Tag Archives: Microsoft Windows

Warning!

Wednesday morning I was sitting at my desk when a pop-up appeared on my screen.  It was actually an Internet Explorer window, and although it was written entirely in Japanese, I suspected immediately that it was a scam, a fraud, malware, or something.  Why?  It had a very old Microsoft logo on it (from the Microsoft Certified Partner days).  I asked my boss to confirm, and he started laughing at me that the sites I was visiting were not secure.  Since I was planning to re-image my system when I was back in Canada, I didn’t really worry about it.

As I sit in the airport lounge in Vancouver, I got a different albeit similar pop-up, this time in English (it is always nice when malware knows where you are…)

imageHere is a simple way to know if the warnings you are getting might be legitimate, or if they are completely bunk:

1) Legitimate programs do not display their warnings in Internet Explorer.  They would have their own windows appear.

2) I do not use a product called Advanced System Protector.  That being the case, if it were legitimate (it is not) it would still have no business scanning my system.

My recommendations? firstly do not click in the window.  The only place you should click is in the upper-right hand corner… the X.  Note that they are sneaky buggers… under the real X there is their own X, which would have you clicking in the window.  Do not be fooled.

Once you close the window, make sure you run your legitimate anti-malware system – do a complete system scan.  It is not necessary in my case because I simply shut down the machine, and the next time I turn it on I will re-image it (format it and re-install Windows).  However most of you will not want to do that… and yes, you do have malware in your system.

Windows To Go: Disk Behaviour

BitLocker Drive Encryption

BitLocker Drive Encryption (Photo credit: Wikipedia)

Recently I was explaining Windows To Go at a client site.  We had a few interesting discussions about the power as well as the limitations of the security features.

One attendee asked a couple of good questions:

1) Is there any way to block the ‘on-lining’ of your Windows To Go key in other installations of Windows?

2) Is there a way to block users from bringing local disks on-line from within Windows To Go?

While I did not have the answers off the top of my head, after some consideration they are actually quite simple.

1) Windows To Go is the equivalent of any hard drive.  Because the machines that you are meant to use them on will be unmanaged, it is impossible to prevent this.  However Microsoft does provide several different levels of protection:

  • The WTG drive is off-line by default;
  • When building the WTG key you can enable BitLocker
  • Although BitLocker on the WTG key cannot be tied to a TPM chip, it will have a password associated.

In other words, in order to compromise the key from another installation of Windows, you would have to bring the WTG key on-line, unlock it, and provide a password.  In other words, if you trust the person to whom you gave the key.  If you don’t, he probably should not be on your systems in the first place.

The second answer is probably a happier one.  Because Windows to Go is (or can be) a managed environment (including domain membership, Group Policy, and even System Center management) the key can be locked down as you see fit.  How you would do it depends on which of the tools you have at your disposal… but yes, this can be done.

I hope this helps you to make your environment more secure using Windows To Go!

What’s New in Windows Server 2012 R2 Lessons Learned Week 1

Dan Stoltz asked me to republish this article, and it is well worth it!  Check out all of the links – a lot of great material! -MDG

It has been an incredible start to the Windows Server 2012 R2 Launch Series.  Here is brief summary of what we covered so far…

