[Microsoft Solution Accelerators] Microsoft Assessment and Planning Toolkit 8.0 available

Microsoft Assessment and Planning Toolkit 8.0 is now available

The Microsoft Assessment and Planning (MAP) Toolkit’s new capabilities help you assess the readiness of your environment for deploying Windows 8 and Windows Server 2012. Included in the latest version of the toolkit are hardware and infrastructure readiness assessments to plan your deployment of Windows 8 and Windows Server 2012, migration to Windows Azure Virtual Machines, ready your environment for Office 2013, and track your Lync users.

Key features and benefits of MAP 8.0 help you:

• Determine your readiness for Windows Server 2012 and Windows 8
• Assess readiness for Office 2013
• Plan for Windows Azure Virtual Machine migration
• Track Lync Enterprise/Plus users

Determine your Windows Server 2012 readiness
MAP 8.0 assesses the readiness of your IT infrastructure for a Windows Server 2012 deployment. This feature includes detailed and actionable recommendations indicating which machines meet Windows Server 2012 system requirements and which may need hardware updates. A comprehensive inventory of servers, operating systems, workloads, devices, and server roles is included to help in your planning efforts.


Determine your Windows 8 readiness
MAP 8.0 assesses the readiness of your IT environment for a Windows 8 deployment. This feature evaluates your existing hardware against the recommended system requirements for Windows 8. It provides recommendations detailing which machines meet the requirements and which may need hardware upgrades.

Key benefits include:

• Assessment report and summary proposal to help you understand the scope and benefits of a Windows 8 deployment
• Inventory of desktop computers, deployed operating systems, and applications

Assess your environment for Office 2013 and Office 365
MAP 8.0 assesses readiness for Office 2013 and Office 365 and provides an in-depth assessment of client desktops for upgrading or migration. This feature also offers support for Office 365 features such as web apps, Exchange Online, SharePoint Online, or full Office 365 client support.


Migrate to Windows Azure Virtual Machines
MAP 8.0 performs a comprehensive assessment of Windows Server and Linux machines to determine feasibility of a migration to Windows Azure Virtual Machines. MAP then provides suggested changes to prepare targeted machines for migration. This feature helps you reduce the operating costs of hosting on-premise servers, as well as estimating the required size and monthly network and storage usage required to migrate on-premise Windows and Linux servers to Windows Azure Virtual Machines using actual data from the targeted environment.

To download MAP 8.0 : http://www.microsoft.com/en-us/download/details.aspx?&id=7826

[Microsoft Solution Accelerators] Security Compliance Manager 3.0 Beta Refresh

The Microsoft Solution Accelerators team has released SCM 3.0 Beta Refresh.

This release includes the following new baselines and capabilities:

• All baselines in the SCM 3.0 Beta release are updated with bug fixes.
• All baselines for this release are updated with DCM and SCAP export capabilities.
• New baselines for Windows Server 2012 in this release include:
• AD Certificate Services Server Security
• DHCP Server Security
• DNS Server Security
• File Server Security
• Network Policy and Access Services Security
• Print Server Security
• Remote Access Services Security
• Remote Desktop Services Security

To download the beta release of SCM 3.0 join the review program on Microsoft Connect at:https://connect.microsoft.com/site715/InvitationUse.aspx?ProgramID=7831&InvitationID=SCM3-XDK9-9QDB

[Windows Server 2012] Performance Tuning Guidelines for Windows Server 2012

Microsoft has released this white paper last month.

This guide describes important tuning parameters and settings that you can adjust to improve the performance and energy efficiency of the Windows Server 2012 operating system. It describes each setting and its potential effect to help you make an informed decision about its relevance to your system, workload, and performance goals.

 

 

Included in this white paper:

• Choosing and Tuning Server Hardware
• Performance Tuning for the Networking Subsystem
• Performance Tools for Network Workloads
• Performance Tuning for the Storage Subsystem
• Performance Tuning for Web Servers
• Performance Tuning for File Servers
• Performance Tuning for a File Server Workload (FSCT)
• Performance Counters for SMB 3.0
• Performance Tuning for File Server Workload (SPECsfs2008)
• Performance Tuning for Active Directory Servers
• Performance Tuning for Remote Desktop Session Host (Formerly Terminal Server)
• Performance Tuning for Remote Desktop Virtualization Host
• Performance Tuning for Remote Desktop Gateway
• Performance Tuning Remote Desktop Services Workload for Knowledge Workers
• Performance Tuning for Virtualization Servers
• Performance Tuning for SAP Sales and Distribution
• Performance Tuning for OLTP Workloads

This white paper is available here : http://msdn.microsoft.com/en-us/library/windows/hardware/jj248719.aspx

[Microsoft Solution Accelerators] IPD System Center 2012 - Operations Manager now available

The Infrastructure Planning and Design Guide for System Center 2012 - Operations Manager is now available.

This guide outlines the infrastructure design elements that are crucial to a successful implementation of Operations Manager. It guides you through the process of designing components, layout, and connectivity in a logical, sequential order. You’ll find easy-to-follow steps on identification and design of the required management groups, helping you to optimize the management infrastructure.

Infrastructure Planning and Design streamlines the planning process by:

• Defining the technical decision flow through the planning process.
• Listing the decisions to be made and the commonly available options and considerations.
• Relating the decisions and options to the business in terms of cost, complexity, and other characteristics.
• Framing decisions in terms of additional questions to the business to ensure a comprehensive alignment with the appropriate business landscape.

 

You can download this guide here :  http://go.microsoft.com/fwlink/?LinkID=245476

[Microsoft Solution Accelerators] Microsoft Assessment and Planning Toolkit 8.0 Beta Program Started

 Microsoft Assessment and Planning Toolkit 8.0 Beta review program is now open.

Accelerate your Windows Server 2012 migration with MAP 8.0 Beta!

 

The Microsoft Assessment and Planning (MAP) Toolkit’s new capabilities help you assess the readiness of your environment for deploying Windows 8 and Windows Server 2012. Included in the latest version of the toolkit are hardware and infrastructure readiness assessments to plan your deployment of Windows 8 and Windows Server 2012, prepare your migration to Windows Azure Virtual Machines, ready your environment for Office 2013, and track your Lync users.

