OK, it’s not really much of an infrastructure story, but things have been slow in the MS world over the last few days.  Windows Media Player 11 was released late last night.  There’s a 32 and a 64bit edition.  For someone like me who just listens to the odd MP3, CD or ESPN broadcast, there’s not much of interest other than a nice new slate grey skin.  I’m told that media junkies will appreciate it, especially some new library functions.

I’m preparing to finally sit the 70-296 exam to upgrade my MCSE (about time).  I’ve done my brushing up and all I need now is an opening to actually sit the exam … come on Prometric!  I’m starting to work on Windows 2003 SP2 beta and Windows Deployment Services.  I hope to get a good bit done on that this weekend.  It’s looking much bigger than I originally anticipated.  Some documentation will appear on here when I’m done.  I’ve also started reading Mark Minasi’s (and co) new "Mastering … " book on Windows 2003 SP1 and R2.  It’s excellent.  The list of contributors is a real who’s-who in the Microsoft Windows world.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

Betanews is reporting that starting from today, any downloads for Microsoft Office will require you to go through a validation process, regardless of your licensing.  Today it appears that only downloading templates is affected.  Starting in January, it appears all downloads will be affected.

If your copy is installed with a known stolen license key then you can expect some very bad things to start happening after going through this process.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

I’m doing some stuff on VMware at home that requires a Windows 2003 SP1 RIS installation.  I set up my test domain with a DC and workstations.  I got RIS ready and started up a client in PXE mode only to get thisL

VXE-E53:  No boot filename received

PXE-M0F: Exiting Intel PXE ROM
Operating System not found

I’ve been working with RIS since 2003 and I thought I’d seen everything.  Don’t get me wrong, I think it’s been an excellent but underused part of Windows Server.  I used it for 2 years to build PC’s on the network that I designed and managed.  I googled about for a while and found plenty of people looking for help on this problem without any joy.  And then I found a blog entry by a Mark Michaelis that resolved the problem.

I had to add two scope options onto my DHCP server that I’d not seen before:

• 066 Boot Server Host Name: <RIS Server IP Address>
• 067 Bootfile Name: OSchooser\i386\startrom.com

I fired up the client again and everything worked.  Thanks Mark!

A quick update:

Note that my RIS server was also my DHCP server.  DHCP was previously installed and authorised.  This may have caused the above problem.  I also had another problem once I had succesfully laucnhed the RIS client.  The client failed to read configuration data for the RIS service.  I unauthorised and reauthorised DHCP and this resolved the problem.  RIS worked perfectly after this (and quite quickly too I must add).

Oh, I’ve only had a quick read, but anyone planning on using Windows Deployment Services (the succesor to RIS in Windows 2003 SP2 and Longhorn) will need to be familiar with the above two DHCP scope options.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

My current client is in the process of deploying a new Windows 2003 Active Directory and a Citrix PS4 environment.  Requirements for the Citrix environment are:

• They want to use mandatory profiles (if at all possible).
• They wish to use controlled start menus and desktops.
• They want to install all applications on each server.
• They want to publish the desktop to users via WYSE terminals.
• They want to control access to licensed applications.
• License controls should be done via Domain Global or Domain Local groups.

Hmm. 

A well known Citrix expert consultancy firm recommended that they use scripts to build a users start menu and desktop based on group membership.  Nasty!  I like scripts but this would be a pain to own and maintain over time.  I first became aware of the Citrix requirements at a progress meeting yesterday.  I listened quietly and then I had a what was either a brainwave or a brain fart that evolved a bit.

• A single startmenu and desktop would be hosted on a DFS file share (replicated on the LAN).
• Shortcuts for all applications would be installed in the start menu (and desktop as neccessary).
• Shortcuts for restricted access programs would be permissioned using a suitably named domain group.
• The program folders for the restricted programs would be secured using the same groups.
• Users logging onto the Citrix servers would get the shared start menu and desktop via redirected folders and loopback group policy processing.
• ABE (Access Based Enumeration) would be installed on the hosting machines and configured for the replica shares.

