May, 2007

  • Windows Server 2008:: Password Policies Changes

    Today with a Windows Server 2003 domain you can only define one password and account lockout policies. We heard the feedback of many customers that we needed to change that because now it was one of the reasons to create another domain in your forest. When I was a consultant I always advised my customers to keep their AD infrstructure simple, avoid creating domains if it's not needed. When Windows Server 2008 will be released you will be able to have more control onto the password and account lockout policies. From then on you will be able to define different policies for different users. Note that this policy will not apply to Organization Unit's (OU) but only to User accounts en global security groups.

     

    What have changed?

    To be able to store those passwords we will introduce two new object classes in Active Directory:

    • Password Settings
    • Password Settings Container

    The password settings container will store the Password Settings Objects (PSO) for the domain. The PSO has different attributes for the password and account lockout settings like max password age, password must meet complexity requirements, account lockout duration, etc.

     

    What are the Requirements?

    The Domain functional level must be Windows Server 2008.
    Only members of the Domain Admin group can set the policies, however you could use delegation to allow other users to define the policies.
    There are 9 attributes in the PSO that are needed and they all must have a value.

     

    RSOP?

    Users can now have multiple PSO linked to his account; this can be done directly or through Group Membership. Take into consideration that multiple password policies cannot be merged. Which PSO will be applied? All PSO have an attribute that is called msDS-PasswordSettingsPrecedence, the lower the value the higher the rank.

     

    Users with a user defined Password Policy will always have the highest rank. In case that there is no user defined PSO than the different Global Security groups with a PSO will be compared and the one with the lowest precedence number will be applied. If there is no PSO applied through users and group then the Default Domain Policy is applied.

     

    As you can see these new policy changes are a step forward but you will also have to be careful when applying those policies. My recommendation here is to limit the number of password policies you have in one domain and at least document them with the reasons why you created those policies, because I can assure you that within a few weeks, months after the implementation you will forget.

     

    Technorati tags: , ,
  • Longhorn:: 10 Reasons to look at Windows Longhorn: Part 10 Terminal Services

    This is the last post in my 10 reasons series, to conclude this series we will look at the improvements we've made in the Terminal Services. Due to my background this is by far my favorite topic.

    A question that we often receive when we announce or introduce new features in Terminal Services is "Will we still need Citrix". My answer to that is YES you will still need Citrix in certain environments because Longhorn Terminal Services have been designed for the lower complexity scenarios.

    The improvements in TS we will open up new scenarios and more customers will start to use the TS, because today the need for Citrix was very high and a Citrix license is not cheap.

     

    Enough marketing, let's talk about the improvements we've made. The Longhorn Terminal Services deliver 4 key enhancements:

    TS Remote App: Remote Programs are the new way of delivering applications through TS, it's not a new technology because this is known as Published applications and seamless windows in Citrix for many years now. We have included the Remote App in Longhorn TS because the way it was today was very confusing. You had to share a full desktop, with Remote App you can define an application that will be delivered towards the clients, this application will then behave like if it is running on the end-user his computer. You can define the applications that will be published through the management console and then deliver the RDP or MSI file through different mechanisms, GPO, file copy, SMS, etc .... Once published you can enable or disable the application for usage through the TS Web Access.

     

    TS Gateway: You can compare this feature with the Outlook feature RPC over HTTPS were your outlook can access the Exchange server without the need to open ports onto a firewall. This TS Gateway is build onto the same principle allow RDP (TS) protocol over the internet without the need to open the 3389 port instead port 443 SSL will be used. How does it work? You need to define two things first you need to create a authorization list where you allow users/groups to access the TS Gateway. Secondly you need to create an resource authorization policy which basically is a policy which let you decide which users can access which RDP enabled machine. This can be any machine that has the RDP protocol enabled going from a session where you take over your machine, to remote management of your servers or Application access on TS.

     

    TS Web Access: With TS Web access it will be possible to have a list of remote applications available through a website. This is only the visualization of the RDP files, once you click on one of the icons it's still the RDP protocol that is used. If you deploy the remote app through MSI and Group Policies than the list of available remote app's is user or group based. If you deploy them through other mechanisms than the list of remote app's is shared.

