Tuesday, February 26, 2013

Backup All GPOs using Task Scheduler and Powershell

Hi guys,
this guide will show you how to create a monthly GPO Backup using a schedule task thats starts a Powershell script.

Download this script from my previous post, change it for your environment and save it to your server on "C:\scripts\GPOBackup".

Start the Task Scheduler located in Administrative Tools. Right-click on "Task Scheduler" and select "Create Task".


















On the "General" tab name the task i.e. "GPO Backup" and select "Run wheter user is logged on or not".




















On the "Triggers" tab click on "New..." button and select "Monthly". Set the Months and Days you want to backup the GPOs.






















On the Actions tab select "Start a program" Browse to the saved script and fill the "Start in" field.






















On the last step confirm your configuration and enter the credentials you want to use to run the Schedule Task.

Thursday, February 21, 2013

Windows Server 2012 KMS Volume Activation Methods

For Windows Server 2012 we have two Volume Activation Methods. The first one is the activation over the Key Management Service (KMS) and the second is Active Directroy-based (ADBA).

Via the KMS activation the client searching for the KMS host by checking the DNS _VLMCS record. Than the client will contact the host via IP adress on port TCP 1688. Is the threshold count ok (5 for server and 25 for clients) the client will be activated.

The ADBA working with the Domain Controllers. If the client joins the domain it will contact a Domain Controller and check for stored Activation Objects. If a object for the client object is available the client will be activated.

Requirements for the Volume Activation Methods

Key Management Service
-Dedicated Role
-Network Port TCP 1688
-25 Clients or 5 servers have to be contacted to the KMS
-DNS entry  _vlmcs._tcp

Active Directory-based
-Domain-joined Clients
-AD Schema min WS 2012


Installation of  Volume Activation Methods on Server 2012

Install the Role "Volume Activation Services" via Server Manager.

Active Directory-based
Now start the Volume Activation tools, on the Volume Activation Method page, select Active Directory-based Activation. If you are not an Enterprise admin, enter the Enterprise admin credentials. Than enter the KMS host key and an optional name for the AD activation object. Activate the key online or via phone.

To verify the Active Directory-based activation, look into the Eventlogs "Windows Application" Event 12308.

Key Management Service
Start the Volume Activation tools, on the Volume Activation Method page, select  Key Management Service (KMS). If you are not an Domain admin, enter Domain admin credentials. Enter the KMS host key and activate it online or via phone.

To verify the KMS activation, type in the following command on the server "Slmgr /dlv".


Installation of KMS on Windows Vista, Windows 7, Server 2008 and 2008 R2

If you want to install the KMS for Windows 8 and Server 2012 on the mentioned systems, you have to install the hotfix 2757817. After a restart you can enter the following commands to install the KMS:

cscript %windir%\system32\slmgr.vbs /ipk 12345-12345-12345-12345-12345
cscript %windir%\system32\slmgr.vbs /ato

To check if the key was sucessfully applied you can enter the following command:

slmgr.vbs /dlv

If you want to update an existing KMS Server you have to remove the old key first using the command "cscript %windir%\system32\slmgr.vbs /upk".


Generic Volume License Key (GVLK)

You can converting a a KMS host, MAK, or retail edition of Windows to a KMS client, install the GVLK from the KMS Client Setup Keys List. Clients with a GVLK installed will automatically activated if you are using one of the two Activation methods. Depending on your Operating system choose the key from the list and type in the command:

slmgr /ipk <key depends on OS edition>



Which key can be used for Volume Activation


-Windows Editions activated by W8-KMS-Host-Key-
Windows Vista Business
Windows Vista Enterprise
Windows 7 Professional
Windows 7 Enterprise
Windows 8 Professional
Windows 8 Enterprise

-Windows Editions activated by WS2012-KMS-Host-Key-
Windows Vista Business
Windows Vista Enterprise
Windows 7 Professional
Windows 7 Enterprise
Windows 8 Professional
Windows 8 Enterprise
Windows Server 2008 (all Editions)
Windows Server 2008 R2 (all Editions)
Windows Server 2012 (all Editions)


Manage Volume Activation using VAMT


To install and configure VAMT you can have a look at this MS topic.


Office 2013 Activation


For activating Office 2013 MS has published a article Volume activation methods in Office 2013


Solutions for Volume Activation Errors


Error: 0xc004C008, The actication server determined that the specific product key could not be used
A KMS host key can only be activated six times. If you have reached this counter you have to call the MS Support to reactivate your key.

Error: 0xC004F050, The Software Licensing Service reported that the product key is invalid
This error appears if the product key is invalid or unknown. For previous Operating systems before W8 and WS12 you have to apply the hotfix 2757817. After you have applied the hotfix you have to restart the server.
Error 0xc004f038, KMS count is below 25 for Windows clients computers or less than five for Windows Server machines
The KMS host does not have enough KMS clients that has reported to the KMS host.
You can check if the client use a non VL key by type in the command "slmgr.vbs /dlv".
If no client reported to the KMS host check if port TCP 1688 is opened.
You can also verify the listed KMS Server if there is one that isn´t managed by you. To get a list type in the following command "nslookup -type=all _vlmcs._tcp".

0xc004e003, The Software Licensing Service reports that the license evaluation failed
Rename the tokens.dat file on the KMS host and create a new one with the command "slmgr /rilc".


Monday, February 18, 2013

Powershell: Backup all GPOs

Hi guys,
This script is to Backup all GPOs and save it to a server, in a folder named as the current date.
You can use this script running in a schedule task for weekly GPO Backups.
If you have any questions reply to my post.
Have a nice day!
Regards,
Tim