There are many MDT environment setups, this one is mine.
I use a 2008 R2 SP1 Server as my base. I enable the Hyper-V role on it and create 2 VMs. Half of you reading this are going to say “But we’re a VMWare shop, we don’t run Hyper-V.” Ok, so stand it up like this anyway. It’ll make your life easier when you are creating your reference images to be using Hyper-V, where all the drivers are natively available instead of having to provide VMWare drivers that you are just going to strip out with a sysprep anyway…
So, 2 VMs, setup as thus:
VM1 is a Windows 7 x86 SP1 install.
This VM I name MDT-Console, give it 2 processors and 2 GB of RAM, 50 GB of space and install WAIK and MDT. I install Office 2010 and download the “Optional - MDT 2010 Update 1 Print-Ready Documentation.zip” to this VM.
VM2 is a Windows 2008 R2 SP1 install.
This VM I name MDT-Share, give it 2 processors and 2 GB of RAM, 200 GB of space (1 big volume) and create 2 File System Folders and Shares, “MDT-Reference” and “MDT-Deployment”.
To make things simple, I domain join my 2 VMs. I permission the account I am using on the Windows 7 VM1 to full rights on the VM2 shares. I then open my MDT console (I pin mine to the taskbar in this VM) and create the reference and deployment shares by clicking on “Deployment Shares” in the console and selecting “New Deployment Share” which invokes a wizard.
When I do a \\MDT-Share\ it autofills…
I then select my Reference Share, cause I want to establish it first.
I name it (logically) MDT Reference Share in my console…
On the next 3 screens, I leave the “Capture” checkbox checked, because it’s a reference share, where we are going to do a lot of capturing. <next>
I leave the Administrator question checkbox blank/default. <next>
I leave the product key blank/default. <next>
<next>
Awww yeah, now we’re cooking with gas.
To create the Deployment Share, I basically do the EXACT same thing, except I select and name it Deployment instead of Reference, and I uncheck the box to “Ask if an image should be captured”…
Which leaves the console looking like this:
So mount an ISO of the OS you want to capture and deploy into Hyper-V as the DVD drive of the MDT-Console VM.
Then in the MDT workbench, right click the folder “Operating Systems” and create a folder for that OS. Then right click that folder and select import.
Make sure you keep it on the “Full set of source files” and hit Next.
Then select the root of your mounted ISO as your source.
The destination directory name is NOT the name you set for the folder in MDT workbench, but is the flat file system directory.
Then we are at the Summary, which should be fairly logical and look something like this:
Then it will import:
When its done, it gives a summary and a finish button. Click it and witness the power of this fully operational MDT Reference Share! Muwauahahahah
Er, sorry, yeah, so note that I imported Ultimate, but look what I get:
Multiple OS’s. Anyone know why? That’s right, the Ultimate WIM has the previous editions in it. Do they take up extra space? No, not really.
So now we have an OS. Rinse and repeat for all your OS’s you want to service in the reference area.
Then, lets Right Click the MDT Reference Share in the tree and select “Update Deployment Share” so we can create the initial WinPE isos.
Select the defaults, next next and let it run.
Once this is done, we’ll be able to craft a task sequence and do some customizations.
Much like the Operating System area, in the Application area we want to create a logical folder structure. These are applications we may want to cook into our reference image.
In the end, mine looks something like this (I’m building out a new MDT 2012 site here at home, so these are apps I install on my home machines).
But these are just folders! Where are the APPS?!!?1111!bbqlazers!
Ehm, Ok, here they are, we’ll start with Office 2010:
Right click the folder and select New Application.
Select the default radio button:
Fill in the fields in the next screen:
and hit next. For Office, mount the ISO of Office 2010 and point it to the architecture you want to install. I’m picking x86. For other applications, pointing to the directory with Setup or the root of the CD should work mostly.
Hit Next and note the directory its creating, make sure it makes sense.
