Hyperbole, Embellishment, and Systems Administration Blog

Oct 28, 2011

Forefront Endpoint Protection becomes System Center Endpoint Protection 2012

Forefront Endpoint Protection, Microsoft’s Enterprise anti-malware suite is getting a name change, the next release will be System Center Endpoint Protection 2012 and the release candidate version is available with the System Center Configuration Manager 2012 Release Candidate software, made available earlier today. By integrating with System Center Configuration Manager 2012, administrators will be better able to deploy, monitor, and maintain anti-malware software and updates across the organization. Integration with System Center Configuration Manager 2012 will ensure a single infrastructure for client management and security. With rumours swirling about the future of Forefront Threat Management Gateway and the rebranding of the endpoint protection product, the future of the Forefront brand seems up in the air. Though it’s also fair to say that Forefront Identity Manager 2010 R2 is near release and there is currently a CEP for the product and Forefront UAG remains very popular. Find out more at the following URL: http://www.microsoft.com/en-us/server-cloud/system-center/endpoint-protection-2012.aspx...More
Oct 11, 2011

A quick intro to using DPM & Orchestrator in the private cloud

Here is a quick video introduction to a talk I did at TechED Australia on Data Protection Manager, Orchestrator and the private cloud. Also provides some advice on the need for sysadmins to become conversant in automation technologies. Also you can see how old that photo of me up in the corner is Orin Thomas, Orchestrator and DPM Follow me on twitter: @orinthomas...More
Oct 3, 2011

You may need to grok RBAC for Windows Server 2012 1

Role Based Access Control (RBAC) isn’t a fad. It’s present in products like Exchange 2010 and is available extensively in the new System Center 2012 suite of products. In a nutshell, RBAC differs from the traditional administrative model which was “this is the specific set of powers you have over all objects in the domain”. With RBAC you have a set of specific powers, but those powers have a limited scope. I’m wildly speculating that one of the big changes that’s coming down the pipe with the release of Windows Server ‘8’ (I still think it will be called Windows Server 2012) will be the introduction of a greater RBAC structure for Windows Server and Active Directory administration. The signs are partly there. We know that there is a massive increase in the number of PowerShell cmdlets available to administrators in the next release of Windows Server. It isn’t too long a bow to draw to assume that the structure of RBAC in Exchange 2010 (where you grant the use of specific cmdlets and parameters over a scope of specific Exchange objects) could work with Windows Server 2012. There will probably be the traditional Domain Admins and Enterprise Admins groups, but I’m also wildly speculating that you’ll have the ability to create management roles and scopes, being able to simply and easily create administrative groups that have more defined privileges over specific scopes than the current super powered mega groups. While you can sort of do this already using the delegation of control wizard, using the Exchange model of collecting cmdlets and parameters for the “what you can do” and object scopes for the “where you can do it” would provide substantially more flexibility than the current “this is the list of tasks you can delegate over this AD object and all its children” of the current system. With RBAC in Windows Server 8, it will be possible to create administrative groups that are tailored to individual job roles, rather than Superman level groups that allow you to...More
Sep 18, 2011

Windows 7 Drivers seem to work with Windows 8 1

As far as I can tell, Windows 7 drivers work with Windows 8. When I configured dual boot on my ASUS EP121 touchscreen tablet, any drivers that weren’t immediately detected by the Windows 8 developer preview could be installed by pointing Device Manager at the C:\Windows\System32\DriverStore volume on the Windows 7 partition. For those that don’t know about it, Windows 7 stores all the driver files in this particular directory. If you ever need to install Windows 7 again and don’t want to track down obscure drivers, just make sure that you have a backup of this directory. That way you can point the new installation at the backup if there are any drivers you can’t track down. This seems to work as well with the Windows 8 developer preview. If you’re concerned that you might have a device that does not have a supported driver in Windows 8, just point Device Manager at the Windows 7 driver. So far it has worked well with all the devices I’ve thrown at it. You can access Device Manager on Windows 8 by opening the Control Panel item on the Start Menu, clicking on More Settings, and then opening the Device Manager item (if you can’t see it, change your view to Small or Large Icons). Right click on the item that doesn’t have a driver installed, click on Update Driver Software and then click on “Browse My Computer For Driver Software”. Enter the path to the DriverStore directory (usually c:\windows\system32\driverstore – but that might be a different volume if you have a dual boot configuration) and off you go! Follow me on twitter: @orinthomas...More
Sep 17, 2011

