Category Archives: Staff Tech Reviews

Professional Technology Reviews by IT Professionals.

Windows Server 2016 KMS Server

<![CDATA[Windows Server 2016 KMS – Office 2016 & Server16/Win10 KMS
Recently, we found that Server 2016 standard was having issues using the volume activation tools that are built in.  Instead of using the VAT role, we elected to build our KMS server through command line.  In this tutorial, I will walk you through the steps necessary to complete your new KMS install using Server 2016 Standard.
We are installing a KMS server for Server 2016, Windows 10, and Office 2016 Pro Plus clients.  (Other versions also activate as it is backwards compatible.)
Note:  We are using VMware Hypervisor 6.5 (Free), and our KMS server is running as a VM using Windows Server 2016 Standard (with desktop experience).  Screen capture images can be browsed here. -> Steps

  1.  Create a Windows Server 2016 Server (any edition).
    • Set the timezone, name (and join) your server with your Active Directory.
    • Enable Remote Desktop and set a static IP address (optional)
    • Check for, and install, all windows updates.
    • Reboot the server
  2. Install the Volume Activation Services Role through the server manager.  Click next through the entire process leaving the defaults.  (This GUI is what crashes for us, which is why we are using command line.)
    • Reboot the server once the installation completes.
  3. Visit the Microsoft Volume Licensing Center and obtain your KMS keys for Office 2016 and Server 2016.  Keep these for future reference.  While on the volume site, download “Office Professional Plus 2016 Key Management Service Host”.  It will be an ISO file.
    • Extract the ISO to C:\kms or an appropriate location.
  4. Use an elevated command prompt for all of the following steps
    • Install the Office 2016 KMS Host pack (What we extracted to C:\kms)
      1. cd c:\kms
      2. cscript kms_host.vbs
      3. After the VAT popup appears, close VAT and hit enter twice to return to a standard command line.
    • Install the KMS keys for Windows and Office, one at a time, waiting for the confirmation that the key has been installed prior to continuing to the next.
      1. slmgr.vbs -ipk <insert Server 2016 key here>
      2. slmgr.vbs -ipk <insert Office 2016 key here>
    • Export the licensing information.  This is for two reasons.  First, to make sure both keys have been inserted correctly, and to obtain the activation ID.
      1. cd c:\windows\system32
      2. cscript slmgr.vbs -dlv all >C:\kms\export.txt
        • cscript must be used to export the information into a txt file.
    • Open the recently created export.txt file, and scroll to the licensed products.  Copy the Activation ID‘s for both products and keep for the next step.  NOTE:  The Activation ID and Application ID are NOT the same, so make sure you obtain the correct ID.  The easiest way to find the correct product is to locate the Installation ID.  It will only be present on the two products that we have installed a key on (even though we will not be using the Installation ID.)
    • Activate your product keys.  Do each command one at a time, waiting for the confirmation before moving to the next.
      1. slmgr.vbs -ato <insert Activation ID for Server 2016 here with the dashes>
      2. slmgr.vbs -ato <insert Activation ID for Office 2016 here with the dashes>
    • Confirm that your products are activated and licensed.
      1. cscript slmgr.vbs -dlv all >C:\kms\export2.txt
        • Confirm that the two products identified before have “licensed” as their licensing status.
  5. Now your server is licensing clients.  There are thresholds that will determine when activation starts.
    • Windows Server will activate after a count of 5.
    • Windows 10 will activate after a count of 25.
    • Office 2016 will activate after a count of 5.

Additional Information about KMS:
A Server 2016 KMS key will activate all server editions up to 2016.  It will also activate all Windows Client editions up to Windows 10 including 7, 8 and 8.1.  The Office 2016 Professional Plus key will activate both Pro Plus and Standard Office 2016 installations.]]>

Windows Server 2016 RDS Client Server

<![CDATA[Windows Server 2016 : Remote Desktop Services
This guide will walk you through how to setup Remote Desktop Session Host on Server 2016.  Our application of this role is to provide a central connection server for thin client users.  There are two parts of this guide, the licensing server and connection server.  This guide covers the connection server, and assumes you have already setup a licensing server named “TRAIL5”.

