All posts by James Kuo

Download and run Microsoft Security Scanner (MSERT)

First download:
powershell -Command "& {Start-BitsTransfer -Source "" -Destination "C:\users\public\downloads\msert\msert.exe"}"

C:\Users\Public\Downloads\msert\msert.exe /Q /H

Script to parse log and create Event:
# Requires that New-EventLog -LogName -Source "MSERT" is run on the system first

$msertfile = "C:\Windows\debug\msert.log"
$msertmessage = Get-Content $msertfile
$searchtext = "No infection found"
$source = "MSERT"

if ($msertmessage | Select-String $searchtext -quiet)
{ write-Host $searchtext
Write-EventLog -LogName Application -Source $Source -EventId 0 -Message "$msertmessage" -EntryType Information }
{ Write-EventLog -LogName Application -Source $Source -EventID 1 -Message "$msertmessage" -EntryType Error }

Move logs:
cmd /c move /y "C:\Windows\debug\msert.log" "C:\Users\Public\Downloads\msert\msert_%date:~-7,2%.log"

Hyper-V server on USB


Download GImageX

Download the latest Hyper-V ISO

Create VHD

Put in the USB drive


select disk 3


create partition primary

select partition 1


format quick fs=ntfs

assign letter=z

create vdisk file=z:\hyperv1.vhd maximum=24576 type=fixed

select vdisk file=z:\hyperv1.vhd

attach vdisk

create partition primary

assign letter=r

format quick fs=ntfs label=hyperv1


Apply WIM to primary partition

Use GImageX to apply Install.wim to r:\

dism.exe /apply-imagemediafile:.\Install.wim /index:1 /applydir:r:\

Create BCD store on the UFD

bcdboot r:\Windows /s z:

Disable paging

reg load HKLM\HyperVTemp r:\Windows\System32\config\SYSTEM

reg add “HKLM\HyperVTemp\ControlSet001\Control\Session Manager\Memory Management” /v PagingFiles /t REG_MULTI_SZ /d “” /f

reg delete “HKLM\HyperVTemp\ControlSet001\Control\Session Manager\Memory Management” /v ExistingPageFiles /f

reg unload HKLM\HyperVTemp

Detach the VHD


select vdisk file=z:\hyperv1.vhd

detach vdisk

Dell SUU & OM

DELL SUU (if suulauncher.exe doesn’t work)

  • Launch Dell SUU in server core using command-line.  G:\IT\Dell Software Update Utility 6.3.0\suu -g
  • Proceed as usual


  • Unzip open manage into C:\OpenManage using  G:\IT\Dell OpenManage\OM-SrvAdmin-Dell-Web-WIN-6.3.0-2075_A00.20.exe
  • Run the prereq checker in silent mode using command-line C:\OpenManage\windows\PreReqChecker>RunPreReqChecks.exe /s
  • Ensure that prereq returns to prompt without errors.
  • change to C:\OpenManage\windows\SystemsManagement and run the MSI in command-line C:\OpenManage\windows\SystemsManagement>msiexec /i SysMgmt.msi
  • Follow the installation prompts, use custom installation, install everything.


Integrating AD logins to RHEL6

  • Use yum to install samba-winbind
  • Use authconfig to configure winbind, best not to update the pam files directly.  (First, authconfig –savebackup [name])

[[email protected]]# authconfig –enablewinbind –enablewinbindauth –smbsecurity=ads –smbrealm=your.domain.local –smbservers=dc.your.domain.local –smbworkgroup=WORKGROUP –smbidmapuid=10000-20000 –smbidmapgid=10000-20000 —
winbindtemplatehomedir=/home/%D/%U –winbindtemplateshell=/bin/bash –enablewinbindusedefaultdomain –winbindtemplatepri
marygroup=%U –enablemkhomedir –updateall

  • Add the server to the domain

[[email protected]]# net ads join -U administrator


Example of dumping a user’s logins from an RD gateway and domain controller.