Removing the Windows Server 2012 GUI component (and adding it back) in less than 2 minutes

Windows Server 8 (or Windows Server 2012 which is another possible name at release) allows you to remove the server graphical component (or to add it to a server that has had that component removed). At BUILD it was announced that it is possible to convert between the Server Core version of Windows Server 8 and the typical version. This is very different from Windows Server 2008 / 2008 R2 where switching between server core and traditional involves a complete reinstall. Below is a screencast I created showing the removal and addition of the server GUI component on Windows Server 8. Follow me on twitter: @orinthomas...More
Sep 15, 2011

Installing and Introducing Windows Server 2012 Roles/Features in a 210 sec screencast

Windows Server 2012 developer preview is available to MSDN subscribers, so I felt that I should download it, install it in a VM and have a look at the available roles and features as well as the new interface. The screencast shows the installation, new Server Manager console, new Task Manager and the Windows Server 8 Start Menu.   Seems to be the biggest revision to the Server UI since the change from NT 3.51 to NT 4!     Follow me on twitter: @orinthomas...More
Sep 15, 2011

Becoming un-confused about Hyper-V, Windows 8, and SLAT.

When I heard that Hyper-V would run on Windows 8 Client, I was excited. I have several computers that are less than a year old that are quite powerful that I have to boot into Windows Server 2008 R2 if I want to use with Hyper-V virtual machines.   My excitement recently turned to dismay when I learned that if you want to use Hyper-V on Windows 8, you have to have a processor that supports “Second Level Address Translation” (SLAT) in a recent post on bringing Hyper-V to Windows 8 posted on the Building Windows 8 blog: http://blogs.msdn.com/b/b8/archive/2011/09/07/bringing-hyper-v-to-windows-8.aspx   At first I thought “hey, my main virtual machine hosts are pretty new, high end systems with Core I7 processors, - they’ll have this feature”. I downloaded the sysinternals coreinfo utility from the following location http://technet.microsoft.com/en-us/sysinternals/cc835722.aspx and ran it on all of the computers I own to check if SLAT was supported.   No luck. At least according to the Sysinternals Tool that said that EPT wasn’t supported on my CPU.   Wikipedia, on the other hand, suggest that EPT (Intel’s name for SLAT) *is* supported on these processors   Flummoxed I realized what I was doing wrong. I was running CoreInfo on from Windows Server 2008 R2, which also had the Hyper-V role installed. I rebooted into Windows 7, ran coreinfo again and found that my processor did support SLAT even though a few seconds before it did not appear to.   Follow me on twitter: @orinthomas...More
Sep 14, 2011

Installing and running normal applications on Windows 8

The new style of Windows 8 has a few people flummoxed when it comes to the question “so how do I install and run a normal application like I would on Windows 7, XP, or Vista when Windows 8 has all that Metro stuff that doesn’t really make sense to me yet”   Rather than try and describe it, it’s easier to show you. So I recorded another quick screencast that shows me installing and running one of my favorite applications, EverNote.     Follow me on twitter: @orinthomas...More
Sep 14, 2011

Windows 8 Dual Boot Screencast

I put together a quick screencast in Camtasia Studio, showing how you can take an existing Windows 7 installation and configure it to dual boot with the new developer preview of Windows 8.   Key fact learned – that the special developer preview, that includes all the Visual Studio Express stuff from Build 2011 comes in at around 15 GB of usage.   Screencast last 2.5 minutes and shows the entire Windows 8 installation process, including the touch boot selection menu.     Follow me on twitter: @orinthomas...More
Sep 10, 2011

Simplifying end user client data recovery with DPM 2010

One of the hidden gems of System Center Data Protection Manager 2010 is end user recovery of client data. With DPM 2010 you can configure client data backup protection in a “set and forget” method. Client data is automatically backed up to the DPM server whenever the client is able to connect, and is able to be backed up locally when the client is in a disconnected state. As you’ll see in the video below, DPM client end user recovery allows a user to restore data to a new computer from a computer that was previously backed up. This makes system replacements a breeze. It also means that if a user is using multiple computers, they can transfer data easily by recovering data that was backed up on one computer to another. The video is narrated and less than 2 mins in length. When you watch it, you’ll understand what a powerful and simple tool DPM is when it comes to protecting the data on your organization’s client computers. Follow me on twitter: @orinthomas...More
Sep 5, 2011

