Windows Vista RC2

The final public test version of Windows Vista has been released.  Release Candidate 2 is available for X86 and X64 clients on the Microsoft Connect site.  Vista is expected to RTM on schedule next month.  It will be available for general consumption in January.

From talking to clients, reading the press and reading chat forums, my gut is telling me this release could be a bit of a damp squib.  I wouldn’t rush out and buy any MS stocks right now.  In fact, I expect the reception to be quite negative in the technical community once the marketing types have moved onto other shiny new things.

RC1 should have been pretty close to what the curstomer can expect once it hits the shelves.  If so, things could be bad:

  • There are many problems not only with 3rd party applications, but I’m hearing there’s problems with MS applications too.
  • I’m reading that there has not been consistant improvements in performance.  Early betas sucked the life from any PC they were installed on.  Things got better, then worse, then better, then worse.  Who knows what to expect now.
  • UAC is proving to be quite controversial.  Many are turning it off straight away.
  • The activation process for Volume License editions is not popular at all.  In fact, it’ll probably hurt if not almost kill VLK sales of the OS.  There will be no advantage to buying VLK editions any more.
  • Windows Vista Enterprise is only available to those who buy a VLK edition with software assurance.  SA will only be bought by those who are deploying a new OS withing 3 years of a major release and who plan to upgrade again then.  I’m sorry MS, R2 releases are not a justification for SA.
  • I was keen to see BitLocker.  But now I’m hearing you need to prepaare a custom build for machines that will be encrypted with BitLocker including a special 1.5 GB partition for BitLocker itself.

I don’t have any problem with the stuff MS is doing with the Kernal that Symantec and McAfee and whinging about.  I also must temper the above points by saying I was skeptical of Windows 2000 and many on the net thought it would bring about the end of the world.

I guess we’ll have to wait and see.

Backing Up My Lab Network

I’ve just completed the backup setup for my lab network.  My lab network used to consist of a bunch of PC’s of various ages and processors.  I’d gone the traditional route of one physical machine per role.  So I had a domain controller, mail server, web server and a PC, 3 of which were running all of the time for internet services.

I decided to do my bit for the environment.  I also wanted to reduce my electricity bills and stop my lab room from being the warmest place in the county.  So I decided to eat some of my own medicine and consolidate my network via virtualistion.  I had a choice of which platform to take but I settled on VMware’s free VMware Server product.  I really like the snapshot feature of the VMware products for lab work and the machines are pretty portable, e.g  they are portable between Server, Workstation and Player.

I built an AMD 2800 with 2GB of RAM.  It would be a domain controller (with all FSMO’s) and my file server.  I installed VMware Server onto it.  The disk was getting pretty full so I installed a 180GB USB 2.0 external hard drive which physically hosts my 3 VM’s:

  • Another DC: it will give my virtual network the ability to be mobile.  If I lose the physical host, I can recover the VM’s elsewhere and sieze the FSMO roles.  Instant DR site on a shoestring 🙂
  • EMail
  • Web (doubles as WSUS)

I wanted to backup these machines.  I am using the Windows Server NTBACKUP on the host machine so I’ve got no fancy VMware agents.  My solution was to script a way of backing up my machines with minimal downtime.  The script pauses/suspends my VM’s, backs them up, and then restarts them.  The backups are to a file on a USB 2.0 300GB external disk.  I also backup the shares on teh host server.  Here is what the VM backup script looks like:

REM SUSPEND ———————

REM WEB
call "C:Program FilesVMwareVMware Servervmware-cmd.bat" "<path to VM VMX file>" suspend

REM DC
call "C:Program FilesVMwareVMware Servervmware-cmd.bat" "<path to VM VMX file>" suspend

REM MAIL
call "C:Program FilesVMwareVMware Servervmware-cmd.bat" "<path to VM VMX file>" suspend

REM BACKUP ———————

<BACKUP COMMAND>

REM START ———————

REM WEB
call "C:Program FilesVMwareVMware Servervmware-cmd.bat" "<path to VM VMX file>" start

REM DC
call "C:Program FilesVMwareVMware Servervmware-cmd.bat" "<path to VM VMX file>" start

REM MAIL
call "C:Program FilesVMwareVMware Servervmware-cmd.bat" "<path to VM VMX file>" start

REM EXIT ———————

:EXIT

October 2006: Mark Minasi Newsletter

Mark Minasi has just published his free newletter for October 2006.  In this months issue he talks about:
 
  • Window Vista WIC (Windows Integrity Controls).
  • Kerberos Token Bloat: how your Token can fill up with SIDs and break Kerberos authentication.
  • DNS testing with DCDIAG.

This consise and easy to understand newletter is well worth subscribing to.  And you don’t have to worry about appearing on a spam list either.  You can subscribe for here: http://www.minasi.com/nwsreg.htm.

The Next 3 Months

I’m booked until the new year with a contract for a major financial in Dublin city centre.  I’ll likely be working with at least one of the new feature packs in SMS 2003 R2 so I hope to document some of the lessons learned from that.
I’ll be available for more work in January 2007 so please let me know if you are interested.

VMware ESX 64bit Support

VMware announced on their 64bit blog that VMware ESX 3.0.1 will offer full support for a range of 64 bit gues operating systems.  64 bit computing is set to gain wider acceptance and in some cases become a requirement.  The following operating systems will have 64 bit support:

  • Microsoft Windows Server 2003 (Standard and Enterprise Server R2)
  • Red Hat Enterprise Linux 3 64-bit (UP7, UP8)
  • Red Hat Enterprise Linux 4 64-bit (UP2, UP3)
  • SuSE Linux Server (SLES) 10 64-bit
  • Sun Solaris 10 (U2)

Hardware requirements will be as follows:

  • AMD: Athlon64 or Opteron Rev E or later
  • Intel: must include support for Intel’s Virtualization Technology (needs to be enabled in the BIOS)

64 bit computing will be especially important in the Microsoft world.  Microsoft has decided to only release a 64bit edition of Exchange 2007.