Then hit next. On the next screen, the command line is where you’re going to want to put in the silent and whatnot install switches. Office though, MDT will do for us, so I’m going to be lazy and just put in setup.exe.
For other apps, you can contact the vendor to get the silent switches, or use the awesome website www.appdeploy.com.
Next will show you the summary of what you’ve picked. Then next and it will copy from the DVD.
Office and MDT are pretty integrated. So you can go to the properties of it and there is an extra tab from all the other applications. This will let you do your office customizations and whatnot.
So after yours is done, wack apply.
After hitting apply, then doing the drop down at the top to None and Apply, and then ProPlusr and apply, Details should look like this:
See, the switches are now in place. We have an application. Now import the rest of your applications (with silent switches if possible) and continue to the next blog post.
So at this point you’ve imported/added your applications and are wondering why I created a folder named bundles…maybe?
These are groupings of applications so we can force feed a bundle of apps onto a build, rather than selecting them one at a time in a wizard….
I’ve defined a x64 and x86 bundle here. Both are empty, but not for long.
So here I click “Add'” and start selecting applications that I want on my x86 builds.
Same for my x64
Now I’ve got my app bundles, its task sequence time. But first, time for dinner…
So now with Operating Systems and Applications added to the console, it’s time to add a Task Sequence or three…
I always give my Task Sequences an ID of a number. You can use anything, but I like the numeric relevance, and its easier to type if you end up specifying a TS later…
Anyway, fill in the wizard already!
This is a “Standard Client Task Sequence”
Pick an Operating System…
No point in specifying a product key, we’re going to sysprep this image…
None of these fields really matter, this is for the reference image, and our specifications on the Deploy side will overwrite this stuff…
Doesn’t matter what local admin is, again, we’re sysprepping this and everything will be overwritten by Deployment…
Next, Finish, and done!
But that was just creating the TS, not modifying it, which is much more interesting. But, time to get the kids to bed first…
Now that the Task Sequences are created, its important to note you are NOT done here yet. It is not yet soup…
Before we proceed any further, I typically implement the changes the Deployment Guys recommend to add your own custom actions to the Task Sequence editor, documented here. I implement the stock change they document. After that I restart my workbench so I can see the changes.
(Before and After)
So lets Right Click one of those Task Sequences you’ve created and select Properties, then the Task Sequence Tab, which should get you to where I am in the pictures above.
A couple key things you should probably be doing in a reference build, enabling Windows Update (pre and post application install).
Also, disable “Enable Bitlocker”, no need to try to Bitlocker our VM for the reference capture…
Also, on “Install Applications” I specify my bundle:
This is so in the Capture Task Sequence I don’t get prompted on what applications I want to install, I just breeze through that part of the deployment wizard.
Next thing I do is modify my customsettings.ini aka Rules for the Reference share.
So hit ok on that Task Sequence properties window and go to right click on the Reference Share root and select properties.
And click on “Rules”
Here are some things I add to my Reference Share properties:
(All of these are referenced in the Toolkit Reference.doc in the optional print ready docs)
[Settings] Priority=Default Properties=MyCustomProperty
[Default] OSInstall=Y SkipAppsOnUpgrade=YES SkipCapture=NO SkipAdminPassword=YES SkipProductKey=YES _SMSTSOrgName=Jeffs Capture Machine SkipBitLocker=YES SkipDomainMembership=YES JoinWorkgroup=Workgroup SkipFinalSummary=YES SkipLocaleSelection=YES SkipSummary=YES SkipTimeZone=YES SkipUserData=YES TimeZoneName=Eastern Standard Time UserID=administrator UserDomain=MDT UserPassword=P@ssword1 FinishAction=SHUTDOWN
My bootstrap.ini gets modified as well:
[Settings] Priority=Default
[Default] DeployRoot=\\mdt-share\Reference Share UserID=administrator UserDomain=MDT UserPassword=P@ssword1 SkipBDDWelcome=YES
I then Right Click my reference share and select “Update Deployment Share” so my changes to the bootstrap.ini get written to the WinPE.
