Tim McTigue sent these to me. Something lighthearted for the weekend! Enjoy!
It had to happen. Bill Gates was eventually going to leave and in an internal company mail he outlined his career progression over the next couple of years. By mid 2008 he will move to a part time role within Microsoft, instead focusing on his foundation, the Bill and Melinda Gates Foundation.
I admire that. His foundation does excellent work around the world helping people in poverty and in situations where there are little to no health services. I admire a person who chooses to change tack and decide to make the world a little bit better.
Im not at all worried about the company. It will continue to run and succeed. With new people who have an established track record like Ray Ozzie (the founder of Lotus Notes) Im sure we will do fine. Heres to the future!
The press is rife with the news...heres one article
Im reading my usual online newsletters and I come across this one. Im reading and and its laughable!
To make statements like this saying that Open Source is "inherently" more secure is a misleading statement that needs to be backed up with fact and the facts are that both Microsoft and Open Source software have security issues and can be configured insecurely. Ive said it before and Ill say it again. The difference between a secure system and a non-secure system is how its installed and maintained. Let me clarify:
1. How you install and config it - and heres where I agree with the RedHat guy in the article - both Linux and Windows can be secure out of the box. It comes down to the system admin's knowledge of how to configure it. Basic system hardening practises need to be followed from either vendor's best practises.
2. Whether you keep up with system maintenance and patches - both platforms have roughly the same number of critical patches. Dont believe me? Look for yourself...
Now the Linux folk dont like us comparing their total stack (including the kernel with KDE, Apache etc and all the components) against our total stack. They feel its unfair I guess... The article mentions Apache so lets look at the latest version of Apache against the latest version of IIS 6.0 in Windows Server 2003.
IIS 6.0 scores a big fat zero for the number of vulnerabilities since its release. Indirectly there was 3 that while were'nt directly part of IIS 6.0, were used by IIS 6.0. So lets say 3.
How many does Apache score? Well look for yourself. Go to http://www.securityfocus.com. List for yourself how many issues there are (hint: there are lots of them)
Now Im not naive enough in coming out and saying that Microsoft has all the answers and is a shining example - but I do think we are on the right path and putting in place security that no other platform has done.
I think security is a journey in any platform whether thats Linux or Microsoft and it comes down to people process and technology working together to produce a secure system.
This morning as I was waiting to catch the shuttle bus to the conference I noticed a number of Boston Police officers having a chat next to their car. Now in Australia this would never ever happen for two reasons:
1. There isnt this many Police...well certainly not in my state - they only use Speed Cameras there to actually do all the Police work :)
2. Four Police officers in a group would mean something terrible has happened....
But what really made me laugh was the large box of Dunkin' Donuts on the bonnet of the car! Its just like the movies portray them! :)
Susan Bradley isn't happy. Shes the SBS Diva and Im sitting right next to her right now. She's found an inaccuracy in our patch release today where we state that RRAS isnt running by default on Windows Servers. She insists it is on SBS boxes...!
Went to an awesome session today by Steve Riley. It was Windows Vista System Integrity Technologies and covered everything you need to know about Vista in security protection changes. Of course he will be doing it again at TechEd Australia and NZ!
Heres the summary:
Code Integrity: Each piece of code has a hash computed and stored in a secure central location. Each time the system boots it re-computes the hash and compares against whats in the store to ensure that the code hasnt changed. This protects against malicious component replacement.
BitLocker: Similar to my previous post on BitLocker, he also covered some similar content but had some more titbits on the TPM process.
Service Profiling and Hardening: Each system service has been profiled to understand where it writes to. Each service has a token now that ensures that it can only write to those places and the target areas ACL'd with those service's token SID's. The firewall also gets involved and blocks any outbound port request except what the service has been profiled to communicate on
Mandatory Integrity Control (MIC): For the first time the ACL is not the only thing that controls access to how you interact with a process or object! Think like Bell-LaPadula...no read-up and no write-down. Modify that thought though as Bell-LaPadula deals with confidentiality not integrity. This is actually the BIBA model which essentially says you cant write to a higher level and you cant read down. Its essentially the reverse of Bell-LaPadula.