 

Key features and benefits of MAP 8.0 Beta help you:

• Determine readiness for Windows Server 2012 and Windows 8.
• Assess environment for Office 2013.
• Plan migration to Windows Azure Virtual Machines.
• Track Lync Enterprise/Plus users.

Key features and benefits in more detail:

Determine your Windows Server 2012 readiness :

MAP 8.0 Beta assesses the readiness of your IT infrastructure for a Windows Server 2012 deployment. This feature includes detailed and actionable recommendations indicating which machines meet Windows Server 2012 system requirements and which may need hardware updates. A comprehensive inventory of servers, operating systems, workloads, devices, and server roles is included to help in your planning efforts.


Determine your Windows 8 readiness :

MAP 8.0 Beta assesses the readiness of your IT environment for a Windows 8 deployment. This feature evaluates your existing hardware against the recommended system requirements for Windows 8. It provides recommendations detailing which machines meet the requirements and which may need hardware upgrades.

 

Key benefits include:

• Assessment report and summary proposal to help you understand the scope and benefits of a Windows 8 deployment.
•  Inventory of desktop computers, deployed operating systems, and applications.

Assess your environment for Office 2013 :

MAP 8.0 Beta assesses readiness for Office 2013 and provides an in-depth assessment of client desktops for upgrading or migration. This feature also offers support for Office 365 features such as web apps, Exchange Online, SharePoint Online, or full Office 365 client support.


Migrate to Windows Azure Virtual Machines :

MAP 8.0 Beta performs a comprehensive assessment of Windows Server and Linux machines to determine if a migration to Windows Azure Virtual Machines is possible. The toolkit then offers suggested changes to prepare the machines for migration. Key features help you reduce the operating costs of hosting on-premise servers as well as estimating the required size and monthly network and storage usage required to migrate on-premise Windows and Linux servers to Windows Azure Virtual Machines using the data from the environment.


Assess your software usage and evaluate your licensing needs for Lync :

MAP 8.0 Beta’s Lync Enterprise and Usage Tracking feature counts the number of Lync Enterprise/Plus users as well as device activities for determining the number of required client access licenses (CAL). For Lync 2010, MAP provides a server inventory and software usage by device and user for Lync Standard features. MAP’s updated Software Usage Tracking feature provides consistent software usage reports for key Microsoft products including Windows Server, SQL Server, System Center, Forefront Endpoint Protection (FEP), and Lync.


To download this tool : https://connect.microsoft.com/Downloads/DownloadDetails.aspx?DownloadID=23188&SiteID=297

[Microsoft Solution Accelerators] Two new Beta Programs for System Center Products

The Solution Accelerators team has started two new beta programs focused on tools, automation, and knowledge for System Center products.

One program will provide System Center Virtual Machine Manager (SCVMM) service templates and a SCVMM add-in to help you discover them.

The other program will provide datacenter automation for private clouds using System Center Orchestrator. Datacenter automation for System Center Orchestrator enables you to automate operations of private cloud workloads such as SharePoint and Windows Server.


Service Templates Explorer

The System Center Virtual Machine Manager (SCVMM) Service Templates Explorer enables you to search for and download service templates that are published by Microsoft. The Service Templates Explorer is an add-in the runs within the SCVMM console. It is simple to install and use.

The first release of the Service Templates Explorer will make these service templates available for you to download and use:

• Windows Server 2012 - Domain Controller
• Windows Server 2012 - DNS
• Windows Server 2012 - DHCP
• Windows Server 2012 - IIS
• Window Server 2012 - File Server
• Windows Server 2008 R2 SP1 - Domain Controller
• Windows Server 2008 R2 SP1 - DNS
• Windows Server 2008 R2 SP1 - DHCP
• Windows Server 2008 R2 SP1 - IIS
• Windows Server 2008 R2 SP1 - File Server

These service templates are tested and supported by Microsoft. They provide you with a simple and quick way to deploy Windows Server virtual machines with key roles enabled. In the future, more service templates will be published. Some of these new service templates will provide you with private cloud application deployment capabilities.


Datacenter Automation

The datacenter automation for the cloud enables you to automate operations of private cloud workloads such as SharePoint and Windows Server.


The first release of the datacenter automation make following available for you to download and use:
Orchestrator Runbooks for quick SharePoint farm back-up and recovery scenario
Easily pluggable PowerShell 3.0 workflows for SharePoint basic daily, weekly and monthly operations automation. For example:

• Back up a Web application
• Back up a service application
• Trace logs
• Checking Disk Space, CPU and RAM
• Sharepoint WMI scan for perf/alerts
• Scan for missing patches / WMI

These automations are tested and supported by Microsoft.

[Windows Server 2012] Windows Server 2012 Essentials RTM available

Windows Server 2012 Essentials RTM is now available.

Windows Server 2012 Essentials (formerly Windows Small Business Server Essentials) is a flexible, affordable, and easy-to-use server solution designed and priced for small businesses with up to 25 users and 50 devices that helps them reduce costs and be more productive. Windows Server 2012 Essentials is an ideal first server, and it can also be used as the primary server in a multi-server environment for small businesses.

Windows Server 2012 Essentials enables small businesses to protect, centralize, organize and access their applications and information from almost anywhere using virtually any device.

Windows Server 2012 Essentials will be available for purchase on Thursday, November 1, 2012.

Here is Windows Server 2012 Essentials datasheet : Windows Server 2012 Essentials datasheet
Here is the Windows Server 2012 Essentials FAQ : Windows Server 2012 Essentials FAQ

To download and try the RTM : http://technet.microsoft.com/en-US/evalcenter/jj659306.aspx

[Windows Server 2012] Release of Microsoft Hyper-V Server 2012

Microsoft Hyper-V Server 2012 has been released.

Microsoft Hyper-V Server 2012 is a hypervisor-based server virtualization product that enables you to consolidate workloads, helping organizations improve server utilization and reduce costs.

Hyper-V Server is a dedicated stand-alone product that contains the hypervisor, Windows Server driver model, virtualization capabilities, and supporting components such as failover clustering, but does not contain the robust set of features and roles as the Windows Server operating system. As a result Hyper-V Server produces a small footprint and and requires minimal overhead. Organizations consolidating servers where no new Windows Server licenses are required or where the servers being consolidated are running an alternative OS may want to consider Hyper-V Server.

