Aidan Finn, IT Pro

The product that I personally find the most exciting in the new range from Microsoft has just been released to manufacturing.  The Exchange team announced it yesterday in their blog.  Exchange 2007 sees some changes in the way it is architected.  Finally, Exchange will use the pysical representation of your network that is defined in Active Directory in AD Sites and Services.  The installation is component based.  And the introduction of Unified Messaging will mean a lot for business users.  Being available (only) for x64 means it is also more scalable for those larger customers.

 

I had a quick look earlier in the beta but didn’t get much time to play with it.  I’ve recently read some high level documentation on migration.  It’ll be simple enough for consolidated Exchange networks.  Complicated Exchange 2000/2003 networks will need to be very well planned due to the fact that there is no longer the concept of a routing group or routing group connector.  Exchange 5.5 people have some bad news.  There is no longer a direct migration for you folks.  You’ll have to step up to Exchange 2003 first.

Microsoft announced the availablity of a new NAS offering in the Windows Server 2003 catalogue called WUDSS 2003.  It includes "new features such as the Microsoft iSCSI Software Target technology, a new and revised storage server setup experience, new integrated share and storage management snap-ins".  It is available now with the Dell PowerVault NX1950 and other OEM’s are expected to follow soon.

 

There is some further documentation from Microsoft here:

Bink provided a useful link to download the Windows Vista Volume Activation 2.0 Technical Guidance document that was publised two days ago.  Anyone deploying Vista with volume licensing should read this guide for technical guidance on how to deploy KMS.

Adobe has released version 8.0 of their reader product.  Following the trend set by the likes of Sin-mantec, they’ve added extra functionality.  One feature is the ability to kick off online meetings.  My feeling on this sort of thing is that these companies should stick to what they are good at and stop producing over-featured software that becomes bug-ware.

I’ve been messing around with WDS and WAIK on my VMware lab at home.  The BOOT.WIM that MS provides does not have native support for the NIC driver required by the standard VMware VM NIC.  When you boot up your boot image you see the following error which prevents you from doing anything:

I was doing a lot of mucking around last night with WAIK to find a solution.  I was close (IMAGEX and PEIMG) but it looks like I missed out the piece about identifying and targetting the correct boot index.  I think I found a solution today on the Microsoft website.  I haven’t tested it yet.

 

This solution consists of two steps:

Today marks the business launch of Microsoft’s new range of products in the Irish market.  The logo’s say Vista, Office 2007 and Exchange 2007.  Don’t be mistaken in thinking that it’s just three products.  Office is now a brand that encompasses a range of products in the Office System.  The core of this is the famous Office suite and add-ons such as Project, Visio and InfoPath.  But Office System includes server prodcuts too.  Using these server products you can enable geographically or logically dispersed users to work with each other.

 

If you listened to Newstalk this morning you may have heard a poorly chosen quote of a MS rep in the news.  MS launched a report that delves into how business are losing money because users cannot use, find or access information in a timely or efficient manner.  By using an integrated solution, e.g. Exchaange 2007, Sharepoint Portal Server 2007 and Live Communication Server, you can enable employees who work in logical teams to work together, no matter where they are located. 

 

The reality in modern business is that you can have a person in Dublin working with people in Los Angeles and Shanghai on one project.  They might work together for a short time but need rapid, secure and reliable services to collaborate.  Once the project is over they might work with different people on another project.  Having Sharepoint Services enable users to quickly provision and customise a secure collaboration web site where they can work together, share information and share files.  Using Sharepoint Portal can tie these websites together, enabling corporate branding and search mechanisms.  Live Communications Server enable voice and video so that people can talk face to face using an internal communications system without needless waste on travel time and expenses.  Exchange 2007 provides an integrated messaging solution that ties into these products.  The major step forward with Exchange 2007 for the business is that it features Unified Messaging.  UM enables Voice Mail and Fax services to be integrated into Exchange so that incoming messages can be delivered right into a users mailbox.  The mobility functions of Exchange 2007 enable a business user to access their data no matter where they are: on the WAN via Outlook, over the web via SSL secured Outlook Web Access and over the air via secure push mail to the PDA (without the need for Blackberry subscriptions).

