Today with a Windows Server 2003 domain you can only define one password and account lockout policies. We heard the feedback of many customers that we needed to change that because now it was one of the reasons to create another domain in your forest. When I was a consultant I always advised my customers to keep their AD infrstructure simple, avoid creating domains if it's not needed. When Windows Server 2008 will be released you will be able to have more control onto the password and account lockout policies. From then on you will be able to define different policies for different users. Note that this policy will not apply to Organization Unit's (OU) but only to User accounts en global security groups.
What have changed?
To be able to store those passwords we will introduce two new object classes in Active Directory:
The password settings container will store the Password Settings Objects (PSO) for the domain. The PSO has different attributes for the password and account lockout settings like max password age, password must meet complexity requirements, account lockout duration, etc.
What are the Requirements?
The Domain functional level must be Windows Server 2008.Only members of the Domain Admin group can set the policies, however you could use delegation to allow other users to define the policies.There are 9 attributes in the PSO that are needed and they all must have a value.
RSOP?
Users can now have multiple PSO linked to his account; this can be done directly or through Group Membership. Take into consideration that multiple password policies cannot be merged. Which PSO will be applied? All PSO have an attribute that is called msDS-PasswordSettingsPrecedence, the lower the value the higher the rank.
Users with a user defined Password Policy will always have the highest rank. In case that there is no user defined PSO than the different Global Security groups with a PSO will be compared and the one with the lowest precedence number will be applied. If there is no PSO applied through users and group then the Default Domain Policy is applied.
As you can see these new policy changes are a step forward but you will also have to be careful when applying those policies. My recommendation here is to limit the number of password policies you have in one domain and at least document them with the reasons why you created those policies, because I can assure you that within a few weeks, months after the implementation you will forget.
Back in November I wrote a blogpost about the VHD test program. Now we have added new products onto this program and we call it "Run IT on a Virtual Hard Disk".
If you want to play with some of our latest technology without spending the time to install all needed software than this exactly what you need. We provide you with some pre-defined Virtual Hard disks that you can use with Virtual PC or Virtual Server.
Here are the VHD's we provide today:
Need more information? Read the FAQ
This is the last post in my 10 reasons series, to conclude this series we will look at the improvements we've made in the Terminal Services. Due to my background this is by far my favorite topic.
A question that we often receive when we announce or introduce new features in Terminal Services is "Will we still need Citrix". My answer to that is YES you will still need Citrix in certain environments because Longhorn Terminal Services have been designed for the lower complexity scenarios.
The improvements in TS we will open up new scenarios and more customers will start to use the TS, because today the need for Citrix was very high and a Citrix license is not cheap.
Enough marketing, let's talk about the improvements we've made. The Longhorn Terminal Services deliver 4 key enhancements:
TS Remote App: Remote Programs are the new way of delivering applications through TS, it's not a new technology because this is known as Published applications and seamless windows in Citrix for many years now. We have included the Remote App in Longhorn TS because the way it was today was very confusing. You had to share a full desktop, with Remote App you can define an application that will be delivered towards the clients, this application will then behave like if it is running on the end-user his computer. You can define the applications that will be published through the management console and then deliver the RDP or MSI file through different mechanisms, GPO, file copy, SMS, etc .... Once published you can enable or disable the application for usage through the TS Web Access.
TS Gateway: You can compare this feature with the Outlook feature RPC over HTTPS were your outlook can access the Exchange server without the need to open ports onto a firewall. This TS Gateway is build onto the same principle allow RDP (TS) protocol over the internet without the need to open the 3389 port instead port 443 SSL will be used. How does it work? You need to define two things first you need to create a authorization list where you allow users/groups to access the TS Gateway. Secondly you need to create an resource authorization policy which basically is a policy which let you decide which users can access which RDP enabled machine. This can be any machine that has the RDP protocol enabled going from a session where you take over your machine, to remote management of your servers or Application access on TS.
TS Web Access: With TS Web access it will be possible to have a list of remote applications available through a website. This is only the visualization of the RDP files, once you click on one of the icons it's still the RDP protocol that is used. If you deploy the remote app through MSI and Group Policies than the list of available remote app's is user or group based. If you deploy them through other mechanisms than the list of remote app's is shared.
