Fast way to get a Server 2008 R2 machine updated

Lately I’ve been building and dropping dev / test virtual machines at an alarming rate. I prefer not to use images for purity reasons, so I end up installing the OS from scratch then installing all the updates usually before I even join it to the domain.

The single most time consuming process is getting updates installed – both for the time it takes to complete, and the interaction required to see it through to completion. For example, Windows Update offers and enabled IE9 on first update. For some reason, they decided that the IE9 installer must be interactive. Windows update installs the first 80% of the updates, gets to IE9 and sits there waiting for you to click “OK”. Lame.

Another annoyance is that in order to enable Microsoft Update you must first select an update option, which kicks off an update search. Then when you enable MS update, it forces a rescan.

So, here is my procedure for getting a server up to date in as few step as I have found.

  1. After first boot: install your VM tools / drivers. Reboot.
  2. On second boot: Set your timezone, adjust network settings (i.e. disable ipv6 if so desired), enable remote desktop, disable IE ESC, adjust screen resolution. Then:
    1. Install the .NET Framework 3.5.1 under .NET Framework 3.5.1 Features in Server Manager (Note – not the whole feature – this installs IIS and such)
    2. Open IE and download the .NET Framework 4 full web installer (I just search for “.net framework 4 web full” – it is the first result) and run it
    3. Install IE9 (again, search for IE9; make sure you uncheck the box to include Bing)
      Note: these first three are installed first because you will probably need them, and it avoids unnecessary IE8 updates from being installed when you are about to replace it. It also lets you kick off the update and walk away for a while knowing that when you get back they will just be done (instead of waiting for your confirmation)
    4. Open windows update (type “update” in start box), click Change Settings, select Never install updates.
    5. Now you can click the link to enable Microsoft Update – it should go nice and quick and probably will kick off your first update scan
    6. Might as well make sure all the updates are selected (server 2008 r2 doesn’t include the Activation Hardening update that Windows 7 gets, and I usually hide)
    7. Install updates. Will take at least 20 minutes. Reboot
  3. On third boot: Don’t trust windows update, force an update check. It will find more, including some .NET 4 updates that take FOREVER to install. If the updates do not demand a reboot, run another update check, install. reboot as necessary, repeat until it finds no more updates.

It still takes way too long, but it shaves a few minutes / reboots off the update process.


Yes, I know this could be done once, the install sysprepped then imaged. Trouble is, I don’t have a decent disk imager other than Windows Server Backup, and you cannot sysprep before running WSB. Also, I don’t always use the same size drive.

Disable Java Update using Group Policy

The Java Updater is horrible.

  1. It throws up a UAC prompt without warning / explanation / asking first
  2. It doesn’t work half the time
  3. It installs the Ask toolbar if your aren’t careful to opt out

Even though Java needs to be kept up to date, we simply cannot have users being harassed by a utility that doesn’t work, then installs crapware when it does.

Turning off the Updater is as simple as setting a registry value – the catch is that most instructions online do not account for 64-bit windows.

The registry item on a 32-bit machine is a DWORD in the key HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy called EnableJavaUpdate. Set it to 0.
On a 64-bit machine, it could be in the previous location, and/or it could be in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy


The way I chose to do it was with Machine Group Policy Preferences – Registry items. I use Item-level targeting to make sure the values exist before updating them.

This is a screenshot of the Registry items – showing where to place the Item-level targeting, and what settings to use

(The main reason for the targeting is to prevent it from creating the Wow6432Node on 32-bit machines)

Adding / Modifying Choices in a SharePoint Choice Field programmatically using the Client Object Model

The SharePoint 2010 Client Object Model isn’t the best documented thing in the world, but it sure does make some tasks a lot easier (without requiring execution on the sharepoint server itself)

I needed to add an option to a dropdown list in a bunch of document libraries. Here’s how:

using sp = Microsoft.SharePoint.Client;
        private void AddChoicesToField()
            using (sp.ClientContext cxt = new sp.ClientContext("http://sharepointserver"))
                //Basic code to load the list
                sp.Web myWeb = cxt.Site.OpenWeb("http://sharepointserver/sitename");
                sp.List myList = myWeb.Lists.GetByTitle("MyListName");
                //The field must be cast to a FieldChoice using context.CastTo
                sp.FieldChoice myField = cxt.CastTo<sp.FieldChoice>(myList.Fields.GetByInternalNameOrTitle("My Field Name"));
                //Copy the choices to a string list
                List<string> OptionList = new List<string>(myField.Choices);
                //Add whatever new values you want to the list
                OptionList.Add("New Value");
                //Convert the list to a string array and assign it to the Choices parameter
                myField.Choices = OptionList.ToArray();

Make sure your project has a reference to Microsoft.SharePoint.Client and Microsoft.SharePoint.Client.Runtime.

System Center 2012 RC–And the verdict is

If you didn’t like System Center 2010, you won’t like System Center 2012 – simple as that.

The System Center suite of products seems to be designed for large organizations with very large data centers and very large numbers of users. Large enough to justify the steep hardware, license, and manpower requirements to run SC2012. (I should point out that this is nothing new – several people have told me that System Center requires a team to manage it)

System Center 2012 is indeed very powerful and flexible, but that comes at a cost – it is also very complex. While each component has a similar-looking “user friendly” interface, a quick browse through the documentation sets any illusions of simplicity aside.


Lets take System Center Service Manager as an example. This component provides helpdesk functionality, as well as the ability to automate / document / standardize IS processes. It sounds like exactly what we need. Now have a look at the documentation:

Service Manager

Here are the major sections of this massive document collection

  • Planning Guide
  • Deployment Guide
  • Administrator’s Guide
  • Operations Guide
  • Authoring Guide
  • Disaster Recovery Guide

So I just installed the thing and I want to get started. Where do I go? As far as I can tell, there is no “Getting Started.” The documentation is broken up so that the Installation team has a set of docs, the administrators have a set of docs, the Operators have a set of docs, etc, etc. This is not bad per se – it is just bad if you don’t have a lot of time, and you don’t have multiple teams (much less even one team) to manage the thing.

System Center 2012 RC–Install experience continued

Yesterday I began the process of evaluation System Center 2012 RC and gave up. Today I decided I was going to try anyway.
As I mentioned before, you need a grand total of 8 machines. I created 8 nearly identical domain joined VMs (in Vmware ESXi of course) – each with 2 CPUs and 4 gigs of ram (thank goodness for Vmware’s memory sharing) and a minimum of 40gigs of disk.
Note: if you attempt to install any of this on an existing server, or an OS instance with stuff on it already it will most certainly fail.


Server Preparation – All Servers

Each server is Windows Server 2008 R2 with all the latest updates, IE9; I installed .NET Framework 3.5.1, and .NET Framework 4.0. I generally disable IPv6.
Even though it is not the most secure thing in the world, you might as well just disable the firewall on all of them as well. The documentation is missing the required firewall settings for the target servers (not disabling said firewalls will cause the Unified Installer to be unable to connect)


Here are the eight lovely virtual machines all running at once. You will need some serious hardware for this to approach usable – our VM server has two quad core 3ghz Xeons and 32-gigs of ram – so it manages…


Continue reading