WinRM, or Windows Remote Management, is an HTTP based remote management and shell protocol for Windows. The Windows Remote Management Service is responsible for this functionality. If WinRM is not configured for remote access, but the service is started, it listens for local requests on TCP port 47001. If you create listener it will still listen on 47001, but also on the default TCP ports 5985 (HTTP) and 5986 (HTTPS).
Category Archives: Windows
Upgrading to a higher edition (SKU) of Windows 7/Windows Server 2008 R2 using DISM
The Deployment Image Servicing and Management (DISM) tool is a new tool included with Windows 7 and Windows Server 2008 R2. DISM enumerates, installs, uninstalls, configures, and updates features in Windows images, in either WIM or VHD format. DISM can also work against online (running) instances. Of special interest for this post are the editions commands; Get-CurrentEdition, Set-Edition, Get-TargetEditions, and their side-kick Set-ProductKey. With these you can upgrade a Windows instance from the command line without access to media. For Windows 7 and Windows Server 2008 R2 all the bits for higher editions are present in the instance or image. This is great news, because with previous versions of Windows you had to pop in the media, usually a CD/DVD, and perform an upgrade manually. For offline images (WIM/VHD) this is supported for both Windows 7 and Windows Server 2008 R2. But for running instances, or online, it is only supported for Windows Server, and only if the server is not a DC.
- Find the current edition for a running instance (online):
dism.exe /online /Get-CurrentEdition - Find the current edition for an offline image:
dism.exe /image:c:mounted_image /Get-CurrentEdition - Find the valid target editions for a running instance (online):
dism.exe /online /Get-TargetEditions - Find the valid target editions for an offline image:
dism.exe /image:c:mounted_image /Get-TargetEditions - Upgrade a running instance (online):
dism.exe /online /Set-Edition:”ServerDatacenter” /ProductKey:AAAAA-BBBBB-CCCCC-DDDDD-EEEEE - Upgrade an offline image:
dism.exe /image:c:mounted_image /Set-Edition:”Professional” /ProductKey:AAAAA-BBBBB-CCCCC-DDDDD-EEEEE
When using Set-Edition, the parameter ProductKey is also required. Note that ProductKey in this case is a parameter for Set-Edition and not the Set-ProductKey command. Set-ProductKey can only be used against the current running instance and against offline instances. (If you do not have a product key, you can use the KMS key for the edition you are upgrading to. This will, of course, not get you a free license or anything, but it is convenient for testing. Find the KMS keys here.) For offline images it is also important to note that the images has to be generalized before you can upgrade it. Use sysprep.exe /generalize to do this.
Transcript of the upgrading of a VHD file:
C:Usersadministrator>diskpart
Microsoft DiskPart version 6.1.7600
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: HOME-HYPERV
DISKPART> select vdisk file=E:Hyper-Vlab-w2k8r2quicktestlab-w2k8r2quicktest.vhd
DiskPart successfully selected the virtual disk file.
DISKPART> attach vdisk
100 percent completed
DiskPart successfully attached the virtual disk file.
DISKPART> list volume
Volume ### Ltr Label Fs Type Size Status Info
———- — ———– —– ———- ——- ——— ——–
Volume 0 F CD-ROM 0 B No Media
Volume 1 C NTFS Partition 465 GB Healthy System
Volume 2 D NTFS Partition 931 GB Healthy
Volume 3 E NTFS Partition 931 GB Healthy
Volume 4 G System Rese NTFS Partition 100 MB Healthy
Volume 5 V NTFS Partition 126 GB Healthy
DISKPART> exit
Leaving DiskPart…
C:Userssuperman>dism /image:v: /get-Targeteditions
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Image Version: 6.1.7600.16385
Editions that can be upgraded to:
Target Edition : ServerDataCenter
Target Edition : ServerEnterprise
The operation completed successfully.
C:Userssuperman>dism /image:v: /set-edition:ServerDataCenter
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Image Version: 6.1.7600.16385
Starting to update components…
Removing package Microsoft-Windows-ServerEnterpriseEdition~31bf3856ad364e35~amd64~~6.1.7600.16385
[==========================100.0%==========================]
Finished updating components.