In contrast, Windows Server 2012 is recommended for organizations that need flexible and cost effective virtualization rights. Virtualization rights in Windows Server 2012 are based on the specific edition purchased, with Windows Server 2012 Datacenter edition providing unlimited virtual instances.

One of the most common uses for Hyper-V Server is in Virtual Desktop Infrastructure (VDI) environments. VDI allows a Windows client operating system to run on server-based virtual machines in the datacenter, which the user can access from a PC, thin client, or other client device. A full client environment is virtualized within a server-based hypervisor, centralizing user's desktops.

By deploying VDI with Microsoft Hyper-V Server 2012, users will have seamless access to a rich, full fidelity Windows environment running in the data center, from any device. Hyper-V Server also gives IT professionals a cost effective VDI solution with simplified administration, flexible storage options, and dynamic allocation of resources.


To download Microsoft Hyper-V Server 2012 : http://www.microsoft.com/en-us/server-cloud/hyper-v-server/default.aspx

Introducing RAP as a Service

RAP as a Service is a new delivery experience to enable you to assess your IT environment at your convenience. The data is collected remotely allowing you to maintain the utmost privacy and run the assessment on your own schedule. Submission of data through the cloud via a truly secure transmission, enables you to view your results immediately on our secure online portal. A Microsoft accredited engineer will review the findings, provide recommendations and knowledge transfer, and build a remediation plan with your staff and your TAM.

Key Benefits

• Online delivery with a Microsoft accredited engineer
• Convenience with online delivery and flexible scheduling means minimal impact on your environment and IT staff
• Assessment results available online
• Easily share results with your IT staff and others in your organization
• Reassess your environment to track progress
• Reduce support costs by exposing configuration and operational issues before they affect your business
• Access to best practice updates for one year with an active Premier Support contract

Online Experience

Data submitted via secure transfer to Microsoft online servers are analyzed using our RAP expert system. Results are displayed on the secure online portal that remains available throughout the licensed period of your assessment. You can also reassess your environment at any time using updated best practice guidance that is made available to subscribers on a regular basis. Your IT staff can be granted access to the results in order to collaborate effectively on the outcome of the assessment.

Practical Recommendations

RAP as a Service collects information on the key technology, people, and process areas in your environment and analyzes them against best practices established by knowledge obtained from over 20,000 customer assessments. Recommendations for each of the issues are identified and articulated as part of the service. All critical and important issues are explained by the Microsoft accredited engineer and a remediation plan is provided as one of the key deliverables.

Breakthrough Follow-on Experience

Persistence is now built-in with this service, allowing you to re-assess multiple times to track progress, get updates to newly released best practice guidance, benefit from new online portal features, and interact with an exclusive online community.

Deliverables

• Assessment tools, multiple submissions, and access to a secure online portal
• Regular updates to best practice guidance and online portal features
• Knowledge transfer of issues found
• Remediation plan
• Technical Findings report
• One year license to continue using the online portal and tools. Also requires an active Microsoft Premier Support contract.

RAP as a Service : https://services.premier.microsoft.com/raas
RAP as a Service Prerequisites : http://www.microsoft.com/en-us/download/details.aspx?id=34698

[Windows Server 2012] Windows 2012 Active Directory Backup and Disaster Recovery Procedures from Peter Van Keymeulen

Peter Van Keymeulen from EDE Consulting has released a new version of his great guide for AD backup and restore.

Windows 2012 Active Directory Backup and Disaster Recovery Procedures : http://www.edeconsulting.be/downloads/WindowsServer2012ADBackupandDisasterRecoveryProcedures_V1.0.pdf

The Windows Server 2008 R2 version is also available and have been updated : http://www.edeconsulting.be/downloads/WindowsServer2008R2ADBackupandDisasterRecoveryProcedures_V3.3.pdf

Working with Active Directory ? You have to read this !

[Windows Server 2012] Windows Server 2012 Pocket Consultant

Here is the Table of Contents :

