd 2012R2-poc-2.vhd - 1 file(s) copied. - - C:\VHD ren *.iso w10-enterprise.iso - C:\VHD>dir /B - 2012R2-poc-1.vhd - 2012R2-poc-2.vhd - w10-enterprise.iso - ``` - -### Convert PC to VHD - -**Important**:Before you convert a PC to VHD, verify that you have access to a local administrator account on the computer. Alternatively you can use a domain account with administrative rights if these credentials are cached on the computer and your domain policy allows the use of cached credentials for login. - ->For purposes of the test lab, you must use a PC with a single hard drive that is assigned a drive letter of C:. Systems with multiple hard drives or non-standard configurations can also be upgraded using PC refresh and replace scenarios, but these systems require more advanced deployment task sequences than those used in this lab. - -1. Download the [Disk2vhd utility](https://technet.microsoft.com/en-us/library/ee656415.aspx), extract the .zip file and copy disk2vhd.exe to a flash drive or other location that is accessible from the computer you wish to convert. - >Note: You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media. -2. On the computer you wish to convert, double-click the disk2vhd utility to start the graphical user interface. -3. Select checkboxes next to the volumes you wish to copy and specify a location to save the resulting VHD or VHDX file. If your Hyper-V host is running Windows Server 2008 R2 you must choose VHD, otherwise choose VHDX. -4. Click **Create** to start creating a VHDX file. - - >Disk2vhd can save VHDs to local hard drives, even if they are the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those being converted, such as a flash drive. - -5. When the Disk2vhd utility has completed converting the source computer to a VHD, copy the VHDX file (w7.vhdx) to your Hyper-V host in the C:\VHD directory. There should now be four files in this directory: - - ``` - C:\vhd>dir /B - 2012R2-poc-1.vhd - 2012R2-poc-2.vhd - w10-enterprise.iso - w7.VHDX - ``` - -### Configure Hyper-V - -Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2008 R2. For more information, see [Appendix A: Configuring Hyper-V settings on 2008 R2](#appendix-a-configuring-hyper-v-on-windows-server-2008-r2). - -**Important**:You should take advantage of [enhanced session mode](https://technet.microsoft.com/windows-server-docs/compute/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect) when completing instructions in this guide. Enhanced session mode enables you to copy and paste the commands. After copying some text, you can paste into a Windows PowerShell window by simply right-clicking. Before right-clicking, do not left click other locations as this can empty the clipboard. You can also copy and paste files directly from one computer to another by right-clicking and selecting copy, then right-clicking and selecting paste. - -Instructions to "type" commands provided in this guide can be typed, but in most cases the preferred method is to copy and paste these commands. - -1. Open an elevated Windows PowerShell window and type the following command to create two virtual switches named "poc-internal" and "poc-external": - >If the Hyper-V host already has an external virtual switch bound to a physical NIC, do not attempt to add a second external virtual switch. Attempting to add a second external switch will result in an error indicating that the NIC is "**already bound to the Microsoft Virtual Switch protocol.**" In this case, choose one of the following options:
-    a) Remove the existing external virtual switch, then add the poc-external switch
-    b) Rename the existing external switch to "poc-external"
-    c) Replace each instance of "poc-external" used in this guide with the name of your existing external virtual switch
- If you choose b) or c), then do not run the second command below. - - ``` - New-VMSwitch -Name poc-internal -SwitchType Internal -Notes "PoC Network" - New-VMSwitch -Name poc-external -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and $_.NdisPhysicalMedium -eq 14}).Name -Notes "PoC External" - ``` - >Also, since an external virtual switch is associated to a physical network adapter on the Hyper-V host, this adapter must be specified when adding the virtual switch. This is automated in the example here by filtering for active ethernet adapters using the Get-NetAdapter cmdlet. If your Hyper-V host has multiple active ethernet adapters, this automation will not work, and the second command above will fail. In this case, you must edit the command used to add the "poc-external" virtual switch by inserting the specific value needed for the -NetAdapterName option. This value corresponds to the name of the network interface you wish to use. - -2. At the elevated Windows PowerShell prompt, type the following command to determine the megabytes of RAM that are currently available on the Hyper-V host: - - ``` - (Get-Counter -Counter @("\Memory\Available MBytes")).countersamples.cookedvalue - ``` - >This command will display the megabytes of RAM available. On a Hyper-V host computer with 16 GB of physical RAM installed, 12,000 MB of RAM or greater should be available if the computer is not also running other applications. If the computer has less than 12,000 MB of available RAM, try closing applications to free up more memory. - -3. Determine the available memory for VMs by dividing the available RAM by 4. For example: - - ``` - (Get-Counter -Counter @("\Memory\Available MBytes")).countersamples.cookedvalue/4 - 2775.5 - ``` - In this example, VMs can use a maximum of 2700 MB of RAM each, to run four VMs simultaneously. - -4. At the elevated Windows PowerShell prompt, type the following command to create three new VMs. The fourth VM will be added later. - >**Important**: Replace the value of 2700MB in the first command below with the RAM value that you calculated in the previous step: - - ``` - $maxRAM = 2700MB - New-VM –Name "DC1" –VHDPath c:\vhd\2012R2-poc-1.vhd -SwitchName poc-internal - Set-VMMemory -VMName "DC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 - Enable-VMIntegrationService –Name "Guest Service Interface" -VMName DC1 - New-VM –Name "SRV1" –VHDPath c:\vhd\2012R2-poc-2.vhd -SwitchName poc-internal - Add-VMNetworkAdapter -VMName "SRV1" -SwitchName "poc-external" - Set-VMMemory -VMName "SRV1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 - Enable-VMIntegrationService –Name "Guest Service Interface" -VMName SRV1 - New-VM –Name "PC1" –VHDPath c:\vhd\w7.vhdx -SwitchName poc-internal - Set-VMMemory -VMName "PC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20 - Enable-VMIntegrationService –Name "Guest Service Interface" -VMName PC1 - ``` -### Configure VHDs - -1. At an elevated Windows PowerShell prompt on the Hyper-V host, start the first VM by typing the following command: - - ``` - Start-VM DC1 - ``` -2. Wait for the VM to complete starting up, and then connect to it either using the Hyper-V Manager console (virtmgmt.msc) or using an elevated command prompt on the Hyper-V host: - - ``` - vmconnect localhost DC1 - ``` -3. Click **Next** to accept the default settings, read the license terms and click **I accept**, provide an administrator password of **pass@word1**, and click **Finish**. -4. Sign in to DC1 using the local administrator account. Right-click **Start**, point to **Shut down or sign out**, and click **Sign out**. The VM connection will reset and a new connection dialog box will appear enabling you to choose a custom display configuration. Select a desktop size, click **Connect** and sign in with the local Administrator account. Note: Signing in this way ensures that [enhanced session mode](https://technet.microsoft.com/windows-server-docs/compute/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect) is enabled. It is only necessary to do this the first time you sign in to a new VM. -5. If DC1 is configured as described in this guide, it will currently be assigned an APIPA address, have a randomly generated hostname, and a single network adapter named "Ethernet." Open an elevated Windows PowerShell prompt on DC1 and type or paste the following commands to provide a new hostname and configure a static IP address and gateway: - - ``` - Rename-Computer DC1 - New-NetIPAddress –InterfaceAlias Ethernet –IPAddress 192.168.0.1 –PrefixLength 24 -DefaultGateway 192.168.0.2 - Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.0.1,192.168.0.2 - ``` - >The default gateway at 192.168.0.2 will be configured later in this guide. -6. Install the Active Directory Domain Services role by typing the following command at an elevated Windows PowerShell prompt: - - ``` - Install-WindowsFeature -Name AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools - ``` - -7. Before promoting DC1 to a Domain Controller, you must reboot so that the name change in step 3 above takes effect. To restart the computer, type the following command at an elevated Windows PowerShell prompt: - - ``` - Restart-Computer - ``` - -8. When DC1 has rebooted, sign in again and open an elevated Windows PowerShell prompt. Now you can promote the server to be a domain controller. The directory services restore mode password must be entered as a secure string: - - ``` - $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force - Install-ADDSForest -DomainName contoso.com -InstallDns -SafeModeAdministratorPassword $pass -Force - ``` - Ignore any warnings that are displayed. The computer will automatically reboot upon completion. -9. When the reboot has completed, reconnect to DC1, sign in using the CONTOSO\Administrator account, open an elevated Windows PowerShell prompt, and use the following commands to add a reverse lookup zone for the PoC network, add the DHCP Server role, authorize DHCP in Active Directory, and supress the post-DHCP-install alert: - - ``` - Add-DnsServerPrimaryZone -NetworkID "192.168.0.0/24" -ReplicationScope Forest - Add-WindowsFeature -Name DHCP -IncludeManagementTools - netsh dhcp add securitygroups - Restart-Service DHCPServer - Add-DhcpServerInDC dc1.contoso.com 192.168.0.1 - Set-ItemProperty –Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles\12 –Name ConfigurationState –Value 2 - ``` -10. Next, add a DHCP scope and set option values: - - ``` - Add-DhcpServerv4Scope -Name "PoC Scope" -StartRange 192.168.0.100 -EndRange 192.168.0.199 -SubnetMask 255.255.255.0 -Description "Windows 10 PoC" -State Active - Set-DhcpServerv4OptionValue -ScopeId 192.168.0.0 -DnsDomain contoso.com -Router 192.168.0.2 -DnsServer 192.168.0.1,192.168.0.2 -Force - ``` - >The -Force option is necessary when adding scope options to skip validation of 192.168.0.2 as a DNS server because we have not configured it yet. The scope should immediately begin issuing leases on the PoC network. The first DHCP lease that will be issued is to vEthernet interface on the Hyper-V host, which is a member of the internal network. -11. Add a user account to the contoso.com domain that can be used with client computers: - - ``` - New-ADUser -Name "User1" -UserPrincipalName user1 -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true - ``` -12. The DNS server role will also be installed on the member server, SRV1, at 192.168.0.2 so that we can forward DNS queries from DC1 to SRV1 to resolve Internet names without having to configure a forwarder outside the PoC network. Since the IP address of SRV1 already existed on DC1's network adapter, it will be automatically added during the DCPROMO process. To verify this server-level DNS forwarder on DC1, type the following command at an elevated Windows PowerShell prompt on DC1: - - ``` - Get-DnsServerForwarder - ``` - The following output should be displayed: - ``` - UseRootHint : True - Timeout(s) : 3 - EnableReordering : True - IPAddress : 192.168.0.2 - ReorderedIPAddress : 192.168.0.2 - ``` - If this output is not displayed, you can use the following command to add SRV1 as a forwarder: - ``` - Add-DnsServerForwarder -IPAddress 192.168.0.2 - ``` -13. Minimize the DC1 VM window but **do not stop** the VM. - - Next, the client VM will be started and joined to the contoso.com domain. This is done before adding a gateway to the PoC network so that there is no danger of duplicate DNS registrations for the physical client and its cloned VM in the corporate domain. - -14. Using an elevated Windows PowerShell prompt on the Hyper-V host, start the client VM (PC1), and connect to it: - ``` - Start-VM PC1 - vmconnect localhost PC1 - ``` -15. Sign on to PC1 using an account that has local administrator rights. - - >PC1 will be disconnected from its current domain, so you cannot use a domain account to sign on unless these credentials are cached and the use of cached credentials is permitted by Group Policy. If cached credentials are available and permitted, you can use these credentials to sign in. Otherwise, use an existing local administrator account. -16. After signing in, the operating system detects that it is running in a new environment. New drivers will be automatically installed, including the network adapter driver. The network adapter driver must be updated before you can proceed, so that you will be able to join the contoso.com domain. Depending on the resources allocated to PC1, installing the network adapter driver might take a few minutes. - - ![PoC](images/installing-drivers.png) - - >If the client was configured with a static address, you must change this to a dynamic one so that it can obtain a DHCP lease. - -17. When the new network adapter driver has completed installation, you will receive an alert to set a network location for the contoso.com network. Select **Work network** and then click **Close**. When you receive an alert that a restart is required, click **Restart Later**. -18. Open an elevated Windows PowerShell prompt on PC1 and verify that the client VM has received a DHCP lease and can communicate with the consoto.com domain controller. - - To open Windows PowerShell on Windows 7, click **Start**, and search for "**power**." - - ``` - ipconfig - - Windows IP Configuration - - Ethernet adapter Local Area Connection 3: - Connection-specific DNS Suffix . : contoso.com - Link-local IPv6 Address . . . . . : fe80::64c2:4d2a:7403:6e02%18 - Ipv4 Address. . . . . . . . . . . : 192.168.0.101 - Subnet Mask . . . . . . . . . . . : 255.255.255.0 - Default Gateway . . . . . . . . . : 192.168.0.2 - - ping dc1.contoso.com - - Pinging dc1.contoso.com [192.168.0.1] with 32 bytes of data: - Reply from 192.168.0.1: bytes=32 time<1ms TTL=128 - Reply from 192.168.0.1: bytes=32 time<1ms TTL=128 - Reply from 192.168.0.1: bytes=32 time<1ms TTL=128 - Reply from 192.168.0.1: bytes=32 time<1ms TTL=128 - - nltest /dsgetdc:contoso.com - DC: \\DC1 - Address: \\192.168.0.1 - Dom Guid: fdbd0643-d664-411b-aea0-fe343d7670a8 - Dom Name: CONTOSO - Forest Name: contoso.com - Dc Site Name: Default-First-Site-Name - Our Site Name: Default-First-Site-Name - Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_FOREST CLOSE_SITE FULL_SECRET WS 0xC000 - ``` ->If PC1 is running Windows 7, enhanced session mode is not available, which means that you cannot copy and paste commands from the Hyper-V host to a Windows PowerShell prompt on PC1. However, it is possible to use integration services to copy a file from the Hyper-V host to a VM. The next procedure demonstrates this. If the Copy-VMFile command fails, then type the commands below at an elevated Windows PowerShell prompt on PC1 instead of saving them to a script to run remotely. If PC1 is running Windows 8 or a later operating system, you can use enhanced session mode to copy and paste these commands instead of typing them. - -19. Open an elevated Windows PowerShell ISE window on the Hyper-V host and type the following commands in the (upper) script editor pane: - - ``` - (Get-WmiObject Win32_ComputerSystem).UnjoinDomainOrWorkgroup($null,$null,0) - $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force - $user = "contoso\administrator" - $cred = New-Object System.Management.Automation.PSCredential($user,$pass) - Add-Computer -DomainName contoso.com -Credential $cred - Restart-Computer - ``` -20. Click **File**, click **Save As**, and save the commands as **c:\VHD\ps1.ps1** on the Hyper-V host. -21. In the (lower) terminal input window, type the following command to copy the script to PC1 using integration services: - - ``` - Copy-VMFile "PC1" –SourcePath "C:\VHD\pc1.ps1" –DestinationPath "C:\pc1.ps1" –CreateFullPath –FileSource Host - ``` - >In order for this command to work properly, PC1 must be running the vmicguestinterface (Hyper-V Guest Service Interface) service. -22. On PC1, type the following commands at an elevated Windows PowerShell prompt: - - ``` - Get-Content c:\pc1.ps1 | powershell.exe -noprofile - - ``` - - >PC1 is removed from its domain in this step while not connected to the corporate network so as to ensure the computer object in the corporate domain is unaffected. We have not also renamed PC1 to "PC1" in system properties so that it maintains some of its mirrored identity. However, if desired you can also rename the computer. - -23. After PC1 restarts, sign in to the contoso.com domain with the (user1) account you created in step 11 of this section. - >The settings that will be used to migrate user data specifically select only accounts that belong to the CONTOSO domain. If you wish to test migration of user data and settings with an account other than the user1 account, you must copy this account's profile to the user1 profile. -24. Minimize the PC1 window but do not turn it off while the second Windows Server 2012 R2 VM (SRV1) is configured. This verifies that the Hyper-V host has enough resources to run all VMs simultaneously. Next, SRV1 will be started, joined to the contoso.com domain, and configured with RRAS and DNS services. -25. On the Hyper-V host computer, at an elevated Windows PowerShell prompt, type the following commands: - - ``` - Start-VM SRV1 - vmconnect localhost SRV1 - ``` -26. Accept the default settings, read license terms and accept them, provide an administrator password of **pass@word1**, and click **Finish**. When you are prompted about finding PCs, devices, and content on the network, click **Yes**. -27. Sign in to SRV1 using the local administrator account. In the same way that was done on DC1, sign out of SRV1 and then sign in again to enable enhanced session mode. This will enable you to copy and paste Windows PowerShell commands from the Hyper-V host to the VM. -28. Open an elevated Windows PowerShell prompt on SRV1 and type the following commands: - - ``` - Rename-Computer SRV1 - New-NetIPAddress –InterfaceAlias Ethernet –IPAddress 192.168.0.2 –PrefixLength 24 - Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.0.1,192.168.0.2 - Restart-Computer - ``` -29. Wait for the computer to restart, then type or paste the following commands at an elevated Windows PowerShell prompt: - - ``` - $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force - $user = "contoso\administrator" - $cred = New-Object System.Management.Automation.PSCredential($user,$pass) - Add-Computer -DomainName contoso.com -Credential $cred - Restart-Computer - ``` -30. Sign in to the contoso.com domain on SRV1 using the domain administrator account (enter contoso\administrator as the user), open an elevated Windows PowerShell prompt, and type the following commands: - - ``` - Install-WindowsFeature -Name DNS -IncludeManagementTools - Install-WindowsFeature -Name WDS -IncludeManagementTools - Install-WindowsFeature -Name Routing -IncludeManagementTools - ``` -31. Before configuring the routing service that was just installed, verify that network interfaces were added to SRV1 in the right order, resulting in an interface alias of "Ethernet" for the private interface, and an interface alias of "Ethernet 2" for the public interface. Also verify that the external interface has a valid external DHCP IP address lease. - - To view a list of interfaces and their associated interface aliases on the VM, use the following Windows PowerShell command. Example output of the command is also shown below: - - ``` - Get-NetAdapter | ? status -eq ‘up’ | Get-NetIPAddress -AddressFamily IPv4 | ft IPAddress, InterfaceAlias - - IPAddress InterfaceAlias - --------- -------------- - 10.137.130.118 Ethernet 2 - 192.168.0.2 Ethernet - ``` - In this example, the poc-internal network interface at 192.168.0.2 is associated with the "Ethernet" interface and the Internet-facing poc-external interface is associated with the "Ethernet 2" interface. If your interfaces are different, you must adjust the commands provided in the next step appropriately to configure routing services. - -32. To configure SRV1 with routing capability for the PoC network, type or paste the following commands at an elevated Windows PowerShell prompt on SRV1: - - ``` - Install-RemoteAccess -VpnType Vpn - cmd /c netsh routing ip nat install - cmd /c netsh routing ip nat add interface name="Ethernet 2" mode=FULL - cmd /c netsh routing ip nat add interface name="Ethernet" mode=PRIVATE - cmd /c netsh routing ip nat add interface name="Internal" mode=PRIVATE - ``` -33. The DNS service on SRV1 also needs to resolve hosts in the contoso.com domain. This can be accomplished with a conditional forwarder. Open an elevated Windows PowerShell prompt on SRV1 and type the following command: - - ``` - Add-DnsServerConditionalForwarderZone -Name contoso.com -MasterServers 192.168.0.1 - ``` -34. In most cases, this completes configuration of the PoC network. However, if your corporate network has a firewall that filters queries from local DNS servers, you will also need to configure a server-level DNS forwarder on SRV1 to resolve Internet names. To test whether or not DNS is working without this forwarder, try to reach a name on the Internet from DC1 or PC1, which are only using DNS services on the PoC network. You can test DNS with the ping command, for example: - - ``` - ping www.microsoft.com - ``` - If you see "Ping request could not find host www.microsoft.com" on PC1 and DC1, but not on SRV1, then you will need to configure a server-level DNS forwarder on SRV1. To do this, open an elevated Windows PowerShell prompt on SRV1 and type the following command. - - **Note**: This command also assumes that "Ethernet 2" is the external-facing network adapter on SRV1. If the external adapter has a different name, replace "Ethernet 2" in the command below with that name: - - ``` - Add-DnsServerForwarder -IPAddress (Get-DnsClientServerAddress -InterfaceAlias "Ethernet 2").ServerAddresses - ``` -35. If DNS and routing are both working correctly, you will see the following on DC1 and PC1: - - ``` - PS C:\> ping www.microsoft.com - - Pinging e2847.dspb.akamaiedge.net [23.222.146.170] with 32 bytes of data: - Reply from 23.222.146.170: bytes=32 time=3ms TTL=51 - Reply from 23.222.146.170: bytes=32 time=2ms TTL=51 - Reply from 23.222.146.170: bytes=32 time=2ms TTL=51 - Reply from 23.222.146.170: bytes=32 time=1ms TTL=51 - - Ping statistics for 23.222.146.170: - Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), - Approximate round trip times in milli-seconds: - Minimum = 1ms, Maximum = 3ms, Average = 2ms - ``` -36. Verify that all three VMs can reach each other, and the Internet. See [Appendix B: Verify the configuration](#appendix-b-verify-the-configuration) for more information. -37. Lastly, because the client computer has different hardware after copying it to a VM, its Windows activation will be invalidated and you might receive a message that you must activate Windows in 3 days. To extend this period to 30 days, type the following commands at an elevated Windows PowerShell prompt on PC1: - - ``` - slmgr -rearm - Restart-Computer - ``` - -## Appendix A: Configuring Hyper-V on Windows Server 2008 R2 - -If your Hyper-V host is running Windows Server 2008 R2, several of the steps in this guide will not work because they use the Hyper-V Module for Windows PowerShell, which is not available on Windows Server 2008 R2. - -To manage Hyper-V on Windows Server 2008 R2, you can use Hyper-V WMI, or you can use the Hyper-V Manager console. - -An example that uses Hyper-V WMI to create a virtual switch on Windows Server 2008 R2 is provided below. Converting all Hyper-V module commands used in this guide to Hyper-V WMI is beyond the scope of the guide. If you must use a Hyper-V host running Windows Server 2008 R2, the steps in the guide can be accomplished by using the Hyper-V Manager console. - -``` -$SwitchFriendlyName = "poc-internal" -$InternalEthernetPortFriendlyName = $SwitchFriendlyName -$InternalSwitchPortFriendlyName = "poc" -$SwitchName = [guid]::NewGuid().ToString() -$InternalSwitchPortName = [guid]::NewGuid().ToString() -$InternalEthernetPortName = [guid]::NewGuid().ToString() -$NumLearnableAddresses = 1024 -$ScopeOfResidence = "" -$VirtualSwitchManagementService = gwmi Msvm_VirtualSwitchManagementService -namespace "root\virtualization" -$Result = $VirtualSwitchManagementService.CreateSwitch($SwitchName, $SwitchFriendlyName, $NumLearnableAddresses, $ScopeOfResidence) -$Switch = [WMI]$Result.CreatedVirtualSwitch -$Result = $VirtualSwitchManagementService.CreateSwitchPort($Switch, $InternalSwitchPortName, $InternalSwitchPortFriendlyName, $ScopeOfResidence) -$InternalSwitchPort = [WMI]$Result.CreatedSwitchPort -$Result = $VirtualSwitchManagementService.CreateInternalEthernetPortDynamicMac($InternalEthernetPortName, $InternalEthernetPortFriendlyName) -$InternalEthernetPort = [WMI]$Result.CreatedInternalEthernetPort -$query = "Associators of {$InternalEthernetPort} Where ResultClass=CIM_LanEndpoint" -$InternalLanEndPoint = gwmi -namespace root\virtualization -query $query -$Result = $VirtualSwitchManagementService.ConnectSwitchPort($InternalSwitchPort, $InternalLanEndPoint) -$filter = "SettingID='" + $InternalEthernetPort.DeviceID +"'" -$NetworkAdapterConfiguration = gwmi Win32_NetworkAdapterConfiguration -filter $filter -``` -To install Hyper-V on Windows Server 2008 R2, you can use the Add-WindowsFeature cmdlet: - -``` -Add-WindowsFeature -Name Hyper-V -``` -For more information about the Hyper-V Manager interface in Windows Server 2008 R2, see [Hyper-V](https://technet.microsoft.com/library/cc730764.aspx) in the Windows Server TechNet Library. - -## Appendix B: Verify the configuration - -Use the following procedures to verify that the PoC environment is configured properly and working as expected. - -1. On DC1, open an elevated Windows PowerShell prompt and type the following commands: - - ``` - Get-Service NTDS,DNS,DHCP - DCDiag -a - Get-DnsServerResourceRecord -ZoneName contoso.com -RRType A - Get-DnsServerForwarder - Resolve-DnsName -Server dc1.contoso.com -Name www.microsoft.com - Get-DhcpServerInDC - Get-DhcpServerv4Statistics - ipconfig /all - ``` - **Get-Service** displays a status of "Running" for all three services.
- **DCDiag** displays "passed test" for all tests.
- **Get-DnsServerResourceRecord** displays the correct DNS address records for DC1, SRV1, and the computername of PC1. Additional address records for the zone apex (@), DomainDnsZones, and ForestDnsZones will also be registered.
- **Get-DnsServerForwarder** displays a single forwarder of 192.168.0.2.
- **Resolve-DnsName** displays public IP address results for www.microsoft.com.
- **Get-DhcpServerInDC** displays 192.168.0.1, dc1.contoso.com.
- **Get-DhcpServerv4Statistics** displays 1 scope with 2 addresses in use (these belong to PC1 and the Hyper-V host).
- **ipconfig** displays a primary DNS suffix and suffix search list of contoso.com, IP address of 192.168.0.1, subnet mask of 255.255.255.0, default gateway of 192.168.0.2, and DNS server addresses of 192.168.0.1 and 192.168.0.2. - -2. On SRV1, open an elevated Windows PowerShell prompt and type the following commands: - - ``` - Get-Service DNS,RemoteAccess - Get-DnsServerForwarder - Resolve-DnsName -Server dc1.contoso.com -Name www.microsoft.com - ipconfig /all - netsh int ipv4 show address - ``` - **Get-Service** displays a status of "Running" for both services.
- **Get-DnsServerForwarder** either displays no forwarders, or displays a list of forwarders you are required to use so that SRV1 can resolve Internet names.
- **Resolve-DnsName** displays public IP address results for www.microsoft.com.
- **ipconfig** displays a primary DNS suffix of contoso.com. The suffix search list contains contoso.com and your corporate domain. Two ethernet adapters are shown: Ethernet adapter "Ethernet" has an IP addresses of 192.168.0.2, subnet mask of 255.255.255.0, no default gateway, and DNS server addresses of 192.168.0.1 and 192.168.0.2. Ethernet adapter "Ethernet 2" has an IP address, subnet mask, and default gateway configured by DHCP on your corporate network.
- **netsh** displays three interfaces on the computer: interface "Ethernet 2" with DHCP enabled = Yes and IP address assigned by your corporate network, interface "Ethernet" with DHCP enabled = No and IP address of 192.168.0.2, and interface "Loopback Pseudo-Interface 1" with IP address of 127.0.0.1. - -3. On PC1, open an elevated Windows PowerShell prompt and type the following commands: - - ``` - whoami - hostname - nslookup www.microsoft.com - ping -n 1 dc1.contoso.com - tracert www.microsoft.com - ``` - **whoami** displays the current user context, for example in an elevated Windows PowerShell prompt, contoso\administrator is displayed.
