Thanks to Neil Johnson over at MSUKUCC for this cool snippet of PowerShell goodness;

Everyone knows its a good idea to automate your installations of Exchange.  It provides a solid, repeatable process by which to deploy your infrastructure – and it takes less time to complete the process – a real win/win!.

One area that I have witnessed repeatedly over the last 12 months or so is organisations automating their OS build and Exchange build, but deploying the Exchange pre-requisites manually.  This obviously leads to inconsistencies in the built out environment.

Since Windows Server 2008 we have been able to automate the pre-requisites deployment with “servermanagercmd” and appropriate xml files for each role.  However, in Windows Server 2008 R2 this method is deprecated.

Instead of “servermanagercmd” in Server 2008 R2 and SP2 we use a powershell cmdlet “add-windowsfeature”

As a quick example, if you are installing the Client Access, Hub Transport and Mailbox roles onto a single server (and i expect this to be the common 2010 deployment) the following PowerShell commands will take care of the pre-requisites for you…

This is discussed in more detail, including the features required for each specific role here : http://technet.microsoft.com/en-us/library/bb691354(EXCHG.140).aspx#WS08R2

I have been asked by a few people now to consolidate a list of public webcasts regard the new functionality of Exchange 2010.  Luckly the Exchange team have saved me the hard work by publishing the following great topic list on thier blog;

MsEvents featured an eleven-part webcast series on Exchange 2010 during June and July of 2009. These webcasts are now available for on-demand viewing. Simply select the webcast you would like to view from the list below, register for the webcast, and then select how you would like to download the file. 

NEW! TechNet webcast: Storage in Exchange 2010
Exchange 2010 carries on the tradition begun in Exchange Server 2007 of dramatically reducing mailbox storage costs. View this webcast and learn how we've enabled new levels of storage flexibility in Exchange 2010 and find out the technical details that will help you select the right storage for your Exchange 2010 environment. https://www.livemeeting.com/cc/mseventsbmo/view?id=1032418920&role=attend&pw=6064172E

Exchange 2010 High Availability
Welcome to the future! The future of Exchange high availability, that is. In this webcast, we reveal the changes and improvements to the built-in high availability platform in Exchange Server 2010. Exchange 2010 includes a unified framework for high availability and disaster recovery that is quick to deploy and easy to manage. Learn about all of the new features in Exchange 2010 that make it the most resilient, highly available version of Exchange ever.
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032416676&Culture=en-US

TechNet Webcast: Exchange 2010 Overview
This webcast will introduce you to Exchange Server 2010, reviewing the major areas of investment for this release and highlighting marquee features.
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032416679&Culture=en-US

TechNet Webcast: Exchange 2010 Management Tools
Exchange 2010 includes new capabilities that make the operation of your Exchange environment more efficient. Learn how we've made the Exchange Management Console more powerful, extended the reach of PowerShell, and made it easier to delegate management tasks.
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032416687&Culture=en-US

TechNet Webcast: Exchange 2010 Archiving and Retention
This webcast will introduce new ways to address archiving and retention with Exchange Server 2010.
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032416694&Culture=en-US

TechNet Webcast: Exchange 2010 Architecture
This webcast describes the overall architecture of Exchange 2010 and key considerations for the scalability and performance of each server role. This webcast will provide the background and framework for the other Exchange 2010 webcasts, serving as a bridge between the overview session and drill-downs in each product area. This webcast is a recommended pre-requisite for the Exchange 2010 transition and deployment webcast.
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032416706&Culture=en-US

TechNet Webcast: Federation in Exchange 2010
Federation is a key part of the architecture of Exchange 2010, powering new organization-to-organization sharing scenarios. Learn how federation enhances the capabilities of Exchange 2010 and enables advanced coexistence between Exchange Server and Exchange Online.
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032416724&Culture=en-US

TechNet Webcast: Exchange 2010 Voice Mail enabled by Unified Messaging
Exchange 2010 Unified Messaging is Microsoft's second generation unified messaging and voice mail solution. In this webcast, learn about the features, benefits, and architecture of Unified Messaging in Exchange 2010.
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032416726&Culture=en-US

TechNet Webcast: Exchange 2010 Information Protection and Control
This webcast will introduce you to new ways to address information protection and control with Exchange Server 2010. A discussion of the use of encryption and rights management in parallel with Exchange will be included as well as an introduction to new functionality in Exchange that supports information protection scenarios.
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032416728&Culture=en-US

TechNet Webcast: Exchange 2010 Transition and Deployment
In this session we will cover the migration planning and deployment path to move an organization from Exchange 2003 or Exchange 2007 to Exchange 2010.
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032416708&Culture=en-US

As always - feedback welcome :) 

The Exchange team have announced a good webcast coming up next week to discuss recommendations for virtualizing Exchange server and the benefits of choosing Hyper-V + System Center as your virtualization solution.  Heres hoping they talk about Exchnage 2010!