One of the guys gave this a test and it worked.  A user with restricted access only downloaded the shortcuts they should have had access to.  I was expecting to see loads of USERENV errors in the application log on the server but there were none.  It appears to work really nicely.  I’m now wondering if we need ABE in this equation.  We’ll see how it goes in future testing.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

Although it’s a great product, many have justification to be worried about the soon (November 1st) automated deployment of IE7.  IE7 will be made available via Automatic Updates and the Microsoft updates catalogue (SMS and WSUS).  Many are asking how to block this automatic installation.

• If you use automatic updates enabled on your PC then you can block the IE7 installation using a blocker toolkit.  Unlike the XP SP2 blocker, there is no timeout or timebomb.  You will still be able to manually install IE7 if you wish.  There is an ADM file so you can use group policy to control the blocker (reinforce the block setting) and also to remove the block setting if you want.
• Anyone with automatic updatews enabled and who does not have local administrative rights will not download nor install the product, regardless of whether the blocker toolkit is installed or not.
• If you maintain control over automatic update approval then you can prevent the installation by choosing to deselect it.
• Anyone using SMS has complete granualr control should IE7 appear in the catalogue for the Inventory Tool for Microsoft Updates.
• The WSUS team have revealed that IE7 will download as an Update Rollup.  You should choose to maintain manual control over update rollup authorisation (Options – Automatic Approval Options) if you are using WSUS (the current version being V2.0) and do not want to automatically deploy IE7.  You can choose to decline the update when it appears.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

Microsoft released a security patch or "security upgrade" for Windows XP SP2 machines with wireless NIC’s:

• WPA2 can be configured using group policy.
• A wireless computer can be configured not to broadcast the networks it wishes to connect to.
• A vulnerability for "parked" or disconnected wireless clients has been resolved.
• You must now manually choose to join an ad-hoc network instead of being automatically joined.

Make sure you test the update before deploying.

Credit goes to Michael Kassner for the alert.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

• Enhanced performance through a new scanning engine.
• Streamlined, simplified user interface and alerts.
• Improved control over programs on your computer using enhanced Software Explorer.
• Multiple language support with globalization and localization features.
• Protection technologies for all users, whether or not they have administrator rights on the computer.
• Support for assistive technology for individuals who have physical or cognitive difficulties, impairments, and disabilities.
• Support for Microsoft Windows XP Professional x64 Edition.
• Automatic cleaning according to your settings during regularly scheduled scans.

You’ll see that the MS burb says it supports x64.  Well, I ran it in beta on x64 and it brought my machine to it’s knees.  Mark Russinovich reported a similar experience soon after his laptop joined the Microsoft network.  Maybe this has been fixed. *fingers crossed*

I was very impressed with it on x64, especially the Internet Explorer fixing function.  It compared well with other products, sometimes it caught things they didn’t and vice versa.

If you don’t have an anti spyware solution now then this free option might be for you.  Forefront Client Security will include this engine when it goes live (around April next year).  This corporate solution will likely include mangement from a central console and possibly via Group Policy.  I hoping to get on the beta program which has started on a limited basis.

You can see a comparison of the various anti-malware solutions from Microsoft on their website.

One thing I do like about Defender … it uses Automatic Updates to its definitions.  This will be a bandwidth saver for those who install it on company networks.  It also simplifies your distribution mechanism.  This will make it a viable solution for those who want to run it along side a cheap or free AV product.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

A new version (2.0) of the SMS 2003 Desired Configuration Monitoring feature pack has been released.  DCM 2.0 allows administrators to audit servers and desktops to ensure that they comply with approved configurations.  Reports can be generated to idenity non compliant machines.  This new version sports a new user interface for defining models.