• Windows Server 2012 Administration Fundamentals
• Chapter 1 : Windows Server 2012 Administration Overview
• Windows Server 2012 and Windows 8
• Getting to Know Windows Server 2012
• Power Management Options
• Networking Tools and Protocols
• Domain Controllers, Member Servers, and Domain Services
• Name-Resolution Services
• Frequently Used Tools
• Chapter 2 : Managing Servers Running Windows Server 2012
• Server Roles, Role Services, and Features for Windows Server 2012
• Full-Server, Minimal-Interface, and Server Core Installations
• Installing Windows Server 2012
• Managing Roles, Role Services, and Features
• Managing System Properties
• Chapter 3 : Monitoring Processes, Services, and Events
• Managing Applications, Processes, and Performance
• Managing System Services
• Event Logging and Viewing
• Monitoring Server Performance and Activity
• Tuning System Performance
• Chapter 4 : Automating Administrative Tasks, Policies, and Procedures
• Understanding Group Policies
• Navigating Group Policy Changes
• Managing Local Group Policies
• Managing Site, Domain, and Organizational Unit Policies
• Maintaining and Troubleshooting Group Policy
• Managing Users and Computers with Group Policy
• Chapter 5 : Enhancing Computer Security
• Using Security Templates
• Using the Security Configuration Wizard
• Windows Server 2012 Directory Services Administration
• Chapter 6 : Using Active Directory
• Introducing Active Directory
• Working with Domain Structures
• Working with Active Directory Domains
• Understanding the Directory Structure
• Using the Active Directory Recycle Bin
• Chapter 7 : Core Active Directory Administration
• Tools for Managing Active Directory
• Managing Computer Accounts
• Managing Domain Controllers, Roles, and Catalogs
• Managing Organizational Units
• Managing Sites
• Maintaining Active Directory
• Troubleshooting Active Directory
• Chapter 8 : Creating User and Group Accounts
• The Windows Server Security Model
• Differences Between User and Group Accounts
• Default User Accounts and Groups
• Account Capabilities
• Using Default Group Accounts
• User Account Setup and Organization
• Configuring Account Policies
• Configuring User Rights Policies
• Adding a User Account
• Adding a Group Account
• Handling Global Group Membership
• Implementing Managed Accounts
• Chapter 9 : Managing User and Group Accounts
• Managing User Contact Information
• Configuring the User’s Environment Settings
• Setting Account Options and Restrictions
• Managing User Profiles
• Updating User and Group Accounts
• Managing Multiple User Accounts
• Troubleshooting Logon Problems
• Viewing and Setting Active Directory Permissions
• Windows Server 2012 Data Administration
• Chapter 10 : Managing File Systems and Drives
• Managing the File Services Role
• Adding Hard Disk Drives
• Working with Basic, Dynamic, and Virtual Disks
• Using Basic Disks and Partitions
• Compressing Drives and Data
• Encrypting Drives and Data
• Chapter 11 : Configuring Volumes and RAID Arrays
• Using Volumes and Volume Sets
• Improving Performance and Fault Tolerance with RAID
• Implementing RAID on Windows Server 2012
• Managing RAID and Recovering from Failures
• Standards-Based Storage Management
• Managing Existing Partitions and Drives
• Chapter 12 : Data Sharing, Security, and Auditing
• Using and Enabling File Sharing
• Configuring Standard File Sharing
• Managing Share Permissions
• Managing Existing Shares
• Configuring NFS Sharing
• Using Shadow Copies
• Connecting to Network Drives
• Object Management, Ownership, and Inheritance
• File and Folder Permissions
• Auditing System Resources
• Using, Configuring, and Managing NTFS Disk Quotas
• Using, Configuring, and Managing Resource Manager Disk Quotas
• Chapter 13 : Data Backup and Recovery
• Creating a Backup and Recovery Plan
• Backing Up Your Data: The Essentials
• Performing Server Backups
• Managing Encryption Recovery Policy
• Backing Up and Restoring Encrypted Data and Certificates
• Windows Server 2012 Network Administration
• Chapter 14 : Managing TCP/IP Networking
• Navigating Networking in Windows Server 2012
• Managing Networking in Windows 8 and Windows Server 2012
• Installing TCP/IP Networking
• Configuring TCP/IP Networking
• Managing Network Connections
• Chapter 15 : Running DHCP Clients and Servers
• Understanding DHCP
• Installing a DHCP Server
• Configuring DHCP Servers
• Managing DHCP Scopes
• Managing the Address Pool, Leases, and Reservations
• Backing Up and Restoring the DHCP Database
• Chapter 16 : Optimizing DNS
• Understanding DNS
• Configuring Name Resolution on DNS Clients
• Installing DNS Servers
• Managing DNS Servers
• Managing DNS Records
• Updating Zone Properties and the SOA Record
• Managing DNS Server Configuration and Security

You can preorder your copy Here (O'REILLY) or Here (Amazon)

[Windows Server 2012] Remote Server Administration Tools for Windows 8 available

RSAT for Windows 8 are available.

Remote Server Administration Tools for Windows 8 includes Server Manager, Microsoft Management Console (MMC) snap-ins, consoles, Windows PowerShell cmdlets and providers, and command-line tools for managing roles and features that run on Windows Server 2012. In limited cases, the tools can be used to manage roles and features that are running on Windows Server 2008 R2 or Windows Server 2008. Some of the tools work for managing roles and features on Windows Server 2003.

Here is a description of RSAT for Windows 8 : http://support.microsoft.com/kb/2693643

To download RSAT for Windows 8 : http://www.microsoft.com/en-us/download/details.aspx?id=28972

[Microsoft Solution Accelerators] Security Compliance Manager 3.0 Beta Available

The Security Compliance Manager 3.0 Beta review program just start.

Secure your environment with new product baselines for Windows Server 2012, Windows 8, and Windows Internet Explorer 10. The beta release of Security Compliance Manager (SCM) 3.0 provides all the same great features for these new baselines, as well as an enhanced setting library for these new Microsoft products. This beta release includes fixes that resolve many previously reported issues in the setting library. The updated setting library also gives you the ability to further customize baselines. SCM 3.0 provides a single location for you to create, manage, analyze, and customize baselines to secure your environment faster and more efficiently.

As part of a select group of our key customers, we invite you to participate in the Beta Review Program of these new product baselines that include security enhancements for the following server roles and features:

• Windows Server 2012 Security Baselines:
• Domain Controller Security Compliance
• Domain Security Compliance
• Hyper-V Security Compliance
• Member Server Security Compliance
• Web Server Security Compliance
• Windows 8 Security Baselines:
• BitLocker Security
• Computer Security Compliance
• Domain Security Compliance
• User Security Compliance:
• Internet Explorer 10 Security Baselines:
• Computer Security Compliance
• User Security Compliance

What is not available in this beta release ?

• The ability to export compliance data using formats that work with the DCM feature in Microsoft System Center Configuration Manager and the Security Content Automation Protocol (SCAP) is temporarily blocked in the new baselines for Windows Server 2012, Windows 8, and Internet Explorer 10. This functionality will be enabled in the next beta release update.
• This beta release includes five baselines for Windows Server 2012. The following additional server role baselines will be included in the next beta release update:
• Active Directory Certificate Services (AD CS)
• DNS Server
• DHCP Server
• File Services
• Network Policy and Access Servers
• Print Services
• Remote Access
• Remote Desktop Services

What is the release plan for the rest of beta baseline?

Additional SCM 3.0 Beta baselines will be released through Microsoft Connect so that you can download and import them into the SCM 3.0 Beta application.
The date for the next beta is currently scheduled for the middle of November 2012.

Here is a comparison between WS 2008 R2 SP1 and WS 2012 Domain Security Baseline.

 To download this tool : http://connect.microsoft.com/site715/Downloads/DownloadDetails.aspx?DownloadID=46234

[Microsoft Solution Accelerators] Data Classification Toolkit Released

The Solution Accelerators Team has released Microsoft Data Classification Toolkit

I have already presented this tool in the two following post :
http://gregorylucand.blogspot.fr/2012/04/windows-8-server-data-classification.html
http://gregorylucand.blogspot.fr/2012/05/data-classification-toolkit-active.html


The Data Classification Toolkit supports new Windows Server 2012 features, Dynamic Access Control, and backward compatibility with the functionality in the previous version of the toolkit. The toolkit provides support for configuring data compliance on file servers running Windows Server 2012 and Windows Server 2008 R2 SP1 to help automate the file classification process, and make file management more efficient in your organization. 

