Ever hear someone ask if they could get a copy of Office 2007 to test? Now you don't have to actually install Office to try it out.

http://www.microsoft.com/office/preview/beta/testdrive.mspx

Yesterday a guide was posted to TechNet that provides guidance on integration of UNIX systems with their Active Directory environment.

Windows Security and Directory Services for UNIX Guide v1.0

From the guide:

This guide shows you how to achieve implementation of five significantly different end states:

End State 1. UNIX clients use Active Directory Kerberos for authentication but continue to use an existing UNIX-based data store for authorization.

End State 2. UNIX clients use Active Directory Kerberos for authentication and use Active Directory LDAP for authorization.

End State 3. UNIX clients use Active Directory LDAP for authentication but continue to use an existing UNIX-based data store for authorization.

End State 4. UNIX clients use Active Directory LDAP for both authentication and authorization.

End State 5. UNIX and Windows infrastructures remain separate: UNIX clients use UNIX-based Kerberos for authentication, Windows clients use Active Directory Kerberos for authentication, and a cross-realm trust enables UNIX and Windows users (if the cross-realm trust is a two-way trust) to access services in the other side.

I've been working with the University of Iowa for a few years and have had the pleasure of meeting some amazingly intelligent and successful people.  Just a few of those people were among the Enterprise Client Management team, lead by Chris Blasen.  Chris was recently featured in Windows IT Pro magazine discussing how after they decided to offer Systems Management Server (SMS) as a service, they overcame the challenge of spreading the word on campus and encouraging others to take advantage of it.

Windows IT Pro

Since the article was released Chris has received Email from businesses and other Universities that reached out to compliment the site and ask for advice on building something similar.  What the Iowa ECM team has done that is so radical is building out animated training that not just explains, it shows the user how SMS is configured and how it would be used.  There is also thorough documentation to define how they setup the server and the process a department would use to get on board.

Their site is also a great resource if you have plans of building an SMS site with delegated permissions to University departmental IT pros.  Iowa has really done a nice job building a delegation model that is reusable in a higher education environment.  Feel free to contact me directly or leave a comment if you would like more information.

You can also see a video featuring the University of Iowa SMS project:
University of Iowa streamlines its system management (Windows Media, 5.6 MB)

If you've read my blog at all you know one of the things I love the most about working with Education customers is the breadth of solutions.  Some of the best software that supports the first pillar is actually written by our customers within Universities.  Here are three must haves:

Paint .NET
Developed at Washington State University.  I was lucky enough to visit the school earlier this spring and came away with a new perception on mobility.  This is a very powerful graphics program that I use almost exclusively over other programs.
http://www.eecs.wsu.edu/paint.net/

3D Journal
Developed at Cornell.  I actually just learned about this, it was the motivation for this entry.  This is one of the coolest applications I have seen of the TabletPC.  Not only does it detect and render objects, it can apply theoretical force.
http://ccsl.mae.cornell.edu/research/sketch/

Chempad
Developed at Brown University.  This is my favorite Tablet PC demo because I secretly love the study of chemistry.  This application allows you to draw a molecule and then render it in 3D.
http://graphics.cs.brown.edu/research/chempad/home.html

I doubt this is anywhere near the end of the list.  If you know of others, I welcome comments.

In the past couple of days I’ve discovered several cool things going on at Purdue. The first was Boilercasting, the second was WIPTE or Workshop on the Impact of Pen-based Technology on Education (I appreciate that the syllable count is on par with some Microsoft product names). This looks like a great event based on the community blog generated by attendees. It’s great to see a major University get aggressive about new tech!

http://www.itap.purdue.edu/tlt/conference/wipte/

http://wipte.blogspot.com/

I spoke at a very similar conference at the University of Michigan several weeks ago. I am very interested in the pedagogical value of ubiquitous computing. In other words, how are professors using Tablets, phones, PowerPoint, OneNote, podcasting, blogs, wikis, and other technology to assist student learning without forcing it. Integrating new tools to help students access material and consume it in a way that works for them.

I met one professor that types only a baseline on each PowerPoint slide and then literally covers each with notes during lecture. Another records the entire lecture with notes and posts it for download, the students are expected to have watched the lecture online in the same way they would do out of class reading so they will prepared for work problems when they get to class.

If you know of or are a part of such an experience, leave a comment!

To follow up my post on chipset manufacturers, here is a list of websites from workstation providers. These are the sites I was able to find, if you know of others please post in the comments.

Dell - http://www.dell.com/content/topics/global.aspx/solutions/en/vista?c=us&cs=&l=en&s=gen

Gateway - http://www.gateway.com/vista/index.shtml

HP - http://h20219.www2.hp.com/services/cache/305765-0-0-225-121.html

Lenovo - http://www.pc.ibm.com/europe/microsoft/vista/en/index.html?europe&cc=europe

Toshiba - http://www.toshibadirect.com/td/b2c/ebtext.to?page=vista&seg=SMB&location=learn_about

Also, I’ll just post a link, we have GPU sites listed here for Intel, ATI, NVIDIA, S3, and Via.

Enterprise Hardware Guidance

You may have seen all the excitement and hype across the gadget sites these past few days around the Motorola Q. To understand why check out Verizon’s flash demo –

http://www.vzwshop.com/q/

Why is this important to education? I’m willing to bet this will be the device that you see students start carrying. It has a really nice form factor and the price is 199$ with a 2 year contract (after rebate). I look at this as a great opportunity for Universities to leverage their .NET skills to build Smartphone applications that deliver on all the things we’ve been talking about in meetings for the past couple of years.

Possible Applications:

• Mobile campus portal for news and announcements
• Triangulate position on campus maps
• Integrate with back end SIS to retrieve class schedule, securely check grades
• Integrate with D2L, Blackboard, etc

And of course many times we have discussed device agnostic solutions such as:

• SMS/MMS messages for campus security alerts
• VOIP/SMS call downs for important campus announcements
• VOIP/SMS tools for distribution on information to lists, such as class reschedule, change room, or cancelations

We have partners developing really interesting solutions for all of these ideas and more. Just last week I heard one of our go-to Sharepoint partners has developed a web part for publishing podcasts. The Q includes Windows Media Player 10. Why not carry one device for your phone, pda, and portable music player?

In demos and presentations we often communicate that Vista will run best on a “Modern Processor”. Chipset manufacturers have published their own web sites to describe which of their products offerings will provide support for Windows Vista.

Intel

AMD

VIA

Imagine – you are studying for a final and find an item on the syllabus you just don’t recall. That day your mind was off in space for one reason or another. You open a browser and search across the professor’s class notes. You see the material from that day, highlight a specific bullet point and click “play”. An audio/video stream opens starting from the point in time on the day in class when the professor took that note. You listen/watch the playback to make sure you get it right, actually learning something you otherwise would have missed.

Students today are doing that thanks to Tablet PC, OneNote, and SharePoint Server.

More and more I see Tablet PCs showing up in Higher Education. I met with a major University last week to discuss Tablet PCs in the classroom and how professors are using Tablets as presentation tools. I got an interesting link from one of our presenters:

http://www.studenttabletpc.com/

The group discussed a lot of interesting tools including the Tablet Education Pack and OneNote. It was great to see several professors already using Tablets to provide notes and illustrations on top of PowerPoint. I have also talked to a couple of major Universities now that leverage software to capture lectures using streaming video of the presenter in combination with OneNote. I’ve even talked to a group that publishes the material all the way out to Windows Mobile devices and Xbox 360. Cool!

XPS documents will no doubt start to surface on the web over the course of this summer.  If you're not yet ready to load Vista as your day-to-day OS there are options for you to open and read .XPS files in XP.

http://www.microsoft.com/whdc/xps/viewxps.mspx

The XML Paper Specification Essentials Pack (Beta 1) provides a standalone viewer that will register itself as the default for XPS.  You can also load the February Community Technology Preview of the WinFX Runtime Components to open .XPS files in IE6 or later.

Received a few good questions today on Rights Managemet Server:

Does RMS work with PDF?

RMS works with a defined set of applications out of the box but can be extended.  We have several partners that provide value-add including Adobe Reader. The RMS site includes a list of partners such as Liquid Machines who offers Adobe Reader support.  In the Vista and Office 2007 time frame XPS will solve this problem and many others.

Do permissions need to be applied to both the document and the message if your are sending via Email?

Permissions apply to the object type so document permissions are things like modification of the document, printing, and copy/paste while message permissions are things like do not forward or reply to all.  There is some overlap so I can see how this could be confusing.  The answer is yes, to be clear - a protected message can include unprotected attachments.  Once a document is protected you can send it or copy it and the protection stays intact.

How do I recover after an employee has been terminated that owned protected files?

There is an admintsrative group in RMS named Super Users.  By default no accounts are a member of the group including administrator.  This group can be used to recover files in scenarios such as employee termination.

Microsoft’s Education team is pleased to announce its May TechTalks series. These Live Meetings are hosted every Wednesday and are designed for education customers (K-12 and Higher Education) to get technical information on our products and solutions.  They are open to all K-12 and Higher Education customers and partners and require an event registration.  Live Meeting details will be sent with registration confirmation. See below for details and registration links.

May 3rd:  Higher Ed Session: Using Mobile Solutions to Stay Touch with Students & Extend the Learning Process
Presenter: Bill Hagen, Mobility Solutions Specialist
Time: 2:00 pm – 3:00 pm (Eastern Time)
Register: Click here 

Event Code:  1032285069

May 10th: Leverage the power of Microsoft’s Learning Gateway Framework
Presenter: Tony Franklin, Productivity Advisor          
Time: 2:00 pm – 3:00 pm (Eastern Time)
Register: Click here

Event Code:  1032292997

May 17th: Securing Messaging and Collaboration in Education
Presenter: Dan Sommerman, Security Solutions Professional
Time: 2:00 pm – 3:00 pm (Eastern Time)
Register: Click here

Event Code:  1032293176

May 24th: Effective Computer Lab Management with the Shared Computer Toolkit
Presenter: Scott Kennedy, Business Productivity Advisor
Time: 2:00 pm – 3:00 pm (Eastern Time)
Register: Click here

Event Code:  1032293186

May 31st: Classroom Learning Tools: Microsoft Student and Learning Essentials for Office
Presenter: Tony Franklin, Productivity Advisor          
Time: 2:00 pm – 3:00 pm (Eastern Time)
Register: Click here

Event Code:  1032293102

The guys over at OXD are ever-impressive.  John Greer has posted 2 sample documents originally created in Word 97-2003 format and converted to Office 2007 .docx format.

http://openxmldeveloper.org/articles/SampleDocs2.aspx

I believe the point is to provide samples of the file formats and let users see the differences/similarities but you can't help but notice the difference in file size.  One of the samples is the full text of Alice's Adventures in Wonderland including illustrations.  The Office 2003 version is 528 KB.  The Office 2007 version is 276 KB or roughly 52% the original.  I'm sure the compression depends on content but this is an amazing example.

Webinars are now available to help educators understand how to leverage Microsoft software in the classroom and to make schools more efficient.

http://www.microsoft.com/education/seminars.mspx

Topics include -

• Microsoft vision for collaboration in education: How to improve the learning and administrative processes in your school or university
• Facilitate learning environments with an integrated solutions platform for information sharing that connects students, faculty, and staff with information and processes
• Streamline the collection and processing of academic data with Microsoft InfoPath® 2003, a powerful electronic forms application
• The Microsoft student and teacher desktop
• Unleash your potential with Microsoft OneNote and Tablet PC
• Improve district or campus project management effectiveness with Microsoft enterprise project management (EPM) solutions

Best of all the webinars are available for download individually or in bulk for offline viewing, if you don't have a reliable Internet connection you can order the webinars on CD at no cost.

Update to this post - I recently learned part of the information in my original post was not correct.  The index is in fact not part of the user profile, it is per-machine and stored in programdata/Microsoft/search.  The search results are limited to what you have permission to read, which is more restrictive in Vista than previous Windows releases so searches will not by default span profiles even if you are a member of the administrators group.

---

At a recent customer event a question was asked, "Can you explain how indexing in Vista works securely and how it will effect network performance?"  Many customers have expressed their concerns with desktop search engines provided by other software vendors.

The answer is the index will use AES 128-bit encryption and will be stored in the user profile. This will prevent other users from accessing the file. Administrators with access to take ownership could in theory still "access" the file although they would not be able to read it. Anything encrypted on the file system would not be put in the index by default although the option will be available if the user chooses to do so.  The index will not be copied in the case of a roaming profile but testing is showing new machines can generate the index within reasonable time.

For network access - by default only content that is cached by the workstation and stored locally will be indexed so there should not be network overhead created by machines attempting to index network shares. The same is true for Outlook, only cached content will be indexed. In the future (Longhorn Server, Exchange 2007, SharePoint 2007) the servers will generate their own indexes of content and users will be able to seamlessly query those indexes in combination with their local index and the servers will be intelligent to the end that the query results will only return objects that the user has access to.

There is a great listserv for technical discussion of Microsoft and other technologies in high ed environments.  Subscription information is available on http://windows-hied.org/.

The participants of the listserv have an annual conference in Redmond.   The event is held on campus but is not a Microsoft event.  It is organized and hosted by active members of the list.  I am hoping to attend this year on my way back from the Nacubo conference.

More information pasted from the windows-hied.org website -

<from windows-hied.org>

Windows in Higher Education Conference 2006

Date: July 10-12, 2006 (Sunday the 9th will be an optional evening 'meet and greet' event)
Location: Microsoft Campus, Redmond, Washington
Cost: No registration fee, breakfast and lunch will be provided - attendees are responsible for airfare and hotel
Attendees: Higher education IT staff from anywhere (max of 75? attendees)
Hotel: Will be announced
Transportation: Shuttle from hotel to event and back provided each day - attendees are responsible for transportation between airport and hotel

As with prior events, this is a technical conference with about half of the content provided by Microsoft speakers and half by peer speakers. We focus a lot of attention on content and presenters and strive to bring together excellent content from both Microsoft and peers. A large part of the motivation for holding the event on the Microsoft campus is greater access to high level Microsoft presenters.

The event is a relatively small one, historically no more than 75 attendees. This year that number might increase, but only slightly. It is a great opportunity to connect with both peers and Microsoft experts.

</from windows-hied.org>

This was already written up earlier today on another TechNet blog but I wanted to make note anyway in case subscribers don't digest the entire TechNet feed.

Prof. Eugene Stafford posted an interesting write-up on password policy myths.  Especially relevant to HE where passwords very often span longer periods of time.

http://www.cerias.purdue.edu/weblogs/spaf/general/post-30/

Kevin Dean (also a Higher Ed TS) reports on the release of MSFP for Treo 700w.

http://blogs.msdn.com/hied_mid-atlantic/archive/2006/04/30/587303.aspx

Now if I could only get the update for my XV6700!

Every day I see critical servers in higher education sitting right out on the internet with public IPs.  If you are responsible for maintaining that server and protecting your constituent's data, having it fully exposed to the Internet means you must be more cognoscente of security than if you were behind a corporate perimeter defense regardless of OS.  I often recommend IPSEC to control access to the server and provide basic security like IKE signing of traffic where possible.

Remote Desktop Protocol is already encrypted but it is possible to SSL authenticate and encrypt your session with TLS 1.0.  This provides an additional layer of security when connecting across the Internet and is simple to setup.  Here are the things you will need:

• Certificate provider (Windows enterprise certificate server is perfect and easy to setup for testing)
• Windows Server 2003 SP1
• Remote Desktop Client 5.2

Enrolling a Server Authentication Certificate

The first step is the most complicated.  Make sure your server has a server certificate that includes Server Authentication.  In my lab I auto-enrolled using group policy and use the DC as an enterprise CA.  Just apply a policy to an OU where your test server resides and under Computer Policy – Windows Settings – Public Key Policies – AutoEnrollment Settings, enable autoenrollment.  The Computer certificate included in GPO AutoEnrollment by default includes Server Authentication.

You can also enroll the server by connecting to the /CertSrv website and making a request.  Use “Advanced Request”, “Administrator”, and check the box to store the certificate in the local computer certificate store.  If your test server and/or test clients are not members of the forest, you can install the CA chain from the CertSrv website.

Require SSL and High Encryption (or FIPS Compliant Encryption)

On the server, open Administrative Tools – Terminal Services Configuration.  Select Connections and in the right hand pane you should see RDP-Tcp.  Open the properties of this connection and on the first page change Authentication to SSL and Encryption to either High or FIPS Compliant.  (For more information on these see the following TechNet article:  http://technet2.microsoft.com/WindowsServer/en/Library/a92d8eb9-f53d-4e86-ac9b-29fd6146977b1033.mspx)

Install RDP Client version 5.2

A standard 32-bit Windows XP Pro machine does not come with a version of the RDP Client that supports high encryption.  You can install the client from your 2003 server using %systemdrive\system32\clients\tsclient\win32\msrdpcli.msi.  With the newer version of the client you should see a security tab on the options page.  Select “Attempt Authentication”.  If you do not have the 5.2 client or do not at least attempt authentication, the connection attempt will time out.  Also, make sure you connect to the server using the same name as what’s used in the certificate, in most cases the full DNS name.  If not, you will be prompted to approve trusting the cert.

Caveats

You may decide it is more practical to select “Negotiate” rather than SSL.  This will allow down-level clients such as the RDP client on Windows Mobile to connect without using TLS 1.0.  If you require SSL, you will not be able to connect unless your client supports it.  Negotiate allows the highest level of encryption available on each client.

I just found the OpenXMLDeveloper.org site.  Cool!  I found the site after searching live.com for more information on open xml formats.  There's a great article that provides source code for a simple tool to generate text in XML and store it in .docx (Word 12).

Just yesterday I spoke with a university about the changes in document formats including Office files and XPS.  This site provides real evidence of all the work Microsoft is doing with these file types.

From the Windows Live Help file:

Windows Live Academic Search accesses content feeds from several publishers in the Computer Science, Physics, and Electrical Engineering areas. Academic Search works with CrossRef to facilitate cross-publisher searching. Publishers include ACM, American Institute of Physics, American Physical Society, Blackwell Publishing, Elsevier Science, IEEE, Institute of Physics, John Wiley and Sons, Nature, Taylor and Francis, and many others.

To access Windows Live Academic Search - http://academic.live.com/.

You can also open live.com, enter a search term and execute the search, then click "Academic" to try your search across academic sources.

We have the best partners in the world.  I got an Email shortly after my last post for another article on the same topic.

http://spaces.msn.com/bhandler/blog/cns!70F64BC910C9F7F3!730.entry

Hopefully the trackback is automatically created.

First off, I’m happy to have written this while on a plane.  I'm posting now that I'm in the Detroit airport - using my phone as a modem.

One of my peers recently built a PowerPoint deck that focuses on all the solutions we literally give away that are valuable to education.  The resulting list is longer than you might expect.  In the last year we have made significant investments in education including Microsoft Student (not free, but very cool).  The following list comes from the slide deck I mentioned plus I added a few.  The sort order starts with things focused directly on education and ends with free tools that benefit customers in education.

Windows Live @ EDU

Education Pack for Tablet PC

Shared Computer Toolkit

Learning Essentials for Office

Sharepoint Web Parts and Site Templates for Teachers/Classrooms

Office Templates for Education

Calculator Plus

Windows Movie Maker

Photostory

Producer

Windows Live Safety

Windows Defender

Desktop Search

MSN Messenger

MSN Spaces

Virtual Server Enterprise

TechNet Virtual Labs

Visual Studio Express

SQL Express

Office Live Basic

Online training for developers and users

Office Viewers, Office resources such as ClipArt, PowerToys, Windows Mobile Add-Ins, TabletPC Add-Ins, Migration Tools, and on and on..  Feel free to add more through comments!

We just completed our mid-year review process internally, a milestone that focuses more on what you want to accomplish in the future rather than critique of past performance.  I set a near-term goal to more clearly communicate our Education vision to technically-minded customers.

I've been brainstorming and have decided to start with the existing 3-pillar foundation.  I have a lot of respect for the people that originally founded this concept and I think it provides a solid starting point.

Strategic Pillars for 21st Century Learning

• Teaching and Learning
• Effective & Efficient Administration - Business of Schools
• Student Lifestyle

This can be more simply communicated as "Academic, Business, and Lifestyle".  Our infrastructure tools and solutions sometimes fit cleanly in to one category but often span two or more.  This is a solid foundation to prove the relevancy of our solutions, something I really believe in and would like to share.