Modelling is a key component of Microsoft’s Dynamic Systems Initiative for design, monitoring and control and we will to see more and more of this concept, e.g. Capacity Planner, Operations Manager 2007, etc.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

I’ve just finished a white paper on the Inventory Tool for Custom Updates feature pack that is included with SMS 2003 R2.  I also describe how to use the Custom Updates Publishing Tool.

Although many organisations may not be aware or choose not to utilise them, we have many
solutions available for updating Microsoft operating systems and products. Solutions include the
free WSUS 2.0 or 3.0 (currently in beta) or the Inventory Tool for Microsoft Updates feature pack
for SMS 2003.

However, what do you use to maintain the same level of updates for 3rd party products or even
your own in-house implementations? Microsoft sees SMS as a solution for medium to large
organisations. These organisations often have large implementations of 3rd party products and in
house applications. 3rd party products sometimes have their own deployment mechanisms and
sometimes have no mechanism at all. But medium to large organisations usually have at least
one home bread application. These are the most difficult to manage because they are often
tweaked on a frequent basis by developers who have little understanding (or care) for how the
updates should be deployed and managed. They just build them and expect them to magically
appear on PC’s, usually at short notice.

This gap between the developer and the system administrator is something Microsoft has started
to recognise. In fact, it was the subject of their keynote speech at TechEd Europe 2005.
Microsoft has responded by developing the Dynamic Systems Initiative. The aim to resolve these
problems by changing the way we build, deploy and manage applications starting with design in
Visual Studio to management with Microsoft Operations Manager and SMS.

One of the solutions is the Inventory Tool for Custom Updates (ITCU) feature pack that is
included with SMS 2003. By using ITCU you can deploy non-Microsoft updates to applications
on your SMS clients using the software updates functionality of SMS 2003. Microsoft’s aim with
ITCU is to open up their own catalogue solution that third parties can use with the Inventory Tool
for Microsoft Updates in SMS 2003. By itself, the ITCU is supported by Adobe and by Citrix.
There are also some rumblings that 1E will also adopt the usage of ITCU. But, you can use
another tool that is included with SMS 2003 R2 (and via MSDN) called the Custom Updates
Publishing Tool (CUPT) to create your own updates catalogue and import them into SMS 2003.

The document continues …

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

I am now officially registered as a Microsoft Partner and have access to all the perks that come with that status including partner training, education resources and support from Microsoft on cirtical issues.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

• Windows XP with Service Pack 2 (x86)
• Windows 2003 Server (x86)
• Windows 2003 Server and Windows XP (x64)

You can find out about the features and the system requirements on the Microsoft IE web site.

Personally, I find the phishing filter slows down my browsing experience so I disable it (not just turn it off).  I know when someone is trying to get me to divulge my credit card or banking details.  I really like the addition of tabbed browsing (about time) and RSS (which I use a lot).  You’ll find when you start it up that a number of companies (not just the usual search engines) have produced extension to make their site the default search engine for your browser and that IE7 presents you with this choice.

I’ve been using IE7 during it’s beta process and I can recommend it.  Do make sure you test against your applications before widespread deployment.  There’s bound to be junkware out there that doesn’t like it.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

• Microsoft Softgrid: Softrird (from the Softricity acquisition) is a super new way of deploying complex application catologs to the desktop environment.  Using application virtualisation you can seperate the application from ther desktop’s OS installation and from other applications.  This reduces complexity, eliminates regression testing, resolves compatibility problems and increases security.  Self service user deployment (with workflow/approval)is possible via a web portal which minimises IT involvment in application deployment.  Also, by using streaming, wasted disk space is eliminated.
• Microsoft Asset Inventory Services: Every application installed on your desktop network can be identified for auditing purposes.  This goes much fiurther than SMS 2003 on SP2 si going because it can identify application from a database of 430,000 known applications.  It does not just rely on the contents of add/remove programs because as we know, many vendors do not adhere to well accepted standards.
• Microsoft Advanced Group Policy Management: To quote Microsoft, it "increases control over Group Policy Objects (GPOs) – the component rules within Windows’ administrative management system – and is intended to allow IT administrators to delegate or assign administrative control of specific tasks based on employees’ titles or roles … provides administrators additional safeguards for GPOs, including detailed logs to track all changes and the ability to quickly undo inappropriate changes. These new tools function as a native extension to Microsoft’s Group Policy Management Console, providing a central management interface for all Group Policy administration".
• Microsoft Diagnostic and Recovery Toolset: This offers diagnostic tools, the ability to recover data that has been lost and a post crash analysis toolkit.