Easy Print: TS Easy Print is a proxy for every print action that simply redirects all printing-related work to the user's local machine without the need to install any print drivers on the TS server. This system provides several benefits, such as being able to redirect any printer from the user's client machine without having to reconfigure the server while still allowing the user to configure the print job as though he were printing on his client machine.
On Longhorn Server, the user's local client printers installed in a TS session will be installed with the TS Easy Print system. Need more in depth information about Easy Print?
Beside the 4 key enhancements I talked about above we have made some other really useful improvements, let's review some of them:
New RDP 6.0 client. Here are some of the new features in this version of the Remote Desktop Client:
Server authentication Plug and Play redirection TS Gateway support Monitor spanning 32-bit color and font smoothing Single sign on for domain joined machines (after changing some GPO) More details on the features are in a Knowledge Base article.
More details on the features are in a Knowledge Base article.
New Experience features: PnP device redirection framework Large display support Desktop Experience to support Vista features like Windows Media Player, Themes, etc Support for the new Longhorn Audio Mixer
New Experience features:
New Management features: Terminal Services is a role and therefore managed with the role management tool in Server Manager Display Data prioritization, by default Display, keyboard and mouse traffic get's a higher priority, customizable IPv6 support Licensing will now have Per User Tracking and Reporting. We will not enforce the licenses but you will be able to easily track usage and create reports of how many per-user licenses were issued. Per-User Tracking and Reporting Support for manual revocation of licenses Improvements to the License Manager User Interface to easily spot configuration issues Diagnosing issues in the Licensing environment WMI Providers for administration Single Unified 32 bit and Active X client integrated with the Windows Update platform. Built in UPHclean to prevent the profile issues
New Management features:
These are some the improvements we've made for the Terminal Services. This concludes my 10 Reason series for Longhorn server and I hope you found this useful information. In the near future I will be delivering 10 Funcasts about those improvements.
Previous Posts in this serie:
Part 9: Windows Server Virtualization Part 8: Branch Office Deployments Part 7: Windows Failover Cluster Part 6: Network Access Protection Part 5: Server Core Part 4: Server Hardening Part 3: Internet Information Services 7.0 Part 2: Windows PowerShell Part 1: Server Management Improvements
Part 9: Windows Server Virtualization
Part 8: Branch Office Deployments
Part 7: Windows Failover Cluster
Part 6: Network Access Protection
Part 5: Server Core
Part 4: Server Hardening
Part 3: Internet Information Services 7.0
Part 2: Windows PowerShell
Part 1: Server Management Improvements
With System Center Essentials 2007 being released you can now download the English version as a Trial.
What is System Center Essentials 2007 (SCE 2007)? It's our new management solution to manage mid-size customers with up to 30 servers and 500 clients. This tool is going to lower the management costs for the mid-size businesses because today most of them cannot afford a decent management tool. With SCE 2007 we will give you a central management tool where you will be able to proactively monitor your clients and servers, but also deploy software using the software distribution mechanism, deploy you patches using the incorporated WSUS 3.0 and last but not least you will have an integrated inventory and reporting tool.
All those features makes this product great for Mid-size businesses.
Interested to see a live demo and learn more about this product? Come and join the other 500 IT Pro's who already subscribed for the Belgian You're in Control event
Watch the latest recorded funcasts:
Exchange Server 2007 provides new tools for coping with a growing number of legal, regulatory, and internal policy and compliance requirements that relate to e-mail. Most organizations must be able to filter e-mail delivery based on several different criteria and manage e-mail retention and deletion. This funcast provides details on how to configure the Exchange Server 2007 e-mail policy and compliance features.
Messaging policies in Exchange Server 2007 are a set of rules and settings that apply restrictions for message flow and message storage. You can use messaging policies to apply rules to messages in transport and to enforce retention requirements for messages stored in user mailboxes. Messaging policies can be created on Exchange Server 2007 computers running the Edge Transport server role, the Hub Transport server role, or the Mailbox server role.
Curious howto implement the messaging policies? Watch this funcast presented by Ilse van Criekinge MVP Exchange Server - ProExchange
View Recording
All this to make accurate decisions quickly.
It has been quite a while now since I wrote part 8 of this series. I must admit I tried to start this post several times now and after all I am glad that I did wait because, as I wrote in my previous post about the Windows Server Virtualization features that we postponed, otherwise I had to change my current post and that is not what should be done. Those things said let's move on what is Windows Server Virtualization?
