Category Archives: Azure Automation

Azure Automation

Wrangling Windows 10 File Associations – SetUserFTA

As of late, I’ve been almost exclusively focused on Windows 10 deployment, and depending on what you’re trying to do, the process can be complex. There’s a wealth of knowledge out there already, but truthfully, getting a machine imaged or upgraded is the easy part. As someone with a bit of OCD, the true challenge is making sure the user’s first experience on the machine is perfect! In this case, that means making that experience as close to Windows 7 as possible πŸ˜‰

With Windows 10, Microsoft has moved to develop an OS that’s more secure out of the box. That’s great, and hopefully will make our lives easier in the long run. The trade-off is that some tasks that were once pretty easy, are now painfully difficult. One of the worst? File associations.

I know I know, someone is going to tell me ‘just let the user choose!’ For anyone who hasn’t done it recently, the process to make another web browser the default or change a file association in Windows 10 is 4-6 clicks, and several dialog boxes popping up. If that isn’t training my users to just click ‘Yes’ on anything that pops up on their screen, I don’t know what is! I’m far less concerned with an OS that let’s me configure things silently, and far more with one that trains my users with bad behavior.

Official documentation on setting file associations has existed for quite some time, but I’ve seen varying success depending on the version of Windows 10 as well as the customer environment I’ve tried it in. Microsoft, for their part, has *finally* (it took 2.5 years) released a blog post on configuring default application associations that should be more broadly applicable. You can read that here, and then cry for a few moments as you understand how difficult this is to accomplish for the following scenarios:

  • I only want to set associations once, not continuously
  • I only want to set associations on a per-user basis
  • I want to set associations with a roaming profile (or UE-V) <- This one was mentioned to me on Twitter, I haven’t had time yet to confirm that MSFT’s blog post does/doesn’t work properly in this scenario, but it wouldn’t surprise me.
  • I want to set associations without having to set *all* file associations at once
  • I want to set associations without losing hours of my life to reading a blog post and fiddling with XML files, DISM, and GPO’s (Don’t get me wrong, these are a few of my favorite things, just not in this context)

Luckily, heroes like Christoph Kolbicz exist (His blog is here)! He recently posted about a new tool to write user-specific registry keys that set and keep Windows 10 file-type associations painlessly. I was too curious, so I put his new app, SetUserFTA to the test! (Note: I’m using v1.1.1 – the current version at the time of this post)

The easy way – Setting Adobe Reader as the default PDF Viewer

  1. Install Adobe Acrobat DC (Older versions recently went out of support, so make sure you’re on DC for the latest security fixes πŸ™‚ )
  2. Manually associate Adobe Acrobat DC with PDF’s. This can be done several ways, but I’m showing the process from the ‘Default App Settings’ page in the ‘Settings’ area of Windows 10.
  3. Look up the Program ID (Also noted some places as the AppID) for Adobe Acrobat DC. The ID is the third item returned from the command below. This seems to change version to version on some apps, so make sure you check your own system before assuming that the Program ID I’m using will work for your version of Adobe Acrobat DC.
    1. Β For your copy/paste pleasure:
  4. Run Christoph’s app with the file extension you want to associate, and the Program ID you’ve just looked up, on any computer you want to update associations on.
    1. More copy/paste code:
  5. Watch your screen flash for a moment, then bask in the glory that is a silently set, per-user, file association!

I love this for so many reasons. Focusing on desktop deployment and user experience, I can use this to ensure that when a new app is installed, the file association is set at the same time, without any user intervention! Here’s a quick and dirty PowerShell script that installs Adobe Acrobat DC and sets the PDF file association in one fell swoop! Note – this doesn’t accept the Adobe Reader EULA or anything like that, this post is about setting file associations, not installing Adobe Reader end to end πŸ™‚

This is great! No DISM, no copying/editing of XML, and the end result is achievable in 5 minutes instead of many, many more.

I’m not even going to dive into the Microsoft-endorsed method at this point. I’ve done it before, it works, but it allows little flexibility. Microsoft’s methods may work for you, and if so, keep at it! Once you get tired of that, SetUserFTA is a great alternative.