Connection Server
After creating a new Windows Server 2016 server, open the server dashboard and add “Remote Desktop Services”. (figure 1-1)

figure 1-1
figure 1-1

Continue through the wizard by clicking next, without adding features.  The next screen will display role services for remote desktop services.  Add “Remote Desktop Gateway” and “Remote Desktop Session Host” and then finish the wizard. (figure 1-2)
figure 1-2
figure 1-2

After Installation completes, restart the server as required.  Once restart has completed, create a group policy to define the licensing information.  This can be achieved on the local machine by running “gpedit.msc” or by creating a group policy object applied to the container in which this server resides.  Local policy can be applied at the following path: Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Licensing.  This is where you set the licensing server and type. (figure 1-3)
figure 1-3
figure 1-3

A policy that is applied through group policy rather than locally would be below. (figure 1-4)
figure 1-4
figure 1-4

Once this policy is applied, you may restart the server.  After a restart, it will be fully licensed and ready to use.

This guide was to setup the client access server portion of a remote desktop environment.  To setup the licensing server to process CAL’s, please see this post.]]>

What every K-12 Windows District Needs

<![CDATA[Note: This post assumes you are reading this as part of the technology staff of a K-12 Windows based school district.  I am not a MAC guy and would not presume to know what a MAC district needs.  I won't bore you with my credentials, but I have been in IT a while and in education since 2003.
I have recently been helping a new tech director and came to realize that there is little guidance out there on the minimum things a good district needs.   Some of the things I have been suggesting are not at his new district and I would have assumed any tech staff would have those things.  I realize that some readers may feel some of these are unnecessary and that other items should be added.  Feel free to add your ideas in the comments section below.  These are NOT in order, I think they are all required so order seems unimportant.
1.  A VM (Virtual Machine) system.  I have almost every server virtualized.  Until 2012 I did not believe that  a virtual server could run as well as a physical one.  I was at a Spiceworks meeting and an acquaintance convinced me to try the free version of VMWare.   I now use ESXi for all my virtualization.  There are alot of reasons to virtualize servers.
2.  A helpdesk system.  I just mentioned Spiceworks so I might as well list that next.  It is great, free, fully customizable, and runs easily on any Windows machine.  There are others, but Spiceworks has a huge community and runs great.  I LOVE spiceworks!
3.  A Windows Server Update Services (WSUS) machine running and configured in your network.  After it is setup (2 hours max) and added to your group policy all your machines will stop downloading updates from Microsoft (a big deal if you have 100s of machines) and just get them from you server instead.  Mine is virtualized and on a 500Gb drive due to the size of downloads.   A properly configured WSUS downloads and accepts your defined approvals automatically.  You should not have to touch this again after setup.  You configure your AD to point to it and how the clients will process the updates.
4.  A Key Management Server (KMS) to distribute your Microsoft keys to your servers and clients.   Installing actual keys on every client takes time and puts your key out on every machine a student logs on to.   Instead, you can put your keys onto a KMS server and never activate anything again.   And, if a laptop is stolen, it will deactivate and stop working eventually.  KMS was not a must with XP when we had corporate keys that were unlimited…that is no longer the case.  Just do it!
5.  Look into the Microsoft EES agreement.  I am not a software renter by nature, but the EES agreement covers your operating systems on clients, servers, and CALs for a fraction of the cost.  It covers unlimited clients with the price based on the number of employees in the district, not the number of computers.  If you have anything close to 1:4 then you are way ahead going this route.  We added Office (again way cheaper than buying even every 10 years) and employees can install it at home as well on the base price.  It covers all the servers I am mentioning.
6.   An Imaging solution.  We use FOG.  I know there are lots of options and I have tried a couple.  I have been using it for several years and am very happy with it.  Free, PXE client boots, and works with everything we have tried.  In the educational environment we reimage machines all the time, if you don’t you should.  Labs are done almost monthly.  It refreshes the KMS server count and makes sure that the testing systems are ready to go each cycle.  I have all my servers pulled with FOG as well as images for my labs and other machines.
7.  Fresh images for your machines.  It goes without saying that being able image without having good images is worthless.  I have a VM that holds the pertinent images.  I update them there and repull them before doing anything major.  Having a good imaging server and good images makes your life so much easier.  These two items alone are worth their weight in gold.  Every time we start a testing cycle I reimage (it is just a click on the Web GUI) all my testing machines.  I know they are all fresh and ready to go.  I also know that if I am spending more that 30 minutes on a software issue that instead I can just image a machine in 10 minutes (6 minutes to image and 2 reboots to rename and rejoin…all automatic.)
8.   2 AD servers.  I think it goes without saying that a sole AD is a terrible idea.  But I do know at least one tech director that only had one, and then it failed.   I have one physical and one virtual.  I would recommend one at each campus if you are a multi-campus district.  The AD should be organized in both the user and computer categories so you can have manage them with good group policies.  My AD server does DNS and DHCP as well.
9.  Group Policies you can easily maintain.  If your AD is well organized, then good maintenance of your network is much more efficient with good policies.  I install all printers, network drives, software installs, all through policies.  That being said, too many policies can slow your network and ruin the user experience.  Take care!
10. An LMS (Learning Management System.)  There are a number of good ones.  We use Moodle.  It is the most full featured, very configurable, and the most powerful.  It is not the easiest or the most intuitive.  It will require PD, especially for your less tech savvy teachers, but is without doubt the best free option.    It doesn’t matter which LMS you choose if you at least have one.  No school should be without an LMS is this day and age.
11.  Become a Google district.  Even if you use Office 365 (which we could but don’t) then there are enough things to make GAFE a great choice and make it worth your time.  It is of course free, with unlimited storage, and a requirement to use Chromebooks in your school.  It is worthwhile just to provide your teachers each a YouTube account to save classroom videos.   It is also a great place to keep all PD videos for your district.  I record almost every PD session and more to provide a repository for staff to peruse at their convenience.
There are alot of parts that make up a good district.  These are just some that seem to be missing in some districts I have helped.]]>