  1. Windows Server 2012 R2 Launch Blog Series Index #WhyWin2012R2 the series, opening and index page we learned that from Oct 18th and every day until Thanksgiving we should visit http://aka.ms/2012r2-01 to learn all about Windows Server 2012 R2. You can also follow the excitement on twitter at #WhyWin2012R2. Download the calendar .ICS to populate your calendar here.  This post started the new launch series where Microsoft platform experts would cover  why Windows Server 2012 R2 is important, how to deploy, manage, configure any number of components in Windows Server 2012 R2, how the new OS capabilities stack up against competitors, how R2 integrates with and leverages cloud services like Windows Azure and many, many more categories. This series is deep technical content with lots of How To’s and Step-By-Step instructions. You will learn about storage, cloud integration, RDS, VDI, Hyper-V, virtualization, deduplication, replica, DNS, AD, DHCP, high availability, SMB, backup, PowerShell and much, much more!
  2. Why Windows Server 2012 R2 Rocks! #WhyWin2012R2 - You are probably like most people and realize that Windows Server 2012 was a very substantial upgrade over Windows Server 2008 R2. What would you say to Microsoft doing it again, and even better? WOW! That is exactly what Windows Server 2012 R2 has done. In this post we will look at some of the coolest additions and improvements to Windows Server 2012 R2. Regardless of which of the four pillars of focus (Enterprise-Class, Simple and Cost-Effective, Application Focused, User Centric) you are most interested in, you will find plenty in this post to appreciate! @ITProGuru will show you as he counts the top 10 biggest, most relevant and/or most differentiated new features in Windows Server 2012 R2.
  3. Where Are All The Resources For Windows Server 2012 R2? – We learned where to do go get free resources for Windows Server 2012 R2 including downloading a Free Trial of Windows Server 2012 R2, Free online cloud serversFree EBook on Windows Server 2012 R2, Free Posters, Free Online Training from Microsoft Virtual Academy, and much more.
  4. Implementing Windows Server 2012 R2 Active Directory Certificate Services Part 1 &
  5. Implementing Windows Server 2012 R2 Active Directory Certificate Services Part 2PKI is heavily employed in cloud computing for encrypting data and securing transactions. While Windows Server 2012 R2 is developed as a building block for cloud solutions, there is an increasing demand for IT professionals to acquire proficiency on implementing PKI with Windows Server 2012 R2. This two-part blog post series is to help those who, like me, perhaps do not work on Active Directory Certificate Services (AD CS) everyday while every so often do need to implement a simple PKI for assessing or piloting solutions better understand and become familiar with the process.
  6. Step-by-Step: Automated Tiered Storage with Storage Spaces in R2 – Windows Server 2012 R2 includes a number of exciting storage virtualization enhancements, including automated storage tiering, scale-out file server re-balancing and performance tuning for high-speed 10Gbps, 40Gbps and 56Gbps storage connectivity.  IT Pros with which I’ve spoken are leveraging these new enhancements to build cost-effective SAN-like storage solutions using commodity hardware.In this article, we’ll begin part 1 of a two-part mini-series on storage.  I’ll provide a technical comparison of Windows Server 2012 R2 storage architecture to traditional SAN architecture, and then deep-dive into the new Storage Spaces enhancements for storage virtualization.  At the end of this article, I’ll also include Step-by-Step resources that you can use to build your own Storage Spaces lab.  In part 2 of this mini-series, we’ll finish our storage conversation with the new improvements around Scale-Out File Servers in Windows Server 2012.
  7. iSCSI Target Server – Super Fast Mass Server Deployment! – #WhyWin2012R2 – There have been some significant updates to Windows Server 2012 with the R2 release. One of these updates helps IT Pros deal with a growing problem – How do I deploy a large number of servers quickly, at scale without adding massive amounts of storage?The updates to the iSCSI target server technologies allow admins to share a single operating system image stored in a centralized location and use it to boot large numbers of servers from a single image. This improves efficiency, manageability, availability, and security. iSCSI Target Server can boot hundreds of computers by using a single operating system image!
  8. Why Windows Server 2012 R2: Reducing the Storage Cost for your VDI Deployments with VHD De-duplication for VDI – Windows Server 2012 introduced a data deduplication for your storage workloads customers saw phenomenal storage reduction.  Windows Server 2012 R2 deduplucation now supports live VHDs for VDI, which means that data de-duplication can now be performed on open VHD/VHDX files on remote VDI storage with CSV volume support. Remote VHD/VHDX storage de-duplication allows for increased VDI storage density significantly reducing
    VDI storage costs, and enabling faster read/write of optimized files and advanced caching of duplicated data.
  9. Importing & Exporting Hyper-V VMs in Windows Server 2012 R2 One of the biggest benefits of server virtualization is the ability to backup or restore entire systems easily and quickly.  Though they are infrequently used features, Hyper-V import and export are very fast, versatile, and easy to use.  In Windows Server 2012 R2 these features get even better.  I will take a look at how this functionality works and why it is useful.  I’ll also discuss how they are very different from the commonly used checkpoints in Hyper-V, and how you can automate this process.

Keep plugged in to the series to continue learning about Windows Server 2012 R2

- See more at: http://itproguru.com/expert/2013/10/whats-new-in-windows-server-2012-r2-lessons-learned-week-1/#sthash.JWWX9vKZ.dpuf

Creating a New AD Forest in Windows Server Core (Revisited)

Several years ago Steve Syfuhs and I sat down and figured out how to create a new Active Directory forest in Windows Server Core.  It was an interesting experience, and even though I later gave rights to that article to the Canadian IT Pro Team (at the time it was Damir Bersinic) when you search Bing.com for the term ‘Create AD Forest Server Coremy article still comes up first.

R2 I have gotten a bit more adept with the command prompt of late (especially with my diving into Windows PowerShell recently, but even before), so when I had the need to create a new AD Forest for a courseware environment I am building, I decided to revisit this topic, and see what changes I could make.

In 2009 I had to create an answer file, or at least I believed I did.  It turns out that now I can get away with one command line string, which is as follows:

dcpromo /InstallDNS:yes /NewDomain:forest /NewDomainDNSName:alpineskihouse.com

/DomainNetBIOSName:SKI /ReplicaOrNewDomain:domain /RebootOnCompletion:yes

/SafeModeAdminPassword:P@ssword

For the record I had to break up the text into three lines, but obviously this should all be typed onto a single line.

Warnings:

The first time I ran this command it failed.  I suspect this is because I had a DHCP address assigned.  Before embarking on this trip, I suggest you assign a static IP address to your Server Core box.  While it is simpler to do it with the sconfig text-mode configuration menu tool, you can also use the following netsh command:

netsh interface ipv4 set address name=”Local Area Connection” source=static address=172.16.0.10 mask=255.255.0.0 gateway=172.16.0.1

At this point you should be ready to go… remember that with Windows Server 2012 (and R2) once you have the OS installed it is easy to manage it remotely using either PowerShell or the Server Manager console.  Just make sure you have the right credentials, and you are good to go!