It looks like Christoph is using this for Citrix environments, which I can imagine must have been hell to manage with MSFT’s official guidance, thus why he spent the time building all this πŸ™‚ SetUserFTA ought to come in handy for anyone doing app deployment, Citrix or VDI environment management, or who just doesn’t want to deal with Microsoft’s own methods of setting app associations up. Give it a try and let me know how it goes via TwitterΒ @systemcentersyn

What’s next? I am hoping Christoph continues development and let’s me set protocol associations, so web browser selection and deployment becomes just as easy πŸ˜‰ Also, here’s to hoping that anti-virus apps stop flagging his .exe as a virus, as that’s held me up a few times as I authored this post. AVΒ heuristics can be both a curse, and a blessing. Update: Christoph has re-uploaded v1.1.1 with updated code that my Anti-Virus finds less suspicious. No issues now!

Using this? Does it work for you? Tweet @_kolbiczΒ and be sure to donate as thanks for his efforts! Again, the blog post for instructions and download of the SetUserFTA app is here.

AzureAutomation – Webhooks, jQuery, and Runbooks, oh my! (Part 2)

Alright! In the last post, we setup AzureAutomation and tested it out on our Hybrid Worker. Now, let’s create a webhook to make sure we can trigger this remotely. What’s a webhook you might ask? Well, that’s an excellent question!

Basically, it’s a URL that is both the location and token, to use a resource. Think of it like a trigger on a gun – once you’ve got your finger on it you can use whatever is behind it! Why is that useful in this case? Well, a webhook will let us use our Azure Automation runbooks from another source. That source could be a PowerShell workflow, another Azure Automation runbook, a C# app, or a website! Cool stuff.

Anything we do below assumes you’ve already got OMS and Azure setup, and have the Azure Automation components configured. If you need help doing that, go back and check out part 1 of this guide!

So we’re in Azure, I’ve headed to the ‘Runbooks’ Area of my automation account from last post, and found the same ‘Test-HybirdWorker’ runbook that I was using before. I’m attempting to use the scientific method and not change too much at once πŸ˜‰


If I click the ‘Webhooks’ tile, we get a new page where we can add a new Webhook. You can have multiple Webhooks for a single runbook, but we just need one for now. Click that ‘Add Webhook’ button!


Let’s fill out some info…

webhook3 webhook4

Be sure to save the webhook URL someplace safe! You only see it once, and it’s super important. It acts as both authentication and a pointer to running your runbook, so keep it safe, but accessible, in the event that you need it again.

We’ll also want to make sure that we set this webhook to run on our Hybird Worker again. We can always come back and change this later, but we’re here, so we may as well set it!


After hitting ‘OK’, then ‘Create’, you’ll be brought back to your Webhooks screen, and you’ll see the fruits of your labor! Clicking on your Webhook, you can get the details and modify parameters and settings if need be. If you can’t find your Webhook URL because you didn’t listen to me above, you’re in trouble! Time to create a new Webhook and update your code πŸ™‚


Beautiful! We’ve got a webhook, but what the heck do we do with it? Well, it’s still just a trigger to our basic runbook that writes a file to the C drive… but let’s make sure it works how we want and triggers our runbook appropriately. We’ll need to switch gears a bit and build a simple webpage to try this out πŸ™‚

Here’s some code you can drop in a folder in your C:\inetpub folder. Just install IIS with default settings and that should be all you need here.



You’ll want to make sure IIS is installed! It doesn’t take anything special to run this website, so defaults is fine. I’ll update this page with a quick PowerShell one line to install the proper roles and features in a bit πŸ™‚

Let’s unzip our files now…

webhook8 webhook9

And move it into our inetpub folder…


Perfect! Now let’s make the website in IIS, and point it to the files we’ve dropped locally.


webhook11 webhook12

You’ll see I’ve changed the port to 8080, that’s just because I have other things running on port 80. Run it wherever you like!


And now let’s navigate to our webpage and see how it looks…


Holy cow, it’s beautiful!