Thin Clients really can win!

<![CDATA[I will say from the onset of this article up until recently I would have called myself a thin client opponent, not a proponent.  My early experiences with thin clients were not pleasant.  Servers stretched to thin, poor performance, and inexpensive PC options made thin clients seem like a bad choice.  But two years ago we purchased an Firefly 208R2 Server and L300 thin client lab for a hot, poorly powered room that changed my mind.
This setup worked out so well we decided to look into configuring like systems inhouse.  We used old Dell D600 laptops and set them up to autologon and connect to a 2008R2 remote desktop server.   This ue of low end, old machines connecting to a Dell Optiplex 780 seemed like a perfect match.  We setup the system similar to the Firefly system with a VelociRaptor Hard Drive and 16Gb or RAM.  We found that 25 clients seemed to be the sweet spot, with 30 being a max for the system.
A great thing happened just as we were getting started, we got 210 free WYSE Z90D7 systems from the military DoDCFL program.  These Windows 7 thin clients had 4Gb DDR3 RAM sticks and with a little experimenting were easily setup.  We actually pulled the 4Gb sticks to use in the 780 systems and put 2Gb in them.  Furthermore we purchased SSD drives for them.  To say they rock is a vast understatement.  We put a 780 in every few classrooms (they were a workstation as well as a the server) so that no server  had more than 20-25 clients.
Systems logon in just a few seconds.  Students only make 1 profile per server.  I only need to update  5 systems for the entire middle school…I could go on and on.  The main takeaway is that making a thin client server is easy, and very responsive.  Just like using VMWare on a server to host multiple servers, you can use 2008R2 to host multiple workstations.
If you haven’t tried thin computing lately, I suggest you give it a try, you will not be displeased!]]>

If you don’t FOG, you are nuts!

<![CDATA[FOG Project
FOG stands for Free Open-Source Ghost.  I used to use Ghost, purchased before I came to NTLS, but I refused to spend the amount required for the new version.  I have used FOG for some time, and frankly is was very useful.  We use version 0.32 to clone drives in our tech room.  We utilize old Gateway laptops with external USB drive docks to easily drop drives in, image, and replace back in machines.  We had tried the new version of FOG but went back to 0.32 when the new version was incompatible with external USB drive connections (tried several.)  We were content with our usage.

Last week,  I attended the OETC Conference and found out how underutilized our implementation truly was.  We went to a FOG session hosted by Casey Ailiff from Kent City School District and Chris Carman of Roosevelt High School.  I humbly give credit for the changes we made and everything that follows, to them.

FOG 1.20 can be hosted from a centralized location virtual server, easily setup and deployed on a Ubuntu 12.04 (my favorite currently) VM in about an hour. The installation is easy and fairly detailed on their webpage. The problem is that in the past I had simply installed FOG and used it right out of the box with no additional configurations.
The first thing I found I needed was to connect FOG to my active directory.  FOG will automatically rename and join newly imaged system IF this step is taken.  This is actually pretty simple.  The first step is to make a new account on the AD that you will set and forget.  This user has to have permissions to join systems to the AD.  The password should be complex.  You will put the password into the FOG Crypt program that is found by clicking the FOG Client/FOG Prep link which is at the bottom of every FOG page.  This link takes you to the page that you can download Fog Crypt.  This program you put the AD password into and it converts it into the string you then put into the AD configuration page in FOG.  This is one of the most important parts of maximizing FOG.  Don’t skip it!