- **hostname** displays the name of the local computer, for example W7PC-001.
- **nslookup** displays the DNS server used for the query, and the results of the query. For example, server dc1.contoso.com, address 192.168.0.1, Name e2847.dspb.akamaiedge.net.
- **ping** displays if the source can resolve the target name, and whether or not the target responds to ICMP. If it cannot be resolved, "..could not find host" will be diplayed and if the target is found and also responds to ICMP, you will see "Reply from" and the IP address of the target.
- **tracert** displays the path to reach the destination, for example srv1.contoso.com [192.168.0.2] followed by a list of hosts and IP addresses corresponding to subsequent routing nodes between the source and the destination. - -## Related Topics - -[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) -  - -  - - - - - From 60f594743bf1cf83ae7bd370983b64dbf352d73f Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 12 Sep 2016 16:59:17 -0700 Subject: [PATCH 36/53] added loc --- ...rating-system-image-using-configuration-manager.md | 1 + ...ent-with-windows-pe-using-configuration-manager.md | 1 + .../assign-applications-using-roles-in-mdt-2013.md | 1 + ...stributed-environment-for-windows-10-deployment.md | 3 +++ .../configure-a-pxe-server-to-load-windows-pe.md | 1 + .../deploy/configure-mdt-2013-for-userexit-scripts.md | 1 + windows/deploy/configure-mdt-2013-settings.md | 1 + .../deploy/configure-mdt-deployment-share-rules.md | 1 + ...indows-pe-boot-image-with-configuration-manager.md | 1 + ...ask-sequence-with-configuration-manager-and-mdt.md | 1 + windows/deploy/create-a-windows-10-reference-image.md | 11 +++++++++++ ...loy-with-windows-10-using-configuration-manager.md | 1 + windows/deploy/deploy-a-windows-10-image-using-mdt.md | 3 +++ ...-windows-10-using-pxe-and-configuration-manager.md | 1 + ...ith-system-center-2012-r2-configuration-manager.md | 1 + ...indows-10-with-the-microsoft-deployment-toolkit.md | 1 + ...indows-10-deployment-with-configuration-manager.md | 1 + ...t-started-with-the-microsoft-deployment-toolkit.md | 1 + .../integrate-configuration-manager-with-mdt-2013.md | 1 + windows/deploy/key-features-in-mdt-2013.md | 1 + windows/deploy/mdt-2013-lite-touch-components.md | 1 + ...indows-10-deployment-with-configuration-manager.md | 1 + .../prepare-for-windows-deployment-with-mdt-2013.md | 1 + ...lation-of-windows-10-with-configuration-manager.md | 1 + ...ent-with-windows-10-using-configuration-manager.md | 1 + .../refresh-a-windows-7-computer-with-windows-10.md | 2 ++ ...ent-with-windows-10-using-configuration-manager.md | 1 + ...a-windows-7-computer-with-a-windows-10-computer.md | 1 + windows/deploy/set-up-mdt-2013-for-bitlocker.md | 1 + ...e-a-windows-10-deployment-in-a-test-environment.md | 1 + ...dows-10-with-system-center-configuraton-manager.md | 1 + ...indows-10-with-the-microsoft-deployment-toolkit.md | 1 + windows/deploy/upgrade-windows-phone-8-1-to-10.md | 1 + .../deploy/use-orchestrator-runbooks-with-mdt-2013.md | 1 + ...base-to-stage-windows-10-deployment-information.md | 1 + windows/deploy/use-web-services-in-mdt-2013.md | 1 + windows/deploy/windows-10-deployment-scenarios.md | 1 + windows/deploy/windows-10-edition-upgrades.md | 1 + windows/deploy/windows-10-upgrade-paths.md | 1 + windows/deploy/windows-adk-scenarios-for-it-pros.md | 1 + windows/plan/windows-10-compatibility.md | 1 + windows/plan/windows-10-deployment-considerations.md | 1 + .../plan/windows-10-infrastructure-requirements.md | 1 + 43 files changed, 58 insertions(+) diff --git a/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md index 5a3eadbc33..8fb81af58a 100644 --- a/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md +++ b/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md @@ -5,6 +5,7 @@ ms.assetid: 77f769cc-1a47-4f36-8082-201cd77b8d3b keywords: image, deploy, distribute ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md index de701986b4..425d7331d5 100644 --- a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md +++ b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md @@ -4,6 +4,7 @@ description: In this topic, you will learn how to configure the Windows Preinsta ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c keywords: deploy, task sequence ms.prod: w10 +localizationpriority: high ms.mktglfcycl: deploy ms.sitesec: library author: mtniehaus diff --git a/windows/deploy/assign-applications-using-roles-in-mdt-2013.md b/windows/deploy/assign-applications-using-roles-in-mdt-2013.md index 1319888616..a6e7d69377 100644 --- a/windows/deploy/assign-applications-using-roles-in-mdt-2013.md +++ b/windows/deploy/assign-applications-using-roles-in-mdt-2013.md @@ -5,6 +5,7 @@ ms.assetid: d82902e4-de9c-4bc4-afe0-41d649b83ce7 keywords: settings, database, deploy ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md index f015c71c1f..010284c04f 100644 --- a/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md +++ b/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md @@ -5,6 +5,7 @@ ms.assetid: a6cd5657-6a16-4fff-bfb4-44760902d00c keywords: replication, replicate, deploy, configure, remote ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus @@ -76,6 +77,7 @@ Setting up DFS-R for replication is a quick and straightforward process. You pre ![figure 3](images/mdt-10-fig03.png) Figure 3. Sharing the **E:\\MDTProduction folder** on MDT02. + ### Configure the deployment share When you have multiple deployment servers sharing the same content, you need to configure the Bootstrap.ini file with information about which server to connect to based on where the client is located. In MDT, that can be done by using the DefaultGateway property. @@ -146,6 +148,7 @@ Once the MDT01 and MDT02 servers are prepared, you are ready to configure the ac 1. In the **Staging** tab, set the quota to **20480 MB**. 2. In the **Advanced** tab, set the quota to **8192 MB**. In this scenario the size of the deployment share is known, but you might need to change the values for your environment. A good rule of thumb is to get the size of the 16 largest files and make sure they fit in the staging area. Here is a Windows PowerShell example that calculates the size of the 16 largest files in the E:\\MDTProduction deployment share: + ``` syntax (Get-ChildItem E:\MDTProduction -Recurse | Sort-Object Length -Descending | Select-Object -First 16 | Measure-Object -Property Length -Sum).Sum /1GB ``` diff --git a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md index 61bc2e47c8..27ab81464f 100644 --- a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md +++ b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md @@ -4,6 +4,7 @@ description: This topic describes how to configure a PXE server to load Windows keywords: upgrade, update, windows, windows 10, pxe, WinPE, image, wim ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: deploy author: greg-lindsay diff --git a/windows/deploy/configure-mdt-2013-for-userexit-scripts.md b/windows/deploy/configure-mdt-2013-for-userexit-scripts.md index a94bee6b7b..c95b0fc69e 100644 --- a/windows/deploy/configure-mdt-2013-for-userexit-scripts.md +++ b/windows/deploy/configure-mdt-2013-for-userexit-scripts.md @@ -5,6 +5,7 @@ ms.assetid: 29a421d1-12d2-414e-86dc-25b62f5238a7 keywords: rules, script ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/configure-mdt-2013-settings.md b/windows/deploy/configure-mdt-2013-settings.md index ba84efd5c1..46c1e30220 100644 --- a/windows/deploy/configure-mdt-2013-settings.md +++ b/windows/deploy/configure-mdt-2013-settings.md @@ -5,6 +5,7 @@ ms.assetid: d3e1280c-3d1b-4fad-8ac4-b65dc711f122 keywords: customize, customization, deploy, features, tools ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/configure-mdt-deployment-share-rules.md b/windows/deploy/configure-mdt-deployment-share-rules.md index 5eeadbbfd6..97a448f5da 100644 --- a/windows/deploy/configure-mdt-deployment-share-rules.md +++ b/windows/deploy/configure-mdt-deployment-share-rules.md @@ -5,6 +5,7 @@ ms.assetid: b5ce2360-33cc-4b14-b291-16f75797391b keywords: rules, configuration, automate, deploy ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md index a5cbfb7886..3d55bb7385 100644 --- a/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md +++ b/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md @@ -5,6 +5,7 @@ ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809 keywords: tool, customize, deploy, boot image ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md index 0838ebde59..c00676a646 100644 --- a/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md +++ b/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md @@ -5,6 +5,7 @@ ms.assetid: 0b069bec-5be8-47c6-bf64-7a630f41ac98 keywords: deploy, upgrade, task sequence, install ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.pagetype: mdt ms.sitesec: library author: mtniehaus diff --git a/windows/deploy/create-a-windows-10-reference-image.md b/windows/deploy/create-a-windows-10-reference-image.md index 50ec7f2fcf..f17a464eba 100644 --- a/windows/deploy/create-a-windows-10-reference-image.md +++ b/windows/deploy/create-a-windows-10-reference-image.md @@ -5,6 +5,7 @@ ms.assetid: 9da2fb57-f2ff-4fce-a858-4ae4c237b5aa keywords: deploy, deployment, configure, customize, install, installation ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus @@ -164,6 +165,7 @@ You also can customize the Office installation using a Config.xml file. But we r If you need to add many applications, you can take advantage of the PowerShell support that MDT has. To start using PowerShell against the deployment share, you must first load the MDT PowerShell snap-in and then make the deployment share a PowerShell drive (PSDrive). 1. On MDT01, log on as **CONTOSO\\Administrator**. 2. Import the snap-in and create the PSDrive by running the following commands in an elevated PowerShell prompt: + ``` syntax Import-Topic "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1" New-PSDrive -Name "DS001" -PSProvider MDTProvider -Root "E:\MDTBuildLab" @@ -173,7 +175,9 @@ If you need to add many applications, you can take advantage of the PowerShell s In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2005SP1x86. 1. On MDT01, log on as **CONTOSO\\Administrator**. + 2. Create the application by running the following commands in an elevated PowerShell prompt: + ``` syntax $ApplicationName = "Install - Microsoft Visual C++ 2005 SP1 - x86" $CommandLine = "vcredist_x86.exe /Q" @@ -187,6 +191,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1 In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2005SP1x64. 1. On MDT01, log on as **CONTOSO\\Administrator**. 2. Create the application by running the following commands in an elevated PowerShell prompt: + ``` syntax $ApplicationName = "Install - Microsoft Visual C++ 2005 SP1 - x64" $CommandLine = "vcredist_x64.exe /Q" @@ -200,6 +205,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1 In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2008SP1x86. 1. On MDT01, log on as **CONTOSO\\Administrator**. 2. Create the application by running the following commands in an elevated PowerShell prompt: + ``` syntax $ApplicationName = "Install - Microsoft Visual C++ 2008 SP1 - x86" $CommandLine = "vcredist_x86.exe /Q" @@ -213,6 +219,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1 In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2008SP1x64. 1. On MDT01, log on as **CONTOSO\\Administrator**. 2. Create the application by running the following commands in an elevated PowerShell prompt: + ``` syntax $ApplicationName = "Install - Microsoft Visual C++ 2008 SP1 - x64" $CommandLine = "vcredist_x64.exe /Q" @@ -226,6 +233,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1 In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2010SP1x86. 1. On MDT01, log on as **CONTOSO\\Administrator**. 2. Create the application by running the following commands in an elevated PowerShell prompt: + ``` syntax $ApplicationName = "Install - Microsoft Visual C++ 2010 SP1 - x86" $CommandLine = "vcredist_x86.exe /Q" @@ -239,6 +247,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1 In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2010SP1x64. 1. On MDT01, log on as **CONTOSO\\Administrator**. 2. Create the application by running the following commands in an elevated PowerShell prompt: + ``` syntax $ApplicationName = "Install - Microsoft Visual C++ 2010 SP1 - x64" $CommandLine = "vcredist_x64.exe /Q" @@ -252,6 +261,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1 In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Update 4 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2012Ux86. 1. On MDT01, log on as **CONTOSO\\Administrator**. 2. Create the application by running the following commands in an elevated PowerShell prompt: + ``` syntax $ApplicationName = "Install - Microsoft Visual C++ 2012 Update 4 - x86" $CommandLine = "vcredist_x86.exe /Q" @@ -265,6 +275,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Upda In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Update 4 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2012Ux64. 1. On MDT01, log on as **CONTOSO\\Administrator**. 2. Create the application by running the following commands in an elevated PowerShell prompt: + ``` syntax $ApplicationName = "Install - Microsoft Visual C++ 2012 Update 4 - x64" $CommandLine = "vcredist_x64.exe /Q" diff --git a/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md index 5dbd28f0c8..28f0c95e14 100644 --- a/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md +++ b/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md @@ -5,6 +5,7 @@ ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c keywords: deployment, task sequence, custom, customize ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/deploy-a-windows-10-image-using-mdt.md b/windows/deploy/deploy-a-windows-10-image-using-mdt.md index 7f92cbc0d8..ff1d3cbfc5 100644 --- a/windows/deploy/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deploy/deploy-a-windows-10-image-using-mdt.md @@ -5,6 +5,7 @@ ms.assetid: 1d70a3d8-1b1d-4051-b656-c0393a93f83c keywords: deployment, automate, tools, configure ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus @@ -304,6 +305,7 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh 2. CustomSettings.ini 2. Right-click the **MDT Production** deployment share and select **Properties**. 