This gives us a nice HTML webpage, some CSS to make it pretty, and JavaScript, specifically jQuery, that can be called when the big button is pressed. Awesome!

Let’s dive into the code…

We’ve got a few files and folders in here:


  1. CSS – This holds our CSS files to theme the website. These have been borrowed from Bootstrap and saved us tons of time πŸ™‚ CSS is just color and style and layout, nothing you’ll need to change unless you want to change the look and feel.
  2. JS – this holds our javascript files, and we’ll end up in here modifying a few things here. This will be a good place to be πŸ™‚
  3. index.html – The is the ‘scaffolding’ for the website that the CSS makes pretty. If we want to change any of the fields, forms, etc, then we’ll change things in here. Not much to do here either, unless you want to really extend the functionality.

So if we actually go ahead and pull up the code in aaFunctions.js, we’ll want to change the webhook URL so it matches what we’ve got from the Azure Portal when we setup the webhook. I’m going to paste mine in, you do the same!


Alright, let’s navigate back to the page, hit refresh, and press the big button!


It says that something happened… but let’s check Azure.


Awesome! and if we check out our Hybrid Worker again…

webhook22We’ve got an updated last modified date! It worked πŸ™‚

This is awesome. One thing I do want to point out, is that if you’ve got the developer console enabled in your web browser of choice (Usually hitting F12 will bring this up), it will spit out an error when you click the button to actually call the webhook URL.

webhook24As far as I can tell, this is just a ‘red herring’ of sorts, and while not desirable, it doesn’t impact functionality here. I’m going to look into trapping this/eliminating it in a future post.

That’s all for now – Part 3 coming soon!

AzureAutomation – Webhooks, jQuery, and Runbooks, oh my! (Part 1)

So this post is a bit different than my previous ones, as this is the first to not really be related to System Center Service Manager in a long time. That’s because, well, my focus will likely be shifting off of SCSM in the next few months and more towards SCCM and Microsoft’s new Azure offerings like EMS and OMS. A career change will do that to ya πŸ˜‰

Anyway, as part of my recent exploration into the Azure-sphere, I’ve found a love for OMS. I’ve been looking for a compelling replacement for Orchestrator for a long time. In order to be really useful, a new solution had to be:

  1. Lightweight (My SCORCH boxes are usually single-box, 2 Core/4GB Memory. So awesome)
  2. Simple to setup/use
  3. On-Premise
  4. Support PowerShell in all its glory!

SMA/WAP doesn’t fulfill requirement 1 or 2, and personally, nor does it really work with number 4. PowerShell Workflows are not exactly native powershell, and as I’ve yet to build something complex enough to *need* PowerShell workflows, the added complexity is just cumbersome.

Azure Automation sounded great when it first came out, but the lack of on-premise support was an issue. Once Hybrid Workers and native PowerShell (non-workflow) support came out, it was clear AzureAutomation was my new friend πŸ™‚

So, now we’ve got this awesome, fancy new automation platform, let’s try and do something that I’ve never been able to do with SCORCH – Kick off a runbook via a URL! The XML Structured requests in SCORCH always made web browser’s unhappy, and so I was loving the new REST interface we’ve got with everything Azure, specifically, Azure Automation webhooks.

As I’ve done a bunch of work with the Cireson Portal lately, my knowledge of jQuery/HTML/CSS is pretty solid. I wanted to make a basic HTML website, have it take in parameters, and then run a runbook from AzureAutomation once I hit a button. That runbook should run against a local lab environment, and, in this case, would actually create a new user in my local AD environment, and email some info out on user creation. Easy? Simple? Eh, kinda.

I’m going to take this in 3 parts, so it’ll be a few different posts. I’ll link to the rest at the end!

First thing is first, we need to setup OMS, which is the platform for Azure Automation. Let’s hit up that OMS website and click that nice ‘Try for free’ button. Isn’t Microsoft nice!!


Well, that was easy! Let’s click the big blue ‘Get Started’ tile.