Windows Server Virtualization (WSV) is our hypervisor based virtualization platform that runs on a 64bit Windows Longhorn server. As starting from Beta 3 you will be able to install WSV onto a server core. Another requirement to run WSV is that the hardware has Hardware Assisted Virtualization technology.
When we talk about Virtualization overall we mainly see 3 scenarios were Virtualization is implemented:
The Hypervisor is a thin layer of software which resides between the hardware and the Operating system. The Hypervisor is now using the Hardware assisted Virtualization technology were in the past we could only achieved that through the Add-On software.
The resources are divided into different partitions the first one is always the parent partition and it's where the Windows Longhorn Server (core) is residing. Each time you create a new Virtual Machine you create a child partition. By using this technology we make sure that the Virtual Machines (child partitions) that are Hypervisor aware are talking to the hardware directly and don't have any emulated hardware.
A non hypervisor aware operating system will still use the current technology of hardware.
What are the compelling features in our WSV platform:
Besides all those new features we will deliver a solution for unified management of Virtual Machines. With System Center Virtual Machine Manager you will get:
My next post will be about the new Terminal Services and all the improvement we've made.
Previous Posts in this series:
Part 8: Branch Office Deployments Part 7: Windows Failover Cluster Part 6: Network Access Protection Part 5: Server Core Part 4: Server Hardening Part 3: Internet Information Services 7.0 Part 2: Windows PowerShell Part 1: Server Management Improvements
No need to say how cool this is just watch the videos and it's coming to us in 2007. Great I want one of these don't you?
www.microsoft.com/surface
Update: Watch the demo of Microsoft surface at the On10 site
Look how Microsoft Belgium is trying to reach more developers and not by using the traditional channels. They just launched a new campaign called "Defy All Challenges". I added a screenshot on how the advertisement in an Xbox game could look like. My colleagues Tom and Miel posted more information and screenshots onto their blog. Check it out to find out how this campaign will look like.
What do you think? Is it a good idea to try to reach more developers through this kind of in game advertisements. Would this also be good idea for advertisement of some of our other products? Like Windows Server 2008 or Windows Vista? Please give me your feedback.
The Windows Live team released some new Beta's including Windows Live Writer, Windows Live Mail and Windows Live Messenger 8.5
They have made some huge improvements which will make my life as a blogger easier :) Here are some of the improvements in Windows Live Writer:Inline spell checkingTable editingAbility to add categoriesPage authoring for WordPress and TypePad Support for excerpts and extended entries Improved hyperlinking and image insertion Paste SpecialAdding categories....
Ever worked or still working with Outlook Express (I did at home) then this will be your new mail client. You will be able to sync your Windows Hotmail using the Windows Live Mail client. Check which other improvements we've made:RSS feed aggregation Offline mailAccount aggregation for POP3 and IMAP mail accounts No more visual advertisements (you switch them off :) )More Integration with Windows Live services....
Check out this blogpost for more information and screenshots
And last but not least there is the new Windows Live Messenger 8.5 Beta which has now a new look and some new emoticons.
Enjoy.
It has been announced at WinHec by Bill Gates. Windows Server 2008 will be the official name of Longhorn Server. Will that mean that Windows Server 2008 will only be available in 2008? Probably, honestly I don't know, what I know is that RTM is still planned for H2 2007 and it might be that the general availability will be somewhere in 2008.
Did you know that you can use PowerShell scripting to enhance the Group Policy administration? Me neither until I read the nice article "Simplifying Group Policy Administration with Windows PowerShell"
In this article you will discover how to use the GPMC API's to manage the GPO through Windows PowerShell. There is one example that really shows the power of PowerShell scripting. If you use that script, which I included below, you will have all GPO's that have been changed in the past 24 hours. Imagine how you should to this today with the tools you have available?
$gpmSearchCriteria = $gpm.CreateSearchCriteria() # We want all GPOs so no search criteria will be specified$gpmAllGpos = $gpmDomain.SearchGPOs($gpmSearchCriteria) # Find all GPOs in the domainforeach ($gpmGpo in $gpmAllGpos){if ($gpmGpo.ModificationTime -ge (get-date).AddDays(-1)) {$gpmGpo.DisplayName}# Check if the GPO has been modified less than 24 hours from now }
This example script together with other scripts is available as a download
The new TechEd IT Forum site is online as of today. The event will run from 12-16 November 2007, Barcelona. Keep the dates into your agenda. Last year I was there for the Ask the Experts booth duty and to talk to a lot of customers and colleagues. This year there will be a slight difference because I am assisting Kevin Sangwell with the Track Ownership of the Windows Server track. In the coming weeks and months I will be digging into different kind of content looking for speakers, sessions, hands-on labs, chalk & talks. I am sure we will have a strong focus on Windows Longhorn server this year.
