MDT, ACT, MAP, AIK, IE9, Windows 7 deployment,och så vidare. Ett av de bästa nyhetsbreven, tycker jag, är Springboard Series Insider. Nyhetsbrevet är sprängfyllt av information som jag tror att få it-proffs klarar sig utan – om man jobbar inom “deployment and client”, vill säga. Ta god tid på dig, för här finns mycket intressant läsning!

 

I senaste nyhetsbrevet skriver de även om våra svenska experters kostnadsfria seminarier online:

Free One-Hour Seminars with Windows Deployment and ConfigMgr Experts
October 6 and December 5, 2011; February 16, 2012
Join TrueSec, Microsoft Deployment MVPs Johan Arwidmark and Mikael Nystrom, and System Center Configuration Manager (ConfigMgr) MVP Kent Agerlund

Varför inte bli prenumerant du med?

 


Springboard Series Insider

NOTE FROM THE EDITOR

Welcome to the October edition. Depending on where you live, it might be time to pull out some warmer clothes and start to get ready for shorter days, longer nights, and a review of your organization's network security and remote access infrastructure. So take a few minutes, read this month's Springboard Series Insider, and pick up some good tricks on how to better manage and secure the Windows desktops on your network.

In the world of Windows news, I am excited to announce that November will kick off a Springboard Series mini-tour of South America. As part of the tour, I will be conducting free sessions for local IT pros in Brazil on November 10th, in Peru on November 15th, and a possible session and "tweet up" in Argentina on November 18th. I will also be speaking at TechDays Chile on November 21st. More information on dates, times, locations, and how to register for these events will be available later this month on the Springboard Series Blog and in next month's Insider.

Finally, how are your Windows 7 deployment skills? Know when (and how) to use the Microsoft Deployment Toolkit (MDT), Application Compatibility Toolkit (ACT), Microsoft Assessment and Planning (MAP) Toolkit, and Windows Automated Installation Kit (AIK)? Understand how best to approach Internet Explorer 9 deployment and management? Check out information on improvements to the Windows 7 Deployment Learning Portal below in the New Resources section.

So let's get into the cool tips and tips to make your job easier.

Stephen Rose
Sr. Community Manager, Microsoft Windows Client IT Pro
stephen.rose@microsoft.com

NEW RESOURCES

Microsoft BitLocker Administration and Monitoring Overview
Learn how Microsoft BitLocker Administration and Monitoring (MBAM), as part of the Microsoft Desktop Optimization Pack (MDOP), can help you better manage, deploy and support BitLocker in Windows 7. This video discusses some of the MBAM features and functionality that will help you simplify BitLocker provisioning and deployment independent or as part of your Windows 7 migration, improve compliance and reporting on BitLocker, and reduce support costs.

Microsoft App-V and MED-V Deployment Tutorials
Get step-by-step guidance on how to deploy Microsoft Application Virtualization (App-V) and Microsoft Enterprise Desktop Virtualization (MED-V) using MDT and System Center Configuration Manager (often referred to simply as ConfigMgr) with new videos from the Springboard Series:

Microsoft DaRT Deployment Tutorials
Learn how to deploy the Microsoft Diagnostics and Recovery Toolset (DaRT) using a variety of methods and tools with these new step-by-step demonstrations from the Springboard Series:

IPv6 Security Considerations and Recommendations
IPv6 provides many benefits over Internet Protocol version 4 (IPv4). However, before deploying IPv6 you should be aware of additional security considerations. This article describes each of these security considerations in detail and provides Microsoft recommendations and best practices for mitigating the potential risks associated with IPv6 traffic. Find more helpful resources with the IPv6 Survival Guide.

Internet Explorer 9 Modules Added to Windows 7 Deployment Learning Portal
The Deployment Learning Portal now features two brand new modules designed to help you assess your skills around determining, and addressing, the compatibility of older (including Internet Explorer 6) applications as part of your migration to Windows 7 and Internet Explorer 9.
The Windows 7 Deployment Learning Portal is designed to help you identify the strengths and gaps in your knowledge around Windows 7 deployment and provide some targeted learning recommendations to help you reach the top of your game. All questions are written by the same team who authored the Microsoft Certified IT Professional (MCITP) certification exams for Windows 7 so they are sure to test your knowledge around the tools and techniques used to do everything from taking a complete inventory and addressing application compatibility to application packaging and driver management. The best part is that, after completing the assessment, you will receive customized learning recommendations to help you strengthen your skills.