     

    Easy Print: TS Easy Print is a proxy for every print action that simply redirects all printing-related work to the user's local machine without the need to install any print drivers on the TS server. This system provides several benefits, such as being able to redirect any printer from the user's client machine without having to reconfigure the server while still allowing the user to configure the print job as though he were printing on his client machine.

    On Longhorn Server, the user's local client printers installed in a TS session will be installed with the TS Easy Print system. Need more in depth information about Easy Print?

    Beside the 4 key enhancements I talked about above we have made some other really useful improvements, let's review some of them:


    New RDP 6.0 client. Here are some of the new features in this version of the Remote Desktop Client:

    • Server authentication
    • Plug and Play redirection
    • TS Gateway support
    • Monitor spanning
    • 32-bit color and font smoothing
    • Single sign on for domain joined machines (after changing some GPO)

    More details on the features are in a Knowledge Base article.

    New Experience features:

    • PnP device redirection framework
    • Large display support
    • Desktop Experience to support Vista features like Windows Media Player, Themes, etc
    • Support for the new Longhorn Audio Mixer

    New Management features:

    These are some the improvements we've made for the Terminal Services. This concludes my 10 Reason series for Longhorn server and I hope you found this useful information. In the near future I will be delivering 10 Funcasts about those improvements.


    Previous Posts in this serie:

    Part 9: Windows Server Virtualization

    Part 8: Branch Office Deployments

    Part 7: Windows Failover Cluster

    Part 6: Network Access Protection

    Part 5: Server Core

    Part 4: Server Hardening

    Part 3: Internet Information Services 7.0

    Part 2: Windows PowerShell

    Part 1: Server Management Improvements

     

  • Funcasts: Exchange 2007 Messaging Policies and BI: The Mac-Guyver Techniques

    Watch the latest recorded funcasts:

    Implementing messaging policies using Exchange 2007

    Exchange Server 2007 provides new tools for coping with a growing number of legal, regulatory, and internal policy and compliance requirements that relate to e-mail. Most organizations must be able to filter e-mail delivery based on several different criteria and manage e-mail retention and deletion. This funcast provides details on how to configure the Exchange Server 2007 e-mail policy and compliance features.

    Messaging policies in Exchange Server 2007 are a set of rules and settings that apply restrictions for message flow and message storage. You can use messaging policies to apply rules to messages in transport and to enforce retention requirements for messages stored in user mailboxes. Messaging policies can be created on Exchange Server 2007 computers running the Edge Transport server role, the Hub Transport server role, or the Mailbox server role.

    Curious howto implement the messaging policies?  Watch this funcast presented by Ilse van Criekinge MVP Exchange Server - ProExchange

    View Recording

     

    BI:The Mac-Guyver Techniques : Office Sharepoint - Excel Service

    This funcast presented by Gunter Staes shows how to use Microsoft SQL Server 2005 Analysis Services and Microsoft Office Excel 2007 to build an enterprise-level data analysis solution.
    We show you how to develop server-side business rules and unified views of business data for one version of the truth, while at the same time providing end users with simple, self-service flexibility user experience in Excel.

    All this to make accurate decisions quickly.
    View Recording
  • Want to play with Technology without installing?

    Back in November I wrote a blogpost about the VHD test program. Now we have added new products onto this program and we call it "Run IT on a Virtual Hard Disk".

    If you want to play with some of our latest technology without spending the time to install all needed software than this exactly what you need. We provide you with some pre-defined Virtual Hard disks that you can use with Virtual PC or Virtual Server.

     

    Here are the VHD's we provide today:

     

    Need more information? Read the FAQ

     

  • Windows Live Beta Updates

    The Windows Live team released some new Beta's including Windows Live Writer, Windows Live Mail and Windows Live Messenger 8.5

    They have  made some huge improvements which will make my life as a blogger easier :)

    Here are some of the improvements in Windows Live Writer:
    Inline spell checking
    Table editing
    Ability to add categories
    Page authoring for WordPress and TypePad 
    Support for excerpts and extended entries 
    Improved hyperlinking and image insertion 
    Paste Special
    Adding categories
    ....

    Ever worked or still working with Outlook Express (I did at home) then this will be your new mail client.
    You will be able to sync your Windows Hotmail using the Windows Live Mail client.