Ok, break time is over yo….
So lets do another properties on our Task Sequence and go to the “OS Info” tab, which will look like this:
Click “Edit Unattend.xml”
Now this is why I (we, you are following along right?) selected an x86 version of 7 to do the console in…
x64 imagex.exe can’t catalog a x86 WIM. No really, its documented here.
The important bit:
Different binary versions of Windows SIM cannot create catalog files for some Windows images of different architecture types. We recommend using the 32-bit version of Windows SIM to create catalog files because this version can create catalogs for all Windows image architecture types. The following list describes the Windows SIM architecture types and catalogs that can be created for each Windows image architecture type.
So, the take-away here is always use a x86 host and you don’t have to worry about not being able to catalog a WIM.
That brings us to this screen:
So lets do some fun stuff…
My kids will likely want all games, so lets make them available at install. (you may want the reverse, that’s just as easy)
And then search for games (you didn’t think I had all this memorized did you?)
Double click “InboxGames” and then voila, it adds the setting to the unattend.xml for you:
Ah, already enabled….why? It’s Home Premium not Professional. You probably are seeing it a little different. But that’s the basics of how to do stuff in unattend.xml. Do a find, find the setting, add it and set it.
ONE TRICK, if you have a pesky video driver that can’t figure out his resolution and you end up with a widescreen laptop without a widescreen resolution at deploy, you can set the resolution to 0 and force it to AutoDetect at the driver level, just an fyi.
So once we’re done with the unattend.xml, we’re ready to fire up a task sequence in a VM and do a capture, applying updates and whatnot!
So one of the trends I’ve been seeing in WDRAPs I’ve performed is that companies are making use of older hardware for newer tasks on a much more frequent basis than before. Budgets seem to mandate a 4-5 year (or longer) pc recycle timeframe and the net result of this is companies are running their new image of Windows 7 on hardware that in some cases is over 7 years old (personal experience talking here, no statistics to back it up sorry, though that might be interesting).
So when I go into a company to do a WDRAP I am often evaluating the security and performance of an older chassis. Something I’m frequently running into is that some models of desktop have Automatic Acoustic Management (AAM) enabled by default to a value of 128 (quiet). Sometimes, the BIOS is actually set to ‘Bypass’ which at first blush might make the user or administrator think the BIOS has this feature disabled. Incorrect in my experience! Bypass actually seems to let the disk decide, so if the manufacturer of a disk set the disk to prefer quiet mode, Bypass will let the disk run at a slower rotational speed to keep the head quiet.
This increases the seek time noticeably, as well as overall transfer time. (You can go over more blocks in a minute if you are spinning at 7200 RPMs than if you are spinning at say, 5400 RPM, same goes here for AAM).
Setting the BIOS to Performance (forcing the drive to run at the 254 level of performance instead of 128/quiet) has caused some boot times of older XP images to speed up by over 100 seconds in the field.
So really, check out this setting. You might also note that some hardware vendors in later/modern disables this setting and sells it as a performance gain, rightfully so. Most drives are fairly quiet these days anyway, so much so that most models of hardware I’ve changed this on the end user doesn’t notice the difference in noise levels, only performance.
Of course your mileage will vary by model of drive, motherboard, and BIOS.
Additional links that you might find interesting on the topic are listed here.
In my last session, I covered a rudimentary usage of XPERF to analyze my slow booting Dell with a SSD in it. The fix was simple and the problem stood out like a sore thumb. Resolution was as simple as setting the Ambient Light Service from Dell into an Automatic (delays start) state.
But what about situations where things aren’t so simple? What about slow booting machines in the enterprise? Or even in the small business? Where third party apps and malware and mis-configured anti-virus products take their toll on an otherwise stellar piece of hardware?
We have some free tools available to us to help troubleshoot slow logon times.
