PowerShell – Signed scripts “cannot be loaded because running scripts is disabled”

So you are signing your PowerShell scripts as a Best Practice from Microsoft. Good job! You’ve configured the PowerShell Execution Policy as AllSigned and you’ve created an application in SCCM where you run the signed script as:

PowerShell.exe -File .\Script.ps1

The application installs just fine on your machine from the Software Center. During the Task Sequence, the application cannot be installed and in the Event Viewer. You’ll find the following error message:

PowerShell.exe: File <Filename> cannot be loaded because running scripts is disabled on this system. For more information, see about_execution_policies at…”

You open up PowerShell to see the current ExecutionPolicy. “Get-ExecutionPolicy -List” shows that all scopes have undefined execution policies. With “Get-Help about_Execution_Policies” you find out that Undefined policy is equal to a restricted policy and that “Permits individual commands, but will not run scripts”.

The solution

Go back to your application in SCCM and make sure you set the ExecutionPolicy to AllSigned so it will work both during a Task Sequence and while working in OS.

PowerShell.exe -ExecutionPolicy AllSigned -File .\Script.ps1

Cheers!

Welcome to JVR.Cloud!

Frequent visitors of my blog may have noticed that the domain name of the blog has changed from jvrtech.net to jvr.cloud. You can still reach my blog on jvrtech.net, but within a couple of years, that redirect may disappear.

.Cloud TLD

Most of my short nicknames or my full name aren’t available anymore on the TLDs like .com, .net or .org. When the .cloud TLD was introduced, I saw an opportunity to buy this very short domain name. Tech in a domain name tells people that it has something to do with technology which I like, but Cloud will hopefully do that too.

Thank you for visiting my blog!

Cheers,

Jean-Paul

Azure – Windows Server Licensing Explained

This article describes the licensing options you have when you want to deploy Windows Server Virtual Machines in Azure. It’s getting complicated when you start using the Hybrid Use Benefit solution, so always contact Microsoft or your licensing supplier. Please note that I will not answer any licensing questions.

Built-in Licensing for Windows Server

This type of licensing is by-far the most easy to use but it can be an expensive solution. You deploy an Azure Virtual Machine from the Portal or PowerShell and the licensing costs are automatically included with the Virtual Machine costs. But what if you want to use your existing KMS licenses which you’ve bought with your Enterprise Agreement? Or you want to use Windows Server Standard licenses instead of Datacenter licenses?

Continue reading

NAT Switch now built into Hyper-V! – Windows 10 Fall Creators Update

With the new Windows 10 Fall Creators Update, Microsoft finally added a built-in NAT Switch into Hyper-V! This gives Hyper-V Virtual Machines access to the computer’s network. The new switch automatically assigns IP address to your Virtual Machines, so no need to run your own DHCP server anymore!

In older versions of Windows 10, it was still required to create the Virtual Switch yourself, but this required static IP address assignment in the OS or the installation of a DHCP server. Not the most elegant option.

The switch is named “Default Switch” and cannot be changed in the Hyper-V Virtual Switch Manager:

The Default Switch Virtual Network in the Hyper-V Virtual Switch Manager
The Default Switch Virtual Network in the Hyper-V Virtual Switch Manager

According to the info message: “The Default Network switch automatically gives virtual machines access to the computer’s network using NAT (network address translation).”

I’m happy that Microsoft finally introduced this as it was already available in other 3rd Party solutions and a good argument why some people didn’t want to migrate to Hyper-V. Now they can! I wasn’t able to find an official statement of Microsoft on this new feature, but I’m sure it will be published soon.

What do you think of this new feature? Are you going to migrate from VMware or other solutions to Hyper-V? Let me know in the comments section!