    Check which other improvements we've made:
    RSS feed aggregation 
    Offline mail

    Account aggregation for POP3 and IMAP mail accounts 
    No more visual advertisements  (you switch them off :) )
    More Integration with Windows Live services
    ....

    Check out this blogpost for more information and screenshots

     

    And last but not least there is the new Windows Live Messenger 8.5 Beta which has now a new look and some new emoticons.


    Enjoy.

  • Visual Studio and in Game advertisement

    Look how Microsoft Belgium is trying to reach more developers and not by using the traditional channels. They just launched a new campaign called "Defy All Challenges". I added a screenshot on how the advertisement in an Xbox game could look like. My colleagues Tom and Miel posted more information and screenshots onto their blog. Check it out to find out how this campaign will look like.

     

    Don't Let Anything Get In Your Way - Defy All Challenges - Visual Studio

     

    What do you think? Is it a good idea to try to reach more developers through this kind of in game advertisements. Would this also be good idea for advertisement of some of our other products? Like Windows Server 2008 or Windows Vista? Please give me your feedback.

     

    Technorati tags: , ,
  • Longhorn is no more, Hello Windows Server 2008

    It has been announced at WinHec by Bill Gates. Windows Server 2008 will be the official name of Longhorn Server. Will that mean that Windows Server 2008 will only be available in 2008? Probably, honestly I don't know, what I know is that RTM is still planned for H2 2007 and it might be that the general availability will be somewhere in 2008.

     

  • Windows Live Hotmail

    After being in public beta for two years we released the new Windows Live Hotmail service in more than 36 languages. Windows Live Hotmail offers more services: 2GB of Storage, a new look and feel and a better anti spam filter and it goes even further.

    Windows Live Hotmail will allow customers to access their accounts for free via Outlook 2003 and Outlook 2007 with the Microsoft Office Outlook Connector (formerly a subscription-only feature). The webmail service plus our premiere client offering will enable a more powerful solution for customers with rich synchronization of e-mail, folders and contacts and offline access to Hotmail with Outlook. A beta of the connector will be available in 11 languages in the coming weeks.

    www.discoverhotmail.com

     

    Technorati tags:
  • Longhorn:: 10 Reasons to look at Windows Longhorn Part 9: Windows Server Virtualization

    It has been quite a while now since I wrote part 8 of this series. I must admit I tried to start this post several times now and after all I am glad that I did wait because, as I wrote in my previous post about the Windows Server Virtualization features that we postponed, otherwise I had to change my current post and that is not what should be done. Those things said let's move on what is Windows Server Virtualization?

     

    Windows Server Virtualization (WSV) is our hypervisor based virtualization platform that runs on a 64bit Windows Longhorn server. As starting from Beta 3 you will be able to install WSV onto a server core. Another requirement to run WSV is that the hardware has Hardware Assisted Virtualization technology.

    When we talk about Virtualization overall we mainly see 3 scenarios were Virtualization is implemented:

    • Server Consolidation
    • Disaster Recovery
    • Test and Development environments

    The Hypervisor is a thin layer of software which resides between the hardware and the Operating system. The Hypervisor is now using the Hardware assisted Virtualization technology were in the past we could only achieved that through the Add-On software.

    The resources are divided into different partitions the first one is always the parent partition and it's where the Windows Longhorn Server (core) is residing. Each time you create a new Virtual Machine you create a child partition. By using this technology we make sure that the Virtual Machines (child partitions) that are Hypervisor aware are talking to the hardware directly and don't have any emulated hardware.

    A non hypervisor aware operating system will still use the current technology of hardware.

    What are the compelling features in our WSV platform:

    • Virtual Server Migration: We support the virtual machines created in VS2005, VPC2004 and VPC2007.
    • AD integration: WSV is integrated into AD to provide a role based security system. You will be able to assign AD security groups to control who is able to access or manage the different Virtual Machines
    • Server core:  Server core has a smaller attack surface and also less to patch, less processes running more resources available for WSV.
    • Group Policy integration: You will be able to use the GPO to manage the different Global Settings of WSV
    • Snapshots: WSV is integrated with the Volume Shadow Copy service, this will enable you to create point-in-time copies (snapshots) of a running Virtual machine. This will have obvious benefits for Disaster Recovery and also to have a roll-back mechanism when you make changes to the VM.
    • Scripting Interface: Because WSV relies on Windows Management Instrumentation you will be able to create automation scripts using PowerShell.
    • Virtual SCSI: Windows Server virtualization provides support for virtual storage adapters.You can attach up to 512 virtual hard disks to a Windows Server virtualization virtual machine.
    • Network Load Balancing: Windows Server virtualization includes new virtual switch capabilities. Virtual machines can be easily configured to run with Windows NLB to balance load across virtual machines on different servers.
    • New Hardware: Support for 64 bit hosts and guests, more memory in the VM's 32GB
    • Etc...

    Besides all those new features we will deliver a solution for unified management of Virtual Machines. With System Center Virtual Machine Manager you will get:

    • Centralized deployment and management of virtual machines
    • Intelligent Placement analysis to determine the best servers for virtualization
    • Quick physical-to-virtual and virtual-to-virtual conversion
    • Templates speed the creation of new virtual machines
    • Windows PowerShell provides rich management and scripting environment

    My next post will be about the new Terminal Services and all the improvement we've made.  

     

    Previous Posts in this series:

    Part 8: Branch Office Deployments

    Part 7: Windows Failover Cluster

    Part 6: Network Access Protection

    Part 5: Server Core

    Part 4: Server Hardening

    Part 3: Internet Information Services 7.0

    Part 2: Windows PowerShell

    Part 1: Server Management Improvements


     

     

     

  • System Center Essentials RTM

    With System Center Essentials 2007 being released you can now download the English version as a Trial.

    What is System Center Essentials 2007 (SCE 2007)? It's our new management solution to manage mid-size customers with up to 30 servers and 500 clients. This tool is going to lower the management costs for the mid-size businesses because today most of them cannot afford a decent management tool. With SCE 2007 we will give you a central management tool where you will be able to proactively monitor your clients and servers, but also deploy software using the software distribution mechanism, deploy you patches using the incorporated WSUS 3.0 and last but not least you will have an integrated inventory and reporting tool.

     

    All those features makes this product great for Mid-size businesses.

     

    Interested to see a live demo and learn more about this product? Come and join the other 500 IT Pro's who already subscribed for the Belgian You're in Control event

     

  • Microsoft Server Virtualization Management Pack Beta 2 for Operations Manager 2007

    Yesterday I received a notification mail that we released the Microsoft Server Virtualization Management Pack Beta 2 for System Center Operations Manager 2007. Download the Management Pack (MP) from the connect site. Note that will need to logon with your live ID.

     

    Beside the MP you can now also download a pre-configured VHD that contains System Center Virtual Machine Manager Beta 2 (and all its prerequisites) to the SCVMM downloads section. This VHD can be used to easily test/demo SCVMM Beta 2 in your environment.

     

  • Where can I order this! Microsoft Surface

    No need to say how cool this is just watch the videos and it's coming to us in 2007. Great I want one of these don't you?

     

    www.microsoft.com/surface

     

    image

     

    Update: Watch the demo of Microsoft surface at the On10 site

     

  • Free book Introduction into Windows Powershell

    It has been a while since I received a mail (still behind on mails) from my fellow Evangelist from Switzerland Frank Koch and I wanted to share this with you. He has written a 44pages book about Windows Powershell. If you don't have the time to absorb any other 400 - 500 pages book on PowerShell than this is what you definitively should read.


    He calls it "An introduction to scripting Technologies for people with no real background knowledge".

     

    Download the Book and DemoScripts

  • Windows Server Update Services 3.0 Released

    Already using Windows Server Update Services (WSUS) 2.0 than you probably know what this product does. If not here is an overview of what WSUS can offer you as a free of charge central patching tool.

    With WSUS we deliver you a tool where you can not only update your Windows Operating systems but also download updates for other Microsoft products like Exchange Server, SQL Server, Office , ISA , ForeFront and many more. We finally released the new version of  WSUS.

