Install .Net 3.5 feature into 2012 offline

Your working on a lab and you want to Install .Net 3.5 feature into 2012 offline how do you do it.

If you have ever tried this you will know it works fine in windows server 2008 but in windows server 2012 the .net 3.5 feature install is flakey to say the least and almost always needs a  net connection so that it can see Microsoft’s update servers (or your own WSUS servers) However if your building a quick lab and don’t want to give it net access or a WSUS server how do you get this feature installed?

Open a command prompt with admin rights and enter this one string (change the drive letter to the drive letter the server 2012 disc drive’s)

Dism /online /enable-feature /featurename:NetFx3 /All /Source:<drive>:\sources\sxs /LimitAccess


I had a problem where I followed the above method but got  error code 0x800F0906 and solved it as follows:

Two recent (September 2014) Windows updates refer to .NET Framework 3.5, These installed without the framework being installed? I uninstalled them both and then was able to install .NET Framework 3.5 from Control Panel. I then re applied the updates.

I’m not sure if was necessary to uninstall both updates. They are KB2966826 and KB2966828

Remote install an msi with Powershell

Remote install an msi with Powershell?

I know I have had to do this many times but there are many pitfalls to be wary of. Here is the simplest method to get that pesky msi to install now on a remote computer with Powershell.


You are on your admin workstation and you want to install an msi which I will call ‘installer.msi’ on at least one machine in your domain. Installer.msi is located on a file server on the network.


A Powershell script that copies the file to the local machine, installs the msi then deletes installer.msi from the local machine. How do you do this, simple.

copy-item copy-item -Path \\fileserver\share\installer.msi -Destination \\machine-to-instal-to\c$\temp\installer.msi
Invoke-WmiMethod -Path Win32_Product -Name Install -ComputerName "machine-to-install-to" -ArgumentList @($true,$null,"\\machine-to-install-to\c$\installer.msi")
remove-item -path  \\machine-to-instal-to\c$\temp\installer.msi

I have found this is the simplest method. Obviously you should consider wrapping this in a try catch and putting it in a loop to install on a set of computers.

I have had some success with using invoke-command calling start-process and this is probably the best method if you want to install an exe rather than an msi.


Why not use a GPO I hear you shout? Simple. GPO’s do not offer the flexibility. I use this when I want to install it now, not when the computer next reboots, or if I want to do some pre/post processing like copying a config file around. You may need to use a similar method if you have a badly written service that doesn’t stop for the installer.

Linux Active Directory login for specific groups

I have had Linux Active Directory integrations many times in the past and thought I should blog / document some of it.

I want single sign on for my environment and I have a mixture of Windows and Linux systems. First of all I like Active Directory and its the natural solution for Windows systems so I want to hook my Linux systems into that.

This as it turns out is easy and has many many different methods, but the one I have chosen to use (only because I have got it working reliably) is to use BeyondTrust PowerBroker Identity Services.

I am not going to copy and paste documentation that describes how to install PBIS (note it used to be called Likewise Open)  as that can be found written very well elsewhere. I have included links to some good examples below. This is to document something that took me a long time to find. Once I have Linux Active Directory login working how do I lock it down to specific groups?

First some background:
PBIS uses a registry for configuration. This mimics the Windows registry including its own registry editor, although this editor is command line.

Ubuntu 12.04 /opt/pbis/bin folder contains all the PBIS executables including regshell, config, lwsm, enum-users, domainjoin-cli and lots of other goodies.

To find the list of groups that can login (by default all domain users can login)

:/opt/pbis/bin# ./config --show RequireMembershipOf

To set Linux Active Directory login for specific groups

:/opt/pbis/bin# ./config RequireMembershipOf "domain\\group1" "domain\\group2"

then remember to refresh the configuration (and expire cached Kerberos tokens)

:/opt/pbis/bin# lwsm refresh
:/opt/pbis/bin# ad-cache --delete-all

References and other cool links related to this article.


PowerShell 3.0 jumpstart

I was once in doubt about Microsofts attempt to replicate the all powerful *nix command line with PowerShell but my eyes were opened and I got on the bandwagon. Now you will find me gathering information, solving problems and generally having a great time in PowerShell ISE. The lightbulb moment came when I took the PowerShell 3.0 Jumpstart course on Microsoft Virtual Academy.

It starts slow and steady. No prior PowerShell needed, however you do need to leave your preconceptions behind if you are coming from Bash, Bourne, Csh, Zsh, Dos or any other shell. The two presenters are legends Jeffrey Snover was the lead architect behind PowerShell and Jason Helmick is a long time Microsoft trainer and generally great guy.

What are you going to learn watching the PowerShell 3.0 jumpstart?

I learned alot, I could put powerhsell together before but I wouldn’t have said I understood what I was doing, After this I feel more confident in just typing out what I want and most of the time it works 🙂

PowerShell really does rock!

Teddy bear computer

I stumbled upon a teddy bear computer today.

I thought it was a novel idea to put a computer inside such an unpresuming case but it ended up looking quite good. You wouldn’t want to cuddle it though.

If you had the opportunity what would you build a computer to look like?

Trend micro make hacking look cool

Trend Micro released a video to dramatise the hacking of a corporation. I thought it was really rather good.
Cyber espionage from an insider’s perspective. See how a group of persistent attackers break through corporate security, explore the network at will and make off with the gold. This video is based on the true story of how a global corporation was hacked, costing the victim more than $60 million.

Source –

Written by Sam Rowe on behalf of Deneb