3. Select the **Rules** tab and modify using the following information: + ``` syntax [Settings] Priority=Default @@ -340,6 +342,7 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh SkipFinalSummary=NO ``` 4. Click **Edit Bootstrap.ini** and modify using the following information: + ``` syntax [Settings] Priority=Default diff --git a/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md index 2bc874cf8b..1a6a52fffb 100644 --- a/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md +++ b/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md @@ -5,6 +5,7 @@ ms.assetid: fb93f514-5b30-4f4b-99dc-58e6860009fa keywords: deployment, image, UEFI, task sequence ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md b/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md index e3e558c24b..dbda9cd4e4 100644 --- a/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md +++ b/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md @@ -4,6 +4,7 @@ description: If you have Microsoft System Center 2012 R2 Configuration Manager ms.assetid: eacd7b7b-dde0-423d-97cd-29bde9e8b363 keywords: deployment, custom, boot ms.prod: w10 +localizationpriority: high ms.mktglfcycl: deploy ms.sitesec: library author: mtniehaus diff --git a/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md index 93028930c5..2569518b35 100644 --- a/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md +++ b/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md @@ -6,6 +6,7 @@ keywords: deploy, tools, configure, script ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library +localizationpriority: high author: mtniehaus ms.pagetype: mdt --- diff --git a/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md index 2ed9de7378..0cebb0c0b2 100644 --- a/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md +++ b/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md @@ -4,6 +4,7 @@ description: This topic walks you through the steps to finalize the configuratio ms.assetid: 38b55fa8-e717-4689-bd43-8348751d493e keywords: configure, deploy, upgrade ms.prod: w10 +localizationpriority: high ms.mktglfcycl: deploy ms.sitesec: library author: mtniehaus diff --git a/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md b/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md index 85ad95c548..48635c7fa7 100644 --- a/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md +++ b/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md @@ -5,6 +5,7 @@ ms.assetid: a256442c-be47-4bb9-a105-c831f58ce3ee keywords: deploy, image, feature, install, tools ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/integrate-configuration-manager-with-mdt-2013.md b/windows/deploy/integrate-configuration-manager-with-mdt-2013.md index 4a30f0f74c..85612562d9 100644 --- a/windows/deploy/integrate-configuration-manager-with-mdt-2013.md +++ b/windows/deploy/integrate-configuration-manager-with-mdt-2013.md @@ -5,6 +5,7 @@ ms.assetid: 3bd1cf92-81e5-48dc-b874-0f5d9472e5a5 ms.pagetype: mdt keywords: deploy, image, customize, task sequence ms.prod: w10 +localizationpriority: high ms.mktglfcycl: deploy ms.sitesec: library author: mtniehaus diff --git a/windows/deploy/key-features-in-mdt-2013.md b/windows/deploy/key-features-in-mdt-2013.md index 03f562ac8e..0ccabf60ed 100644 --- a/windows/deploy/key-features-in-mdt-2013.md +++ b/windows/deploy/key-features-in-mdt-2013.md @@ -5,6 +5,7 @@ ms.assetid: 858e384f-e9db-4a93-9a8b-101a503e4868 keywords: deploy, feature, tools, upgrade, migrate, provisioning ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/mdt-2013-lite-touch-components.md b/windows/deploy/mdt-2013-lite-touch-components.md index 48f1a250ad..f4420cc9cd 100644 --- a/windows/deploy/mdt-2013-lite-touch-components.md +++ b/windows/deploy/mdt-2013-lite-touch-components.md @@ -5,6 +5,7 @@ ms.assetid: 7d6fc159-e338-439e-a2e6-1778d0da9089 keywords: deploy, install, deployment, boot, log, monitor ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md b/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md index 12aae5a28c..395beb960d 100644 --- a/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md +++ b/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md @@ -5,6 +5,7 @@ ms.assetid: 4863c6aa-6369-4171-8e1a-b052ca195fce keywords: deploy, upgrade ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md b/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md index 8f2bbad1b9..d1900b7671 100644 --- a/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md +++ b/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md @@ -5,6 +5,7 @@ ms.assetid: 5103c418-0c61-414b-b93c-a8e8207d1226 keywords: deploy, system requirements ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md index 88a8cac968..ed2cfe67ed 100644 --- a/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md +++ b/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md @@ -4,6 +4,7 @@ description: This topic will walk you through the process of integrating Microso ms.assetid: 06e3a221-31ef-47a5-b4da-3b927cb50d08 keywords: install, configure, deploy, deployment ms.prod: w10 +localizationpriority: high ms.mktglfcycl: deploy ms.sitesec: library author: mtniehaus diff --git a/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md index 68b0a74563..fe8e875c6b 100644 --- a/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md +++ b/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md @@ -5,6 +5,7 @@ ms.assetid: 57c81667-1019-4711-b3de-15ae9c5387c7 keywords: upgrade, install, installation, computer refresh ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md b/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md index f6ea4a2125..f68aeb9897 100644 --- a/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md +++ b/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md @@ -5,6 +5,7 @@ ms.assetid: 2866fb3c-4909-4c25-b083-6fc1f7869f6f keywords: reinstallation, customize, template, script, restore ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus @@ -66,6 +67,7 @@ The custom USMT template is named MigContosoData.xml, and you can find it in the In order to use the custom MigContosoData.xml USMT template, you need to copy it to the MDT Production deployment share and update the CustomSettings.ini file. In these steps, we assume you have downloaded the MigContosoData.xml file. 1. Using File Explorer, copy the MigContosoData.xml file to the **E:\\MDTProduction\\Tools\\x64\\USMT5** folder. 2. Using Notepad, edit the E:\\MDTProduction\\Control\\CustomSettings.ini file. After the USMTMigFiles002=MigUser.xml line add the following line: + ``` syntax USMTMigFiles003=MigContosoData.xml ``` diff --git a/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md index b9f521531f..5691f94681 100644 --- a/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md +++ b/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md @@ -5,6 +5,7 @@ ms.assetid: 3c8a2d53-8f08-475f-923a-bca79ca8ac36 keywords: upgrade, install, installation, replace computer, setup ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md index a862edf501..e06bbac866 100644 --- a/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md +++ b/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md @@ -6,6 +6,7 @@ keywords: deploy, deployment, replace ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library +localizationpriority: high ms.pagetype: mdt author: mtniehaus --- diff --git a/windows/deploy/set-up-mdt-2013-for-bitlocker.md b/windows/deploy/set-up-mdt-2013-for-bitlocker.md index 7a76f8cdf7..343846d2f1 100644 --- a/windows/deploy/set-up-mdt-2013-for-bitlocker.md +++ b/windows/deploy/set-up-mdt-2013-for-bitlocker.md @@ -5,6 +5,7 @@ description: keywords: disk, encryption, TPM, configure, secure, script ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md b/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md index a6c8789efb..d17b165db4 100644 --- a/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md +++ b/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md @@ -5,6 +5,7 @@ ms.assetid: 2de86c55-ced9-4078-b280-35e0329aea9c keywords: deploy, script ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md b/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md index 0f66363610..6ffba5e3d9 100644 --- a/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md +++ b/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md @@ -4,6 +4,7 @@ description: The simplest path to upgrade PCs currently running Windows 7, Wind ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878 keywords: upgrade, update, task sequence, deploy ms.prod: w10 +localizationpriority: high ms.mktglfcycl: deploy author: mtniehaus --- diff --git a/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md index 18dfaf7fdf..641bae3904 100644 --- a/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md +++ b/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md @@ -5,6 +5,7 @@ ms.assetid: B8993151-3C1E-4F22-93F4-2C5F2771A460 keywords: upgrade, update, task sequence, deploy ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/upgrade-windows-phone-8-1-to-10.md b/windows/deploy/upgrade-windows-phone-8-1-to-10.md index f79c20d4ba..8270ef2a4e 100644 --- a/windows/deploy/upgrade-windows-phone-8-1-to-10.md +++ b/windows/deploy/upgrade-windows-phone-8-1-to-10.md @@ -4,6 +4,7 @@ description: This article describes how to upgrade eligible Windows Phone 8.1 de keywords: upgrade, update, windows, phone, windows 10, mdm, mobile ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: Jamiejdt diff --git a/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md b/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md index 64e70ced04..8ca46f745a 100644 --- a/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md +++ b/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md @@ -5,6 +5,7 @@ ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f keywords: web services, database ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md index 32208d3e25..38ae49c0e7 100644 --- a/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md +++ b/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md @@ -6,6 +6,7 @@ ms.pagetype: mdt keywords: database, permissions, settings, configure, deploy ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/use-web-services-in-mdt-2013.md b/windows/deploy/use-web-services-in-mdt-2013.md index 1d8755df14..4c22c80924 100644 --- a/windows/deploy/use-web-services-in-mdt-2013.md +++ b/windows/deploy/use-web-services-in-mdt-2013.md @@ -5,6 +5,7 @@ ms.assetid: 8f47535e-0551-4ccb-8f02-bb97539c6522 keywords: deploy, web apps ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.pagetype: mdt ms.sitesec: library author: mtniehaus diff --git a/windows/deploy/windows-10-deployment-scenarios.md b/windows/deploy/windows-10-deployment-scenarios.md index e76d648bb0..e520328be0 100644 --- a/windows/deploy/windows-10-deployment-scenarios.md +++ b/windows/deploy/windows-10-deployment-scenarios.md @@ -5,6 +5,7 @@ ms.assetid: 7A29D546-52CC-482C-8870-8123C7DC04B5 keywords: upgrade, in-place, configuration, deploy ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/windows-10-edition-upgrades.md b/windows/deploy/windows-10-edition-upgrades.md index ab1e629231..b81ac707e4 100644 --- a/windows/deploy/windows-10-edition-upgrades.md +++ b/windows/deploy/windows-10-edition-upgrades.md @@ -4,6 +4,7 @@ description: With Windows 10, you can quickly upgrade from one edition of Windo ms.assetid: A7642E90-A3E7-4A25-8044-C4E402DC462A ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mobile author: greg-lindsay diff --git a/windows/deploy/windows-10-upgrade-paths.md b/windows/deploy/windows-10-upgrade-paths.md index 7ee695086b..b6c196f4d1 100644 --- a/windows/deploy/windows-10-upgrade-paths.md +++ b/windows/deploy/windows-10-upgrade-paths.md @@ -4,6 +4,7 @@ description: You can upgrade to Windows 10 from a previous version of Windows if ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library +localizationpriority: high ms.pagetype: mobile author: greg-lindsay --- diff --git a/windows/deploy/windows-adk-scenarios-for-it-pros.md b/windows/deploy/windows-adk-scenarios-for-it-pros.md index 456d2786a0..ef97f311aa 100644 --- a/windows/deploy/windows-adk-scenarios-for-it-pros.md +++ b/windows/deploy/windows-adk-scenarios-for-it-pros.md @@ -4,6 +4,7 @@ description: The Windows Assessment and Deployment Kit (Windows ADK) contains to ms.assetid: FC4EB39B-29BA-4920-87C2-A00D711AE48B ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: greg-lindsay --- diff --git a/windows/plan/windows-10-compatibility.md b/windows/plan/windows-10-compatibility.md index 7466117367..ea07c1d24e 100644 --- a/windows/plan/windows-10-compatibility.md +++ b/windows/plan/windows-10-compatibility.md @@ -6,6 +6,7 @@ keywords: deploy, upgrade, update, appcompat ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/plan/windows-10-deployment-considerations.md b/windows/plan/windows-10-deployment-considerations.md index cefe2e8c90..24573012ff 100644 --- a/windows/plan/windows-10-deployment-considerations.md +++ b/windows/plan/windows-10-deployment-considerations.md @@ -4,6 +4,7 @@ description: There are new deployment options in Windows 10 that help you simpl ms.assetid: A8DD6B37-1E11-4CD6-B588-92C2404219FE keywords: deploy, upgrade, update, in-place ms.prod: w10 +localizationpriority: high ms.mktglfcycl: plan ms.sitesec: library author: mtniehaus diff --git a/windows/plan/windows-10-infrastructure-requirements.md b/windows/plan/windows-10-infrastructure-requirements.md index f8a5b10095..61ec890561 100644 --- a/windows/plan/windows-10-infrastructure-requirements.md +++ b/windows/plan/windows-10-infrastructure-requirements.md @@ -5,6 +5,7 @@ ms.assetid: B0FA27D9-A206-4E35-9AE6-74E70748BE64 keywords: deploy, upgrade, update, hardware ms.prod: w10 ms.mktglfcycl: plan +localizationpriority: high ms.sitesec: library author: mtniehaus --- From c228a08b322783827334f6f6852f5dbd423bd887 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 12 Sep 2016 17:03:36 -0700 Subject: [PATCH 37/53] one more topic --- windows/deploy/windows-10-enterprise-e3-overview.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deploy/windows-10-enterprise-e3-overview.md b/windows/deploy/windows-10-enterprise-e3-overview.md index c4a945e569..c3861f8fe5 100644 --- a/windows/deploy/windows-10-enterprise-e3-overview.md +++ b/windows/deploy/windows-10-enterprise-e3-overview.md @@ -4,6 +4,7 @@ description: Describes Windows 10 Enterprise E3, an offering that delivers, by s keywords: upgrade, update, task sequence, deploy ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: greg-lindsay From 6f1291273dce76f6460caf375d0c799543e6796f Mon Sep 17 00:00:00 2001 From: Justinha Date: Mon, 12 Sep 2016 18:24:05 -0700 Subject: [PATCH 38/53] removed Keyspec from PS example --- windows/keep-secure/bitlocker-how-to-enable-network-unlock.