Quick tip: Reset the password of an Azure Virtual Machine

In my Azure test tenant, I forgot the password of an Azure Windows Domain Controller VM. In Azure, there is a Reset Password option available in the VM options.

 

The password reset update failed. The password reset option uses a VM Access extension. When digging into the activity log I found the following error:

VMAccess Extension does not support Domain Controller

So I went to another approach using the following steps:

Prerequisites:

  • Ensure the VM status is running
  • Create a new password
    • Portal – between 12 – 123 characters
    • PowerShell – between 8 – 123 characters
    • CLI – between 12 – 123
    • Have lower characters
    • Have upper characters
    • Have a digit
    • Have a special character (Regex match [\W_])

Using the Azure portal

    • Log in to the Azure portal
    • Navigate to the Virtual Machine that you want to reset the password for.
    • Select the Virtual Machine
    • Select Run Command
    • Select RunPowerShellScript
    • In the “Run Command Script” window enter:
net user <username> <password>

 

Using Cloud Shell

  • Log in to the Azure portal
  • In the Azure Portal open Cloud Shell
  • Select Bash
  • In the following command change: <vm> <resource group the vm belongs > <username> and <password>
az vm run-command invoke --command-id RunPowerShellScript --name <vm> -g <resource group the VM belongs too> --scripts "net user <username> <password>"

 

 

Using the RunPowerShellScript is a lifesaver when you forgot the password of a Windows Domain Controller VM in Azure. This procedure works also for regular Windows VMs.

Troubleshoot your Azure Virtual Desktop (AVD) or Remote Desktop Environment with the MSRD-Collect tool

I recently stumbled on a cool tool called “MSRD-Collect”. MSRD stands for Microsoft CSS Remote Desktop Data Collection and Diagnostic Script. MSRD-Collect is a PowerShell script with separate modules designed to collect information that will help Microsoft Customer Support Services (CSS) to troubleshoot issues in Azure Virtual Desktop or Remote Desktop Services environments.

MSRD-Collect is not only a handy tool for Microsoft CSS but can be used by AVD or RDS administrators having issues or who want to check the health of their session hosts.  MSRD-Collect can be executed from the AVD session or Remote Desktop hosts. The tool is created and maintained by Robert Klemencz and Alexandru Olariu from Microsoft.

What checks are performed?

The script performs the following diagnostics, from AVD, and RDS (RDP) environments:

  • Overview of the system the script is running on (General information)
  • OS activation / licensing
  • Top 10 processes using the most CPU time on all processors
  • Total and available disk space
  • Graphics configuration
  • Windows Installer information
  • Windows Search information
  • SSL/TLS configuration
  • User Account Control (UAC) configuration
  • Windows Update configuration
  • WinRM and PowerShell configuration/requirements
  • Authentication and Logon information
  • FSLogix configuration and presence of the recommended Windows Defender Antivirus exclusion values for FSLogix (if present)
  • Multimedia configuration (Multimedia Redirection and Audio/Video privacy settings)
  • Remote Desktop client information
  • Remote Desktop licensing configuration
  • RDP and remote desktop listener configuration
  • Information on installed RDS roles and their services (if present)
  • Remote Desktop device and resource redirection configuration
  • Antivirus information (if present)
  • Remote Desktop related security settings and requirements
  • Remote Desktop ‘Session Time Limits’ and other network time limit policy settings
  • AVD host pool information
  • AVD Agent and SxS Stack information
  • Information related to AVD usage on Azure Stack HCI
  • AVD required URLs accessibility
  • AVD services API health status (BrokerURI, BrokerURIGlobal, DiagnosticsUri, BrokerResourceIdURIGlobal)
  • RDP ShortPath configuration (Windows 10+ and Server OS) for both managed and public networks
  • Azure AD-join configuration
  • Check for Domain Controller configuration (trusted and available)
  • DNS configuration (Windows 10+ and Server OS)
  • Firewall configuration (Firewall software available inside the VM – does not apply to external firewalls)
  • Proxy and route configuration
  • Public IP address information
  • VPN connection profile information
  • Various settings that are sometimes related to Black Screen logon scenarios
  • Installed Citrix software and some other 3rd party components potentially running on the system, which may be relevant in various troubleshooting scenarios
  • Microsoft Office Configuration
  • OneDrive configuration and requirements for FSLogix compatibility
  • Printing information (spooler service status, available printers)
  • Teams information and AVD media optimization configuration for Teams (if present)
  • Known AVD agent-related issues over the past 5 days
  • Known FSLogix-related issues over the past 5 days
  • Known MSIX App Attach related issues over the past 5 days
  • Known RDP ShortPath issues over the past 5 days
  • Known Black Screen issues over the past 5 days
  • Known TCP issues over the past 5 days
  • Known Process and system crashes over the past 5 days
  • Known Process hangs over the past 5 days

The data collected is not uploaded to Microsoft!