While there’s tons of functionality here, we just want the Automation for now – you can see I’ve checked the ‘Automation’ box in the lower right corner.


Once that’s installed, you’ll want to go back to that same ‘Get Started’ tile and setup our data sources. Don’t stop on the ‘Solutions’ tab this time, find the ‘Connected Sources’ tab and let’s take a peek at the ‘Attach Computers Directly’ section. That’s what we want to use! This will let us setup a local Hybrid Worker for automation. Download that Agent (64 bit obviously, you’re not using 32Bit OS’s in 2016, are you?) and save it someplace safe. Also, leave this page open, we’ll need that workspace ID and Primary Key.


When you download the agent, it’ll look like any other Microsoft Monitoring Agent. But it’s not just any agent, this is the one unique to Azure Automation! You can see I’ve given it a bit more detail in the name so I can find it later if I need to πŸ™‚

Note that this cannot be installed on a machine that already has the ‘Microsoft Monitoring Agent’ on it – something like a box monitored by SCOM or a machine with an SCSM Agent installed (Management Server). Since they all are variations on the same ‘agent’, they must be unique on each box. I haven’t dived into SCOM monitoring of my HybridWorker, but that’ll come in a later post πŸ™‚

Oh, and one last thing. For connectivity purposes, Microsoft just says the runbook worker needs web access to Azure! Make sure ports 80 and 443 are open to *, and you should be golden. No messy ports to deal with – I love it!

oms5This is what I’m talking about! Let’s link this to OMS.


You might have my ID, but not my key! Muwhahaha. This comes from the page we left open above. The Key is the ‘Primary Key’ from the Connected Sources tab.


Alright! That’s it. Pretty simple, right? Our hybrid worker should be setup and connected to OMS. If you head back to the OMS portal, it should show a connected Data Source now on that pretty blue tile:

oms27Yess!!!!!!!!!! Now, in a lot of ways, that’s the easy part. OMS is just a *part* of the equation. We now need to link that OMS workspace to our actual Azure subscription, so we can manage Azure Automation from our Azure Portal. Got it?

OMS + Azure = Azure Automation!

I’m assuming you already have an Azure subscription, and if not, well, it’s easy and there’s tons of posts on it πŸ™‚ We’re going to want to login to our Azure Portal (The new Azure Portal aka ARM), and search for the Automation content pane.


I hope you clicked on that little ‘star’ icon above so it got pinned to your left hand navigation. We’re going to be using this a lot πŸ™‚ Now, let’s open the pane and hit the ‘Add’ button, then click ‘Sign Up’ on the right hand side.


This is going to do some interesting things if you don’t have an existing Azure subscription linked to this account, but ultimately you’ll get dropped back to the automation screen if you need to do anything here. Don’t panic! You’re on track πŸ™‚


Phew! Billing is sorted, back to Automation. Let’s create a unique name and resource group for this bad boy. Think of resource groups as ways to keep resources distinguished between multiple customers. Azure is multi-tenant, so you’ll see a *lot* of separation built in. For smaller customers, or since we’re just doing an example here, we need not worry too much, we just need one resource group to assign resources to.


Here’s me making a resource group! Pretty easy πŸ™‚



Awesome! We’ve now got our Automation Account setup. This configuration thus far has been *all* on the Azure side. Don’t you remember that equation from above? OMS + Azure = Azure Automation! We’ve got Azure all setup, and OMS all setup, now let’s link them so we get access to that Hybrid Worker.


You can see we’ve clicked on my Automation Account, clicked on the ‘Hybrid Worker Groups’ tile, and have clicked on the little ‘Configure’ icon at the top. It gives us awesome instructions on how to do this, but again, since we’re dealing with both Azure and OMS, it’s still a bit confusing. Basically, we did all the hard stuff before, this is just going to establish the linkage between our Azure workspace and the OMS workspace we setup earlier. They don’t *have* to be linked, which is why they exist separately, but for Azure Automation, we need that linkage.