wevtutil qe /r:RDGATEWAY Microsoft-Windows-TerminalServices-Gateway/Operational /e:root /f:RenderedXML /q:”*[UserData[EventInfo[Username=’DOMAIN\username’]]]” >wevtutil.username.xml

wevtutil qe /r:DCSERVER System /f:RenderedXML /q:”*[System[(EventID=5723) and TimeCreated[timediff(@SystemTime)<=8640000]]]” > 5723.xml

wevtutil qe /r:DCSERVER Security /f:RenderedXML /q:”*[System[(EventID=4740) and TimeCreated[timediff(@SystemTime)<=8640000]]]” > 4740.xml


Example to create a RAID10 striped volume with RAIDR SSD PCIe cards:

Hit CTRL+M on boot up to reconfigure RAIDR from RAID0 to RAID1

Do again for second RAIDR card ( you now have two RAID1 RAIDR SSD PCIe cards)

from diskpart:

select drive # (the first SSD drive)

clean (optional)

convert dynamic

select drive # (the second SSD drive)

clean (optional)

convert dynamic

create volume striped disk=#,# (selecting both SSD drives)

select volume # (chose the new volume)

format FS=NTFS Label=”SSD RAID10″ quick


KMS Activation


nslookup -q=SRV _VLMCS._TCP.your.domain.local


KMS OS Client Setup Keys

By default, the Windows 7 and Windows Server 2008 R2 operating systems use KMS for activation. In volume installations, the setup key is installed by default, which makes the system a KMS client. If you are converting a computer from a KMS host, MAK, or retail edition of Windows to a KMS client, install the applicable setup key (GVLK) from Table 9 using slmgr /ipk <setup key>.


Operating system edition KMS Client Setup Key
Windows 10 Professional W269N-WFGWX-YVC9B-4J6C9-T83GX
Windows 10 Professional N MH37W-N47XK-V7XM9-C7227-GCQG9
Windows 10 Enterprise NPPR9-FWDCX-D2C8J-H872K-2YT43
Windows 10 Enterprise N DPH2V-TTNVB-4X9Q3-TJR4H-KHJW4
Windows 10 Education NW6C2-QMPVW-D7KKK-3GKT6-VCFB2
Windows 10 Education N 2WH4N-8QGBV-H22JP-CT43Q-MDWWJ
Windows 10 Enterprise 2015 LTSB WNMTR-4C88C-JK8YV-HQ7T2-76DF9
Windows 10 Enterprise 2015 LTSB N 2F77B-TNFGY-69QQF-B8YKP-D69TJ


Operating system edition KMS Client Setup Key
Windows 8.1 Professional GCRJD-8NW9H-F2CDX-CCM8D-9D6T9
Windows 8.1 Professional N HMCNV-VVBFX-7HMBH-CTY9B-B4FXY
Windows 8.1 Enterprise MHF9N-XY6XB-WVXMC-BTDCT-MKKG7
Windows 8.1 Enterprise N TT4HM-HN7YT-62K67-RGRQJ-JFFXW
Windows Server 2012 R2 Server Standard D2N9P-3P6X9-2R39C-7RTCD-MDVJX
Windows Server 2012 R2 Datacenter W3GGN-FT8W3-Y4M27-J84CP-Q3VJ9
Windows Server 2012 R2 Essentials KNC87-3J2TX-XB4WP-VCPJV-M4FWM


