IIS WMSvc Automated Certificate Management

I’ve added a new script to my GitHub PowerShell repository for managing the IIS WMSvc Certificate. The script WMSvc_InstallCertificate.ps1 is intended to be ran either by scheduled task or by command line and will attempt to detect when the Web Management Service (WMSvc) certificate needs to be replaced. Replacement certificates are sourced from an Enterprise Certificate Authority automatically. The IIS machine account must have privileges to enroll.

In my lab, this script is tied to a scheduled task that is automatically created by group policy on servers attached to the IIS role security group. This same security group is also granted enroll privileges on the certificate template. In effect, new servers created will automatically receive a trusted certificate for their management port and that certificate is rotated automatically before expiration.

Since my lab IIS installations run on Server Core, it is quite convenient to have the remote management service configured automatically.

Sysprep Failing after Updating Windows 8.1 Apps

This week I’ve been making the final updates to the reference image for laptops to the¬†library’s educational program involving Minecraft and other games for kids. However after laying in the last set of Windows updates and other applications, Sysprep failed and logged the error Package¬†was installed for a user, but not provisioned for all users.

From the error log, it appeared that a Store app was causing a blocking failure. This was odd, because I hadn’t once launched the Store nor side-loaded any apps. Further, all the work was done on the builtin account with which the Store cannot even be used.

Continue reading