 

Server solutions don’t stop there.  Microsoft Dynamics, Business Scorecard Manager and Project Server are just some more of the integrated business solutions that are availabel for business use.

 

The key is integration.  Many organisations choose solutions from many vendors.  But these solutions just don’t integrate.  The business gets basic functionality but cannot easilly integrate the solutions.  Business users then find doing what should be a simple taks to be quite difficult, often leading to wasted or redundant effort.  MS solves this by not only integrating the server solutions with each other by leveraging Active Directory but also by tightly integrating Office 2007, the cornerstone of the Office System brand.

 

I highly recommend that you look into these solutions if this is something you are interested in.

I saw in Darren Mar-Elia’s blog that Microsoft has released a new free GPO troubleshooting tool for Windows Vista called the Group Policy Log Viewer.  Darren has written a little bit about it in an earlier post.  Using this tool, you can gather log entries related to grup policy processing into one location and export it into a report.

One of the guys on MR&D, Michael Pietrzak, reported a problem with previously existing logon scripts in his domain that were not running correctly on Windows Vista domain members.  It appeared that running "Net Use" commands to map a drive failed to work.  After some experimentation, Mike found that UAC (the new infamous security feature in Vista) was the cause of the problem.  Disabling UAC resolved the issue.  UAC is a nice idea because it is intended to prevent malicious software from installing on or configuring your machine without your consent.

I had been reading the thread on the forum with interest.  I upgraded my PC at home last week and I soon realised I was encountering the exact same issue.

WOrld renowned GPO whiz, Darren Mar-Elia, joined Mike in looking into this issue.  Darren’s contacts in Microsoft were able to give him a link to a "solution".  If you browse to near the bottom of that page you’ll find a section called "Group Policy Scripts can fail due to User Account Control".  What happens is that UAC prevents a logon script from mapping a network drive.  The solution?  You have to run a provided script (on the MS website in Appendix A) to delay the execution of the logon script:

• You place this WSF script in your NETLOGON folder.
• You alter your logon script configuration to run the WSF file with the actual logon script as a paramter.

There’s a few bugs in MS’s documentation and script:

• Syntax Error In Script: Line 114 (open Notepad, press <CTRL> + <G>, enter 114 and press <RETURN>) is broken up into multiple lines using "_".  This appears to break the script.  I modified line 114 to read as:

call rootFolder.RegisterTaskDefinition(strTaskName, taskDefinition, FlagTaskCreate,,, LogonTypeInteractive)

• GPO settings: They don’t put in UNC paths for the WSF file.  Use a full path, e.g. \domain.nameNETLOGONLaunchapp.wsf.
• GPO settings: They don’t put in UNC paths for the parameter, i.e. the logon script.  Use a full path, e.g. \domain.nameNETLOGONlogon.bat.

I also commented out two lines using a " ‘ " (below).  I don’t want users (or me) to have to click boxes every time I log in.

• WScript.Echo "Task definition created. About to submit the task…"
• WScript.Echo "Task submitted."

So what is the fix doing?  It delays the execution of the actual logon script until after your logon is considered as "complete".  In reality, I’ve found that I’ve been logged in for 10 or more seconds before the real logon script runs.  This means there is a window where network drives are not mapped and users can attempt to launch programs or open files that they have no access to yet.  I cannot imagine how many helpdesk calls will be opened because of this.

This, in my opinion, if a cludge fix, i.e. duct tape and bailing twine, a McGuyver-ism if you will.  The fact that this functionality, which you will find in probably 75% of corporate networks if not more, does not work out of the box is shocking.  I’ve liked Vista so far but this is disappointing.  It’s certainly giving ammo to the ney-sayers and Linux nuts.

This problem also going to lead to more people disabling UAC… heck, helpdesk managers will demand it.  There was already a growing feeling if contempt for this security feature that MS has invested a lot of time and effort in.  It’s had lots of negative commentary.  The fact that is breaks something as important is crazy.  MS should really get a real fix for this out the door ASAP so that an important security feature such as UAC will not be dumped by the general public.