How is this applied? Each "user" object has a SID and a collection of groups that its a member of. It also now has an "authority level". Think integrity levels etc but put it into levels of low, medium, high and system.
In Vista now, irrespective of whether you have local admin access you receive a "split token". That means that around 15 core system functions are filtered out of your "main" token like SESystemTime Privilege and SeSecurity Privilege and you are changed back from a "high" level to a "medium" level. That means in order to access these higher privilege functions that run at "high" level (like SeSecurity Privilege) you need to elevate your access. Hence the UAP consent prompts, which gives you access to the rest of your token and elevates you to "high" for that function only.
Interestingly Internet Explorer runs as "low" level. Yes untrusted! Do you trust the internet? :) That means in order for you to copy and paste from IE into the clipboard you need to elevate it. The clipboard runs at medium level....after all IE is running lower than the shell!
Kinda get it? I love it!
Theres more to come!
Addendum: Made some edits to the levels to make it easier to understand.
Went to a BitLocker session today. Was a very good session with lots of details on the deployment. There was a bit of stuff I did know like the fact that it needs two partitions minimum. One is for the Active system partition that runs the boot loader etc and the other boot partition is where the encrypted Windows system files are. There was also a bunch of stuff I didnt know! A few facts are:
1. It needs a 1.5GB min system drive to start BitLocker at present
2. The partitions need to be organised as a System partition made Active and another partition for C Drive. Both must be primary partitions.
3. Both need to be formatted as NTFS
4. Only one partition can be marked as Active. That must be the smaller one.
5. It uses either AES-128 or AES-256 to encrypt the disk. Personally I think AES-256 is kinda overkill. A keyspace of 2^128 is big enough for me :)
There was lots of other bits in it too on the TPM module setup etc. Will save that for another day but we will have this session at TechEd AU and NZ!!
Well its always interesting when you catch up with people.
I ran into quite a few people today...Rocky Heckman is here...he's now just joined Microsoft.
And then I ran into Dr Neil Roodyn...hes presenting on Tablet PC and Mobility stuff I think. We will definately have him at TechEd AU and NZ.
It always amazes on the sheer size of this event. 12,000 people in total are here. The stands and the vendor showcase are huge!
Heres a bit AMD's stand...
Well as part of my TechEd AU and NZ responsibilities Im here at TechEd in Boston trying to recruit some extra speakers and liaise with them on content etc.
The city is ablaze with banners everywhere!
Monique got in on the act aswell and posed for a photo!
Andrew Coates will be coming too tomorrow but tonight is the welcome keynote...content to begin tomorrow!
Ive had this question a stack of times now...how can I get a copy of Beta 2?
If you were at Innovation 2006 you would have got one....but it sold out so we are still making them available to people. Go to:
And register there to get one!
OK..theres been lots of people asking about what TechEd AU and NZ will feature as an agenda. I think its important that at this time we show you exactly where we're up to!
Theres a couple of tracks that still arent quite finished yet - but are fairly close!
For those that saw Andrew Coates's post on the Stanski .NET list and was concerned that he only showed the tools portion...His track is just one of many tracks that has Developer content in it. This year we have deliberately mixed relevant developer and IT Pro in each track. Don't worry though about having to look in multiple places though...this year's CommNet is exactly what the US uses now (we never used this before) and we can dual code sessions to other tracks where they are relevant sessions to that track.
Heres all 10 tracks:
What do architects do anyway?
