[Windows 8 Server] Data Classification Toolkit for Windows Server 8 Beta.

The Microsoft Solution Accelerators "Data Classification Toolkit for Windows Server 8 Beta" is available.

  
This toolkit is designed to help enable an organization to:

• Identify, classify, and protect data on their file servers.
• Provide support for Windows Server 8 Beta, as well as for hybrid environments of Windows Server 8 Beta and Windows Server 2008 R2.
• Easily configure default Central Access Policy across multiple servers.
• Build and deploy policies to protect critical information in a cost-effective manner

  
Here are the new features for Windows 8 Server Dynamic Access Control :

• Support for out of box rights management file management Tasks
• Support for global and secure properties
• Manage and report default Central Access Policy on file servers
• User and device claims wizard to help determine the set of values for claims
• Active Directory Central Access Policy Configuration Export and Import tool to configure central access policy across forest
• Support for both Windows Server 8 and Windows Server 2008 R2 file servers

This beta is available here and runs through June 2012 : Data Classification Toolkit for Windows Server 8 Beta

[Private Cloud] Microsoft Private Cloud Guided Labs

Microsoft release the followings 14 labs to evaluate the Microsoft private cloud core capabilities of Infrastructure Management, Service Delivery & Automation, and Application Management.

To access to the labs : Microsoft Private Cloud Guided Labs

And here are the different labs subjects :

·         Provide resources through self-service requests :

This demo addresses creating and publishing new requests for cloud capacity resources in a service catalog and requesting new cloud resources with the service request form.

·         Drive consistent service delivery :

This demo addresses showing a request being routed to the Virtual Machine Manager administrator for fulfillment, demonstrating integration to drive systems automation, and showing process management for delivery of service.

·         Provision additional cloud infrastructure :

This demo addresses performing a bare-metal deployment of a Microsoft Hyper-V host, creating a new logical network and IP pool, and adding a new host to an existing cluster.

·         Delegate cloud resources :

This demo addresses creating private cloud resources and creating and modifying a user role.

·         Create consistency through service templates :

This demo addresses creating a virtual machine template, adding an application, and creating a service template with Service Designer, a component of Microsoft System Center 2012.

·         Perform a standardized application deployment to test :

This demo addresses configuring a service deployment and deploying the service.

·         Stage application resources :

This demo addresses using the App Controller component of Microsoft System Center 2012 to manage application resources.

·         Self-service deployment of an application to a production environment :

This demo addresses deploying a new application and exploring dynamic, on-demand configuration options.

·         Gain insight and visibility through reporting :

This demo addresses accessing reports in Service Manager and creating and sharing reports.

·         Monitor infrastructure :

This demo addresses network monitoring and visualization and reporting.

·         Taking corrective actions in the infrastructure :

This demo addresses seeing a holistic view of cloud and network health and performing an automated remediation.

·         Reduce time to resolution with application performance monitoring :

This demo addresses configuring application performance monitoring, creating a dashboard, and gaining deeper application insight.

·         Deploy an update to service instance :

This demo addresses modifying a service template and applying an in-place update.

·         Explore creating dashboards :

This demo addresses creating private cloud resources and creating and modifying a user role.

[Windows 8 Server] Virtualized Domain Controller Part 1 (Cloning)

Windows Server "8" Beta introduces virtualized domain controller cloning and safe snapshot restore capabilities.

You can found more informations in the Virtualized Domain Controller TLG and Virtualized Domain Controller UTG.

I'll demonstrate today the cloning capability.
My lab is composed of 1 Hypervisor and 2 VM, all running Windows 8 Server Beta (prerequisite for Virtualized Domain Controller).


Here is the different steps for cloning a DC :

• Create the customized DcCloneConfig.xml file on a source domain controller
• Detect incompatible programs on the source domain controller
• Ensure the PDC emulator runs Windows Server "8" Beta, is not the clone source, and is available
• Authorize the source domain controller for cloning
• Shutdown the source domain controller
• Copy its disk and Create a new clone virtual machine using the copied disks
• Or Export and Import the source VM
• Start the source and cloned domain controller, then allow cloning to occur

So we start by creating the XML file.

Open the SampleDCCloneConfig.xml  in  C:\windows\system32 , modify it and save it in the NTDS folder (D:\WINDOWS\NTDS here)

Now we have to detect if incompatible programs are present on the source domain controller.

For this we use a Powershell Cmdlet :

Get-ADDCCloningExcludedApplicationList

By default, the only application returned in Windows Server "8" Beta is the PrintNotify service.
Any installed applications not included as part of the operating system - such as anti-virus software - show here as well as any incompatible Windows services.

We have to create a second XML file (CustomDCCloneAllowList.xml) in the NTDS Folder to allow each program or service return by the Cmdlet.

We execute again the Cmdlet which shows nothing.

Now we have to check that the source Domain Controller doesn't host the PDC Emulator role.

We add the source Domain Controller in the "Cloneable Domain Controllers" group to authorize the source Domain Controller to be cloned.


For that we use again a Powershell Cmdlet.
The TLG and UTG use the following command :

Get-ADComputer SRV-AD02 | %{add-adgroupmember -identity "Cloneable domain controllers" -members $_.samaccountname}

I use this one :

Add-ADGroupMember -Identity "Cloneable domain controllers" -Members (Get-ADComputer SRV-AD02)

Now we stop the VM.

