One of the coolest new features of Windows Server 2008 is the new Terminal Services Gateway feature.  As always, we run our software in production at Microsoft before it is released, and TS Gateway is no exception (I'm using it as we speak!).  The Microsoft IT (MSIT) team has written up a white paper on lessons learned with their deployment.

Executive Summary

Like many large organizations, Microsoft has a geographically dispersed work force. With more than 78,000 employees in 78 countries worldwide, Microsoft faces continual challenges with making corporate information easily available to workers from remote locations and with ensuring that important internal company information is as secure as possible.

Although the vast majority of Microsoft employees have individual personal computers available from which to access company resources, the following two situations frequently occur at Microsoft:

· Staff members need to access internal company resources from home or from a remote location.

· Staff members who are involved in meetings or presentations at remote locations require quick access to internal company resources.

These resources may include any of the following:

· Documents that are located on internal servers at Microsoft.

· Internal business programs that are available only from inside the corporate network.

· Personal workstations that contain important files or programs. For example, developers at Microsoft often need to connect to their individual workstations from remote locations to access programming tools or code.

To meet these requirements, Microsoft maintains a Windows® Terminal Services environment. This environment enables staff members to log on to the Microsoft corporate network and then access terminal servers that are running various internal business applications.

With the development of Windows Server® 2008, the Microsoft Information Technology (Microsoft IT) department wanted to test the new features and functionality of the Windows Server 2008 Terminal Services component to determine whether these features could meet the requirements of a large corporate environment.

Get the rest of the White Paper here:

Ever wondered what kind of sessions go on at TechEd, Microsoft Management Summit (MMS), OCS Ignite, IT Forum, WinHEC, etc?  The following site has a ton of videos from these events:

http://www.microsoft.com/emea/spotlight/default.aspx

Watch Mark Russinovich, Steve Riley, Iain McDonald, and some other great presenters go deep in these sessions.  Enjoy!

Alright... not the sexiest acronym, but the new Branch Infrastructure Implementation Solution - BIIS (formerly the Branch Office Infrastructure Solution, or BOIS) has been released, with great information on all of the decisions and design criteria that go into architecting a Branch Office/geographically distributed site solution.  Everything from backup, to malware defense, to DNS, DHCP, File/Print, Monitoring, the works.  Great Stuff!

From the overview:

Windows Server 2008 includes several enhancements to the base operating system plus powerful new functionalities that make it valuable in a branch office environment. These include:

- Mitigated Security Risks: The Read-Only Domain Controller is a powerful new feature that enables organizations provide their remote branch office with local authentication servers, without having to increase security exposure to their Domain Database. The RoDC also provides a read-only copy of the DNS and receives uni-directional updates from the Central Office DataCentre. BitLocker technology provides hardware-based encryption for data on branch office server. The Server Core installation option helps significantly decrease the servers’ surface area of exposure and management overheads by reducing the operating system footprint.
- Improved Network Performance: Windows Server 2008 offers several new or improved network technologies that will improve the efficiency of WAN communications. The new TCPIP Stack and the Server Message Block (SMB 2.0) is redesigned for networking environments especially when connecting branch offices. The Distributed File System Replication service (DFSR) is a multi-master replication engine that increases data availability and gives users in remote sites fast, reliable access to files
- Improved Deployment and Administration: New management tools like the Server Manager Console provide a single, unified console for managing a server's configuration and system information, displaying server status, identifying problems with server role configuration, and managing all roles installed on the server.
BIIS provides an understanding of the complex issues that affect branch infrastructure planning and design. This solution was designed using a modular approach that will support future releases and add-on guides to support core as well as extended branch infrastructure services. The service guides that are available with this release focus specifically on key Windows Server 2008 role services. Future releases will present a selection of “extended” services to detail branch infrastructure focused on solutions for roles and products such as Hyper-V, System Center Configuration Manager, and Forefront Client Security. This guidance helps IT Service designers and architects minimize the branch office design and implementation costs and provide the most efficient and effective management possible, while still providing the desired user experience for staff in branch offices.