Configuring a System Center DPM 2010 Client Protection Group

You might not be aware of it, but a recent Gartner report found that up to 60% of an organization’s data, on average, is stored on client computers. Given how often people tend to back up their own data, not dealing with client computers can leave a massive hole in any organization’s data protection strategy. DPM 2010 allows you to create specific protection groups to protect client, rather than server data. In the video below I take you through the process of creating a client specific protection group in DPM 2010. In a later video I’ll show how end users can perform recovery of their own data through DPM. Follow me on twitter @orinthomas...More
Sep 2, 2011

New DPM 2012 UI in 76 seconds - 02 Sep 2011

System Center Data Protection Manager went into public beta on Friday. You can get the beta at the following link: http://blogs.technet.com/b/systemcenter/archive/2011/08/31/system-center-data-protection-manager-2012-beta-released.aspx In the following quick (76 second) video, I go through some of the changes in the new DPM 2012 UI. In a nutshell, the UI has been improved so that data protection and recovery tasks can be completed with a minimum of clicking. Experienced System Center admins will also notice that the UI conforms to the existing System Center UI paradigm, allowing a common layout to be used across all 2012 System Center products. DPM 2012 in 74 seconds Follow me on twiter @orinthomas...More
Aug 25, 2011

Continuous Partial Attention and Technology Conference Sessions.

Go to a technology conference today and you will see that technology has substantially changed the way that delegates pay attention within sessions. The first time I presented at TechED it was a rarity to see anyone in the audience using a laptop when you were presenting a session.  This made sense as laptop battery lifetime was at best a couple of hours and if you were spending the whole day at a conference, you couldn’t use the laptop for more than a session or two before draining the battery. Today when I present, or watch others present, almost everyone is tapping away at a laptop, fiddling with a tablet, or interacting with their phone. This happens even when the speaker is awesome, so isn’t just a matter of poor speakers and bored delegates. Even when the most dynamic presenter is on stage, and the attendees have paid great money to hear insightful expositions of complex technologies, most can’t go more than a few minutes without opening up some gadget, checking their e-mail, or interacting with their social media stream. Whereas a presenter 5 years ago could be relatively assured of appearing to have the majority of the audience’s undivided attention, today at best they are getting the what has been termed as the audience’s “Continuous Partial Attention.” http://en.wikipedia.org/wiki/Continuous_Partial_Attention. To quote Steven Johnson “[Continuous partial attention] … usually involves skimming the surface of incoming data, picking out the relevant details, and moving on to the next stream. You’re paying attention, but only partially.” Delegates are still following what’s been said and consuming the information that’s being presented, they just don’t have to use their complete attention to do so. Continuous partial attention differs from multitasking in that the process is ongoing rather than episodic. Multitasking is about being more efficient by doing multiple tasks that require little in the way of cognitive processing. For ex...More
Aug 22, 2011

Systems Administration is the art of operationalizing pessimism

If something can go wrong, it will go wrong. Usually at about 4.50pm on a Friday afternoon when you’ve got reservations for a meal at a nice restaurant with your partner at 7pm. Even more likely if you’ve organized a baby sitter for the evening. Nothing attracts bad luck like the possibility of extreme inconvenience. It’s at this time that the whole idea of the “Cloud” sounds awesome - because surely if you used the “Cloud” you wouldn’t have some storage array on the SAN in your datacenter try to chew itself to pieces in some sort of bizarre late Friday afternoon suicide ritual. Well it might happen - but that’s the “Cloud’s Problem” and wouldn’t be yours. Perhaps infrastructure outsourcing is a more direct method of redirecting bad systems karma to another team of geeks. I’m not sure how superstitious most systems administrators are, but I’m definitely one who assumes if that someone says “it can’t get any worse than this” then odds are that the universe is going to find a way to prove that statement incorrect. Systems Administration is the art of operationalizing pessimism. You think up ways that stuff can go wrong and you then come up with work arounds. You back up data so that in the event that it becomes corrupted or the disk hosing it fails, you’ve got a work around. You use clustered servers so that if one server fails spectacularly, you’ve got another server there to take the load. You use redundant networks so that if one switch or router decides to fry its internal electronics, you’ve got another one that will quietly keep the packets flowing. But you don’t need to cluster everything and you don’t need redundant networks everywhere. In some places you’ll be fine with the downtime it takes to pull a spare bit of network hardware out of storage and replace it, rather than spending money so that each piece of network hardware has a failover. You don’t need to host every SQL Server database on a failover cluster. In a lot of situations, just using replica...More
Aug 18, 2011