TechNet Webcast: Microsoft Virtualization Best Practices for Exchange Server (Level 300)

Wednesday, Nov. 4 at 10am Pacific time - Expect an offline download to be available shortly afterwards

Virtualizing business critical applications will deliver significant customer benefits including cost savings, enhanced business continuity and an agile and efficient management solution.  This session will focus on virtualizing Exchange using Microsoft solutions, and guidance for virtualizing Exchange for various Production scenarios. We will go into technical details with best practices. 

Thanks to Julie White for confirming some really GREAT early Exchange 2010 launch info:

Exchange 2010 – Revving the Engines for Launch

In response to customer feedback, the Exchange team has updated their testing matrix and has determined that Exchange Server 2010 will be supported on Single Label Domains (SLD), Disjoint Namespaces, and Discontiguous Namespaces. This post contains a brief description of each of these scenarios and special considerations. If you intend to install Exchange 2010 into one of these environments you need to read the documentation about the applicable subject.

In adding support for these types of topologies, there is an underlying requirement for DNS to be properly installed and configured. Before proceeding with any deployment defined here, clients and servers must be able to reliably resolve DNS queries for a given resource in the appropriate namespace.

Single Label Domains

Single-label DNS names are DNS names that do not contain a suffix such as .com, .corp, .net, or .org. For example contoso would be an SLD while contoso.com, contoso.net, or contoso.local would not be an SLD.

Not a recommended configuration

While Exchange 2010 is supported with SLDs, the Exchange product team's view is that SLDs are not a recommended configuration, and may not be supported by future Exchange versions. Other Microsoft or third party applications that you want to run in your environment may not be supported on an SLD. This could have an adverse effect on your environment. While we will allow installation of Exchange 2010 in an SLD, we strongly recommend that you take steps to move your organization out of this configuration.

Disjoint Namespaces

A disjoint namespace scenario is one in which the primary DNS suffix of a computer does not match the DNS domain name where that computer resides. The computer with the primary DNS suffix that does not match is said to be disjoint. Another disjoint namespace scenario occurs if the NetBIOS domain name of a domain controller does not match the DNS domain name.

Exchange 2010 and Disjoint Namespaces

In Microsoft Exchange 2010, there are three supported scenarios for deploying Exchange in a domain that has a disjoint namespace. The supported scenarios are as follows:

• Scenario 1   The primary DNS suffix of the domain controller is not the same as the DNS domain name. Computers that are members of the domain can be either disjoint or not disjoint.
• Scenario 2   A member computer in an Active Directory domain is disjoint, even though the domain controller is not disjoint.
• Scenario 3   The NetBIOS domain name of the domain controller is not the same as the subdomain of the DNS domain name of that domain controller.

For more information on Exchange 2010 and disjoint namespaces see Understanding Disjoint Namespace Scenarios.

Special Considerations

• In Exchange 2010 you may need to configure the DNS suffix search list to include multiple DNS suffixes if you have a disjoint namespace. For more information please see Configure the DNS Suffix Search List for a Disjoint Namespace.
• It is a requirement that msds-allowedDNSSuffixes be configured within the Active Directory environment for all namespaces used within the forest. For instructions on configuring this, please see the Tech Net article "The computer's primary DNS suffix does not match the FQDN of the domain where it resides."

Discontiguous Namespaces

A discontiguous namespace, also referred to as non-contiguous namespace, is one in which the domains in a forest are not defined hierarchically. If the domains in a forest have discontiguous DNS names, they form separate domain trees within the forest. An Active Directory forest can have one or more domain trees. An example of a multi-tree forest would be a forest containing the domains, contoso.com and fabrikam.net. Note: contoso.com and contoso.net in the same forest would be an invalid configuration. This is because they would both be using a NetBIOS name of contoso in their respective domains. In the case of discontiguous DNS namespaces, each domain must still register a unique legacy NetBIOS domain name.

Special Considerations

For discontiguous namespaces, DNS must be configured such that Exchange servers are able to resolve all domain names in the environment. It is also a requirement that msds-allowedDNSSuffixes be configured within the Active Directory environment for all namespaces used within the forest. For instructions on configuring this, please see the Tech Net article "Understanding DNS Client Settings."

Exchange 2010 System Requirements

For more information on Exchange 2010 System Requirements please see the Tech Net article "Exchange 2010 System Requirements"

The announcement of Windows XP mode caused a lot of excitement, in this screen cast we have a look at how it is setup up, what users see and get an idea of what it can do.