     

    Here are some of the new features:

    • WSUS 3.0 management based on the Microsoft Management Console
    • Manage WSUS remotely
    • Configure post-setup tasks using a wizard
    • Generate multiple reports with improved precision
    • Maintain server health more easily
    • Get e-mail messages about new updates
    • Remove old information easily
    • Upgrade seamlessly from WSUS 2.0 to WSUS 3.0

    Start using this tool now it will improve your client and server management. Download WSUS 3.0

  • PowerShell and Group Policy Administration

    Did you know that you can use PowerShell scripting to enhance the Group Policy administration? Me neither until I read the nice article "Simplifying Group Policy Administration with Windows PowerShell"

    In this article you will discover how to use the GPMC API's to manage the GPO through Windows PowerShell. There is one example that really shows the power of PowerShell scripting. If you use that script, which I included below, you will have all GPO's that have been changed in the past 24 hours. Imagine how you should to this today with the tools you have available?

    $gpmSearchCriteria = $gpm.CreateSearchCriteria()
    # We want all GPOs so no search criteria will be specified
    $gpmAllGpos = $gpmDomain.SearchGPOs($gpmSearchCriteria)
    # Find all GPOs in the domain
    foreach ($gpmGpo in $gpmAllGpos)
    {
    if ($gpmGpo.ModificationTime -ge (get-date).AddDays(-1)) {$gpmGpo.DisplayName}
    # Check if the GPO has been modified less than 24 hours from now
    }

    This example script together with other scripts is available as a download

  • Longhorn:: Windows Server Virtualization Feature Update

    Last week Mike Neil the GM of Virtualization wrote a blogpost about the future of Windows Server Virtualization. And it wasn't good news at all we will have a beta version of Viridian when Longhorn server will be RTM. We will also postpone some important features, there will be no Live Migration, neither hot add memory,cpu or networking in the first version. And we will only support 16 cores/logical cpu's.

    Why did we postpone those features? Because shipping is a feature too. Now I don't know if I would prefer delaying Windows Virtualization for let's say maybe another year (this is just a timeframe I don't know how much the delay would be) or just postpone some of the features. On the other hand I do understand that we don't want to ship something that doesn't meet our quality standards.

    Still I do think we will a have a good Virtualization product. We still have a good set of features in Viridian and together with System Center Virtual Machine Manager we will be able to move forward towards a Dynamic Datacenter.

     

  • HPC:: Windows Compute Cluster has now PowerShell support

    Last week the Compute Cluster (HPC) group released their Microsoft Compute Cluster Toolpack. (Download Here)

    The Toolpack consist out of three tools:

      1. Cluster monitoring tool to visualize the cluster utilization.
      2. MPIPingPong.exe to verify if all the nodes and network in the cluster are functional.
      3. A PowerShell snap-in to manage your cluster through PowerShell :)

    Here are some examples of how-to use the PowerShell CCS cmdlet and provider:

    First of all to get into the cluster you need to use the "cd ccp:" command.

    PS c:\> cd ccp:
    PS ccp:\> dir nodes
    Name Status Proc Idle
    ---- ------ ---- ----
    HPCSRV-Node01 Pending ...
    HPCSRV-Node02 Ready .... 
    HPCSRV-Node03 Ready .... 
    HPCSRV-Node04 Ready .... 

    Lets now look which jobs are running in the cluster:

    PS ccp:\> dir jobs

    96 CCP\USER1 Job 1 Failed Normal


    This command uses the Get-Node cmdlet to list all of the nodes under the head
    node.

    PS ccp:\jobs> get-node
    Name Status Proc Idle
    ---- ------ ---- ----
    HPCSRV-Node01 Pending ...
    HPCSRV-Node02 Pending ...
    HPCSRV-Node03 Pending ...
    HPCSRV-Node04 Pending ...

    There are many others things you could do like look into which task is running in a particular job, starting, pausing nodes etc..

    It's just great to see that more and more product teams are writing cmdlets for PowerShell. Personally I think we should ask the product teams to deliver cmdlets or a provider for PowerShell each time they release a new products. The same is true today for the Management Packs we use in Operations Manager.

  • Windows Vista client monitoring Management Pack for SCOM 2007

    As you might know with the new version of Operations Manager now known as System Center Operations Manager 2007 you can monitor your clients.
    The Windows Vista Client Monitoring Management Pack monitors the health of Windows Vista clients and presents aggregate reports on client health.

