Curious George lists top-rated WS2K8 videos from TechNet Spotlight here. Reprinted below for the lazy...er...time-challenged. You may wonder why these don't appear on the How-to videos list of the new WS2K8 TechCenter - it turns out that the only videos we can list on that feed are videos that are available in the download center. So, unitl I can get that changed keep watching your favorite bloggers!

 Windows Server 2008 Deployment Overview - Michael Niehaus, Tim Mintner

 The 10 Most Important Things About Failover Clustering - Jim Teague

 Power Management: Windows Server - Stephen Berard

 Dynamic Partition: Windows Server - Davis Walker

 Windows Server Longhorn - Iain McDonald

 Windows Server virtualisation - solution scenarios - David Hitchen

 Windows Server 2008 Kernel Advances - Mark Russinovich

 Active Directory Domain Services in Microsoft Windows Server 2008 - Stephanie Cheung

 Virtualization in Windows Server - Mike Neil

 Managing Windows Server 2008 with Server Manager - Dan Harman

 Using Group Policy with Windows and Windows Server 2008 - Mazhar Mohammed, Derek Melber

 Microsoft.com: Employing Windows Server 2008 and Internet Information Services 7 - Paul Wright, Brad LeRoss

 Living the Longhorn Life: What's Up With Windows Server 2008 - Mark Minasi

Microsoft.com has posted a nifty grid at https://www.microsoft.com/windowsserver2008/en/us/compare-features.aspx that shows you which versions of Windows Server 2008 are required for the new features:

New and Updated Features in Windows Server 2008

	KEY:	= Not Available	= Available

New/Updated Features	Enterprise	Datacenter	Standard	Web	Itanium	License Requirements
Internet Information Services 7.0						Covered by server license. No incremental licensing requirements.
Hyper-V						Covered by server license. No incremental licensing requirements.
Network Access Protection						Covered by server license. No incremental licensing requirements.
AD Rights Management Services (RMS)						Covered by server license, but incremental RMS CALs required, similar to Terminal Services.
Terminal Services Gateway and RemoteApp						Covered by server license, but incremental TS CALs required, similar to AD Rights Management Services.
Server Manager						Covered by server license. No incremental licensing requirements.
Windows Deployment Services						Covered by server license. No incremental licensing requirements.
Server Core						Covered by server license. No incremental licensing requirements.

If you have an issue after your initial setup of Windows Server 2008 Terminal Services, you can make use of the troubleshooting section on TechNet. Here are some additional things to check, and steps to consider:

1. Check that the TS server role is installed using Server Manager tool - you should see the TS server role is installed and the status icon shows green.
2. Check that a SSL certificate is installed. TS Gateway server needs a SSL certificate which is trusted by IE or Windows.  For more details, see the Terminal Services Authentication and Encryption troubleshooting topic.  You must install the SSL certificate for the TS Gateway server using the TS Gateway Admin tool only.  If you are not sure about how you installed your SSL certificate in the first place during server install, it is ok to reinstall the certificate using admin tool again. Make sure SSL certificate “subject name” matches the Gateway server FQDN name.
3. Check that Terminal Services Gateway service is running using the Service Manager - verify that  “Terminal services Gateway services” is set to auto start and running.
4. Check that a “Connection Authorization policy” (CAP) has been created and that you have added the user/groups you want.
5. Check that a “Resource Authorization policy” (RAP) has been created and permissions assigned to a Resource Group.
6. Check/Enable full auditing using the TS Gateway admin tool to enable the full auditing on both successful and failed connections.
7. Check for error messages in the NT event log for TS Gateway server.
8. Check the TS Gateway admin tool startup page (home page) for warning messages or outstanding steps to be completed.
9. Check end-to-end connectivity: 
• Follow the TS Gateway Server Step-by-Step Guide for help on configuring the TS client to use the Gateway server -- make sure you have selected “Use these Settings” radio button under TS Gateway server settings available under “Advanced” tab. 
• Make sure you have entered a valid Gateway server name. 
• Make sure you have entered a full FQDN name for the Gateway server if you are testing using an Internet connection. 
• Make sure you have unchecked “By pass TS Gateway server for local addresses” checkbox.
• Leave the authentication method to default - “Ask for Password (NTLM)” for testing purpose. 
• Make sure that a "corporate CA certificate” public key certificate is installed on the Vista client machine.  
   
  

Chapter 11 of the Windows Server 2008 Security Guide: Hardening Terminal Services is now live on TechNet.

The details of the attack surface for the Terminal Services role(s) are included in the Windows Server 2008 Attack Surface Reference workbook included in the Guide. The Terminal Services role has the greatest attack surface and requires more configuration settings than the other role services discussed in the Guide. However, only the TS Gateway role service has specific security configuration changes. There are no additional steps to secure the TS Licensing, TS Session Broker, and TS Web Access role services.

Table 11.1 summarizes the recommended security configuration tasks for hardening servers performing the Terminal Services role, including:

• Configure the network level authentication.
• Enable Single Sign-On for Terminal Services.
• Enable secure use of saved credentials with Windows Vista RDP clients.
• Change the default RDP port.
• Use smart cards with Terminal Services.
• Use the NTFS file system.
• Use TS Easy Print exclusively.
• Partition user data on a dedicated disk.
• Create specialized OUs for terminal servers.
• Set Group Policy settings for the terminal servers.
• Set Group Policy settings for the remote desktops.
• Restrict users to specific programs.
• Limit terminal server security auditing.

The Windows Server 2008 Security Guide is designed to further enhance the security of the servers in your organization by taking full advantage of the new and improved security technologies and features in Windows Server 2008. Use the guidance to create, test, and deploy your security baseline quickly and reliably, harden your server workloads, and evaluate security setting recommendations to meet the requirements of your environment.

Along with the online version above, the Windows Server 2008 Security Guide is also available as a download and includes the following components:

• Executive Overview. A summary for business and technical managers that briefly explains how you can use the guidance and the tool for this Solution Accelerator.
• Security Guide. Recommended guidelines and best practices in a series of chapters that offer detailed guidance on how to harden servers running Windows Server 2008 that handle different workloads, including those for Active Directory Domain Services (AD DS), DHCP, DNS, Web, File, Print, Active Directory Certificate Services (AD CS), Network Policy and Access Services, and Terminal Services.
• Security Settings Recommendation Appendix. A comprehensive technical reference that explains every prescribed security setting in the security guide.
• Security Settings Workbook. A resource that lists all prescribed settings for each of the preconfigured security baselines provided by the guide.
• Attack Surface Reference Workbook. A resource that lists the changes that installed server roles introduce in Windows Server 2008.
• GPOAccelerator. A tool that you can use to automatically create Group Policy objects (GPOs) recommended by the guide, which is available as a separate download. To learn more about the GPOAccelerator and download the tool, click here.

Suicide claimed Ric Weiland (one of the founders of Microsoft), and a local Seattle-area friend of a friend, author Stevie Kallos. You can read about his story, and one way you can help here.

The Out of the Darkness Overnight Experience is a 20-mile walk over the course of one night (June 21 in Seattle). Net proceeds benefit the American Foundation for Suicide Prevention, funding research, education, and awareness programs – both to prevent suicide and to assist those affected by suicide.

If you liked the Windows Vista Hardware Assessment, you will love the free Microsoft Assessment and Planning Solution Accelerator. Free, agent-less deskotp and server assessment, including hardware and device inventory, compatibility analysis, and readiness pre-fab reports that'll make you look like the genius you are to upper management. Salty goodness.

This release also includes new features for gathering performance metrics from computers you are considering for consolidation using Microsoft Virtual Server 2005 R2. Using the performance metrics and a model virtual server host computer, you can generate reports that recommend placement of the physical servers in a virtual server environment.

This tool incorporates the assessment features provided by the Windows Vista Hardware Assessment Solution Accelerator, including localization of the Windows Vista assessment reports in French, German, Japanese, Korean, Spanish, and Brazilian Portuguese.

System Requirements

Others who downloaded Microsoft Assessment and Planning Solution Accelerator also downloaded:

1. Windows Vista Upgrade Advisor 1.0
2. Microsoft Application Compatibility Toolkit 5.0

TechNet Edge has a couple of good videos:

Check out the new troubleshooting information on TechNet, we think you'll like it. F'rinstance, the tshooter for TS Gateway:

1. Terminal Services RemoteApp applications appear no different than local applications, tightly integrated with the task bar and new Windows Vista features like 3-D flip. Terminal Services RemoteApp helps improve the end user experience and reduce training requirements.
2. Terminal Services Gateway provides a highly secure connection between internal applications and data to users outside the firewall.  It delivers critical applications and data to mobile employees without additional VPN infrastructure.
3. Terminal Services Web Access helps simplify application deployment by making applications available from a web page or a SharePoint portal without installing them on the local PC. Speed application deployment by quickly connecting users with the applications they need.
4. Terminal Services Session Broker delivers session-based load-balancing to a Terminal Services Farm. Terminal Services Session Broker helps bring better uptime and performance to your Terminal Services environment.
5. Terminal Services Easy Print leverages the client-side print driver (no server side driver needed) to enable fast and reliable printing to a local or network-attached printer. End users can more productively work from remote locations.

For More Information:    http://www.microsoft.com/windowsserver2008/terminal-services/default.mspx
 
Terminal Server 2008 Technical Resources: http://technet2.microsoft.com/windowsserver2008/en/servermanager/terminalservices.mspx

IT Pro tribal wisdom says that Microsoft gets it right at about version 3. TechNet has a new release of search (3.0, 'natch), with new "refinements" that allow you to easily scope to forums, or the KB. The events and errors db is now indexed! You can get nifty tips as well such as:

Search Tips

If you used RADIUS servers to provide centralized authentication, authorization, and accounting of your clients connecting to network resources, you know that in Windows Server 2003 this was called Internet Authentication Service (IAS). Look for IAS in Windows Server 2008 and you might spin your wheels. This service now is part of Network Policy and and Access Services. The server role providing these services is called the Network Policy Server (NPS).

You can deploy NPS as a proxy, Network Access Protection (NAP) policy server and as a Remote Authentication Dial-in User Service (RADIUS). RADIUS is an Internet Engineering Task Force (IETF) protocol that provides centralized authentication, authorization, and accounting for network access. RADIUS proxies forward RADIUS messages between RADIUS clients (network access devices) and RADIUS servers.

The Cable Guy has a great article introducing you to the changes to IAS in the December 2007 TechNet Magazine. For example, the new management snap in has some changes:

• Remote access policies have become network policies and have been moved under the Policies node.
• The RADIUS Clients node has been moved under the RADIUS Clients and Servers node.
• There is no longer a Connection Request Processing node. The Connection Request Policies node has been moved under Policies and the Remote RADIUS Server Groups node has been moved under RADIUS Clients and Servers.
• Remote access policy conditions and profile settings have been reorganized on the Overview, Conditions, Constraints, and Settings tabs for the properties of a network policy.
• Connection request policy conditions and profile settings have been reorganized on the Overview, Conditions, and Settings tabs for the properties of a connection request policy.
• The Remote Access Logging folder has been renamed the Accounting node and no longer has the Local File or SQL Server nodes.

Check out the new features in TechNet Forums, including: increased discoverability with tagging, real-time updates, and additional RSS feeds. You can create your own avatar, earn participation medals, and create affiliations that showcase your Forum engagement. Full text and code editors make each post easier to create and find.

To learm about the new features, watch a video or read the FAQ Need Help with Forums?

While you are here, if you have not yet taken a look, stop by The Edge as well.

Vista SP1 RTM was 2/4/08. All your users can get it in mid-March via Windows Update and the Microsoft Download Center. IT Pros can get it today if they are TechNet subscribers. Just log on to your TN subscription home page and check the "Top Subscriber Downloads" section.

Basta. Content thee.

Say that 10 times fast, no, really, try. SEO is a most tricky thing from a writer's perspectiuve, but, if that headline helped you find this content - that's all that matters to me.

Some great (fairly short) IT Pro videos for you to check out:

• Server Core Remote Management
• 10 cool things to do with the Powershell
• Enabling a Remote Workforce
  Allowing External Users to Manage IIS7 Web Applications
• Securing Branch Office User Accounts

Enjoy!

Pst, there is a scroll of How To videos now on the new Windows Server 2008 TechCenter.

The conversation about respecting copyright around music with my teenagers started  like this: "Dad, if it was illegal for me to copy my friend's music CD, would Media Player say Rip Music??"

If, like mine, your teens seem to listen easier to peers, rock stars, homeless people - ANYONE rather than their parent - then Microsoft's beta MyBytes website may be what you are looking for.

Spoonfull of sugar = ringtones, Music Mixer, community

Medicine = education about intellectual property law

For example:

"Microsoft's survey found that about half of the teenagers surveyed (49%) said they are not familiar with the rules and guidelines for downloading content from the Internet. Only 11% understood the rules well, and of those, 82% said downloading content illegally merits punishment. Among those unfamiliar with the law, only 57% supported punishment for intellectual property violations."

The Staysafe blog has some great resources, including my fav: "Why Social Engineering Always Works".

If you want to know the Microsoft way to write secure web apps, check out this post with an extensive list of Microsoft resources.

IT Pro. Developer. Microsoft serves content to these audiences on two sides of an organizational divide. Technet/blogs.technet.com for IT Pros, and msdn/blogs.msdn.com for Developers. However, we all know that there is a significant - and growing - number of you who spend time in both camps.

The new SQL Server TechCenter on TechNet and Developer Center on MSDN have content links that takes you over to the content on the other propery. Check out the upper right-hand corner of this page, for example: http://technet.microsoft.com/en-us/sqlserver/bb895957.aspx.

The site manager blogs about it here: http://blogs.technet.com/sqlserverweb/archive/2008/01/09/what-s-new-on-the-sql-server-tech-and-developer-centers-9-jan-2008.aspx.

What do you think? Is this helpful to you? Worth expanding across all content on both properties? Leave comments.

Apologies to you Bruce Cockburn fans, I have a condition that lowers my resistance to puns and obscure 90's culture references...this blog headline is a two-fer.

The Microsoft Diagnostics and Recovery Toolset is probably the best known secret weapon in the Software Assurance Desktop Optimization Pack Microsoft aquired with superstar Mark Russonovich.

Any IT Pro that doesn't know it yet is gonna fall in love.

DaRT is a set of tools that can help you diagnose system problems—even if a system is not booting properly. For example, ERD Commander utilizes Windows PE to boot a system that is not booting or is not booting normally. Crash Analyzer and FileRestore are available for online use as well.

Psst - did you know that there is a 30 day eval version of DaRT  you can download if you do not have SA? Keep it under your hat, kay? Did I mention, FREE? Even though DaRT is released as part of Desktop Optimization, you have trouble tickets that have a client component, no? For example, this KB that tells you how to use Filemon to troubleshoot SoftGrid issues...

System Requirements

There's an interesting new video on TechNet edge. This one shows background on the folks creating the Infrastructure Planning and Design Guides, with focus on the Server 2008 terminal services infrastructure planning & design guide (IPD).

This phrase is sometimes translated as "translator, traitor!" Too many times in the past, a new version of a product not only does not care about the previous version, to the extent that it considers itself as "innovating", wants new users to put the hate on the old product.

Love it, hate it, Office 2007 is different from Office 2003 and your users may have trouble at frist making the switch - "translating" how they used to do a thing into the new UI. Show of hands - how many of you have gottent the question " Hey, where did they put the <foo> button?"

Here is the Office online URL you can send to your users that allows them to get the translation from the old "way they knew how to do it" to the new way: http://office.microsoft.com/assistance/asstvid.aspx?assetid=XT100766331033&vwidth=1044&vheight=788&type=flash&CTT=11&Origin=HA100744321033.

Siete benvenuto.