Full of I.T.

Video diary from April 22, 2008. 

"Wow.. that was awhile ago, Kevin!"

I know.. but I finally have been home long enough to edit and render these for Silverlight.  Let me know what you think!

And remember to double-click to get full-screen.. to see the HiDef in all its beauty!

Those of you who have followed my blog for more than 12 months already know what a HUGE FAN I am of the TechEd conference.  Since it began in 1993, I have only missed three TechEds.  And during my 4+ years as a Microsoft employee, it's been a real treat to work at TechEd as well as attend.

"What will you be doing there this year, Kevin?"

This year I'm going on behalf of TechEd Online, during the TechEd IT Pro week (June 9-13, 2008) in Orlando, Florida.  Remember last year's "Virtual TechEd"?  Well.. this year the name has changed.. but the mission is pretty much the same.  We're bringing the TechEd experience to the world through online media - blogging, podcasting, and video interviews.  Again this year I will be one of the folks doing interviews; some audio and some video.

"What else will you be doing?"

As I mentioned yesterday, I hope to take a couple of certification exams while I'm there.  And I also plan on recording and sharing my own video diary creations again this year as well.  (This year in HD!  And using Silverlight streaming!)

So if you see me walking around with a camera or a microphone.. or perhaps a video crew following me around, please come up and say 'hi'.  And if I don't see you there, then I'll see you online!

Will you be there?

(RTW = Released to Web)

Yessir!  VIrtual PC 2007 has an upgrade available.  Service Pack 1 (SP1) for that product was released and made available today.

For more information, see the Release Notes.  And also the Virtual PC Web Site.

In the MCP Flash e-mail I received at 1:39AM this morning, the top item is about three FREE webcasts devoted to helping people get ready for three different certification exams. 

"Which ones?"

Here is the text from the e-mail:

Walk in to your exam with confidence! Your Microsoft Certified Trainer (MCT) coach will provide pointers to study materials; share lessons learned about each particular exam; review the technical content covered in the exam; and give you a test-day checklist and tips all in a free, one-hour Live Meeting session.

Appropriate for first-time or experienced test takers with more than six months' experience on the technology. All sessions are offered at 7:30 A.M. Pacific Time.

• Cram for Exam 70-620: Windows Vista on May 20
• Cram for Exam 70-640: Windows Server 2008 Active Directory on May 21
• Cram for Exam 70-536: .NET Framework, Application Development on June 11

"What about you, Kevin?  Are you going to up your certification someday?"

I really should.  I'm an MCSA and MCSE on Windows Server 2003, and want to choose one or more of the upgrade paths to MCTS or MCITP.  I'll probably take one or two while I'm at TechEd this year.  I am fairly familiar with Active Directory in 2008 now, but I may attend that cram session on the 21st, just to see if there are some areas that I haven't worked with yet.

Also - if you're going to take an exam in the next month, don't forget that you only have until May 31st to get signed up for your Free Second Shot exam.

I'm certifiable.  Are you?

This is so cool.  Microsoft Surface is cool, of course... and even available now for purchase.  (AT&T stores have 'em now.)  But what if I wanted any old surface to be a computing surface?  How about cool multi-touch click/drag/shape?  And pretty simple hardware that costs very little compared to Microsoft Surface?

Check out this thing called TouchWall.  At the Microsoft CEO summit this week, Bill Gates demonstrated this new idea to the attendees. 

Check out the video of Bill doing the demo.

Also - here's a YouTube hosted video (Props to TechCrunch, which is where I saw this first.):

What do you think?  Cool enough for ya?

This was a surprise to me, so I have to imagine that it is new news to a lot of you as well.  With Windows Server 2008 and Windows Vista SP1, you now have the ability to set up a VPN using RRAS (Routing and Remote Access) to use port 443 (HTTPS - or SSL) as the transport.  It's a "firewall friendly" kind of VPN.

I found a good screencast all about how to set it up.  

Here also is the Step-By-Step guide for doing it yourself:

Deploying SSTP Remote Access Step by Step Guide.doc (document download)

Step-by-Step Guide: Deploying SSTP Remote Access (Windows Server Technical Library)

Multiply your power!  Today Microsoft announced newly available Public Previews, plus the pricing details, for Windows Essential Server Solutions.

"What is that?"

For those of you not aware of it - this is what we're calling the options such as Windows Small Business Server 2008 and Windows Essential Business Server 2008.  And today the company made previews available, as well as what the suggested retail pricing will be.

Here is the official announcement / press release.