Notice that the Super Early Bird Registration has been opened:
Receive the €300 Early Bird discount off the full price PLUS bonus value-add benefits that will make your experience at TechEd IT Forum that much more rewarding.The bonus value-add benefits will include:
Block the dates and I hope to meet you there.
Note: TechEd developers site is also online.
Last week the Compute Cluster (HPC) group released their Microsoft Compute Cluster Toolpack. (Download Here)
The Toolpack consist out of three tools:
Here are some examples of how-to use the PowerShell CCS cmdlet and provider:
First of all to get into the cluster you need to use the "cd ccp:" command.
PS c:\> cd ccp: PS ccp:\> dir nodesName Status Proc Idle ---- ------ ---- ----HPCSRV-Node01 Pending ... HPCSRV-Node02 Ready .... HPCSRV-Node03 Ready .... HPCSRV-Node04 Ready ....
Lets now look which jobs are running in the cluster:
PS ccp:\> dir jobs 96 CCP\USER1 Job 1 Failed Normal
This command uses the Get-Node cmdlet to list all of the nodes under the head node.
PS ccp:\jobs> get-node Name Status Proc Idle ---- ------ ---- ---- HPCSRV-Node01 Pending ... HPCSRV-Node02 Pending ... HPCSRV-Node03 Pending ... HPCSRV-Node04 Pending ...
There are many others things you could do like look into which task is running in a particular job, starting, pausing nodes etc..
It's just great to see that more and more product teams are writing cmdlets for PowerShell. Personally I think we should ask the product teams to deliver cmdlets or a provider for PowerShell each time they release a new products. The same is true today for the Management Packs we use in Operations Manager.
What?
If you had not the opportunity to join us last Monday during the Web Administration summit then here is your chance we are planning a TechNet evening session about our newest web platform IIS 7. During this two hour session Bert will give an overview of what has been improved in our newest web platform IIS 7 for IT Professionals. Come and join us to learn more about the New Delegation and Configuration Capabilities, how web Application Administration has evolved and get a look under the Hood for Web Request Tracing and Diagnostics
If you had not the opportunity to join us last Monday during the Web Administration summit then here is your chance we are planning a TechNet evening session about our newest web platform IIS 7.
During this two hour session Bert will give an overview of what has been improved in our newest web platform IIS 7 for IT Professionals. Come and join us to learn more about the New Delegation and Configuration Capabilities, how web Application Administration has evolved and get a look under the Hood for Web Request Tracing and Diagnostics
When?
Wednesday, June 06, 2007 18:00 - 20:00
Wednesday, June 06, 2007
18:00 - 20:00
Where?
NH Brussel Airport
De Kleetlaan,14Diegem Brussels 1831Belgium
Speaker?
Bert Van Hove (www.road2result.be)
Register Online
Already using Windows Server Update Services (WSUS) 2.0 than you probably know what this product does. If not here is an overview of what WSUS can offer you as a free of charge central patching tool.
With WSUS we deliver you a tool where you can not only update your Windows Operating systems but also download updates for other Microsoft products like Exchange Server, SQL Server, Office , ISA , ForeFront and many more. We finally released the new version of WSUS.
Here are some of the new features:
Start using this tool now it will improve your client and server management. Download WSUS 3.0
I just received a mail with free E-Learning courses about Longhorn Server Beta 3, these courses are free for a limited time.
This online learning collection of five clinics introduces the new features and functionality in Windows Server "Longhorn." The courses cover server virtualization, security and policy management, branch office management, centralized application access, and server management. You can take the entire collection or just the courses that interest you.
Click here for the complete Microsoft Learning Resources for Longhorn : http://www.microsoft.com/learning/longhorn/default.mspx
Details on the free elearning:
Collection 5934: Introducing Windows Server Code Name "Longhorn" (Beta 3)—Free for a limited time!