Case study: Commonwealth Bank of Australia
Patterns and Anti-Patterns for Service-Oriented Architectures
Edge Architecture: Web vNext for Architects
Pragmatic Architecture (aus only)
Microsoft Client Strategy
(cabana - aus only ) Architecting Scale: How the M2006 team built a 10,000 Request per Second site
Architecting Identity - The identity metasystem and Infocard
How to Get Your Grandmother Building Missile Defense Systems
(extra aus only) Bits to Bolts: Bridging the Gap Between the Solutions and Infrastructure Architecture
Software As a Service: The Good, the Bad and the Ugly
Capability Modelling - the case for MOTION
Architecture Panel: Web vNext
Web Service Security: Scenarios, Patterns and Implementations
Software Factories (aus only)
Putting the User Back in to SOA
Database and BI
Microsoft Office Excel 2007 and SQL Server 2005 Analysis Services Integration Explained
Corporate Performance Management on the Microsoft Business Intelligence Platform
Second Annual Business Intelligence Power Hour
Building Reporting Solutions with Reporting Services and Analysis Services
Architecting Reporting Services Report Models for Ad-hoc Reporting
SQL Server 2005 Analysis Services: Planning for the Enterprise - Scalability and Performance
Putting It Together: Moving Beyond the Basics of SQL Server 2005 Integration Services
SQL Server Always On Technologies: Choosing the Right High Availability Solution
An Inside Look At an Exciting New Addition to Visual Studio Team System (Part 1)
Methodology for Upgrading to SQL Server 2005
SQL Server Always On Technologies: Database Mirroring Best Practices and Performance Considerations
SQL Server Always On Technologies: Best Practices in Building Robust, Recoverable and Reliable Systems
Managing Semi-Structured and Unstructured Data: BLOBs, XML and FTS in SQL Server 2005
Microsoft IT: Improving Data Security by Using SQL Server 2005
SQL Server Error Handling: T-SQL, SQLCLR and Clients
SQL Server 2005: Advanced Indexing Strategies
What's new in Software Installation on Windows Vista
Softricity: Application Virtualisation
Developing Interactive Applications Using Windows Live Robots, Activities, and Alerts
Getting Started with Tablet Development
(WinFX) Developing for Windows Vista
(WinFX) Introduction to InfoCard
Making bad applications behave with Virtualisation at the desktop
Writing Gadgets for Windows SideShow
Windows Vista: Networking, Firewall, and IPsec Improvements
Why Vista is compelling for the Mobile PC
(WinFX) Windows Presentation Foundation: Introduction
Scaling out Media Center Performance in Windows Vista Ultimate Edition
Windows Vista Client Manageability
Image Engineering: Creating Your Perfect Desktop
Deploying Windows Vista: Everything You Need in One Hour
Windows Desktop Search Enterprise Solution
Modifying Applications to Run on Windows Vista
(BTS) Business Process and Integration Landscape
(WinFX) Introduction to WinFX
(BTS) BizTalk Server 2006 and Office Business Scorecard Manager 2005: Integrating Real-Time Business Activity Monitoring with the Scorecard
(BTS) Planning and Designing Enterprise Class BizTalk Server Solutions
(CS) Connected Commerce with Commerce Server 2007
(WinFX) "InfoCard": Introduction
(WinFX) Windows Communication Foundation: Introduction
(WinFX) Windows Workflow Foundation: Introduction
(BTS) BizTalk Server: Adapters for Host Systems
(BTS) Integration of BizTalk Server 2006 and Windows Workflow Foundation.
(BTS) Management, problem identification, trouble shooting, automation
(CRM) Modeling and Automating Business Processes with Microsoft CRM
(NET) .NET 2.0 to WinFX: How WCF will change the way you're developing Service Oriented solutions
(WinFX) Windows Communication Foundation: Building Secure, Reliable and Transacted Services with WCF
(WinFX) Windows Communication Foundation: Designing Bindings and Contracts
(WinFX) Windows Workflow Foundation: Building Rules-Based Workflows
(WinFX) Windows Workflow Foundation: Creating Custom Activities for Workflows
(NET) .NET Framework 2.0: Build your own Enteprise Service Bus with it
Introducing an Exciting New Addition to Visual Studio Team System
Visual Studio: Leveraging Your Visual Basic 6 Investments with VB 2005
Securing and Deploying Visual Studio 2005 Tools for Microsoft Office (VSTO) Solutions
Smart Client: Real-World ClickOnce
Visual Studio 2005 Team Foundation Server - Applying Version Control, Work Item Tracking and Team Build to Your Software Development Project
Visual Studio 2005 Team Foundation Server: Step-by-Step Migration and Adoption Planning
Using the New Windows Mobile 5.0 APIs for Application Development
Building Control Hierarchies and the Anatomy of a Super ComboBox
VSTS Performance Tools
Developing Applications That Work on Both Pocket PC and Smartphone
Protect your Applications: Defensive Strategies that Can be Applied to Applications
Sharing Assets Between the .NET Compact Framework (Windows Mobile) and the .NET Framework (Desktop Windows)
Visual C#: Tips and Tricks and Future Directions
Extending Team Foundation Server
Programming with Concurrency in .NET: Concepts, Patterns, and Best Practices.