There is a feature chart available.

Anyone tracking what Microsoft has been doing will have noticed a number of acquisitions of interesting players in this market.  I can see that Softrgrid was purcahsed from Softricity.  I am wondering if Advanced Group Policy Management is a result of the Desktop Authority acquisition.  The tools in the Diagnostic and Recovery Toolset are a result of the recent Winternals acquisition.

This tool kit will be of great benifit to desktop/laptop administrators.  It will reduce complexity, offer new deployment mechanisms, reduce project times and costs, enahnce automation and enable them to spend more time on engineering rather than firefighting or repetitive tasks.  And if things do go wrong, there will be tools to help diagnose those problems.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

Microsoft has belatedly released a MOM 2005 management pack for the version 9.0 Antigen products (the next version being Forefront Security for Exchange 2007 and is currently in Beta).  Microsoft says:

The new Microsoft Antigen Management Pack for MOM supports the 9.0 versions of Microsoft Antigen for Exchange, Microsoft Antigen for SMTP Gateways, and Microsoft Antigen Spam Manager. The MOM pack supplies critical events and alerts on virus, worm, and spam activity to MOM 2005, and also monitors the health and availability of these products.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

You can now deploy Windows Vista using SMS 2003 thanks to an updated release of the OS deployment feature pack.  This image based solution is ideal for replacing solution such as Ghost.  It is superb for client OS upgrades and clean domain migrations.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

The following updates will be available from Microsoft Update in the following few hours.  As usual, you should test them before deploying onto a production environment.

Critical

• MS06-057: Vulnerability in Windows Shell Could Allow Remote Code Execution – Windows
• MS06-058: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution - Powerpoint
• MS06-059: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution – Excel
• MS06-060: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution – Word
• MS06-061: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution – Windows
• MS06-062: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution – Office

Important

• MS06-063: Vulnerability in Server Service Could Allow Denial of Service – Windows

Moderate

• MS06-056: Vulnerability in ASP.NET Could Allow Information Disclosure – .Net Framework
• MS06-065: Vulnerability In Windows Object Packager Could Allow Remote Code Execution – Windows

Low

• MS06-064: Vulnerabilities in TCP/IP Could Allow Denial of Service – Windows

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

I’ve just completed a whitepaper on this feature pack that is included in SMS 2003 R2.  It is a pretty simple feature pack and I like the power it adds to an SMS network to do an otherwise nasty task, i.e. scanning the network for insecure configurations.

In the late summer of 2006, Microsoft released Systems Management Server 2003 R2 (Release 2). SMS 2003 R2 consists of 2 CD’s: CD 1 is SMS 2003 with Service Pack 2 integrated and CD2 contains:

• The Device Management Feature Pack: A previous free release that adds functionality to manage Windows Mobile and Windows CE devices using SMS 2003.
• The Inventory Too l for Custom Updates Feature Pack: A new feature pack that is available to those who are entitled to install SMS 2003 R2. This feature pack adds functionality to SMS 2003 so that you can deploy updates for third party products (e.g. Citrix and Adobe) and so that you can also deploy your own catalogues of updates for in-house or 3^rd party products.
• Custom Updates Publishing Tool: This administration tool enables you to build catalogues from EXE or MSI installers for use with the Inventory Tool for Custom Updates. This is licensed for SMS 2003 R2 customers and MSDN subscribers.
• The Scan Tool for Vulnerability Assessment: A new feature pack that adds security auditing and reporting functionality to SMS 2003.