Windows 8 Professional   NG4HW-VH26C-733KW-K6F98-J8CK4

Windows 8 Professional N   XCVCF-2NXM9-723PB-MHCB7-2RYQQ

Windows 8 Enterprise   32JNW-9KQ84-P47T8-D8GGY-CWCK7

Windows 8 Enterprise N   JMNMF-RHW7P-DMY6X-RF3DR-X2BQT

Windows Server 2012 Core   BN3D2-R7TKB-3YPBD-8DRP2-27GG4

Windows Server 2012 Core N   8N2M2-HWPGY-7PGT9-HGDD8-GVGGY

Windows Server 2012 Core Single Language   2WN2H-YGCQR-KFX6K-CD6TF-84YXQ

Windows Server 2012 Core Country Specific    4K36P-JN4VD-GDC6V-KDT89-DYFKP

Windows Server 2012 Server Standard   XC9B7-NBPP2-83J2H-RHMBY-92BT4

Windows Server 2012 Standard Core   XC9B7-NBPP2-83J2H-RHMBY-92BT4

Windows Server 2012 MultiPoint Standard   HM7DN-YVMH3-46JC3-XYTG7-CYQJJ

Windows Server 2012 MultiPoint Premium   XNH6W-2V9GX-RGJ4K-Y8X6F-QGJ2G

Windows Server 2012 Datacenter   48HP8-DN98B-MYWDG-T2DCC-8W83P

Windows Server 2012 Datacenter Core   48HP8-DN98B-MYWDG-T2DCC-8W83P


Table 9. KMS Client Setup Keys

Platform Operating system edition Product key
Windows 7 and Windows Server 2008 R2
Client Windows 7 Professional FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4
Client Windows 7 Professional N MRPKT-YTG23-K7D7T-X2JMM-QY7MG
Client Windows 7 Professional E W82YF-2Q76Y-63HXB-FGJG9-GF7QX
Client Windows 7 Enterprise 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Client Windows 7 Enterprise N YDRBP-3D83W-TY26F-D46B2-XCKRJ
Client Windows 7 Enterprise E C29WB-22CC8-VJ326-GHFJW-H9DH4
Server Windows Server 2008 R2 Web 6TPJF-RBVHG-WBW2R-86QPH-6RTM4
Server Windows Server 2008 R2 HPC edition TT8MH-CG224-D3D7Q-498W2-9QCTX
Server Windows Server 2008 R2 Standard YC6KT-GKW9T-YTKYR-T4X34-R7VHC
Server Windows Server 2008 R2 Enterprise 489J6-VHDMP-X63PK-3K798-CPX3Y
Server Windows Server 2008 R2 Datacenter 74YFP-3QFB3-KQT8W-PMXWJ-7M648
Server Windows Server 2008 R2 for Itanium-based Systems GT63C-RJFQ3-4GMB6-BRFB9-CB83V
Windows Vista and Windows Server 2008
Client Windows Vista Business YFKBB-PQJJV-G996G-VWGXY-2V3X8
Client Windows Vista Business N HMBQG-8H2RH-C77VX-27R82-VMQBT
Client Windows Vista Enterprise VKK3X-68KWM-X2YGT-QR4M6-4BWMV
Client Windows Vista Enterprise N VTC42-BM838-43QHV-84HX6-XJXKV
Server Windows Web Server 2008 WYR28-R7TFJ-3X2YQ-YCY4H-M249D
Server Windows Server 2008 Standard TM24T-X9RMF-VWXK6-X8JC9-BFGM2
Server Windows Server 2008 Standard without Hyper-V W7VD6-7JFBR-RX26B-YKQ3Y-6FFFJ
Server Windows Server 2008 Enterprise YQGMW-MPWTJ-34KDK-48M3W-X4Q6V
Server Windows Server 2008 Enterprise without Hyper-V 39BXF-X8Q23-P2WWT-38T2F-G3FPG
Server Windows Server 2008 HPC RCTX3-KWVHP-BR6TB-RB6DM-6X7HP
Server Windows Server 2008 Datacenter 7M67G-PC374-GR742-YH8V4-TCBY3
Server Windows Server 2008 Datacenter without Hyper-V 22XQ2-VRXRG-P8D42-K34TD-G3QQC
Server Windows Server 2008 for Itanium-Based Systems 4DWFP-JF3DJ-B7DTH-78FJB-PDRHK


EXAMPLE:  Activating a Windows Server 2008 R2 Enterprise system


slmgr /ipk 489J6-VHDMP-X63PK-3K798-CPX3Y  This applies the product key


slmgr /skms SERVERNAME    This directs the system to a particular KMS host


slmgr /ato    Run to activate


slmgr /dli    Check status

KMS Office Client Setup Keys

The following table shows the KMS client keys for the Office 2010 suites and stand-alone products.

