When Building a Windows UEFI system there are a few things to know that are different from when building an old BIOS based machine. First your USB install stick has be be formatted with FAT32 and Not NTFS. Second your UEFI motherboard probably has a Compatibility Support Module (CSM) mode that is set for BIOS compatibility. You need to turn that off if you want to enable UEFI, Secure Boot, and booting from a GPT partitioned disk.

The 11 steps for manually preparing / building a USB Disk to be a bootable Win 8.1 Install.
This bootable USB stick will work for both older BIOS installs as well as the newer UEFI installs.

1. Diskpart (Run from a CMD prompt)
2. List Disk
3. Select Disk # (Where # is the number of your USB disk)
4. Clean (removes any partitions on the USB disk, including any hidden sectors)
5. Create Partition Primary (Creates a new primary partition with default parameters)
6. Select Partition 1 (Focus on the newly created partition)
7. Active (Sets the selected partition to an active valid system partition state)
8. Format FS=fat32 quick (Formats the partition with the FAT32 file system. FAT32 is needed instead of NTFS so that it can load under the secure boot UEFI BIOS.)
9. Assign (Assigns the USB drive a drive letter)
10. Exit
11. Copy all the files from the Windows 8.1 DVD to the USB Stick.

For More information on on UEFI and Installing Windows to these machines here are some links:

For more information on UEFI BIOS and Secure Boot in Windows 8.1
http://answers.microsoft.com/en-us/windows/forum/windows8_1-security/uefi-secure-boot-in-windows-81/65d74e19-9572-4a91-85aa-57fa783f0759

Installing Windows on UEFI-based Computers
http://technet.microsoft.com/en-us/library/hh290675(v=WS.10).aspx#BootingUEFImode

First off we need to download the latest .exe for Java. I tend to get it through Oracle’s site as you get a better listing and can obtain earlier versions/the JDK (Java Development Kit) if you want it as well. Any who, Java comes in 3 flavours:

1. JDK – Java Development Kit
2. Server JRE – “Server Java Runtime Environment” Doesn’t include the web plugins but allows you to run RIA’s (Rich Internet Applications)
3. JRE – Java Runtime Environment (The stock standard app you’ll pick up to distribute on your network)

Obtain the version you require from here: http://bit.ly/jdkjre

Once you’ve chosen your flavour, accepted the license agreement and downloaded the Windows x86 Offline version “jre-7uXX-windows-i586.exe” where XX is whatever update they are up to. (~30MB) you can open the .exe with admin rights.

Once it pops up with the java installer window you will find hidden under “%userprofile%\appdata\locallow\Sun\Java” the Java .msi. You can get there by copying and pasting that into a run prompt. Copy the latest Java folder to your server share (mine was jre1.7.0_45) and don’t worry about the Deployment folder. Within this java folder is an .MSI and .cab. We now need to make a transform so the Java Update utility doesn’t annoy users.

Using either Orca or instEd to create an .MSI transform, under the property table set:

• AUTOUPDATECHECK      0 (turns off looking for updates)
• ENDDIALOG       0 (Turns off install finished notice)
• IEXPLORER          1 (Installs to IE)
• JAVAUPDATE     0 (Turns off updating)
• JU           0 (Turns off updating)
• MOZILLA              1 (Install to firefox)
• RebootYesNo    0 (Stops auto restart after install)

Once that’s all done and you’ve generated/saved your Transform to the network shared Java folder, load up Microsoft’s Group Policy Management console and right click on the Organisational Unit (OU)  that you’ve added your network computers to and select “Create a GPO…”

Name the policy “Java 7uXX” or whatever you would like it to be named, then under:

“Computer Configuration – Policies – Software Settings – Software Installation”

right click in the right hand window, or on the software installation icon and choose “New… – Package”. Find the Java folder you put on your server and select the .MSI and choose “Advanced” as the deployment method.

Once the panel opens up, go to the Modifications tab and select Add. Locate your Transform and click Ok. The package will now be loaded into MS GPO and you can exit out of the window as it is already saved.