Visual Basic: Tips, Tricks and Futures
Concurrent Development with Branching in Team Foundation Server
C++/CLI. The Best Language for Managed AND Native Development
Using Web Services to Develop Applications for Microsoft Dynamics CRM
Windows Server and Management
PowerShell: Next Generation Command Line Scripting
Systems Management Server State of the Union: Today and Tomorrow
Scripting for IT Professionals Who Can't Write Code
Demo'ing Operations Management: Today and the future
Group Policy: What's New in Windows Vista
Deploying Windows Vista Clients with Systems Management Server 2003
Service-Oriented Monitoring with Operations Manager version 3 Operations Management
Windows Vista: Remote Deployments with WDS
Deploying and Managing a Windows-Based High-Performance Compute Cluster
Password Management with Microsoft Identity Integration Server
Deploying Active Directory Federation Services
Ten Reasons to Prepare for Windows Server Code Named "Longhorn"
Active Directory Tips and Tricks
Windows Server System Reference Architecture - Virtual Environments (WSSRA-VE)
Windows Branch Office Technologies - today and tomorrow
Windows Server Code Named "Longhorn" Terminal Services: Introduction
Creating and Managing a Clustered Virtualization Environment
Messaging and Mobility
Exchange 2003 Storage Architecture and Planning
Exchange 2007 and the 2007 Microsoft Office System: Better Together
Mail That Speaks to You: Unified Messaging in Exchange 2007
Best Practices for Secure Messaging
Using Records Management Strategies to Tame Your Exchange 2007 Message Stores
Exchange 2007 Web Services: 42 APIs is Not the Answer
Exchange 2007: Deployment and Migration
Is Your Mail Server Running? Then You Better Go Out and Catch It: Exchange 2007 Backup, Availability and Disaster Recovery
Windows Mobile and Exchange Server 2003 Mobile Messaging
Building Windows Mobile Retail and Warehouse Applications
Exchange 2003: Tips, Tricks and Shortcuts
Windows Mobile Security Ecosystem Guidance
Exchange 2007: Unified Messaging Architecture and PBX Integration
Building Mobile Applications: Moving from J2ME to .NET with MapPoint
Microsoft Exchange 2007: Management Shell and Scripting
Windows Mobile Applications for People on the Run
Telephony Integration and Voice Over IP with Microsoft Office Communicator 2005
Exchange Sizing and Performance: A Look Ahead to the 64-Bit World of Exchange 2007
Infrastructure Topics in SharePoint Products and Technologies: Administrative Architecture and Planning for Deployment
Microsoft Office SharePoint Designer 2007: Create and Customise SharePoint Web Sites and Build Workflow-Enabled Applications
Document and Records Management Using 2007 Microsoft Office Server and Client Technologies
Microsoft Office Project Server 2007: Overview
Visual Studio 2005 Tools for Microsoft Office (VSTO) version 3.0: What's Coming
Microsoft Office Access 2007: Designing Collaborative Data Applications
Developing Workflows for the 2007 Microsoft Office System and Windows SharePoint Services (version 3)
Microsoft Office InfoPath 2007: Development, Deployment, and Hosting of Rich and Browser Forms
Microsoft Office Open XML Formats and Office Client Extensibility (COMBINED)
Microsoft Office Visio 2007: Building Data Visualization Solutions
Enterprise Search Technical Drilldown in Microsoft Office SharePoint Server 2007
Integrating Microsoft Office InfoPath 2007 Forms into Workflow Solutions and Business Processes
Migrating Your Content Management Server 2002 Web Sites to Microsoft Office SharePoint Server 2007
Microsoft Office Groove 2007: Enterprise Deployments
Windows SharePoint Services and Microsoft Office SharePoint Portal Server: Upgrade and Migration
PKI Enhancements in Windows Vista and Longhorn Server
Windows Vista Security Chalk Talk
Managing the Enterprise Firewall in Windows Vista
Attacker trends and techniques: an update
Account Control: Running Windows Vista with Least Privilege
Securing Content with Windows Rights Management Services
BitLocker Drive Encryption
Windows Vista Security Guide
Windows Vista Security Tidbits
Intimate Secrets of the Windows Event Log
Whats New in Microsoft Internet Security and Acceleration Server 2006
Anti-Malware Technologies in Windows Vista
Get Ready for Network Access Protection: What Everybody Needs to Know
How Your Applications are Hacked
Secure remote access and branch office deployments with ISA Server 2006
Is That Application Really Safe?