    The Windows Vista Client Monitoring Management Pack is built on the Windows Diagnostics Infrastructure in Windows Vista that detects, diagnoses and tries to resolve hardware and software problems. Information and analysis on the issues that the system detected are collected by the MP through an agent on the client and sent to OpsMgr where this data is converted into health state, alerts (if need be) and processed for aggregate reports. The MP monitors the following areas:

    • Disk reliability and utilization 
    • Memory reliability and utilization
    • System performance 
    • Runtime performance
    • Bootup performance
    • Shutdown performance
    • Sleep performance
    • Resume performance

    Download MP

  • TechEd IT Forum 2007 Barcelona

    The new TechEd IT Forum site is online as of today. The event will run from 12-16 November 2007, Barcelona. Keep the dates into your agenda. Last year I was there for the Ask the Experts booth duty and to talk to a lot of customers and colleagues. This year there will be a slight difference because I am assisting Kevin Sangwell with the Track Ownership of the Windows Server track. In the coming weeks and months I will be digging into different kind of content looking for speakers, sessions, hands-on labs, chalk & talks. I am sure we will have a strong focus on Windows Longhorn server this year.

     

    Notice that the Super Early Bird Registration has been opened:

    Receive the €300 Early Bird discount off the full price PLUS bonus value-add benefits that will make your experience at TechEd IT Forum that much more rewarding.
    The bonus value-add benefits will include:

      • Special invitation to a private technical session with a top speaker
      • Reserved priority seating in the Opening Keynote presentation
      • Limited edition baseball cap


    Block the dates and I hope to meet you there.

    Note: TechEd developers site is also online.

     

    Technorati tags: ,

  • Free E-Learning:: Windows Server Code Name "Longhorn"

    I just received a mail with free E-Learning courses about Longhorn Server Beta 3, these courses are free for a limited time.

     

    This online learning collection of five clinics introduces the new features and functionality in Windows Server "Longhorn." The courses cover server virtualization, security and policy management, branch office management, centralized application access, and server management. You can take the entire collection or just the courses that interest you.

    Click here for the complete Microsoft Learning Resources for Longhorn : http://www.microsoft.com/learning/longhorn/default.mspx

    Details on the free elearning:

    Collection 5934: Introducing Windows Server Code Name "Longhorn" (Beta 3)Free for a limited time!

    Clinic 5936: Introducing Security and Policy Management in Windows Server Code Name "Longhorn" (Beta 3)

    Clinic 5937: Introducing Branch Office Management in Windows Server Code Name "Longhorn" (Beta 3)

    Clinic 5938: Introducing Centralized Application Access in Windows Server Code Name "Longhorn" (Beta 3)

    Clinic 5939: Introducing Server Management in Windows Server Code Name "Longhorn" (Beta 3)

  • Windows Server Virtualization Technology Adoption Program Nominations

    I just found out that the product team opened the Nomination for the Windows Server Virtualization (WSv) Technology Adoption Program (TAP).

    The WSv TAP is an validation program focused on scenario testing.  The level of commitment required from each TAP participant will be significant. 

    The WSv TAP is designed to be an opportunity for collaboration between your company and Microsoft for the purpose of product validation of the next generation of Microsoft virtualization technology.  This is achieved through product feedback as a result of deployment of pre-release builds in non-production and production environments.  As a result of this collaboration, your company will have an opportunity to validate the design and direction of Windows Server virtualization.

    If you want to be nominated please send me a mail
    arlindo.alves@microsoft.com

     

  • Upcoming TechNet Event: IIS 7 for IT Professionals


    TechNet Evening : IIS7 for IT Professionals

    What?

    If you had not the opportunity to join us last Monday during the Web Administration summit then here is your chance we are planning a TechNet evening session about our newest web platform IIS 7.

    During this two hour session Bert will give an overview of what has been improved in our newest web platform IIS 7 for IT Professionals. Come and join us to learn more about the New Delegation and Configuration Capabilities, how web Application Administration has evolved and get a look under the Hood for Web Request Tracing and Diagnostics

    When?

    Wednesday, June 06, 2007

    18:00 - 20:00

    Where?

    NH Brussel Airport 

    De Kleetlaan,14
    Diegem Brussels 1831
    Belgium

    Speaker?

    Bert Van Hove (www.road2result.be)

    Register Online