TechNet Edge: Application Compatibility vs. Security: A Delicate Balance
Multiple technologies exist to help you to make your legacy applications work on Windows 7, but what about security? Can all of these be used in a secure way or do you have to make a trade-off? If so, what are the risks? This presentation explores application compatibility technologies, best practices, and popular strategies such as shimming, Windows XP mode, Microsoft Enterprise Desktop Virtualization (MED-V), Internet Explorer Compatibility Mode, Enhanced Mitigation Experience Toolkit (EMET), and others—and looks at their impact on the security of the platform.

SOMETHING TO BLOG ABOUT

Next Release of Windows Intune Available October 17th
Windows Intune brings together Windows Intune cloud services and upgrade rights to Windows 7 Enterprise to help businesses simplify PC management and security while getting the benefits of a modern operating system. At Microsoft's Worldwide Partner Conference in July, we announced the beta for the next release of Windows Intune. Our next release of Windows Intune, which includes new features and updates to the July 2011 Beta, will be available on October 17, 2011.
Here is a quick reminder of just a few of the features that will be included in the next version:

  • Software Distribution: Deploy most Microsoft and third-party updates or applications to PCs nearly anywhere over the Internet.
  • Remote Tasks: Remotely perform the tasks such as full scans, quick scans, updating malware definitions, and restarts on Windows Intune managed PCs from the administration console.
  • Read-Only Access: Provide select administrators with read-only access to the administration console so they can view PC information as needed, but not perform any configuration tasks.
  • Enhanced Reporting: Create hardware reports based on new hardware filters for common hardware characteristics; create and save report parameters to make it easy and efficient to run a report again in the future.
For a full list of features—plus step-by-step guidance and video demonstrations to help you explore, deploy, and utilize Windows Intune in your organization—visit the Windows Intune Resource Zone on Springboard and check the Springboard Series Blog on October 17. You can also try the Windows Intune cloud service free for 30 days.

TIPS AND TRICKS

Chris Jackson

Take 2: Discovering 16-Bit Applications Before Migrating to 64-Bit Versions of Windows 7
By Chris Jackson, Principal Consultant, Microsoft Corporation

Back in 2009, I wrote an article on my blog about how to detect 16-bit applications present in your existing ACT inventory. Andreas Stenhall, one of our Windows Expert IT Pro MVPs, brought this to the forefront again in last month's edition of the Springboard Series Insider, taking my SQL query and writing some new text around it, reminding people of their ability to leverage existing data for new uses, even if this data isn't surfaced through the ACT user interface. But, the benefit of a couple of extra years with customers has led me to believe that this isn't the end of the line for this problem—it's still not perfectly solved.
When you think of the business questions you're trying to answer with this data, they are:

  • How many of my applications contain 16-bit code?
  • Which modules are 16-bit?
  • What do I do about that?
As for which of the applications contain 16-bit code, there's an immediate optimization, which Andreas notices but I think we should fix: it includes plain text files (such as .bat or .cmd files). Since those aren't 16-bit, then we should just go ahead and pull those out. They may be interesting, but not for this problem domain. I also think we could generate two different result sets - one which just includes the apps, and another that includes the details:
USE ACT56
GO
SELECT Applications.appName, COUNT(Static_App_Properties.fileName) AS numberOfFiles
FROM Static_App_Properties
INNER JOIN Application_Instance_Files
ON Static_App_Properties.identity_hash = Application_Instance_Files.filePropertyID
INNER JOIN Applications
ON Application_Instance_Files.appID = Applications.identity_hash
WHERE fileModuleType<>'32BIT' AND fileModuleType<>'64BIT' AND fileModuleType<>'UNKNOWN' AND propertyType='File'
GROUP BY Applications.appName
ORDER BY appName
GO
SELECT DISTINCT Applications.appName, Static_App_Properties.fileName, fileModuleType
FROM Static_App_Properties
INNER JOIN Application_Instance_Files
ON Static_App_Properties.identity_hash = Application_Instance_Files.filePropertyID
INNER JOIN Applications
ON Application_Instance_Files.appID = Applications.identity_hash
WHERE fileModuleType<>'32BIT' AND fileModuleType<>'64BIT' AND fileModuleType<>'UNKNOWN' AND propertyType='File'
ORDER BY appName
GO
The first result set makes is much easier to determine how many of your applications contain some 16-bit code; you merely have to count them (and, as an added bonus, it counts the number of 16-bit modules found). In my database, I found that I had 34 out of 1175 applications which contained some 16-bit code. So, I was better able to answer my first question: I have 16-bit code in 2.8% of my application portfolio.
Note, however, that I wouldn't necessarily just want to use this base query. You see, I have found 16-bit applications in my entire portfolio with this query—it does not include any rationalization work which I may have done! I could choose either to extend the query to include links to categories, and exclude my rationalization categories (which is how I personally implement rationalization), or I can just go and manually add these to the applications which I've chosen to keep in Application Compatibility Manager. Given that my SQL skills are somewhat atrophied, and there were only 34, to me it was fastest to do it manually. (Automation only pays off if you can amortize the effort to create the automation over enough instances of applications!) So, with a bit of automation and a bit of manual effort, I've been able to determine where I have 16-bit code. The second result set answers the second question - which modules should I look at? Now, on to the third question...
Now that I know where I have 16-bit code, what do I do with this data?
If you answered "go and remediate the app," you're probably going to end up spending more money than you need to. You don't know that it's broken! Once again, the general principle that automation tends to do better at answering technology questions than business questions comes into play. We also find ourselves victim to one of the shortcomings of static analysis: it can only tell you that the binary is there; it won't tell you if the application ever needs to execute the 16-bit component it chose to install. (You shouldn't interpret this as me not liking static analysis just because it isn't perfect. I also love bacon, despite its excessive caloric load.) For example, Adobe Reader 8 turns up a single 16-bit binary (SC_Reader.exe). I have run Adobe Reader 8 on many 64-bit systems. Clearly, that component wasn't invoked. Skype 4.0 also appears on my list, but it appears to package an icon into an exe (SkypeIcon.exe) and I doubt that executable code is ever called from this binary. In fact, many of the exes I found look as if they won't be a problem at all; the trained eye can spot those quickly.
So, once again, we find that application compatibility is best done with a triumvirate: good people, good tools, and a good process. The tools alone can lead to significant waste. Here, we optimize the use of our tools, and then apply our minds to come up with the fastest way to our ultimate goal: deployment.
Given that this is my second take on the problem, I'll just point out that I still think this could be better! I consider application compatibility to be an awful lot like academia. You can teach ideas, or you can take existing ideas and extend them in new and interesting ways. For we all stand on the shoulders of giants - and application compatibility is somewhat unique in that we don't have to keep our knowledge proprietary in order to make a living; there are more than enough broken apps to go around! So, how could you make this better still?
Chris Jackson, aka "The App Compat Guy," is a Principal Consultant and the Technical Lead of the Windows Application Experience SWAT Team. A widely recognized expert in the field of Windows application compatibility, Chris has created technical documentation, training, and service offerings used inside and outside of Microsoft based on years of real-world experience with enterprise customers and independent software vendors. He is the author or co-author of numerous technical papers and articles on the subject of application compatibility, and a contributor to TechNet Magazine. Chris is also a featured speaker at major industry conferences around the world, including Tech•Ed, IT Forum, and the Microsoft Management Summit.

COMMUNITY UPDATE

Free One-Hour Seminars with Windows Deployment and ConfigMgr Experts
October 6 and December 5, 2011; February 16, 2012
Join TrueSec, Microsoft Deployment MVPs Johan Arwidmark and Mikael Nystrom, and System Center Configuration Manager (ConfigMgr) MVP Kent Agerlund for insights into the latest news and tools in the world of Windows deployment, as well as tips and tricks gained from the field. Scheduled for October 6, the first session will provide an overview of the new functionalities and features in the forthcoming Microsoft Deployment Toolkit (MDT) 2012. Future sessions will discuss MDT 2012 in greater detail and explore new features and functionality in ConfigMgr 2012.

TechNet Radio: Tips and Tricks for Setting Up Windows Deployment Services
Now available on demand, this TechNet Radio podcast features Microsoft Setup and Deployment MVP Rhonda Layfield and provides her top five tips and tricks for setting up Windows Deployment Services (WDS) as well as a discussion of some key infrastructure issues that you can avoid.

OFFICE FOR IT PROS

Andy O'Donald

Office 2010 Security Controls for IT Pros
By Andy O'Donald, Product Manager, Microsoft Office

With Microsoft Office 2010, Microsoft invested heavily in security improvements and there are four key controls in Office 2010 to help IT pros: Data Execution Prevention (DEP) for Office applications, Office File Validation, expanded file block settings, and Protected View.