Download XP Mode for Windows 7

This is a GREAT post from the team over at EHLO about the dangers of a bad design decision;

We sometimes hear customers talking about putting Exchange 2007 or Exchange 2010 Client Access Servers (CAS) into the Perimeter network (sometimes referred to as the "DMZ" - Demilitarized Zone). A Perimeter network is a network zone many companies deploy between the Internet and their intranet as defense-in-depth. The idea behind a perimeter network is to add additional steps to what a hacker would have to do to get access to any intranet resources. To add as strong defense-in-depth as possible, you want to put only servers you trust to withstand Internet attacks in the perimeter, and then you should assume they can be broken into anyway.

With Exchange 2000/2003, it was supported and there was documentation explaining how to put an Exchange 2000/2003 Front-End (FE) server into the perimeter network, with a firewall between the FE and the Exchange Back-End (BE) servers it accessed. This leads some customers who upgrade from E2000/E2003 to expect the same deployment pattern with E2007/E2010.

As you start planning for deploying an E2007/E2010 CAS server in the perimeter network, you quickly notice that there is no documentation for how to do this though. You will probably even find the TechNet documentation which explains this is explicitly not supported by Microsoft. Microsoft doesn't test or support any topologies which put firewalls between a CAS and a Mailbox (MBX) server. The only Exchange 2007/2010 role which is supported for deployment in a perimeter network, and with a firewall server separating it from other Exchange server it talks to, is the Edge role. This is true for Exchange servers talking to one another within and between AD Sites.

The fact that there is no support for using firewalls between Exchange servers (except for the Edge role) sometimes causes confusion for how to use the Windows OS firewall on Exchange. It is supported to have the Windows OS firewall turned on for Exchange servers. In fact, we strongly recommend you leave the Windows OS firewall turned on as a defense-in-depth measure. Exchange 2010 setup is smart enough to configure the Windows OS firewall so it'll let through all Exchange traffic appropriately (for Exchange 2007 you need to run the Security Configuration Wizard and apply the Exchange 2007 role based template).

When discussing the fact that it is not supported to put CAS in the perimeter network, the next question is obviously "why?". If this was supported and documented for E2000/E2003 FE, why not for E2007/E2010 CAS?

The most important reason why customers wanted to install Exchange FE servers in the perimeter network was to block any unauthenticated traffic from reaching servers on the intranet. This is a good practice, but as you'll see below doing this with Exchange FE/CAS servers is no longer the best way to accomplish this goal.

It is important to understand that the CAS role in Exchange 2007 is significantly different from the FE server in E2000/E2003.

· The E2000/E2003 FE servers were there to authenticate users and proxy traffic to the BE server where the traffic was actually interpreted and responded to. For example, the FE servers in E2000/E2003 don't do any Outlook Web Access (OWA) rendering. That all takes place on the BE servers.

· The E2007/E2010 CAS role on the other hand contains all middle-tier logic and rendering code for processes like OWA, Exchange ActiveSync (EAS), Exchange Web Services (EWS), and more.

In the same timeframe as E2007 was available, enough customers had also started using reverse proxies (e.g. Internet Security and Acceleration server (ISA) 2000 FP1, 2004 or 2006) with functionality like pre-authentication. This meant there was now a good way to do authentication of Exchange traffic before the traffic reached the Exchange servers. The role the E2000/E2003 FE server had played for defense-in-depth by pre-authenticating traffic before it reached servers which included a lot of Exchange business logic could now be better handled by these new reverse proxies. The reasons a reverse proxy like this does a better job than an Exchange FE or CAS server for this defense-in-depth role are:

· Exchange CAS servers require full access to all mailboxes in an AD Site, and significant access rights to the AD. That's a level of access privileged which you should avoid having in the perimeter network.

· The Exchange FE executed a little bit of Exchange business logic, and the Exchange CAS executes a lot of Exchange business logic. The more business logic you expose in the perimeter network, the more risk you're taking that something in that logic can be hacked. For servers you put in the perimeter network, you want to minimize the logic/code surface area they run and which is exposed to attack from the outside. Reverse Proxies are built with the primary purpose of withstanding Internet attacks like that. Although Exchange servers are also hardened from a security perspective, they run much more logic than a reverse proxy, which increases the risk.

· Reverse Proxies are built to be put in the perimeter network or at the edge of the network. They include many security features and flexibility for customers to determine the level of defense-in-depth which is right in any particular environment. Some of these defense-in-depth features are easy to just turn on (e.g. using pre-authentication while your reverse proxy is an AD domain member; or avoiding AD domain membership and limiting pre-authentication capabilities) whereas other defense-in-depth features take more work (e.g. using pre-authentication without domain membership by using RADIUS). But the important distinction between the reverse proxies and the CAS is that the reverse proxies have many more defense-in-depth features and deployment models available than Exchange CAS.