First, we have UserEnv logging. This is alive and well in Windows 7 by the way, the KB just doesn’t reflect that fact. I’d go over this in-depth, but why re-invent the wheel when it’s already buried in TechNet? So go here and check it out, a wealth of information is at your fingertips to troubleshoot UserEnv logs.
Going hand in hand with this is GPLogView, a good tutorial can be found here on it.
Of course we have Xperf, though there is a learning curve associated with learning it.
As some would say…Mission Accomplished. It’s a long story, but I use these videos, particular part of the part 3, in my class to teach how Windows talks to physical RAM. The students just about universally dig it and now they are rescued from the Akamai cache and posted once again….
http://vimeo.com/15890452 http://vimeo.com/15888263 http://vimeo.com/15889595
As the Bristomatique would say, “Share and Enjoy”
Mom2005 agent for FCS v1 can slow boot times by around 20 seconds (typically)...So I did a WDRAP recently where part of their slow boot experience was related to FCS. It's not FCS's fault though, it rides on top of the old MOM 2005 health agent. Oddly enough, the MOM 2005 health agent, in the registry called:
HKEY_LOCAL_MACHINE\Software\Mission Critical Software\OnePoint
Has a value....
BootStartupDelay: X
Where, at my customers site, the X was 60 (value is in seconds by the way).
Flipping that bit to 0 increased their overall boot time by about 18-20 seconds. Not a BIG deal, but, a deal nonetheless. I've done some research on this and no impact has been seen by setting this to 0 so far at any customer....
Another fix would be to check dependencies of the MOM 2005 Agent with the Service Control Manager, ala http://msdn.microsoft.com/en-us/library/ms681957(VS.85).aspx. As the basic problem is that MOM blocks the service control agent while it runs through it's boot delay.
But, I found it easier to flip a bit in the registry from 60 to 0 myself...chances are you will too.
Often at customer engagements when I encourage them to use things like SCCM and SCUP along with HP or Dell SCUP integration to keep drivers (and firmware!) up to date, I’m told it isn’t worth it. If the drivers from 2006 work, it doesn’t matter if an update is out.
More often than not, the reason I’m there in the first place is to analyze and solve slow boot/client performance….
These two statements above are connected, I promise.
Lets take a walk through my Dell e6500’s life cycle for example. When I started in PFE I was issued a Dell e6500 laptop with 8 gig of RAM and a 7200 RPM drive. BIOS rev A08.
Lets look JUST at BIOS as an example:
Line item 4. Slow boot performance (a user isn’t going to understand it’s a PXE issue, they just complain it boots slow)
But wait, there’s more…
Line 1 is interesting. If you were rolling out Windows 7 to this machine, it MIGHT work with previous BIOS versions, but wouldn’t it be cool to be in a supported configuration from the company who made the hardware?
And look, Line 3, updated the Nvidia BIOS, either we’re fixing something or making it faster…
And hey, Line 6, access speed for PCMCIA cards.
Hey look, Ambient Light Sensor “improved support” for Windows 7. Wonder if that fixes my slow boot issue I blogged about previously on ALSSVC64.exe adding 20 seconds to my boot time…
Ah, we remove, REMOVE, AAM on line 2. Remember I blogged about this, the feature to slow your hard drive so it boots your system slow but doesn’t make noise…
But I digress.
Hey look, line 4. Nvidia BIOS update again. Fixes problems or improves performance (or why was it written?).
Am I picking on Dell here? NO! Does Dell make bad hardware and this is why there are so many fixes? NO! Every vendor with a brain makes stuff that can be upgraded. Does anyone recall back when the old Pentiums had the divide by 0 bug? And hardware was replaced/RMA’d? Yeah. Updates = good. It means the vendor is servicing the product line, taking feedback and aggregating service call data and improving their product for you, the end user/company.
Note that none of these BIOS improvements cost anything except the time to download and apply them. Free performance gains.
My laptop took a nose dive off a desk last week, so I am lacking in good solid pictures to prove the gains, but they are appreciable.