For the next step we have the choice between :

• Copy the source Domain Controller disk and create a new clone virtual machine using the copied disks
• Export and Import the source VM

The TLG show the first method so I'll use the second.


First I export the source VM using Powershell Cmdlet Export-VM :

Then I import the VM, rename it and start the source Domain Controller.

Finally we remove the cloned snapshot and we start the cloned VM.

And log on it.

We see our new DC in ADAC.

Virtualized Domain Controller Cloning is a really great new feature of Windows 8 Server.

Most of the steps could be scripted unless Microsoft give us new Cmdlets (to generate the XML file for example) in the RTM version.

That was the first part of the Virtualized Domain Controller, next time we'll see safe snapshot restore.

[Exchange 2010] Exchange 2010 Mailbox Server Role Requirements Calculator v18.9 released

The Exchange Team just released the v18.9 of the Exchange 2010 Mailbox Server Role Requirements Calculator : The Exchange Team Blog



Bug Fixes

• Fixed the Storage worksheet’s "RAID Storage Configuration" Table to exclude showing "Total Number of Disks Required" for designs that do not have lagged database copies and are deploying in a JBOD configuration.
• Added a notification to Role Requirements regarding scenarios that result in >2TB databases.
• Fixed an error notification to indicate when the input parameters have resulted in a design that has more HA copies than available Mailbox servers.
• Fixed the DAG LUN total space calculation to be based on the total number of database copies, not the total number of mailbox servers.
• Fixed the database copy validation formula to ensure there is at least 1 HA copy or lagged database copy in the secondary datacenter when site resilience is enabled.
• Fixed servers.csv to not add a space between the comma and drive letter.
• Fixed cells to have the correct color formatting.
• Updated BDM throughput requirements to stipulate 7.5MB/s per database as the worst case, which aligns with what can potentially be seen in Jetstress runs.

The calculator is available here : v18.9 of the Exchange 2010 Mailbox Server Role Requirements Calculator

[Windows 8 Server] Hands-on Lab available

Windows 8 Server Hands-On Lab have been released.
You can found them on this portal : Windows Server "8" Hands-on Lab Portal

You'll find the 12 following labs :

• Configuring Hyper-V over Highly Available SMB Storage
• Active Directory Deployment and Management Enhancements
• Managing Network Infrastructure with Windows Server "8"
• Introduction to Windows PowerShell Fundamentals
• Configuring a Highly Available iSCSI Target
• Managing Windows Server "8" with Server Manager and PowerShell 3.0
• What’s New in Windows PowerShell 3.0
• Using Dynamic Access Control to Automatically and Centrally Secure Data in Windows Server "8"
• Online Backup Service for Windows Server "8"
• Implementing Storage Pools and Storage Spaces
• Windows Server "8": Managing Branch Offices with Windows Server "8"
• Managing your Network Infrastructure with IP Address Management

DAC labs will be the first I'll try when I have time.

Security Compliance Manager (SCM) 2.5 released

The Microsoft Solution Accelerators Team just released Security Compliance Manager 2.5 which was in Beta since january.

For those who don't know this solution :

This end-to-end Solution Accelerator will help you plan, deploy, operate, and manage your security baselines for Windows client and server operating systems, and Microsoft applications. Access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats—including XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP)—to export the baselines to your environment to automate the security baseline deployment and compliance verification process. Use the Security Compliance Manager to achieve a secure, reliable, and centralized IT environment that will help you better balance your organization’s needs for security and functionality.

Key Features & Benefits

• Integration with the System Center 2012 Process Pack for IT GRC: Product configurations are integrated into the Process Pack for IT GRC to provide oversight and reporting of your compliance activities.
• Gold master support: Import and take advantage of your existing Group Policy or create a snapshot of a reference machine to kick-start your project.
• Configure stand-alone machines: Deploy your configurations to non-domain joined computers using the new GPO Pack feature.
• Updated security guidance: Take advantage of the deep security expertise and best practices in the updated security guides and the attack surface reference workbooks to help reduce the security risks that you consider to be the most important.
• Centralized Management of Your Baseline Portfolio: The centralized management console of the Security Compliance Manager provides you with a unified, end-to-end user experience to plan, customize, and export security baselines. The tool gives you full access to a complete portfolio of recommended baselines for Windows® client and server operating systems, and Microsoft applications. The Security Compliance Manager also enables you to quickly update the latest Microsoft baseline releases and take advantage of baseline version control.
• Security Baseline Customization: Customizing, comparing, merging, and reviewing your baselines policy configurations just got easier. Use the customization capabilities of the Security Compliance Manager to duplicate any of the recommended baselines from Microsoft and quickly modify security settings to meet the standards of your organization’s environment.
• Multiple Export Capabilities: Export baselines in formats like XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP) to enable automation of deployment and monitoring baseline compliance.
• Available policy configuration baselines include Windows Server 2008 R2 SP1, Windows Server 2008 SP2, Windows Server 2003 SP2, Hyper-V, Windows 7 SP1, Windows Vista SP2, Windows XP SP3, BitLocker Drive Encryption, Windows Internet Explorer 9, Windows Internet Explorer 8, Microsoft Office 2010 SP1, Microsoft Office 2007 SP2, Exchange Server 2010 SP2 and Exchange Server 2007 SP3.

For import and export the Exchange baseline, you'll have to use the Exchange Server Script Kit (ESSK) which is based on Powershell.

SCM is a really great solution unfortunately little known and little used.
SCM is available here : Microsoft Security Compliance Manager