In addition to these reasons why a reverse proxy does a better job in the perimeter network than an Exchange FE/CAS does, there is also a problem with FE/CAS in the perimeter which goes away when using a reverse proxy there instead:

· Deploying an E2000/E2003 FE server in the Perimeter network was difficult. The port settings and other internal firewall configuration required was complicated and many customers ran into problems setting this up correctly. Different types of internal firewalls required different configuration and the symptoms experienced by Internet clients when something was misconfigured weren't always easy to diagnose. This complexity and the errors it caused was a problem for Exchange customers. The internal firewall configuration required when using a reverse proxy in the perimeter is much simpler. This is why we don't offer "CAS in the perimeter network" as a supported solution even for customers who want to take the security risks listed above: people accidentally end up shooting themselves in the foot when trying to configure things for a FE/CAS to work in a perimeter network.
If you are curious, the ports used between server roles by E2007 are listed in http://technet.microsoft.com/en-us/library/bb331973.aspx.

The best way to deploy Exchange CAS with respect to a perimeter network is to put a reverse proxy you trust in the perimeter, configure the firewall between the perimeter and the intranet to be as restrictive as possible and to host the CAS server on the intranet. This will get traffic inspection and other reverse proxy security filtering in place in the perimeter.
As extra defense, you can also configure pre-authentication to be done on the reverse proxy. This might not be possible for all Exchange protocols if you want to expose some advanced functionality like E2010 Federated Free/Busy and Calendar Sharing to the Internet. But you can configure the pre-authentication for as many clients and protocols as is supported by the reverse proxy and the scenarios you want to enable.

A number of customers have been enquiring about the current situation of our Scalable Networking Pack in relation to Windows 2008 and thanks to Jane Lewis of the UK PFE team for running the ground work on this.  So, Info and recommendations are as follows;

With Windows 2003 SP2  this setting was enabled by default.   Many customers experienced issues post deployment and http://support.microsoft.com/kb/948496/jp. This was related to the fact that certain NIC cards especially Broadcom had some major compatibility issues.  Network cards using Broadcom 5708 chipsets are known to have compatibility issues with the TCP Chimney Offload feature set and many a blog has been written around these issues;

 http://blogs.msdn.com/sqlprogrammability/archive/2008/05/27/sql-server-intermittent-connectivity-issue.aspx & http://blogs.technet.com/networking/archive/2008/11/14/the-effect-of-tcp-chimney-offload-on-viewing-network-traffic.aspx and http://support.microsoft.com/kb/942861

It was therefore advisable  to “Switch off” the SNP via this registry key.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

EnableTCPA          REG_DWORD       0x0          ßOK

EnableRSS                              REG_DWORD       0x0          ßOK

EnableTCPChimney            REG_DWORD       0x0          ßOK

0 = disabled

1 = enabled default

With the release of 2008 I have been asked by many of my customers whether this remains an issue.

Well the answer is that IT COULD WELL BE!, however to mitigate the issue ensure that you have the LATEST NIC card drivers included as part of your server build, and checkout their comptibility with TCP Chimney Offload feature with the NIC Vendors

Windows 2008 specific reference to Scalable Networking Pack.

http://support.microsoft.com/kb/951037

As always - feedback welcome from the field 

Burger King have put the massive Windows 7 Whopper onsale in Japan to celebrate the launch of our latest OS.  Not sure what to really make of this, not sure I could eat a whole one :)

http://www.burgerkingjapan.co.jp/news/win7.php

Feedback always welcome !

Introducing Windows Server 2008 R2 eBook

Introducing Windows Server 2008 R2 is a deep-dive work, that'll get you up to speed on how R2's new features and capabilities work fast, including Hyper-V and RDS virtualization, management, IIS and the new Web application platform and, of course, all the synergistic goodness between Windows Server and Windows 7. Free for a click and worth the download, so don't miss out.

Download

Remote Server Administration Tools for Windows 7

Remote Server Administration Tools for Windows® 7 enables IT administrators to manage roles and features that are installed on computers that are running Windows Server® 2008 R2, Windows Server® 2008, or Windows Server® 2003, from a remote computer that is running Windows 7.

Download

Windows 7 Product Guide

The Windows 7 Product Guide provides a detailed look at the many new and improved features in Windows 7. The guide is designed as an accurate source of information that can help you to understand how Windows 7 Simplifies Everyday Tasks, Works the Way You Want, and Makes New Things Possible. The guide is also designed to provide IT Professionals with information about how to Make People Productive Anywhere, Manage Risk Through Enhanced Security and Control, and Reduce Costs by Streamlining PC Management. This is not a help and how to guide. Rather, it provides an overview of the many exciting features in Windows 7 and pointers to more information. The Windows 7 Product Guide is available in both XPS and PDF formats.