"Okay.. I know what SBS is.. but what is EBS?"

This relatively new offering (formerly codename: "Centro") is kinda like Small Business Server... but for bigger businesses.  It's a long-neglected segment of the IT and business world.. companies that have more than 75 people... so Windows Small Business Server is not going to work for them.  But they aren't quite large enough to take advantage of some of the great large enterprise-sized offers from Microsoft.  These shops typically don't have a large team of IT folks; there's just one or two people heroically struggling to maintain the IT infrastructure.  These businesses need a good product suite that fits well in their mid-sized organizations.

Click on these links:

• For information on Windows Small Business Server 2008
• For information on Windows Essential Business Server 2008

"I'm not sure which one to choose!"

Here is a great chart to help you decide which solution will meet your needs the best.

Greetings!

Below are the best of the questions and answers that occurred during our TechNet Webcast entitled, "24 Hours of Windows Server 2008 (Part 18 of 24): Network Access Protection"

Thanks for attending!  ...and if you haven't seen the webcast yet, you can click on the link above (or the picture to the left) to get to the registration page.

PS - here are the RESOURCES I pulled together for this webcast

---

Questions and Answers

“I am running XP SP3. how could find NAP client? I did look in the mmc and could not find the NAP Client snap-in.”

First of all – to those of you who heard me say on the webcast that you should be able to find it that way, I apologize. And I was correct in one sense.. that’s where it SHOULD be. But I hadn’t personally worked with XP SP3 yet (probably won’t ever, quite honestly). The reality of it is that you will need to configure the NAP Enforcement Client using NETSH. (Another reason to just go with Vista.)

To enable the NAP Client on XP SP3 you need to do the following three things:

1. Enable the Network Access Protection Agent service to start automatically (same as with Vista – either on the local machine or through Group Policy):
1. Start --> Run --> Services.msc
2. Change the Network Access Protection Agent service to start automatically
3. Start the Network Access Protection Agent service
2. Enable the proper NAP Enforcement Clients (no MMC snap-in option on XP SP3, so it’s different if you want to enable it on the client without using Group Policy):
1. Start --> Run --> CMD.exe
2. Type netsh nap client set enforcement ID = ##### Admin = "Enable"
3. Enable and start the Security Center service:
1. Run --> GPEdit.msc
2. Drill down to Computer Configuration | Administrative Templates | Windows Components | Security Center
3. Enable the Security Center
4. Start --> Run --> Services.msc
5. Start the Security Center service

You will need to replace the ##### with the ID based on whichever enforcement method you are using. You can use the following IDs for the various enforcement methods:

• DHCP = 79617
• RAS = 79618
• IPSec = 79619
• TS Gateway = 79621
• EAP = 79623

Credit where credit is due: BIG thanks to “The Lazy Admin” for the article I “borrowed” this answer from.

“Can NAP be used to prevent people from using computers on our network that are not joined to our domain (without breaking UNIX boxes, printers, etc. that cannot be domain members)?”

Great question!

I believe you would need to define policies to make exceptions to the rules that block other non-domain members on behalf of those machines that you trust. For DHCP-based NAP, it’s easy. Just give ‘em static addresses (which they probably already have). For IPSec, manually configure the cert (provided the devices support it).. though it’s not often that you’ll need to protect a sensitive server from a printer.

“Does the usage of health certificates in ‘IPSec - mode of the NAP’ require an existing PKI structure and auto-enrollment configured?”

Yes, it does. Auto-Enrollment will be how your "NAP Exempt" machines (such as the protected servers and your policy servers) get their health cert.. and you'll also configure the security settings on the Cert Server to allow the machine that is your HRA (Health Registration Authority) to be able to enroll for certificates on behalf of the clients have requested access and were found to be healthy.

“NAP replaces ISA?”

Nope. Two different things. ISA = Internet Security and Acceleration Server, which is a great corporate firewall solution (among other things). When I talk “firewall” in the context of NAP, I’m referring to the “host firewall”; the firewall protecting an individual server or workstation. And don’t be confused when I say “IAS”. That’s the old Internet Acceleration Server that contained RADIUS and RRAS capability.. which has been superseded in Windows Server 2008 by NPS (Network Policy Server), to include those old functionalities, as well as the NAP supporting role services.

Here are some resources relating to webcast I delivered on May 2nd, 2008, entitled "TechNet Webcast: 24 Hours of Windows Server 2008 (Part 18 of 24): Network Access Protection (Level 200)"

I hope you find them useful.