Ok great, lets look at something you paid for, Anti-Virus!
I am NOT naming this product, it’s a picture example of what a simple update from one version to another can do to the disk IO at boot. Note that AV engine updates are usually pretty simple to roll out in an enterprise.
PRE update:
POST update:
Tell me, which sytem would you rather want to be on? Given we’re looking at the disk activity from 0 seconds to 230 seconds, and more disk activity is more likely going to mean a lack of responsiveness, I’ll go with POST myself.
Ok, what was the point of this rant?
Glad you asked. Computers are like anything else. Our bodies, our cars, our homes, our loved ones, all require maintenance and care. Give your computer some love today, go to your vendors site, see if any updates are out there, and apply them if they are appropriate, if they make sense, you know?
SCUP and System Center are a great way to keep things current, with an approval process, in a large environment, and I think they are worth investigating. Or why not, when rolling out that new image, include a BIOS update as part of the task sequence?
XPERF, from the WPT, is the way to analyze the impact. Like in the screen scrapes above. The ONLY change made, was an AV engine update. Easy to look at this and say “Yeah, that’s an improvement”. If its such a subtle thing in a test that you can’t tell, chances are it’s not worth rolling it out in the enterprise you manage.
Food for thought.
Jeff
I just realized I forgot to link to my xperf into talk on RunAsRadio.com back in October. Boy is my face red…
http://www.runasradio.com/default.aspx?showNum=182
Check out their podcasts, it’s a great repository of technical information!
Applies to: Exchange 2000/2003
This may seem like a basic thing to some people, but for those who don't know, here goes. This can be easily done by running Exmon, available here.
So download Exmon and fire it up on your Exchange Server.
Go to the By Clientmon tab, and in there you'll see a column named "Cached Mode Sessions". If you have something other than 0 in that field, then your user is connecting over Cached mode.
Hope that helps, I've had the question a few times before.
Dan and I and some other engineers wrote up a blog post you can find here on how to recover from a smashes schema scenario on your Exchange Servers.
It's pretty succinct so I don't have anything to add to it, it's an interesting read though.
Applies to Exchange 2003
I had a case a couple weeks ago I thought I'd write about. What was happening is the Version Store would run out of memory and a 623 error would throw. Version Store buckets allocated would climb from 4 to over 2000 in less than 5 minutes. The store would then rollback its transactions for a bit, recover, run for 10-15 minutes and repeat the whole cycle over.
This is atypical 623 behavior to say the least.
What we ended up doing to fix it was capture an adplus dump, 3 actually, triggered at Version Store buckets allocated crossing 1600. We captured 3 dumps at 1 minute intervals.
The 1st dump caught the problem transaction, the last 2 were both capturing rollbacks, so this was a quick ramp up.
Turns out the problem was being caused by a bad meeting request being processed over and over again. We tried all kinds of ways to delete the message, all of which caused Version Store buckets allocated to climb. A MFCMapi hard delete ended up doing the trick.
So I'm a PFE now, Premier Field Engineer. It's an interesting gig, sort of like running your own company within Microsoft. I'm doing Platforms now, instead of Exchange. Trying to keep the mind limber and all.
So far I've been doing shadowing of other PFEs as they do things like Active Directory Risk Assessments and what have you.
I'm looking forward to helping our customers proactively instead of being in a constant reactionary state of crit sits and whatnot.
More on this soon.
In the Vital Signs workshop, we touch upon the tool SPA (Server Performance Advisor). This unsung hero of performance evaluation deserves some love, which is why I'm writing about it over 5 years after its last update was published and made available on the downloads site, here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=61a41d78-e4aa-47b9-901b-cf85da075a73&displaylang=en
So, Clint Huffman, creator of PAL, wrote up this excellent article on how to troubleshoot server performance problems...
