In the recent deployment sessions on Windows 7 you might remember me discussing the importance of planning when deploying a new operating system. Well the Solution Accelerator team would like to announce that the MAP Toolkit 5.0 CTP is now available for download.
The MAP 5.0 CTP includes the following new features:
- Heterogeneous Server Environment Inventory for technologies including Windows Server, Linux, UNIX and VM Ware.
- Ability to determine usage of deployed System Center Configuration Manager, a member of the Core Client Access License Suite.
- Readiness assessment for migration or upgrade to Microsoft Office 2010.
In addition to these new features MAP provides a host of other feature which I outlined in my previous post on MAP 4.0.
Next Steps
Jeffa
This month in TechNet Magazine Online; Windows Server 2008 R2 is featured along with some other good information for deploying Windows 7. Yes Windows 7 is out and is getting a lot of attention. But don’t forget about this important release of Windows Server. Check out the details below!
As always there is heaps of great information in the latest TechNet Magazine. So make sure you set aside to read some of the in depth articles.
Jeffa
Managing storage is something administrators struggle with. I know when I was in Microsoft IT one of the biggest 
issues we had was data that was aged and no longer being accessed but still taking up an enormous amount of space. Organisations need to manage data more efficiently and they need to gain insight into their data so they can reduce the cost of storing it, maintaining and managing it. The next frontier for administrators is to be able to manage data based on business value.
Windows Server 2008 R2 introduces the File Classification Infrastructure (FCI) which is a built in solution for file classification that enables manual processes for classifying data to be automated with predefined policies based on the value of that data to the business. FCI’s out of the box functionality provides the ability to define the following:
- Classification Properties
- Automatic Classification – Using these automatic rules FCI can classify files according to the folder in which they are stored or based on the contents of the files.
- Manual Classification – Files can be manually classified based on the file properties interface built into Office system files. When you use this interface FCI will recognize the properties.
- LOB Applications and Scripts – Using an API LOB applications and scripts can set classifications on files
- File Expiration – This is probably going to be the biggest one for organizations. What do you do with
stale or unused data? It’s often a manual task. When I was in IT we used third party tools to scan data that was aged or unused. I remember one scan we did that showed the 75% of the data we had on our file servers had not been touched in 18 months! Yet it was taking an enormous amount of space on our file servers. It was also a convoluted process to analyse this data. Now with FCI administrators can now run scheduled tasks that expire files based on age, location and other classification properties. Administrators can move the files to another location, alert users when data is going to be moved and backup that data in case it needs to be called upon in the future. - SharePoint Integration – FCI integrates with Office SharePoint Server 2007 so any file classification defined for Office files carries through to files uploaded to SharePoint sites.
In addition to what FCI provides in box; perhaps the powerful feature is that FCI is an extensible API which allows ISV’s and developers to build end-to-end solutions based on the FCI architecture. Check out some of the partners that already have solutions in this space.
So I wanted to spend the rest of this post talking about how you install it on Windows Server 2008 R2 and what you can do with it.
Installation
- Installation is easy. The File Classification Infrastructure is installed when you install the File Services role in Windows Server 2008 R2. I’ve done this already on one of my highly available file server virtual machines.
- During the install you will be asked to install role services for for the File Server Role. Make sure you choose the File Server Resource Manager. This will give you the FCI UI plus all the other tools to manage your file servers.
- Once you have the File Services role installed you will see a section under the File Resource Manager called Classification Management. This is where you configure Classification Properties, Classification Rules and run File Management Tasks.
- Next you are going to want to setup some classification properties for your data. In the example below I’ve setup some basic properties to include Business Impact, Expiring Files and Personally Identifiable Information.
- The next thing is to setup Classification Rules which are used to evaluate which values should be assigned to properties for files on the server. For example I’ve setup a Classification Rule that uses the Content Classifier mechanism and the Business Impact Property with a value of Medium. This was defined in classification properties.
To learn more about FCI check out the technical whitepaper, videos on Channel 9 and of course the Storage Team Blog’s post’s on FCI.
Jeffa
Now when are we going to get one of these in Sydney?
Technorati Tags:
Microsoft Storejeffa
The video’s on Windows 7 are coming thick and fast now and I thought this one would be cool to mull over for the weekend. Enjoy!
I like it!
Jeffa
Now that Windows 7 has been released we have started to show our new advertising. “I’m a PC and Windows 7 was my idea”. Very Cool indeed.
