When a domain account is configured for a server in a domain, the client computer can authenticate and connect to that service. Previously, only two account types have provided identity without requiring password management. But these account types have limitations:

• Computer account is limited to one domain server and the passwords are managed by the computer
• Managed Service Account is limited to one domain server and the passwords are managed by the computer.

These accounts cannot be shared across multiple systems. Therefore, you must regularly maintain the account for each service on each system to prevent unwanted password expiration.

What value does this change add?

The group Managed Service Account solves this problem because the account password is managed by Windows Server 2012 domain controllers and can be retrieved by multiple Windows Server 2012 systems. This minimizes the administrative overhead of a service account by allowing Windows to handle password management for these accounts.

What works differently?

On computers running Windows Server 2012 or Windows 8, a group MSA can be created and managed through the Service Control Manager so that numerous instances of the service, such as deployed over a server farm, can be managed from one server. Tools and utilities that you used to administer Managed Service Accounts, such as IIS Application Pool Manager, can be used with group Managed Service Accounts. Domain administrators can delegate service management to service administrators, who can manage the entire lifecycle of a Managed Service Account or the group Managed Service Account. Existing client computers will be able to authenticate to any such service without knowing which service instance they are authenticating to.

Source: http://technet.microsoft.com/en-us/library/hh831451.aspx

Today’s tip…

With all the command line tools that I have, I’m always needing to spawn a CMD prompt to do this or that, and it always seems that I’m in Windows Explorer at the time. So in Windows 8, my new favorite way to open a CMD prompt is built into Explorer.

1. Click on File
2. Highlight Open command prompt
3. Select the option you want (I do everything in an administrator prompt)



It opens up a CMD prompt at the location where Explorer had open. You can also use this method to open up Windows PowerShell.

Today’s tip…

Backing up files on a volume that utilizes the new NTFS deduplication functionality will fall into one of two categories, optimized and non-optimized. Deduplication aware applications, such as Windows Sever Backup, will backup files in their deduped (aka optimized) state. While older backup programs will not understand the layout and backup the files in a non-optimized state.

From TechNet…

http://technet.microsoft.com/en-us/library/hh831600

Optimized backups

Performing an optimized backup results in a smaller, faster backup. The backup is smaller because the total size of the optimized files, non-optimized files (files that are not included in policies), and data deduplication chunk store files are significantly smaller than the full logical size of the volume (that is, the size of all the files before deduplication). Optimized backups are faster because there is less I/O and because the optimized files are not restored/rehydrated during the file copy operations. Selective backup (in which most of the volume is being backed up) may also benefit from using the optimized backup approach if the logical size of the selected files is significantly greater than the physical size of the optimized files plus the chunk store container files.

Non-optimized backups

In non-optimized backup and restore, the backup application does not use the Data Deduplication backup and restore API. Instead, the backup application opens the files and copies them without specifying the reparse point flag.

The optimized files are coped to the backup volume as normal files, not as optimized files. The conversion from optimized files to normal files is performed transparently in memory by Data Deduplication when the backup application copies the files. Restoring from such a backup store is a normal file-copy operation.

The size of the data in a non-optimized backup is normally much larger than the original optimized volume because of the space savings that is provided by deduplication. A full volume restore from a non-optimized backup will usually not fit on the original or an equivalently sized volume.

Non-optimized backup is normally used only for the following situations:

• To selectively back up a small percentage of the files on the volume, where the logical size of the selected files is significantly smaller than the physical size of the optimized files plus the chunk store container files.
• To support restoring a Windows Server 2012 backup to an earlier version of the Windows Server operating system.
• To support restoring a Windows Server 2012 backup to a computer that is not running Windows Server.

Today’s tip…

Windows 8 and Windows Server 2012 does not include .NET Framework 3.5 by default.  When you run an application that requires .NET Framework 3.5(for example MSSolve) Windows will automatically trigger to install the feature from Windows Update. 

The application must do one of the following for the trigger to occur:

• Attempting to install .NET 3.5 by running the released redistributables (including the web bootstrapper)
• Invoking the .NET 3.5 runtime

If the computer does not have access to the internet or is using WSUS you can point to a DVD or network location (Enterprises could have the files on a network share and use group policy/registry key to direct clients to it).  For additional information see the following:

• Installing the .NET Framework 3.5 on Windows 8 or 8.1
• Error codes when you try to install the .NET Framework 3.5 in Windows 8 or in Windows Server 2012

Note:  There is no .NET 3.5 redistributable download available for vendors to include in their applications.  Changes in architecture require the installation using one of the methods above

Today’s Tip…

Windows Deduplication is a great way to consolidate your data in Windows Server 2012. However, the changes it makes to the file system makes any file that has been ‘deduped’ unavailable if the disk is mounted by a down level version of Windows.

Files that were not optimized yet, will still be available normally.  And all files will one again be available when you move the volume back to Windows Server 2012.