Maybe I’m becoming an old fart but that year just absolutely flew for me. I can’t believe that 12 months has just come and gone. It’s been a hectic year for me. I had a great two weeks on safari in Tanzania … I’ll never forget those sleepless nights, camping out in the Serengeti plains with a pride of Lions roaring all night long about 1 mile away or being woken up by Elephants ripping down the trees right outside our tent. And the Niners improved a bit. I also can’t believe that week 17 is here. Oh well, that means my favourite time of year is upon us … NFL Playoffs!
There was the first Minasi-palooza in Virginia Beach where loads of us from MR&D got to meet for the first time. I got myself truly entrenched into the contracting way of life. I had some interesting work including a 2003/AD/XP/SMS/MOM design & consulting project at a University, winning tenders, giving presentations for the first time in yoinks. There was also the work I’d like to forget such as working with Sinmantec AV and CA Arserve/Brightscare for the first and hopefully last time. I also started blogging for the first time a few months back when I decided to delve back into contracting after a brief return to consulting.
So what’s up for 2007? You may have noticed that MS has and continues to launch a blitzkrieg of releases. I’ve started playing with Vista, mainly on the deployment side because that’s where I’m usually asked to work with desktops. There’s also some releases coming up in March/April that I’m interested in, i.e. SCCM and SCOM 2007. I’m going to spend a lot of time working on SCCM 2007 in the next month or so. Later in the year we’ve got a very important release in Windows "Longhorn" Server. All signs indicate that it’s on course and looking good. The second annual Minasi-Palooza (I wonder if we’ve got an official name for it yet) is taking place in May in Virginia Beach. Loads more are coming this time around. I’m all booked for that and am due to be giving presentations on Windows 2003 R2 Branch Office technology (I might expand this to other technologies given the time slot I have) and SCCM 2007. We’ve got more time and some special guests lined up.
Outside of work I’m really hoping to get on a decent holiday later in 2007. I was hoping to go to Kenya’s Masai Mara on safari at the start of the Autumn dry season but I’m also kinda eager to go to India on a Tiger safari. Who knows? That’ll all depend if I can get some work :-) I’ll also be out and about with my camera gear, often dressed like an army dropout and sitting in some damp ditch. Maybe Santa was late and will still bring me that Canon 1D N mk II with the 600mm F4?
Have a great and safe new year!
Bink just posted a link to a KB article that will get adminpak up and running on Windows Vista. Even when you get it up and running there’s still a bunch of gotcha’s and exceptions. My advice … run a Windows XP VM on your Vista machine and do all of your administration from there. Microsoft Virtual PC 2004 is free and VPC 2007 is available on beta and looks pretty stable.
The first of the 2007 editions of TechNet Magazine is available online for you to read. This month’s emphasis is on Sharepoint 2007. I like the concept of Sharepoint … I really like it. I’ve used Sharepoint Portal 2003 on a limited basis and could really see how it makes life better for administrators and the business.
2007 takes that further. I’m really hoping they’ve sorted out the mess that is Sharepoint backup/recovery. I’ve not had a chance to look at WSS 2007 or Portal 2007 (aka Microsoft Office Sharepoint Server 2007, aka MOSS 2007) … there’s just not enough of me to go around. If your client or business has a need to work in a dynamic and global/national manner then you really need to check out WSS 2007 and Portal 2007. This magazine will give you a taste of what is available.
As part of Microsofts strategy, Exchange 2007 includes extended support for the Powersheel scripting platform. A set of sample scripts has been released by Mihai Jalobeanu and Vivek Sharma.
Powershell is Microsofts new scripting platform. The aim of it is to provide an object oriented and simple scripting language that is function rich and simple to use. For someone like me who was brought up on COBOL, C and C++, it does take a while to get my head around some of it. But … it does appear to offer the ability to do in one sentence what could take a page in VBS.
I did the one day partner training on MS Exchange. The emphasis was definitely on scripting. It even appeared that some functionality was only available in scripts. One cool script, that is in this free script pack, was used in the class to automatically balance the number of mailboxes between 2 mail stores.