DPM Client Protection Poem

The following is a little poem I used to open my DPM client protection talk. Someone asked me to post it and I figured that the Windows IT Pro blogs didn’t get enough poetry related to System Center ;-)   --   Have you ever stopped to wonder, where corporate data resides On servers, on file shares, on laptops it hides. Business critical information, data your organization needs Sprouting in locations inaccessible to backup it breeds.   Data that users might work on, but never remember to save When their hard disk goes crash, the situation is grave. These mission critical documents, at risk once again, If only someone smart had deployed System Center D.P.M   So how much will your company need, to ensure that laptop data’s not lost The good news is if you have ECALs, is that DPM’s no extra cost. So autodeploy DPM to clients, with an opsmanager management pack You’ll protect servers and clients, you’ll protect the whole stack....More
Aug 4, 2011

Mike Resseler and Orin Thomas debate Consumerization of IT

Mike Resseler, System Center DPM MVP and Senior Technical Consultant for Infront Consulting Group Belgium and I have been discussing over twitter whether consumerization of IT is likely to be a growing trend in future. Microsoft has a page on the consumerization of IT here: http://www.microsoft.com/windows/consumerization/default.aspx We thought that it might be interesting to have a written debate about the issue. Here is the result of that debate: Orin: I suppose we need to start with some definitions. Consumerization of IT is a way of labeling the trend of people increasingly using their own phones/tablets/and computers to perform work related tasks. While people have always taken work home with them, the consumerization of IT is something beyond allowing them VPN access from their home computer (or dial-up access as it was a decade or so ago). I think that the consumerization of IT was more of a growing trend back before the beginning of the “Great Recession” when people were more likely to purchase computer hardware that might have been more powerful than the hardware provided to them by their workplace. For example, someone buys themselves a brand new laptop and they’d rather bring that into the office and work on that than the older, less capable, computer that they are given by the company. Now oddly enough I’ve always been a part of that trend. When I’ve been working as a trainer or as a systems administrator, I’ve always had my own gear with me. That’s because I’m a gadget geek and have always had pretty good portable systems. However, even when I’ve worked with other geeks, I’ve found that my choice was the exception rather than the rule. Except for me, my fellow trainers, all geeks, at a company I recently worked for, chose to use the laptop computers allocated to them by the company rather than purchase their own computer. I used my own computer because I needed more RAM than the SOE laptops, and that I also would come in early and work at writin...More
Aug 3, 2011

Leverage Service Manager to allow end users to trigger Orchestrator runbooks

While you can think of System Center Orchestrator as the glue that binds the System Center suite together, System Center Service Manager (SCSM), especially with the upcoming 2012 release previewed at places like MMS and TechED, increasingly seems to be the front end that makes it straightforward enough that Joel from Marketing can initiate Orchestrator Runbooks. SCSM is one of those Microsoft products that most administrators aren’t aware of. If they know anything about it at all, it’s that it is some sort of service desk solution, something like Remedy. The current version of SCSM has a reputation that is shared by many first release products. That the product does some interesting things, but it needs to spend a bit more time in the oven before it finds itself more widely adopted. SCSM can do some very interesting things - primarily because it’s designed to fully integrate with other products in the System Center suite. It’s this integration, these synergies between management products, that lead me to believe that in the next few years we’ll see SCSM getting a lot more attention. Why do I think that? Let me come back to Orchestrator. For those not up-to-date on their Orchestrator nomenclature, a runbook is a set of automated tasks that administrators can put together. It’s sort of like writing a script, but instead of doing it all in PowerShell, you use a drag and drop interface to link specific tasks together. Administrators who have the sort of enthusiasm for scripting that a 4 year old boy has for cabbage can put together automated processes in less time than it takes to explain what the term “Declarative Provisioning” means to anyone who is buzzword aphasic . When you build a runbook, you draw these tasks together from Orchestrator IP. An IP is a collection of product specific tasks. Depending on the IP, one task might be to get Data Protection Manager (DPM) to go and protect a specific data source, another task might be to create a new VM from a template...More
Jul 29, 2011

