Category Archives: Uncategorized

Using Git with Tfs

If you’ve been curious about Git but have to use TFS, there is a way to try Git locally while still using TFS on the server. This can give you a chance to learn about Git while still working with Tfs.

Install git ( and git-tfs ( Ensure both are working properly on the command line by trying out the commands.
Setup username and email address in .gitconfig. On a Windows system, it should be in your C:\Users\{username}. See a sample .gitconfig below.

quick-clone allows you to clone a TFS repository at a specific changeset (c12345 in the example below):
git tfs quick-clone http://tfs:8080/tfs/DefaultCollection “$/yourTfsBranch” -c12345 –workspace=C:/ws

Now, you can pull all of the history starting from c12345 above:
git tfs pull

Run the clean up command:
git gc
git tfs cleanup

You’re ready to use Git as your local source control.

When you have a new task, create a new branch:
git checkout -b yourNewBranchName
After you made your changes, add it to your local branch:
git add –patch

Before moving your code, you need to get the latest from TFS and merge it into your branch:
git checkout master
git tfs pull
git checkout yourNewBranchName
git rebase master

Or, you can replace all of the 4 commands above with:
git tfs pull -r

If you need to shelve your changes:
git tfs shelve ShelfsetName

To checkin your code to tfs:
git tfs checkintool

When you need to merge changes from TFS, run
git mergetool

After you are done merging, continue with git rebase
git rebase –continue

Visual Studio also provides options to manage your branches and checkin your code to your local branches without the need to use a command line. You would still use command line to move your code to TFS.

SourceTree is another excellent tool to manage your local Git.

Sample .gitconfig (using Visual Studio as a merge tool):

name = FirstName LastName
email = [email protected]
autocrlf = true
excludesfile = C:\\.gitignore
editor = ‘C:\\Program Files\\Sublime Text 3\\sublime_text.exe’ -w
fscache = true
preloadindex = true

tool = vs
prompt = false
[difftool “vs”]
cmd = \”C:\\Program Files (x86)\\Microsoft Visual Studio 12.0\\Common7\\IDE\\vsdiffmerge.exe\” \”$LOCAL\” \”$REMOTE\” //t
keepbackup = false
trustexitcode = true
tool = vs
prompt = false
[mergetool “vs”]
#cmd = ‘C:\\Program Files (x86)\\Microsoft Visual Studio 12.0\\Common7\\IDE\\vsdiffmerge.exe’ “$REMOTE” “$LOCAL” “$BASE” “$MERGED” //m
cmd = \”C:\\Program Files (x86)//Microsoft Visual Studio 12.0\\Common7\\IDE\\vsdiffmerge.exe\” \”$REMOTE\” \”$LOCAL\” \”$BASE\” \”$MERGED\” //m
keepbackup = true
trustexitcode = true


Sample .gitIgnore:
#ignore thumbnails created by windows
#Ignore files build by Visual Studio

Securing Windows RDP with two-factor Authentication.

Opening RDP access for you home computer can be quite convenient. However, this means you have to carefully secure access to your machine. One of the things you can do is to enable two-factor authentication.
Duosecurity provides such an option for free (has paid versions for business).

Steps to enable two-factor authentication with Duo:

  • Create a free account on
  • Log int to your account. Go to Application – create a new application – Microsoft RDP.
  • Install Duo RDP Installer Package (from duosecurity) and install on your machine. It’ll ask for Integration key, Secret key, and API hostname from the application that you created. If you don’t want to use duo for local logins, make sure to check “Only prompt for Duo authentication when logging in via RDP”.
  • Go to your duosecurity dashboard and add a new user. This may be a little tricky if you use a Microsoft Live account (the same account across multiple machines). It doesn’t seem to work with duosecurity. Instead you need to enter your Windows username (Computer Management – Local Users and Groups – Find your account. Use this name in your RDP connection as well as in Duo Security.). Add Phone to your user account and activate it (will text you a link to activate).