A Tour of the Surface Pro with Tom’s Hardware

On the day that Microsoft released the Surface Pro I sat down with Alex Davies from Tom’s Hardware (www.tomshardware.com) and gave him a little tour of the device.  He recorded it and that recording went live on Monday.  Check it out and let me know what you think! –MDG

http://www.tomshardware.com/news/Microsoft-Surface-Pro-Hands-on-Demo,21030.html

My First Surface Article

Ok, so maybe it is not my first article on Microsoft Surface, but it is the first article that I am writing from one.  A friend here was kind enough to loan me one for a few weeks, and even though my EliteBook is within arm’s reach I decided to spend my morning on this device exclusively… to get used to it and all.

The keyboard was the first challenge that I anticipated… the flat, waterproof keys reminded me at a glance of the chicklet keyboard of the Atari 400.  How wrong I was… although the keyboard does take some getting used to, it is really quite friendly and easy to use.  The missing function keys also struck me as a worry… I use the F-keys pretty regularly, and it did not take long for me to notice their absence.  I expect that I am in the minority on this point though… IT Pros and Devs will miss them, but the vast majority of end users will likely not even notice that they are missing**.  The responsiveness is another thing worried me (I noticed it as I was writing this paragraph).  I seemed to be typing faster than the keyboard could send the keys to the screen.  That however turned out to be not a problem with the Surface, but rather with the app that I am using to write.

**Edit Feb. 1: The top row of keys is indeed the function keys, but on the keyboard I have the numbers are not printed.  As with many keyboards, you need to press the Fn key to shift to the Function, so Alt-Fn-Play is the same as Alt-F4.

Theresa Garvis, my lovely wife and very capable business manager, has been using her Surface since the end of October, and she has been loving it.  When I discussed my concerns with the keyboard she assured me that she used the keyboard… but the truth is that she gets along without it just as easily. ‘I have used the on-screen keyboard without any problems, and it works great for me.  The only reason I use the external keyboard is because it is there, and have never had any problem when I left it at home.’

The Surface RT does not have nearly the kind of horsepower that I need for my day to day computer use.  However I am not your average computer user, and I expect that with 2 GB of RAM, a 1.3GHz NVIDEA TEGRA 3 Quad-Core CPU, and 32 GB of storage (a chunk of which is used for the OS) most end-users will be happy with it.  My son Aaron started high school this year, and was eager to swap out his EliteBook for the Surface.  He found that the only thing that he couldn’t do with his Surface was a school app that requires Flash Player… and I have not yet looked into a solution for this.  In the meantime he is happy using one of the home computers for his French homework, and the rest of the time he sequesters himself in his room with his Surface.

The Surface is not intended to be a desktop/laptop replacement, but it could very well be that for many people.  But what about the rest of us who absolutely need more power?  What about those of us who need legacy apps? I personally immediately felt the missing link in the Office chain – no Outlook.  In fact, this is a complaint I have heard from quite a number of people who have gone out and bought Surfaces… what do I do without my Outlook??

Outlook is not the only app that people are missing on the Surface (or, more accurately, on Windows RT) but it is a big one.  Most of the functionality of Outlook that I use is actually available in Microsoft Mail, Calendar, and Contacts (all of which come standard with Windows RT).  However let’s be honest… if you are used to Outlook there really isn’t a viable alternative.

So what do we do? On the one hand we have a really powerful tablet that runs Windows 8, and on the other we have a device that isn’t quite powerful enough for us.  But what if we could harness the power of our desktop from the Surface?  What if we could use all of our apps and resources of the great but heavy desktop that is always connected directly from Windows RT? Wouldn’t that be great?

We can… and in my next article I will show you how you can do it too, using a few simple tricks and some free tools.

Oh and by the way, I wrote this entire article using the free WordPress app that I downloaded from the Windows Store, using the regular keyboard!

A Quick Tip for Hyper-V Users: Product Keys

I keep telling people that the best way to activate your servers and desktops is to have a Key Management Server (KMS) in your environment.  However not everyone has volume license keys, and when an IT Pro (or Dev) builds a lot of lab environments using their TechNet, MSDN, or MAPS licenses that is not an option.

If you hate typing and retyping product keys, here’s a trick that will make your life a little easier:

1) Navigate to the Subscriber Downloads page on your TechNet Plus, MSDN, or other site and find the operating system that you are looking for, then click Product Keys next to the desired product.

image

2) Once you have the key available (you may have to click Get a Key first) click on the clipboard icon next to that key. (you may have to allow Internet Explorer to access your clipboard).

3) Now bring up the Hyper-V Virtual Machine Connection for your virtual machine and begin installing the OS.  When you get to the screen where you would have to type in the product key, select the Clipboard option in the menu and click Type clipboard text.

image

You should see the product key being typed into the appropriate location.

image

I use this technique whenever I have lab environments to build, but it would work just as well for copying any text  from your desktop (or server) into your Hyper-V virtual machine.  It is simple and effective… just like Hyper-V!