Personal website of Steven Peck. Focusing on Microsoft technologies (most notably PowerShell), and other random bits I think to write.

Server Patch Schedule

I mention this just often enough that I thought it would be good to finally write it down. We used to have a painful patch schedule but my manager of the past few years got this in place and it's really solved a number of problems.

Patches are deployed through System Center Configuration Manager. They start at 8pm for development and test environments and 6pm for production. The schedule has a deployment slot each hour and is controlled by server group membership. This allows for staggered patching/reboots over the course of an evening without user intervention.

  • Patch Tuesday.
    • Meeting, review of patches and if they are applicable for our environment.
    • Patch development and pre-production VMware ESXi hosts.
  • Wednesday
    • Deploy patches to development environment.
  • Thursday
    • Developers required to test and report issues before noon.
    • Patch pre-production(testing) environment
  • Friday
    • Application/QA required to test and report issues before noon.
    • Last day for patch excemptions request, must be approved by Enterprise VP.
    • Patch production VMware ESXi hosts.
  • Saturday
    • Patch production environment starting at 6pm to midnight.
  • Sunday
    • Application owners test major applications(business critical), report results.
  • Monday
    • Non-critical apps get tested, report results.

End result is that all servers in our environment are patched within a week of security patch Tuesday. The systems that aren't fully patched or are missing some are missing them for known reasons and are generally vender specific. There are some servers on their own special schedule due to role; backup servers, SCCM servers, a few special purpose systems but not all that many overall.

Desktop systems (not something I do) are generally rolled out over an additional week.

There are check out scripts that people are supposed to go through. These scripts are developed based initially on developer and application owner decisions and edited, added to and refined based on real world experience and issues as needed. In the past, many 'issues' were blamed on various Microsoft patches but after several years of this schedule, the instant someone says "Microsoft patch issue" we will file an issue with Microsoft and work on it until it's proven it is or as usual, isn't. So far I can only remember one or two obscure issues that ultimately ended up being something else or required a hotfix.

In addition to dev/qa testing we have System Center Operations Manger which will alert on broken stuff so this all generally means that on Monday production systems are ready for our user community.

The environments are being moved to System Center Configuration Manger 2012 and my indirect involvement in this process is ending as I am transitioning to a new roll back to the messaging team but I wonder what changes having System Center Orchestrator available may bring us as part of the process.


Microsoft Private Cloud Training - Videos

I keep sharing some links on this so I figured I would just put them here.

Microsoft Virtual Acadamy
Microsoft Virtual Academy – MVA is a fully cloud-based learning experience focusing on Microsoft Cloud Technologies. You can access a variety of training content online and become one of the renowned experts in the IT Pro community around the world. MVA provides its users with a virtual university experience: the student can select a track and study the material and then do the self-assessment. By doing so, he will collect points that will promote him to a Bronze, Silver, Gold or Platinum Level. Students on MVA can get access to all the information, statistics and advancements of their training career, allowing them to maintain a long-term relationship with Microsoft. Learning through MVA is free of charge, and you can study the contents at any time and at your own pace.

The MVA platform is hosted on the latest Microsoft Azure technology, which guarantees that your learning experience will flow uninterruptedly for the best online learning experience ever!

Microsoft TechNet Virtual Labs
TechNet Virtual Labs enable you to quickly evaluate and test Microsoft's newest products and technologies through a series of guided, hands-on labs that you can complete in 90 minutes or less. There is no complex setup or installation required, and you can use TechNet Virtual Labs online immediately, free.

Microsoft Guided Labs (Server and Cloud Platform)
Another route to the Virtual Labs above.

Virtual Labs enable you to quickly evaluate and test products and technologies through a series of guided, hands-on labs that you can complete in 90 minutes or less. There is no complex setup or installation required, and you can use TechNet Virtual Labs online immediately, free.

TechEd North America 2012 (Channel 9)
Microsoft's Channel 9 published the TechEd videos which have a ton of useful information on PowerShell, Systems Management, Windows 2012, etc

Born to Learn. Microsoft's Learning Events
- An example of one of their programs.
Private Cloud Jump Start

Once you have your cloud you will want to build something on it. There is a group at Microsoft that is working to provide a reusable base environment to speed setup in various test lab scenario guides. The goal is to speed familiarity with various Microsoft products. The goal being you create a base set of images for your lab and then use the various guides build on or extend them. It appears they also take community contribution of guides as well.

Test Lab Guides
Windows Server 2012 Test Lab Guides

TechNet Wiki System Center Survival Guides


PowerShell neat function tricks for free

Finished going through a recent NA TechEd2012 video Turn PowerShell Commands into Reusable CLI and GUI Tools by Don Jones.

Some of the advice I sort of knew and and followed.

  • I knew how to make a PowerShell script module.
  • I knew about the .SYNOPSIS, .EXAMPLE stuff.
  • I sort of knew about using the param/paremeters though I didn't really understand it, just used it in a limited framework copy/paste sort of way. After the video I have a much better handle on how to leverage it.