SMS 2003 R2 is a simple release. If you need the functionality described above then upgrading to SMS 2003 R2 is simple. You insert the second CD and install the feature packs as described in the help file on the root of the CD. There is no SMS migration, no SMS upgrade or no server migration. The R2 release is nothing more than 2 new feature packs and a tool that is available to MSDN subscribers. If you do not need the above functionality then I would recommend that you do not bother to upgrade, even if you do have the right to under software insurance. I would wait until the much anticipated release of System Centre Configuration Manager 2007, aka SMS V4.

I do not want to belittle SMS 2003 R2. The added features will be of great benefit to many SMS 2003 customers. This document will describe one of the new feature packs added by SMS 2030 R2, the Scan Tool for Vulnerability Assessment (STVA).

The SVTA will be of great benefit to security officers, IT auditors and security conscious administrators. It will automatically scan targeted computers and centrally store compliance information. This can easily be reported on using SMS reports (SMS console or web based). This means that vulnerability information can be made available to non technical people via delegated reports.

The document continues …

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

The final "release" version of Internet Explorer is going to be avale for download this month.  It will initially be available for downloads and will then be available via Automatic Updates.

I really like IE7.  I’ve been using beta releases of it for several months.  There are some nigglies (like not be able to permanently approve actions for specified sites) but on the whole, it’s a major upgrade from IE6.  I make great use of the RSS reader and tabbed browsing is a plus.  The latter was long overdue from the IE team.

IE7 will be made available via automatic updates and via WSUS.  WSUS administrators can choose to not approve the download thus preventing automated deployment of IE7 on their networks.  There is a tool to prevent automated download via Automatic Updates for standalone computers. 

The IE team has posted an entry on their blog about how to prepare for the deployment of IE7.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

The Beta for Office 2007 is now over.  It is expected to RTM very soon with it probably hitting the shelves around the same time as Windows Vista.  What can you expect?

The user interface is much different.  Menus are a thing of the past.  Instead you have a series of … panels?  Each panel (?) has a display of icons for doing various functions.  Anyone who is really familiar with MS Word right now will hate the the new version.  Every thing is different.  For example, the styles selection menu is horrible to use.  But, I felt the exact same way with Windows XP when it came along.  Most people who knew their way around Windows hate the new style interface.  Everythign was moved to make it easier for users to navigate.  And it worked.  My eperience was that users loved Windows Fisher Price while administrators all swtiched to the classic theme and classic control panel.  I do think the new interface in Office 2007 works really well in Exchange 2007.  I’m not sold either way on Outlook 2007 yet.  I know the beta prompted you to download a desktop search engine that would cripple any computer not worthy of launching rockets into space.

What else to look out for?  The mass deployment method is changed slightly.  I’ve documented how to do it while at my last job.  The document discusses how to deploy it with SCCM 2007 but the same method applies for Group Policy or SMS 2003 deployments. 

The default is that Office 2007 will save using the new XML based formats.  Just when you thought that version incompatibilities, e.g. Office 95 vs Office 97 were over.  Now, Word will try to save a document as a .DOCX file.  You can change this to use Office 2003 formatting, i.e. .DOC but you do lose some of the new fancy formatting.  I recommend you do this until Office 2007 becomes the norm with your business partners or clients.  It’s possible to do it in each product but I expect an ADM template will offer you the ability to do it centrally from a GPO.

The ability to save a document as a PDF right out of the box has been removed.  Adobe had some concerns about this functionality which is understandable.  MS didn’t fight it much.  However, MS have made a free add-on available to allow you to save as PDF or XPS from Office 2007.