Simplify your central access policy configuration experience.
The latest version of the toolkit allows you to provision and standardize central access policy across a forest and apply default access policies on your file servers. The toolkit also provides tools to provision user and device claim values based on Active Directory Domain Services (AD DS) resources to help simplify configuring Dynamic Access Control in Windows Server 2012. You can also easily track and report existing Central Access Policy on file shares.

Streamline your data compliance user experience.
The toolkit adds a UI to the existing Windows PowerShell experience, including a Classification Wizard that you can use to manage file classifications, and a Claims Wizard to manage central access policy on the file servers in your organization. You can also use the Claims Wizard to build claim values in AD DS.

The Data Classification Toolkit for Windows Server 2012 is designed to help organizations:

• Identify, classify, and protect data on their file servers.
• Take advantage of new features and technologies in Windows Server 2012, as well as support hybrid environments with file servers running Windows Server 2012 and Windows Server 2008 R2 SP1.
• Easily configure default central access policy across multiple servers.
• Build and deploy policies cost-effectively to protect critical information.

Use the Data Classification Toolkit to help your organization successfully plan and maintain data classification programs in these critical areas:

• Identifying applicable IT GRC authority documents.
• Defining corresponding classification policies.
• Preserving evidence that demonstrates the implementation of effective controls.

You can download this tool here : http://www.microsoft.com/en-us/download/details.aspx?id=27123

[Microsoft Solution Accelerators] Microsoft Virtual Machine Converter Released

The Solution Accelerator Team has released Microsoft Virtual Machine Converter.

The Microsoft Virtual Machine Converter (MVMC) Solution Accelerator is a Microsoft-supported, stand-alone solution for the IT pro or solution provider who wants to convert VMware-based virtual machines and disks to Hyper-V®-based virtual machines and disks. The MVMC solution can perform full conversions of VMware-based virtual machines as well as conversions of VMware-based virtual hard disks to Hyper-V-based virtual hard disks (VHD).

Benefits :
MVMC is the only stand-alone, Microsoft-supported solution to provide conversion of virtual machines and disks from VMware to Hyper-V. It can be deployed with minimal dependencies. Because MVMC has a fully scriptable command-line interface (CLI), it integrates especially well with data center automation workflows such as those authored and run within Microsoft System Center 2012 - Orchestrator. It can also be invoked through Windows PowerShell®. The solution is easy to download, install, and use. In addition to the CLI, MVMC provides a wizard-driven GUI, making it simple to perform virtual machine conversion.

Features :
MVMC provides the following features

• Converts and deploys virtual machines from VMware hosts to Hyper-V hosts running:

• Windows Server® 2012
• Microsoft Hyper-V Server 2012
• Microsoft Hyper-V Server 2008 R2 SP1
• Windows Server 2008 R2 SP1
• Converts VMware virtual machines, virtual disks, and configuration (memory, virtual processor and so on) from the source to Hyper-V.
• Adds virtual network interface cards (NICs) to the converted virtual machine on Hyper-V.
• Supports conversion of virtual machines from VMware vSphere 4.1 and 5.0 hosts to Hyper-V.  
• Note   MVMC also supports conversion of virtual machines from VMware vSphere 4.0 if the host is managed by vCenter 4.1 or vCenter 5.0. You have to connect to vCenter 4.1 or 5.0 through MVMC to convert virtual machines on vSphere 4.0.
• Offers fully scriptable command-line interface that integrates well with data center automation workflows and Windows PowerShell scripts.
• Has a wizard-driven GUI, making it simple to perform virtual machine conversion.
• Uninstalls VMware tools prior to conversion to provide a clean way to migrate VMware-based virtual machines to Hyper-V. 
• Important   MVMC will take a snapshot of the virtual machine you are converting prior to uninstalling VMware tools and then shut down the source machine to preserve state during conversion. The virtual machine will be restored to its previous state once the source disks attached to the virtual machine are successfully copied to the machine where the conversion process is run. At that point the source machine in VMware can be turned on if required.
• Supports Windows Server guest operating system conversion, including Windows Server 2008, Windows Server 2008 R2, Windows Server 2003 SP2, and Windows Server 2003.
• Enables conversion of Windows® client versions, including Windows 7 and Windows Vista®.
• Installs integration services on the converted virtual machine if the guest operating system is Windows Server 2003 SP2.
• Includes a command-line utility for offline conversions of VMware-based virtual hard disks (VMDK) to a Hyper-V-based virtual hard disk file format (.vhd file).  
• Note   The offline disk conversion does not include driver fixes. Windows Server 2003 support is not included for the offline disk conversion.
• Supports conversion from multiple VMDK formats to fixed-size and dynamically expanding VHD formats.

Supported Configurations for Machine Conversion :
Any combination of the following is supported:

• VMware sources including:
• vCenter Server 5.0
• vCenter Server 4.1
• ESXi Server 5.0
• ESXi/ESX Server 4.1
• Note   MVMC supports ESXi/ESX 4.0 if the host is managed by vCenter 4.1 or vCenter 5.0. In this case, you must connect to vCenter 4.1 or 5.0 through MVMC to convert virtual machines on the 4.0 hosts.
• Destination Host Server:
• Hyper-V on Windows Server 2008 R2 SP1 Standard
• Hyper-V on Windows Server 2008 R2 SP1 Enterprise
• Hyper-V on Windows Server 2008 R2 SP1 Datacenter
• Hyper-V on Windows Server 2012
• Microsoft Hyper-V Server 2008 R2
• Microsoft Hyper-V Server 2012
• Guest operating systems supported for conversion:
• Windows Server 2003 Standard Edition with SP2 x86
• Windows Server 2003 Standard Edition with SP2 x64
• Windows Server 2003 Enterprise Edition with SP2 x86
• Windows Server 2003 Enterprise Edition with SP2 x64
• Windows Server 2003 R2 Enterprise Edition with SP2 x86
• Windows Server 2003 R2 Enterprise Edition with SP2 x64
• Windows Server 2003 R2 Standard Edition with SP2 x86
• Windows Server 2003 R2 Standard Edition with SP2 x64
• Windows Vista Enterprise x64
• Windows Vista Enterprise x32
• Windows 7 Enterprise x86
• Windows 7 Enterprise x64
• Windows 7 Professional x86
• Windows 7 Professional x64
• Windows 7 Ultimate x86
• Windows 7 Ultimate x64
• Windows Server 2008 Enterprise x86
• Windows Server 2008 Enterprise x64
• Windows Server 2008 Datacenter x86
• Windows Server 2008 Datacenter x64
• Windows Server 2008 R2 Standard
• Windows Server 2008 R2 Enterprise x64
• Windows Server 2008 R2 Datacenter x64