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md index d4d9a55257..119e93acad 100644 --- a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md +++ b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md @@ -146,7 +146,7 @@ To create a self-signed certificate, you can either use the New-SelfSignedCertif Windows PowerShell example: ```syntax -New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -Subject "CN=BitLocker Network Unlock certificate" -KeyUsage KeyEncipherment -KeyUsageProperty Decrypt -KeyLength 2048 -KeySpec KeyExchange -HashAlgorithm sha512 -TextExtension @("1.3.6.1.4.1.311.21.10={text}OID=1.3.6.1.4.1.311.67.1.1","2.5.29.37={text}1.3.6.1.4.1.311.67.1.1") +New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -Subject "CN=BitLocker Network Unlock certificate" -Provider "Microsoft Software Key Storage Provider" -KeyUsage KeyEncipherment -KeyUsageProperty Decrypt -KeyLength 2048 -HashAlgorithm sha512 -TextExtension @("1.3.6.1.4.1.311.21.10={text}OID=1.3.6.1.4.1.311.67.1.1","2.5.29.37={text}1.3.6.1.4.1.311.67.1.1") ``` Certreq example: From cff9568fb270ee710a9f3f4abb29bc2da049272d Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 13 Sep 2016 13:58:48 +1000 Subject: [PATCH 39/53] remove locales --- ...nfiguration-windows-advanced-threat-protection.md | 4 ++-- ...ss-windows-defender-advanced-threat-protection.md | 6 +++--- ...gp-windows-defender-advanced-threat-protection.md | 6 +++--- ...dm-windows-defender-advanced-threat-protection.md | 4 ++-- ...cm-windows-defender-advanced-threat-protection.md | 12 ++++++------ ...rd-windows-defender-advanced-threat-protection.md | 2 +- ...cy-windows-defender-advanced-threat-protection.md | 2 -- ...es-windows-defender-advanced-threat-protection.md | 2 +- ...es-windows-defender-advanced-threat-protection.md | 2 +- ...es-windows-defender-advanced-threat-protection.md | 2 +- ...-onboarding-windows-advanced-threat-protection.md | 4 ++-- ...ew-windows-defender-advanced-threat-protection.md | 2 +- ...ng-windows-defender-advanced-threat-protection.md | 4 ++-- .../windows-defender-advanced-threat-protection.md | 2 +- 14 files changed, 26 insertions(+), 28 deletions(-) diff --git a/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md index 279966110f..1f2d6310fd 100644 --- a/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md +++ b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- - redirect_url: https://technet.microsoft.com/en-au/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection + redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection --- # Additional Windows Defender ATP configuration settings -This page has been redirected to [Configure endpoints](https://technet.microsoft.com/en-au/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection) \ No newline at end of file +This page has been redirected to [Configure endpoints](https://technet.microsoft.com/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection) \ No newline at end of file diff --git a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md index 4e5ae1d646..129b49f08e 100644 --- a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md @@ -37,12 +37,12 @@ Assigning read only access rights requires adding the users to the “Security R Use the following steps to assign security roles: - Preparations: - - Install Azure PowerShell. For more information see, [How to install and configure Azure PowerShell](https://azure.microsoft.com/en-us/documentation/articles/powershell-install-configure/).
+ - Install Azure PowerShell. For more information see, [How to install and configure Azure PowerShell](https://azure.microsoft.com/documentation/articles/powershell-install-configure/).
> [!NOTE] > You need to run the PowerShell cmdlets in an elevated command-line. -- Connect to your Azure Active Directory. For more information see, [Connect-MsolService](https://msdn.microsoft.com/en-us/library/dn194123.aspx). +- Connect to your Azure Active Directory. For more information see, [Connect-MsolService](https://msdn.microsoft.com/library/dn194123.aspx). - For **read and write** access, assign users to the security administrator role by using the following command: ```text Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress "secadmin@Contoso.onmicrosoft.com" @@ -52,4 +52,4 @@ Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress "s Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress “reader@Contoso.onmicrosoft.com” ``` -For more information see, [Manage Azure AD group and role membership](https://technet.microsoft.com/en-us/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups). +For more information see, [Manage Azure AD group and role membership](https://technet.microsoft.com/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups). diff --git a/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md index 6978b1a8f6..731d00b2c5 100644 --- a/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md @@ -34,7 +34,7 @@ localizationpriority: high 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.cmd*. -3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**. +3. Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**. 4. In the **Group Policy Management Editor**, go to **Computer configuration**, then **Preferences**, and then **Control panel settings**. @@ -61,7 +61,7 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa b. Copy _AtpConfiguration.adml_ into _C:\\Windows\\PolicyDefinitions\\en-US_ -2. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx), right-click the GPO you want to configure and click **Edit**. +2. Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the GPO you want to configure and click **Edit**. 3. In the **Group Policy Management Editor**, go to **Computer configuration**. @@ -88,7 +88,7 @@ For security reasons, the package used to offboard endpoints will expire 30 days 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*. -3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**. +3. Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**. 4. In the **Group Policy Management Editor**, go to **Computer configuration,** then **Preferences**, and then **Control panel settings**. diff --git a/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md index f667ac1b36..3b4fddffaf 100644 --- a/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md @@ -23,11 +23,11 @@ localizationpriority: high You can use mobile device management (MDM) solutions to configure endpoints. Windows Defender ATP supports MDMs by providing OMA-URIs to create policies to manage endpoints. -For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723297(v=vs.85).aspx). +For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx). ## Configure endpoints using Microsoft Intune -For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723297(v=vs.85).aspx). +For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx). ### Onboard and monitor endpoints diff --git a/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md index e7e9a27b13..8faa5dafdb 100644 --- a/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md @@ -45,9 +45,9 @@ You can use System Center Configuration Manager’s existing functionality to cr 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOnboardingScript.cmd*. -3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic. +3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682112.aspx#BKMK_Import) topic. -4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682178.aspx) topic. +4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682178.aspx) topic. a. Choose a predefined device collection to deploy the package to. @@ -72,7 +72,7 @@ Possible values are: The default value in case the registry key doesn’t exist is 1. -For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/en-us/library/gg681958.aspx). +For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/library/gg681958.aspx). ### Offboard endpoints @@ -90,9 +90,9 @@ For security reasons, the package used to offboard endpoints will expire 30 days 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*. -3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic. +3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682112.aspx#BKMK_Import) topic. -4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682178.aspx) topic. +4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682178.aspx) topic. a. Choose a predefined device collection to deploy the package to. @@ -128,7 +128,7 @@ Path: “HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status” Name: “OnboardingState” Value: “1” ``` -For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/en-us/library/gg681958.aspx). +For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/library/gg681958.aspx). ## Related topics - [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md index a70c1c7836..8192f42f7f 100644 --- a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md @@ -87,7 +87,7 @@ Threats are considered "active" if there is a very high probability that the mal Clicking on any of these categories will navigate to the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md), filtered by the appropriate category. This lets you see a detailed breakdown of which machines have active malware detections, and how many threats were detected per machine. > [!NOTE] -> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. +> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. ### Related topics - [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md index c921b59dc1..5d66c31974 100644 --- a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md @@ -24,7 +24,6 @@ localizationpriority: high This section covers some of the most frequently asked questions regarding privacy and data handling for Windows Defender ATP. > [!NOTE] -> This document explains the data storage and privacy details related to Windows Defender ATP. For more information related to Windows Defender ATP and other products and services like Windows Defender and Windows 10, see [Microsoft Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement). See also [Windows 10 privacy FAQ](http://windows.microsoft.com/en-au/windows-10/windows-privacy-faq) for more information. ## What data does Windows Defender ATP collect? @@ -32,7 +31,6 @@ Microsoft will collect and store information from your configured endpoints in a Information collected includes code file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and machine details (such as GUIDs, names, and the operating system version). -Microsoft stores this data securely in Microsoft Azure and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://azure.microsoft.com/en-us/support/trust-center/). Microsoft uses this data to: - Proactively identify indicators of attack (IOAs) in your organization diff --git a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md index a4b75576ef..cdde9f9522 100644 --- a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/en-US/library/aa745633(v=bts.10).aspx) on individual endpoints. +You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual endpoints. For example, if endpoints are not appearing in the **Machines view** list, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps. diff --git a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md index ff296372d8..51e68f1fee 100644 --- a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md @@ -67,7 +67,7 @@ In the file's page, **Submit for deep analysis** is enabled when the file is ava > [!NOTE] > Only files from Windows 10 can be automatically collected. -You can also manually submit a sample through the [Malware Protection Center Portal](https://www.microsoft.com/en-us/security/portal/submission/submit.aspx) if the file was not observed on a Windows 10 machine, and wait for **Submit for deep analysis** button to become available. +You can also manually submit a sample through the [Malware Protection Center Portal](https://www.microsoft.com/security/portal/submission/submit.aspx) if the file was not observed on a Windows 10 machine, and wait for **Submit for deep analysis** button to become available. > [!NOTE] > Due to backend processing flows in the Malware Protection Center Portal, there could be up to 10 minutes of latency between file submission and availability of the deep analysis feature in Windows Defender ATP. diff --git a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md index 217e287455..fb34c03d1f 100644 --- a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md @@ -40,7 +40,7 @@ The Machines view contains the following columns: - **Active malware detections** - the number of active malware detections reported by the machine > [!NOTE] -> The **Active alerts** and **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. +> The **Active alerts** and **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. Click any column header to sort the view in ascending or descending order. diff --git a/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md index a462835906..2f8775683c 100644 --- a/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md +++ b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- - redirect_url: https://technet.microsoft.com/en-au/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection + redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection --- # Monitor the Windows Defender Advanced Threat Protection onboarding -This page has been redirected to [Configure endpoints](https://technet.microsoft.com/en-au/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection) \ No newline at end of file +This page has been redirected to [Configure endpoints](https://technet.microsoft.com/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection) \ No newline at end of file diff --git a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md index f9a18be888..8c9f2086ff 100644 --- a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md @@ -39,7 +39,7 @@ When you open the portal, you’ll see the main areas of the application: ![Windows Defender Advanced Threat Protection portal](images/portal-image.png) > [!NOTE] -> Malware related detections will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. +> Malware related detections will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. You can navigate through the portal using the menu options available in all sections. Refer to the following table for a description of each section. diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 6ad9ebb407..7e351ee5aa 100644 --- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -86,9 +86,9 @@ If none of the event logs and troubleshooting steps work, download the Local scr Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps :---|:---|:---|:---|:--- -0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding
Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields.