To delete the Start Menu icons run this script at shutdown (or startup) (.bat)

@echo off

if exist "%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Java" (
    rmdir "%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Java" /s /q
)

In terms of uninstallation download the JavaUninstall.bat file. This will uninstall Java up to version:

• 8.0
• 7u51
• 6u71
• 5u23
• 1.4.2_19
• 1.3.1_25

Uninstall Script + SuperJRE Download:

JavaUninstall.bat:  http://bit.ly/jreUninstall
SuperJRE (All Java 7 updates with Transform – 439.04MB): http://www.mediafire.com/download/crlxvyq7vdceas0/SuperJRE.zip
JRE Installations per version (~30MB):

JRE 7u51.zip (MSI+CAB+Transform) : http://bit.ly/jre170_51
JRE 7u45.zip (MSI+CAB+Transform) : http://bit.ly/jre170_45
JRE 7u40.zip (MSI+CAB+Transform) : http://bit.ly/jre170_40_1
JRE 7u25.zip (MSI+CAB+Transform) : http://bit.ly/jre170_25
JRE 7u21.zip (MSI+CAB+Transform) : http://bit.ly/jre170_21
JRE 7u17.zip (MSI+CAB+Transform) : http://bit.ly/jre170_17
JRE 7u15.zip (MSI+CAB+Transform) : http://bit.ly/jre170_15
JRE 7u13.zip (MSI+CAB+Transform) : http://bit.ly/jre170_13
JRE 7u11.zip (MSI+CAB+Transform) : http://bit.ly/jre170_11
JRE 7u10.zip (MSI+CAB+Transform) : http://bit.ly/jre170_10
JRE 7u09.zip (MSI+CAB+Transform) : http://bit.ly/jre170_09
JRE 7u07.zip (MSI+CAB+Transform) : http://bit.ly/jre170_07
JRE 7u06.zip (MSI+CAB+Transform) : http://bit.ly/jre170_06
JRE 7u05.zip (MSI+CAB+Transform) : http://bit.ly/jre170_05
JRE 7u04.zip (MSI+CAB+Transform) : http://bit.ly/jre170_04
JRE 7u03.zip (MSI+CAB+Transform) : http://bit.ly/jre170_03
JRE 7u02.zip (MSI+CAB+Transform) : http://bit.ly/jre170_02
JRE 7u01.zip (MSI+CAB+Transform) : http://bit.ly/jre170_01
JRE 7u00.zip (MSI+CAB+Transform) : http://bit.ly/jre170_00

As a security best practice, it is recommended that we do not log on our computer with administrative credentials because it will otherwise increase security risks.

When we want to perform administrative tasks, we could use RUNAS to start a program using administrative accounts.

We know we can do Shift + Right Click to get RUNAS command in some of the case but for some, that is not an option, such as Active Directory management tools.

What we can do is to use command line to accomplish those tasks.

runas /user:domain\yli “mmc %windir%\system32\dsa.msc”

Of course, this applies to other .msc snap-ins.

We can then create shortcuts for these RUNAS commands on the desktop to make them handy.

In order to configure an Windows 2008 R2 Server as a time server in a non-domain environment you will need to make a number of changes to the registry.  This tutorial will show you both the settings for configuring the NTP Server in addition to the client settings.

NOTES

It is worth noting that this example is based on the below,

1. A Windows 2008 R2 Server acting as the NTP Server
2. A Windows 2008 R2 Server acting as the NTP client for which it will source its time from the above server.
3. This configuration based upon not using a Windows Domain.

NTP SERVER

SERVER SETTINGS

1. Enable the NTP Server

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer]”
“Enabled”=dword:00000001

CLIENT SETTINGS

1. Enable NTP Client and set polling interval.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient]”
“Enabled”=dword:00000001
“SpecialPollInterval”=”300”

2. Configure the NTP Time Source, period and frequency

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
“NtpServer”=”[NTP SERVER IP],0x1”
“Type”=”NTP”
“Period”=”freq”

NTP CLIENT

CLIENT SETTINGS

1. Enable NTP Client and set polling interval.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient]”
“Enabled”=dword:00000001
“SpecialPollInterval”=”300”

2. Configure the NTP Time Source, period and frequency

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
“NtpServer”=”[NTP SERVER IP],0x1”
“Type”=”NTP”
“Period”=”freq”

ADDITIONAL

STARTUP

By default the w32tm service will not automatically start if your Windows machine is not on a domain. To ensure that the service starts automatically run the following command :

sc triggerinfo w32time start/networkon stop/networkoff

TROUBLESHOOTING

To confirm that your clients are correctly peering with your time source run the following command.

w32tm /query /peers

Exchange Server 2010 Service Pack 1 introduced a new method for exporting mailboxes called Mailbox Export Requests.  This new method replaces the previous Export-Mailbox command.

