Windows Server 2012 "Features on Demand": Configuring Static Path to “WinSxS” Folder via Group Policy

In my lab I tend to spin up loads of Windows Server 2012 R2 servers to test various things. One thing that always causes me frustration is having to manually point the \sources\sxs folder when installing a new Server Role, via Server Manager or PowerShell.  Its frustrating because I normally forget to do it, and the installation fails and I need to start again.

To configure a network based copy of the SXS folder and have it automatically mapped via GPO, first copy the \sources\sxs folder from the DVD media to somewhere you can share the folder from. Then configure the share and NTFS permissions, I have allowed Full Control to Everyone on the share permissions, and Full Control to Domain Computers on the NTFS permissions.

As I want this setting to be global across the domain I am going to put the setting in the Default Domain Policy open the GPMC and edit the GPO you want to host the settings.

Expand Computer Configuration/Policies/Administrative Templates/System and double click on the policy Specify settings for optional component installation and component repair.

Click the Enable button and enter the UNC path to the SXS folder you copied over, if the access permissions are not configured correctly this obviously will not work. Click Apply and OK.

Now when you try to install Server Roles or Features via Server Manager or PowerShell the machine will have a known location for the required binaries.

DirectAccess: Enabling the Teredo Interface

If you have deployed DirectAccess via the Getting Started Wizard you will probably find Teredo is disabled from the beginning. For Teredo to work (or even enable), the external interface on the DirectAccess server must have two consecutive public IP's.

Although DirectAccess is configured correctly, there is no Teredo interface.

If you open an Administrative PowerShell and use the command Get-DAServer you will notice under the TeredoState setting it states Teredo is Disabled. 

                                        

Like the other connection protocols when DirectAccess is installed an adapter is installed in Device Manager (you must Show Hidden Devices). You will notice an adapter for IP-HTTPS, ISATAP and 6to4, but no adapter for Teredo.

In order for Teredo to enable correctly, the external interface of the DirectAccess server must have two consecutive public IP addresses you add the second IP using the Advanced TCP/IP Settings from the external adapters properties.

When both the external IP's are successfully configure you can use the PowerShell command Set-DAServer -TeredoState Enabled to force Teredo to be installed. The command outputs a warning in regards to internal resources and ICMP, this is because Teredo uses ICMPv6 to determine what kind of NAT an incoming client is connecting over.

Once the command has successfully completed, you will now notice the Teredo Tunneling Pseudo-Interface now appears in Device Manager.

If you now return to the Operations Status you will see Teredo listed under Services.