Lately, I've been receiving questions around trusted locations and Protected View. Specifically, I hear from IT pros that their users say they see the Protected View yellow bar too much. Using the Office Customization Tool (OCT) and group policy, you can control how frequently users experience protected view. The most impactful way to lower the appearance of the Protected View is to make sure certain locations are trusted by the client inside your organization. If you've already deployed Office 2010, it is still easy to update the trusted locations by creating a new MSP file and pushing it out like any other update.

Office 2010 Trust Center

You can find all of the Office 2010 security resources that are available today on the Office 2010 Security top task page in the Office Springboard Series TechCenter. Here are the top three Office 2010 security resources every IT pro should be familiar with:

Andy O'Donald is a product manager in the Microsoft Office team currently focused on Office deployment and Office 365. Check out his TechNet Radio interview for answers to common IT pro questions on topics such as Office 2010 planning, deployment tools such as the Office Migration Planning Manager, end user resources, and the Office Web Apps.

INTERNET EXPLORER IT CORNER

Accelerate Enterprise Application Compatibility for Internet Explorer 9
Group Policy provides an infrastructure for centralized configuration management of the applications that run on the Windows. By using Group Policy to configure Internet Explorer, you can configure a setting one time and enforce that setting on many computers. In comparison to techniques like scripting, Group Policy can be the most efficient way to affect many computers with a low risk of human error. You can configure Internet Explorer security settings in a GPO that you link to the domain, for example, and Group Policy can apply those settings to every computer in the domain.

We will soon be launching a Group Policy top task page on the Internet Explorer TechCenter to help you more easily locate recommendations, tools, and step-by-step guidance related to Group Policy. Until then, here is a list of the top resources available to IT pros today:

Getting Started with Group Policy

Group Policy Tools

Group Policy Settings in Internet Explorer

TWEET ALERT

This month, we're following a few individuals who support the motto, "for the community, by the community":

  • @JeffWouters — "Geek of all trades, proud carnivore, blogger, movie-freak, and music lover" who blogs and tweets around virtualization, often offering handy scripts (See Jeff? You asked to be listed and here you are!)
  • @KristinaLibby — Microsoft Communications Manager and blogger for the Windows Experience Blog interested in connecting with interesting people
  • @melindathrasher — Tech-y girl currently studying Computer Networking Systems at ITT Tech (and loving it), president of the student chapter of the Seattle Association of Information Technology Professionals (AITP)
  • @hekost (Heather Kostes) — Community Program Manager for the Microsoft MVP Program, social media enthusiast, geek wannabe, and fan of music and the arts

If you would like to be considered for this column, send a message to Stephen Rose via Twitter @stephenlrose and tell him, in 140 characters or less, why we should feature you next month. Also, for the latest information on what's going on here at Microsoft follow the Springboard Series @MSSpringboard.

EVENTS AND TRAINING

A Day with Microsoft Virtualization: Hyper-V, SCVMM 2012 and SCOM 2012
October 10 - December 15, 2011 - Central United States
Does your company use VMware? Are you sure it's the best choice? If you're eager to explore the cloud and alternative ways of building next-generation data centers, please join us for a technical look at the next set of Microsoft virtualization technologies and how they can help you harness the cloud—on your own terms. The morning session will take a look at Microsoft virtualization technologies and all the products you need to take your data center to the next level. We will do direct comparisons of Microsoft Virtualization and VMware, and get down to real facts about which is the best choice in terms of performance, management, and total cost of ownership. In the afternoon, provided you've brought a sufficiently powered laptop, you'll have a chance to get hands-on and explore these new technologies on your own terms. Ask questions, compare notes with your peers and get the answers you need. The day will wind down with a bonus session presented by a local IT Pro Evangelist to highlight additional topics, certification roadmaps, and more. Register today by visiting http://technetevents.com to save your seat for a free, full-day event in your area.

E-Learning Course 10242: Securing Windows 7 Desktops
This two-hour course describes how to configure Windows 7 security management tools. This course helps you prepare for the Microsoft Certification Exam 70-680: TS: Windows 7, Configuring. At the end of the course, students will be able to:

  • Explain the security management features of the Windows 7 operating system.
  • Configure local security policy settings on a client computer running the Windows 7 operating system.
  • Secure data by using Encrypting File System (EFS) and Windows BitLocker.
  • Configure application restrictions by using Windows AppLocker.
  • Configure User Account Control (UAC) settings.