There are three parts to this download, that should be downloaded and used in the following order:

1) BIIS Getting Started Guide: This guide provides an introduction to the full BIIS solution, and is the starting point for IT Professionals who are using BIIS to plan and deploy their branch infrastructure.
2) BIIS Architecture Guide: This guide introduces a method of designing a service-based branch infrastructure design, and explains how to look at the specific requirements of the branch office within the larger context of an organization's IT services.
3) BIIS Service Design Guides: These guides provide implementation guidance for the foundation services for a branch office. These include base client services, base management services, DHCP, directory services, name resolution services, and file and print services.

Get the guides here: Branch Infrastructure Implementation Solution for Windows Server 2008

If your co-worker knew something about you... that you forgot to put deodorant on, or that you had toilet paper stuck to your shoe, or that your habit of sending angry incoherent emails before you had consumed your morning coffee was about to become a career limiting move...

Would you like them to tell you?

You would, right?

So here's the catch... if you would like your friends or co-workers to give you feedback when they notice an area of opportunity for you; you have the responsibility to do the same for your friends.  Be honest, but respectful.  Find the right time and place (generally constructive feedback should be done in private), and let the person know your candid feedback.  Once they have received it, they get to choose what they do with it, but you have given them the gift of knowing where they stand.  As Wikipedia says,

"In organizations, feedback is a process of sharing observations, concerns and suggestions between persons or divisions of the organization with an intention of improving both personal and organizational performance."

In other words, given correctly, feedback is a very good thing. By FAR the best advice I have read on holding these tough conversations is in a great book called Crucial Conversations, which discusses several ways that you can make it safe to talk about almost anything, and to reach a pool of shared meaning.  I cannot possibly recommend it highly enough.

How does this relate to Microsoft?  You've probably noticed something that we aren't doing as well as we should have.  Maybe you've written one of those "Zune Sucks" blog posts or "Micro$haft Sux!!! Only TOOLZ uze Vista!" posts on /. or Digg.  That's okay.  As Penny Arcade points out in their Greater Internet F-wad Theory (sorry, this is a family-safe blog), a normal person, plus anonymity and an audience is just asking for trouble.  It's really easy to think of us as the Borg. 

But guess what?  We're not.  Microsoft is made up of some of the smartest, most creative, intelligent, and hardworking people I have ever worked with.  If we left of your favorite feature in the latest release of Product X, It's not because we all got together and said: "Hey!  I know it would make Steve's life a lot easier if we just added a widget button in the print dialogue box.  It would only take a day or so to code it, but I really don't like the guy.  Let's leave that feature out just to spite him!" Features are prioritized based off of a number of criteria, balancing feature requests with customer impact, with a desire to ship software on a (semi) regular basis. 

Windows Server 2008 doesn't come with the Vista Sidebar.  Would you have been happy if W2K8 didn't release until April, and ran slower (but you could see a pretty slideshow on the side of your server desktop)?  Probably not.  If we added support for Windows NT4 into Exchange 2007, it would certainly not have shipped when it did as the Development and Test burden would have increased significantly.  If we had built Windows Home Server on top of Windows Server 2008 for the first release... guess what?  It wouldn't have shipped yet.  As we are often reminded, "Shipping is a feature too". By prioritizing features, we are able to ship on time, get your feedback, and incorporate it into the next version.  If we try to boil the ocean and fit everyone's favorite feature into the project, you end up with Vista's too-long development cycle, where nobody is happy at the end.

So how do you let us know what those important features are so that we can plan them into the next version?

Several ways.

First... you can always email feedback@microsoft.com. Yup, that's an actual address, and real humans read the feedback and shoot it off to the appropriate team.  Be constructive in your feedback... don't just tell us that Vista sucks, let us know how it is not meeting your needs, and what we could do next time to make it better. Some teams (such as Zune) have dedicated feedback sites.  Just search the Internet for "Product X Feedback" and see what you find.

The next place to leave feedback is on our TechNet and MSDN blogs.  Most product teams have a blog, and we really do read the comments.   If you have a comment on Internet Explorer 8, go leave a comment on the Internet Explorer Team Blog.  Exchange? Head over to You Had Me At EHLO. Windows Vista? They've got a blog too (Windows Vista Blog).  We probably won't reply to every comment you post (we need some time to do actual coding), but they will get read.