You are all set. The next time you try to RDP to your machine, it’ll send you a push notification to your phone before you can login.

Migrating Windows Server 2003 to 2012

This is an overview of my effort to upgrade some of our old 2003 servers to Windows Server 2012. It is quite possible there are better ways to accomplish this, as I’m just a developer and server upgrade is not something I do… well it was the first time I did it.

Migrating IIS 6.0 to 8.5

First, I needed to migrate IIS applications, app pools and app pools account. In order to automate this as much as possible, I installed Microsoft Web Platform installer on 2003 and Web Deploy 3.5 (The Web Deployment Tool). I used this guide to help me.

Create backup on IIS6: iisback /backup /b PreWebDeploy

View dependencies on IIS 6: msdeploy -verb:getDependencies -source:metakey=lm/w3svc/1

Create package on IIS 6:

“C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe” -verb:sync  -source:metakey=lm/w3svc/1 -dest:package=C:\,encryptPassword=YourPassword  -enableLink:AppPoolExtension

The password is required since we are exporting App Pools and the identities they use (by specifying enableLink:AppPoolExtension).

Run whatif analysis on IIS 2012:

“C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe” -verb:sync -source:package=c:\,encryptPassword=YourPassword -dest:metakey=lm/w3svc/1 -whatif > msdeploysync.log  -enableLink:AppPoolExtension

This will run what-if analysis without actually migrating anything. Check the log and install needed dependencies. Once all dependencies are installed, run the actual migration:

“C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe” -verb:sync -source:package=C:\,encryptPassword=YourPassword -dest:metakey=lm/w3svc/1 -enableLink:AppPoolExtension

 Another way (this does not copy the content, so you have to copy the folders with sites contents):
[appcmd seems to be available only starting with IIS7. Thanks to Nick for the correction.]
Run On Source:

C:\Windows\System32\inetsrv\appcmd list apppool /config /xml > C:\ apppools.xml

C:\Windows\System32\inetsrv\appcmd list site /config /xml > C: \sites.xml

Run On Destination:

C:\Windows\System32\inetsrv\appcmd add apppool /in < C:\apppools.xml

C:\Windows\System32\inetsrv\appcmd add site /in < C: \sites.xml

Migrating Shares and related permissions

First, create all of the folders for the shares. Then export the whole folder from the registry: Created registry export for the whole folder from 2003: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Shares

Restore it on the destination server. This almost takes care of all the shares, except for NTFS permissions.

To copy NTFS permissions run on source:

Icacls C:\YourFolderThatNeedsNtfsPermissionesCopied  /save ExportedFileWithPermissions.txt /t

Run on destination:

Icacls C:\ /restore ExportedFileWithPermissions.txt


Migrate Users and Groups

First, install Windows Server Migration. Then use SmigDeploy to migrate users and groups.

Run on Destination (some parameters may be different for other configurations. Google SmigDeploy):

SmigDeploy.exe /package /architecture X86 /os WS03 /path C:\userMigrationTool

Go to Source server and run from userMigrationTool folder (created in a previous step). This will register SmigDeploy on source.


Run on source:

Export-SmigServerSetting -User All -Group -Path C:\YourMIgrationFolder -Verbose

It’ll ask you a password. Pick one.

Run on destination:

Import-SmigServerSetting -Group -Path C:\YourMigrationFolder -Verbose



Since I needed to migrate some COM’s, I had to add a feature COM+ Network Access to enable COM.


Open Task Scheduler on destination.

Go to Action – Connect to another Computer. Connect to your source server.

Export the tasks to a temporary location as xml files. I didn’t see a way to export them all at once, so I did it one by one.

Open Task Scheduler on your destination again. Import the tasks.

It may pop up a message saying the account that you used to set up the task needs “Log on as batch job” privileges. In that case, follow a few more steps:

Run secpol.msc /s

Select “Local Policies” in MSC snap in

 Select “User Rights Assignment”

 Right click on “Log on as batch job” and select Properties

Click “Add User or Group”, and include the relevant user.