Download

Deploying Windows® 7 Essential Guidance

Microsoft’s eBook Deploying Windows® 7 Essential Guidance from the Windows 7 Resource Kit and TechNet Magazine combine selected chapters written by industry experts Mitch Tulloch, Tony Northrup, Jerry Honeycutt, Ed Wilson, and the Windows 7 Team with select Windows 7 articles from TechNet Magazine. Sample topics include: Deployment Platform, Planning Deployment, Testing Application Compatability, and 8 Common Issues in Windows 7 Migrations.

 Download

How to Build a Windows 7 Image

This step-by-step guide explains how to install a custom image by using an operating system image that includes your customizations and applications. The guidance is designed specifically for small and medium business that may not have prior experience with Windows deployment or do not have an enterprise deployment infrastructure.

Download

Deploying Windows 7 with MDT 2010

Aidan Finn, a Dublin based Virtualization MVP who presented with us on the Windows 7 Community Launch Tour has released a white paper on deploying Windows 7 using MDT for business environments.

Download

Microsoft Application Compatibility Toolkit 5.5

The Microsoft Application Compatibility Toolkit (ACT) 5.5 helps customers understand their application compatibility situation by identifying which applications are compatible with the Windows 7 RC and Windows Vista® operating system and which require further testing. ACT helps customers lower their costs for application compatibility testing, prioritize their applications, and deploy Windows more quickly.
You can use the ACT features to:

• Verify an application's compatibility with a new version of the Windows operating system, or a Windows Update, including determining your risk assessment.
• Become involved in the ACT Community, including sharing your risk assessment with other ACT users.
• Test your Web applications and Web sites for compatibility with new releases and security updates to the Windows® Internet Explorer® Internet browser.

Download

Windows 7 Walkthrough: BitLocker and BitLocker to Go

In Windows 7, core BitLocker Drive Encryption functionality is enhanced to deliver an improved experience for IT professionals and end users—from simple enhancements such as the ability to right-click on a drive to enable BitLocker protection to the automatic creation of the required hidden boot partition. Learn about these enhancements and the new BitLocker To Go, which gives system administrators control over how removable storage devices can be used and the strength of protection required. 

Download

Windows 7 Walkthrough: AppLocker

AppLocker is a flexible, easily administered mechanism that enables IT professionals to specify exactly what is allowed to run on user desktops. It provides the flexibility to allow users to run the applications, installation programs, and scripts they need to be productive. Learn how you can realize the security, operational, and compliance benefits of application standardization by using AppLocker.  

Download

Implementing an End-User Data Centralization Solution

The objective of this white paper is to show through a case study how to use different Microsoft products and technologies to put in place a comprehensive solution satisfying the needs of a mid-sized organization around users’ file data management. The study was conducted by the Quality Assurance group of the Storage Solutions Division (SSD) at Microsoft, a division that focuses on enabling customers of all sizes to store, manage, and reliably access their file data."

Download

Today, Windows 7 is released to cities around the world. Are you thinking about migrating your PCs to Windows 7 for your organizations?  To help you with deploying Windows 7 successfully and quickly, Microsoft has been developing lots of great tools and best practice (available on Microsoft.com).

Here's a list of 7 favorite deployment tools to help you more easily and quickly plan and deploy Windows 7 to your organization.

• Microsoft Assessment and Planning (MAP) Toolkit 4.0 - Download the MAP Toolkit and start assessing your existing PCs for their Windows 7 hardware and device compatibility.
• Application Compatibility Toolkit - Use the tools and guidance from the Application Compatibility Toolkit to assess your current applications and mitigate potential issues prior to deploying Windows 7.
• Microsoft Deployment Toolkit 2010 - Leverage MDT tools and processes to execute and manage the different stages of Windows 7 deployment.
• Windows Automation Installation Kit - Use AIK to automate Windows installations, capture Windows images, and configure/modify PC images during the deployment process.
• Security Compliance Management Toolkit (Windows 7 Baseline Beta) - Get this solution accelerator and learn how to help you plan, deploy, and monitor security baselines of Windows® operating systems including Windows 7.
• Infrastructure Planning and Design (IPD) Guides for App-V and MED-V - Download the IPD guides to get clarity on how to design a highly optimized desktop infrastructure with Windows Optimized Desktop technologies such as App-V (application virtualization) and MED-V (managed desktop virtualization).
• Windows Optimized Desktop Toolkit (formerly Windows Optimized Desktop Scenarios Solution Accelerator) - Use the assessment tool and best practice to determine which Windows technologies including Windows 7, DirectAccess, App-V, MED-V, etc are best for your desktop end users.

Start with these tools and you'll have a lot of fun deploying Windows 7 to your end users!