WMware ESX is the market leader in enterprise level virtualisation.  ESX offers the ability to deploy many virtual machines across a farm of servers with load balancing and disaster recovery while providing a near physical machine level of performance.  ESX is a key technology for consolidating servers and making full use of the processing power that otherwise would be underutilised by many of the business applications that are typically deployed.

Windows Vista Volume Licensing

Microsoft has recently claimed that businesses will adopt Windows Vista like nothing else before it.  Well, Houston, there may be a problem.

Anyone who sets out a clear mass deployment plan for XP desktops will be familiar with the difficulties of deploying and troubleshooting PC’s.  The growing trend in the market is to treat the PC as a dumb appliance that you rebuild when it breaks with a major problem that you can’t fix in a few minutes.  Applications are psuhed to the PC as required by Group Policy, Terminal Services, SMS or even Softgrid for Desktops.  This rebuilding process can’t be easily done with OEM licensing because you only get 2 builds activations for an OEM key without having to speak to someone in Lord knows what country to clear your license key.  Because of this, large business who want to save administration costs have ponied up for Volume Licenses, often in the form of a desktop core CAL.  This OEM upgrade provides a Volume License Key that does not require activation.  Microsoft had to resort to using the honour code with their VLK customers.

But change is on the way.  Microsoft is planning to change the way VLK customers have been able to deploy and rebuild without having to bother with activations.  The process of just rebuilding as required will be taking a serious administrative effort hit.

Microsoft plans to include Volume Activation in WIndows Vista volume license editions (Windows Vista Enteprise, Windows Vista Business and Longhorn Server).  The short story is that you will have to activate your installation within 30 days or it shuts down like an OEM installation of XP.

ZDNet has some more details.

Some detailed information is here.

If you don’t like this then I would suggest you pass your feedback to your Microsoft partner solution providers and presales representatives.

End Of Support: Windows XP Service Pack 1

Windows XP with Serivce Pack 1 is no longer publicly supported by Microsoft as of October 10th, 2006.  Microsoft will not issue bug fixes nor security updates for this level of the operating system.  To continue support, you should deploy Service Pack 2 for Windows XP.  You can find more details here.
 
There was a considerable amount of concern about deploying Service Pack 2.  A lot of people were scared that the new Windows Firewall would break their networks.  By default it was turned on but anyone who did some research would have found they could control it centrally with either registry edits or Active Directory Group Policy.
 
Other concerns were raised about the increased level of security in the subsystem.  This caused some fear and rightly would have required regression testing for all business applications.  Another complicating factor was that many vendors acted as if Service Pack 2 was sprung on the world by surprise.  Companies such as SAP were allegedly slow to support the service pack for their products.  Of course, Microsoft had a substantial publicity and public beta program building up to the release of Windows XP Service Pack 2 that gave these vendors absolutely no excuses.
 
Given that Service Pack 2 for Windows 2003 is on the way, I’d recommend you make sure all of your Windows 2003 servers are upgraded to Service Pack 1 and not give your vendors any room to wiggle out of their responsibilities.

Virtual PC 2007 Beta

A blank page has appeared on Connect that informs us a Beta for Virtual PC 2007 is on the way.  It will be publicly available on the 11th of October.  No other details are available.

Virtual PC 2004 is now a free product and one that any self respecting sys admin should aim to use.  VMware’s excellent alternative still requires a purchase, giving Microsoft an advantage.  VPC allows you to run virtual machines just like you can with Virtual Server 2005 R2.  In fact, the machines are compatible.

I’ve used VPC before for lab work and for testing.  Where I also see it being useful is where you want administrators to use non-admin accounts for day-to-day office work such as email and browsing and a dedicated account for admin work.  Run-As is painful to use (who wants to keep banging in the password?) so an alternative is to run a VM with only the admin tools installed.  The administrator can log into their physical machine with a non-admin account and into a VM with their admin account.  This isolates their email and internet activity from their administrative rights and provides a layer of defense against viable threats.

Windows Vista Enterprise (requires software assurance) will include a virtualisation solution built into the OS.  I’m guessing now that VPC 2007 will be a solution for those who do not buy Vista with software assurance.

Forefront Security For Sharepoint Beta

Microsoft has just launched the beta for Forefron Security for Sharepoint.  It’s Microsoft’s antivirus solution for this key Office System product.  Microsoft aims to launch it at the same time as Microsoft Office Sharepoint Server 2007 and Sharepoint Services 3.0.  This could be relatively soon, i.e. early 2007.  Microsoft says this new product will deliver the following:

  • Protection against the latest threats. Forefront Security for SharePoint simultaneously utilizes up to five antivirus engines from leading security vendors to provide customers with increased protection against malware threats, inappropriate content and dangerous files types. This latest release includes the new Microsoft Antivirus engine.
  • Integration to help optimize server performance.: Integration with Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0, as well as scanning innovations and performance controls, help ensure optimal collaboration server performance.
  • Simplified management control.: Forefront Security for SharePoint provides centralized management control to help ensure organizations can simply and cost-effectively deploy, manage and maintain the security of their collaboration servers.

You can register for the beta on Microsoft’s Connect website.