A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on …
Steve Riley posted an excellent, as usual, read on his blog. The core theme is something I’ve covered a few times before on my blog. What is it that attackers are really after these days? Data. Whether it’s a hacker after credit card details, corporate espionage to steal trade secrets or a salesman stealing customer data.
Give the blog post a read and then check out Windows Rights Management and full disk encryption (BitLocker or Safeboot).
It looks like we just got 6 updates coming up next week. They impact Windows, Office and the .Net framework.
Microsoft has released some documentation on how to design and deploy your BitLocker solution.
BitLocker is the complete disk encryption solution that is in some versions of Windows Vista and Windows Server 2008. I’m not convinced about the manageability of it yet. The fact that MS only included it in Vista Enterprise (Software Assurance only) and the very pricey Vista Ultimate sure doesn’t help to convince me. I’m still firmly on the Safeboot boat.
The Windows BitLocker Design and Deployment guides describe the various aspects of planning for deploying Windows BitLocker Drive Encryption for Windows Vista® Enterprise and Windows Vista® Ultimate computers in an enterprise environment. The document is organized in two guides, and you should carefully consider each guide before you deploy BitLocker Drive Encryption.
Windows BitLocker Drive Encryption Design Guide
This guide provides a systematic approach when planning for BitLocker deployment and highlights the main decision points. This guide is intended for use by an infrastructure specialist or system architect. It assumes that you have a good understanding of how BitLocker and TPM work on a functional level.
Windows BitLocker Drive Encryption Deployment Guide
This guide provides detailed instructions on how to prepare Windows Vista images for BitLocker and how to deploy BitLocker in an enterprise environment. This guide is intended for use by a deployment specialist or deployment team. It assumes that you have a good understanding of how automated Windows deployment, Active Directory Domain Services (AD DS) schema extension, and Group Policy works.
About BitLocker
BitLocker is a data protection feature available in Windows Vista® Enterprise and Windows Vista® Ultimate for client computers, and in Windows Server® 2008. BitLocker addresses the threats of data theft and of exposure from lost, stolen, or inappropriately decommissioned personal computers by providing a closely integrated solution in Windows Vista.
Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software attack tool against it or by transferring the computer’s hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing Windows Vista file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.
Another analyser from Microsoft, this time for SQL 2005.
The SQL Server 2005 Best Practices Analyzer (BPA) gathers data from Microsoft Windows and SQL Server configuration settings. BPA uses a predefined list of SQL Server 2005 recommendations and best practices to determine if there are potential issues in the database environment.
This MS document describes what has changed in Windows 2008 since the release of Windows 2003 SP1.
This tool from MS will analyse an installation of ISA and advise you about the configuration.
The ISA Server Best Practices Analyzer is a diagnostic tool that automatically performs specific tests on configuration data collected on the local ISA Server computer from the ISA Server hierarchy of administration COM objects, Windows Management Instrumentation (WMI) classes, the system registry, files on disk, and the Domain Name System (DNS) settings.
The resulting report details critical configuration issues, potential problems, and information about the local computer. By following the recommendations of the tool, administrators can achieve greater performance, scalability, reliability, and uptime.
The ISA Server Best Practices Analyzer is supplied with two supplemental tools.
MS has released a tool to upgrade evaluation editions of Forefront Client Security to the full retail release.
I previously mentioned that I’d used some free templates from Microsoft to create dedicated application sites in WSS 3.0. They are free to download and not all that hard to install. There’s a long list of applications to install including expenses, contacts management, call centre, etc.
There’s a prerequisite. You must first install the Application Template Core (I’m dealing with a single server installation):
You’re now ready to start loading your site templates from Microsoft. The steps are identical to above:
You can now go into WSS and, with a user that has permission to create sites, you can go ahead and deploy sites that use the templates. I found that I probably would want to use non-inherited permissions on some of the objects within the sites, e.g. open up or further restrict access to lists, etc.
Back in 2004/2005, I started looking at SharePoint Portal Server 2003 to resolve my needs regarding self provisioning and self management of “collaboration spaces”. I was working in the finance industry where the concept of “Chinese Walls” was very important, i.e. project teams popped up all over the place, had different members from various departments (Accounts, Sales, Credit Control, Risk, etc), were geographically dispersed and required total privacy from everyone else. It was a pain to try resolving their needs using file shares:
I envisaged this in advance and had started researching. I had put in a pilot that was working well, until the company reorganised and my job didn’t exist any more J
Anyway, in my current role, I’ve sent the need to have a look at Windows SharePoint Service 3.0, the free component that is the core of Microsoft Office SharePoint Server (MOSS) 2007. Using WSS 3.0, we can set up web based sites and applications, have a single point of communication and collaboration, enable self provisioning and really make working together a lot easier.
I installed WSS 3.0 onto a VMware ESX virtual machine running Windows 2003 with 1GB RAM. I am impressed. It is so much easier to set up and manage than 2003 was. It seemed that 2003 was scattered all over the place with little planning. WSS 3.0 seems to have had much more thought put into it, with a consistent look and feel throughout.
What I really like is the speed to provision. In just a few hours I was able to set up multiple sites with customised permissions and dedicated roles. I have a root site with announcements, calendar and a discussion board. Calendars and shared contacts lists have been set up and can be integrated into a user’s Outlook installation. I have a HR site with an absence request web app. There is a facilities site with a room and resource booking system. There are blogs with RSS feeds. I’ve got a departmental site with team child sites with customised permissions. The department team heads have a recurring meeting arranged with a meeting workspace that has customised contents depending on the date of the meeting. Document libraries have been set up with approval workflows, check-in/out and versioning. I’ve tried out the recycle bin and it works. We don’t have Exchange (yet) so I haven’t been able to try out some of the nice stuff that we could do with that. We also don’t have InfoPath so we can’t do any digital form stuff (I really liked that before!).
All of this is done using components from out of the box or by using free downloads from the Microsoft website. I’m no web slinger, so I also had to do this without using FrontPage or HTML coding. I know that with a web developer on hand, we could customise this like crazy and create our own web applications.
Looking at the WSS server, I reckon I’ve put together a fairly feature complete corporate portal. It only took a few hours. Furthermore, once the owners and contributors have been defined, IT can step back and let the business manage their sites and their content on their own. As far as I’m concerned, that’s a result!