Kevin Remde's IT Pro Weblog
Kevin’s Webcast Resources:
Active Directory Fundamentals
Here are some resources relating to the webcast topic presented. I hope you find them useful.
Active Directory Benefits for Smaller Enterpriseshttp://www.microsoft.com/WindowsServer2003/techinfo/overview/adsmallbiz.mspx
Active Directory Collectionhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/6f8a7c80-45fc-4916-80d9-16e6d46241f9.mspx
Windows Server 2003 Deployment Guidehttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/c283b699-6124-4c3a-87ef-865443d7ea4b.mspx
Recorded Session: Windows Server 2003 DNS Integration with Active Directoryhttp://www.microsoft.com/seminar/shared/asp/view.asp?url=/seminar/en/20040617TNT1-114/manifest.xml
Active Directory Migration Tool (ADMT) v2.0http://www.microsoft.com/downloads/details.aspx?FamilyID=788975b1-5849-4707-9817-8c9773c25c6c&DisplayLang=en
Monitoring and Troubleshooting the File Replication Servicehttp://www.microsoft.com/windowsserver2003/technologies/storage/dfs/tshootfrs.mspx
Operations Masters Technical Referencehttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/7fffd300-bbf1-4d9f-a46c-43252c364116.mspx
This session's resource page:http://www.microsoft.com/technet/add-01
Live TechNet Events
Microsoft Events page:
Microsoft Events page:
Announcing MBSA 2.0 BetaMBSA 2.0 is the next version of the Microsoft Baseline Security Analyzer, which utilizes the Windows Update Services infrastructure for security update scanning. Please help us improve the quality of this release. We are currently accepting nominations into the MBSA 2.0 beta program. To nominate yourself for the beta, visit http://beta.microsoft.com, sign in to the system using your Passport ID and a guest ID of "MBSA20" and complete the survey.
Dang.. this day is just full of good news.
Here’s another item that just entered my in-box…
Yes indeed.. we’re releasing Beta 2 today of our Antispyware. What was formerly known as Microsoft Antispyware is now called Windows Defender. This is the antispyware tool that will be included with Windows Vista, and also available for XP. Beta 2 is a free download.
I’m glad you asked. Here’s the text straight from the email:
Improvements in Windows Defender (Beta 2)
I’m running right over to my kid’s laptop and installing it. As I’ve said before, my kids make it a regular practice of attempting to install every virus and spyware tool out there.
For the first 75,000 people who want it, the first beta of the new free antivirus solution from Microsoft is available to download now.
Well.. it is now.. but by the time you read this it may not be any longer. There is a limit, and high demand to try it out.
“What exactly is it?”
Remember Windows Live OneCare? This is it's replacement. No more subscription – just free antivirus. When installed, it replaces Windows Defender and becomes a superset of it's functionality – adding antivirus protection in a very high-performing, non-intrusive way.
“Did you download it?”
Because I work for Microsoft, and it would be wrong of me to get one if other people want it. I’ll try and get it through Microsoft internal resources. I want YOU to be able to try it!
And please let us know what you think!
UPDATE: Looks like all 75,000 copies have been downloaded.
Don’t let that stop you from learning more about it. And keep watching the Security Essentials page for more details.
System Center Virtual Machine Manager (SCVMM) 2008 R2 is a powerful virtualization management tool. It does a great job of organizing and managing your virtualization hosts, clusters, virtual machines, and libraries of resources (virtual hard disks, saved machines, machine templates, profiles for hardware and operating systems, etc.) And it does this for the management of virtualization from either Microsoft or VMware. But there are some really important aspects of virtualization – particularly when we start considering the delivery of IT-as-a-Service, that SCVMM 2008 R2 doesn’t manage.
Here are just a few examples of what I’m really looking forward to in SCVMM 2012, and what I think you’ll be excited about, too.
First – I think you’re going to appreciate being able to manage many more resources as important aspects of your virtualization platform. Defining and then using things such as load balancers and storage devices in how you model virtualized services (not just servers) is a great benefit. Defining logical networks, IP pools, MAC address pools, VIP pools for load balancers; these all become easy then to add to virtual machines and machine templates that are used when building your “service templates”
Which brings me to another new feature that I am very excited about: Service Templates. You will now not only be defining templates for machines and the operating systems that run on them, but you’ll have the ability to create the definition of a service that is potentially made up of multiple machines, network objects (logical networks, load balancers, storage devices), and the relationships that they have. For example – say you are defining a 3-tiered application, with a web front-end, middle application/logic tier, and a database cluster on the back end. And perhaps you need to support high availability and performance that scales through load balancing your machines at the front end or middle tier. And you may even want to define a range of machine instances for those tiers; maybe saying that I need to start with 2 web frontend servers, but I may be scaling up to as many as ten at some later time. You can define all of this as a Service Template. And once you’re ready then to deploy, SCVMM does intelligent placement of the new VMs based on their needs for resources (as defined in their templates) as well as the needs of the service as a whole. Pretty amazing.. and that’s just scratching the surface. You’ll also be able to update the machines in a service by updating the template and then replacing the old with the new template, and finally updating the machines in an automated way.
And finally (though not really finally, because there are so many more new and exciting features that I don’t have time to describe them all here) is the Fabric Management. The “fabric” (a term used to define the parts that make up a “cloud”, which is also a level of abstraction supported in SCVMM 2012) can be defined and configured. Even beyond my first point of managing resources such as storage and networks, SCVMM 2012 extends capabilities for automating the creation of new virtualization hosts – even from bare metal. It talks to the hardware controller on the motherboard and is able to boot and then deploy Hyper-V Server to new physical servers; ultimately adding them into your infrastructure as new virtualization hosts. You can also perform automated updates of your virtualization hosts using WSUS.
“What do you mean, ‘automated’?”
Here’s an example: Let’s say you have a cluster of virtualization hosts running several highly available (HA) virtual machines; meaning that they have the ability to migrate between hosts using Live Migration (or even vMotion.. we don’t play favorites here). But now it’s time to install updates to your hosts. SCVMM automates the process for you by performing the updates in a way that moves around your VMs for you.. installing updates, restarting hosts, and eventually re-balancing (yes.. VMware DRS-style load re-balancing) your VM workloads between and among the hosts. And doing this all with absolutely zero-downtime of your virtual machines and the services they are providing.
If you were at MMS this year, you probably saw this slide several times. It’s one that we’re using in our talks on SCVMM 2012 to introduce the main improvements in SCVMM 2012.
And from the Beta download page, here is the overview and quick list of new features:
Overview System Center Virtual Machine Manager 2012 delivers industry leading fabric managment, virtual machine management and services deployment in private cloud environments. Virtual Machine Manager 2012 offers key new features that include hypervisor creation and management, network management, storage management, private cloud creation, self-service usage and service creation. It features deep investments in server application virtualization, service design and service modeling all of which can be used to efficiently offer an on-premises private cloud.
System Center Virtual Machine Manager 2012 delivers industry leading fabric managment, virtual machine management and services deployment in private cloud environments. Virtual Machine Manager 2012 offers key new features that include hypervisor creation and management, network management, storage management, private cloud creation, self-service usage and service creation. It features deep investments in server application virtualization, service design and service modeling all of which can be used to efficiently offer an on-premises private cloud.
Feature Summary Fabric Management Hyper-V and Cluster Lifecycle Management – Deploy Hyper-V to bare metal server, create Hyper-V clusters, orchestrate patching of a Hyper-V Cluster Third Party Virtualization Platforms - Add and Manage Citrix XenServer and VMware ESX Hosts and Clusters Network Management – Manage IP Address Pools, MAC Address Pools and Load Balancers Storage Management – Classify storage, Manage Storage Pools and LUNs Resource Optimization Dynamic Optimization – proactively balance the load of VMs across a cluster Power Optimization – schedule power savings to use the right number of hosts to run your workloads – power the rest off until they are needed PRO – integrate with System Center Operations Manager to respond to application-level performance monitors Cloud Management Abstract server, network and storage resources into private clouds Delegate access to private clouds with control of capacity, capabilities and user quotas Enable self-service usage for application administrator to author, deploy, manage and decommission applications in the private cloud Service Lifecycle Management Define service templates to create sets of connected virtual machines, OS images and application packages Compose operating system images and applications during service deployment Scale out the number of virtual machines in a service Service performance and health monitoring integrated with System Center Operations Manager Decouple OS image and application updates through image-based servicing Leverage powerful application virtualization technologies such as Server App-V
So as you can see, there is a lot to be excited about coming in SCVMM 2012. Helping you deliver IT-as-a-Service is really what it’s all about. Your “private cloud” just got a whole lot more cloudy. And that’s a good thing.
