MDT in a Box – Additional Scripts

    Stefan Peters

Scripts

In an earlier blogpost I explained how to install Microsoft Deployment Toolkit on a Windows Server running in Azure. This “MDT in a Box” allows you to create OS images for many purposes. To make the process easier I have developed some PowerShell scripts. The scripts where discussed in the online meetup of Dutch Windows Virtual Desktop User Group live session on December the 7th. This meetup was recorded and can be viewed here. (not available yet)

Three of them are listed here.

  • MDT_Deployment_v2.ps1
  • LTImdtimageversion.ps1
  • Tosysprep.ps1

These scripts work very well with the MDT in a Box machine I created (see this page for instructions on how to create that). For instruction on how to install these scripts in your MDT environment check this section below!

Continue reading MDT in a Box – Additional Scripts

Azure NAT – Revisited

    Stefan Peters

This blogpost is a Revisit of the former Azure NAT post. During the writing of the BLOG Azure NAT seemed to be a perfect solution for creating a single outbound IP for WVD servers. It will make sure all WVD servers have the same PUBLIC IP to browse the web. Making whitelisting for websites, MFA and other solution easily possible.

Unfortunately I have implemented the Azure NAT Gateway in a customer location and has a bad side effect I did not anticipate. At time of writing I give you one advice:

DO NOT IMPLEMENT AZURE NAT GATEWAY FOR WVD

The WVD connection becomes very unstable. Users randomly get disconnected/reconnected during the session.

Continue reading Azure NAT – Revisited

Azure NAT

    Stefan Peters

DO NOT IMPLEMENT AZURE NAT GATEWAY FOR WVD

We are currently investigating issues at a customer site, that is using Azure NAT Gateway, I will release a blogpost next week when the confirmation comes back that the issue is resolved.

Keeping below blog for reference!!! (20200807)

Introduction

In a former blogpost I described a simple way to create a static PUBLIC IP for more than one Virtual Machine in Microsoft Azure. The reason is still the same, you might need a simple and cheap method of using a single PUBLIC IP for one or more RDS/WVD machines, so that all users browse via the same PUBLIC IP to the internet. This is especially useful when your users use an IP whitelisted website.

Continue reading Azure NAT

MDT in a Box – Introduction

    Stefan Peters

Introduction

This BLOG will describe the instruction how to create your very own “MDT in a Box” server. You can use this server to create images for physical computers, RDS, WVD and probably also other VDI environments. MDT is Microsoft Deployment Toolkit, a few Windows tool to automate the Operation System Deployment (OSD). I use this often in my work for customers to create “golden images” for RDS or WVD.

With the MDT in a box you can create VHD or WIM files for your environments, or for you client environments. You can install several applications, scripts, language packs and updates in this task sequence.

In my work I use MDT to create “golden images” for RDS2019 and Windows Virtual Desktop with Windows 10 Enterprise Multi Session.

This BLOG is very long so I split it in a few parts.

1. Prepare the Server

2. Install MDT

3. Configure MDT

4. Deploy Windows 10 – ISO

5. Deploy Windows 10 – Multisession (WVD)

6. Add applications

7. Add language pack.

8. Add Windows Updates

Have fun!

Azure NAT with Ubuntu Linux

    Stefan Peters

Introduction

When creating a workplace for your users in Azure using RDS or Windows Virtual Desktop you might recognize this issue. All servers in Azure use a dynamic outbound IP for browsing. When you need to access websites that require IP whitelisting this can be an issue.

You can use multiple solutions for this problem:

  • Route your internet traffic back to on-prem via ExpressRoute or VPN
  • Use Azure Firewall, or a virtual firewall appliance (can be costly)
  • Use a self-build outbound NAT VM

This blog will explain how to build your own outbound NAT VM for your Azure virtual net. Although this is not Enterprise ready it will work just fine. Determine production readiness for yourself.

Continue reading Azure NAT with Ubuntu Linux

WVD Group Assignments – PowerShell

    Stefan Peters

Windows Virtual Desktop is a great way of publishing remote desktops to your users. In contrast of Remote Desktop Services (RDS) you do not have to manage the infrastructure of brokers, gateway etc. the WVD service will manage all of this to you.

I have been working with WVD for several months now and I have created some PowerShell scripts to make WVD life easier. At time of writing assigning user by user to a WVD hostpool is the only method of assigning users to hostpools. There is no method to assign an AzureAD group or WSAD group to a hostpool. Because managing the user (upn) assignments of hundreds of users is not very convenient I created a PowerShell script to make this easier.

The PowerShell script read a Windows Server Active Directory (WSAD) group, takes out the UPN of the members and assigns them to the HOSTPOOL. It is a one-way sync with add and remove.

Continue reading WVD Group Assignments – PowerShell

Create a WIM file from the WVD VHD file.

    Stefan Peters

Microsoft has a new Virtual Desktop to host desktops managed by Microsoft running on Azure. At time of writing the Windows 10 Enterprise for Virtual Desktops is not available as ISO file, so running SCCM or MDT to build your own WVD “Golden Image” is not that easy. Combining some techniques allows me to create a WIM file of the VHD that Azure delivers. The WIM file can be used to do an MDT OS Deployment.

What do you need?

  • Microsoft Azure subscription (https://portal.azure.com)
  • MDT Server
  • An up and running Windows Virtual Desktop environment

Steps to get the WIM file.

  1. Create an Azure VM with the correct Windows 10 version.
  2. SYSPREP the VM and shutdown/deallocate.
  3. Download the VHD file
  4. Convert the VHD to WIM with a few PowerShell lines
  5. Import the WIM file in MDT for a regular OS deployment task sequence.

Continue reading Create a WIM file from the WVD VHD file.

Manage non domain Joined Windows Server 2019 Core

    Stefan Peters

In this blog I will explain how to install a Hyper-V role on a Windows 2019 Standard Server Core. I also install and configure the DHCP and RRAS role. To configure these roles, I use a Windows 2019 Standard Server (Desktop Experience).

This normally is pretty easy when all are joined to the domain, but for my “LAB” scenario I do not use a Domain Controller. Procedures should work also on Hyper-V Server 2019, except for the DHCP and RRAS role.

In my LAB network I want to use a Sophos XG HOME edition for network protection to the Internet. I want to virtualize this software to maximize the usability of the MiniPC I purchased.

From a major Chinese webshop I purchased a J1900 based MiniPC with 4x Intel Network card in it. It came with 8GB and 120GB SSD. The J1900 processor supports Hyper-V.

I want to use the DHCP/RRAS and Hyper-V role on this BOX. Because the J1900 only supports 8GB of RAM I use the Server Core edition of Windows 2019 instead of the Desktop Experience.

Continue reading Manage non domain Joined Windows Server 2019 Core