Why System Center 2012 could be as important to your career as Windows Server 2012 1

You’re probably peripherally aware that more and more details about Windows Server “8” are leaking out of Redmond. But Windows Server “8” isn’t the only news out of Redmond to which you should be paying attention. You should also keep an eye on the System Center 2012 suit as this suite promises to be as important, if not more important, to your career. The reasoning behind it is as follows. It’s all down to economics. The most expensive part of an organization’s IT infrastructure is not the software licensing, not the electricity, and not the hardware. The most expensive part of an organization’s IT infrastructure is the cost of the people who manage that infrastructure. System Center 2012 is as important to your career as Windows Server “8” because it provides you with a comprehensive set of tools that allows you to manage a greater number of servers, applications, and desktops. The administrator who knows how to fully leverage Configuration Manager, Operations Manager, Virtual Machine Manager, Data Protection Manager and Orchestrator is able to manage a far larger IT infrastructure than and administrator who only knows the ins-and-outs of a server operating system like Windows Server “8”. An Administrator who knows System Center backward provides more bang for the buck for an organization than an Administrator who is ignorant of these technologies. While there are products out there that do the same things as individual components of the System Center stack, there are two substantial advantages to using system center products: · Each system center product is specifically designed to work with the other system center products. Configuration Manager is designed to work with Operations Manager, Orchestrator, Service Manager, Virtual Machine Manager, and Data Protection Manager. · System Center is designed specifically to support Microsoft workloads. The 2012 revision of the System Center suite is designed not only to support Microsoft applications running on Mic...More
Jul 27, 2011

Why you should get on theOps Manager 2012 CEP - 27 Jul 2011

The Operations Manager 2012 Community Evaluation Program (CEP) is still open for applicants. CEPs involve regular hour long meetings where the product team takes you through the features of the new product and gives you access to a special form where any questions you have about the product will be answered. If you want to get a guided tour of all the new features of Operations Manager 2012 before the product releases next year, you should get involved with the Ops Mgr CEP. The initial topic list involves the following: Deploying Ops Mgr 2012 and upgrading from Ops Mgr 2007 R2. Presented by Rob Kuehfus and Nishtha Soni RMS Removal and Pooling.Presented by Rob Kuehfus and Nishtha Soni Configuration Service. Presented by Vitaly Filimonov Dashboard visualization with widgets, alerts, performance metrics and state. Presented by Ake Pettersson and Dale Koetke Performance and Reliability driven SLAs with Application Performance Management. Presented by Michael Guthrie Network Monitoring. Presented by Vishnu Nath Cross Platform – JEE & Unix/Linux (tomcat, websphere, apache, jbos). Presented by Peiron Liu and Kris Bash You can sign up for the Ops Mgr 2012 CEP through the following page https://connect.microsoft.com/site1211...More
Jul 19, 2011

Operations Manager 2012 Beta Available 1

The System Center Operations Manager 2012 beta is available now for download from Microsoft’s website. Operations Manager 2012 will be a substantial piece in any systems management strategy. A Community Evaluation Program is for the product is set to launch in the next few weeks. All of Microsoft’s System Center products will have 2012 editions, with betas for Orchestrator, Virtual Machine Manager, and Configuration Manager 2012 already released and betas for Data Protection Manager and Service Manager coming sometime in the next few months.   Operations Manager 2012 offers the following new features: Application performance monitoring and diagnostics for .NET applications JEE application health monitoring The ability to monitor heterogeneous environments Integrated network device alerts and monitoring Streamlined management infrastructure You can find out more about Operations Manager 2012 at the Operations Manager 2012 beta page. You can download the beta from the following location:  http://www.microsoft.com/download/en/details.aspx?id=26804...More
What's Hyperbole, Embellishment, and Systems Administration Blog?

IT pro Orin Thomas provides true tales, snafus, news, and urban legends for Microsoft Windows system administrators.


Orin Thomas

Orin Thomas is a contributing editor for Windows IT Pro and a Windows Security MVP. He has authored or coauthored more than thirty books for Microsoft Press, founded the Melbourne System Center,...
Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×