I wish I had my camera today to take a picture of the crowd. I was in the big room just after the key note and I believe they had seating for about 1500. I estimate about 1200 people for my Windows 2008 overview session. Lots of great interaction and questions throughout the day. I look forward to the emails from people that I could not get around to during the live event and of course those questions I just simply did not have the knowledge base to answer.
Thanks to everyone that came up after the sessions to speak to me. One of the reason I do what I do is so I can interact face-to-face with the people using our products. I enjoy the feedback positive and negative. It helps keep me grounded and more in touch with the people that use our products and technologies. You rock!
I have a list of things to post about from the sessions today but I am now running on fumes. I make an early flight tomorrow over to Harrisburgh, PA for the next event so look for a flurry of posts after I get settled in.
As I noted during the sessions, don't hesitate to contact me if you need information. I don't have all the answers in my head but I can find the people that do.
PingBack from http://technology.cccc99.info/2008/03/04/awesome-launch-event-in-new-york/
I was at the NYC event, and it was very good - Chris, you did a great job, esp. considering you were asked to hold the attention of the (estimated) 1200 people for about 5 hours of technical presentations.
I have a question that I would have asked yesterday, but I didn't get a chance: To use Bitlocker I *have to* lock my "C:" drive? Here is why I ask - let's say I have a Windows 2008 server with a removeable drive (sled or USB/FireWire), and I want to secure the data on the removeable drive for those times it is out of the datacenter. As I understand it, I would first protect my boot device, then protect my removeable drive, correct? My issue is that I don't want the server to incur the on-going performance hit on the boot drive becuse I want a non-boot volume protected with Bitlocker.
Thanks, and again, great job!
P.S. You never did explain *why* you jumped out of a perfectly good airplane in Hawaii ;^)
I was also at the event and was very impressed with 2008. Chris, your presentation was great and had (I believe) everyone's attention!
Two quick questions, will the new remote tools for 2008 be available for XP?
And, you had mentioned that the presentation slides would be available, are you going to post them?
Thanks - Steven
Ken - Bitlocker overhead is typically in the low single digits. I would challenge any human to notice the performance impact of BitLocking the C: drive of a server.
I have not attempted this myself, but you can start the encryption of the C: Drive, pause it, fully encrypt your removeable drive, disconnect it from the system and then turn of BitLocker for the C: drive. This leaves the external encrypted while C: drives is not. But again, I don't believe you would see any performance impact with the C: drive encrypted.
I will be doing a more involved skydiving post once I have a chance to review my pics and video footage :)
Thanks for the kind words! (You too, Ken!).
The Remote Server Admin Tools (RSAT) are going to be available for Vista only. I have not seen any indication of a release for XP. For XP you would be looking at using Terminal Services or even better, TS Remote App Publishing for admin.
I am waiting to hear back from my tream on a distribution method for the slides.
You did a great job with the presentation, and I came away from the day a lot more confident in being able to implement many of the features you talked about and demonstrated. I also liked the fact that you hung around afterwards and answered some extended questions from myself and a few of the other users present.
I have a question about application publishing though. If I publich Outlook and the user opens an email while in the session and then attempts to open a Word attachment, what happens if I have not published Word as well? Does a local copy of Word on the client work instead? How about if I have published Word? Does the published Word take open the document, letting me restrict saving changes to the network by not letting clien tside drives map into the session?
By the way, can you send me a link to the program you mentioned for resyncing audio and video when you format video for your Media Center. It sounded interesting and I am always looking for ways to get better playback when streaming. Also, take a lok at DVDFab Platinum as well. It can do a one click conversion of DVD to Zune freindly mp4. I use it on every DVD rip I had, giving me a second, very portable copy for use on my laptop or Zune.
My concern is that by choosing to implement BitLocker on a server reboots become dependent on the BitLocker key - without the key, I can't reboot the server, and leaving the key in the USB slot seems sub-optimal. Sure there are tricks (embed the key inside the server, etc), but that defeats the purpose of the security. I am not overly concerned about procesing overhead of BitLocker (it could be an issue, but most servers have GHz of cycles to spare ;^), but having the server dependent on the BitLocker mechanisim seems a bit much.
I suppose there is a good, logical reason (a secure drive on an insecure system could open vulnerabilities I guess, that's not my area of expertise), but if I just need protection for one removeable drive, it seems a bit like over-kill (kind of like a full-body condom ;^). (sorry for the mental image, but I owed you for your "working in the basement wearing..." mental image)
Again, thanks for the enjoyable presentation,
I will have to test the Outlook/Word querstion and get back to you. I may just make that a post of it's own because it is a very good question.
Send me an email on the Media Center question as I will need to write up some info on that for you.
Actually, on a server with a TPM chip, you can enable BitLocker without using a PIN or being prompted for anything on startup. That is essentially the mode I was in during the session. In my mind I thought I set a group policy to use a PIN or USB device when I did not.
In this mode, there is no user interaction at all. The protection provided would be if the drive were removed from the machine or the TPM chip was replaced (MoBo failure). In that case you would see a prompt for the 48 bit recovery key.
If your server does not have a TPM chip then you are correct in stating that USB key would be needed on each startup.
This came up at the NYC "Launch"/HHH event, but I don't remmeber the answer (sorry ;^):
What is the difference in capabilities between a full Windows Server 2008 Standard install with IIS 7.0 installed and a Windows Core Server 2008 install with IIS 7.0 installed?
As I recall, the "Core" servers were full function, just not all functions implemented, and if you added the Web Server/IIS role to your core server it would be functionally the same as a standard install with web server/IIS role added - is this correct?
One other thing I wanted to point out - the packet we got in NYC had a page in the bag that was a 40% off coupon for Microsoft Certification tests for the newly released technologies (Windows Server 2008, Sql Server 2008, and Visual Studio 2008). It was not mentioned by any of the speaker I attended at the event, but is a great incentive (along with the Second Try promotion) to get certified on the latest offerings - going forward you may want to call attention to that coupon.
Ken -- IIS functions the same way regardless if it is on GUI or CORE server. How you perform admin changes though because of the lack of GUI on the core server. I imagine most will perform remote admin using the IIS console on a GUI Windows 2008 Server.