Kevin

—

Network Policy Server (NPS)
http://technet2.microsoft.com/windowsserver2008/en/library/9af0667e-aa7d-4b1f-a054-7102a85eb2bc1033.mspx

Network Policy Server Infrastructure
http://technet2.microsoft.com/windowsserver2008/en/library/b1a177e6-fd36-4396-9fe7-314460d83c3f1033.mspx?mfr=true

First Look: Getting Started With Security and Policy in Windows Server 2008
http://www.microsoft.com/learning/syllabi/en-us/6406afinal.mspx

NPS Network Access Protection
http://technet2.microsoft.com/windowsserver2008/en/library/b1a177e6-fd36-4396-9fe7-314460d83c3f1033.mspx?mfr=true

Introduction to Network Access Protection (document)
http://www.microsoft.com/technet/network/nap/napoverview.mspx

Network Access Protection (NAP) for Windows Server 2008
http://www.microsoft.com/windowsserver2008/network-access-protection.mspx

NAP Server Architecture
http://msdn2.microsoft.com/en-us/library/aa369707.aspx

Network Access Protection Technology Center
http://www.microsoft.com/nap

Network Access Protection (NAP) Frequently Asked Questions (FAQs)
http://www.microsoft.com/technet/network/nap/napfaq.mspx

TechNet Virtual Lab: Network Access Protection with IPSec Enforcement
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032345136&EventCategory=3&culture=en-US&CountryCode=US

Network Access Protection Partners
http://www.microsoft.com/windowsserver2008/nap-partners.mspx

Microsoft Network Monitor 3.1 (download)
http://www.microsoft.com/downloads/details.aspx?FamilyID=18B1D59D-F4D8-4213-8D17-2F6DDE7D7AAC&displaylang=en

Frequently Asked Questions about Network Monitor
http://support.microsoft.com/kb/294818

How to use Network Monitor to capture network traffic
http://support.microsoft.com/kb/812953

HEROS happen {here}
http://www.heroshappenhere.com

Microsoft TechNet
http://www.microsoft.com/technet

Live TechNet Events
http://www.technetevents.com

Microsoft Events page:
http://www.microsoft.com/events

Save $100 on a TechNet Plus Subscription (including non-timeout eval software, 2 support calls, and more!)

A couple of big switches were flipped at Microsoft today.  And the status of two big updates changed as a result:

1. Windows Vista SP1 - Now available via automatic update.
2. Windows XP SP3 - RTM (Released to Manufacturing)

"Hey Kevin.. wasn't SP1 for Vista released awhile ago?"

Yes.  But today is the day that it becomes available to anyone who has automatic updates enabled. 

"Why did it take so long to get it up as an automatic update?"

Because it's a big update.  It really requires that the IT folks supporting it understand the update and get ready for rolling it out - either through their own efforts, or at least to understand how it will affect the desktops they're responsible for when it is made available through automatic updates.

Unfortunately, no matter how much advanced notice and however many resources we make available, there will still be many who are not ready for the update.  We try hard to ease that, but it's just a fact of life as a busy IT Pro... you don't always have time to get as ready for something like this as you'd like to.

"So.. is Windows XP SP3 available via automatic updates as well?"

No.  Today it is RTM.  The word is that you'll see it on Windows Update and the download center on April 29th, 2008. 

Here's the announcement of the availability of SP3 for Windows XP.

"Hmm.. sounds like I should just install SP3 on my XP machines rather than looking at Vista, right?"

Wrong!  If you really investigate it, you'll see that Vista is the RIGHT choice, RIGHT NOW.  Here are some resources that will help you in that investigation:

• Windows Vista TechCenter at http://technet.microsoft.com/en‐us/windowsvista/default.aspx.
• Springboard Series: The On‐Ramp for IT Pros at http://www.microsoft.com/technet/springboard.
• Windows Vista Product Overview for IT Professionals at http://technet.microsoft.com/en‐us/windowsvista/aa906027.aspx.
• Windows Vista: Common Deployment Questions Answered at http://technet2.microsoft.com/WindowsVista/en/library/2d3a9d2b‐a7b8‐4b83‐9fc1‐120dacdc93711033.mspx?mfr=true.
• What's New in Group Policy in Windows Vista at http://technet2.microsoft.com/WindowsVista/en/library/a8366c42‐6373‐48cd‐9d11‐2510580e48171033.mspx?mfr=true.
• TechNet Virtual Labs: Windows Vista at http://technet.microsoft.com/en‐us/bb539979.aspx.
• Microsoft Desktop Optimization Pack at http://www.microsoft.com/windows/products/windowsvista/enterprise/mdop/overview.mspx.