How to run the MSRD-Collect tool?

  • Download MSRD-Collect, link. or use the following URL:
https://aka.ms/avd-collect
  • Extract the zip file
  • Set the PowerShell execution mode:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force -Scope Process
  • Unblock the files
Get-ChildItem -Recurse -Path C:\MSRD_Path\Modules\*.ps* | Unblock-File -Confirm:$false
  • MSRD-Collect can be run from the command line or with GUI. To run MSRD-Collect with a GUI, execute:
    • MSRD-Collect.ps1 in a PowerShell session with elevated permissions in order to collect all required data
  • Select AVD or RDS as a source and click on Start to begin gathering data

  • The data will default be stored in the  c:\MSDATA folder. This can be changed in the GUI or when running from the command line
  • When the script finishes. a nice HTML page (<servername_MSRD-Diag.HTML)  is generated:

The output contains all settings and links to other log files. Sections marked in Yellow need attention. For example, to view the latest Windows Updates installed, click on the Updates Section and then UpdateHistory.html:

Conclusion

MSRD-Collect is definitely a tool that every AVD or RDS administrator must have in their toolbox. MSRD-Collect gives great detailed information about the state of the AVD/RDS environment and makes troubleshooting a lot easier. With the command line option, you can schedule the script to run at regular times.

Make sure you run this tool before calling Microsoft CSS when having issues with your AVD or RDS environment.

Customize the Windows 11 Start Menu

Start Menu management in Windows 11 is different than Windows 10. Microsoft recommended an MDM provider such as Microsoft Intune to manage the Windows 11 Start Menu.

 

There are many environments (such as VDI and Azure Virtual Desktop(AVD) that don’t use an MDM provider to manage their Windows 11 workspace environment. In this blog post, I will highlight how to manage the Start Menu with native tools such as Active Directory and Group Policies.

I will create several blog posts about how to customize the Windows 11 Start Menu, configure the taskbar, remove unwanted desktop icons and remove bloatware and apps.

  • Customize the Windows 11 Start Menu (this blog post)
  • Customize the Windows 11 Desktop icons
  • Customize the Taskbar icons
  • Remove bloatware from the Start Menu

In this blog post, I will highlight how to customize the Windows 11 Start Menu with native Active Directory Group Policies.

In Windows 10 you can export and import the Start Menu layout. With the “Export-StartLayout” PowerShell command, the Start Menu is exported to an XML file. With a Group Policy, you refer to the custom XML file.

In Windows 11, the Start Menu is exported to a JSON file. The command is like this:

Export-StartLayout -Path "C:\Layouts\LayoutModification.JSON"

There is no Group Policy (Windows 11 22H2) to import a Start Menu JSON file. The Group Policy only works with an XML file.

There is a workaround. In Windows 11 the Start Menu is stored in a single encrypted file in the following folder location:

%LocalAppdata%\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState

In this folder, there is a start.bin or start2.bin (depending on the Windows 11 version) file. This file is the Windows 11 Start Menu that can be copied.

These steps will copy the modified Start Menu to a central location and when the endpoint starts the modified Start Menu will be copied to the default user profile. When new users logs in, they will get the customized Start Menu.

  • Pin/unpin and organize the apps in the Start Menu the way you want.

  • Copy the start2.bin file in from the %LocalAppdata%\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState folder to a central location (for example in a folder in the netlogon share of the domain controller (for example \\lab.local\netlogon\w11).
  • Create a cmd file called w11startmenu.cmd with the following context:
copy "\\lab.local\netlogon\w11\start2.bin" "C:\Users\Default\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState" /Y
  • Open Group Policy Management console
  • Create a GPO Computer Configuration – Scripts (Startup/Shutdown) – Startup – Scripts and browse to the cmd script file in the netlogon share (for example \\lab.local\netlogon\w11\w11startmenu.cmd)

All users who log in with a new profile will get the customized Windows 11 Start Menu.

More information can be found in the following article, link.