Even better, head over to the Microsoft Connect site and sign up for betas.  This is where the product teams host their pre-release software (both public and private), and you can file bugs and provide feedback that goes directly into our internal systems.  For example, right now the Solution Accelerator team is refreshing the Microsoft Operations Framework to integrate MSF and to include guidance on planning and governance.  Really good stuff.  They would LOVE to have feedback from the field as to how we can make this guidance better. Sign up (instructions here) and let us know how we can make it meaningful to you.

If none of these feedback mechanisms work for you, feel free to leave a comment in my blog or shoot me an email.  As long as your feedback is specific and constructive, I promise that I will get it off to the right people. :)

New goody from Mark Russinovich and the Sysinternals team!

ShellRunas v1.0

The command-line Runas utility is handy for launching programs under different accounts, but it’s not convenient if you’re a heavy Explorer user. ShellRunas provides functionality similar to that of Runas to launch programs as a different user via a convenient shell context-menu entry.

ShellRunas works on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

Get it here: http://technet.microsoft.com/en-us/sysinternals/cc300361.aspx

I have previously mentioned some free training that is available for SharePoint here: http://blogs.technet.com/seanearp/archive/2007/12/07/sharepoint-training.aspx

The one thing that was lacking, however, was training for SharePoint Designer, which is really needed to make SharePoint sing.  The combination of SharePoint, Designer, and Visual Studio will allow you to do just about anything but wash dishes.  SharePoint is really the server equivalent of Excel (it does everything!).  Unfortunately, to date there has been not as much training available on SharePoint Designer as I would like to have seen.  Fortunately, that changes today! (and as always... it's free)

Office SharePoint Designer 2007 Training Standalone Edition

Office SharePoint Designer 2007 Training Portal Edition

From the overview:

The Microsoft Office SharePoint Designer 2007 Training (Standalone Edition) leads the learner step-by-step through SharePoint Designer features using easy to understand videos. Built with the SharePoint platform integration in mind and engineered to work efficiently with Microsoft Windows SharePoint Services and Microsoft Office SharePoint Server 2007, SharePoint Designer will help you customize your SharePoint sites to make it an even more powerful tool for productivity. SharePoint Designer is the ideal tool for Information Workers to build composite applications, design and customize workflows and tailor SharePoint sites to their branding needs.

If you are a server administrator and want to install the Portal Edition to your Office SharePoint Server site, click here. The Portal Edition allows you to add or remove content to help your users learn about Office SharePoint Designer.

If you have been tasked to work on a Lotus Domino to Exchange migration project, you will want to take a look at the following document, which goes into EXTRAORDINARY detail about everything you will need to know to make the transition.  Screenshots, Single-Phase Migrations, Multiple-Phase Migrations, Test Labs, Free-Busy connectors, you name it...  It is a GREAT read.

Microsoft Transporter Suite for Lotus Domino: This end-to-end guide takes you through the process of assessing your environment, planning your directory and mail transition, and executing your coexistence and migration plan.

I see over on Matt's blog that we now have a Virtualization Tech Center up on TechNet.  Not so pretty, but has lots of great information on all the virtualization technologies:

Application Virtualization

Microsoft Application Virtualization (formally SoftGrid) is the only virtualization solution that delivers applications that are never installed and dynamically delivered, on demand. Whether deployed on desktops , laptops or, terminal servers , Application Virtualization from Microsoft changes application management from a series of manual tasks into an automated, streamlined process that accelerates the pace and reduces the cost of business.

• Evaluate
• Learn More
• Tools
• White Papers
• Guidance

Server Virtualization

Hyper-V provides a reliable virtualization platform and integrated management that enable customers to virtualize their infrastructure and reduce costs. It provides great value as it is available as a feature of Windows Server 2008 and it easily plugs into customers’ IT infrastructure as they can leverage their existing management tools and IT Pro skill-set with broad support from Microsoft and its partners.

