May, 2008

  • Heroes Happen {Here} – Virtualizing your IT Infrastructure with Windows Server 2008

    This is the last is session we’ve about Windows Server 2008 we’ve presented during the Heroes Happen {Here} event in March.

    In this session my colleague David de Backer talks about the different virtualization technologies that are included into the Windows Server 2008 platform.

    Here is the TechNet Chopsticks session recording:

  • Heroes Happen {Here} - Windows Server 2008 Security and Compliance

    In this third session my colleague Erik de Bondt talks about the Windows Server 2008 Security and Compliance Technologies. He is also doing a demo on Network Access Protection.

    Here is the TechNet Chopsticks Session:

  • Belgian Exchange MVP writes Exchange Management Shell book

    I had this in my inbox for quite a while now and I also forwarded this information to Eileen Brown, apparently I didn’t share this with you yet. Shame on me.

    Ilse Van Criekinge (MVP Exchange) wrote a new ebook about the Exchange Management shell.  Ilse won speaker idol at IT forum last year and will be presenting at TechEd IT Professional (EMEA) this year.

    Click here to view larger image

    If you are an Exchange admin then this book is definitely one to read!

  • Heroes Happen {Here} – Windows Server 2008 Overview

    I delivered the Windows Server 2008 Overview session during the Heroes Happen {Here}.

    Here is the recorded session on TechNet Chopsticks:

    In this session I cover a few of the improvements in Server 2008 like Server Core, Failover Clustering, IIS 7 and Server Manager.

  • Heroes Happen {Here} – Keynote Recording

    In March we’ve organized the Heroes Happen {Here} event in Ghent, this event was completely sold out and we had to disappoint some of our customers / partners by closing registrations early.

    We have recorded the event and placed it onto our TechNet Chopsticks platform.

    The keynote has been delivered by Bill Hilf and he was assisted by some product managers. 


  • Hyper-V RC1 released

    Earlier this week we released the Hyper-V RC1 package to the site.

    What has been improved:

    In addition to bug fixes and stability improvements we also made some additional changes largely based on feedback from customers

    • Integration Components For Windows Server 2008 guest’s included in Integration Services Setup Disk
    • New Graphics for Hyper-V Manager and Virtual Machine Connection – including a “Now” icon in the snapshot pane
    • IPv4 Address Migration - when creating a new Virtual Network bound to an adapter with a static IPv4 address the IPv4 settings are migrated to the new virtual adapter

    Here are the different updates:

    Windows Server 2008 x64 Hyper-V RC1 Update - KB950049

    This is the Hyper-V RC1 package for Windows Server 2008 x64. This package must be installed on Hyper-V server’s (physical machines). 

    Windows Server 2008 x86 Hyper-V RC1 Update – KB950049

    This is the Hyper-V RC1 package for Windows Server 2008 x86. This package includes only the Hyper-V Management Components for Full Windows installs and the Hyper-V Integration Components for Server 2008 x86

    Hyper-V Management For Windows Vista SP1 –KB949587

    Note Updating to RC1 is a permanent operation.  Once installed, it cannot be uninstalled.  So you can’t got back to RC0 or Beta after installing RC1.


  • Deploying Windows Server 2008 Read Only Domain Controllers

    What is a Read Only Domain Controller? (RODC)

    An RODC is an additional domain controller for a domain that hosts read-only partitions of the Active Directory database. An RODC is designed primarily to be deployed in a branch office environment. Branch offices typically have relatively few users, poor physical security, relatively poor network bandwidth to a hub site, and little local IT knowledge.

    In this scenario I have a forest with only Windows Server 2008 Domain Controllers and I will be delegating the installation of an RODC. In my test environment I have created two sites, one central site where the writable domain controller resides and one branch office site where I want to install the RODC.

    To deploy an RODC, complete the following high-level tasks:

    • Ensure That the Forest Functional Level Is Windows Server 2003 or higher
    • Run adprep /rodcprep

    You do not have to perform this step if you are creating a new forest that will have only domain controllers running Windows Server 2008.

    • Install a Writable Domain Controller That Is Running Windows Server 2008
    • Pre-create the RODC account and delegate installation
    • Install an RODC on a Windows Server 2008

    In my scenario I had only to perform a few of those steps so lets go through the steps needed to deploy the RODC:

    First I prepared my AD for a delegated RODC Installation (staged installation).

    A staged installation of an RODC is a two step process and is done by two different individuals. In the first stage you need a user with Domain Admin credentials and in stage 2 you can use a domain user.

    Stage 1: Pre Creating RODC account and Delegate Installation


    You can perform a staged installation of an RODC in which the installation is completed in two stages by different individuals. The first stage of the installation, which requires domain administrative credentials, creates an account for the RODC in AD DS. The second stage of the installation attaches the actual server that will be the RODC in a remote location, such as a branch office, to the account that was previously created for it. You can delegate the ability to attach the server to the account to a non-administrative group or an user in the remote location.

    During the first stage of the installation, the wizard records all the data about the RODC that will be stored in the distributed Active Directory database, including the read-only domain controller account name and the site in which it will be placed. This stage must be performed by a member of the Domain Admins group. I’ve also assigned the user who is allowed to do the installation of the RODC in the Branch office.