Free for a very limited time, this Microsoft Press eBook provides selected chapters with guidance from the Windows 7 Resource Kit and TechNet Magazine on deployment platforms, planning, testing application compatibility and more. As an added bonus, you'll also get six new articles on Windows 7 from industry experts on migration, running Windows 7 in mixed environments, certification and more.

Download the free eBook here.

This is it! Windows 7 is generally available today. We have waited and waited, and it is finally here. For all you IT Professional out there, let me highlight the 3 focuses and key innovations introduced in Windows 7 and make these links readily available for you here:

Making people productive anywhere

Making people productive is not that hard. In your office plugging company’s network with a laptop loaded with apps, you can be productive. Making people productive “anywhere” on the other hand is a very challenging effort for IT, facing the mass amount of mobile devices and increasingly complex network computing environment today. The growing numbers of mobile workforce and branch offices are at the same time demanding corporate resources seamlessly available regardless the required infrastructure and organizational boundaries. Two Windows 7 solutions to facilitate remote access are BranchCache and DirectAccess.

Managing risks through enhanced security and control

Security is nothing we need to much justify the need in today’s network computing environment. It is critical, imperative, and all too often costly. From Windows Vista, Windows Vista SP1, to Windows 7, BitLocker has been expanded from a single drive, multiple drives, now to portable media. Windows 7 offers security enhancements enabling a user to secure data from unauthorized access very easily with BitLocker-to-Go, for example. In Windows 7 Explorer, highlight a portable drive, right-click to turn on BitLocker-to-Go. It is that readily available, easy to do, and readable with Windows XP. There is really no reason not to do it since it is so little to do, yet with so much control and so strong protection on data. As a memory stick is now with 32 GB and beyond capacity, BitLocker-to-Go is one very cost-effective way to protect data from unauthorized access. For a large company, BitLocker technology with group policies offers a software based enterprise solution of hard disk encryption. You don’t need to look for a solution and end up a second-best solution. It is in Microsoft Vista and it is much enhanced in Microsoft Windows 7. 

In an enterprise environment, software restriction is some of the most difficult enforcements. Not only it needs a mature infrastructure to provide software inventories, metering, and on-going monitoring, but the required an integrated skill sets to develop, test, and manage those software restriction policies are hoard to find, take years to develop, and come with very high costs. Windows 7 and Windows Server 2008 R2 together provide a vehicle that a system administrator can provision policies to deny/allow execution, installation, or usage of target software based on rules defined and enforced by group policies without programming. A complex requirement, for instance allowing task workers to access Office 2007 and later, but not PowerPoint when accessed by contractors, can be done with AppLocker in a few mouse clicking's without any scripting.

Reduce cost by streamlining PC management

Many thought without a direct migration path, i.e. in-place upgrade, from Windows XP to Windows 7, the deployment of Windows 7 may be tedious and tricky process. In fact, Windows 7 offers a number of vehicles making the migration an intuitive and straightforward process. For consumers and small businesses, Easy Transfer makes migrating from Windows XP to Windows 7 absolutely “easy” and, in my view, fun actually. Scanstate and Loadstate, two key utilities in USMT (User State Migration Tools) make a migration process very logical and easy to understand. Hard-Link Migration leaves and remaps data in place and significantly reduces the time needed to place large amount of user data in a typical migration scenario.

In the past two years, with Microsoft’s introduction of virtualization strategies and solutions, there are many options in resolving compatibility issues at an application or OS level while reducing TCO and increasing flexibilities in deploying and managing IT resources in the long run. Specific to Windows XP compatibility issues, Windows 7 Professional and above offer Windows XP Mode (via a free download) with a local virtualization of Windows XP SP3 machine. So those applications developed specific to Windows XP can now essentially run in a Windows 7 environment with a few steps to set up a Windows XP SP3 run-time environment. And Windows XP Mode is designed for small businesses. For large scale deployment, MED-V or Microsoft Enterprise Desktop Virtualization part of MDOP (or Microsoft Desktop Optimization Pack available through Software Assurance program) is the solution to manage local desktop virtualization with the abilities to standardize user experience, virtual machine settings, access control, etc. with policies.

Server administrators be warned; if you’re looking at Windows Server 2008 R2 you need to be aware we (Microsoft) are not currently supporting Microsoft Exchange 2007 on this platform. Instead, you must upgrade to Exchange 2010.

This news was made public via the Microsoft Exchange Team blog when discussing rollup 9 for Exchange Server 2007 service pack 1.

Specifically, the Exchange Team note that one of the fixes in the RU is “Support for Windows Server 2008 R2 Domain Controllers in the environment” adding the disclaimer “Note: Exchange Server 2007 itself is not supported to be installed on a Windows Server 2008 R2 system.”

The blog permits reader comments and one reader, “Tony” asked “I have a Windows Server 2008 x64 server running Exchange Server 2007 x64. The Windows Server is also a Domain Controller. When Windows Server 2008 R2 comes out will I be able to upgrade the server to R2?”