To download this tool : http://www.microsoft.com/en-us/download/details.aspx?id=34591

And here is a case study where this great tool has been used : http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=710000001055 

[Windows Server 2012] Introducing Windows Server 2012 Free Ebook Updated

Mitch Tulloch has updated his very popular free ebook on Windows Server 2012 based on the RTM version of the software.

To download this Ebook :
Introducing Windows Server 2012 PDF
Introducing Windows Server 2012 EPUB
Introducing Windows Server 2012 MOBI

You can also get a hard copy here : http://shop.oreilly.com/product/0790145372536.do

[Windows Server 2012] Windows Server 2012 Infographic

[Powershell V3] PowerShell 3.0 is now available

Windows PowerShell 3.0 is now available for download for Windows 7, Windows Server 2008 R2 and for Windows Server 2008.


Some of the new features in Windows PowerShell 3.0 include:

• Workflow : Windows PowerShell Workflow lets IT Pros and developers apply the benefits of workflows to the automation capabilities of Windows PowerShell. Workflows allow administrators to run long-running tasks (which can be made repeatable, frequent, parallelizable, interruptible, or restart-able) that can affect multiple managed computers or devices at the same time.
• Disconnected Sessions :  PowerShell sessions can be disconnected from the remote computer and reconnected later from the same computer or a different computer without losing state or causing running commands to fail.
• Robust Session Connectivity : Remote sessions are resilient to network failures and will attempt to reconnect for several minutes. If connectivity cannot be reestablished, the session will automatically disconnect itself so that it can be reconnected when network connectivity is restored. Scheduled Jobs Scheduled jobs that run regularly or in response to an event.
•  Delegated Administration : Commands that can be executed with a delegated set of credentials so users with limited permissions can run critical jobs.
• Simplified Language : Syntax Simplified language syntax that make commands and scripts look a lot less like code and a lot more like natural language.
• Cmdlet Discovery Improved : cmdlet discovery and automatic module loading that make it easier to find and run any of the cmdlets installed on your computer.
• Show-Command : Show-Command, a cmdlet and ISE Add-On that helps users find the right cmdlet, view its parameters in a dialog box, and run it.

You can get it here : http://www.microsoft.com/en-us/download/details.aspx?id=34595
Be careful, .NET Framework 4 is required : http://www.microsoft.com/en-us/download/details.aspx?id=17851

Hey, Scripting Guy! blog : http://blogs.technet.com/b/heyscriptingguy/

Other links related :
Microsoft Script Explorer RC Available :  http://gregorylucand.blogspot.fr/2012/08/powershell-microsoft-script-explorer-rc.html
Windows PowerShell 3.0 and Server Manager Quick Reference Guides  :   http://gregorylucand.blogspot.fr/2012/06/powershell-v3-windows-powershell-30-and.html
Windows PowerShell Support for Windows Server 2012 : http://gregorylucand.blogspot.fr/2012/06/powershell-windows-powershell-support.html

[Windows Server 2012] Here we are !

You surely haven't missed it but Windows Server 2012 is now available !














What's new in Windows Server 2012 : http://technet.microsoft.com/en-us/library/hh831769

To download the trial : http://technet.microsoft.com/en-us/evalcenter/hh670538.aspx?wt.mc_id=TEC_108_1_33

[Active Directory] The Evolution of Active Directory Recovery (TechEd 2012)

Here is a great video taken at TechEd North America 2012 about Active Directory Recovery presented by Ulf B. Simon-Weidner  (http://msmvps.com/blogs/UlfBSimonWeidner/).

An Active Directory failure is the most critical disaster in most organizations, and the infrastructure has changed: virtualization provides benefits, but also risks. Active Directory Recycle bin helps with recovering, but not in every situation. GPMC and the new Windows Backup can help, but you still need additional knowledge. In this session we take a geek view of Active Directory Backup and Recovery in various versions of Windows. Learn what you need in your backups, what you need to prepare for recovery, what the issues are and how to solve them. We look at different stages of Operating Systems up the the next generation Windows Server 2012 and learn where knowledge needs to complement features and how new possibilities will help you in planning your disaster recovery strategy.

Here is the direct link : http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/SIA319
And the slides : http://video.ch9.ms/teched/2012/na/SIA319.pptx

[Active Directory] Active Directory Snapshots Part 2/3 : Manage Snapshot

After presenting this feature in the previous post, we'll now see how to manage Active Directory Snapshot.

As I said in the previous post, there are two Tools which are used for Active Directory Snapshot : NTDSUTIL and DSAMAIN.


First I will show you how to create and mount snapshot with NTDSUTIL (http://technet.microsoft.com/en-us/library/cc753343(v=ws.10).aspx).

If you work on Active Directory, this tool should be familiar.

First, launch NTDSUTIL, set your Active Directory Database as the active instance, and go in the snapshot options.

Here are the different actions you can make to manage snapshots

Now I create a new snapshot :

I list all snapshots (there is just the one I just create) :

And I mount the snapshot.

That's all for now with NTDSUTIL.


Now we'll use DSAMAIN (http://technet.microsoft.com/en-us/library/cc772168(v=ws.10).aspx) to expose the snapshot data as an LDAP server.


First I copy the path of the snapshot database.

And we now use DSAMAIN. You just have to give the snapshot database path (Be careful if you use Powershell, you have to use single quote and not double quotes for the DBPATH) and the ldap port.