Office 2007 is Microsoft’s cash cow.  But you know, it’s not really that exciting for most people.  Companies are generally slow to go to a newer version out of compatibility concerns.  Lots of organisations are slow to move from Office 97.  Lots are still on Office 2000.  They really don’t see the need to change.  Microsoft has radically redesigned Office with this release.  Part of their effort was to introduce Office as a brand that includes a range of server products including the anticipated Sharepoint Portal 2007, Lice Communications, Project Server and of course, Exchange 2007 which will be a major upgrade on functionality and design.  With this entire brand, MS aims to get corporates to buy into this new Office release like they have never done before.

I can understand the advantages and the pitch, but I don’t see it working.  The message is not getting across clearly enough or at all.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

The final public test version of Windows Vista has been released.  Release Candidate 2 is available for X86 and X64 clients on the Microsoft Connect site.  Vista is expected to RTM on schedule next month.  It will be available for general consumption in January.

From talking to clients, reading the press and reading chat forums, my gut is telling me this release could be a bit of a damp squib.  I wouldn’t rush out and buy any MS stocks right now.  In fact, I expect the reception to be quite negative in the technical community once the marketing types have moved onto other shiny new things.

RC1 should have been pretty close to what the curstomer can expect once it hits the shelves.  If so, things could be bad:

• There are many problems not only with 3rd party applications, but I’m hearing there’s problems with MS applications too.
• I’m reading that there has not been consistant improvements in performance.  Early betas sucked the life from any PC they were installed on.  Things got better, then worse, then better, then worse.  Who knows what to expect now.
• UAC is proving to be quite controversial.  Many are turning it off straight away.
• The activation process for Volume License editions is not popular at all.  In fact, it’ll probably hurt if not almost kill VLK sales of the OS.  There will be no advantage to buying VLK editions any more.
• Windows Vista Enterprise is only available to those who buy a VLK edition with software assurance.  SA will only be bought by those who are deploying a new OS withing 3 years of a major release and who plan to upgrade again then.  I’m sorry MS, R2 releases are not a justification for SA.
• I was keen to see BitLocker.  But now I’m hearing you need to prepaare a custom build for machines that will be encrypted with BitLocker including a special 1.5 GB partition for BitLocker itself.

I don’t have any problem with the stuff MS is doing with the Kernal that Symantec and McAfee and whinging about.  I also must temper the above points by saying I was skeptical of Windows 2000 and many on the net thought it would bring about the end of the world.

I guess we’ll have to wait and see.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

I’ve just completed the backup setup for my lab network.  My lab network used to consist of a bunch of PC’s of various ages and processors.  I’d gone the traditional route of one physical machine per role.  So I had a domain controller, mail server, web server and a PC, 3 of which were running all of the time for internet services.

I decided to do my bit for the environment.  I also wanted to reduce my electricity bills and stop my lab room from being the warmest place in the county.  So I decided to eat some of my own medicine and consolidate my network via virtualistion.  I had a choice of which platform to take but I settled on VMware’s free VMware Server product.  I really like the snapshot feature of the VMware products for lab work and the machines are pretty portable, e.g  they are portable between Server, Workstation and Player.

I built an AMD 2800 with 2GB of RAM.  It would be a domain controller (with all FSMO’s) and my file server.  I installed VMware Server onto it.  The disk was getting pretty full so I installed a 180GB USB 2.0 external hard drive which physically hosts my 3 VM’s:

• Another DC: it will give my virtual network the ability to be mobile.  If I lose the physical host, I can recover the VM’s elsewhere and sieze the FSMO roles.  Instant DR site on a shoestring :-)
• EMail
• Web (doubles as WSUS)

I wanted to backup these machines.  I am using the Windows Server NTBACKUP on the host machine so I’ve got no fancy VMware agents.  My solution was to script a way of backing up my machines with minimal downtime.  The script pauses/suspends my VM’s, backs them up, and then restarts them.  The backups are to a file on a USB 2.0 300GB external disk.  I also backup the shares on teh host server.  Here is what the VM backup script looks like:

REM SUSPEND ———————

REM WEB
call "C:\Program Files\VMware\VMware Server\vmware-cmd.bat" "<path to VM VMX file>" suspend