• Learn More
• Download Windows Server 2008 Hyper-V Beta
• Learning Center
• Product Overview White Paper
• Install Guidance
• Getting Started with Hyper-V
• Server Virtualization Forum

Presentation Virtualization

Presentation virtualization isolates processing from the graphics and I/O, making it possible to run an application in one location but have it be controlled in another.

• Download Windows Server 2008
• Learning Center
• Terminal Services In-Depth
• Guidance

Desktop Virtualization

Virtual PC lets you create separate virtual machines on your Windows desktop, each of which virtualizes the hardware of a complete physical computer. Virtual PC works for any scenario in which you need to support multiple operating systems, whether you use it for tech support, legacy application support, training, or just for consolidating physical computers.

• Evaluate
• Learn More
• Deploy
• White Papers
• Guidance

Virtualization Management

System Center Virtual Machine Manager provides centralized administration of virtual machine infrastructure and enables increased physical server utilization and rapid provisioning of new virtual machines by the administrator and authorized end users.

• Evaluate
• Learn More
• Deploy

We also have a very pretty site (http://www.microsoft.com/virtualization/default.mspx) that focuses more on case studies, upcoming conferences, and the like.

Have you ever been curious how Microsoft protocols such as SMB, CIFS, BITS, IPSEC, or NTLM work behind the scenes? Perhaps you are a Computer Science student, and you want to see how thing work in a commercially available Operating System, or perhaps you are a developer that works on a product that needs to interoperate with a Microsoft application or server platform.  You'll want to head over to the Microsoft Protocol Program website, where there are more goodies than you will know what to do with.

To give you a head start on the acronyms, you will be working with the Microsoft Communications Protocol Program (MCPP, for "server software that interoperates with Windows desktop operating systems") and Microsoft [Work Group] Server Protocol Program (WSPP, for "server software that interoperates with Microsoft Windows server and desktop operating systems to provide file, print, and user and group administration services").

You'll want to start with the [MS-DOCO]: Windows Protocols Documentation Roadmap that serves as a roadmap to the... um... documentation. 

Currently, protocol documentation is available for download from MSDN for the MCPP and WSPP programs. Access this documentation from:

• Open Protocols Documentation Overview
• Windows Protocol Program Documentation Introduction
• Microsoft Communications Protocol Program Documentation
• Microsoft Work Group Server Protocol Program Documentation

In the following months, the MSDN Web site will provide access to the following protocol documentation:

• 2007 Microsoft Office release
• Microsoft Exchange Server 2007
• Microsoft Office SharePoint 2007
• Microsoft SQL Server 2008

You can also download the documentation as PDFs here:

Windows Communication Protocols (MCPP)

The Microsoft Communications Protocol Program (MCPP) technical documentation set provides technical specifications for Microsoft proprietary protocols that are implemented and used in Windows client operating systems (Windows 2000 Professional through Windows Vista) to interoperate natively with Windows Server operating systems (Windows NT 3.1 through Windows Server 2008).

Windows Server Protocols (WSPP)

The Work Group Server Protocol Program (WSPP) technical documentation set provides detailed technical specifications for Microsoft proprietary protocols and extensions that are implemented in Microsoft Windows Server work group server operating system software and that are used to deliver file & print and user & group administration services to Windows work group networks.

The wide availability of Windows® SharePoint® Services (WSS) 3.0 and the explosive popularity of Microsoft® Office SharePoint Server (MOSS) 2007 in enterprise environments, combined with the widespread use of online collaboration tools, have resulted in a proliferation of SharePoint technologies that sometimes escape the notice of IT.

SharePoint servers that are not managed by IT often host business-critical Web sites, applications, documents, and processes. It is vital to the health of the organization that these servers are brought under corporate IT management and oversight.

The Solution Accelerator team has been hard at work, and just announced the beta release of the SharePoint Asset Inventory Tool.

The SharePoint Asset Inventory Tool allows IT professionals to inventory all of the computers in the network and identify servers that have SharePoint installed on them. The information gathered by the tool is used to generate reports that give IT the information it needs to bring the servers under its control. This allows the resources of the ever-changing SharePoint environment to be optimized and adjusted as needed.