If you have already use DSAMAIN with Windows Server 2008 or 2008 r2, the result was different than mine. Indeed, as I use Windows Server 2012 for my hypervisor and my lab, virtualized domain controller feature are available and that's what you can see here.

Keep this Windows open.


Now you can use several tools to connect to the snapshot.
I'll use ADUC but you can use LDP, ADSIEDIT, ...


You can directly launch ADUC and connect to the snapshot

You can see that the current Directory Server is our snapshot.

Now you can browse your Active Directory Snapshot with ADUC (in read-only) for diagnostic purposes.

You can also mount simultaneously several snapshots :

When your diagnostics are done, stop DSAMAIN (with Ctrl + C)

And then you can unmount the snapshot through NTDSUTIL.

You can also automate the creation of snapshot. For this you have to use scheduled tasks with a one line command : 

ntdsutil "activate instance ntds" snapshot create quit quit

As you can see manage Active Directory Snapshot is very easy.



In the final post, we'll see how to restore attributes from Active Directory Snapshots and I will present you a tool from Fredrik Lindström, Directory Service Comparison Tool.

[Active Directory] Active Directory Snapshots Part 1/3 : Presentation

Why presenting this "old" feature one week before the release of Windows Server 2012 ?

It's simple, many companies doesn't use this feature in their Active Directory backup and restore policy whereas it should be integrated in this policy as an additionnal tools for diagnostic purposes.



So what is Active Directory Snapshot ?

Active Directory snapshot is a shadow copy, created by the Volume Shadow Copy Service (VSS), of the volumes that contain the Active Directory database and log files.

This feature, introduced with Windows Server 2008, allows you to create read-only snapshots of the Active Directory Database.

Then you can mount this snapshot on a online domain controller for simplifying a recovery process or auditing changes and objects deletion.


Why should you use Active Directory Snapshot ?

That's simple, saving time in the recovery process.
Indeed, in the case where you have to restore a backup, you have to determine first which backup is best. You must restore it to a domain controller to view its contents. Each restore operation requires that you restart the domain controller in Directory Services Restore Mode (DSRM) until you find the best backup.
With Active Directory Snapshot you can easily determine which backup is the best without restart the domain controller in Directory Services Restore Mode.
Active Directory Snapshot can also be used to restore objects (we'll see this later) but not natively.


What do you need to use Active Directory Snapshot ?

Two tools are used for Active Directory Snapshot :

• NTDSUTIL
• DSAMAIN

NTDSUTIL (http://technet.microsoft.com/en-us/library/cc753343(v=ws.10).aspx) allows you to manage snapshots (create, delete, mount and unmount snapshot).
DSAMAIN (http://technet.microsoft.com/en-us/library/cc772168(v=ws.10).aspx) allow you  to expose the snapshot data as an LDAP server.

Then you can use existing LDAP tools as LDP, ADSIEDIT, ADUC to connect to the snapshot.


That's all for this post, we'll see next how to manage Active Directory Snapshot.

[Security] Microsoft Attack Surface Analyzer released

Microsoft Attack Surface Analyzer has been released.

Attack Surface Analyzer is developed by the Trustworthy Computing Security group. It is the same tool used by Microsoft's internal product groups to catalogue changes made to operating system attack surface by the installation of new software.

Attack Surface Analyzer takes a snapshot of your system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface.

This allows:

• Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
• IT Professionals to assess the aggregate Attack Surface change by the installation of an organization's line of business applications
• IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
• IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)

You can download this tool here : http://www.microsoft.com/en-us/download/details.aspx?id=24487

[Microsoft Solution Accelerators] Virtual Machine Servicing Tool 2012 Available

Microsoft Virtual Machine Servicing Tool 2012 is now available.

I've already present this Solution Accelerators tool here : http://gregorylucand.blogspot.fr/2012/07/microsoft-solution-accelerators-virtual.html


You can download the final version here : http://www.microsoft.com/en-us/download/details.aspx?id=30470

[Powershell] Microsoft Script Explorer RC Available

Microsoft Script Explorer Release Candidate is now available.

Microsoft® Script Explorer for Windows PowerShell® (Release Candidate) helps scripters find Windows PowerShell scripts, snippets, modules, and how-to guidance in online repositories such as the TechNet Script Center Repository, PoshCode, local or network file systems and Bing Search Repository.

Microsoft® Script Explorer enables:

• Integrated community and Microsoft resources to help you unlock the power of Windows PowerShell.
• Seamless searching across online repositories to locate script samples relevant to you.
• Establishing and searching local, network, and corporate script repository is easy.

This great tool is available here : http://www.microsoft.com/en-us/download/details.aspx?id=29101

[Windows Server 2012] Tuning the Tools Menu in Server Manager

The new Server Manager Console in one of the great new features of Windows Server 2012.

It reminds me a famous quote :

One Console to rule them all, One Console to find them,
One Console to bring them all and in Server Manager bind them

The Tools Menu contains all the administrative Tools of the server.

You can create a folder structure on the Tools menu to organize your Tools as you want.

For this you have to create a folder in the Administrative Tools folder. This can't be done directly as you can't create folders in this folder.
So, create a folder elsewhere and move the folder in the Administrative Tools folder.
It's as simple as that.

For example I create one folder for AD Tools.

And then I move the Administrative Tools in this folder.

You can also add other Tools, you just have to create a shortcut and move it in the Administratives Tools.

For example my server has Script Explorer installed on it.
I just copy the shortcut.

You can also launch script directly from the Server Manager using the same method.

As you can see you can add many things in the Tools Menu of the new Server Manager Console.

And if you don't want to use the new Metro UI, you can consolidate all your Tools in the Server Manager Console.

[Microsoft Solution Accelerators] Virtual Machine Converter Release Candidate Available

 The Microsoft Virtual Machine Converter Release Candidate is available.

The Microsoft Virtual Machine Converter (MVMC) provides a Microsoft-supported, freely available, standalone solution for converting VMware virtual machines (VMs) and VMware virtual disks (VMDKs) to Hyper-V virtual machines and Hyper-V virtual hard disks (VHDs).


What is New in the Release Candidate?