Implementing Network Access Protection: A deep dive!
Windows Vista System Integrity Technologies
IIS 6: Everything a Web Administrator Needs to Know About MOM
IIS 7: End-to-End Overview of Microsoftâ€™s New Web Application Server
IIS 7: Under the Hood for Web Request Tracing and Diagnostics
ASP.NET: Building and Deploying Web Applications with Visual Studio 2005
Developing Rich Web Applications with ASP.NET codename â€œAtlasâ€
ASP.NET: End-to-End - Building a Complete Web Application Using ASP.NET 2.0, Visual Studio 2005, and IIS 7 (Part 1)
ASP.NET: End-to-End - Building a Complete Web Application Using ASP.NET 2.0, Visual Studio 2005, and IIS 7 (Part 2)
IIS 7: Building Custom Web Server Extensions
ASP.NET: Creating High-Performance, Enterprise-Scale Web Applications Using Visual Studio 2005 Team System
ASP.NET 2.0 Tips and Tricks
Developing Data-Driven Web Applications with .NET Language Integrated Query
The Windows Live Platform: Build Applications That Have Access to 400 Million Address Books, and 13 Billion Contacts
Windows Live Search Macros â€“ Build, Share, and Use Your Own Search Engine in Seconds
Introducing Microsoft Tools for Professional Designers: An Overview of Microsoft Expression
Extending Your Reach with Microsoft Gadgets
Expression Web Designer Overview
So here it is...the TechEd bag for Australia. And finally a nice quality one!!
You can click on it and see the bigger version!
BTW - if you have any direct questions about the tracks that youre seeing on my blog please contact each track owner individually through their blogs.
Content Program Manager - Michael Kleef
For those of you that love to know where youre going....Windows Live Local now has Aussie maps that even shows you the Driving Directions!
So in my previous posts on WAIK and WDS I talked about what they offer. Call me totally sad but after having a good play with these today Im totally excited about how easy it is to deploy!
Todays goals were to setup a good test scenario and prove out how to actually do this stuff in practise. I was surprised at just how far this has come along now!
I already had a WDS Server installed. Its part of my Longhorn Server Beta 2 but for those of you that would rather do the RIS update to get it to WDS, that hotfix is provided as part of the WAIK Beta 2 kit.
To get it working follow these steps:
- Install Windows Server 2003 and RIS - hotpatch it to WDS using the hotpatch in the WAIK. Should be fairly straight forward and fast. Might need to reboot the server - cant remember whether I had to.
- You get a new management interface that has everything all in the one place!
- To get WDS working you need two different images. The first one is the WinPE boot image and can be found in boot.wim of your Vista CD. This uploads into the Boot Images area of WDS. You can put in an x86 or an x64 boot image.