Technorati Tags:
Windows 7,
I'm a PCJeffa
It’s that time again. Time to patch those systems and get up to date. This month we have 13 security updates. Please make sure you check out the details below and apply them to you environments where appropriate.
| Bulletin ID | Bulletin Title | Maximum Severity | Vulnerability Impact | Restart Requirement | Affected Software |
| MS09-050 | Vulnerabilities in SMBv2 Could Allow Remote Code Execution | Critical | Remote Code Execution | Requires Restart | Microsoft Windows Vista and Windows Server 2008 |
| MS09-051 | Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution | Critical | Remote Code Execution | Requires Restart | Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 |
| MS09-052 | Vulnerability in Windows Media Player Could Allow Remote Code Execution | Critical | Remote Code Execution | May Require Restart | Microsoft Windows 2000, Windows XP, and Windows Server 2003 |
| MS09-053 | Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution | Important | Remote Code Execution | May Require Restart | Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 |
| MS09-054 | Cumulative Security Update for Internet Explorer | Critical | Remote Code Execution | Requires Restart | Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 |
| MS09-055 | Cumulative Security Update of ActiveX Kill Bits | Critical | Remote Code Execution | May Require Restart | Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 |
| MS09-056 | Vulnerabilities in Windows CryptoAPI Could Allow Spoofing | Important | Spoofing | Requires Restart | Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 |
| MS09-057 | Vulnerability in Indexing Service Could Allow Remote Code Execution | Important | Remote Code Execution | Requires Restart | Microsoft Windows 2000, Windows XP, and Windows Server 2003 |
| MS09-058 | Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege | Important | Elevation of Privilege | Requires Restart | Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 |
| MS09-059 | Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service | Important | Denial of Service | Requires Restart | Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 |
| MS09-060 | Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution | Critical | Remote Code Execution | May Require Restart | Microsoft Office Outlook 2002, Outlook 2003, Outlook 2007, Visio Viewer 2002, Visio Viewer 2003, and Visio Viewer 2007 |
| MS09-061 | Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution | Critical | Remote Code Execution | Requires Restart | Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, and Microsoft Silverlight 2 |
| MS09-062 | Vulnerabilities in GDI+ Could Allow Remote Code Execution | Critical | Remote Code Execution | Requires Restart | Microsoft Windows, Microsoft Office, Microsoft SQL Server, Microsoft Developer Tools, and Microsoft Forefront |
If you would like a summary of all these bulletins you can get them at: http://www.microsoft.com/technet/security/bulletin/MS09-oct.mspx
Microsoft Windows Malicious Software Removal Tool
We are also releasing an updated version of the Windows Malicious Software Removal tool on Windows Server Update Services and Windows Update. You can get more information about this tool at: http://support.microsoft.com/?kbid=890830
It’s quite a big update this month so I recommend you look at these updates closely and apply them where needed. And as always make sure you keep up to date with the Microsoft Security Response Center Blog as they have heaps of good information.
Jeffa
Earlier this year we announced that we would be delivering a new Windows Phone based on the Windows Mobile 6.5 platform. Well today is the day we are launching in North America, Europe and Asia. And today we are launching with Telstra and HTC locally in Australia! This means that right away you’ll be able to purchase really cool devices with Windows Mobile 6.5. So what is new with the new Windows Phone?
- First of all we have focused on work and play - We know that people use their phones while at work and during casual and social times. The new Windows Phone keeps you connected to the normal business applications such as email and calendaring; but now it does a great job of keeping you in touch with family and friends through voice, messaging, photo and video sharing.
- The interface has been updated – The new interface is designed for finger touch and allows you to navigate your phone in a far more intuitive way.
- A new Browser – Windows Mobile 6.5 includes an updated browser that makes website look the same on your phone as they do on your PC
- Upgraded Email – Including support for Exchange 2010 and an integrated hotmail client.
- Microsoft My Phone – this new service offers user automatic backup and online access to phone contacts, calendar, texts, photos, browser favourites and more!
- Windows Marketplace for Mobile – This is the big one! Windows Mobile 6.5 now includes a new marketplace with fun and useful high quality mobile applications. You can now download applications directly to the device. You no longer have to be tethered to your PC to install applications. If your a developer then check out the Codemason’s Guild for information on how to get your application on to Windows Marketplace.
So it’s a special day in our 3 screen vision! Check out the PressPass and the video below from Steve Ballmer!
And checkout the Windows Phone Australia Site at: www.windowsphone.com.au for more details of phones available locally in Australia.
Technorati Tags:
Windows PhoneJeffa
At the end of this month we are running our second TechNet Virtual Conference. See below for all the details along 
with registration links.