What I really got out of it though was some new and better ways to leverage built in switches more effectively which I had no real clue about.

  • Documenting not though #comments but using Write-Verbose so that the -verbose switch works and you can see what a script is doing without pulling it up in an editor.
  • useing write-debug to leverage the -debug switch for your functions
  • Using try/catch in your scripts so if a first part fails, then it skips the next parts on that one server.
  • A clear example on how to use Write-Object with a PSObject which I just used without understanding it.
  • Using $errorLogPath to create an error log

Below is the script he built for the presentation with the various examples. Save the below code as MyTools.psm1 and load it up. Then run it against multiple systems without switches and using the -debug and -verbose switches. Better yet, go watch the video.


TechEd 2012 Videos are out

Microsoft provides some of the best free technical resources out there for self training and keeping aware of changes in their technology.

TechEd sounds like a great event which I have never gotten to go to, but through the magic of the Internet and Microsofts Channel 9, you have access to the presentations.

If you are new to PowerShell I recommend viewing them with Ed Wilson's video series.

TechEd North America 2012

1. Windows PowerShell Crash Course
2. 5 part set of PowerShell video's from Ed Wilson as well
3. Turn PowerShell Commands into Reusable CLI and GUI Tools

Then check out these as well.
PowerShell Remoting in Depth
Advanced Automation Using Windows PowerShell 3.0

This year is an insane year for change. The changes in Microsoft's technology is vast and looks to be seriously fun.


Using PowerShell to add numbers in a text file

Recently had a conversation where someone needed help adding up the last column in a tab separated text file. It looked like a calling plan report. In channel tons of people brought up all sorts of *nix based tools which I thought odd since it was a Windows based IRC channel.

I've occasionally had a need for something like this anyway so poked at it for a few minutes and came up with the below one liner which I will leave here so my bad memory can find it again.

import-csv .\test.txt -Header "date","something","type","cost" -delimiter "`t" | Measure-Object cost -sum
Count    : 12
Average  :
Sum      : 2.38
Maximum  :
Minimum  :
Property : cost

Since the text file doesn't have any header rows, you have to 'add them' through the import command.

Here is that test.txt file example.

14-Dec-11 	0-234 	Long Distance 	0.32
14-Dec-11 	0-960 	Long Distance 	0.04
09-Dec-11 	1-237 	Directory Assistance Call Comp 	1.25
09-Dec-11 	1-960 	Directory Assistance Call Comp 	0.15
22-Nov-11 	0-234 	Long Distance 	0.12
22-Nov-11 	0-960 	Long Distance 	0.01
16-Nov-11 	0-234 	Long Distance 	0.16
16-Nov-11 	0-960 	Long Distance 	0.02
12-Nov-11 	0-234 	Long Distance 	0.20
12-Nov-11 	0-960 	Long Distance 	0.02
11-Nov-11 	0-234 	Long Distance 	0.08
11-Nov-11 	0-960 	Long Distance 	0.01

A user (spade) in #PowerShell contributed this approach as well.

gc data2.txt | % {$sum=0} { $sum += ($_ -split "`t")[-1] } { $sum }


Family Support Plan Rules

Like anyone who works with computers and has friends and family I get asked to do friends and family support. One thing I've learned is that even this type of support needs rules or you end up spending way too much time that isn't valued.

Here are my rules.

  1. I must agree to this ahead of time so I can supply you with the rules and aid you into migrating to a supported configuration (which may include a wipe and reload).
  2. I do not support your bad habits therefore you may not run as an Administrator with your every day account and you may not disable UAC.
  3. Must run Windows 7 or Windows 8 (Windows XP is just too old as is Vista).
  4. Must have Windows Update enabled.[1][2]
  5. Must have anti-virus (Microsoft Security Essentials now built into Windows 8)
  6. Should run Secunia PSI.
  7. Must have a data backup strategy.
    • Minimum sync to SkyDrive - better then nothing
    • Something like CrashPlan - something automated with versioning, history, etc.
    • Everyone says they don't have any important data until it's gone. I don't want to listen to you complain about it missing if something goes horribly wrong like a hardware failure or theft. Think pictures (baby pictures, etc)
    • Set a reminder to check that they are running every month and do a test restore.
  8. If you call me, you must be available. If you are not keeping me company I will wander off. You must be available to make decisions and entertain me (also to answer questions about what happened and help you understand and value the work involved).
  9. If you ask my advice on a hardware purchase and then 'cheap out' with a low end piece of junk, do not expect sympathy when you have repeated problems. If you are on a budget feel free to tell me your range and needs and we'll work together to find something that should last you a few years.
  10. All your software must be licensed.
  11. Make the recovery media for your system or order it from the OEM. Tape them to the case cover or in a file cabinet so you can find them. Make sure to include any products keys for your OS as well.

So far this has successfully kept family system support issues to a minimum in the last two years. Pretty much just a quick check while visiting for holiday/events or an occasional piece of advice on new hardware.

Microsoft best practices on preventing computer infection.

Syndicate content