REM DC
call "C:\Program Files\VMware\VMware Server\vmware-cmd.bat" "<path to VM VMX file>" suspend

REM MAIL
call "C:\Program Files\VMware\VMware Server\vmware-cmd.bat" "<path to VM VMX file>" suspend

REM BACKUP ———————

<BACKUP COMMAND>

REM START ———————

REM WEB
call "C:\Program Files\VMware\VMware Server\vmware-cmd.bat" "<path to VM VMX file>" start

REM DC
call "C:\Program Files\VMware\VMware Server\vmware-cmd.bat" "<path to VM VMX file>" start

REM MAIL
call "C:\Program Files\VMware\VMware Server\vmware-cmd.bat" "<path to VM VMX file>" start

REM EXIT ———————

:EXIT

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

• Window Vista WIC (Windows Integrity Controls).
• Kerberos Token Bloat: how your Token can fill up with SIDs and break Kerberos authentication.
• DNS testing with DCDIAG.

This consise and easy to understand newletter is well worth subscribing to.  And you don’t have to worry about appearing on a spam list either.  You can subscribe for here: http://www.minasi.com/nwsreg.htm.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

VMware announced on their 64bit blog that VMware ESX 3.0.1 will offer full support for a range of 64 bit gues operating systems.  64 bit computing is set to gain wider acceptance and in some cases become a requirement.  The following operating systems will have 64 bit support:

• Microsoft Windows Server 2003 (Standard and Enterprise Server R2)
• Red Hat Enterprise Linux 3 64-bit (UP7, UP8)
• Red Hat Enterprise Linux 4 64-bit (UP2, UP3)
• SuSE Linux Server (SLES) 10 64-bit
• Sun Solaris 10 (U2)

Hardware requirements will be as follows:

• AMD: Athlon64 or Opteron Rev E or later
• Intel: must include support for Intel’s Virtualization Technology (needs to be enabled in the BIOS)

64 bit computing will be especially important in the Microsoft world.  Microsoft has decided to only release a 64bit edition of Exchange 2007.

WMware ESX is the market leader in enterprise level virtualisation.  ESX offers the ability to deploy many virtual machines across a farm of servers with load balancing and disaster recovery while providing a near physical machine level of performance.  ESX is a key technology for consolidating servers and making full use of the processing power that otherwise would be underutilised by many of the business applications that are typically deployed.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.

Microsoft has recently claimed that businesses will adopt Windows Vista like nothing else before it.  Well, Houston, there may be a problem.

Anyone who sets out a clear mass deployment plan for XP desktops will be familiar with the difficulties of deploying and troubleshooting PC’s.  The growing trend in the market is to treat the PC as a dumb appliance that you rebuild when it breaks with a major problem that you can’t fix in a few minutes.  Applications are psuhed to the PC as required by Group Policy, Terminal Services, SMS or even Softgrid for Desktops.  This rebuilding process can’t be easily done with OEM licensing because you only get 2 builds activations for an OEM key without having to speak to someone in Lord knows what country to clear your license key.  Because of this, large business who want to save administration costs have ponied up for Volume Licenses, often in the form of a desktop core CAL.  This OEM upgrade provides a Volume License Key that does not require activation.  Microsoft had to resort to using the honour code with their VLK customers.

But change is on the way.  Microsoft is planning to change the way VLK customers have been able to deploy and rebuild without having to bother with activations.  The process of just rebuilding as required will be taking a serious administrative effort hit.

Microsoft plans to include Volume Activation in WIndows Vista volume license editions (Windows Vista Enteprise, Windows Vista Business and Longhorn Server).  The short story is that you will have to activate your installation within 30 days or it shuts down like an OEM installation of XP.

ZDNet has some more details.

Some detailed information is here.

If you don’t like this then I would suggest you pass your feedback to your Microsoft partner solution providers and presales representatives.

Copyright Warning

This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.