TechNet Virtual Conference: Friday October 30th 2009
10:00 – 11:00am – IT Manager Session: Office and Exchange Server 2010
Speaker: Alistair Speirs and Johann Kruse
Abstract: Email: The heartbeat of business or a never ending stream of distraction? Love it, or hate it – no IT department can afford to ignore it. Office and Exchange are two key platforms in Microsoft’s business productivity infrastructure and together they enable communications across PC, Phone, browser and email, voicemail and IM. In this session learn about some of the advancements in Office and Exchange that will help your users manage their time more efficiently and communicate more effectively. Also, understand how to reduce costs and improve management capability of your unified communications environment.
10:00 – 11:00am – IT Manager Session: Delivering the Next Generation Desktop – Windows 7 (Citrix guest Speaker)
Abstract: This session will show you how Citrix® can help accelerate the deployment of Windows 7. We will demonstrate how separating the application and desktop, delivers rapid deployment of Windows 7, saving your IT organisation time and money. Citrix will discuss XenDesktop, XenApp, Essentials for Hyper-V and explain how these seamlessly integrate into Microsoft System Centre. Additionally, Citrix will give you a sneak preview into Citrix XenClient™, a client side hypervisor, which will play a revolutionary role in truly changing the way desktops are managed today.
11:30am – 12:30pm – Desktop/End User Specialist Session – Microsoft Windows 7: Improved Network Access
Speaker: Jeff Alexander
Abstract: This session will explore how Windows 7 networking reduce IT costs, improve productivity, and make it easier to manage. We will first discuss the challenges managing the network and then how Windows 7 network solutions address IT Professional needs. Then we will examine each of the new Windows 7 networking features and enhancements and explain why these solutions provide value and reduce IT costs. The feature topics will include Direct Access, VPN reconnect, Mobile Broadband, Branch Cache, and SMB enhancements. In addition, we will discuss File Sharing, transparent caching, and Offline File Enhancements, DNS Security Extensions, multiple active firewalls, and URL-based QoS.
1:00 – 2:00PM – Application/LOB Specialist – Managing you Storage for SQL Server 2008
Speaker: Ron Dunn – Technology Solutions Professional – Microsoft Melbourne
Abstract: SQL Server 2008 delivers on Microsoft’s Data Platform vision by helping your organization manage any data, any place, any time. Store data from structured, semi-structured, and unstructured documents, such as images and rich media, directly within the database. SQL Server 2008 delivers a rich set of integrated services that enable you to do more with your data such as query, search, synchronize, report, and analyse.
Many customers have SANs. Many customers don't use them well. Attend this session to learn the importance of storage systems to SQL Server performance, and gain practical advice on optimising your SAN to get the best from your databases.
2:30 – 3:30PM – Infrastructure Specialist Session: Microsoft System Center Virtual Machine Manager 2008 R2: Technical Overview
Speaker: Amit Pawar
Abstract: Check out this session to learn about System Center Virtual Machine Manager 2008, as well as a preview of what to expect in the upcoming R2 release. Learn about all the features of Virtual Machine Manager 2008, including support for Hyper-V and VMware ESX management, along with VDI management in R2. This is a must-see session for anyone who has or is planning on deploying Hyper-V and ESX infrastructure or wants to see the latest Microsoft System Center virtualization management tool.
So make sure you register at the individual links above and please send us feedback on topics you want to see for future events. We plan on running these monthly so there is a good chance your content will get in.
Jeffa
As you all know this month is launch month for Windows 7 and the folks over at TechNet Magazine are getting in on the action with a bunch of articles to help you get started with all the new features. Check out some of the highlights 
below!
- Windows 7 – The 10 things to do first for Windows 7 – We all know that getting ready for a major release such as Windows 7 can seem like a huge task. In this article Bill Boswell talks about how you can streamline your efforts and smooth the transition to the new OS.
- Windows 7 – Groovy Security in Windows 7 – Security groovy? Well maybe to our good friend Steve Riley but to most of it’s a necessary piece of the IT puzzle. Check this article out as Steve goes through his favourite security features in Windows 7.
- Windows 7 – What’s New in Group Policy for Windows 7 and Windows Server 2008 R2 – One of my favourite topics so check this article out if you want to know about all the GP goodness!
- Windows 7 – 77 Windows 7 Tips – Crikey! That’s a lot of tips! You’ll find a lot of good advice in this article so check it out. A must read..
And Mark’s been at it again and written a File-by-File Defragmentation utility. Check it out in the Utility Spotlight.