Office Professional Plus 2010 VYBBJ-TRJPB-QFQRF-QFT4D-H3GVB
Office Standard 2010 V7QKV-4XVVR-XYV4D-F7DFM-8R6BM
Office Home and Business 2010 D6QFG-VBYP2-XQHM7-J97RH-VVRCK
Stand-alone products
Access 2010 V7Y44-9T38C-R2VJK-666HK-T7DDX
Excel 2010 H62QG-HXVKF-PP4HP-66KMR-CW9BM
SharePoint Workspace 2010 QYYW6-QP4CB-MBV6G-HYMCJ-4T3J4
InfoPath 2010 K96W8-67RPQ-62T9Y-J8FQJ-BT37T
Outlook 2010 7YDC2-CWM8M-RRTJC-8MDVC-X3DWQ
PowerPoint 2010 RC8FX-88JRY-3PF7C-X8P67-P4VTT
Project Professional 2010 YGX6F-PGV49-PGW3J-9BTGG-VHKC6
Project Standard 2010 4HP3K-88W3F-W2K3D-6677X-F9PGB
Publisher 2010 BFK7F-9MYHM-V68C7-DRQ66-83YTP
Word 2010 HVHB3-C6FV7-KQX9W-YQG79-CRY7T
Visio Premium 2010 D9DWC-HPYVV-JGF4P-BTWQB-WX8BJ
Visio Professional 2010 7MCW8-VRQVK-G677T-PDJCM-Q8TCP
Visio Standard 2010 767HD-QGMWX-8QTDB-9G3R2-KHFGJ


Office 2013 Professional Plus YC7DK-G2NP3-2QQC3-J6H88-GVGXT
Office 2013 Standard KBKQT-2NMXY-JJWGP-M62JB-92CD4
Project 2013 Professional FN8TT-7WMH6-2D4X9-M337T-2342K
Project 2013 Standard 6NTH3-CW976-3G3Y2-JK3TX-8QHTT
Visio 2013 Professional C2FG9-N6J68-H8BTJ-BW3QX-RM3B3
Visio 2013 Standard J484Y-4NKBF-W2HMG-DBMJC-PGWR7
Access 2013 NG2JY-H4JBT-HQXYP-78QH9-4JM2D
InfoPath 2013 DKT8B-N7VXH-D963P-Q4PHY-F8894
Lync 2013 2MG3G-3BNTT-3MFW9-KDQW3-TCK7R
OneNote 2013 TGN6P-8MMBC-37P2F-XHXXK-P34VW
Outlook 2013 QPN8Q-BJBTJ-334K3-93TGY-2PMBT
PowerPoint 2013 4NT99-8RJFH-Q2VDH-KYG2C-4RD4F
Publisher 2013 PN2WF-29XG2-T9HJ7-JQPJR-FCXK4
Word 2013 6Q7VD-NX8JD-WJ2VH-88V73-4GBJ7


EXAMPLE: Activating Excel 2010


using the ospp.vb located in %PROGRAM FILES%\Microsoft Office\Office11 (first use slmgr to direct to the right KMS host)


cscript ospp.vbb /act


cscript slmgr.vbs /dlv 2E28138A-847F-42BC-9752-61B03FFF33CD  (validate the Office KMS host)



Office 2013 Client Software License Management Tool

cscript ospp.vbs /Option:Value ComputerName User Password
     ComputerName: Name of remote computer. If a computer name is not passed local computer is used.
     User: Account with required privilege on remote computer.
     Password: Password for the account. If a User account and password are not passed current credentials are used.
     Value: Required for outlined options.