Here are some more resources for you:
Are you as excited about SCVMM 2012 as I am? Have you tried the beta yet? What do you think? Add your comments and lets discuss it!
In Part 28 (tomorrow) I’m going to introduce you to the current state of self-service for your private clouds.
Welcome to another main installment of our “20 Key Scenarios with Windows Azure Infrastructure Services”. For those of you who are just now starting to follow along, make sure to start your FREE TRIAL of Windows Azure, so that you can follow along.
Those of you who are familiar with System Center 2012, and in particular the Configuration Manager component, are already familiar with the concept of Distribution Points. But for those of you who are new to it, here is a very brief definition that will make it all clear: Ahem… : A Distribution Point is a point from which things are distributed.
“Oh yeah, crystal-clear, Kevin.”
It’s really not complicated (or at least, the idea isn’t complicated). In a large organization, with centralized IT Management, and perhaps with many locations around the globe, it’s important to be able to define locations from which those far-flung users are getting their software or updates from. So System Center 2012 Configuration Manager has
But consider this: What if I were able to use Windows Azure – a cloud-based, highly available and globally scalable service - to act as my distribution points?
“You mean, give immediate, secured, authenticated global reach to your organization’s operating system deployments and software distributions? That would be amazing, Kevin.”
I knew you’d like it. This capability is new in System Center 2012 SP1, and was first announced on the System Center Configuration Manager Team Blog here : New Distribution Points in Configuration Manager SP1.
It is further documented at TechNet here: Install Cloud-Based Distribution Points in Windows Azure. NOTE: The cloud-based distribution point is going to be used deployments other than Microsoft updates. Updates are already available “in the cloud” through Microsoft Update, and it’s just as easy to configure your company’s devices to use Microsoft for operating system and application updates.
For the rest of this article, I’ll break the task of installing and testing this into these steps:
Install System Center 2012 SP1 Configuration Manager
To test creating a cloud-based distribution point, I installed the evaluation of System Center 2012 SP1 Configuration Manager on a local virtual machine in my test domain. My installation was a new Configuration Manager standalone primary site:
(Prior to this installation I had installed the evaluation of SQL Server 2012 on the same machine, but I could have used the “typical installation” option to also install SQL Express to use as the local database. For a good write-up on installing a test machine like this as a Windows Azure Virtual Machine, read THIS EXCELLENT ARTICLE by Keith Mayer.)
After installing and configuring the prerequisites, I also just took the defaults from that point on.
Of course to make an authenticated, secured (SSL) connection between your Configuration Manager installation and your Windows Azure subscription, you’re going to need to generate use a management certificate. And like most situations where we’re just trying new capabilities out that require certificates, there is a simple way, and there is a recommended-for-production way. The recommended-for-production way is to use a PKI, and use the templates and certificate types for Server and Client authentication as described in this document: PKI Certificate Requirements for Configuration Manager
For my purposes, just to get the distribution point created and the trust established between my local Configuration Manager site server and the Azure subscription, I exported both a .CER and a .PFX file from the local machine certificate that was created for my SCCM server and its relationship with SQL Server. It was already of the proper type (from the proper template), so worked fine for my test. Here’s how I did that…
Open MMC (On the start screen, type MMC and run MMC.EXE).
On the File Menu, choose Add/Remove Snap-in… then in the left-hand list, select Certificates, and click Add.
When prompted for what your want to manage certificates for, select Computer Account, click Next, and then click Finish. Click OK to close the Add/Remove Snap-ins form.
Now, in the MMC, navigate to Certificates (Local Computer) –> Personal –> Certificates. You should find a Server Authentication certificate there with the name of your server in the Issued To column.
We’re going to do two export operations on this certificate; one to get a .cer file that we’ll upload to Windows Azure, and the other to create a password-protected .pfx file that we’ll use to configure the connection from our local Configuration Manager to create the cloud-based distribution point.
First we’ll export a .cer file:
Now we’ll export a .pfx file:
Upload the .cer file to our Windows Azure subscription. (If you don’t have one, it’s easy to START A FREE TRIAL HERE.):
And there you go. The certificate for our test is in place. Now we’re ready to create and connect Configuration Manager to a new cloud-based distribution point.
Create the Distribution Point
And now you’ll see your new Cloud Distribution Point listed in the main part of the page, that will have a status of Provisioning. Eventually that status will change to Ready.
Go back to your browser and to your Windows Azure administration page. Navigate to the Cloud Services section on the left. It will take several minutes but eventually you will see a new cloud service with a long-and-ugly name show up.
Note toward the right that you have a value in the URL column. That value (which is essentially <your service name>.cloudapp.net) is the DNS name that your clients will use for connecting to the distribution point and getting their software.
Below Cloud Services, find and click on Storage. Here you’ll see that a new storage account has been created with the same ugly name that the new cloud service has.
As I’m sure you’ve guessed, this is the storage account that will hold all software and other items that you’ve deployed to your distribution point.
And now you’re ready to distribute some software to your new distribution point in the clouds. Try it out by distributing the Configuration Manager Client Package up to the your distribution point.
Now let’s see if that package is being distributed.
Another way to show that you’ve succeeded is to go back to your Windows Azure administration page, click on Storage, click on the your storage account, and select the Containers tab. You’ll see new containers being created that you can drill-down into and actually see the files and their URLs.
Considerations for Client Access
“So.. is that it?”
Almost, but not quite. The Planning for Content Management in Configuration Manager document has an important section describing how and when clients will access your cloud based distribution points: Client to Cloud-Based Distribution Point Communication. Make sure you read and understand the points made there.
System Center 2012 SP1 Configuration Manager adds the ability to configure and use a Windows Azure-base service to hose a Distribution Point as what is now known as a “Cloud-Based Distribution Point”. Once certificates are in place, the actual creation of the distribution point in your Windows Azure subscription is fairly straight-forward, and for distributing content, it becomes just another option when choosing where to distribute your deployed applications and packages.
What do you think? Are the wheels turning as you’re now envisioning all of the flexibility that this new capability will give you? If not, you’d better read this article again.
Here are some resources relating to the webcast I presented on April 30, 2007, entitled “TechNet Webcast: Windows Deployment Services Overview”.
I hope you find them useful.
How Unattended Installation Workshttp://technet2.microsoft.com/WindowsServer/en/Library/d24c91f2-80cd-4a60-98c0-4b9ad28f678a1033.mspx
Remote Operating System Installation (Windows 2000 and RIS)http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/depopt/remoteos.mspx
Choosing Between ADS and RIS for Bare-Metal Deployments and Re-Deploymentshttp://www.microsoft.com/windowsserver2003/techinfo/overview/risvsads.mspx
ImageX and WIM Image Format
Windows Deployment Services Update Step-by-Step Guide for Windows Server 2003
How Remote Installation Services Work
Windows PE 2.0 for Windows Vista Overview
This session’s resource page:
Microsoft Events page:
Resource Page for
Wednesday, February 16, 20051:00–2:00 P.M. Pacific Time, United States and Canada (UTC-8)
Tune in for a discussion of user account management. Including an overview of user objects, the various properties you can assign, and the methods for creating both types of user objects.
Windows Server 2003 – Common Administrative Tasks:
Creating User and Group Accounts
Exchange 2000 Server Resource Kit – Part 2, Ch 5:
Active Directory Integration and Replication
User Management Build Guide:
Chapter 3 – Adding a User Account
Windows Server 2003 Command-line Reference A-Z
..and here is the link to use to register for or view Series Webcast Part 3:
TechNet Webcast: Windows Server 2003 Administration Series (Part 3 of 12): User Profiles (Level 100)
Wednesday, February 23, 20051:00–2:00 P.M. Pacific Time, United States and Canada (UTC-8)
Wednesday, February 23, 20051:00–2:00 P.M. Pacific Time, United States and Canada (UTC-8)
As promised, here are the “Best of Q&A” from the webcast I delivered on June 11, 2009, entitled "TechNet Webcast: Windows Server 2008 R2 Technical Overview (Part 2 of 2)”
A BIG THANK YOU to Dan Stolts for assisting in answering questions during the webcast! This blog post is primarily a result of his efforts.