Starting to apply edition-specific settings…
Finished applying edition-specific settings.
The operation completed successfully.
C:Usersadministrator>diskpart
Microsoft DiskPart version 6.1.7600
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: HOME-HYPERV
DISKPART> select vdisk file=E:Hyper-Vlab-w2k8r2quicktestlab-w2k8r2quicktest.vhd
DiskPart successfully selected the virtual disk file.
DISKPART> detach vdisk
DiskPart successfully detached the virtual disk file.
DISKPART> exit
Leaving DiskPart…
C:Usersadministrator>
This VHD is actually from a Hyper-V server, and has been generalized before it was mounted on the host and upgraded.
Some more info about DIMS and image servicing: http://technet.microsoft.com/en-us/library/dd744543(WS.10).aspx
Trusting self-signed certificates
If you import a self-signed certificate into the Trusted Root Certificate Authorities store you will not get certificate warnings for that certificate. Nice to know when you are working with servers that generate self-signed certificates.
Morgan’s collection of Windows keyboard shortcuts
| Keyboard shortcut | Does what | Works on | Notes |
| Win+P | Brings up the dual-monitor settings. | Windows 7 | |
| Win+X | Launches Windows Mobility Center | Windows Vista, Windows 7 | |
| Win+L | Locks computer | Windows XP and above | |
| F2 | Rename file/folder | Windows | In Windows Explorer |
More to come…
Link to a KB article that lists a lot of shortcuts: http://support.microsoft.com/default.aspx/kb/126449
Getting WHOIS information on Windows
WHOIS is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. Usually WHOIS queries are performed with a command line client and such a client is almost always a part of an OS’s TCP/IP implementation. Not so with Windows. Neither Windows 7, Vista or XP includes a WHOIS utility. Recently I had some trouble with WHOIS information from one of my domains and that set me searching for utilities to perform this task on the Windows platform. These are what I found:
- Mark Russinovich has created a WHOIS utility, you can find it on the Sysinternals TechNet Site: http://technet.microsoft.com/en-us/sysinternals/bb897435.aspx
Mark’s implementation uses the whois-servers.net service to find the correct WHOIS server to use. whois-servers.net does not have records for all TLDs and such cannot find WHOIS info for all queries. - GNU-whois for Win32 is available on SourceForge (http://sourceforge.net/projects/whoiswin/)
This utility uses a TLD list by default, contained in the file tld_serv_list. whois for Win32 is quite flexible and can query for WHOIS info using specific servers, by using the –h parameter. - Win32Whois is a graphical client available here: http://www.gena01.com/win32whois/
It offers basic features as well as some GUI specific ones.
The WHOIS service uses TCP port 43. Some TLDs publish a server referral (SRV record) for the WHOIS protocol in their zone, which identifies their WHOIS server. This SRV record is of the format _nicname._tcp.<tld>. To find the WHOIS server for the TLD .no, use NSLOOKUP:
nslookup -type=srv _nicname._tcp.no
Server: server1.domain.com
Address: 1.2.3.4
Non-authoritative answer:
_nicname._tcp.no SRV service location:
priority = 0
weight = 0
port = 43
svr hostname = whois.norid.no
whois.norid.no internet address = 128.39.8.42
So the server whois.norid.no with address 128.39.8.42 provides WHOIS info for the .no TLD.
Playing with Windows XP Mode RTM
The Windows XP Mode Base VHD file (Windows XP Mode base.vhd) is stored in C:\Program Files\Windows XP Mode. The Differencing disk is stored, by default, in C:\Users\%username%\AppData\Local\Microsoft\Windows Virtual PC\Virtual Machines.
Viewing the result of boot time chkdsk runs
Whenever chkdsk.exe runs during boot time it is often difficult to see the result before Windows reboots again (which is the default behavior). The whole of chkdsk’s output is saved in the Application log as an Information event, with source Winint and an event ID of 1001.