- Make sure if you want to provision to x64 machines that you set in the WDS server the ability to discover processor architectures. By default its not set. Type this: wdsutil /set-server /architecturediscovery:YES
- The second image is the actual Vista image. Its in the install.wim file on your Vista CD and as you import you need to specify which SKU's you want. For example: Vista Ultimate, Vista Enterprise etc. You of course need corresponding product keys to install each one. You can also import x86 or x64 images here too.
- Once you have done those bits you need to make sure all your other prerequisites are done. This includes DHCP setup and ensuring that the pxeclient options are set in your scopes.
- Boot with a PXE client from your WDS server - it should attach and give you the ability to boot in WinPE.
- The first screen you see is the WDS Welcome screen. You follow the prompts, authenticate to the WDS if necessary and select your Vista image - it deploys quite quickly. Ive found I ca have a Vista image running in about 20 mins whereas off DVD you can add another 20 mins.
- Once your image is deployed go through and set it all up. Install any necessary drivers. Install Office 2007 Beta 2 like I did. Get it sweet :)
- Run sysprep. Its found in the c:\windows\system32\sysprep directory. Choose the options for "Generalise" which strips out machine specific information and "Setup for OOBE" which resets the machine to the Out Of Box Experience. Finally set it to Shutdown. Sysprep then whizzes away and does its thing.
- You restart the PXE client and boot back into WinPE through to the WDS welcome screen
- Press Shift and F10 - this launches a command prompt
- At this point you have two choices:
- If you want to capture the image and upload it straight into WDS then run "wdscapture.exe". This tool already exists in WinPE and is a graphical tool that allows you to select which drive you want to image, where to put it and finally allows you to upload it straight to the WDS Server!!! Its very cool!
- If you dont want to upload straight to WDS then you can do your usual "net use" commands, map drives back to the server and use imagex.exe which is your all in one image manipulation tool and use that to capture the image. Be aware though that when capturing an image you need to specify an "exclusion" list. Its to prevent errors and access denials by filtering out stuff it shouldnt be capturing. It looks like this and is in an ini file:
"system volume information"
- At this point you have a new image in your WDS store
Like I mentioned. Ill be demo'ing this at the Perth Infrastructure Group on Wednesday 31st May. Come along and see it!
Had this come through my mail - though you might be interested!
During the keynote at WinHEC we demonstrated Windows Server virtualization (hypervisor) for the first time publically.
Some of the key features we demonstrated:
* New Longhorn Server MMC UI. Windows Server virtualization takes advantage of the new MMC 3.0 capabilities to provide an elegant Windows Server experience. (No more web interface…)
* x64 virtual machine support. Windows Server virtualization provides 32-bit (x86) and 64-bit (x64) virtual machines to provide support for workloads with large memory requirements. We also said that Windows Server virtualization virtual machines will support more than 32 GB of memory per virtual machine.
* SMP virtual machines support. Windows Server virtualization provides up to 8 (no that’s not a misprint) 8-way virtual machines. .
* Hot-add virtual network adapter support. Windows Server virtualization provides support for the hot-add of virtual NICs into a virtual machine. In the demo, we showed a dual-processor x64 virtual machine running Windows Server 2003 that had no network adapters and we hot-added a NIC while the vm was running. The NIC appeared almost instantly.
* Hot-add memory support. Windows Server virtualization provides support for the hot-add of memory into a virtual machine. In the demo, we showed a quad-processor x64 virtual machine running Longhorn Server with 4 GBs of memory and we hot-added an additional 1 GB of memory taking the virtual machine to 5 GB of memory while the vm was running. The memory appeared instantly in Task Manager.
For those interested, we demonstrated the following virtual machines running concurrently on the same system:
1. Uni-proc Windows Server 2003 Standard x86
2. Uni-proc Red Hat Enterprise Linux 4
3. Dual-proc Windows Server 2003 Enterprise x64 Edition
4. Quad-proc Longhorn Server x64 Edition (Beta 2)
SQL Down Under show 16 with guest SQL Server MVP Paul Nielsen is now available for download from www.sqldownunder.com. In this episode, Paul discusses object relational vs relational databases and his upcoming Nordic framework.