Microsoft will be continuing this trend with Powershell. Expect to see extended support for it included in all future major releases. You’ll then have one common scripting platform across all Microsoft products, making life easier for overstressed admins.
Exchange 2007 is now available to MSDN and TechNet subscribers to download. It’s a single download for Standard and Enterprise editions. It’s been available on MSVL for a few weeks now.
I just finished my current contract a couple of hours ago. I will be available for contracting work in the Dublin area from January 8th onwards. So if you need someone to do Windows Server, Windows Vista, Active Directory, MOM 2005, SMS 2003, etc work then please do check out my CV/resume. Please check out some of my documentation on this blog or on my personal website to see what my work is like. You can contact me by mail on website <at> highwaycsl.com. We can then arrange to have a chat and see where things go.
Beta testers and TAP customers have recieved access to a new Customer Technical Preview build of Windows Server "Longhorn". The bad weather in Redmond has led to delays in the upload to MSDN and TechNet. It should be available to those customers in about a week or so. I’m planning to download it then. It’ll be my first hands-on with the product.
I’ve been asked "What is Longhorn?" by a lot of people in recent weeks. "Longhorn" is the codename of the next generation of Microsoft Windows Server. It used to be the project name for the Server and Vista project. It now refers to what will likely be called Windows Server 2007/2008. It’s currently in beta testing.
There’s loads of new features. Microsoft has set up a site
to sportlight some of them. Some highlights are:
- Network Access Protection: NAP is a quarantine service that will query LAN clients to see if they meet configuration requirements before allowing them to talk to servers or other clients on the network. Clients that do not meet requirements will be quarantined, i.e. not recieve a ticket to talk to other domain/forest members. The quarantined machines will have access to talk to Anti Virus, SMS or WSUS servers to resolve outstanding issues automatically or manually. It will also integrate with Configuartion Manager 2007 (SMS v4).
- TCP: This is a rewrite as in Vista. IP6 is integrated into the stack, i.e. a single stack can have both existing IP4 and the new IP6 address. Optimisation has also been introduced to autotune the performance of TCP. TCP Offload Engine is offered on supporting hardware to allow a NIC to process TCP tasks instead of the CPU.
- SMB 2.0 introduces more security via mutual authentication and signing. There are also performance gains for file share browsing over latent links, e.g. WAN or VPN.
- Network Policies: Network polices can be defined for Wired or WiFi network connections via group policy. Windows Firewall policies can be defined for inbound and outbound connections. IPSec has been simplified an introduces new authentication methods.
- Printing: Clients can render a print job locally, thus reducing CPU load on a print server.
- IIS7 will continue the trend of effering new functionality to developers and increased security and stability for administrators.
- Centralised Logging: It’s being claimed that clients will be able to forward specified events to a centralised logging server. This reads like it is not intended to replace MOM 2005/OM 2007 or Audit Collection Services.
- New domain functionality: A read only domain controller can be placed in branch offices where it is too risky to place a full domain controller (i.e. no physical security). There is the ability to build a stripped down DC that only has core server functionality, i.e. the OS can only perform DC tasks and doesn’t even have a GUI! I’ve also heard in seminars that the domain controller role will actually be a service(s) that can be started or stopped without affecting the server. This will also allow delegated administration of the server without giving domain\administrator group membership to branch administrators who manage the local physical machines.
- Terminal Services: Increasing the creep on Citrix-like functionality, "Longhorn" will include an SSL gateway for internet access to Terminal Servers. There will also be seamless application publication allowing TS based applications to appear on a desktop computer side-by-side with desktop based applications.
This is going to be a big and exciting releases by Microsoft. I highly recommend you start doing your research now.
It had to happen at some point. Proof that no operating system is invulnerable to attack (this includes you, Penguin lovers), Microsoft’s security Response team announced a new vulnerability with a proof of concept has been discovered for the Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems. This is the first vulnerability I’ve heard of on Vista. It’s a plain old elevation of privilege attack. It does require authenticated access to the targetted system.