In the above screenshot, see that ‘Step 1’ section? Make sure you’ve clicked on the second bullet in there where it says ‘Login to OMS and deploy the Azure Automation solution’. It’ll bring us…


Deja vu! Let’s sign back in…


Oh! Cool! We’re linking our OMS subscription to our Azure one. We want this.


You can see that there’s a new tile here ‘Solution requires additional configuration’ for Automation. Let’s click that.


It wants to link our Automation Account to Azure! Yes, yes, we want this. Save it and don’t look back!


Bow chica wow wow! You can see our Automation tile now shows the little Azure Automation icon with our Azure Automation account name at the top. It also shows a runbook now, which is cool. I like runbooks.

Now, if you haven’t taken a break at this point, don’t do it now! We’re so close to success I can taste it. We’ve got Azure setup, we’ve got OMS set up, and we’ve got our Hybrid Worker setup. The last bit is to add this Hybrid Worker to a Hybrid Worker Group so we can use it. I know, I sound crazy, but think of it kinda like a resource within a resource group. It exists, it’s functional, but it needs to be assigned somewhere before we can use it.

Microsoft has a great post on adding a runbook worker to a Hybrid Worker Group. I’ve screenshotted the good stuff below :


Luckily it doesn’t show my entire key in this screenshot πŸ™‚

oms21Here’s me adding things!

oms22 oms23

Boom! The command completed successfully and if I go back to the Azure portal and refresh things…


Hybrid workers for days! You’ll see I’m using my Orchestrator box for my new Hybrid Runbook worker. It works perfect! It’s a Server 2012 R2 box with 1 Core and 2GB memory. Insane, right?!

Now, this looks good, this looks fine, but the proof is in the pudding. We need to do a quick test to make sure this is all working. I’ll write a quick runbook to write a file locally on the Hybrid Worker and make sure that comes through!

To make a new runbook, easy enough, we just click the ‘Add a runbook’ button at the top there. You’ll see it opens up the ‘Add Runbook’ pane, where we can select ‘Quick Create.’

Lets fill in a few things…

Note: Powershell is no the same as Powershell Workflow! If you don’t know the difference, select ‘Powershell.’ If you do, then select which one you need πŸ™‚


We’ve got a blank space!!! Wasn’t that a song? Right, let’s fill it with some basic stuff to just write to a local file on the Hybrid Worker.

That wasn’t too hard now, was it πŸ™‚


You’ll need to hit the ‘Save’ button first. Once you do that, you’ll see it greyed out, and then you’ll need to ‘Publish’ the runbook to actually use it. It’s functionality that is pretty similar to what Orchestrator used to do actually…

oms30 oms31

Done and published! Don’t mind me, I’ve made a few other runbooks here too… those come later πŸ˜‰


Let’s select the runbook, and hit that ‘Start’ button. Once we hit it, we’ll get the option to input any input parameters (there aren’t any in our case) but more importantly, specify if we want to run this just in Azure, or on a Hybrid Worker. Let’s pick the Hybrid Worker!

oms33 oms34

If we hit ‘OK’, you’ll be returned to the Job Summary page, where we can wait for it to finish. Don’t blink! It happens quick.

oms35 oms36

Yes, I know it’s a different Job number. The runbook ran too fast and I had to start a new job to take another screenshot πŸ™‚


Beautiful! We’re in business! You’ve got Azure Automation on a Hybrid Worker in your environment now.

These Hybrid Workers are awesome in that they work:

  1. Faster than Orchestrator from trigger to execution
  2. Better than Orchestrator in their fault tolerance (Hybrid Worker Groups) and logging

A few last minute notes:

  1. You these Hybrid Worker ‘groups’ are exactly that – they can be groups of machines and the request can be passed around to the first available one to load-balance. In our case, we only have one, but it works just fine with a single worker in a group.
  2. If you want to use any commandlets locally on the Hybrid Worker, make sure they are installed by you! Azure Automation won’t do any of that part for you, but other tools in the MSFT toolkit will! (Think DSC πŸ™‚ )

That’s all for now, check back in just a bit for the next two posts on making the real magic happen!

Update: Part 2 is now live!