In addition to the capabilities delivered as part of the Beta release, the Microsoft Virtual Machine Converter release candidate:

• Converts and deploys virtual machines from VMware hosts to Hyper-V hosts running:
•     Windows Server® 2012 Release Candidate
•     Microsoft Hyper-V Server 2012 Release Candidate
• Adds virtual network interface cards (NICs) to the converted virtual machine on Hyper-V.
• Configures dynamic memory on the converted virtual machine.
• Supports migration of virtual machines that are hosted on a vSphere cluster.
• Supports migration of virtual machines to a Hyper-V host that is part of a failover cluster.
• Enables Microsoft partners to cobrand the tool so that it incorporates their logos.

System Requirements

The Microsoft Virtual Machine Converter converts VMware virtual machines created with:

• VMware vSphere 4.1
• VMware vSphere 5.0

To virtual machines for:

• Windows Server 2008 R2 SP1 Hyper-V
• Microsoft Hyper-V Server 2008 R2 SP1
• Windows Server® 2012 Release Candidate
• Microsoft Hyper-V Server 2012 Release Candidate

Details

The Microsoft Virtual Machine Converter:

• Provides a quick, low-risk option for VMware customers to evaluate Hyper-V
• Converts the virtual disks and the VMware VMs configuration, such as memory, virtual processor, and other machine settings from the source
• Uninstalls the VMware tools on the source VM and installs the Hyper-V Integration Services as appropriate
• Includes an easy-to-use wizard-driven GUI simplifying VM conversion Supports offline conversions of VMware virtual hard disks (VMDK) to a Hyper-V based virtual hard disk file format (VHD)
• Includes a scriptable Command Line Interfaces (CLI) for performing machine conversion and offline disk conversion which integrates with datacenter automation workflows, such as those authored and executed within System Center Orchestrator. The command line can also be invoked through PowerShell.

Microsoft Virtual Machine Converter Release Candidate is available here : https://connect.microsoft.com/site14/Downloads/DownloadDetails.aspx?DownloadID=42754

[Microsoft Solution Accelerators] IPD for SCVMM 2012 available

The IPD Guide for System Center 2012 Virtual Machine Manager is available.

This guide outlines the elements that are crucial to an optimized design of Virtual Machine Manager. It leads you through a process of identifying the business and technical requirements for managing virtualization, designing integration with Operations Manager if required, and then determining the number, size, and placement of the VMM servers. This guide helps you to confidently plan for the centralized administration of physical and virtual machines.

Infrastructure Planning and Design streamlines the planning process by:

• Defining the technical decision flow through the planning process.
• Listing the decisions to be made and the commonly available options and considerations.
• Relating the decisions and options to the business in terms of cost, complexity, and other characteristics.
• Framing decisions in terms of additional questions to the business to ensure a comprehensive alignment with the appropriate business landscape.

This guide is available here : http://go.microsoft.com/fwlink/?LinkId=245473

You can found all IPD Guide here : http://www.microsoft.com/en-us/download/details.aspx?id=732

[Windows Server 2012] DAC : Implementing Access-Denied Assistance

Access-denied remediation is a new feature in Windows Server 2012, which provides different ways to troubleshoot issues that are related to access to files and folder.

 

 

I have added an Exchange 2013 server to my lab for this scenario.

So my lab consists now of 4 VM :

• 1 Windows Server 2012 Domain Controller (DAC-SRV-AD01)
• 1 Windows Server 2012 File Server (DAC-SRV-FIC01)
• 1 Windows 8 Client (DAC-WIN8-CLT)
• 1 Windows Server 2012 / Exchange 2013 (DAC-SRV-EXCH)

The configuration of Access-Denied Assistance requires 2 steps:

• Configure Access-Denied Assistance
• Configure the Email Notification Settings

First, I configure the Access-Denied Assistance by using Group Policy.

The first part of the configuration has been done.

Now we'll configure the Email Notification in FSRM.

And that's all. As you can see it's really easy to configure.

Now we can verify that Access-Denied Assistance works.

I log the user Carla Thomas on the client and try accessing the confidential folder.
I don't have access but you can see that you can Request Assistance.

Now I check administrator Emails and you can see that Administrator received the Request Assistance with all informations like the user and device claims.

As you can see Access-Denied Assistance is a really great feature of Dynamic Access Control and is very easy to implement.

For more information check this : http://technet.microsoft.com/en-us/library/hh831788

[Windows Server 2012] DAC : Implementing Central Access Policy Part 2 of 2

Now that the Active Directory steps have been done, here are the others steps.

We have to :

• Enable support for claims and compound authentication by using Group Policy
• Enable claim for devices by using Group Policy
• Apply the central access policy across file servers by using Group Policy
• Assign a central access policy to the file server

To enable support for claims and compound authentication we'll edit the Default Domain Controller Policy.
We have to edit only one setting.

Now, we have to enable claim for devices by editing the Default Domain Policy.

Now we have to apply the Central Access Policy we have created earlier on the File Server by creating a new GPO.

That's all for the Group Policy part.
Now we have to assign the Central Access Policy to the File Server.

First we have to refresh the Global Ressource Properties. This can be done with Powershell or through FSRM.

If you go on the Classification Properties, you can see that we have our two Ressource Properties, Department and Confidentiality.

Now I go on the Finance folder to apply the Central Access Policy.
First I configure manually the Department classification on the Finance folder.

Then I apply the Central Access Policy.

I do the same for the CONFIDENTIAL sub-folder, add the confidentiality classification to High.

The Central Access Policy and the Department classification is inherited from the parent folder.

All the configuration for this scenario has been done.


Now we can verify that DAC is well implemented.

First, I will check that claim is enable for users. It can be done with the command : whoami /claims

We can now verify the effective access on the folder.

First at the Finance folder level with Carla Thomas.

We can see that the user has RW access.
Now I change the user claim and we can see that the user doesn't have access and this access is limited by CAR Finance Department.

Now we go on the Confidential sub-folder.
The Confidential CAR require that the user and the device are from the Finance department and that the user is a member of the Confidential group.

If we modify the device claim we loose access.

That's all for the Central Access Policy part which is only one of the features of Dynamic Access Control.

If you want more information on this part check this : http://technet.microsoft.com/en-us/library/hh831425

We'll see next Access-Denied Assistance feature.