Here’s the great news for Vista people. Vista is by far the most secure OS that Microsoft has released. Even if you are running as administrator and surfing the net, some dodgy code cannot install itself on your PC without your consent as long as you leave UAC running. UAC is worth keeping in this scenario. The logon script problem that I mentioned before would probably convince me to turn off UAC for ordinary user PC’s who run without admin privs – I don’t like the McGuyver fix for the problem all that much.
The Research team noted that this is a busy time of year for them. Lots of people in their Mom’s basements prefer to unleash their attacks at this time of year while IT staffs are winding down or are running on skeleton crews, if they are even it at all. If you do have an automated patching system, it might not be a bad idea to make sure the necessary staff are cross trained to cover for the holidays. They should also subscribe to the security alert emails so that they are alerted to any actions that should be taken.
Microsoft has released the Windows Vista Security Guide which can either be downloaded or viewed online. This set of documentation describes best practices and guides for hardening your Windows Vista deployment. Topics include disk encryption, defending against malware, application via Group Policy, etc.
Things are winding down and I’m soooo looking forward to having some time off. It’ll be my first time off since early May at the inaugural Minasi Conference. My contract will be ending tomorrow and I’m taking a few weeks off in January to catch up on things. I’ll be available for contract work from mid-January onwards.
Happy Christmas, Hanukkah, Winterfest, Festivus, Turkey Day or whatever you’re celebrating this time of year. I hope you have a safe and prosperous new year.
Brian Madden is reporting that Citrix (famed market leader in Server Based Computing) has announced that they are buying a company called Ardence. Who are Ardence and what do they do? Ardence make a product that allows you to stream an operating system onto desktops or servers. Think about this … you can make a single image of your OS with all your standard software and stream it to client PC’s as required. Need to make a change to the build? Simple … update your image and restream it. There’s also some benifits to server computing.
Obviously, what I’ve just said about desktops can apply to Citrix servers. It’s not an uncommon practice for companies to rebuild Citrix farm servers in rotation. Having a streaming process would make this a doddle.
But hold on. There’s more. You can leverage Ardence to consolidate servers. Have a busy web server during the day that does nothing at night? Great … restream it as a backup server or some batch processing server so you don’t need extra hardware. Maybe you have application silos in your Citrix farm and need to move servers quickly between them to match demand. Streaming the OS makes this easy.
Brian Madden has written some documentation on the solution and I recommend you read it. This is one of those solutions that just makes so much sense that I cannot believe I’ve never seen it deployed.
Microsoft has released a new update
for Windows Server 2003 two add two new (separate) functions to clustering.
The first is File Share Wintnessing. This adds another form of "communication" between two nodews of a cluster, thus preventing a split brain scenario or a situation where a fialover nodes uses incorrect cluster state information when it starts up.
The second feature enables configuration cluster heartbeats. One size does not fit all so this functionality allows you to configure heartbeats according to your network or requirements so that unwarranted failovers do not take place.
There’s heaps of documentation on the Microsoft Support page so I’m not going to bother copy/pasting or re-interpreting it. I’ll let you read it for yourself.
It requires Windows 2003 SP1 or Windows 2003 R2. Obviously your OS must support clustering (Enterprise or Datacenter editions only). Be sure to test this update before you deploy on valued systems.
Two new Microsoft betas have kicked off. "Centro"
is a new solution along the same lines as Small Business Server except that it runs on 3 * x64 "Longhorn" servers. It’s aimed at mid sized organisations that need more server capacity than provided in SBS. There was a small flurry of news activity about it around 2 months ago. Included in the package is SQL 2005, System Center Essentials (a small business compilation of features from Excahnge 2007, ISA 2006, Operations Manager 2007, Configuration Manager 2007 and WSUS [3.0?]).