Jeffa
| 
Today we are making Microsoft Security Essentials available as a free download! I’ve been  using Security Essentials at home and find it works very well, runs very thin and takes up very little system resources. Consumers have been demanding no-cost easy to get high quality anti-malware protection and today we have made that available to customers. So Security Essentials will provide quality protection from viruses, malware, spyware, rootkits and Trojans. It’s been designed to be hassle free and is focused on three areas. - Quality Protection
- An Easy to use Experience
- Unobtrusive performance
Quality Anti-Malware Protection Let’s face some facts. Malware incidents are increasing in both severity and numbers which means that quality anti-malware protection is a must for PC Users. Microsoft Security Essentials is based on the same core engine technology that is the basis for our other security products such as ForeFront Client Security. However Security Essentials is targeted at the consumer market and provides the following features: - Real-Time Protection – Security Essentials uses real-time protection to help address potential threats before they become a problem
- Dynamic Signature Service – In addition to providing daily signature downloads, Security Essentials is able to validate suspect files against newly identified malware in near-real time by querying the Dynamic Signature Service. Any actions from unknown sources such as downloading known malicious content triggers a request for updates from the Dynamic Signature Service.
- Rootkit Protection – Security Essentials includes a number of new and improved technologies for additional protection against rootkits. These include live kernel behaviour modelling for monitoring the integrity of kernel structures, support for direct file system parsing to help identify and remove any hidden drivers or programs from the file system, and improved live rootkit removal which dynamically loads a new kernel mode driver as part of the cleaning process. This helps to remove some of the more advanced rootkits that are out there right now.
- Reputation Service – The last thing you want is you anti-malware solution targeting a legitimate application as malware. Security Essentials includes a robust reputation service to aid in the identification of legitimate software. For example, if a file is acting suspiciously, Security Essentials checks against the reputation service before any action is taken.
Easy to Get, Easy to Use There are a lot of security solutions on the market today that use the paid subscription model or renewal model. For a lot or people this just doesn’t work for them. PC Users also don’t generally like the “trial” model which means you try a product for 30-60 days then after that you have to reach in your pocket for your credit card. Microsoft Security Essentials is free which makes it easy to obtain. The interface is dead easy to use as you can see by the following screenshot. 
There are just 4 buttons: Home, Update, History and Settings. The interface clearly tells you whether you are up to date and if you have any issues. Otherwise it just quietly runs in the background. Which brings me to the last section. Quiet Protection Security Essentials has been designed from the ground up to be lightweight and runs quietly in the background protecting your PC. without annoying pop-ups! - Lightweight Design – The key thing to note here is Security Essentials is focused on Anti-Malware only. It doesn’t carry the weight of Suite style products and has a much smaller download size. Personally I’ve never understood why people buy suite products that include firewall protection, anti-virus, network monitoring, parental controls and many others. I’ve only used the in-built firewall that’s been rock solid since Windows XP SP2 and has gotten better with Windows Vista and Windows 7. When you combine the in-built firewall in Windows 7, Internet Explorer 8 security technologies and Security Essentials you don’t need anything else. I have 5 machines at home and haven’t had a virus in years! The key is to make sure your systems are patched and up to date. To me that’s why people get viruses in the first place
- CPU Throttling – CPU throttling in Security Essentials helps to ensure that the user’s system remains responsive to the tasks the user is likely to be performing such as opening files or browser windows and loading search results.
- Idle Time Scanning – Scans are scheduled to happen when the PC is idle and uses a low-priority thread.
- Smart Caching and Active Memory Swapping – Signatures that are not in use don’t take up space in available memory. This makes Security Essentials friendlier to older PC and smaller less powerful form factors such as NetBooks.
|
| So what do you need to run it? Security Essentials runs on Windows XP (SP2 or SP3); Windows Vista and Windows 7. So I encourage you to check out Microsoft Security Essentials at the Download Site. It’s available now in 8 languages and 19 markets around the world. I think you’ll find it runs well and provides you the quality ant-malware protection that you need. And did I mention it’s free?  And if you are worried that Security Essentials is a new product don’t; because it’s already received checkmark certification by West Coast Labs which are one of the leading independent certification authorities for security products. | |
Jeffa
I wanted to updated you all on some important information regarding Daylight Savings in Australia; and in particular changes that are occurring in Western Australia. In May of this year Western Australian rejected by referendum a proposal to extend their daylight savings trial. As a result of this change there will be no daylight savings in WA this year and for the foreseeable future. So if your company has offices in Western Australia you could be affected by this change.
The change will affect Microsoft Windows, Microsoft Office Outlook and other Microsoft products. This will also affect any third party or custom applications you may have which are programmed to adjust their clocks on October
25th 2009. We have some important steps available that can help you proactively address the issue. Please see below for some important things you need to know to get ready.