Clinic 5936: Introducing Security and Policy Management in Windows Server Code Name "Longhorn" (Beta 3) Clinic 5937: Introducing Branch Office Management in Windows Server Code Name "Longhorn" (Beta 3) Clinic 5938: Introducing Centralized Application Access in Windows Server Code Name "Longhorn" (Beta 3) Clinic 5939: Introducing Server Management in Windows Server Code Name "Longhorn" (Beta 3)
Clinic 5936: Introducing Security and Policy Management in Windows Server Code Name "Longhorn" (Beta 3)
Clinic 5937: Introducing Branch Office Management in Windows Server Code Name "Longhorn" (Beta 3)
Clinic 5938: Introducing Centralized Application Access in Windows Server Code Name "Longhorn" (Beta 3)
Clinic 5939: Introducing Server Management in Windows Server Code Name "Longhorn" (Beta 3)
I just found out that the product team opened the Nomination for the Windows Server Virtualization (WSv) Technology Adoption Program (TAP).
The WSv TAP is an validation program focused on scenario testing. The level of commitment required from each TAP participant will be significant.
The WSv TAP is designed to be an opportunity for collaboration between your company and Microsoft for the purpose of product validation of the next generation of Microsoft virtualization technology. This is achieved through product feedback as a result of deployment of pre-release builds in non-production and production environments. As a result of this collaboration, your company will have an opportunity to validate the design and direction of Windows Server virtualization.If you want to be nominated please send me a mail arlindo.alves@microsoft.com
Yesterday I received a notification mail that we released the Microsoft Server Virtualization Management Pack Beta 2 for System Center Operations Manager 2007. Download the Management Pack (MP) from the connect site. Note that will need to logon with your live ID.
Beside the MP you can now also download a pre-configured VHD that contains System Center Virtual Machine Manager Beta 2 (and all its prerequisites) to the SCVMM downloads section. This VHD can be used to easily test/demo SCVMM Beta 2 in your environment.
After being in public beta for two years we released the new Windows Live Hotmail service in more than 36 languages. Windows Live Hotmail offers more services: 2GB of Storage, a new look and feel and a better anti spam filter and it goes even further.
Windows Live Hotmail will allow customers to access their accounts for free via Outlook 2003 and Outlook 2007 with the Microsoft Office Outlook Connector (formerly a subscription-only feature). The webmail service plus our premiere client offering will enable a more powerful solution for customers with rich synchronization of e-mail, folders and contacts and offline access to Hotmail with Outlook. A beta of the connector will be available in 11 languages in the coming weeks.
www.discoverhotmail.com
Last week Mike Neil the GM of Virtualization wrote a blogpost about the future of Windows Server Virtualization. And it wasn't good news at all we will have a beta version of Viridian when Longhorn server will be RTM. We will also postpone some important features, there will be no Live Migration, neither hot add memory,cpu or networking in the first version. And we will only support 16 cores/logical cpu's.
Why did we postpone those features? Because shipping is a feature too. Now I don't know if I would prefer delaying Windows Virtualization for let's say maybe another year (this is just a timeframe I don't know how much the delay would be) or just postpone some of the features. On the other hand I do understand that we don't want to ship something that doesn't meet our quality standards.Still I do think we will a have a good Virtualization product. We still have a good set of features in Viridian and together with System Center Virtual Machine Manager we will be able to move forward towards a Dynamic Datacenter.
As you might know with the new version of Operations Manager now known as System Center Operations Manager 2007 you can monitor your clients.The Windows Vista Client Monitoring Management Pack monitors the health of Windows Vista clients and presents aggregate reports on client health.
The Windows Vista Client Monitoring Management Pack is built on the Windows Diagnostics Infrastructure in Windows Vista that detects, diagnoses and tries to resolve hardware and software problems. Information and analysis on the issues that the system detected are collected by the MP through an agent on the client and sent to OpsMgr where this data is converted into health state, alerts (if need be) and processed for aggregate reports. The MP monitors the following areas:
Download MP
It has been a while since I received a mail (still behind on mails) from my fellow Evangelist from Switzerland Frank Koch and I wanted to share this with you. He has written a 44pages book about Windows Powershell. If you don't have the time to absorb any other 400 - 500 pages book on PowerShell than this is what you definitively should read.
He calls it "An introduction to scripting Technologies for people with no real background knowledge".
Download the Book and DemoScripts