Before we look at how to create a new mailbox export request in Exchange 2010 SP1 there are a few things that you should understand.

Firstly, no accounts are granted the rights to export mailboxes by default.  You need to explicitly grant these rights, even to accounts that are organisation administrators.

Secondly, the mailbox export request is processed by the Client Access server role.  Because multiple Client Access servers can exist in a site the request could be processed by any one of them.  To ensure that the path to the export PST file is valid for any Client Access server it has to be a UNC path to network share, not a local path.

Granting User Rights for Mailbox Exports in Exchange 2010 SP1

The first step is to grant the right to export mailboxes to an account in your organization.  In the Exchange Management Shell run the following command.

New-ManagementRoleAssignment –Role "Mailbox Import Export" –User Administrator

If you’re logged with that user already simply restart your Exchange Management Shell session to be granted access to the new cmdlets.

Creating a Network Share for Mailbox Exports in Exchange 2010 SP1

Next we need to create the network share that will be used as the file path for the exported PST files.  All that is required here is a network share that the Exchange Trusted Subsystem group has read/write permission to.

Exporting a Mailbox with an Exchange Server SP1 Mailbox Export Request

With everything configured properly we can now use New-MailboxExportRequest to start the mailbox export.  The only two required parameters for the command are the file path to the export PST file, and the name of the mailbox to export.

[PS] C:\>New-MailboxExportRequest -Mailbox alan.reid -FilePath \\esp-ho-ex2010a\pst\alan.reid.pst

Name                                           Mailbox                                        Status
----                                           -------                                        ------
MailboxExport                                  exchangeserverpro.net/Company/Users/Head Of... Queued

To view the status of the request use the Get-MailboxExportRequest cmdlet.

[PS] C:\>Get-MailboxExportRequest

Name                                           Mailbox                                        Status
----                                           -------                                        ------
MailboxExport                                  exchangeserverpro.net/Company/Users/Head Of... InProgress

You can also see more detail about the mailbox export request with Get-MailboxExportRequest.

[PS] C:\>Get-MailboxExportRequest -Name MailboxExport | fl

RunspaceId     : c48a9069-e572-4c65-80ea-773e61e5337e
FilePath       : \\esp-ho-ex2010a\pst\alan.reid.pst
SourceDatabase : MB-HO-01
Mailbox        : exchangeserverpro.net/Company/Users/Head Office/Alan.Reid
Name           : MailboxExport
RequestGuid    : 9de3a722-0c82-4e34-98bf-0ff624c47c16
RequestQueue   : MB-HO-01
Flags          : IntraOrg, Push
BatchName      :
Status         : InProgress
Protect        : False
Suspend        : False
Direction      : Push
RequestStyle   : IntraOrg
OrganizationId :
Identity       : exchangeserverpro.net/Company/Users/Head Office/Alan.Reid\MailboxExport
IsValid        : True

An easy way to see the progress of all mailbox export requests is to pipe Get-MailboxExportRequest into the Get-MailboxExportRequestStatistics cmdlet.

[PS] C:\>Get-MailboxExportRequest | Get-MailboxExportRequestStatistics

Name                                   Status                    SourceAlias                           PercentComplete
----                                   ------                    -----------                           ---------------
MailboxExport                          InProgress                Alan.Reid                             20

Exporting an Archive Mailbox with Exchange Server SP1 Mailbox Export Request

You can also export a user’s Personal Archive using mailbox export requests simply by adding the -IsArchive parameter to the command.

[PS] C:\>New-MailboxExportRequest -Mailbox alan.reid -FilePath \\esp-ho-ex2010a\pst\alan.reid.pst -IsArchive

Completing the Mailbox Export Request

When a mailbox export request is completed it remains on the server until it is removed by an administrator usingRemove-MailboxExportRequest.

To see all of the completed mailbox export requests run this command.

[PS] C:\>Get-MailboxExportRequest | where {$_.status -eq "Completed"}

Name                                           Mailbox                                        Status
----                                           -------                                        ------
MailboxExport                                  exchangeserverpro.net/Company/Users/Head Of... Completed

And to clear all completed mailbox export requests from Exchange run the following command.

[PS] C:\>Get-MailboxExportRequest | where {$_.status -eq "Completed"} | Remove-MailboxExportRequest

I have come across many scenarios where people have their BitLocker Information in AD, and then different funny situation happened along the way that I want to talk about in this blog post.