**Troubleshooting steps:**
Check the event IDs in the [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) section.

Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx). +0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding
Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields.

**Troubleshooting steps:**
Check the event IDs in the [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) section.

Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx). | | | Onboarding
Offboarding
SampleSharing | **Possible cause:** Windows Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it.

**Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.

If it doesn't exist, open an elevated command and add the key. - | | | SenseIsRunning
OnboardingState
OrgId | **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed.

**Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues).

Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx). + | | | SenseIsRunning
OnboardingState
OrgId | **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed.

**Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues).

Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx). | | | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.

Currently is supported platforms: Enterprise, Education, and Professional.
Server is not supported. 0x87D101A9 | -2016345687 |Syncml(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient. | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.

Currently is supported platforms: Enterprise, Education, and Professional. diff --git a/windows/keep-secure/windows-defender-advanced-threat-protection.md b/windows/keep-secure/windows-defender-advanced-threat-protection.md index 9e4092ef6a..4d3345f8a1 100644 --- a/windows/keep-secure/windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/windows-defender-advanced-threat-protection.md @@ -20,7 +20,7 @@ localizationpriority: high - Windows 10 Pro - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) ->For more info about Windows 10 Enterprise Edition features and functionality, see [Windows 10 Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/buy). +>For more info about Windows 10 Enterprise Edition features and functionality, see [Windows 10 Enterprise edition](https://www.microsoft.com/WindowsForBusiness/buy). Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks. From f45f93fdb1ecc385e166ac9275a5256658ae6f87 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 13 Sep 2016 13:59:03 +1000 Subject: [PATCH 40/53] fix locales --- ...orage-privacy-windows-defender-advanced-threat-protection.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md index 5d66c31974..ad99762845 100644 --- a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md @@ -24,6 +24,7 @@ localizationpriority: high This section covers some of the most frequently asked questions regarding privacy and data handling for Windows Defender ATP. > [!NOTE] +> This document explains the data storage and privacy details related to Windows Defender ATP. For more information related to Windows Defender ATP and other products and services like Windows Defender and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). See also [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577) for more information. ## What data does Windows Defender ATP collect? @@ -31,6 +32,7 @@ Microsoft will collect and store information from your configured endpoints in a Information collected includes code file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and machine details (such as GUIDs, names, and the operating system version). +Microsoft stores this data securely in Microsoft Azure and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://go.microsoft.com/fwlink/?linkid=827578). Microsoft uses this data to: - Proactively identify indicators of attack (IOAs) in your organization From 884d4f9acb4900eb68379e984e905c17448e2de4 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Tue, 13 Sep 2016 09:19:26 -0700 Subject: [PATCH 41/53] Koji feedback gesture filter --- windows/manage/lockdown-features-windows-10.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/manage/lockdown-features-windows-10.md b/windows/manage/lockdown-features-windows-10.md index 8a5219e4bb..15cbc66fb5 100644 --- a/windows/manage/lockdown-features-windows-10.md +++ b/windows/manage/lockdown-features-windows-10.md @@ -96,8 +96,8 @@ Many of the lockdown features available in Windows Embedded 8.1 Industry have be

[Gesture Filter](https://go.microsoft.com/fwlink/p/?LinkId=626672): block swipes from top, left, and right edges of screen

-[Assigned Access](https://go.microsoft.com/fwlink/p/?LinkId=626608) -

The capabilities of Gesture Filter have been consolidated into Assigned Access for Windows 10. In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. For Windows 10, Charms have been removed, and blocking the closing or switching of apps is part of Assigned Access.

+MDM and Group Policy +

In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. Im Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the [Allow edge swipe](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#LockDown_AllowEdgeSwipe) policy.

[Custom Logon]( https://go.microsoft.com/fwlink/p/?LinkId=626759): suppress Windows UI elements during Windows sign-on, sign-off, and shutdown

From d048580f30631df39c9a520ed0836b37c5fa78b2 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Tue, 13 Sep 2016 09:28:58 -0700 Subject: [PATCH 42/53] fix typo --- windows/manage/lockdown-features-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/manage/lockdown-features-windows-10.md b/windows/manage/lockdown-features-windows-10.md index 15cbc66fb5..c6eaa7e68d 100644 --- a/windows/manage/lockdown-features-windows-10.md +++ b/windows/manage/lockdown-features-windows-10.md @@ -97,7 +97,7 @@ Many of the lockdown features available in Windows Embedded 8.1 Industry have be

[Gesture Filter](https://go.microsoft.com/fwlink/p/?LinkId=626672): block swipes from top, left, and right edges of screen

MDM and Group Policy -

In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. Im Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the [Allow edge swipe](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#LockDown_AllowEdgeSwipe) policy.

+

In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the [Allow edge swipe](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#LockDown_AllowEdgeSwipe) policy.

[Custom Logon]( https://go.microsoft.com/fwlink/p/?LinkId=626759): suppress Windows UI elements during Windows sign-on, sign-off, and shutdown