Seriously.. in the areas of Security, Manageability, Performance (yes, I mean it), Deployment, User Productivity, Mobility, Stability... and those are just for starters off-the-top-of-my-head!  You gotta go with Vista. 

What do you think?

This past week I had the pleasure of visiting Madison Wisconsin; not only for our HHH Launch event, but also for a delightful day speaking at the University of Wisconsin - Madison to lead a day of Windows Server 2008 training.

Here is my fifth in my series of video diaries for the launch events I've been attending and presenting at.  Hope you enjoy it!

HINT: Double-click it to see it full-screen.

NOTE: I'm getting better with this SilverLight publishing.. although I'm not too happy with the rendering that my video editing software is doing.  This was supposed to be a non-interlaced file, but the video produced by my video editing software sometimes really makes it look interlaced.  Sorry, Pinnacle.  I'm through fighting with your software.  Time for me to look at a new product.

Best quality video yet.  I figured out that so far the best way to render these is to do it all in Pinnacle Studio, and then just make sure the file is small enough (100mb max) for rendering the application in Expression Encoder, and then publishing the app to my Silverlight hosting through that.

"This one is shorter, too!"

Yeah.  I've learned that if I want 1280x720p at 30fps, I need to keep it under three minutes to stay under the 100mb limit.  And really, that's as long as these little video diary entries need to be anyway.  I'll compress more when I do some video interviews for, say, TechNet Edge.

Also, it's shorter because I didn't have my camera for the morning.  Yung Chou (newest team member) had one with him that I used.  I got my own back later in the day.

Anyway - here's what things looked like in HD in Columbus, Ohio!

(Remember to double-click to go full screen!  It looks better that way!)

At the launch events I've been presenting, one of the most frequently asked questions is, "Can I get these slides?"**

We finally have the decks we've been using for our US Launch events up and available for download.

So.. all you { heroes } - Go get 'em HERE!

** The second most frequently asked question being, "Don't you think you've had ENOUGH coffee today?"

Yes!  On March 18, 2008 we hit Motown hard with Windows Server 2008 goodness.

..and I'm also getting better at streaming Silverlight video; but I'm looking for the perfect combination of clarity and video size.  I'd be able to get full HD (got the camera for it and everything), but the video size gets too unwieldy. 

Double-click to see it full-screen.

Enjoy!

(RTW=Released to Web)

This is huge!  Now finally you can administer your Active Directory.. your DHCP, DNS, NPS... Group Policy (again) .. all from a Windows Vista workstation.

The RSAT (Remote Server Administration Tools) are already a part of Windows Server 2008.  They're the set of administration tools that you can install under "features" in the Server Manager.  So.. if you want to administer Active Directory from a member server, you install the Active Directory Administration feature.  And now, finally, we can install the tools we need to do the very same remote administration from our a workstation.

It works a little differently in Vista.  You install the update, and then the features are available for you to install.  Just running the update won't give you the tools.

From the download page:

"Microsoft Remote Server Administration Tools (RSAT) enables IT administrators to remotely manage roles and features in Windows Server 2008 from a computer running Windows Vista SP1. It includes support for remote management of computers running either a Server Core or full installation option of Windows Server 2008. After you install this item, you may have to restart your computer."

There are two downloads:

Microsoft Remote Server Administration Tools for Windows Vista SP1 for x86-based Systems

http://www.microsoft.com/downloads/details.aspx?FamilyID=9ff6e897-23ce-4a36-b7fc-d52065de9960&DisplayLang=en

Microsoft Remote Server Administration Tools for Windows Vista SP1 for x64-based Systems

http://www.microsoft.com/downloads/details.aspx?FamilyID=d647a60b-63fd-4ac5-9243-bd3c497d2bc5&DisplayLang=en

And here is some more about it.

Check out my screen capture of the Windows Features I can now install on my Vista workstation (Click to see the whole picture)

"Hey Kevin.. I noticed that Hyper-V wasn't listed.  Can't I manage Hyper-V installations using RSAT?"

Well... no.  But.. GOOD NEWS!  We also announced today a downloadable MMC that will do just that!

You can find the Hyper-V Manager MMC here:

Vista x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=450931F5-EBEC-4C0B-95BD-E3BA19D296B1&displaylang=en

Vista x86 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=BC3D09CC-3752-4934-B84C-905E78BE50A1&displaylang=en

Check out the Virtualization Team's blog post about it.