What is the impact of Daylight Savings Changes?
The effects can range from the incorrect time display on the clock, to calendaring problems to changes in business critical services that are time dependent. But the biggest frustration can be with your user population. If their clock is out an hour this can cause havoc to meetings and really frustrate your users.
What is affected?
- All Windows PC, Server and Windows Mobile Devices in the affected time zones must be updated to ensure
ongoing accuracy of the internal time zone tables and correct operation of the system clock. - Microsoft Office Outlook Calendars may need to be adjusted. We have client and server based tools that can help with this process.
- Microsoft, third party and custom applications will have to be reviewed to ensure they will operate correctly after October 25th 2009.
What has Microsoft done to help you prepare?
- A free out of band Microsoft Windows Operating System Update, which will keep systems current until January 7th 2010 is available for download now. Please be aware that this update is only applicable to systems that are in the affected time zones. In this case Western Australia and Cairo, Egypt.
- A second Windows OS update that will resolve the issue permanently will be issued as part of our cumulative automatic Windows Update on December 8th 2009.
So what do you need to do in the meantime?
- Thorough testing and planning is needed to make sure your organisation is ready for this change and that there is minimal impact to the user population.
- Please check out the Australia 2009 Daylight Savings Planning Document to understand if any additional programs in your environment are going to be impacted.
- As always we recommend you keep you systems up to date to ensure consistency of operation, even if none of your systems are affected.
- Some customers may not want or can’t install the temporary update. So what do you do? Well you can switch your computer systems to another GMT+8 time zone that won’t be going on daylight savings such as China (Beijing, Shanghai), Singapore or Taiwan (Taipei)
So make sure you review the documentation and make sure your systems are up to date! And if you don’t already use it make sure you check out Windows Server Update Services. It’s our free tool to help you control the delivery of updates to the Windows Operating System. Service Pack 2 of WSUS is out now and includes a number of new features including support for Windows 7 and Windows Server 2008 R2 as well as support for BranchCache. Check out the details on the site!
Jeffa
The Server Core option in Windows Server has been available since Windows Server 2008 and provides smaller install option with a reduced attack surface. Now with Windows Server 2008 R2 the Server Core option has gotten much better and is a great platform for running a .NET Application host. But before I get into what’s new it’s important to understand which versions of Windows Server supports the Server Core option. So Server Core is in the following Windows Server Editions:
- Windows Server 2008 R2 Web Edition
- Windows Server 2008 R2 Standard Edition
- Windows Server 2008 R2 Enterprise Edition
- Windows Server 2008 R2 Datacenter Edition
The two main things that a Server Core deployment provides is a Reduced Attack Surface and Reduced Management and Patching requirements. This is due to that fact that we simply don’t install as much as the full version and we don’t have a GUI at all.
But with Windows Server 2008 R2 Server Core we’ve added some really cool features. First you can run subsets of the 2.0/3.0/3.5 .NET Framework. This extends the role of Server Core deployments to not only enterprise network service hosting but also to application hosting. By adding support for the .NET Framework it now makes it possible to host the The Web Platform including ASP.NET web applications. Secondly we’ve added support for Windows PowerShell which makes scripting, remote management and automation easier on Server Core deployments.
To find out he latest make sure you check out the Server Core Team Blog and the video tour of Server Core application development on Channel 9 as well as detailed samples on the MSDN Code Gallery.
Jeffa
Windows PowerShell is something I’ve talked about and emphasized in many of my presentations on Windows Server 2008 R2 and Windows 7. Windows PowerShell is a management technology designed for ease of use by both system administrators and developers. It’s often thought of as something only for developers but it’s something all system administrators need to get their head around. Windows PowerShell V2 is available in box in both Windows Server 2008 R2 and Windows 7 and as an optional download for previous Windows releases.
For Developers, Windows PowerShell in combination with Windows Management Infrastructure (WinRM, WS-Management, WMI) provides and awesome way automate server hosted solutions. For example, if you implement all your admin logic via PowerShell, then layer the MMC GUI over the top which means PowerShell does all the work; then you give you customers the best of both worlds including GUI’s, scripting and delegated remote automation.
With PowerShell V2 there are many new features including the ability to remote sessions, debugging tools and an integrated scripting environment. There are many resources available to get you started. Check them out below!
So make sure you check out the resources available to you regarding Windows PowerShell. Personally I believe it’s one of the most important pieces of technology we have released in some time and something System Administrators can use to automate everyday repetitive tasks.
Jeffa