Global /Options Description
/act Activate installed Office 2013 product keys.
/inpkey:value Install a product key (replaces existing key) with user-provided product key. Value parameter applies.
/unpkey:value Uninstall an installed product key with user-provided partial product key (as displayed by the /dstatus option). Value parameter applies.
/inslic:value Install a license with user-provided path to the .xrm-ms license. Value parameter applies.
/dstatus Display license information for installed product keys.
/dstatusall Display license information for installed licenses.
/dhistoryacterr Display MAK/Retail activation failure history.
/dinstid Display installation ID for offline activation.
/actcid:value Activate product with user-provided confirmation ID. Value parameter applies.
/rearm Reset the licensing status for all installed Office 2013 product keys.
/rearm:value Reset the licensing status for an Office 2013 license with user provided SKUID value (as displayed by the /dstatus opton). Value parameter applies.
/ddescr:value Display the description for a user-provided error code. Value parameter applies.
KMS client /Options Description
/dhistorykms Display KMS client activation history.
/dcmid Display KMS client machine ID (CMID).
/sethst:value Set a KMS host name with user-provided host name. Value parameter applies.
/setprt:value Set a KMS port with user-provided port number. Value parameter applies.
/remhst Remove KMS host name (sets port to default).
/cachst:value Permit or deny KMS host caching. Value parameter applies (TRUE or FALSE).
/actype:value Set volume activation type. Value parameter applies. (Windows 8 and above support only)

Values: 1 (for AD) or 2 (for KMS) or 3 (for Token) or 0 (for all).

/skms-domain:value Set the specific DNS domain in which all KMS SRV records can be found. This setting has no effect if the specific single KMS host is set via /sethst option. Value parameter applies. (Windows 8 and above support only)


/ckms-domain Clear the specific DNS domain in which all KMS SRV records can be found. The specific KMS host will be used if set via /sethst option. Otherwise default KMS auto-discovery will be used. (Windows 8 and above support only)
Token /Options Description
/dtokils Display installed token-based activation issuance licenses.
/rtokil:value Uninstall an installed token-based activation issuance license with user-provided license id (as displayed by the /dtokils option). Value parameter applies.
/stokflag Set token-based activation only flag. (Windows 7 support only)
/ctokflag Clear token-based activation only flag. (Windows 7 support only)
/dtokcerts Display token-based activation certificates.
/tokact:value1:value2 Token activate with a user-provided thumbprint (as displayed by the /dtokcerts option) and a user-provided PIN (optional). Value parameter applies.

Prior to running ospp.vbs ensure that:

Windows firewall allows WMI traffic on remote computer.

You have or pass credentials with required permissions on remote computer.

Cmd.exe is elevated (right click > Run as administrator).

Sample Usage

cscript ospp.vbs /act  ‘Activate Office 2013 on local computer.

cscript ospp.vbs /act mypc1  ‘Activate Office 2013 on remote computer mypc1 with current credentials.

cscript ospp.vbs /inpkey:MFKXT-F6DT2-THMRV-KDWH2-TCDTC  ‘Install Office 2013 product key on local computer.

cscript ospp.vbs /inslic:\\myserver\licenses\tail.xrm-ms ‘Install license on local computer.

cscript ospp.vbs /inslic:”\\myserver\work licenses\office2013 tail.xrm-ms” mypc1 ‘Install license on remote computer mypc1. Note the path is enclosed in “” since the value contains spaces.

cscript ospp.vbs /ddescr:0xC004F009 ‘Display the description for error code.

cscript ospp.vbs /actype:1 ‘Set volume activation type to Active Directory only.

/Token only

cscript ospp.vbs /rtokil:4476b20e ‘Uninstall an issuance license with license ID.

cscript ospp.vbs /tokact:96DE6755ABE0BC7D398E96C3AA3C7BFE8B565248 ‘Token activate with thumbprint.

cscript ospp.vbs /tokact:56AE6755AAB0BC7D398E96C3AA3C7BFE8B565256:54344 ‘Token activate with thumbprint & PIN.


Top Of Page


Intro to HammerDB

One of my favorite benchmarking tools is HammerDB.  In a nutshell, it allows you to run a well evolved SQL benchmark (TPC-C) against your system to gauge performance.  The scenario to picture is an order/warehouse simulator and your metric is how many new orders per minute (NOPM) the system can crank out.

CPU, memory, disk all matter for SQL and so all make a difference in the achieved NOPM.  Other factors include how many virtual users (you configure) are running against the TPC-C and if you want to get networking into the mix, then you can run the benchmark from a client against a remote SQL server.