The tool allows you to choose the method for specifying which computers to scan: the IP range method to scan selected computers or the Active Directory method to scan all computers. Once you identify the scanning method that best serves your needs, the tool prompts you to supply the credentials necessary for the scan to be successful.

The main purpose of the SharePoint Asset Inventory Tool is to give the IT administrator answers to a number of important questions through the generation of reports. These reports include information on:

• The servers running some version of SharePoint.
• The installed SharePoint features.
• The total number of SharePoint sites on each server.
• The total number of documents on each server.
• The total number of documents grouped by extension on each server.
• The time since the SharePoint assets in each server were last modified.
• The customized SharePoint sites and items on each server.
• The number of SharePoint lists on each server, grouped by the number of items on each list.

With this information, the IT administrator can determine which unmanaged servers have SharePoint assets on them and prioritize the order in which to bring them under IT management based on such factors as their frequency of use, the number of SharePoint sites on them, and the number of documents they contain. For existing managed SharePoint environments, running the tool periodically allows IT to detect changes in server usage that may warrant the addition of hardware or adjustments to configuration that will keep the SharePoint infrastructure working optimally.

Get the SharePoint Asset Inventory Tool, or read more about the functionality here.

  GREAT post by Michael Howard over on the SDL blog about the hyperbole that usually crops up on <cough>/.</cough> whenever Jeff Jones posts his vulnerability analysis report.

• "This is FUD"
• "Yeah, but it's not an apples to apples comparison"
• "How can you believe this guy? He works for Microsoft!"
• "What would Microsoft know about security?"
• "For his next trick..."
• "That chart really hits home the fact that statistics can be used to prove any side of any argument"
• "Of course he says Windows is the best, that's what he's paid to do."
• "Counting vulnerabilities is a natural way to measure security. If you're a retard."
• "The other big reason linux is more secure is many black hats LOVE open source principles"
• "Can someone please slap MSoft in the teeth"
• "I can't actually remember a time when my mac needed a patch to fix a security hole."

A few years ago I spoke to some senior technical people from a large financial organization about software security. After visiting Microsoft they were off to visit another operating system vendor. I won't name names. The financial company was very interested in our early results, and they were encouraged by what they saw because of the SDL. I asked the most senior guy in the room to ask the other company one very simple question, "What are they doing to improve the security of their product? And by that I mean, what are they doing to reduce the chance security vulnerabilities will creep into the product in the first place? And they cannot use the word ‘Microsoft' in the reply." Two weeks later, the guy phoned me and said...

You'll need to read the rest of the post to find out what he said, but I guarantee the post is worth a read: http://blogs.msdn.com/sdl/archive/2008/02/21/the-first-step-on-the-road-to-more-secure-software-is-admitting-you-have-a-problem.aspx

Saw this over on the Got Zune blog... it looks like we are giving away a Zune a day.  All you have to do is send an email to winazune@live.com with "Go Zune" in the subject line.

More information here, and official rules here.

Some useful videos to accompany the release of Service Pack 1 for Operations Manager 2007... (or you can pick up the Eval version here)

Learn from the experts how to use the many features of Operations Manager 2007 Service Pack 1 (SP1) as well as address frequently asked questions.

Note: Windows Media Player is required to view the videos.

Web page view type
Presenter: Scott Jackson, Microsoft
This video demonstrates using the new web page view type.
Running Time: 43 seconds
Date Posted: January 10, 2008

Web Console State View
Presenter: Scott Jackson, Microsoft
This video demonstrates parity between the web console and the Operations Manager console.
Running Time: 36 seconds
Date Posted: January 10, 2008

Change Agentless Proxy Agent
Presenter: Scott Jackson, Microsoft
This video demonstrates how to change the proxy agent for agentless managed computers.
Running Time: 34 seconds
Date Posted: January 10, 2008

Monitoring space performance enhancements
Presenter: Scott Jackson, Microsoft
This video demonstrates improved responsiveness of list-based views in the Monitoring space.
Running Time: 1 minute, 13 seconds
Date Posted: January 10, 2008