Thanks for attending! ...and if you haven't seen the webcast yet, you can click on the link above (or the picture to the left) to get to the registration page.
Also - Here the RESOURCES I pulled together for this webcast
I hope you find these useful!
Questions and Answers
“Is the Windows Management Service the service that manages the WMI protocols?”
No, WMI has it's own services structure. isolating these functions is important from both a performance (do not run it unless you need it), ease of use (disable, restart, easily), and security (no security foot print if not needed because the services are not installed/ disabled).
“Ok, then, in a nutshell, what does Windows Management Service do? When did it first become a part of windows server NT, 2000, 2003, or 2008?”
I may have misunderstood your first question. The term "Windows Management Service" is probably what threw me off. Windows Remote Management (WS-Management): Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. (used to communicate with WMI) The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Windows Management Instrumentation: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. This is the WMI Featureset.
“Can direct access client be run on other operating systems such as Windows XP or Vista?”
No, there is not a client for Windows XP or Windows Vista. To my knowledge there are no plans to make these as add-in clients. DirectAccess requires Windows 7 client and 2008 R2 server. (In the webcast, I explain more specifically why that is.)
“Is there a new version of the RDP client for Windows 7? If so, will it be backported to run on XP and Vista as well?”
Yes, there is a new RDP client in Windows 7 that supports enhanced multimedia, multi-monitor, and other new features. I don’t know what the plan is to make it available as an upgraded client for Windows Vista or Windows XP.
“When you are connected to a remote system via DA you can see their screen as they logged on but are you running your session with your administrative rights?”
When I connected in the demo using Remote Desktop, I was logging in with the same account that was already logged-in on the desktop. So it locked the desktop at the client side, and allowed me to continue that same session from the LAN-side. As far as it relates to DirectAccess, there, really is nothing special here (and that’s the big news, really). It’s just a remote desktop connection like any other – except that I was able to launch it from inside the LAN, and connect to that client that is somewhere online and on the Internet. And to be able to do it BY NAME is also pretty cool. (Remember the IPv6 addresses we saw in DNS for that client?)
“How will the direct access feature integrate with SCCM 2007?”
As long as your SCCM Management Servers are able to see the clients, I don’t know of any issues. It’s not so much a special integration as it is those machines appearing to be available. As long as you have your networking configured properly (the required IPv6 and IPSec parts), I don’t see why SCCM would have any issues; while gaining the benefit of having access to those clients more often.
“Did I understand right? DirectAccess requires IPv6?”
Yes. You heard right.
“Can you comment on this - with so many features in Win 7 require 2K8 R2, what would be the incentive for enterprise to upgrade sooner rather than later. My view, it just increases the overall complexity and scope.”
Well, of course every business and every person is going to have to make the decision for themselves based on the new features in either product (Server or Client), and then the additional features gain when you have both. There are great reasons to move to Windows 7. There are great reasons to move to Windows Server 2008 R2. And the added functionality you get with both is icing on the cake; but you will have to decide for yourselves whether things like DirectAccess and BranchCache are of great-enough value to your organization to justify rolling out both. (You probably can guess what my opinion is.. but it’s not coming out of MY budget.)
According the The Register (“Biting the hand that feeds IT”… I like it.), there are already viruses being created that target the new scripting shell Microsoft is developing. If they're looking for a name for the virus, I propose "Shmista".
“Scripting Shell? Really? And it will be in Vista?”
Whether or not it’s in Vista remains to be seen. However, the command shell formerly code-named “Monad”, now called MSH, is what they’re referring to. Last I heard they are planning on shipping it along with and as a feature of the next version of Exchange Server (Exchange 12 coming in 2006). I saw it in action for the first time at the Microsoft Global Briefing in Atlanta last week, and… all I can say (or am allowed to say), is… WHOA BABY THAT’S COOL.
“The goal of Monad (now MSH) is to provide a powerful command-line management solution. It is both a language and a framework for easily creating commands to manage windows platform. So - it's more command-line oriented than WSH but has a lot of the scripting abilities of the WSH languages. It's somewhat of a higher level language than VBScript, etc. Another quite significant difference is that it's an interactive environment.”
“The goal of Monad (now MSH) is to provide a powerful command-line management solution. It is both a language and a framework for easily creating commands to manage windows platform. So - it's more command-line oriented than WSH but has a lot of the scripting abilities of the WSH languages. It's somewhat of a higher level language than VBScript, etc. Another quite significant difference is that it's an interactive environment.”
Back to the Register… I wouldn’t be surprised that people are already trying to break it. That makes sense. It was true with IE 1.0, is true today, and will be always: When Microsoft makes available functionality that makes coding or administration simpler, there is always someone ready to exploit it. And with MSH, well.. BRING IT ON. I’m sure the team would rather find the vulnerabilities sooner rather than later.
What do you think?
IMPORTANT UPDATE: This promotion and promotion code have expired.Please CLICK HERE for the most current promotion.
Whenever I present a live TechNet Event, I ask my audience to raise their hands if they are a TechNet subscriber. Usually about 1/2 of the audience raises their hand. Considering that this is typically a Microsoft-friendly audience, I'm a little shocked that there aren't more hands going up. The TechNet Subscription is such a great resource for IT Pros, for these reasons:
For all of those reasons (Heck, for any ONE of those reasons), a TechNet Plus subscription is worth the yearly investment.
"Cool, Kevin. But how do I save $$$s?"
For new subscriptions, from now until March 31, 2010, you can save 28% on the TechNet Plus Direct subscription. What would have cost you $349 will now only cost $251.28.
"That's nearly $100!"
"Is this worldwide, or U.S. only, or what?"
This is for residents of the U.S. only.
“Why new subscriptions only? Why not a discount renewals?”
Renewals are already automatically discounted, even more than you get with this code. Besides.. we’re honestly trying to promote TechNet Subscriptions to those who haven’t yet benefited from it. We’re pretty confident that if you try it, you’ll see enough value in it to renew your subscription.
Write down or copy this promotion code to your clipboard: TNITE04 (That's zero-four. Not the letter O.)
Then GOTO the TechNet Subscription Center (CLICK HERE), and use the code to get your savings.
“Hey Kevin, didn’t you have some other code we were using before?”
Yes. The “TMSAM08” code is no longer valid. You need to use this new TNITE04 code now.
Today’s installment of our “Build Your Private Cloud in a Month” series is the second of a 5-part mini-series we’re calling “Deploying Private Cloud Workloads”. This week we (Tommy Patterson, Blain Barton and I) are going to detail and demonstrate some of the key areas in System Center 2012 SP1 Virtual Machine Manager that support the foundational concepts and objects in your Private Cloud arsenal:
To follow along, make sure you have installed a test lab with Windows Server 2012 and the Virtual Machine Manager component of System Center 2012 SP1. (Click the links and download the evaluations, please.)
Today’s topic is Guest OS Profiles in System Center 2012 SP1 Virtual Machine Manager.
What is a Guest Operating System Profile?
Similarly to we discussed yesterday when I told you about Hardware Profiles, a Guest Operating System Profile “specifies the operating system settings that you want the virtual machine to use when a virtual machine is created and deployed.” It’s a named definition that represents some desired configuration that can be applied to new virtual machine templates.
Notice that I didn’t say “you can apply a Guest Operating System Profile directly to a new virtual machine”. These profiles are first associated with Virtual Machine Templates, from which virtual machines can then be created. You won’t have an option to add a Guest OS Profile to a machine that you’re creating from scratch (unlike you could with the Hardware Profiles we talked about yesterday).
Why are Guest Operating System Profiles Useful?
Think of a scenario where you need to create many (several, dozens, hundreds, thousands) of virtual machines that all are pretty much going to be doing the same thing. They all have the same OS, have similar names, administrator passwords, product keys. They are all web servers which require various features of IIS to be installed. They all join the same domain. These items “in common” relating to the configuration of the virtual machine’s operating system are perfect reasons to use Guest OS Profiles.