Cheers,

Jean-Paul

Install the Windows 10 Fall Creators Update on your GPO-enabled machine

So your Group Policy (GPO) settings do not allow you to upgrade to the Windows 10 Fall Creators Update and you have local administrative access on your machine? The registry fix from below will change this! Copy the registry fix from below and save it as fix.reg with Notepad. (Make sure you don’t save it as fix.reg.txt!) Right click on the file and click “Merge”. You should now have access to Settings -> Update & Security -> Windows Insider Program. Enroll your device in the program (with your Microsoft account!) and select “Just fixes, apps and drivers” from the dropdown – which will enroll you in the Release Preview Ring. Go to Settings -> Update & Security -> Windows Updates and select “Check online for updates from Microsoft Update”. It will take some time before the Fall Creators Update pops up here.

When the Windows Insider Settings are greyed out again after several minutes, your GPO settings were re-applied and you need to rerun the fix.reg file. Run the fix.reg file every hour or so and check again for Windows Updates. After a couple of hours you should be able to enjoy the Fall Creators Update!

Registry Fix:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\Applicability]
"EnablePreviewBuilds"=dword:00000002
"IsBuildFlightingEnabled"=dword:00000001
"IsConfigExpFlightingEnabled"=dword:00000001
"IsConfigSettingsFlightingEnabled"=dword:00000001
"SuspensionStartTime"=-
"SuspensionEndTime"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds]
"AllowBuildPreview"=dword:00000001
"EnableConfigFlighting"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection]
"CommercialId"=-

Create a Hyper-V NAT Switch with PowerShell – the easy way

You can follow the original guide by Microsoft and manually edit all the details, or just use the variables from the script below and let PowerShell do the work for you.
# Variables
$InternalSwitchName = "Internal Virtual Switch"
$NATGatewayPrefixLength = "24"
$NATGatewayNetwork = "192.168.0.0/$NATGatewayPrefixLength"
$NATGatewayIP = "192.168.0.1"
$NATNetworkName = "NAT Network"

# Create the VM Switch and NAT Gateway
New-VMSwitch -SwitchName $InternalSwitchName -SwitchType Internal
New-NetIPAddress -IPAddress $NATGatewayIP -PrefixLength $NATGatewayPrefixLength -InterfaceIndex (Get-NetAdapter -Name $("vEthernet ($InternalSwitchName)")).InterfaceIndex
New-NetNat -Name $NATNetworkName -InternalIPInterfaceAddressPrefix $NATGatewayNetwork

Dell Precision 5510: Six Months Later

Six months ago I received an email from our IT Department. Good news, my old 3.5 KG Dell Latitiude E6540 (with a big battery) was out of warranty. The Surface Pro wasn’t announced yet but because of the rumors, I didn’t want to go with a soon-to-be-old Surface Pro 4. And I must say I wanted a notebook that I can place on my Bobby Notebook Stand.

Bobby Notebook Stand
Picture Source: Ergo2Go.nl

I also didn’t want the standard models like the E7270 or E7470 with i5 and Full-HD. Because I sometimes need to run Hyper-V Labs at customers, I wanted a High Performance machine. I took the Dell Precision 5510 with the following specs:

  • Intel i7-6820HQ CPU
  • 15.6 4K Touch Screen
  • 16 GB memory which is expandable to 32 GB
  • NVIDIA Quadro M1000M
  • 512 GB SSD

The 4K screen is absolutely gorgeous! Windows 10 scales much better in 4K than before and works great with Server 2016 in RDP. If you RDP a lot to older Operating Systems, I can recommend to scale back to Full HD. I also recommend not to sit in full sunlight because of the glare.

The device is absolutely silent in idle. Isn’t that always the case when a device is in idle?! Let me tell you that I’ve worked with several devices from different vendors and it’s not. Of course you will hear the fans when you spin up a Hyper-V Lab but it’s still not bad.

The case itself with the thin bezels, the aluminium design and the big touchpad is fantastic. The gestures from Windows 10 are working smooth and fast with the touchpad and the keyboard is solid.

So after six months I’m still happy with the Dell Precision 5510. Is there a device where I want to trade it for?! Yes, the Surface Book of course. 🙂

Dell-Precision-5510

Let me know what you think of the Precision 5510!

Cheers.