So, check it out here:
http://channel9.msdn.com/Wiki/PerformanceWiki/HowToIdentifyBottleneckSPATool/
It's the bomb, and it's free as in beer.
http://visualstudiogallery.msdn.microsoft.com/en-us/e8649e35-26b1-4e73-b427-c2886a0705f4
So, check this out. It allows you to collect ETW tracing, dumps, all kinds of stuff. It does not work on Windows XP, but still, a handy little tool nonetheless.
Post courtesy of Evan Basalik
One of the most resource intensive applications you can run on Windows is SQL Server. To some extent, this is demonstrated by the vast amounts of performance guidance and troubleshooting documents that exist all over the web. When running SQL Server in an Azure Virtual Machine (i.e., IaaS), there is one additional article you want to be sure to read. It was written and edited by a virtual who’s who of Windows performance, Azure performance and SQL Server performance. Even if you aren’t running SQL Server, but want to understand best how to build high performance Azure IaaS applications, this article has a wealth of knowledge.
Authors: Silvano Coriani, Jasraj Dange, Ewan Fairweather, Xin Jin, Alexei Khalyako, Sanjay Mishra, Selcin Turkarslan
Technical Reviewers: Mark Russinovich, Brad Calder, Andrew Edwards, Suraj Puri, Flavio Muratore, Hanuma Kodavalla, Madhan Arumugam Ramakrishnan, Naveen Prakash, Robert Dorr, Roger Doherty, Steve Howard, Yorihito Tada, Kun Cheng, Chris Clayton, Igor Pagliai, Shep Sheppard, Tim Wieman, Greg Low, Juergen Thomas, Guy Bowerman, Evgeny Krivosheev
Editor: Beth Inghram
Summary: Developers and IT professionals should be fully knowledgeable about how to optimize the performance of SQL Server workloads running in Windows Azure Infrastructure Services and in more traditional on-premises environments. This technical article discusses the key factors to consider when evaluating performance and planning a migration to SQL Server in Windows Azure Virtual Machines. It also provides certain best practices and techniques for performance tuning and troubleshooting when using SQL Server in Windows Azure Infrastructure Services.
Step 1. Setup Windows Server 2012 (see my build a lab series for that if you don’t know how).
Step 2. Patch it and name it blah blah.
Step 3. Download Microsoft Web Platform 4.5:
http://www.bing.com/search?setmkt=en-US&q=microsoft+web+platform+4.5
Step 4. Run it.
Step 5. Click Database, then “MySQL Windows 5.1” and click “Add”
Step 6. Click “Applications” and Select “Wiki on the left to sort it, then click “MediaWiki” and click “Add”.
Step 7. Click “Install” and let ‘er rip!
Step 8. Configure Password to a strong password.
Step 8. Click Continue and then Check the box, help the people who write code to get feedback on their installers, and hit “I Accept” (or don’t, that’s cool too, you still need to hit “I Accept, but you don’t need to check the box).
Step 9. Grab a drink and wait:
Filling in a pw here (pretty sure this should match what we put above, if not I’ll change it later):
Whee
After clicking finish it opens an IE 10 window to local host. It looks like there was a bug where there were // instead of / after ‘localhost’ so I removed one and hit enter. Then I got prompted to turn on “Intranet Security” as it was currently disabled on my 2012 Server (action bar at the bottom of the browser window). After I did that I got this:
Step 10. Do wiki stuff! Share and enjoy!
-The Dude
This tip of the day is cloud yo! Straight from Evan Basalik, an Senior Support Escalation Engineer!