IMPORTANT: Let’s consider what this implies. Unlike other virtualization solutions that would require me to pre-build and install separate disk images containing various optional operating system configurations, each with roles and features installed differently, I now have the ability to use just one disk image, or one generic OS installation, and then apply different configuration choices dynamically, and at the time of VM creation and deployment. We can define these differences in the Guest OS Profile section of the virtual machine’s properties as we’re creating them, and we can pre-build these Guest OS Profiles to represent those different machine options. That’s huge.
How do I create a Guest Operating System Profile?
Guest Operating System Profiles are created in the Profiles area of the Library section in Virtual Machine Manager.
Right-Click on Guest OS Profiles to launch the creation of your new Guest OS Profile.
As you can see from the name and description, I’m creating a common Guest OS profile for Contoso’s web servers.
After you’ve given your profile a name, click on Guest OS Profile, and you can see all the areas we are going to potentially configure. (I’ve collapsed all but the first area to make it easier to see what we’re talking about.)
The General Settings area allows you to configure the items you see here. For example, the Guest Operating System selection you make here will shape how the rest of this configuration works for you. For example, if I select Windows XP, I’m not going to be able to add Roles or Features. It doesn’t make sense.
Expand the list to see the many choices that you have. I’m going to leave “64-bit edition of Windows Server 2012 Standard” selected.
Under Identity Information…
…we can specify the name we want to give our computer. This name is the actual machine name (and just not the VM name used in Hyper-V Manager or Virtual Machine Manager); which means it should probably be unique. And which is why you have a wildcard ‘*’ option for allowing VMM to generate a new unique name with each new machine based on this Guest OS Profile.
But that’s not the only option. You can also use ### characters to set up a portion of a recognizable name to have a numeric incrementing value to make them unique. In my case, I’m going to use Contoso-WEB-## to generate computers named Contoso-WEB-01, Contoso-WEB-02, and so on.
Under Admin Password…
…I’m going to use my pre-defined Run As account “Admin” to be configured and used as the administrator account on these new machines. Notice that you also have the option of not specifying an account, or defining one for the local Administrator specifically here.
(For more information about Run As accounts in VMM, CHECK OUT THIS ARTICLE – Configuring Run As Accounts in VMM)
Click on Product Key…
…which is (you guessed it) where we can add a product key for this operating system. This is optional. And no.. I’m not going to show you my product key. Sorry.
That “Product key provided by answer file.” option is greyed-out because I haven’t added an answer file under the Scripts section. If I had done that, we could then check the box to grab the product key from that answer file.
…is of course where we can set the time zone for this machine. Personally, I’m partial to the BEST place to live: The GMT -6:00 Central Time Zone (US and Canada).
Okay.. now let’s click on and expand Roles and Features.
This is where, in my opinion, things get really interesting. We can actually pre-determine which roles and features are to be added to a machine. If machines based on this Guest OS Profile are going to need certain .NET framework versions installed, or have IIS installed, I can define that here. The image or installation that I base the deployment of these machines on doesn’t have to have these pre-loaded.
NOTE: the configuration of roles and features here is only used if this Guest OS Profile is used in a VM Template, which is in turn used in a Service Template. You will get a warning reminding you of this if you configure these here, and then try to create a VM directly off of the VM Template. The proper way to get this to work is to create a Service Template. Even if you only have a one-machine Service Template, the deployment of the service will configure the roles and features you’ve specified (along with adding applications and SQL Server configurations, which we’ll talk about tomorrow); whether coming from the Guest OS Profile, or directly in the VM Template.
Click on and expand Networking.
This is where, if I choose, I can pre-define the domain membership that machines using this Guest OS Profile should have. In my example I am again using my pre-configured Run As account “Admin” to join these machines to my Remde.home domain.
Finally, click on and expand Scripts.
Here is where I can point to an answer file that might have been built manually, or by using the Windows System Image Manager tool (a part of the Windows Assessment and Deployment Toolkit (ADK)).
The [GUIRunOnce] Commands…
…give you the powerful opportunity to add a command or script to be launched the first time a user logs on to machines based on this profile. So, if there is further customization or other scripted installations that need to take place once the machine is first used, you can have that launched automatically by configuring it here.
When I finally click OK, I now have my new Guest OS Profile.
Right-Click the new profile and select Properties to make changes or view other information about the profile. For example, you have a Dependencies area…
…which shows you if there are any items that this profile is dependent upon. (Hence the name.) In my example I used the Admin RunAs account two times in the profile, so this is reminding me that that definition needs to remain in place for this Guest OS Profile to function properly.
The other new area is Access…
…which, like it did in Hardware Profiles, allows us to add self-service users or roles here to grant use-rights for this profile.
(For more information about Self-Service Users and Roles, CHECK OUT THIS ARTICLE on Configuring Self-Service in VMM
Creating a Virtual Machine Template
To use my new profile, I’ve created a new virtual machine template called Contoso-WEB-Server Template, which uses a modified version of the Hardware Profile we created yesterday, and the Guest OS Profile that I created just now. In the creation of the VM, I also pointed to the Windows Server 2012 evaluation .VHD as the base image for this machine. (You can start playing with this evaluation .VHD by choosing the “Download the Evaluation VHD” option on my Server 2012 evaluation download page.)
In the interest of keeping this blog post short (?!), I’m going to leave the details of working with VM Templates to my friend Tommy Patterson’s post this coming Thursday.
Creating a Virtual Machine
If you’re looking at the Templates area under Library, you can now create a new virtual machine by right-clicking on the template…
…and selecting Create Virtual Machine.
For the Virtual Machine’s Identity…
…I can leave it blank. If you do that, it will create the name from what you’ve specified in the “Configure Operating System” area of the wizard (which, as you’ll see, we’re going to get from our newly created Guest OS Profile).
For the Hardware Profile, I’ll select one that I recently created (based on the one we built yesterday).
For the Guest OS Profile, I’ll select our new Contoso Web Server Profile.
For the Destination, I’m going to put my new machine on a host. Notice that I could also choose to deploy to a supporting Cloud, or to the library as a stored machine.
The Intelligent Placement algorithm kicks in and, for my machine, determines that there are only two of my three servers that are viable candidates to host my machine. I’ll choose the first option.
Reviewing the settings let’s me see what the defaults were that are about to be assigned, and gives me an opportunity to change them.
For example, I had tested this deployment before, so the computer name ## was incremented higher than I wanted. Otherwise things look good.
Click Next. I’m going to leave the Add Properties alone. I’m fine with those defaults. Click Next again…
… and then click Create.
Several minutes later, you should have a new virtual machine! Notice that it completed with warnings – mainly reminding me that because I used a VM Template (and not a Service Template) to directly create the virtual machine, it wasn’t able to modify the roles or features as I had specified in my Guest OS Profile.
When start up, connect to my machine, and log-on, I can see that it has joined the domain as I had configured in our Guest OS Profile…
…and all is as I expected!
For More Information
For more details, I recommend the following articles and locations for expanding your knowledge of System Center 2012 SP1, Virtual Machine Manager, and VMM Guest OS Profiles:
Was this useful? I hope so! Let me know in the comments if you have any questions, concerns, clarifications, or cheap shots at me or Microsoft. (Hit me with your best shot! I can take it! )
This just in from the Sr. Product Manager of TechNet Subscriptions -
Windows Vista Ultimate edition and Office 2007 will be coming to TechNet Plus subscribers in the January shipment.
"But I want to download it sooner than that!"
Okay. How about this:
Of course this is only for TechNet Plus (or TechNet Plus Direct) subscribers.
So if you're not already a subscriber, maybe you should do something about that.
**Please note: "Replication of all files out to regional datacenters will take significant time. Specific editions will be available first, with the full range becoming available over several hours. We will be posting CD iso images to begin, followed by DVD images."
This ad is just the best! Worth sharing here just for the humour value.
(And it puts me in the mood to watch one of my all-time favourite movies, too.)
“That’s one more, in’it…”
Ray Ozzie is now Microsoft’s CTO!
And equally good new: Microsoft Acquired his company, Groove Networks. Watch for some great stuff to be coming out of that deal!
UPDATE: Here’s the Microsoft PressPass announcement.
I am in love with IE7. Even in its beta form. It truly rocks.
Sean Alexander found and posted a fun commercial / teaser on IE 7 on his blog.
During our TechNet Briefing in Chicago last week, a gentleman asked me a very interesting question, which he also sent as a followup email:
“As I stated what I would like to do is take an existing nt 4.0 domain (which can not be upgraded because of legacy apps, citrix XP). Create a two way trust between a new Windows 2003 AD domain and install Exchange 2003 on the new domain. Then I would run Exchange 2003 in mixed mode from now until the money becomes available to upgrade the citrix clients. What I want to do is use the new domain exclusively for email right now for my NT 4.0 users. This should work or am I way off base? Is this not just a restructure upgrade approach with a long time frame. I should not even have to move any users off of the NT 4.0 domain because of the two way trust, correct?”
I took this question as a challenge to try it out myself. So.. taking the VPCs I used for our Exchange Migration session TNT1–100, but I also created a workstation and user who used Outlook to connect to his Exchange 5.5–hosted mailbox, so I could verify that later, even after moving his mailbox to the 2003 server, he could still log in with his NT account. (I really didn’t logically see a reason why this wouldn’t work, due to the trusts established and the ADC Connection Agreements configured properly.)
Also, I found the following text within the Deployment Tools concerning “Exchange 5.5 Coexistence”:
—Active Directory and Windows NT 4.0 AccountsBefore you install Exchange 2003, you should already have Active Directory deployed within your organization, but it is not necessary to upgrade all of your Windows NT 4.0 domains or user accounts to Windows 2000 Server or Windows Server 2003. Even if your accounts are contained in Microsoft Windows NT 4.0 domains or external forests, you can move mailboxes associated with these accounts to Exchange 2003. During the deployment process, Active Directory Connector creates placeholder accounts in Active Directory for Microsoft Windows NT 4.0 accounts. Each placeholder account associates the mailbox with the Microsoft Windows NT 4.0 account so that the user can access his or her Exchange 2003 mailbox.—-
So…After making sure my workstation and user (Aaron) were NT-domain joined and Outlook was up and running, I walked through the deployment tools on the new Exchange-server-to-be; prepping the environment with the two-way trusts, administrative rights, Forest and Domain Prep, the ADC installation and configuration, and the Exchange 2003 installation (including the upgrade to SP1). Notice that one step I left out was the use of the ADMT (Active Directory Migration Tool) to create the users as new Active Directory domain users. We’re still going to use our NT account here.
Now I was ready for the mailbox move. Unlike the case where I was migrating users, I didn’t have any new AD accounts to run Exchange Tasks against in the Active Directory Users and Computers tool, I tried to use the System Manager to move the mailboxes. I could use this to move the one mailbox that actually had data in it (my test user Aaron), but in our demo environment, the rest of the defined mailboxes had never been connected to - so they hadn't actually been created yet.
"But.. didn't the ADC create dummy accounts for you in Active Directory?"
Yes! It created a "Recipients" container and populated it with disabled user accounts. (It even duplicated and populated Distribution Lists that existed on the old Exchange Server, too!) I selected these, performed "Exchange Tasks" on them in order to do the Move Mailbox wizard. And this worked just fine for moving all of my NT users mailboxes over to the new server.
Because Aaron's mailbox was moved within the same “site” (as far as my Outlook profile was concerned), the he was able to re-open Outlook and the profile was automagically tweaked to point to the mailbox now on the new server.
“So.. that’s it? It just works?”
Basically, yeah! But… I’m not done yet. I wonder what happens if I now remove the old Exchange Server…
We’ll save that for Part 2.
PS – Feel free to comment or question further by clicking on the “Feedback” Link immediately below this post.
As a followup to the SMS question I answered, I thought anyone using SMS might find this download useful. Here’s the text from the overview:
As promised, here are the “Best of Q&A” from the webcast I delivered on June 3, 2009, entitled "TechNet Webcast: Windows 7 Feature Overview (200)”
A BIG THANK YOU to Dan Stolts and Matt Hester for assisting in answering questions during the webcast. This blog post is primarily a result of their efforts.
UPDATE: I'm done posting the screencast recordings I made of the demos for this session. Check out THIS BLOG POST for the list of and links to the demo screencasts!
I hope you find these useful!
“I would like to know what the status is on supported drivers for Windows 7 i.e. what is the new figure above 47,000. Last time I was told "98 of the top 100 devices are now supported, and more than 47,000 drivers have been added since Windows Vista was released. 99% of Windows Vista PC’s have drivers for every single supported device installed.”
There are no available statistics as of yet, however 7 will retain Vista's driver model, ensuring hardware drivers written for Vista will work with the new operating system when it ships. I know also early on in the process we were required 64-bit device drivers to be signed. This was/is mandatory.
“Will Direct access allow for users on Windows 7 to reset their AD password against the DC”
Yes, the same ways you have done in the past. And yes, even while connected via DirectAccess.
“How does direct access work with a 2 factor authentication?”
Right now the only 2-factor authentication we allow for DirectAccess scenarios is SmartCard.
“Will the DirectAccess Server replace the NAP/NPS server feature of W2K8 SP1?”
DirectAccess is not directly related to NAP/NPS. DA is for connectivity – but using IPv6 across untrusted networks. NAP can be used in DA the same as you would use it on the LAN, for verifying health and granting access based on that health. But the one doesn’t replace the other.
“This technology (DirectAccess ) will be replace NAP?”
No, NAP or Network Access Protection confirms the machine meets all security requirements for corp policy. DirectAccess allows external machines to connect to the corp network.
“Is Windows 7 a new Windows 2010 OS?”
Windows 7 is a new OS from MS and will be available Oct-22-2009: http://blogs.technet.com/matthewms/archive/2009/06/03/windows-7-and-windows-server-2008-r2-ga-and-rtm-dates-announced.aspx
Yes, Matt.. I’ll even let you promote your blog on my blog. (smile)
“Has the BrancheCache feature been tested against WAN Accelerators that do the same thing from a hardware perspective?”
Nothing I am aware off, but they really are for two different things, the WAN acclerators traditional help compress traffic on the wire, while branchcache's goal is to avoid having the traffic go on the wire, by storing the file locally. For example your WAN accelerator could help with the initial download of the file, but then branchcache systems in the branch office would handle any other requests for the file locally and not cause traffice on the WAN link.
I know there are WAN accelerators that do provide similar functionality, but the beauty of BranchCache is that A) it’s included with the OS, and B) it is not using any special protocol or special tunneling of traffic to make it work. Those hardware accelerators sometimes get in the way of standard networking. For example, they make it impossible (or at least difficult) to encrypt traffic end-to-end.
“Is only Windows client going to be available this year? When is new server version going to come out?”
Windows 7 will be released in Oct and Windows Server 2008 R2 is expected to be released at about the same time. http://www.microsoft.com/presspass/features/2009/Jun09/06-02SteveGuggenheimer.mspx
(No promises here.. but I’m hoping they release it on the very same day – like they did with the Betas and the Release Candidates.)
“How is bitlocker to go compatible with previous versions of windows or even linux?”
For previous versions of windows they should be able to read the bitlocker unlocak file on the USB drive to be able to unlock the drive, I believe for all other OS's the drive will not be readable.
It’s actually pretty clever… there is an ordinarily hidden, very small partition on a BitlockerToGo encrypted drive. If I put it into, say, and XP machine (and who runs XP these days? Oh yeah.. almost everyone. L) , you’ll have the ability to run a little application from that partition that will add the ability to enter the password (or recovery key) and then read the drive. Smart stuff.
“If I purchase a new PC now, will I qualify for a free upgrade to Windows 7 or do I need to wait until October?”
I don’t think the timing on this has been officially announced, but there will likely be a day (soon) after which a purchase of Windows Vista (and likely only certain versions) will be freely upgradable to Windows 7.
“When is W7 RC2 available?”
There is no RC2. There is just RC. Beta was just beta. Next up: RTM
“What is recommended RAM for Windows 7?”
At the time of the RC, the requirements are:
“Is Windows 7 RC deployable through WDS?”
Absolutely. We’re using the same imaging technology. You definitely should look at http://www.microsoft.com/deployment for links and information about the current state of deployment, and the free tools and guides available. For example – there is a beta of the WAIK and of the Microsoft deployment Toolkit that have additional functionality to support deploying Windows 7. But even without additional updates, WDS will deploy a Windows 7 image as readily as it will a Windows Vista one.
“Will hardware drivers written for Vista work in Windows 7?”
Yes. Or more correctly, “it’s overwhelmingly likely”, since the driver model is the same.
“What is the airspeed velocity of an un-laden Swallow?”
What do you mean? An African or European Swallow?
Here are some resources relating to webcast I delivered on June 3, 2009, entitled "TechNet Webcast: Windows 7 Feature Overview (Level 200)”
This is part 1 of a many-part series on Windows 7.
I have also recorded the demos as screencast videos. Watch my blog for when those go live on TechNet Edge. UPDATE: They're live! Check out THIS BLOG POST for the list of and links to the demo screencasts!
I hope you find these resources useful!
TechNet Edge Interview: BranchCache in Windows 7 http://edge.technet.com/Media/Branch-Cache-in-Windows-7/
Windows 7 for the Enterprise http://www.microsoft.com/windows/enterprise/products/search-information.aspx
Windows PowerShell 2.0 CTP http://www.microsoft.com/technet/scriptcenter/topics/winpsh/newin2.mspx
Windows 7 Walkthrough: AppLocker (Video Download) http://www.microsoft.com/downloads/details.aspx?FamilyID=7a919629-4d8b-43c5-8115-78bc30a187c2&DisplayLang=en
Windows 7: Troubleshooting and Support http://technet.microsoft.com/en-us/library/dd349347.aspx
Windows 7 Energy Efficiency (“Engineering Windows 7” Blog) http://blogs.msdn.com/e7/archive/2009/01/06/windows-7-energy-efficiency.aspx
Microsoft TechNet Springboard http://www.microsoft.com/springboard
Microsoft TechNet http://www.microsoft.com/technet
Live TechNet Events http://www.technetevents.com/
Microsoft Events page: http://www.microsoft.com/events
Save 15% on a TechNet Plus Subscription (including beta access like Windows 7, non-timeout evaluation software, 2 support calls, and more!)
My friend and teammate Kai Axford delievered an EXCELLENT webcast just a few minutes ago, for which I had the honor of covering the Q&A. The webcast was all about ways to secure your messaging using Exchange 2003, Outlook 2003, ISA Server 2004, S/MIME, PKI, OWA… Great stuff!
Here is the link to the webcast for On Demand Viewing.
And below I’ve listed the Q&A from the session, so you webcast viewers can take advantage of the resource links directly. I hope you find them useful!
Here’s the link to Brian Komar's PKI Security Book Kai mentioned:
How to protect SMTP using Transport Layer: Check out "How to help protect SMTP communication by using the Transport Layer Security protocol in Exchange Server" http://support.microsoft.com/?id=829721
Securiing email using S/MIME and Exchange Server 2003:Read the “Exchange Server 2003 Message Security Guide” available at http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/exmessec.mspx.
“Please ask Mr. Kai to not speak so loudly into the microphone. Thank you.”This just happens when he gets exctied. Hopefully he toned it down enough for you later in the webcast.
“If I install S-MIME in my organization, I will have impact with the users that have out of my company?”Not necessarily. As Kai said, it has everything to do who you trust and how those who trust you have access to a trusted root authority. The impact will be in getting the public keys out to recipients of emails that you want to sign or encrypt, so that they can take advantage of it.
“What is Certificate Services?”http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/63e3ba1c-cc23-40b1-9ca2-853869677318.mspx
“But what is the real-world impact of switching to S-MIME in an organiztion as it pertains to outside trusts, ie. hotmail, sbcgloabl, yahoo, etc.?”Their client will have to support certificate authentication. (S/MIME). It's pretty common now. AND they will have to install the public key you provide them.
“What's that desktop bkgrd called with the host ip and domain script?”He's probably run a tool to build that. I know there is one like it at SysInternals.com called "BGInfo". http://www.sysinternals.com/Utilities/BgInfo.html
“The installation of certificate services were done in the exchange servers with the mailboxes user?”Certificate Services is outside of Exchange in Exchange 2003. It is a free component that you can install on any Windows 2000 or 2003 Server. It’s included with the OS.
“Thanks, so of this way, is not necessary any configuration between exchange server and certificate server?”Other than that checkbox Kai showed earlier for supporting certificates, no.
For more PKI / S/MIME information: Read the “Exchange Server 2003 Message Security Guide” available at http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/exmessec.mspx
“Where can you get the certificates services ? is this something already in windows 2000 /2003 or is this something that has to be downloaded from microsoft.com if downloaded what is the website address ?”FREE.. and you already have it. It's an installable component of the server product.
More information on using Windows Rights Management: See http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx
“WRM can be deployed to all users into a organization?”|Yes.
“Does WRM protect email from being forwarded when sent to an email system other than Exchange?”Yes. It stops on your end before it goes out.
“Is Windows IRM free or cost money ?”
Windows Rights Management Servce is a product. It does cost money. See:http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx
“What is the diference between sign and encrypt the message? when the message goes signed can be spyed?”Signed just means you can be sure that it came from who it says it came from, but doesn't mean the message itself is encrypted... so yes, if you're not using some other encryption, the message can be read.
For a complete list of the other ports required in the Exchange front-end and back-end server,see “Front-End and Back-End Topology for Exchange Server 2003 and Exchange 2000 Server” at http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/febetop.mspx
For more information about Exchange Server 2003 RPC over HTTP(S) deployment configurations, see “Exchange Server 2003 RPC over HTTP(S) Deployment Scenarios” at http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/ex2k3rpc.mspx
“Asked: is there other solution such as certificate services of other providers?”Yes. S/MIME and email signing and encryption doesn't have to use the Microsoft certificate services. It will work with any standard PKI you want to use.
“Does it work on a 2003 exchange cluster server?”Yes.
“What is the e-mail addres of Kai? Can he receive questions to his e-mail?”
firstname.lastname@example.org. Yes, he's happy to get emailed questions from you. But try me first. :)
Using ISA Server 2004 with Exchange Server 2003:see http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/exchage2003.mspx
“Can we get a hold of those scripts that change the IPs?”
Email Kai. He may be able to get them to you.
Deployment Scenarios for RPC over HTTP(S):http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3RPCHTTPDep/ee9b228f-db48-4860-8bfd-3195881b8980.mspx
For more information about limiting client access to Exchange Server,Refer to Article ID: 328240 at http://support.microsoft.com/kb/328240
For more information about the Outlook 98 and Outlook 2000 version of the e-mail security enhancements, refer to “Outlook 98 E-mail Security Update” at http://www.microsoft.com/technet/archive/office/office97/support/out98sec.mspx and “Outlook 2000 SR-1 Update: E-mail Security” at http://www.microsoft.com/technet/prodtechnol/office/office2000/support/o2ktool.mspx
For a list of the restricted file types, see the “Outlook E-mail Security Update— Frequently Asked Questions” at http://office.microsoft.com/assistance/2000/Out2ksecFAQ.aspxor “Attachment File Types Restricted by Outlook 2003” at http://office.microsoft.com/en-us/assistance/HA011402971033.aspx
For more information about setting the Level1Remove registry key see “Administrator-Controlled Settings vs. User-Controlled Settings” at http://office.microsoft.com/en-us/assistance/HA011402961033.aspx
For more information about configuring Outlook security settings, see “Customizing Security Settings by Using the Outlook Security Template” at http://office.microsoft.com/en-us/assistance/HA011402931033.aspx
For more information about using ISA Server 2004 with Exchange Server 2003, see http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/exchage2003.mspx
For more information about installing an SSL certificate on your server, read the Knowledge Base article 298805 at http://support.microsoft.com/default.aspx?scid=kb;en-us;298805
For more information about additional security-related features, read “How to manage Outlook Web Access features in Exchange Server 2003” at http://support.microsoft.com/?kbid=830827
To download the Outlook Web Access administration tool, go to http://www.microsoft.com/downloads/details.aspx?familyid=4bbe7065-a04e-43ca-8220-859212411e10&displaylang=en
OWA Publishing through ISA Server 2004:http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/owapublishing.mspx
Exchange Server 2003 SP2 is coming!http://www.microsoft.com/exchange/downloads/2003/sp2/overview.mspx
Exchange Book:Answered: http://www.amazon.com/exec/obidos/tg/detail/-/0735619905/103-8014442-7447030?v=glance
“Great Job man”
Wednesday, March 30, 20051:00–2:00 P.M. Pacific Time, United States and Canada (UTC-8)
Tune in for an overview of the Domain Name System (DNS) and the associated terminology. We’ll also cover topics
“How DNS Works”http://www.microsoft.com/Resources/Documentation/windowsserv/2003/all/techref/en-us/w2k3tr_dns_how.asp
“How DNS Query Works”http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_und_HowDnsWorks.asp
“DNS Domain Names”http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_und_DomainNames.asp
“DNS Requirements for Installing Active Directory”http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_dns_und_dcpromo_requirements.asp
“Understanding Zones and Zone Transfers”http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_und_ZoneTransfers.asp
“Active Directory Integration”
“DNS Overview – Server Features”
MSDN – Platform SDK – Active Directory Partitions
“Understanding Aging and Scavenging”http://www.microsoft.com/resources/documentation/WindowsServ/2003/enterprise/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/enterprise/proddocs/en-us/sag_DNS_und_AgingScavenging.asp
“Using Server Debug Logging Options”
Official Series Resource Pagehttp://www.microsoft.com/technet/tnt4–04
Free Windows Server 2003 Virtual Labs:http://www.microsoft.com/technet/traincert/virtuallab/windowsserver2003.mspx
Windows Server 2003 Evaluation kit:http://www.microsoft.com/windowsserver2003/evaluation/trial/evalkit.mspx
Windows Server 2003 Training and Events:http://www.microsoft.com/windowsserver2003/techinfo/training/default.mspx
New and improved Microsoft Events page:
New and improved Microsoft Events page:
TechNet Webcast: Windows Server 2003 Administration Series (Part 9 of 12): Dynamic Host Configuration Protocol (DHCP) (Level 200)Wednesday, April 6, 20051:00–2:00 P.M. Pacific Time, United States and Canada (UTC-7)
I received a great question in an email concerning a SQL Profiler demo I do in our live TechNet Briefings this quarter:
I attended your technical briefing in Chicago last month. Thanks for a very nice and informative session.
During the presentation for Yukon, you did a nice demo of analyzing
perfmon and trace files using Yukon profiler. I want to try that at my work. I opened up Yukon profiler but couldn't find a way to load
perfmon results for analysis. I wonder if you can help me out and tell me how to do that.
By the way, I use Beta 2 of Yukon. And my perfmon results is collected into a csv file.
Thanks in advance.
You’re welcome – in advance.
By the way – it’s okay to call it “SQL Server 2005” now, rather than Yukon.
Yeah, the tool is a little awkward in that regard. In SQL Profiler, I "Open" my saved SQL trace file, and I "Import" the performance data. In SQL Profiler you'll find that under the File menu -> Import Performance Data.
For my demo I had the performance data saved as a binary log file (.blg file), but .csv is also an option that can be imported into the profiler.
Here are the "Best Of" the questions and answers from today's TechNet Webcast: "Planning for and Deploying Office SharePoint Server 2007 (Part 1 of 2)".
Thanks to all who attended!
PS - Here is my resource page for this webcast
PPS - Here is the link to register for Part 2
“Will this cover a server farm install or a single installation?”
We actually did a build of a new installation of Microsoft Office SharePoint Server 2007 on a single server, but it was as the first server in a server farm installation.
“We'd like to deploy an internal SharePoint server along with a external unlimited access server accessible by our customers and partners. 1.) What are some considerations we need to take into account? 2.) Can we seamlessly publish content to the external server concurrently using ISA 2006 link translation?”
1. Judging from your second question, I think you already have a handle on some of the main considerations – those being security and external vs. internal access and namespaces. Also, depending on how you plan on setting up the external access, you‘ll want to be sure you have the proper licensing model that will support it.
2. Absolutely. ISA can do the link translation for you. But there is also that same capability built-in to Office SharePoint Server 2007. Make sure you attend (or view) part 2 of this webcast, where I demonstrate how to configure that support.
“When will MOSS 2007 become available? Also, can the blogs and wikis be easily tied to user's AD groups?”
Check out the “How to Buy” page. Also, you can download a trial of MOSS 2007.
And as for your second question – I’m not sure what kind of a tie you’re looking for. But users in MOSS 2007 are associated with their AD account, and security group memberships are used to secure or allow access to resources in MOSS.
“Is there any restrictions for installing MOSS 2007 on an IIS server that has Frontpage Server Extensions enabled?”
I don’t think so, but I’ve sent the question to some very knowledgeable people. I’ll put an update here when I get it.
“Will scenario 2 work if the goal is to start small, but to be able to expand environment easily as this service takes off?”
(Scenario 2 is the small farm scenario)
Yes. The biggest benefit to starting out with a small one-server farm as opposed to the “basic” (one server, and we’ll put SQL Express in for you) install is that you have the ability to scale. Each of those scenarios can be built one after the other as needed, to scale up and/or out.
“Can you use Virtual Server 2005 and Virtual PC 2007 in conjunction to create scenario 2 & 3 for testing?”
Absolutely. It’s what I intend to do for my own server farm. In fact, my personal user-base is so small that I’ll probably get away with running it as virtual servers all on one box, next to my virtual DC and two virtual Exchange 2007 servers.
“Can you combine a search server role with Excel services?”
Yes. Those roles can run from the same machine.
Now… if I misunderstood your question, and if what you’re really asking is, “Can I search an Excel Spreadsheet that is being served up by Excel Services?”, then the answer is the same. Yes. A file that is available through those services is also saved to a document library, and can also be crawled, indexed, and made available to those who have rights to get to it.
“Is there a way to restore individual documents, if they get deleted, or does the entire DB need to be restored?”
Ah.. I’m sorry I missed this question when you asked it, because I forgot to show you the beauty of the new Recycle Bin. (I’ll be discussing it in greater detail in Part 2.) At its simplest, the recycle bin in WSS and MOSS acts just like the bin you have on your desktop. You can recover items you delete yourself. And where it differs is that it also adds an additional layer of protection – kind of a recycle bin of deleted docs – so that even if it leaves your own recycle bin, it may be safe for a certain time period before it’s permanently deleted.
Yeah.. we’ve done a lot to address that problem of restoring what was accidentally or incorrectly deleted.
“Sharepoint URL's are notoriously long and cumbersome. What is the recommendation for aliasing sites? Is there a way to do it through sharepoint or does each site need to have it's own IP and then use DNS for the aliasing?”
I’m not sure the solution is any better in WSS v3 or MOSS 2007. You have to target web applications in some unique way – either by name or by port used. SharePoint does the configuration for you – basically setting up the name and port information that is used by IIS.
“I noticed Clustered SQL Servers in the diagrams, Is Database mirroring supported? Is the auto failover function supported?”
DB Mirroring is indeed supported, but only automatic failover for the content databases. Other databases (Config DB, Search DB, SSP content or SSP Search) are not going to failover automatically. However, you can manually fail them over by using the STSADM “renameserver” command to point the services to the formerly-secondary-now-primary mirror server.
“Kevin, could you please tell us what the recommended audiences for each deployment topologies (small,medium, large farm..) are ? I mean what is the maximum of users ?”
As I said in the webcast, this is one of those “it depends” questions. I don’t have any firm figures on how many users can be supported by which scenario.
“Do you have to complete all the tasks on the Central Administration front page before adding content sites?”
No, you don’t. As I showed in the demo, when my creation of the SSP went too long (for demo purposes), I was able to create the main web site even before the SSP was done.
“Any online learning or Virtual lab for MOSS and or WSS 3.0?”
The best place to go for learning is www.microsoft.com/learning. There is indeed an online “clinic” entitled “Getting Started with Microsoft Office SharePoint Server 2007”, which is found here: http://www.microsoft.com/learning/elearning/course/3370.mspx
You can also try SharePoint Server 2007 in a virtual lab.
“What did you do about all the update the Windows Server 2003 R2 need to install when freshly deployed ? Did you installed them all ? And also the .NET 3.0 downloadable package ? Any recommendation?”
My recommendation is to always have all updates in place before you install a new piece of software such as WSS v3 or Office SharePoint Server 2007. And yes, the .Net Framework 3.0 is downloadable. You can find it here: http://www.microsoft.com/downloads/details.aspx?FamilyId=10CC340B-F857-4A14-83F5-25634C3BF043&displaylang=en
“Are the exchange public folders going away and being replaced by MOSS 2007?”
No, Exchange Public Folders are not going away in the foreseeable future. However, we’re still hoping that people will see that, even in the free Windows SharePoint Services v3.0, the benefits of content management on a SharePoint site far outweigh what you have in Exchange Public Folders.
“If a document library document has a footer enabled with the path and filename, what will the path be when saved in a document library?”
The path will be the web address of the document – so something like http://www.litwareinc.com/documents/mydocument.doc.
Is there a SharePoint architecture diagram showing how the various components are related and explaining the purpose of each?”
I couldn’t find one, but I’ll ask around.
“What is needed to get business data catalogs to work?”
At the heart of it you’ll be building/configuring an .xml file that is the definition of what the data looks like, how it’s accessed, and how it should be rendered for SharePoint to use it.
Here is a good starting point, with additional links to further information, on how to plan for using Business Data Catalogs: http://technet2.microsoft.com/Office/en-us/library/604431c9-de72-43b9-a3a9-3b0c3bf3444e1033.mspx?mfr=true
“If you have 1 web server and 1 database server, it the deployment still considered a ‘farm’?”
Yes. Although you don’t yet have any load-balanced web servers or database clustering, SharePoint still considers this a “farm”. (Like an Active Directory “Forest” is still a forest if it has only one “tree”, so too a SharePoint “farm” is still a farm even if it only has one.. um.. tractor web server.)
“What is the difference between SharePoint2007 with regard to earlier versions?”
Here’s an Excel spreadsheet that spells out what is new or different compared to SharePoint Portal Server 2003: http://office.microsoft.com/search/redir.aspx?AssetID=XT102011901033&CTT=5&Origin=HA101978031033
“Is there a migration path from Sharepoint Team Services to MOSS 2007?”
Check out the Migration Resources Here.
“Regarding web accessibility, has the MOSS 07 CMS improved for accessible content and CSS? Just curious since this was an issue in the past and if you could provide a webcast or online resource on the topic.”
“Does the Experience Improvement program transfer hostnames, ip addresses, domain names, other company-confidential information?”
No. There is no company confidential or identifiable information transferred by default. Check the disclaimer/description on the form where you sign up to see the details.
“Can we change the site template once define? For instance, I create a site using the team template and now I want to set it as a meeting site--is it possible??”
I don’t think so. You can modify the site design and layout after you create it, but I don’t think you can switch templates once it is initially built.
“What are your recommendation in terms of which roles are installed on the MOSS server when deploying in the context of domain network (Active Directory) ? Do you add the Active Directory role ?
You could put MOSS on the same server that is also a Domain Controller (AD Role), but it’s not recommended. As long as your server is a member of a domain, you can use the accounts and groups in the directory to set permissions on services and resources. The MOSS server just needs to be able to access a domain controller and global catalog server.
“How would you replicate site content to another MOSS server somewhere else?”
You can actually set up content rules and paths, with jobs to replicate content. I’ll be talking about that in part 2 of the webcast.
“Is it possible to allow authentication to two different subsites using two authentication providers? For instance, we want to use another active directory domain controller with isolated accounts on the same SharePoint server?”
I believe there are restrictions in terms of what SSO (Single-Sign-On) or pluggable authentication providers can do for you here. (another topic I’ll discuss in part 2) However, if you’re talking about two AD domains or forests with a trust relationship established, I wouldn’t think this should be a problem.
“Kevin, what will be giving away during launch events?”
Check out my blog post all about it.
The article I’m writing for part 13 our “31 Days of Servers in the Cloud” series involves using App Controller to create a virtual machine. But to do this, you first need to connect and associate App Controller (a component of System Center 2012) with your Windows Azure subscription.
So in today’s Part 12, as a preliminary document for part 13, in this article I’m going to show you how to connect App Controller to your Windows Azure account.
To do this, we need to have a few preliminaries in place:
Connect App Controller to your Windows Azure subscription
To make this happen, you first have to have a management certificate in place. This makes up the bulk of the complexity involved. It must be a management certificate that has a key length of at least 2048 bits and resides in the Personal certificate store. To make this all work, you’ll need both a .cer file, which is the exported certificate that you’ll upload as the management certificate in Windows Azure, and a.pfx (personal information exchange) certificate file that you’ll use to connect App Controller to your Azure subscription. You can create this self-signed certificate easily in one of two ways:
For my example, I’m going to use IIS that I’m going to install on Windows 8.
Install IIS on Windows 8
In the “Turn Windows features on or off” section of the “Add or Remove Programs” (just search from your Start Screen), add the IIS Management Console feature:
Generate the Self-Signed Certificate
Once installed, open up the IIS Manager. Double-click on “Server Certificates”, and then in the Actions pane on the right, select “Create Self-Signed Certificate”.
Give your certificate a friendly name that you’ll recognize later, and click OK.
Export the .pfx File
Next, we need to export the new certificate as a .pfx file. (This is the file we’ll later use to connect App Controller to our Windows Azure subscription.) You can create this from IIS Management as well. With your new certificate selected, click export in the Actions pane. Choose a file name and destination for the file, set a password, and click OK.
Once this is done, and if you have no further use of IIS on your Windows 8 machine, you can remove it just as easily as you added it. You won’t need it for anything more here.
Generate the .cer file.
Now we need a .cer file – the exported certificate that we will upload into our Windows Azure subscription. The certificate we just created is in the Local Computer certificates store, so we could either need to use MMC and the “Certificates” snap-in to get to and export the certificate from there, OR we could import the .pfx into the personal certificate store and then export it from there. I’ll describe the latter..
Run certmgr.msc as a quick way to open up MMC connected to the current user’s certificate store, and navigate to Personal –> Certificates
Right-Click on Certificates, and under All Tasks, select Import…
In the Certificate Import Wizard, click Next, and then browse to and select your recently created .pfx file. (NOTE: You’ll have to change the file type you’re looking for to include .pfx files in order to see it as you navigate)
Enter the password you used to secure your .pfx file, and click Next.
Leave the Certificate Store as the Personal store. Click Next, and then click Finish to complete the import.
Now in the list of your certificates in the personal certificate store, you should see a certificate that contains a friendly name you used earlier (in my case it’s “MyAzureMgmtCert”). Right-click on your certificate, and under All Tasks, select Export.
Just use the defaults through this wizard, browse to a location for and name your certificate:
Click Next and then Finish.
Okay. Now you have both the .pfx and the .cer files you’ll need to connect App Controller to Windows Azure.
Upload the .cer to Windows Azure.
In the Windows Azure portal, at the bottom left, select Settings, and then click Upload.
Browse to and select your .cer file:
Click the Check Box, and in a few seconds you should see a notification telling you that your upload is successful. You should also see your certificate added to the list of management certificates
Connect App Controller to Windows Azure
Before we make the connection, we’ll need to have our Windows Azure Subscription ID. The subscription ID is a long set of numbers, formatted to look something like this: 00000000-0000-0000-0000-000000000000 You can get this a number of different ways.
Copy the subscription ID to the clipboard.
Now we’re ready to open up App Controller and log in as your administrative account.
In the Overview pane, under Public Clouds, click “Connect a Windows Azure Subscription”
Paste your subscription ID into the appropriate field, browse to and select your .pfx certificate file, enter the password, and give your connection a name and optional description.
Once you click OK, you should soon see that you have a Windows Azure subscription connected. If you had any virtual machines or services running in Windows Azure, you’ll be able to see those represented here also.
And that’s it! You’re connected!
Now you can do really cool things like using App Controller to create Virtual Machines in Windows Azure.
I hope you found this useful! If you have any questions or comments, please add them to the comments and we can discuss them.