From d2e30b010b790a367b34e86093ce859aaa5d40b9 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Tue, 13 Sep 2016 09:56:43 -0700 Subject: [PATCH 43/53] remove loc tag --- education/windows/windows-editions-for-education-customers.md | 1 - 1 file changed, 1 deletion(-) diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md index 539c4da7fb..ed22802caa 100644 --- a/education/windows/windows-editions-for-education-customers.md +++ b/education/windows/windows-editions-for-education-customers.md @@ -7,7 +7,6 @@ ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: edu author: CelesteDG -localizationpriority: high --- # Windows 10 editions for education customers From f868d810358f777d8d6e31eb068dbd4da99c1128 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Tue, 13 Sep 2016 10:41:51 -0700 Subject: [PATCH 44/53] commit from bensack --- .../deploy/provision-pcs-with-apps-and-certificates.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/windows/deploy/provision-pcs-with-apps-and-certificates.md b/windows/deploy/provision-pcs-with-apps-and-certificates.md index 783c3697b6..7df24ed4e3 100644 --- a/windows/deploy/provision-pcs-with-apps-and-certificates.md +++ b/windows/deploy/provision-pcs-with-apps-and-certificates.md @@ -76,9 +76,15 @@ Universal apps that you can distribute in the provisioning package can be line-o ![required frameworks for offline app package](images/uwp-dependencies.png) -5. For **DeviceContextAppLicense**, enter the **LicenseProductID**. In Windows Store for Business, you generate the license for the app on the app's download page. +5. For **DeviceContextAppLicense**, enter the **LicenseProductID**. - ![generate license for offline app](images/uwp-license.png) + - In Windows Store for Business, generate the unencoded license for the app on the app's download page. + + ![generate license for offline app](images/uwp-license.png) + + - Open the license file and search for **LicenseID=** to get the GUID and enter the GUID in the **LicenseProductID** field. + + - Change the extension of the license file from **.xml** to **.ms-windows-store-license**. [Learn more about distributing offline apps from the Windows Store for Business.](../manage/distribute-offline-apps.md) From c5b53a3823e0d332e6fe074d77cf8ee00988b7c5 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Tue, 13 Sep 2016 11:38:07 -0700 Subject: [PATCH 45/53] 8885597 --- ...osk-for-windows-10-for-desktop-editions.md | 56 ++++++++++++++++++- 1 file changed, 54 insertions(+), 2 deletions(-) diff --git a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md index 7d798edb80..4c4e2e0cfb 100644 --- a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md +++ b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md @@ -300,11 +300,63 @@ Alternatively, you can turn on Shell Launcher using the Deployment Image Servici Modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device. ``` +# Check if shell launcher license is enabled +function Check-ShellLauncherLicenseEnabled +{ + [string]$source = @" +using System; +using System.Runtime.InteropServices; + +static class CheckShellLauncherLicense +{ + const int S_OK = 0; + + public static bool IsShellLauncherLicenseEnabled() + { + int enabled = 0; + + if (NativeMethods.SLGetWindowsInformationDWORD("EmbeddedFeature-ShellLauncher-Enabled", out enabled) != S_OK) { + enabled = 0; + } + + return (enabled != 0); + } + + static class NativeMethods + { + [DllImport("Slc.dll")] + internal static extern int SLGetWindowsInformationDWORD([MarshalAs(UnmanagedType.LPWStr)]string valueName, out int value); + } + +} +"@ + + $type = Add-Type -TypeDefinition $source -PassThru + + return $type[0]::IsShellLauncherLicenseEnabled() +} + +[bool]$result = $false + +$result = Check-ShellLauncherLicenseEnabled +"`nShell Launcher license enabled is set to " + $result +if (-not($result)) +{ + "`nThis device doesn't have required license to use Shell Launcher" + exit +} + $COMPUTER = "localhost" $NAMESPACE = "root\standardcimv2\embedded" # Create a handle to the class instance so we can call the static methods. -$ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting" +try { + $ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting" + } catch [Exception] { + write-host $_.Exception.Message; + write-host "Make sure Shell Launcher feature is enabled" + exit + } # This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group. @@ -319,7 +371,7 @@ function Get-UsernameSID($AccountName) { $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier]) return $NTUserSID.Value - + } # Get the SID for a user account named "Cashier". Rename "Cashier" to an existing account on your system to test this script. From f856b422d0e33f767f7bd2cd9a15396fb32acb56 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Tue, 13 Sep 2016 11:49:58 -0700 Subject: [PATCH 46/53] clarify license step --- .../deploy/provision-pcs-with-apps-and-certificates.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/deploy/provision-pcs-with-apps-and-certificates.md b/windows/deploy/provision-pcs-with-apps-and-certificates.md index 7df24ed4e3..2a918f8202 100644 --- a/windows/deploy/provision-pcs-with-apps-and-certificates.md +++ b/windows/deploy/provision-pcs-with-apps-and-certificates.md @@ -78,13 +78,15 @@ Universal apps that you can distribute in the provisioning package can be line-o 5. For **DeviceContextAppLicense**, enter the **LicenseProductID**. - - In Windows Store for Business, generate the unencoded license for the app on the app's download page. + - In Windows Store for Business, generate the unencoded license for the app on the app's download page, and change the extension of the license file from **.xml** to **.ms-windows-store-license**. ![generate license for offline app](images/uwp-license.png) - - Open the license file and search for **LicenseID=** to get the GUID and enter the GUID in the **LicenseProductID** field. + - Open the license file and search for **LicenseID=** to get the GUID, enter the GUID in the **LicenseProductID** field and click **Add**. - - Change the extension of the license file from **.xml** to **.ms-windows-store-license**. +6. In the **Available customizations** pane, click the **LicenseProductId** that you just added. + +7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed **.**ms-windows-store-license**, and select the license file. [Learn more about distributing offline apps from the Windows Store for Business.](../manage/distribute-offline-apps.md) From e5b8fc2a2235a8524d0a8b0dc80a2e90541e787e Mon Sep 17 00:00:00 2001 From: LizRoss Date: Tue, 13 Sep 2016 12:39:35 -0700 Subject: [PATCH 47/53] Fixed typo --- .../keep-secure/enlightened-microsoft-apps-and-wip.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/keep-secure/enlightened-microsoft-apps-and-wip.md b/windows/keep-secure/enlightened-microsoft-apps-and-wip.md index 353acce55b..9793cfc53f 100644 --- a/windows/keep-secure/enlightened-microsoft-apps-and-wip.md +++ b/windows/keep-secure/enlightened-microsoft-apps-and-wip.md @@ -62,7 +62,6 @@ You can add any or all of the enlightened Microsoft apps to your allowed apps li |Product name |App info | |-------------|---------| |Microsoft Edge |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.MicrosoftEdge
**App Type:** Universal app | -|IE11 |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** iexplore.exe
**App Type:** Desktop app | |Microsoft People |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.People
**App Type:** Universal app | |Word Mobile |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Office.Word
**App Type:** Universal app | |Excel Mobile |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Office.Excel
**App Type:** Universal app | @@ -71,8 +70,9 @@ You can add any or all of the enlightened Microsoft apps to your allowed apps li |Outlook Mail and Calendar |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** microsoft.windowscommunicationsapps
**App Type:** Universal app | |Microsoft Photos |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Windows.Photos
**App Type:** Universal app | |Groove Music |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.ZuneMusic
**App Type:** Universal app | -|Microsoft OneDrive |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** onedrive.exe
**App Type:** Desktop app| -|Notepad |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** notepad.exe
**App Type:** Desktop app | -|Microsoft Paint |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** mspaint.exe
**App Type:** Desktop app | |Microsoft Movies & TV |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.ZuneVideo
**App Type:** Universal app | -|Microsoft Messaging |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Messaging
**App Type:** Universal app | \ No newline at end of file +|Microsoft Messaging |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Messaging
**App Type:** Universal app | +|IE11 |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** iexplore.exe
**App Type:** Desktop app | +|Microsoft OneDrive |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** onedrive.exe
**App Type:** Desktop app| +|Notepad |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** notepad.exe
**App Type:** Desktop app | +|Microsoft Paint |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** mspaint.exe
**App Type:** Desktop app | \ No newline at end of file From 058acd2800798a10227a4ae34f64e31758fb7d7f Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Tue, 13 Sep 2016 14:49:23 -0700 Subject: [PATCH 48/53] added topic to change history --- .../manage/change-history-for-manage-and-update-windows-10.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/manage/change-history-for-manage-and-update-windows-10.md b/windows/manage/change-history-for-manage-and-update-windows-10.md index 001afc958e..48e1b81df3 100644 --- a/windows/manage/change-history-for-manage-and-update-windows-10.md +++ b/windows/manage/change-history-for-manage-and-update-windows-10.md @@ -16,6 +16,7 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in | New or changed topic | Description | | --- | --- | +| [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Updated the script for setting a custom shell using Shell Launcher. | | [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added content for Windows Server 2016 | ## August 2016 From 46ad3a1210b2e5b13a850b46c68e49e7f2d8c4e2 Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Tue, 13 Sep 2016 16:10:37 -0700 Subject: [PATCH 49/53] Fixed typos, incorrect links, disappearing backslashes --- ...ation-publishing-and-client-interaction.md | 42 +++++++++---------- windows/manage/appv-performance-guidance.md | 20 ++++----- 2 files changed, 26 insertions(+), 36 deletions(-) diff --git a/windows/manage/appv-application-publishing-and-client-interaction.md b/windows/manage/appv-application-publishing-and-client-interaction.md index ca6912ebd6..1bc94a9b27 100644 --- a/windows/manage/appv-application-publishing-and-client-interaction.md +++ b/windows/manage/appv-application-publishing-and-client-interaction.md @@ -245,7 +245,7 @@ Before an application can access the package registry data, the App-V Client mus When a new package is added to the App-V Client, a copy of the REGISTRY.DAT file from the package is created at `%ProgramData%\Microsoft\AppV\Client\VREG\{Version GUID}.dat`. The name of the file is the version GUID with the .DAT extension. The reason this copy is made is to ensure that the actual hive file in the package is never in use, which would prevent the removal of the package at a later time. -**Registry.dat from Package Store ** > **%ProgramData%\Microsoft\AppV\Client\Vreg\{VersionGuid}.dat** +**Registry.dat from Package Store** > **%ProgramData%\Microsoft\AppV\Client\Vreg\\{VersionGuid}.dat**   When the first application from the package is launched on the client, the client stages or copies the contents out of the hive file, re-creating the package registry data in an alternate location `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\PackageGuid\Versions\VersionGuid\REGISTRY`. The staged registry data has two distinct types of machine data and user data. Machine data is shared across all users on the machine. User data is staged for each user to a userspecific location `HKCU\Software\Microsoft\AppV\Client\Packages\PackageGuid\Registry\User`. The machine data is ultimately removed at package removal time, and the user data is removed on a user unpublish operation. @@ -387,7 +387,7 @@ Packages can be explicitly loaded using the Windows PowerShell `Mount-AppVClient ### Streaming packages -The App-V Client can be configured to change the default behavior of streaming. All streaming policies are stored under the following registry key: `HKEY_LOCAL_MAcHINE\Software\Microsoft\AppV\Client\Streaming`. Policies are set using the Windows PowerShell cmdlet `Set-AppvClientConfiguration`. The following policies apply to Streaming: +The App-V Client can be configured to change the default behavior of streaming. All streaming policies are stored under the following registry key: `HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Streaming`. Policies are set using the Windows PowerShell cmdlet `Set-AppvClientConfiguration`. The following policies apply to Streaming: @@ -485,8 +485,8 @@ App-V registry roaming falls into two scenarios, as shown in the following table
--++ @@ -499,8 +499,8 @@ App-V registry roaming falls into two scenarios, as shown in the following table @@ -513,8 +513,8 @@ App-V registry roaming falls into two scenarios, as shown in the following table

In this scenario, these settings are not roamed with normal operating system roaming configurations, and the resulting registry keys and values are stored in the following location:

    -

  • HKLM\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\{UserSID}\REGISTRY\MACHINE\SOFTWARE

    • -

  • HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\Registry\User\{UserSID}\SOFTWARE

    • +

  • HKLM\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\{UserSID}\REGISTRY\MACHINE\SOFTWARE

    • +

  • HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\Registry\User\\{UserSID}\SOFTWARE