"Cougar" is the next generation of Small Business Server based on the "Longhorn" platform. The latest version of the usual suspects will be included in their customised, wizard driven form.
Colm Torris is keeping busy. He’s just announced an event on Microsoft virtualisation technologies that will be held on January 18th in the Guiness Storehouse. Topics being covered include:
- How Virtualisation will change IT
- Microsoft Virtual Server Technology: capabilities, deployment, challenges
- How Virtualisation (Hypervisor) fits into Windows Server Codename Longhorn
- Managing a mixed/virtual infrastructure: System Centre Virtual Machine Manager (VMM)
- Tools and techniques to deploy, monitor, maintain and back up virtual and physical machines
- IT Lifecycle: Provisioning, Back-up, Migration, Monitoring
- Changes introduced with Windows Virtualisation
- Virtual Server Architecture
- Microsoft SoftGrid – Application virtualisation and streaming.
- High Availability capabilities in Virtual Server
- Benefits of AMD-V and Intel VT hardware virtualisation
- Real life examples on deploying and managing virtual environments
- Licensing implications of adding/removing virtual machines
I’m a huge fan of selectively using virtualisation technology to consolidate hardware, facilitating DR and operational recovery. MS have some good products that have them neck and neck with VMware in the PC and mid-level market. "Longhorn" will definitely put them into direct competition with VMware ESX Server. I highly recommend that you check this free event out.
SDM Software is a start up by famed Goup Policy guru Darren Mar-Elia (MS Press, Windows IT Pro, Conference Speaker, etc). The company has just shipped it’s first product, GPHealth reporter. In Darren’s own words:
I’ve started a software company called SDM Software. Well, I’ve just shipped my first little product! Boy it feels good! The product, called GPHealth Reporter essentially reports on the details related to GP processing on a given local or remote system. You can use it to gather overall health of GP processing, and it can also save that information to a report, PDF or Excel. You can also use the tool to trigger a remote GP refresh against the machine you’re focused on. You can download a free 10-day trial copy of the product and check it out.
Best of luck, Darren!
A while back, I mentioned how you could back up Vista to a VHD file which you could mount using a VM or a tool called VHDMount. VHDmount is a part of Virtual Server 2005 R2 SP1 Beta 2. Dave Northey blogged a way to install this component without installing a full blown Virtual Server:
- Download the installer.
- Extract it’s contents: setup.exe /c /t <drive letter>:\<path to the .msi file>
- Install VHDMount: msiexec /i "Virtual Server 2005 Install.msi" /qn ADDLOCAL=VHDMount
Someone also commented that you shouldn’t try this on a machine with an existing installation of Virtual Server.
Credit: Dave Northey.
You can pre-register for notification of the availability of Windows "Longhorn" Beta 3. MS is claiming this will be a pretty complete build and will be the first "public" build. They’re hoping for lots of feedback.
Microsoft has released
another security update inventory tool for SMS 2003 called the Extended Security Update Inventory Tool. This inventory tool is intended to detect, download and deploy updates that are not detectable by the SMS Security Update Inventory Tool that relies on the Microsoft baseline Security Analyser. The new ESUIT is built on another new release, the Enterprise Scan Tool
It looks like the tool will work on SMS 2.0 SP3 and SMS 2003
This is a busy news day. There’s loads of stuff in my inbox and RSS feeds this morning.
I didn’t see any big announcements but last week, Microsoft released the first two of it’s Forefront
branded products to manufacturing. The Forefront brand will be applied to all of Microsoft’s security products. The first products are Microsoft Forefront Security for Exchange Server
and Microsoft Forefront Security for SharePoint
. These are results of the Sybari acquisition a year or so ago. Microsoft Forefront Security for Exchange Server is the successor to Microsoft Antigen for Exchange which was only released late last Summer. Considering how short the beta program was, I’m doubting that much has changed … we probably just have added support for Exchange 2007. In fact, almost nothing had changed in the Microsoft Antigen release since the last Sybari Antigen release… mainly the Enterprise Console was replaced.