HammerDB also has nice features such as running in Autopilot mode where you can run, for example, 5 minutes with a single user, then 5 minutes with 2 users, then 4, then 8, then 16, then 32 … and so on.  This mode is my preferred method as I can just setup a benchmark, start it, and just walk away knowing I can just check the logs later for the results.

Another nice capability is the master/slave mode.  Basically, you can coordinate multiple clients to pummel a server simultaneously.  I don’t use it often, but I have used it.

Getting started…

After installing and launching, HammerDB is going to appear like this…


I’m going to be testing on MSSQL Server, so I will close Oracle and select SQL server instead.  Then I simply pick TPC-C.


And then confirm.


Now you will need to create your initial empty TPC-C database.  Simply go into SSMS and create a new database.  I’m calling mine “tpcc”.  You can get fancy and tweak the number of database files and logs, and size them to prevent autogrowth, … etc.  It does help maximize the benchmark numbers.  Remember, you’ll need to be fair and tweak both systems when running a comparison.

HammerDB4  For a first try, just use the model default database.

Now that we have a “tpcc” database on SQL, time to let HammerDB prepare it for testing.  We do this by going to the Schema Build -> Options where we’ll put in the SQL connection string info.

HammerDB5  For your first time, just use the original schema.  Once you start tweaking for higher numbers, building a schema with multiple warehouses will help your cause.  My rule of thumb has been to simply to make the number of warehouses equal to the number of processor cores … 4 processor cores, 4 warehouses.  16 cores, 16 warehouse… etc.  I don’t know if that is ideal, just what I’ve been doing.

Once the schema build options are ready, double-click Build …


Then click Yes


It may take a while, just let it build until you see the TPCC SCHEMA COMPLETE.

HammerDB8a  Congrats, you have a database ready to test against.  Click the red traffic light icon (highlighted) to stop the build.

Now let’s configure a test run…

First, we need to again configure the connection string.  This time for the benchmark.  Open Driver Script -> Options.  Your connection string from the schema build should populate here automatically otherwise you can fix it.

HammerDB9a  I prefer using a timed test and highlighted the options in the screenshot.  The reason is that I typically do use the Autopilot test so I can test a number of virtual users for 5 minutes at a time.  Then I can ultimately plot a chart of NOPM against the number of virtual users to get more of a profile.  Some systems scale up virtual users better than others, and you just need more data to see it.  Use Autopilot to perform the data runs for you.

Double-click Load to load those driver options.

Now, lets go to Autopilot -> Options.

HammerDB10  Enable Autopilot, then configure the length of the test and the number of virtual users.

Runtime: Since our driver options specified a 2 minute ramp up, a 5 minute test run, and Autopilot is specifying a 10 minute interval (10-2-5=3), there is going to be a 3 minute cool down where virtual users are disconnected.  If the virtual users cannot all disconnect within that cool down period, HammerDB will wait before starting up the next run.

Users:  For each run, there will be one control user and the rest will be virtual users against the database.  So, basically if you want 4 virtual users, you configure the number 5 in Autopilot.  My screen shot shows 2 3 5 9 17 33 65 129 257 513 1025 … but actually corresponds to a number of working virtual users of 1 2 4 8 16 32 64 128 265 512 1024.

I always check off the option to log the output and to use unique log names.  Occasionally HammerDB crashes and the scrolling log in the GUI will not be retrievable when that happens.  Use the text log files instead.  For this run, on my system, I already know that 1024 users is too ambitious and will crash the system (here is where I might use master/slave to have multiple instances run together to create the 1024 users).

Double-click Autopilot and let it run.  Stop it anytime using the red traffic light.


A log file output will look something like this …


Using Excel we can simply generate comparisons like this …


I’ve used HammerDB to assist with such comparisons as VMware versus Hyper-V versus bare metal … static memory versus memory overcommit versus dynamic memory … local RAID versus SAN … SQL failover cluster versus availability group … and in this blog I plan to be using HammerDB as a tool to benchmark server core.  I’m curious to see the results!