@@ -532,21 +532,21 @@ The following table shows local and roaming locations, when folder redirection h | VFS directory in package | Mapped location of backing store | | - | - | -| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\ProgramFilesX86 | -| SystemX86 | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\SystemX86 | -| Windows | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\Windows | -| appv\_ROOT | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\appv_ROOT| -| AppData | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\AppData | +| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\\ProgramFilesX86 | +| SystemX86 | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\\SystemX86 | +| Windows | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\\Windows | +| appv\_ROOT | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\\appv_ROOT| +| AppData | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\\AppData | The following table shows local and roaming locations, when folder redirection has been implemented for %AppData%, and the location has been redirected (typically to a network location). | VFS directory in package | Mapped location of backing store | | - | - | -| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\ProgramFilesX86 | -| SystemX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\SystemX86 | -| Windows | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\Windows | -| appv_ROOT | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\appv\_ROOT | -| AppData | \\Fileserver\users\Local\roaming\Microsoft\AppV\Client\VFS\\AppData | +| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\\ProgramFilesX86 | +| SystemX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\\SystemX86 | +| Windows | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\\Windows | +| appv_ROOT | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\\appv\_ROOT | +| AppData | \\Fileserver\users\Local\roaming\Microsoft\AppV\Client\VFS\\\AppData |   The current App-V Client VFS driver cannot write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. The detailed steps of the processes are: @@ -602,11 +602,7 @@ In an App-V Full Infrastructure, after applications are sequenced they are manag This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012, see [Integrating Virtual Application Management with App-V 5 and Configuration Manager 2012 SP1](https://www.microsoft.com/en-us/download/details.aspx?id=38177). -The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured during setup of the client or post-setup with Windows PowerShell commands. See [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md) or use Windows PowerShell: - -``` syntax -get-command *appv* -``` +The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured after client setup with Windows PowerShell commands. See [App-V Client Configuration Settings: Windows PowerShell](appv-client-configuration-settings.md#app-v-client-configuration-settings-windows-powershell). ### Publishing refresh diff --git a/windows/manage/appv-performance-guidance.md b/windows/manage/appv-performance-guidance.md index 5c2f1c51a3..e0a277bf9c 100644 --- a/windows/manage/appv-performance-guidance.md +++ b/windows/manage/appv-performance-guidance.md @@ -29,15 +29,12 @@ You should read and understand the following information before reading this doc **Note**   Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk * review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document. -  - Finally, this document will provide you with the information to configure the computer running App-V client and the environment for optimal performance. Optimize your virtual application packages for performance using the sequencer, and to understand how to use User Experience Virtualization (UE-V) or other user environment management technologies to provide the optimal user experience with App-V in both Remote Desktop Services (RDS) and non-persistent virtual desktop infrastructure (VDI). To help determine what information is relevant to your environment you should review each section’s brief overview and applicability checklist. ## App-V in stateful\* non-persistent deployments - This section provides information about an approach that helps ensure a user will have access to all virtual applications within seconds after logging in. This is achieved by uniquely addressing the often long-running App-V publishing refresh. As you will discover the basis of the approach, the fastest publishing refresh, is one that doesn’t have to actually do anything. A number of conditions must be met and steps followed to provide the optimal user experience. Use the information in the following section for more information: @@ -125,7 +122,7 @@ IT Administration   -### Usage Scenario +### Usage Scenarios As you review the two scenarios, keep in mind that these approach the extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users, virtual application packages, or both. @@ -143,9 +140,9 @@ As you review the two scenarios, keep in mind that these approach the extremes. +

The following describes many performance improvements in stateful non-persistent deployments. For more information, see [Sequencing Steps to Optimize Packages for Publishing Performance](#sequencing-steps-to-optimize-packages-for-publishing-performance) later in this topic.

+

The impact of this alteration is detailed in the [User Experience Walk-through](#bkmk-uewt) section of this document.

Applications that are run as standard users

When a standard user launches an App-V application, both HKLM and HKCU for App-V applications are stored in the HKCU hive on the machine. This presents as two distinct paths:

    -

  • HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE

    • -

  • HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\REGISTRY\USER\{UserSID}\SOFTWARE

    • +

  • HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages\\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE

    • +

  • HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\REGISTRY\USER\{UserSID}\SOFTWARE

The locations are enabled for roaming based on the operating system settings.

To provide the most optimal user experience, this approach leverages the capabilities of a UPM solution and requires additional image preparation and can incur some additional image management overhead.

-

The following describes many performance improvements in stateful non-persistent deployments. For more information, see the Sequencing Steps to Optimize Packages for Publishing Performance and reference to App-V Sequencing Guide in the See Also section of this document.

The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in very costly arrays; a slight alteration has been made to the approach. Do not pre-configure user-targeted virtual application packages in the base image.

-

The impact of this alteration is detailed in the User Experience Walkthrough section of this document.
@@ -443,13 +440,11 @@ In a non-persistent environment, it is unlikely these pended operations will be The following section contains lists with information about Microsoft documentation and downloads that may be useful when optimizing your environment for performance. -**.NET NGEN Blog and Script (Highly Recommended)** + -About NGEN technology +**.NET NGEN Blog (Highly Recommended)** -- [How to speed up NGEN optimaztion](http://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx) - -- [Script](http://aka.ms/DrainNGenQueue) +- [How to speed up NGEN optimization](http://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx) **Windows Server and Server Roles** @@ -483,7 +478,6 @@ Server Performance Tuning Guidelines for ## Sequencing Steps to Optimize Packages for Publishing Performance - Several App-V features facilitate new scenarios or enable new customer deployment scenarios. These following features can impact the performance of the publishing and launch operations. @@ -504,7 +498,7 @@ Several App-V features facilitate new scenarios or enable new customer deploymen -

No Feature Block 1 (FB1, also known as Primary FB)

No FB1 means the application will launch immediately and stream fault (application requires file, DLL and must pull down over the network) during launch.If there are network limitations, FB1 will:

+

No FB1 means the application will launch immediately and stream fault (application requires file, DLL and must pull down over the network) during launch. If there are network limitations, FB1 will:

  • Reduce the number of stream faults and network bandwidth used when you launch an application for the first time.

  • Delay launch until the entire FB1 has been streamed.

    • From 4ab2cac8dc81bb9196c90f8721f884f3d9ba5f1f Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Tue, 13 Sep 2016 16:16:02 -0700 Subject: [PATCH 50/53] Tweaked wording --- .../appv-application-publishing-and-client-interaction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/manage/appv-application-publishing-and-client-interaction.md b/windows/manage/appv-application-publishing-and-client-interaction.md index 1bc94a9b27..59a1305652 100644 --- a/windows/manage/appv-application-publishing-and-client-interaction.md +++ b/windows/manage/appv-application-publishing-and-client-interaction.md @@ -602,7 +602,7 @@ In an App-V Full Infrastructure, after applications are sequenced they are manag This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012, see [Integrating Virtual Application Management with App-V 5 and Configuration Manager 2012 SP1](https://www.microsoft.com/en-us/download/details.aspx?id=38177). -The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured after client setup with Windows PowerShell commands. See [App-V Client Configuration Settings: Windows PowerShell](appv-client-configuration-settings.md#app-v-client-configuration-settings-windows-powershell). +The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured (after the client is enabled) with Windows PowerShell commands. See [App-V Client Configuration Settings: Windows PowerShell](appv-client-configuration-settings.md#app-v-client-configuration-settings-windows-powershell). ### Publishing refresh From 6d36a7c447b2a437e0b5fa9cd4faacc876e36c79 Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Tue, 13 Sep 2016 16:46:16 -0700 Subject: [PATCH 51/53] Fixed fmt of backslashes < > etc. --- ...ation-publishing-and-client-interaction.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/manage/appv-application-publishing-and-client-interaction.md b/windows/manage/appv-application-publishing-and-client-interaction.md index 59a1305652..140600ffd6 100644 --- a/windows/manage/appv-application-publishing-and-client-interaction.md +++ b/windows/manage/appv-application-publishing-and-client-interaction.md @@ -532,21 +532,21 @@ The following table shows local and roaming locations, when folder redirection h | VFS directory in package | Mapped location of backing store | | - | - | -| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\\ProgramFilesX86 | -| SystemX86 | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\\SystemX86 | -| Windows | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\\Windows | -| appv\_ROOT | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\\appv_ROOT| -| AppData | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\\AppData | +| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\ProgramFilesX86 | +| SystemX86 | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\SystemX86 | +| Windows | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\Windows | +| appv\_ROOT | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\appv_ROOT| +| AppData | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\AppData | The following table shows local and roaming locations, when folder redirection has been implemented for %AppData%, and the location has been redirected (typically to a network location). | VFS directory in package | Mapped location of backing store | | - | - | -| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\\ProgramFilesX86 | -| SystemX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\\SystemX86 | -| Windows | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\\Windows | -| appv_ROOT | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\\appv\_ROOT | -| AppData | \\Fileserver\users\Local\roaming\Microsoft\AppV\Client\VFS\\\AppData | +| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\ProgramFilesX86 | +| SystemX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\SystemX86 | +| Windows | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\Windows | +| appv_ROOT | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\appv\_ROOT | +| AppData | \\Fileserver\users\Local\roaming\Microsoft\AppV\Client\VFS\\<GUID>\AppData |   The current App-V Client VFS driver cannot write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. The detailed steps of the processes are: From 1e059b0f5bbc931c531218d5458d30afee3485c0 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Wed, 14 Sep 2016 07:00:39 -0700 Subject: [PATCH 52/53] change history, convenience PIN notes --- .../change-history-for-keep-windows-10-secure.md | 6 ++++++ .../implement-microsoft-passport-in-your-organization.md | 2 +- .../change-history-for-manage-and-update-windows-10.md | 5 +++-- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index 4394da8ab8..4b4d5ec17e 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -12,6 +12,12 @@ author: brianlic-msft # Change history for Keep Windows 10 secure This topic lists new and updated topics in the [Keep Windows 10 secure](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md). +## September 2016 + +| New or changed topic | Description | +| --- | --- | +| [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md) | Clarified how convenience PIN works in Windows 10, version 1607, on domain-joined PCs | + ## August 2016 |New or changed topic | Description | |----------------------|-------------| diff --git a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md index 23ecf47c6e..83ab70e1d8 100644 --- a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md +++ b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md @@ -20,7 +20,7 @@ localizationpriority: high You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello on devices running Windows 10. >[!IMPORTANT] ->The Group Policy setting **Turn on PIN sign-in** does not apply to Windows Hello for Business. It still prevents or enables the creation of a convenience PIN for Windows 10. Use **Windows Hello for Business** policy settings to manage PINs. +>The Group Policy setting **Turn on PIN sign-in** does not apply to Windows Hello for Business. It still prevents or enables the creation of a convenience PIN for Windows 10, version 1507 and 1511. Beginning in version 1607, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN for Windows 10, version 1607, enable the Group Policy setting **Turn on convenience PIN sign-in**. Use **Windows Hello for Business** policy settings to manage PINs.   ## Group Policy settings for Windows Hello for Businness diff --git a/windows/manage/change-history-for-manage-and-update-windows-10.md b/windows/manage/change-history-for-manage-and-update-windows-10.md index 48e1b81df3..371cdedb8d 100644 --- a/windows/manage/change-history-for-manage-and-update-windows-10.md +++ b/windows/manage/change-history-for-manage-and-update-windows-10.md @@ -16,8 +16,9 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in | New or changed topic | Description | | --- | --- | -| [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Updated the script for setting a custom shell using Shell Launcher. | +| [Lockdown features from Windows Embedded 8.1 Industry](lockdown-features-windows-10.md) | Added Group Policy setting to replace Gesture Filter | | [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added content for Windows Server 2016 | +| [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Updated the script for setting a custom shell using Shell Launcher. | ## August 2016 @@ -101,7 +102,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also | ---|---| | [Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md) | New | | [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) | New | -|[Customize Windows 10 Start with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) | New | +| [Customize Windows 10 Start with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) | New | ## November 2015 From 8c435c2bcd67874f418a498083a702bdb52832ef Mon Sep 17 00:00:00 2001 From: Justinha Date: Wed, 14 Sep 2016 11:46:01 -0700 Subject: [PATCH 53/53] removed KeySpec from inf example --- windows/keep-secure/bitlocker-how-to-enable-network-unlock.md | 1 - windows/keep-secure/change-history-for-keep-windows-10-secure.md | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md index 119e93acad..3f2fc5e488 100644 --- a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md +++ b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md @@ -164,7 +164,6 @@ Certreq example: KeyUsage="CERT_KEY_ENCIPHERMENT_KEY_USAGE" KeyUsageProperty="NCRYPT_ALLOW_DECRYPT_FLAG" KeyLength=2048 - Keyspec="AT_KEYEXCHANGE" SMIME=FALSE HashAlgorithm=sha512 [Extensions] diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index 4b4d5ec17e..5de6b76a7a 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -17,6 +17,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md | New or changed topic | Description | | --- | --- | | [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md) | Clarified how convenience PIN works in Windows 10, version 1607, on domain-joined PCs | +| [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) | Corrected certreq ezxample and added a new Windows PowerShell example for creating a self-signed certficate | ## August 2016 |New or changed topic | Description |