Wednesday, 7 January 2015

view Desktop optimization script Changes

rem Making modifications to .DEFAULT
rem Disable Screen Saver at Logon/Welcome Screen
reg ADD “HKU\.DEFAULT\Control Panel\Desktop” /v ScreenSaveActive /d “0” /f
rem Set Wallpaper to blank at Logon/Welcome Screen
reg ADD “HKU\.DEFAULT\Control Panel\Desktop” /v Wallpaper /d “ “ /f
rem Disable Address space layout randomization
reg ADD “HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management” /v MoveImages /t REG_DWORD /d 0x0 /f
rem Enable “Automatically Reboot”
reg ADD “HKLM\SYSTEM\CurrentControlSet\Control\CrashControl” /v AutoReboot/t REG_DWORD /d 0x1 /f
rem Disable “Write an event to the system log”
reg ADD “HKLM\SYSTEM\CurrentControlSet\Control\CrashControl” /v LogEvent /t REG_DWORD /d 0x0 /f
rem Disable “Send an alert”
reg ADD “HKLM\SYSTEM\CurrentControlSet\Control\CrashControl” /v SendAlert /t REG_DWORD /d 0x0 /f
rem Disable IPv6
reg Add “HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters” /v DisabledComponents /t REG_DWORD /d 0xffffffff /f
rem Increase Service Startup Timeout – Allows up to 120 seconds before timing out waiting for a service
reg Add “HKLM\System\CurrentControlSet\Control” /v ServicesPipeTimeout /t REG_DWORD /d 120000 /f
rem Don’t buffer UDP packets less than 1500 Bytes – improves high bandwidth video performance
reg Add “HKLM\System\CurrentControlSet\Services\Afd” /v FastSendDatagramThreshold /t REG_DWORD /d 1500 /f
rem Disable View agent debug
reg Add “HKLM\software\VMware, Inc.\VMware VDM\” /v DebugEnabled /t REG_SZ /d False /f
rem Disable View agent trace
reg Add “HKLM\software\VMware, Inc.\VMware VDM\” /v TraceEnabled /t REG_SZ /d False /f
rem Disable Background Layout Service
reg ADD “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OptimalLayout” /v EnableAutoLayout /t reg_dword /d 0 /f
rem Disable Machine Account Password Changes
reg ADD “HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters” /v DisablePasswordChange /t reg_dword /d 0 /f
Rem Disable TCP/IP Task Offload
Reg ADD “HKLM \SYSTEM\CurrentControlSet\Services\TCPIP\Parameters” /v DisableTaskOffload /t REG_DWORD /d 1 /f
Rem Hide Hard Error Messages
Reg ADD “HKLM\SYSTEM\CurrentControlSet\Control\Windows” /v ErrorMode /t REG_DWORD /d 0 /f
Rem Disable CIFS Change Notifications
reg ADD “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer” /v NoRemoteRecursiveEvents /t Reg_dword /d 1 /f
rem Disable customer experience improvement program
Reg ADD “HKLM\Software\Microsoft\SQMClient\Windows” /v CEIPEnable /t REG_DWORD /d 0 /frem Using Powershell to perform Windows Services modifications
rem Application Experience Lookup Service
Powershell Set-Service ‘AeLookupSvc’ -startuptype “disabled”
Rem BranchCache
Powershell Set-Service ‘PeerDistSvc’ -startuptype “disabled”
rem Computer Browser
Powershell Set-Service ‘Browser’ -startuptype “disabled”
rem Diagnostic Service Host
Powershell Set-Service ‘WdiServiceHost’ -startuptype “disabled”
rem Diagnostic System Host
Powershell Set-Service ‘WdiSystemHost’ -startuptype “disabled”
rem Problem Reports and Solutions Control Panel Support
Powershell Set-Service ‘wercplsupport’ -startuptype “disabled”
rem Parental Controls
Powershell Set-Service ‘wpcsvc’ -startuptype “disabled”
rem Windows Media Center Sharing Service
Powershell Set-Service ‘WMPNetworkSvc’ -startuptype “disabled”
Rem Disable Interactive Services Detection
Powershell Set-Service ‘UI0Detect’ -startuptype “disabled”
Rem Background Intelligent Transfer
Powershell Set-Service ‘bits’ -startuptype “disabled”
rem Function Discovery Resource Publication
Powershell Set-Service ‘FDResPub’ -startuptype “disabled”
rem Media Center Extender Service
Powershell Set-Service ‘Mcx2Svc’ -startuptype “disabled”rem Making miscellaneous modifications
rem **********************************************************************************
rem *** Set Firewall Domain profile off
rem *** Set Firewall Private profile on
rem *** Set Firewall Public profile on
netsh advfirewall set publicprofile state on
netsh advfirewall set privateprofile state on
netsh advfirewall set domainprofile state off
rem **********************************************************************************
rem Disable the Language Bar
Regsvr32.exe /u/s msutb.dll
rem *** Delete hidden Windows Update uninstall files
del /A:H /S /F /Q %WINDIR%\$NT*
rem disable Customer Experience Improvement Program tasks
schtasks /change /tn “microsoft\windows\Application Experience\AitAgent”/disable
schtasks /change /tn “microsoft\windows\Application Experience\ ProgramDataUpdater” /disable
schtasks /change /tn “microsoft\windows\Customer Experience Improvement Program\Consolidator” /disable
schtasks /change /tn “microsoft\windows\Customer Experience Improvement Program\KernelCeipTask” /disable
schtasks /change /tn “microsoft\windows\Customer Experience Improvement Program\UsbCeip” /disable

Friday, 2 January 2015

create distributed switch vmware 5.5

In vCenter home, go to Networking


Now you will able to see datacenter

Right-click your Datacenter object in inventory then Select “New vSphere Distributed Switch”.