Not something you generally want to see…
“General failure”, that’s helpful. My on-board Atheros L1 Gigabit NIC sucks. There is really no other way to put it. Every Atheros chip, be it wireless or cable, I have had the misfortune to come across has been worthless. You should think that Ethernet and Wi-Fi should be pretty well understood concepts by now. Not so for the driver developers of Atheros. In this case the driver has “lost” (for wont of a better word) the NICs MAC address. So ipconfig.exe displays the hardware address 00-00-00-00-00-00. Needless to say, using that address on the Ethernet is not going to work. The first time this happened I had to open up the computer case and read the MAC address from the motherboard. After that I could use the driver properties to enter it manually. After that connections was restored.
However, Atheros still had some surprises! Whenever I chanced an upgrade of the driver, I would loose network connectivity again! Even if the MAC address was correctly entered into the device properties. To fix this I had to remove it, close the device properties dialogue, open it again and re-enter it. User-friendly, don’t you think?
So stay away from anything using one of Atheros chips.
Windows 7: Netdom anyone?
The other day I was joining a Windows 7 RC machine to a domain and I figured I would use my old friend netdom.exe. Netdom has been around since NT and is a command line utility for joining a machine to a domain. It provides some nice extras over the GUI, most notably the ability to specify the OU for the domain account during the join. But Windows 7 just replied ‘netdom.exe’ is not recognized as an internal or external command, operable program og batch file when I typed in netdom.exe. Had Microsoft really removed this great tool?
Yes, they had, but fortunately for us they have given us something better. PowerShell v2 is included in Windows 7 and Windows Server 2008 R2 by default and is no longer an optional component that you can remove or add. It is there permanently. PS v2 has a couple of new cmdlets that perform the same operations that netdom.exe did. Namely Add-Computer which adds a computer to a workgroup or domain (with the ability to specify the OU) and Remove-Computer which removes a machine from a workgroup or domain. Both cmdlets have many parameters making them more than able to replace netdom.exe.
I think this is a great development and hope that all command line tools will be PowerShell cmdlets in the future.
Want to see the contents of the system partition on Windows 7?
On Windows 7 the system partition, the partition the computer boots from (I know, I know, the names are messed up.), is hidden from the user. It isn’t really hidden, it just isn’t mounted to a drive letter or directory. Windows really doesn’t need drive letters or mount points. It is just as happy to use the volume GUID (see a previous post about Volume GUIDs here). It is just for our benefit that the various volumes on a computer has drive letters. It is a very good idea to not mount the system volume, that keeps users from messing with the boot critical files required for computer startup. It also makes it easy to enable BitLocker since the small unencrypted volume that loads the BitLocker driver is already in place. So in shot, good work Microsoft. But what if you’re a geek and really want to see what is on that volume? Fear not, it is quite easy.
The first thing we need to do is find the GUID of the system volume. The easiest way I know to do that is to run mountvol.exe. On a Windows 7 machine you will se one volume that has no mount points. That is probably your system volume. Just copy the GUID from the command prompt window and past it into the Run box. Windows will open a new explorer window with the contents of the system volume displayed, just like any other volume on the system. If you do not like the Run box, you can just type start.exe <Volume GUID> directly from the command prompt.
Here is the output from mountvol.exe on a test system:
Possible values for VolumeName along with current mount points are:
\?Volume{540a0153-2083-11de-9315-806e6f6e6963}
*** NO MOUNT POINTS ***
\?Volume{540a0155-2083-11de-9315-806e6f6e6963}
D:
\?Volume{540a0156-2083-11de-9315-806e6f6e6963}
E:
\?Volume{540a0157-2083-11de-9315-806e6f6e6963}
F:
\?Volume{540a0154-2083-11de-9315-806e6f6e6963}
C:
To open the system volume I just run this from the same command line:
start.exe \?Volume{540a0153-2083-11de-9315-806e6f6e6963}
And here is the result with the complete contents of the system volume:
But please remember to be careful when you poke around in here. Chances are your computer will not start if you do.