Today’s (Cloud) Tip…Security of customer data in Office 365
We employ all of the follow methods to secure customer data in Office 365:
1) Network segmentation to ensure physical separate of back-end services and devices from public-facing interfaces 2) BitLocker 256-bit AES Encryption for all email content at rest (i.e., on storage media) 3) Access to physical hardware is monitored and controlled by including badges and smart cards, biometric scanners, on-premises security officers, continuous video surveillance, and two-factor authentication 4) Our racks are seismically braced (I just think that is cool!) 5) Traffic Throttling to Prevent Denial of Service Attacks 6) Deleting unnecessary accounts automatically when an employee leaves, changes groups, or does not use the account prior to its expiration
1) Network segmentation to ensure physical separate of back-end services and devices from public-facing interfaces
2) BitLocker 256-bit AES Encryption for all email content at rest (i.e., on storage media)
3) Access to physical hardware is monitored and controlled by including badges and smart cards, biometric scanners, on-premises security officers, continuous video surveillance, and two-factor authentication
4) Our racks are seismically braced (I just think that is cool!)
5) Traffic Throttling to Prevent Denial of Service Attacks
6) Deleting unnecessary accounts automatically when an employee leaves, changes groups, or does not use the account prior to its expiration
The service is also certified by a number of independent compliance checks and validations such as:
1) ISO 27001 2) FISMA moderate Authority to Operate 3) HIPAA Business Association Agreement (BAA) 4) EU Model Clauses 5) Cloud Security Alliance (https://cloudsecurityalliance.org/research/projects/cloud-controls-matrix-ccm/)
1) ISO 27001
2) FISMA moderate Authority to Operate
3) HIPAA Business Association Agreement (BAA)
4) EU Model Clauses
5) Cloud Security Alliance (https://cloudsecurityalliance.org/research/projects/cloud-controls-matrix-ccm/)
See http://www.microsoft.com/en-us/download/details.aspx?id=26552 for all the details.
By Evan Basalik
Customers can leverage Directory Synchronization (DirSync) to keep their local Active Directory and Windows Azure Active Directory in sync. The DirSync application runs on a regular basis and copies on-premises attributes to Windows Azure Active Directory. Applications like ACS and Office 365 then use Azure Active Directory to validate users’ identity and attributes. Historically, DirSync didn’t synchronize the user’s password. Instead, it leveraged the concept of managed or federated users to decide whether to use a local password or talk to a federation server. A recent update to DirSync added a new option – Password Synchronization (Password Sync). Password Sync allows DirSync to send up a hash of the user’s password hash (yes, it is a hash of a hash). This allows Azure Active Directory to authenticate users without having to talk to a federation server. Talking to a federation server to validate a credentials is called “single sign-on” since in theory users don’t have to re-enter their credentials if already logged in. “Same sign-on” means that the users will have to re-enter their credentials, but they can use the same exact credentials they use to sign on locally. Same sign-on is a compromise. It is much easier to implement than federation and single sign-on, but it is not quite as seamless as single-sign on. In essence, it provides the simplicity of managed users while adding the convenience of end users not having to remember yet another set of credentials.
Shout out to ChriCas and StevTa for sanity checking today’s tip!
Today’s Tip…
From Robert Mitchell!
A number of SysInternals tools were recently updated. For those of you that use these tools on a regular basis, you might want to grab these updates and add them to your respective collections.
AccessChk v5.11: AccessChk, a command line utility for dumping the effective permissions and security descriptors for files, registry keys, processes, tokens, object manager objects, now prefixes Windows 8 application container SIDs with the word “Package”, and includes several minor bug fixes.
Procdump v6.0: Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and exceptions. Version 6.0 is a major upgrade that adds the ability to specify multiple filters, attach to a process by service name, and display/filter on the message text of a CLR or JScript exception.
RAMMap v1.22: RAMMap is a graphic utility that shows the breakdown of physical memory usage across different dimensions. This release fixes a bug that could cause a crash when accessing the cached files page when a cached file’s name exceeded a certain length.
Strings v2.51: This update to Strings, a command-line utility that prints a file’s embedded Unicode and ASCII strings, fixes a signed file offset printing bug.
Optimizing and Troubleshooting Hyper-V Networking - http://shop.oreilly.com/product/0790145383068.do
Optimizing and Troubleshooting Hyper-V Storage - http://shop.oreilly.com/product/0790145382924.do
Check them out, no, seriously, check them out!