Choose the preferred version for your DVS. If you need to maintain compatibility with an older version of vSphere, then choose the minimum version required. For example – if you need to join a vSphere 4.1 host to this DVS, choose Distributed Switch 4.1.0. For 5.0, choose Distributed Switch 5.0.0. If you are only going to join vSphere 5.5 hosts, leave it at the default Distributed Switch 5.5.0. Note that upgrades can be done without service interruption at any point, but downgrades are not possible, so choose appropriately. Click Next to proceed


Give DVS Name and Number of port group


we will add ESXi host later, Select "Add Later". Click Next


Check once, "Click Finish"


Now you can see new DVS in Networking


Right Click on New DVS and click on New Port Group


Give Port Group Name and on Vlan type select VLAN if you have VLAN else let it be none by default. here i have VLAN 6 


Check Setting once, click Finish

Again right Click on New DVS and click on New Port Group


Give Port Group Name and on Vlan type select VLAN and i here my VLAN which i am using for kernel


Check Setting once, click Finish


RIght click on DVS and click on Add Host


Now you will able to see all ESXi host available in vCenter


Select ESXi you want add DVS and vmnics of that ESXi, here i have selected vmnics 2,3,4,5. i will be using vmnic 0 and 1  for my management in standard switch. you can use management in DVS also but carefully move nic from standard switch to dvs switch. once management nic is not available you will lose you esxi control, the you have manually login to ESXi console and do resetting. Management nic do carefully


Since i am using standard switch for my management, i can see vmk0 in vSwitch0, click next


now i am not migrating switch from standard to DVS, so i will just go forward, click Next


Check setting once, Click Finish


i go to Host and Cluster, select ESXi which i have added to DVS, go to Configuration, networking
Now i can see my DVS 


Since i am using standard switch for management only i need to create virtual adapter for ESXi Kernel
Click on Manage Virtual Adapter and click Add

Creating Type i will select new virtual adapter, since i don't have kernel adapter in standard switch. click Next 

Vitrual Adapter Type "VMKernel", Click Next


In Select Port Select port group which i have created after DVS creation and check on "use this virtual adapter for vMotion" Click Next


Now i enter my ESXi kernel ip and subbnet, Click Next


Check it once, Click Finish

Now vmk1 is created for kernel, to verify i can login to other esxi via putty and ping  kernel adapter
vmkping -I vmk1 192.9.211.21
this command will ping to vmk1 if it does have communication to vmk0 also  this will ping if kernel adapter is properly configured with Vlan

Now my DVS is configured in ESXi


if you have diffent vmnics assigned to dvuplink, you can change it. click on remove then you will see "click to add nic" select vmnic to respective dvuplink


if you port group is assigned to wrong dvUplink.
Go to Networking from Home
Right click on port group and click on edit setting. 
Go "Teaming and Failover"
Here you can see Active Uplink and standby uplink
move dvUplink as per your requirement. For Eg i have a port group for kernel and kernel vlan is available on dvUplink 1 and 5, below image you can see dvUplink is in StandBy, so kernel communication will not work, move dvuplink 1 and 5 standby to active and move other dvUplink to stand by. now communication with port group will work.


create distributed switch vmware 5.5 web client

In the vSphere Web Client Home page, click on the Networking icon.


Right-click your Datacenter object in inventory then Select “New Distributed Switch”.


 Give DVS name, click Next.


Choose the preferred version for your DVS. If you need to maintain compatibility with an older version of vSphere, then choose the minimum version required. For example – if you need to join a vSphere 4.1 host to this DVS, choose Distributed Switch 4.1.0. For 5.0, choose Distributed Switch 5.0.0. If you are only going to join vSphere 5.5 hosts, leave it at the default Distributed Switch 5.5.0. Note that upgrades can be done without service interruption at any point, but downgrades are not possible, so choose appropriately. Click Next to proceed.

Choose your number of uplinks, decide whether you want to enable NIOC, and whether you want a default port group to be created. Click Next to proceed. In our case:
§  We have 4 uplinks per host, all of which will be added to the DVS,
§  We want NIOC to be enabled, and

§  We will create our Distributed Virtual Port Groups after the DVS is created


Check your Setting you made during the New Distributed Switch wizard, click Finish.

  In networking inventory now you should see your newly created DVS.

Create DVS Virtual Port Groups

Right-click on DVS, then click New Distributed Port Group

 Give Name for Port Group, click Next.



Choose port binding, allocation, number of ports, any specific network resource pools, and VLAN information. In our case, defaults are fine for everything except VLAN configuration since all of our traffic is coming in tagged. I’ve specified the VLAN.


Check “customize default policies configuration” checkbox and click Next.


Keep the default security settings, Click Next.


We have no specific traffic shaping requirements, keep it like that and  Click Next.


Here in Teaming and Failover, we’re going to deviate from the defaults. When finished, click next.
§   Load balancing – I’ve set this to Route based on physical NIC load (Load-based Teaming or LBT). This is a common load balancing setting when using a DVS in any configuration other than Etherchannel or LACP, where you’d use Route based on IP hash. I generally prefer LBT from simplicity POV, but that’s a different discussion.

§   Failover order – I’ve set Uplinks 2 and 4 to Unused. I’ve done this to segment traffic manually by only allowing traffic from VLAN 1010 on Uplinks 1 and 3.


Keep Netflow disable as default, click Next.


We  don’t want to block any ports, so keep Block all port “No”, click Next.


Keep everything default again, click Next.



 Check once New Port Group setting, click Finish.


In your inventory now you should able to see your port group.