    In the first step you must specify the credentials of the user that will perform the needed actions for the first stage. To install an additional domain controller, you must be a member of the Enterprise Admins group or the Domain Admins group.

    Next you need to specify the name of the computer that will be the RODC, this server must not be joined to the domain.


    Select the site where the RODC will be installed, in my case it was the BranchOffice1 site.


    At this stage you can specify what additional options you want to install onto this server.


    In the last step of the pre-staging of an RODC you have to specify which Group or User Account will be delegated to do the second stage installation. In my case I used my user account in this domain.

    Stage 2: Deploy RODC in Branch

    During the second stage, the wizard installs AD DS on the server that will become the RODC, and it attaches the server to the domain account that was previously created for it. This stage typically occurs in the branch office or other remote location where the RODC is deployed. During this stage, all AD DS data that resides locally, such as the database, log files, and so on, is created on the RODC itself. You can replicate the installation source files to the RODC from another domain controller over the network, or you can use the install from media (IFM) feature. To use IFM, use Ntdsutil.exe to create the installation media.

    To start the installation you need to logon as a local Administrator and run the DCPromo command.


    The wizard will ask me in what domain I want to install this RODC, in my case it was test.local and I specified in the alternate credentials the username that has been selected during stage 1.


    The wizard detects that we have pre-staged the computer account to be an RODC. Next you can change the location of the Database, log files and sysvol.

    The last step is to fill in the Directory Services Restore Mode Administrator Password, this password must meet the Domain Password complexity.

    After finishing the wizard you will have a running RODC.

    Technorati Tags: ,,


  • SQLUG – May 29th: Managing, monitoring and troubleshooting SQL Server using Free tools

    Managing, monitoring and troubleshooting SQL Server using Free tools

    Out of the box, SQL Server 2005 offers nice tools for managing and monitoring servers and databases. If you want to get an even richer experience and a broader toolset, there are a lot of hidden gems out there, free for you to download and to make the life of the DBA easier. This practical and demo-driven session will show you how to make best use of some of these. Topics include: Extending Management studio with custom reports, Performance dashboard, Sqlio, Dmvstats, RML Utilities and more...

    Speaker: Dirk Gubbels – Microsoft Belgium & Luxemburg

    Level: 300

    Date: Thu May 29, 2008

    18:00 - 18:30 Welcome with a drink & sandwich
    18:30 - 20:00 Part 1
    20:00 - 20:30 Pause
    20:30 - 22:00 Part 2
    22:00 - ... networking

    Location: Global Knowledge in Mechelen:
    Zandvoorstraat 1
    2800 Mechelen

    A route description can be downloaded here.

    Registration is needed and is open.

    Technorati Tags: ,,,
  • WinSec – May 20th: Windows 2008 Security - PKI

    The Belgian WinSec UG organizes another event on May 20th around Windows 2008 security – PKI

    clip_image002[5]Windows Server 2008 introduced some new key features in Microsoft’s PKI offering. In this session we will go through the new developments such as crypto next generation, OCSP, management features. Certificate Lifecycle Manager (CLM) is used by a lot of customer to manage the Microsoft PKI. We will explore how you can use  CLM with Microsoft PKI.

    Speaker: Ronny Bjones – Security Strategist – Microsoft Corporation
    When: Tuesday May 20 - 2008
    This event starts at 18:00 and will finish around 21:00
    Where: Ascure (Sint Denijs Westrem)

    Route description to Ascure:

    To subscribe to the event, send an email (click here).

  • June edition of TechNet Magazine Online


    Security: The Great Debate: Security by Obscurity

    Security by obscurity involves taking measures that don't remove an attack vector but instead conceal it. Some argue that this is a bad practice while others claim that as part of a larger strategy, every bit counts. The debate is quite heated, and some of our finest security experts face off, explaining security by obscurity and presenting both sides of the debate.

    Security: New Elevation PowerToys for Windows Vista

    Michael Murgolo is back with an update to his Elevation PowerToys. You'll find enhanced Run as Administrator functionality that works with third-party scripting tools, a way to replace a handy Windows XP feature removed from Windows Vista, and many more useful tools.

    Security: Advances in BitLocker Drive Encryption

    Windows Vista SP1 and Windows Server 2008 introduce important changes to BitLocker, including support for data volumes and improved protection against cryptographic attacks. Byron Hynes explores the new features, demonstrates how to use BitLocker on a server, and discusses some of the recent media coverage affecting BitLocker.

    Security: Application Lockdown with Software Restriction Policies

    When you want to reduce the total cost of ownership of the desktop machines in your organization, application lockdown can be a great help, letting you limit IT issues related to unsupported applications. See how you can use software restriction policies and Group Policy to control the applications being run throughout your IT infrastructure.

    Security: Managing the Windows Vista Firewall

    The recent update to the Windows Vista Firewall offers some impressive new features that make it a compelling choice for the corporate environment. Jesper Johansson gives a brief overview of the evolution of the Windows Firewall and delves into enhancements—such as new rules and profiles, domain isolation, and encryption—that will have administrators taking a closer look.

    Security: Secure E-Mail Using Digital Certificates

    Secure Multi-Purpose Internet Mail Extensions let you hide information in transit, validate senders, and authenticate messages. Learn how to secure e-mail using digital certificates and how to troubleshoot problems you may encounter on your S/MIME system. Matt Clapham and Blake Hutchinson