The  next step is to prepare your image.  Use the smallest drive in your inventory and make sure you format the drive with a single partition before you install Windows 7.  Windows 7 by default makes a 100Mb partition that ruins one of the benefits of FOG.  By using a single partition image and your smallest drive (ours is a 60Gb SSD) then the image will fit on any other drive and FOG will automatically expand it to the full size of the drive when it installs.  We install Windows, do all the updates, install all our core software, and install the FOG Client Service.  We actually put everything on this image that any teacher or HS/MS student would need.  It uses 28Gb on the drive.  It is now our core image.  We then sysprep our image by copying the unattend.xml file and prepit.bat into the windows\system32\sysprep directory.  Then click on prepit.bat and it will sysprep and shut down.  We used the file that we got at the OETC class and referenced it to make our Windows 7 Enterprise version.   Yes there is a product key there, but it is the KMS one.
So now we can FOG to any Intel based PC in our district.  We made another version with all the elementary school software and sysprepped that for the elementary school.  Two images….pretty cool.  We will probably end up with a few more, but not as many as the 20+ we used to have.  But we aren’t finished yet.

The next step is to setup your machines to PXE Boot first and register them with the FOG server.  This entails hitting the down key three times when it boots, selecting Perform Full Host Registration, and letting the system boot into the FOG system.  The first thing it will ask is the system name.  You simply need to enter the name and hit enter about 8 times to get in on the system.  You can take the extra time to select an associated image, but it is easier to associate that on the FOG Webpage.  My students accomplish this task around the district after watching this flipped video.
After that you can do the rest from the FOG Webpage.  The first time we cast an image we had the system all configured and the new lab up in about an hour.  Those new systems now all have the FOG Service which allows you to do alot, including sending a new image without ever going down to the room.  If you enable the renaming service, and have the  Active Directory Join after Image Task checked, it will rename and join on its own.
About this point I was really geeking out.  In two days I had every lab in the district redone, and the hard part was making the images and remembering everything.   I used to Image systems every year, and recently I was stretched to every two or three.  Now every time I want to do a major upgrade, or just clean off all the student user accounts, I can re-image them in a flash.  There are alot of extra things you can accomplish with the FOG services, and I am just touching on a few of them.  I encourage any IT department to install FOG, play with all the options it provides, and appreciate how much this open-source program improves your school or business.
Thanks Casey and Chris!
Resources from my Apr 2015 Ohio Technology Summit Presentation  can be found here.
FOG version 1.4.4 Changes
The one change that affected us with the upgrade was the fact that the new FOG service breaks a sysprepped image.  The workaround is fairly simple.

  1. Disable the FOGService in the PC services.
  2. Drop a file in C:\Windows\Setup\scripts\SetupComplete.cmd
    1. The text inside this file is as follows.  It will reactivate FOGService when the sysprep is complete.
sc config FOGService start= auto
shutdown -t 0 -r


Need a new school lab?

<![CDATA[Frequently technology coordinators are faced with the option of adding or upgrading a new lab at school.  Usually we just look at our current setup and upgrade to newer hardware, OSs, and associated software.  This past year I was faced with the possibility of adding an additional lab in a very old (low tech) building.  When our building supervisor looked at it he immediately said we would need a new sub-panel and wiring to support 28 new PCs in the room.  His estimate for that was $7500.
Instead of going for the wiring and the traditional approach, I decided to look into greener options.  The nComputing L300 option immediately popped out in my Google searches for low power PCs.  I am not a fanboy of thin computing and was very skeptical about the statements concerning it’s performance.  I contacted several other Technology Coordinators and got their feedback and recommendations.  All of them gave the system high praise, once they got their labs configured correctly.
The problem with this approach, and probably any thin computing lab, is proper configuration.  Two schools both recommended a fully configured option from FireFly Computers.  Their entire business is built on one thing, building nComputing Labs really well, and it turns out that they do just that.
IMG_0040We purchased their Firefly 1200 rackmount server and put it in our server closet.  We did a 28 station lab in the existing classroom (with no additional electrical added.)  The Ethernet (it is an all Ethernet connection back to the server) all goes through Gb switches to a single Gb copper line to the server.  The setup could not have been more simple and the performance has been exactly as advertised.
I would recommend this path for any new lab.  The price per workstation is much lower than ANY PC and the energy savings are great.]]>