Targeting a monitor at a group
Presenter: Scott Jackson, Microsoft
This video demonstrates how to correctly target a monitor at a group.
Running Time: 1 minute, 19 seconds
Date Posted: January 10, 2008

Using the Microsoft Generic Report Library
Presenter: Eugene Bykov, Microsoft
This video demonstrates generic overrides report.
Running Time: 6 minutes, 16 seconds
Date Posted: January 10, 2008

Using favorite reports and the report publishing feature
Presenter: Eugene Bykov, Microsoft
This video demonstrates favorite reports and report publishing features.
Running Time: 6 minutes, 44 seconds
Date Posted: January 10, 2008

Using Reset or Recalculate on monitors
Presenter: Marius Sutara, Microsoft
This video demonstrates how to use tasks to reset or recalculate the state of a monitor.
Running Time: 7 minutes, 59 seconds
Date Posted: January 10, 2008

Targeting Monitors
Presenter: Boris Yanushpolsky, Microsoft
This video demonstrates how to properly configure rules and monitors for multi-instance components.
Running Time: 3 minutes, 53 seconds
Date Posted: January 10, 2008

Great writeup by Daniel Petri:

Ever have a performance problem, but don't know what performance counters to collect or how to analyze them? The PAL (Performance Analysis of Logs) tool is a new and powerful tool that reads in a performance monitor counter log (any known format) and analyzes it using complex, but known thresholds (that are provided). The tool comes out-of-the-box with some predefined thresholds defined as high according to the Microsoft consulting/development but those can be adjusted to whatever you like.

The tool generates an HTML based report which graphically charts important performance counters and throws alerts when thresholds are exceeded. The thresholds are originally based on thresholds defined by the Microsoft product teams and members of Microsoft support, but continue to be expanded by this ongoing project. This tool is not a replacement of traditional performance analysis, but it automates the analysis of performance counter logs enough to save you time.

Features

• Thresholds files for most of the major Microsoft products such as IIS, MOSS, SQL Server, BizTalk, Exchange, and Active Directory.
• An easy to use GUI interface which makes creating batch files for the PAL.vbs script.
• A GUI editor for creating or editing your own threshold files.
• Creates an HTML based report for ease of copy/pasting into other applications.
• Analyzes performance counter logs for thresholds using thresholds that change their criteria based on the computer's role or hardware specs.

Read the rest of the article (with screenshots) here: http://www.petri.co.il/analyze-windows-performance-logs.htm

Downloads are available here: http://www.codeplex.com/PAL

PAL Requirements:

As I mentioned earlier, Microsoft has released the specifications for our binary Office 97-2003 file formats.  Joel Spolsky of Fog Creek Software has a great take on the announcement (and specs):

If you started reading these documents with the hope of spending a weekend writing some spiffy code that imports Word documents into your blog system, or creates Excel-formatted spreadsheets with your personal finance data, the complexity and length of the spec probably cured you of that desire pretty darn quickly. A normal programmer would conclude that Office’s binary file formats:

• are deliberately obfuscated
• are the product of a demented Borg mind
• were created by insanely bad programmers
• and are impossible to read or create correctly.

You’d be wrong on all four counts. With a little bit of digging, I’ll show you how those file formats got so unbelievably complicated, why it doesn’t reflect bad programming on Microsoft’s part, and what you can do to work around it.

The rest of the post is a very enlightening read into the history of the file formats, the design decisions that came into play, and recommendations on how (and when) to develop against the spec.

http://www.joelonsoftware.com/items/2008/02/19.html

Now is certainly the time to be a student!  As we announced earlier, you can pick up Office Ultimate 2007 for $59.95 (91% off of retail), which is well worth it for the bibliography/works cited feature alone.  Even better, today we announced the DreamSpark program which enables students to download Microsoft developer and design tools at no charge. Free. Gratis. Cuesta Nada.

From the overview:

The site enables students like you to download professional-level Microsoft developer and design tools to unlock your creative potential and set you on the path to academic and career success, by supporting and advancing your learning and skills through technical design, technology, math, science and engineering activities.

Seriously... killer deal.  Amongst the available software, you have access to: