The TechNet Webcast: Hardening Windows Server 2008 Deployments with the Windows Server 2008 Security Guide (Level 200) is one of the top-rated webcasts last month. Also available as podcasts (audio only): WMA | MP3
splogscreen: if you are reading this on some site other than http://blogs.technet.com/tonyso, why not come on over to the original site?
Download the Security guide here. You may also find the security survival guide post useful, as well as the Learning Paths for Security.
Sign up today for the free (signup required) Beta of SQL Server Data Services (SSDS). SSDS are highly scalable, on-demand data storage and query processing utility services. Built on robust SQL Server database and Windows Server technologies, these services provide high availability, security and support standards-based web interfaces for easy programming and quick provisioning.
From the FAQ:
SQL Server Data Services is a storage and query processing utility providing mega scale, high availability, reliability, and geo-distributed data services in the Cloud. Customers use the service on-demand, with no up-front cost. It eliminates the initial investment in hardware and software and the on-going cost for storage administration, scale maintenance. Developers and Service providers can quickly run their on-demand applications with minimal infrastructure cost.
Target Customer Scenarios:
A few friends over in the group that does security documentation for Microsoft prepared this survival guide. Enjoy. If you do, please leave comments.
Windows Server 2008 Security Survival Guide: Everything you need to evaluate, plan, deploy, maintain, or support Windows Server 2008 Security.
TechNet Security Center
Windows Server 2008 Technical Library: Security and Protection
Upcoming Live Security Webcasts
TechNet Virtual Labs: Security
Introducing Security and Policy Management in Microsoft Windows Server 2008
Windows Server 2008 Security Guide
Microsoft Security Tools
TechNet Security Virus Alerts
Microsoft Security Bulletin Search
Windows Server 2008 Health Models
TechNet Troubleshooting and Support
Connect with Community
TechNet IT Pro Security Community
Microsoft Security News Groups
Patterns and Practices Security Training
Microsoft Security Developer Center
Downloads, Help and Support, TechNet Technologies, and Scripting
Microsoft Download Center
Microsoft Help and Support
TechNet Products and Technologies
Active Directory Certificate Services
Active Directory Domain Services
Active Directory Federation Services
Active Directory Rights Management Services
Availability and Scalability
Network Policy and Access Services
Performance and Reliability
Security and Protection
Streaming Media Services
Windows Deployment Services
Windows SharePoint Services
Is this guide helpful? Does the Windows Server 2008 product documentation meet your needs? Let us know how we're doing. Send us mail: firstname.lastname@example.org Post to our newsgroup: microsoft.public.windows.server.documentation
To this guide I'd just one more resource: Windows SysInternals
Microsfot employees have enjoyed the benefits of Terminal Services in Windows Server 2008 since long before it was shipped. See how in the webcast: How Microsoft IT Deployed Windows Terminal Services 2008 and Terminal Server Gateway Technologies, scheduled Tuesday, March 18, 2008. You can also read the white paper:
This white paper discusses how Microsoft IT used Windows Server 2008 Terminal Services to create a scalable remote access solution that is accessible by using HTTPS connections from any location worldwide.
Windows Home Server GM Charlie Kindel tells all on this TechNet Edge video, including the most important reason why backup in WHS rocks. About 8 minutes in he tells the story. Moral of the story:
WHS backup protects your data - but most importantly - it protects your time.
You are a "jeff" or an "oliver" - otherwise you wouldn't be reading this blog. If you have not yet checked out WHS, ding yourself and get on it today.
For more information, check out http://www.stayathomeserver.com, Home Server blog, and Forum.
TechNet Edge has a new screencast on configuring Group Policy Preferences, including a really cool demonstration on how to configure filtering of Group Policy Preferences
Windows Server 2008 gives you 20 new Group Policy client-side extensions (CSEs) that expand the range of configurable settings in a Group Policy object (GPO). Also check out this spreadsheet listing the policy settings for computer and user configurations included in the Administrative template files (.admx/.adml) delivered with Windows Server 2008 and Windows Vista Service Pack 1 (SP1).
For example, how useful would it be if you could do things like limit log sizes by programmatically setting regkeys?
For more info see the Group Policy TechCenter.
Others who downloaded Group Policy Settings Reference for Windows Server 2008 and Windows Vista SP1 also downloaded:
Copy/paste and send the following link to your users who call with any issues for Vista SP1 install. They can select an option for Unlimited installation and compatibility support at no charge until March 18, 2009.
That's a few minutes of your "supporting end-users - including friends and family" life back, enjoy.
The Microsoft Remote Server Administration Tools (RSAT) enables IT administrators to remotely manage roles and features in Windows Server 2008 from a computer running Windows Vista with SP1. It includes support for remote management of computers running either a Server Core installation or the full installation option of Windows Server 2008. It provides similar functionality to Windows Server 2003 Administration Tools Pack.
splogscreen: if you are reading this on a site other than http://blogs.technet.com/tonyso, why not come to the original site for a visit?
Check out the Edge video. And the Windows blog.
Download RSAT here:
You already learned that the RSAT launched yesterday. I blogged it and about so did at least 24 other technet bloggers that I know (I can't read all the languages, but I *think* it got good coverage). More than 100 other bloggers picked it up overnight according to technorati.
Now you can enjoy the TechNet Edge video, and podcast. And the Windows blog.
If you need to control/prevent WS2K8 server communication to the internet, you need the
splogscreen: if you are reading this on a site other than http://blogs.technet.com/tonyso, come on over for a look at the original posting site.
This white paper provides information about how to limit, control, or prevent WS2K8 server internet communication, such as browser and e-mail technologies, but also automatic updating that help you obtain the latest software and product information, including bug fixes and security patches.
You may also be interested in the Vista paper: Using Windows Vista: Controlling Communication with the Internet
Windows Vista Service Pack 1 Five Language Standalone Released
Windows Vista Service Pack 1 (SP1) is an update to Windows Vista that addresses feedback from our customers. In addition to previously released updates, SP1 contains changes focused on addressing specific reliability, performance, and compatibility issues; supporting new types of hardware; and adding support for several emerging standards. SP1 also will continue to make it easier for IT administrators to deploy and manage Windows Vista. Windows Vista Service Pack 1 Five Language Standalone version can be installed on systems with any of the following language versions: English (US), French, German, Japanese, or Spanish (Traditional).
Also, Windows Vista Service Pack 1 Five Language Standalone for x64-based Systems.
splogscreen: if you are reading this someplace NOT http://blogs.technet.com/tonyso, please come on over for a visit.
You already know about the free Microsoft Assessment and Planning (MAP) Solution Accelerator to help you with virtualization and desktop migration planning, right? (MAP was formerly know as Vista Hardware Assessment)
**Ann Coulter End Note: If you like what you are reading, and you are not at http://blogs.technet.com/tonyso, why not stop patronizing splogs and come visit?
There is a spiffy new TechNet forum for it here.
For example, this thread details the differences between MAP and SMS, including:
MAP* Agent-less remote inventory* Designed for one-time migration and deployment of OS and virtualization* Out-of-the-box pre-defined Excel and Word reports for Windows Vista Readiness, Windows server 2008 Readiness, Virtualization Candidacy, as well as Office 2007 hardware assessmentsSMS* Agent-based inventory* Designed for on-going management and operations* Reporting is possible but will require customization efforts
For consumers trying to figure out desktop upgrade, there is
Windows Vista Upgrade Advisor: http://www.microsoft.com/windows/products/windowsvista/buyorupgrade/upgradeadvisor.mspx
In the beginning, there was the Virtual Machine Remote Control (VMRC) client. The IT Pro, running Windows XP, used this to manage VMs running on Virtual Server 2005. Or not, sometimes he used Terminal Services direct to the VM, sometimes the tools native in Virtual Server, but I digress.
In November 2007 TechNet Magazine highlighted VMRC+. Then System Central Virtual Machine Manager provided a self-service web page that allowed IT Pros to let bunches of other VM admins access their VMs.
32-bit, 64-bit, domain-joined, not domain-joined - things get complicated.
Today - to administer Windows Server 2008 from a Windows Vista SP1 machine (including the hyper-V role) you get:
Microsoft Remote Server Administration Tools for Windows Vista SP1 32-bit Edition (KB941314)
Microsoft Remote Server Administration Tools for Windows Vista SP1 64-bit Edition (KB941314)
Plus the Hyper-V management tools (MMC snap-in and associated UI)
x86: Update for Windows Vista (KB949758) x64: Update for Windows Vista x64 Edition (KB949758)
and of course there are lots of pre-reqs and gotchas* involving WMI, firewalls, certificates and UAC settings.
*After installation, Hyper-V Manager is available under Administrative Tools on the control panel. There is no direct shortcut created for Virtual Machine Connection.
*In Windows Vista, Administrative Tools are not, by default available on the Start menu. To fix this:
MSDN has launched a new site that hosts about 300 Free (Windows LiveID signin required) code samples so far that the community has decided to share. Check it out, you can find some usefull apps and tools, including:
Resource Page Description
Remote Tool for Windows CE and Windows Mobile based smart devices allows you to control processes running on the smart devices and view device information from the desktop computer.
Out Loud for Outlook
Would you like to see an IT Pro version of Code Gallery on TechNet? What features would you like to add/modify? Leave feedback here or send mail to email@example.com and I will forward them to the Dev team.
The Windows Server 2008 Network Shell (Netsh) Technical Reference has published into Download Center and the WS2K8 Technical Library on TechNet. This weighty tome (700 pages hard-copy) provides a comprehensive command reference for networking technologies such as Dynamic Host Configuration Protocol (DHCP), Network Policy Server (NPS), Network Access Protection (NAP), and Routing and Remote Access Services (RRAS), among many other technologies for which there are netsh commands.
spogscreen: if you are reading this somewhere other than http://blogs.technet.com/tonyso, why not come over for a visit to the original poster?
Netsh commands offer an alternative to configuring network technologies using the Windows interface. You can run netsh commands in batch files and scripts, and you can run them from the netsh prompt by manually typing commands. You can use netsh commands to configure both local and remote computers.
Add your voice in the new forum for the upcoming IT Pro version of Code Gallery. What would you like to see in the IT Pro version of Code Gallery? What would you NOT like to see? Is it as simple as "PowerShell"? Or is the answer more complicated? Let's discuss here.
How Microsoft Deployed and Manages Microsoft Forefront Client Security
is an IT Showcase presentation detailing the planning, deployment and ongoing management of what is currently the largest implementation of Forefront Client Security with a supported node population of 40,000.
Check out the Forefront Client Security Technical Library, Forum, and blog.
Somtimes you just need the comprehensive list of things to reverse-lookup something. Some folks just like to read every page of the manual. For both groups, and IT Pros with a strong CYA sensibility, there is the Group Policy Settings Reference for Windows Server 2008 and Windows Vista SP1.
splogscreen: if you are reading this on some site other than http://blogs.technet.com/tonyso, why not come on over to the orginal blog?
Note: This does not include security settings that exist outside of the Security Settings extension (scecli.dll), such as Wireless Network extension, Public Key Policies, or Software Restriction Policies.
The Group Policy Settings Reference for Windows Vista is here. Read more about Group Policy on the TechNet page. You can use The Microsoft Group Policy Diagnostic Best Practice Analyzer (GPDBPA) for Windows XP and Windows Server 2003 to help identify Group Policy configuration errors or other dependency failures that may prevent settings or features from functioning as expected.
You may also want to read Information about new Group Policy preferences in Windows Server 2008.
As an IT Pro, what is your opinion of the Office 2007 new ribbon UI, called "Fluent"? Is it helping or hindering your user's productivity? Do you want to see more of it? Leave feedback and I will channel to the teams involved.
A recent Infoworld article says:
In a presentation at the Microsoft's 2008 Office System Developer Conference in San Jose, Calif. last month, Microsoft Chairman Bill Gates characterized the Office Fluent UI as a success and said the company would be adding its capabilities to other systems. "We usability-tested it massively and, fortunately, it has had a very strong positive reaction," Gates said.
Top 2 - FREE eval versions. Big surprise? Not so much...show me an IT Pro that doesn't like free eval version of enterprise software, and I'll show you...something...not very muchly seen around...much.
Except maybe for the really laz...er...time-challenged ones that want on online test drives, like the Virtual Lab on Windows Server 2008 Server Core instead of a download. For everyone else we offer:
'Course, searching for WS2K8 downloads doesn't tell you that there are some "client" DLs IT Pros want as well:
splogscreen: if you are enjoying this post on some site that is NOT http://blogs.technet.com/tonyso, come over and look at the original.
Want fries with that?
Windows Server 2008 Component Posters
Windows Server 2008 Component Posters, originally printed in the July 2007 issue of TechNet Magazine.
Microsoft Assessment and Planning
The Microsoft Assessment and Planning Solution Accelerator is a tool that makes it easy for you to assess your current IT infrastructure for a variety of technology migration projects. It includes the features previously provided with the Windows Vista Hardware Assessment Solution Accelerator.
This Solution Accelerator helps organizations efficiently create, deploy, and maintain a secure environment for a variety of servers running Windows Server® 2008.
Infrastructure Planning and Design
The Infrastructure Planning and Design (IPD) guides are the next version of Windows Server System Reference Architecture. The guides in this series help clarify and streamline design processes for Microsoft infrastructure technologies, with each guide addressing a unique infrastructure technology or scenario.
Windows Server 2008 Step-by-Step Guides
These step-by-step guides help IT Professionals learn about and evaluate Windows Server 2008.
Changes in Functionality from Windows Server 2003 with SP1 to Windows Server 2008
Describes features and technologies in Windows Server 2008 added or changed since Windows Server 2003 with Service Pack 1 (SP1).
Windows Web Server 2008
Windows Server 2008 helps IT professionals to increase the flexibility and reliability of their server infrastructure while offering developers a more robust web and applications platform for building connected applications and services.
The "heroes" that run a little operation called microsoft.com have started a forum to exchange info with IT Pros worldwide. I had my reservations about the marketing folks going with the "heroes" theme for launch. Not because IT Pros are not unsung heroes, just 'cause most of them I know don't think of themselves that way. Most of them do what they do in order to help others get all they can out of technology.
By pretty much any measure though, it doesn't get much more alpha-IT Pro than operations at microsoft.com.
Check out their new forum. In their own words, here's what you'll find:
"engineers who design, architect, deploy, manage, and sustain highly available, scalable, and secure on-line infrastructures based on Internet Information Services (IIS), SQL Server, and other Microsoft technologies. The major properties supported are www.microsoft.com, Microsoft® Update, Microsoft Download Center, MSDN® and TechNet.We want to engage in real-world engineering discussions and share our experiences that have resulted from running some of the largest and most heavily visited sites on the Internet."
These guys are awesome. The kimono don't get more open than this folks.
Top Windows Server Security and Updates Downloads for March 2008:
Windows Vista Service Pack 1 Five Language Standalone (KB936330)
I was a victim of ID theft this last week. Luckily, my credit card company (and their AI) were vigilant and phoned me on the weekend, and I was able to cancel the account before too much <financial> damage was done.
I am now still faced with the fact that this compromise throws all my personal system security in doubt. According to the 10 Immutable Laws of Computer Security:
“It's an unfortunate fact of computer science: when a computer program runs, it will do what it's programmed to do, even if it's programmed to be harmful. When you choose to run a program, you are making a decision to turn over control of your computer to it. Once a program is running, it can do anything, up to the limits of what you yourself can do on the computer. It could monitor your keystrokes and send them to a website. It could open every document on the computer, and change the word "will" to "won't" in all of them. It could send rude emails to all your friends. It could install a virus. It could create a "back door" that lets someone remotely control your computer. It could dial up an ISP in Katmandu. Or it could just reformat your hard drive."
spogscreen: if you are reading this on any site other than http://blogs.technet.com/tonyso, please come on over to the original post.
So, now all my personal systems are untrusted. This means a weekend of rebuilding my home network and the PCs from original media to ensure integrity, restoring required backups of music and pictures (thanks WHS!) and working through the following checklist:
Contacting my financial institutions to ensure no accounts have been taken over or been created in my name without my knowledge. I get an average of 2 unsolicited “pre-approved” credit cards per week in the mail for example. If my bad guys have physical access to my recycling can – they can grab these and open accounts. I wouldn’t know for weeks.
Change my Automated Teller Machine (ATM) card, account, and Personal Identification Number (PIN).
Contacting all creditors that the bad guys defrauded. For example, checking every online bill-payee – such as my long-distance telephone company.
Pre-emptive filling out the ID Theft Affidavit at http://www.ftc.gov/bcp/conline/pubs/credit/affidavit.pdf to dispute new unauthorized accounts.
Contacting the fraud departments of the three major credit bureaus at http://www.consumer.gov/idtheft/recovering_idt.html#9 and place a Fraud Alert on my files.
File a report with my local Police Department, so I have a copy in case any creditors require proof of the crime.
File a complaint FTC: Online at https://rn.ftc.gov/pls/dod/widtpubl$.startup?Z_ORG_CODE=PU03
Contact my postal inspection service in case my bad guys has submitted a change-of-address form with the post office to redirect my mail, after sending in one of those “pre-approved” CCs: http://www.usps.com/nationalpremieraccounts/findlocators.htm.
Notifying the Social Security Administration at http://www.ssa.gov or and IRS at http://www.irs.treas.gov.
MSNBC reports that beginning next month, The BL will upload the quartos so that we will be able to compare images side-by-side, search and tag the texts.
Why is this important? We do not have his plays in his hand. The quartos are the closest thing we have, some of them have what is believed to be his hand-written notes in the margins. Eighteen of Shakespeare’s plays had appeared in quarto editions by the time of his death in 1616. Another three plays were printed in quarto before 1642. In 1623 an expensive folio volume of 36 plays by Shakespeare was printed, which included most of those printed in quarto.
Lo these many years, only those scholars that could afford to travel to and spend time in the Bodleian Library in Oxford and Folger Shakespeare Library in Washington DC could pore over the quartos in detail.
In the 1603 quarto of Hamlet, we find:
Hamlet: To be, or not to be, I there's the point, To Die, to sleep, is that all? I all...
In the 1605 quarto we find:
Hamlet: To be, or not to be, that is the question, Whether tis nobler in the mind to suffer...
The "first quarto" (Q1) also has a Queen/Horatio scene after Ophelia’s mad scene that suggests a conspiracy between Hamlet’s supporters to counter the King/Laertes conspiracy scene.
Hopefully all the participating libraries will offer this free, but you will be able to purchase and DL facsimile copies from Octavo.
There is a new TechCenter today, check out the Microsoft Online Services TechCenter. Is this the future of IT?
The intro information includes:
"Microsoft Online Beta services provide your company or organization with key communication and collaboration services over the Internet. By subscribing to one or more of the Microsoft Online services, your company is connected to a reliable hosted services platform that reduces the need to deploy and maintain on-premise IT services.
The Microsoft Online family of services delivers the following suite of services to businesses:
The beta version of Microsoft Online is intended to allow companies to “test drive” its services and features. When you sign up for the service, your company is provisioned for a limited number of users and limited amount of mailbox and SharePoint Online storage. "