E-Learning Course 10243: Configuring Network Security in Windows 7
This two-hour course provides an overview of the skills required to configure Windows Firewall, security-related settings in Internet Explorer, and Windows Defender. This course also helps you prepare for the Microsoft Certification Exam 70-680: TS: Windows 7, Configuring. At the end of the course, students will be able to:

  • Configure Windows Firewall on a Windows 7 client computer.
  • Configure security-related settings in Internet Explorer to help protect a Windows 7 client computer that is connected to the Internet.
  • Configure Windows Defender to help protect a Windows 7 client computer against malicious software.

UPCOMING WEBCASTS

Desktop Virtualization for the Education Industry
Thursday, October 06, 2011 10:00 AM Central Time
As education institutions look at alternatives to the traditional computer lab to serving up a more manageable and secure desktop to its students and external users, desktop virtualization can be seen as the ultimate solution. However, choosing which technologies are relevant and how they can be used together can be confusing. Explore the technologies that make up the joint Microsoft and Quest solution for delivering a virtualized desktop experience and learn how these technologies are currently being combined and used at education institutions today.

How to Leverage System Center to Manage and Optimize your Infrastructure
Tuesday, October 11, 2011 2:00 PM Eastern Time
The Microsoft System Center suite is a comprehensive set of technologies designed to evolve your device, datacenter, and IT management practices. Come take a look at what's new with System Center, and learn how to manage and monitor clients, servers, services, and assets as well as consolidate your infrastructure to help reduce data center costs.

TechNet Webcast: Information about Microsoft Security Bulletins for October (Level 200)
Wednesday, October 12, 2011 11:00 AM Pacific Time
Join us for a brief overview of the technical details of the Microsoft security bulletins for October. We intend to address your concerns in this webcast; therefore, most of the webcast is devoted to attendees asking questions and getting answers from Microsoft security experts.

Windows 7 Deployment - Why and How
October 25, 2011 9:30 AM Greenwich Mean Time
Attend this one-stop online conference to find out why Windows 7 makes sense for your organization and how it can be easily deployed to your users. This event will feature two tracks, one for implementers covering the nuts and bolts of deploying software, and another for strategic IT decision makers. The afternoon will offer a deep dive into deployment strategies, tools, and real world best practices.

Virtualization and Management: Device to Datacenter
Tuesday, November 01, 2011 8:30 AM Pacific Time
Join a virtual interactive panel discussion with Tony Scott and Brad Andersen to hear how enterprises can take advantage of the increase in personal devices in the workspace without affecting management or security. This event will explore managing consumer and professional devices in an enterprise environment, addressing the process and management IT challenges associated with virtualization, and much more.

Upcoming Springboard Series Technical Expert Program (STEP) Events:

  • Sinergija11 Day 3 Session: Windows Intune, don't worry, be happy (in the cloud)!
    Thursday, October 20, 2011 - Belgrade, Central Serbia
    If you will be attending Sinergija11, make sure to attend this day 3 session which will cover features and usage of Windows Intune from initial configuration to administration. Explore what Windows Intune can do from the distribution of updates, malware protection, and management of alerts and software reporting to license management and implementation of organization policies. This session will also cover the use of Microsoft Easy Assist tool, which gives the end user the ability to request assistance through desktop sharing with the helpdesk personnel.
  • Sinergija11 Day 3 Session: Office 365, everything you need to know for a successful implementation
    Thursday, October 20, 2011 - Belgrade, Central Serbia
    Do you need to move to the cloud? Office 365 is an excellent opportunity. This Sinergija11 day 3 session will cover all the main features and characteristics in Office 365 and explore the different scenarios that lead to a successful implementation in small companies and more complex environments. Join us to discover what you can do with Active Directory Synchronization, Federated Domains, and SharePoint Online, and discover the magic of unified communications with Lync Online.

SNEAK PEEK: FOR INSIDERS ONLY

The following resources will be released in October on the Springboard Series for Windows on TechNet. Bookmark or subscribe to our RSS feed and receive automatic notification when these and other resources, announcements, and downloads are released.

  • New demonstrations and tutorials to help you explore, deploy, utilize the October 2011 release of Windows Intune