The Exchange Team respond, “Exchange Server 2007 will not be supported to run on Windows Server 2008R2. So for the system which is running Windows Server 2008 + Exchange Server 2007, you cannot upgrade the platform to Windows Server 2008R2.

If you have a domain controller which does not run Exchange, you can upgrade it to Windows Server 2008R2 since it is a supported scenario to run against Windows Server 2008 R2.”

This means companies who have been planning an early migration to Windows Server 2008R2 need to proceed with some caution. You should revise plans to recognise your Exchange Server 2007 system cannot have its operating system upgraded without simultaneously upgrading to Exchange Server 2010, so in reality a migration project will need to be scoped.

This also means that companies contemplating an Exchange Server 2007 rollout should consider their plans and determine whether this information affects their proposed roadmap.  Exchange Server 2010 is strongly expected to be Generally Available within a couple of months.

I saw this posting on techradar news and thought it was worth sharing.  They provide a nice summary of 18 cool things in Windows 7 that are not in Vista.  It’s a great highlight of what’s new – go check it out!

http://www.techradar.com/news/computing/pc/18-cool-things-windows-7-does-that-vista-doesn-t-628892?artc_pg=1

With the excitement around the public release of Windows 7 this week, I’m getting lots of questions about the best way to upgrade systems from Windows XP to Windows 7.  Here are the best options:

Easy Transfer – a great tool for end users to migrate their data, settings, preferences, favorites, etc. Note that there is a new version of Easy Transfer for Windows 7. It is much faster than the first version, written for Windows Vista.  Easy Transfer is included on the Windows 7 DVD, but you may also download it from this web site - http://windows.microsoft.com/en-us/windows7/products/features/windows-easy-transfer

USMT – User State Migration Tool – this tool is recommended for an IT Pro to use for migrating other users.  USMT is part of the Microsoft Deployment Toolkit (MDT)

http://technet.microsoft.com/en-us/windows/dd671583.aspx

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=2274c6c3-bc26-45d5-a32c-f6f44f980518 – (download the video here)

http://edge.technet.com/Media/User-State-Migration-with-Windows-7/

MDT – Microsoft Deployment Toolkit –

MDT is the recommended process and set of tools for automating desktop and server deployment.  You can do an automated “Light Touch” installation by using MDT and the tools included in Windows Server 2008.  If you add System Center Configuration Manager to the mix, you can do a totally automated “Zero Touch” installation of Windows 7 – or any software application.

http://www.microsoft.com/downloads/details.aspx?DisplayLang=en&FamilyID=3bd8561f-77ac-4400-a0c1-fe871c461a89

Hope this helps

As there is currently a masssive interest in Windows 7 I thought I would share this helpful learning "snack" on Search.  Windows 7 provides the concept of Libraries, an improved Search functionality and Federated Search.

In just 15 minutes you can:

• Learn how to use Libraries in Windows 7
• Learn how Search was improved
• Understand Federated Search
• Learn about Search Scopes

With Federated Search, users can search corporate Intranet sites and their desktops from one familiar interface:  Windows Explorer.  This is out-of-the-box functionality to search beyond the user's computer.  Developers and IT professionals can enable search engines, document repositories, web applications and proprietary data stores to be searched from Windows Explorer without writing and deploying client-side code.

Enterprise Search Scopes allow IT administrators to populate links on the Start menu and in Windows Explorer.  These links simplify access to the most appropriate, complete and authoritative data sources on the network.  As a result, content is more discoverable.

A “Learning Snack” is an interactive presentation delivered via Microsoft Silverlight.  Watch this snack:

Accessing Information in Windows 7  (15 minutes)

http://www.microsoft.com/learning/_silverlight/learningsnacks/win7/snack10/default.html

For additional Windows 7 snacks, please visit:

http://www.microsoft.com/learning/en/us/training/format-learning-snacks.aspx#win7

Somehow, in all the other activities of the last couple of weeks I missed the release of Microsoft Security Essentials which is our FREE* anti-virus / anti-malware product aimed at home users. (We have the more business oriented Forefront Client Security as well). My experience with it has been too limited to date to offer much commentary on it: however – since this blog is read mostly by people who work around computers the reason for writing about it is to say this: we all have a friend or family member who doesn’t protect their PC. The availability of  software from Microsoft which plugs the gap and is FREE* gives you a chance help them.

Over on the Malware protection center blog  Joe has posted an analysis of what it unearthed in its first live week. We’ve had 1.5million downloads, and found 4 million infections on 0.5 million computers. That’s right the average infected computer has eight different infections. I’ve seen numbers like that before and find it a bit unnerving , because there is a long tail effect: lots of machines are clean, some have one or two infections, the average for an infected machine is 8 and beyond that – there are some out there with dozens upon dozens.

Joe breaks down the reports by country: US has the most reports at 25%, then Brazil and China at 17% each the UK only has 2% of the reports. I don’t know if it is because we have fewer installations here or if our PCs are better protected. Unfortunately it is only infection reports which are broken down by country, not downloads or installations. But Joe does break installations down by OS. 44% is Windows 7, 23% Vista and 33% XP. We haven’t even launched 7 properly and it is 44% of the downloads. My guess is that people who are trying out a new OS are keener than the population at large to try new anti-malware from the same source. The final chart Joe has put up shows the ratio of infections per OS – when he says normalized, I’m assuming that means Vista numbers are scaled up and Windows 7 scaled down so they both represent infection rates on a equal number of computers. XP is more than 3 times more likely to have an infection than 7. This isn’t entirely because 7 is better – it will be a newer installation so XP will have had more chances to get infected. XP infections rates are 60% higher than Vista’s. But 7 is running at about half Vista’s rate. As time passes it will be interesting to see how close 7 and Vista end up and how far behind XP lags. I’ve got a hunch that the numbers will change as they move away from people installing the software because they think their PC might be infected and finding something on the first run.

*As it says on the web site Your PC must run genuine Windows to install Microsoft Security Essentials  or put another way, if you stole the OS, you’re going to have to figure out how to steal software to protect it.

Let me know what you think! 

As I hope you know by now, we are releasing the OS on 22 Oct 2009. I’m on the Windows 7 final build now, and the mass of new features make it really user-friendly. Its fast, solid as a rock and a real leap forward from Vista.  I cant wait to see your feedback, check the videos below;

Windows allows you to work from anywhere…   Windows on the pocket pc mobile.  Below a good interraction video between Windows PC and Windows Phone;

Windows 7 is a totally accessible OS, as young kylie is keen to demo :)

Have also a look at this funny video showing that when you have a job, Windows is the only way to go :)  Im a PC!!

I hope most of you have already read alittle about project Natal and Project Milo, if not check my tags. So, besides using it for gaming purposes, Microsoft will also hope to use the NATAL and MILO technologies (e.g. voice, movement and facial recognition) in the wider business evironment.  Check out this inspiring video and see what the future could be shaping up as;

Microsoft has now confirmed that nearly all of the big names in video games are working on titles that take advantage of the new motion sensing technology.

Checkout the cool Natal Video below.  As you may or may not be aware, Natal will work on current Xbox 360 as the software is in the camera !
As you can see in this video, you won’t need a controller at all!. You are the controller and the camera has the built in intelligence to recognizes your face, movement, voice, etc - we're leaving that up to the games dev's.

also check out this great MILO video - Milo recognizes your voice, your facial emotions and can read a piece of paper!!

Its fair to say Microsoft has been pretty quiet about Project Natal since showing off the motion-capture technology at E3 earlier this year.

However, a lot has been going on behind the scenes, particularly in getting developers to build games that can take advantage of the technology, which lets a player control a game with their body as opposed to a joystick. In an announcement at the Tokyo Game Show, Microsoft noted that nearly all of the big names in video games are working on Natal titles.

Microsoft’s list includes Activision, Capcom, Disney, EA, Konami, MTV, Namco Bandai, Sega, Square Enix, THQ, and Ubisoft. Game makers have had development kits in their hands since June, Microsoft said.

“‘Project Natal’ gives the industry’s creators and storytellers the freedom to dream of new experiences and to tell stories never before possible,” Microsoft Senior Vice President Don Mattrick said in a statement. Microsoft has yet to announce further details on Natal, such as when it will be released and how much it will cost, but many expect the add-on to debut next year.

Microsoft has said that Natal, which consists of an RGB camera, depth sensor, and multi-array microphone, will be sold as an add-on to the existing Xbox 360 console.

“Project Natal could fundamentally change the way players experience sports games,” EA Sports President Peter Moore said in a statement. “At EA, some of our top development teams are experimenting with these tools with the goal of delivering a completely fresh take on genres like sports and racing.”

Ubisoft, meanwhile, talked about the opportunity to reach new audiences.

“With the 3D camera, your body can become the interface,” Ubisoft CEO Yves Guillemot said in a statement. “Any barrier related to the use of pad controllers that may have existed for potential gamers is now abolished.”

Microsoft’s own game studios are also working on several projects, the company said. Check back for more info as its released.

 Windows 7 is almost here!  The release date is set for 22nd October and Im getting alot of great questions and feedback from early adopters.  I also know there are a number of great Win7 house parties going on as well, so if you have any questions on this cool new product please let me know and I will do my best to get them answered.  More info at the link below;

http://www.microsoft.com/windows/windows-7/default.aspx