Good day Cleveland and Columbus!

Again thank you for coming out to the events and checking out Windows Vista reliability, Forefront and Longhorn server. I hope everyone had fun and more importantly learned at least one thing.

It was great coming back into Ohio even though it was very, very cold.  It felt cold enough to be Browns weather.  You know it is cold when the Indians had to go to Milwaukee to play their home opener.  :-) 

We had a lot of great questions come up in both cites and without any more delay here are the questions.

Enjoy and please comment if I missed any or if you need more information!

Q: Can you use Complete PC to restore to a different computer?
A:
Yes you can. You can restore your PC back to its original state, or to a replacement PC. Complete PC Restore can be initiated from within Windows Vista or from the Windows Vista installation CD in the event the PC is so corrupt that it cannot start up normally from the hard disk.

Q: What versions of Windows Vista is Complete PC in?
A:
Complete PC is only available in Windows Vista Business, Ultimate, and Enterprise editions,

Q: Can you prevent a user from using the Startup Repair Tool (SRT)?
A:
I could not really find a way to prevent this. The process starts with being able to boot to a windows Vista DVD. So if you can prevent booting to the drive in BIOS and lock the BIOS you will be able to effectively prevent the use of this feature. I would be interested to know if anyone has effectively locked the BIOS of the system so the average user could not get into the BIOS to make changes.

Q: What file types are restored by the previous versions?
A:
For the most part any file that is on your system. This feature automatically creates point-in-time copies of files as you work, so you can quickly and easily retrieve versions of a document you may have accidentally deleted. Only incremental changes are saved, minimal disk space is used for shadow copies.

Q: Can you use previous versions to bring back files quarantined by the Forefront client?
A:
No, this was a great question and I got to do a little experiment. So I quarantined one of my sample files and then tried to restore it and I got an access denied (see screen shot below). I also tested a file that was a virus and I deleted it and tried to bring it back. The real time engine will not allow a virus to come back. 

Q: What does the Forefront security state assessment check?
A:
The security state assessment does several checks. Here is the list of checks from the administrators guide:

  • Windows Version: Determines which operating system is running.
  • Automatic Updates: Identifies whether the Automatic Updates feature is enabled, and if so, how it is configured.
  • Security Updates: Determines which available security updates are missing.
  • Incomplete Updates: Determines if a reboot is required to complete an update.
  • Restrict Anonymous: Determines whether the RestrictAnonymous registry setting is used to restrict anonymous connections.
  • File System: Determines the file system of each hard disk, to ensure that the NTFS file system is being used.
  • Autologon: Determines whether the Auto Logon feature is enabled, and if the logon password is encrypted in the registry or stored in plaintext.
  • Shares: Lists shared folders, including Administrative shares, along with their share level and NTFS permissions.
  • Unnecessary Services: Lists potentially unnecessary services. The services checked for are:
    • MSFTPSVC (FTP)
    • TlntSvr (Telnet)
    • W3SVC (WWW)
    • SMTPSVC (SMTP)
  • Guest Account: Determines if the Guest account is disabled or non-existent.
  • Administrators: Determines if the local group Administrators contains more than one member.
  • Passwords Expiration: Determines whether any local accounts have passwords that do not expire.

Q: Can you use the custom views in Windows Vista to archive the event logs?
A:
Yes you can, after you create a custom view, right click on the view and select Save Events in Custom View as. You then can choose to save in event view format or other formats.

Q: Can you use the Forefront client with systems that are not in the Active Directory domain?
A:
Yes client computers can be in a workgroup or outside one of the domains and they can be managed by Client Security (such as home-based computers). They can have the Client Security agent installed on them, however they cannot be managed by Client Security.

Q: Where can I download the trial for Forefront?
A:
You can download the many different versions of the Forefront security suite of products here:

  1. Forefront Client Security Beta
  2. Forefront Server Security Management Console: Beta Trial Download
  3. Forefront Security: 120-Day Trial Download for either Exchange or SharePoint

Q: Is there a good Windows PowerShell book?
A:
There are several books to choose from, if you go to your favorite purveyor of books you should find quite a few. I have listed a few below that look interesting to me, maybe a potential candidate for the book of the month club. :-) If anyone has read any of these, ping me and let me know your thoughts.

This is also an excellent blog: The PowerShell Guy