The MOM team released a draft document outlining what to do when your RMS server installed on a cluster fails:
If your Root Management Server is installed on a cluster for some reason is wiped out here are the steps required to recover from a catastrophic disaster.
Disaster Recovery: Operations Manager 2007 Root Management Server on a Cluster
REDMOND, Wash., July 26, 2007 – During his address at Microsoft’s Financial Analyst Meeting (FAM), Jeff Raikes, president of the Microsoft Business Division, announced that
Office Communications Server 2007 and Office Communicator are code complete and will release to manufacturing (RTM) tomorrow. With this milestone and launch around the corner this fall, the Unified Communications Group is one step closer to fulfilling the UC promise and helping customers streamline business communications, increase productivity and lower costs.
PressPass spoke with Gurdeep Singh Pall, vice president of the Unified Communications Group, about the evolving unified communications industry, the return early adopters are seeing from Office Communications Server and Office Communicator and the company’s progress towards launch in the fall.
(more)
Livingston Communications just released an IT Ops Research Report today that shows
six out of 10 companies view applications changes as a leading cause of downtime. Other interesting facts:
Downtime ranked as the top IT operations challenge, with 51% of large enterprises (10,000 or more employees) selecting minimizing downtime as a top three concern in managing multi-tier applications.
The survey revealed that the average company experiences roughly 15 incidents of downtime per year.
From an industry perspective, computer-related companies (18.4) and healthcare/pharmaceutical companies (17.1) reported the most number of downtime incidents.
If you are interested in the report, visit
http://www.stacksafe.com/research and download a copy yourself.
I totally agree with
Pete:
This Excel spreadsheet, created by
Ian Blyth and reminiscent of the MOM 2005 Sizer, delivers estimated Operations Manager database size based on number of agents and estimated data transfer (which varies by the number of management packs installed, overrides in place, etc). Very useful tool in my opinion.
Database Size Estimator for Operations Manager 2007
The data returned by the tool is based on Ops Mgr operations and warehouse database growth estimates compiled by Cameron Fuller, available
HERE.
Great work Ian!
On the Microsoft Worldwide Partner Conference (WWPC), from July 10-12 in Denver, Steve Ballmer presented a
Keynote on Microsoft's Software & Services strategy and vision. The past days, his presentation was
posted to the Partner site.
Browsing the presentation, I found that the last slide had some interesting information about upcoming products. The slide is titled "FY08 and Beyond" and has a list of expected products, but also mentions:
Windows Vista SP1
Windows Server 2008 Update Release
Windows Server 2008 SP1
System Center Essentials "V2"
Microsoft TellMe
Forefront for Sharepoint "14"
Forefront for Exchange "14"
Although it does not disclose information about the products itself -- the slide title (Fiscal Year 2008 and Beyond) implies that some of these products will be out before the summer of 2008. Download the presentation below to see for yourself or
click here to see the screenshot that I took.
WWPC: Steve Ballmer's Presentation
WWPC: FY08 and Beyond
Ian Blyth writes: I was under the impression that AEM was free (certainly to SA customers) because CER was free to SA customers. But it looks like I was wrong. Mike Betts (
www.momanswers.net) posted a question in the newsgroup about it.
So I did some digging (and I did have to dig to find the document - and when I went to look for it a second time I could not find it searching on Google or Microsoft). Luckily Stefan’s blog has the link to the document.
System Center Operations Manager 2007 Licensing Brief.
It appears that if you use AEM that you still need a client license at $32 per client. Now if I had the OpsMgr agent on and was using ACS as well then the cost is taken care of. But if I am just using AEM it seems a lot for collecting some Dr Watson and Windows Error reports. I think it is a useful tool but I would find it hard to justify that level of spend.
(more)
Scott Moss writes: Useful information if you're going to be creating custom queries against the OperationsManager db Alert table or AlertView.
Resolution State
ID Resolution State
0 = New
255 = Closed
Severity Values for Alerts
0 = INFORMATIONAL
1 = WARNING
2 = CRITICAL
Example Query using OperationsManager database, this query will display all alerts that are Critical:
select * from dbo.Alert where Severity = '2'
Tarek Ismael writes: As Before in MOM 2005, you can automatic discover your server and install agents without run the wizard every time. Now in system center Operations Manager, this is not available but you can do this using Shell command. the Script can be using to run a Windows schedule task to discover and install Ops Mgr 2007 agent based on your LDAP query
param ($OpsMgrservername,$Domainname)
#Initialize the OpsMgr Provider
Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client
# Set the location to the root of the provider namespace.
cd OperationsManagerMonitoring::
#create a connection to the Management Group
New-ManagementGroupConnection $OpsMgrservername
#change the path
cd $OpsMgrservername
#configure query setting
$ldap_query = new-ldapquerydiscoverycriteria -domain $Domainname -ldapquery "(sAMAccountType=805306369)(name=*ABC*)"
#configure discovery setting
$windows_discovery_cfg = new-windowsdiscoveryconfiguration -ldapquery $ldap_query
# discoveryresults
$discovery_results = start-discovery -managementserver (get-managementserver)-windowsdiscoveryconfiguration $windows_discovery_cfg
#install Agent
install-agent -managementserver (get-managementserver) -agentmanagedcomputer $discovery_results.custommonitoringobjects
Save the file as Agentdiscoverinstall.ps1. Configure the Windows schedule task as
Powershell.exe Agentdiscoverinstall.ps1 -OpsMgrservername:localhost -Domainname:YOURDOM
Tarek Ismael writes: This issue has surfaced in the newsgroups, to solve this issue you can create a task using to change the value in the registry and restart health service on the client the registry key:
HKLM\SYSTEM\CurrentControlSet\Services\HealthService\Parameters\Management Groups\MG_ Name\MaximumQueueSizeKb
the value : "15 MB" 15360
the script as below:
HKEY_CURRENT_USER = &H80000001
strComputer = "."
Set objReg = GetObject("winmgmts:\\" & strComputer &"\root\default:StdRegProv")
strKeyPath =
"SYSTEM\CurrentControlSet\Services\HealthService\Parameters\Management Groups\MG_ Name"
ValueName = "MaximumQueueSizeKb"
dwValue = 51200
objReg.SetDWORDValue HKEY_CURRENT_USER, strKeyPath, ValueName, dwValue
Set objShell = CreateObject("WScript.Shell")
objShell.Run "%COMSPEC% /c net stop healthservice",,1
objShell.Run "%COMSPEC% /c net start healthservice",,1
The DFS Namespaces team is excited to announce upcoming support for domain-based namespaces that exceed the previous size recommendation of 5,000 folders with targets in a namespace. Starting in Windows Server 2008, you will be able to use the DFS Management snap-in to create a new domain-based namespace in one of the following modes:
- Windows 2000 Server mode provides the same functionality and scalability currently available in namespaces hosted on servers running Windows 2000 Server or Windows Server 2003.
- Windows Server 2008 mode provides increased scalability and support for access-based enumeration, which will be configurable using Dfsutil. There are now no hard limits to the size of the namespace – however, we are currently running performance tests to determine guidelines for sizing these new domain-based namespaces for practical performance considerations.
Stand-alone namespaces will also benefit from the underlying DFS Namespaces changes made in Windows Server 2008, allowing stand-alone namespaces hosted on servers running Windows Server 2008 to support access-based enumeration.
Brad Anderson, General Manager for the Microsoft Management and Solutions Division writes:
Two weeks ago we announced that the 2008s [Windows Server, SQL Server, Visual Studio] would launch in February next year, with availability staged throughout the year. We’re in the process of building the best management tools so that developers can build knowledge into their codes and it’ll automatically execute based on that knowledge and policies. Visual Studio 2005 Team System introduced developers to SDM, and we’re working with the Visual Studio team to further connect software developers with architects and IT admin via Visual Studio 2008.
For Windows Server 2008, new management packs/agents for MOM 2005 and SC Operations Manager 2007 will be available in H1. Along those lines, we’ll also have a release of System Center Configuration Manager (formerly SMS) and a second release of Virtual Machine Manager to manage virtualized workloads enabled with Windows Server Virtualization. With the release of VMM, System Center can manage the physical and virtual assets. We developed this technology as, increasingly, customers told us they want a single, unified solution for managing both. I’ve met plenty of customers with physical servers in the datacenter operating at only 15% CPU capacity. SC Virtual Machine Manager assesses and then consolidates suitable server workloads onto virtual machine host infrastructure; this frees up physical resources for repurposing or hardware retirement.
Stefan Stranger writes:
I've been asked to share the shared script mappings for the Active Directory and Exchange management packs, including script name, monitors / rules using the script, as well as object type targeted. Tables list only scripts used by more than one workflow.
Download Excel 2003 zipped copy
HERE
Download Excel 2007 zipped copy
HERE
Gabe Brown mentions on his blog that the public beta of System Center Configuration Manager is now available on Technet.
He also mentions that you can use SCCM in a virtual lab.
Visit the SCCM website on Technet
Exchange Server 2007 is more than an e-mail system. Exchange Server 2007 has several functions, from e-mail messaging, calendaring and real time collaboration to Unified Messaging. All these Exchange components must work together and several components from Exchange also rely on a lot of Windows Server components like DNS, Active Directory and IIS.
This article from MSExchange.com will show you how the new Exchange Server 2007 core services interact with other Exchange and related Windows services and which services from Exchange Server 2003 are obsolete in Exchange Server 2007.(
continue at source)
A session consists of all of the processes and other system objects that represent a single user’s logon session. These objects include all windows, desktops and windows stations. A desktop is a session-specific paged pool area and loads in the kernel memory space. This area is where session-private GUI objects are allocated from. A windows station is basically a security boundary to contain desktops and processes. So, a session may contain more than one Windows Station and each windows station can have multiple desktops.
Only one windows station is permitted to interact with the user at the console; this is called Winsta0. Under Winsta0 there are three desktops loaded: Winlogon (the logon screen), Default (the user desktop) and Disconnect. All three of these have separate logical displays, which is why your main desktop disappears if you lock the workstation. When you lock the workstation, the display switches from Default to Winlogon and there is no user interaction between the two. In Windows Vista this is even a bit more extreme. When you get a
UAC prompt for instance, it takes a screenshot of your Default desktop and then displays it dimmed out behind the UAC window in the foreground. The UAC window is part of the Secure Desktop (new for Vista and similar to the logon desktop) and will not allow you to interact with the Default desktop until you provide input.
Other windows stations exist that do not interact with the user. For example, services load under the ‘Service-0x0-3e7$’ non-interactive windows station. The exceptions to this are services that need to interact with the console user, so these load into Winsta0 instead.(
continue at source)
The new Explorer interface in
Vista does take some getting used to, especially if you’re used to zooming around Explorer in Windows XP. If you find, like I did, that the new way of doing things was actually slowing you down, here are some ways to claw back functionality.(
continue at source)
Gatineau, Microsoft's web analytics tool, looks like it is getting close to seeing the light of day. Apparently after an adChamps briefing in London, an attendee, Dave Naylor, got hold of
some Gatineau screenshots and posted them. Then
Ian Thomas, who is "responsible for bringing Microsoft's new web analytics solution, codenamed Gatineau, to market", rather than scurry about trying to get the screenshots taken down, did the right thing and just posted some good information about Gatineau, how to sign up for the alpha testing, and promising more soon.
Gatineau will allow users, once they have set up a profile and added a tracking script to their blog or website, to:
(more)
Mary Jo Foley writes:
Windows Seven now has an official ship target — 2010.
At Microsoft’s Global Exchange (MGX) annual sales conference in Orlando this week, Microsoft shared a bit more — albeit at a high level — on Windows Seven, according to a copy of a slide deck I saw that was distributed to the field sales force during the conference. Among the information shared was that Microsoft is anticipating it will take at least three years from now to get the next version of Windows client out the door.
Last time anyone got Microsoft to talk dates about Windows Seven, the next big Windows client release, a Windows exec slipped up and said something about 2009. Microsoft officials told MGX attendees that the company is currently internally planning Windows Seven. So far, the company has determined Windows Seven will come in both 32- and 64-bit flavors. No word on how many SKUs or any kind of guidance on features was provided, but Microsoft did say it would address both consumer and business segments with Windows Seven.
(more)
Pete Zerger (of
System Center Forum) has composed a checklist to use while importing the Active Directory Management Pack. Obviously, you'll still want to read the
Active Directory Management Pack Guide before importing the Management Pack, but this might be useful to jog your memory as you're going through the procedure.
Installation Checklist
Import the Active Directory Server Pack
Create a Management Pack in which to store customizations, such as overrides (for details on why, see this post)
(Optional) Import the Active Directory Client Management Pack and override the AD Client Monitoring Discovery Rule
Enable the Agent Proxy Setting on all Domain Controllers
Configure an account for Replication Monitoring (associated with the Active Directory Management Pack Account Profile)
Create a RunAs account and associate it with the AD MP Account Profile
Optional Configuration
Configure the maximum time allowed for change to replicate across a forest
Disable collection of warnings, performance data, and miscellaneous noncritical events to decrease network traffic
Enable data collection for the Replication Latency Report
Set parameters for tasks
Common Problems
Oomads not installed
Oomads 64-bit issues
Agent proxy settings enabled on all Domain Controllers
AD MP Account Profile Run As Account Password is not validated by the application when entered
The MOM product documentation team has just released the Operations Guide! The guide is a comprehensive resource that can be used to understand and use your Operations Manager 2007 implementation to your best advantage. It teaches an Operations Manager administrator what to do after successfully deploying a Management Group for the first time. The following topics are covered:
Understanding Initial Configuration
Configuring Operations Manager for Use
Deploying Agents
Processing Manual Agent Installations
Managing Management Packs
Investigating and Resolving Alerts
Changing Passwords for Operations Manager 2007 Accounts
Keeping the Core Infrastructure Healthy
Backing up the Root Management Server Encryption Key
Heartbeat and Heartbeat Failure Settings
Using Active Directory to Assign Computers to Operations Manager 2007
Identifying the Root Management Server
Removing a Management Server from a Computer
Configuring the Customer Experience Improvement Program (CEIP)
Configuring Client Monitoring
Configuring Error Reporting
Configuring Operational Data Reports
Managing Gateway Servers
Managing Web Console Servers
Managing Reporting
Backup and Recovery
Pick up your copy here:
http://download.microsoft.com/download/7/4/d/74deff5e-449f-4a6b-91dd-ffbc117869a2/OM2007_OpsGuide.doc
With the release of the Scalable Networking Pack that is included with Windows 2003 SP2, we in Exchange support have been seeing some connectivity issues once the new networking features are enabled. These new features are enabled by default and are only used if your network card driver supports them. Some of the new architectural additions that were introduced with the Scalable Networking Pack are TCP Chimney Offload, Receive-side Scaling (RSS) and NetDMA. These were introduced because of the Microsoft Scalable Networking Initiative that was designed to help reduce OS bottlenecks caused by network packet processing. More information regarding the Scalable Networking initiative can be found at
www.microsoft.com/snp.
What this is does essentially is to offload TCP/IP packet processing to the network card, thus freeing up valuable CPU cycles for your applications. The throughput increases that you can get from having these enabled are quite significant.
These two posters, originally published in the July 2007 issue of TechNet Magazine, provide a strong visual tool to aide in the understanding of various features and components of Windows Server 2008. One poster focuses exclusively on powerful new Active Directory technologies, while the other provides a technical look at a variety of new features available in Windows Server 2008 (such as Server Core, Network Access Protection, and more).
Windows Server 2008 Active Directory Components
Windows Server 2008 Feature Components
Today we're going to get started with Windows Server 2008 Server Core. First, let's talk about what the Server Core installation is (and what it is not!). Server Core is a minimal environment to run specific server roles, which reduces the maintenance and management requirements and the attack surface for those roles.
When you look at what Server Core offers, the roles available are ideal for a branch office deployment scenario where there are limited (or no) IT resources remotely and all management is centralized. So let's get started with our installation.(
continue at source)
Microsoft is spending another $50 million to pump up sales, marketing, training and other support for its Forefront line of security products, the company announced July 11 at its Worldwide Partner Conference in Denver. It's also expanding eligibility so that more partners can take advantage of the up to 30 percent additional fees that they can receive through its Security Software Advisor program.
Forefront is Microsoft's battering ram when it comes to breaking into the enterprise security market. When the Redmond, Wash. company launched the first pieces of Forefront Dec. 8, analysts such as Gartner's John Pescatore predicted that Microsoft's entrance into the market would not only cause pricing pressure, but would also give industry stalwarts like McAfee and Symantec a swift kick in the pants, innovation-wise.
Pescatore: "As a result of their work so far, we can already see Symantec and McAfee moving faster in trying to address new threats like phishing; there definitely will be pricing pressure, and it will force the rest of the market to paddle faster to stay ahead or disappear."
(more)
Eileen Brown writes:
I’ve been dipping my toe in the waters of Powershell and feeling quite good about how my knowledge is growing. But now I’ve found
this little game, I’ve realised just how little I know about PowerShell, and just how powerful this is.
Powershell: Space Invaders
Microsoft is pleased to announce the release to manufacturing of System Center Remote Operations Manager 2007, previously known as the VAP scenario using OpsMgr with Essentials! The goal of this product is to allow IT service providers to efficiently and proactively monitor, control, update and manage their mid-market customers’ distributed infrastructures from a secure remote console. The feature set in this solution includes:
Support for remote monitoring services over the internet without requiring a VPN
Customer centric service provider views and reports
Diagnostic tasks to troubleshoot problems remotely
Support for centralized update management, software distribution and software and hardware inventory
Remote control support via Remote Web Workplace
Announced: System Center Remote Operations Manager
Charlie Kindel, General Manager for Windows Home Server writes:
Woo-hoo! We did it. Today we are announcing that Windows Home Server has been released to manufacturing (RTM). We have finalized the software and now handing it off to our OEM partners. The evaluation version (with 120 day evaluation period) and the system builder version are also heading into the distribution channels and will be available in the next couple of months. French, German and Spanish versions will be finalized shortly, and OEM products will hit retail shelves this fall.
We're also excited to announce Iomega and Fujitsu-Siemens Computers (FSC) as new OEMs planning to ship Windows Home Server products later this year.
(more)
This time, we're going to take that member server and convert it into a Read Only Domain Controller (
RODC). Now you might be thinking, why on earth is Microsoft creating such a feature set? Isn't this beast a throwback to the NT read-only BDC days? Nope.
A Read Only Domain Controller (RODC) is an additional domain controller for a domain that hosts read-only partitions of the
Active Directory database. An RODC is designed primarily to be deployed in a branch office environment. Branch offices typically have relatively few users, poor physical security, relatively poor network bandwidth to a hub site, and little local IT knowledge.
RODCs address some of the problems that might be caused by branch office locations that either have no domain controller or that have a writable domain controller but not the physical security, network bandwidth, and local expertise to support it.(
continue at source)
Watch the Core Read Only DC screencast
Microsoft seems to have (quietly) released an updated version of the OpsMgr 2007 MOM 2005 Backward Compatibility MP:
Updated MOM 2005 Backwards Compatibility MP (6.0.5000.12)
Updated System Center Internal Library MP (6.0.5000.16)
Updated System Center Core Monitoring MP (6.0.5000.16)
New Backward Compatibility Threshold monitoring type using in Converted MOM 2005 MPs which exposes Threshold values as overrides
Fixes to the Backward Compatibility Cluster discovery to address problem with converted MPs that monitor clustered Applications
Fixes conversion issue with MOM 2005 Windows Service rules using wildcards to match on Service names
It think it won't be long anymore before the Clustering MP (RTM) will be released, as I know that it had a dependency on this release for proper working. Hopefully other MP's like the Exchange 2007 will also appear in the coming weeks, following this update..
OpsMgr 2007 MOM 2005 Backward Compatibility MP Update
It’s always the same story. To substantially enhance your security, you have to give up some freedom or flexibility. If your environment is like most organizations, you have a very strong desire to harden the desktop operating system in an effort to provide a more secure computing environment for your end users. IT administrators typically approach the task of securing the desktop by employing a combination of security policy settings, user permissions, file and registry access control lists (ACLs), and system service restrictions.
One common hurdle in the development of a secure desktop environment is how to mitigate the threats surrounding malicious ActiveX® controls while still providing an appropriate level of application compatibility in your environment. This has been a challenge with desktop operating systems for many years. Fortunately, the new ActiveX control Installer Service (AxIS) in Windows Vista™ addresses concerns specific to the management of ActiveX controls in corporate environments. AxIS provides a simple and manageable way for standard users, who wouldn’t ordinarily be permitted to install ActiveX controls, to install them from approved Web sites. Group Policy control over AxIS allows IT administrators to determine which controls users can install, regardless of which permissions they have.
In this article, we take a look at the administrative challenges surrounding ActiveX controls, how these issues were addressed in previous versions of Windows®, and how AxIS in Windows Vista provides a unique and efficient way to manage the installation of ActiveX controls.(
continue at source)
Jesper Johansson mentions on his blog the availability of tools for the
Windows Vista Security book that just came out.
The default
Group Policy settings for User Account Control (
UAC) leaves out one of the UAC settings: the one that controls whether a locally defined administrator gets a full or filtered token when connecting to the computer remotely. To enable that setting to be managed using Local Security Policy or Group Policy requires
a new sceregvl.inf file. The UAC chapter discusses the setting and how to use this file to add it to the security policy tools.
A tool that enables you to launch a process elevated from a command line. You run "elevate <program> [program arguments]" and it will give you the standard elevation prompt. Since much of the code is reusable I also added the ability to run a process with low integrity with almost all the privileges stripped. Many programs won't work properly that way but I thought it was a nice way to test what will happen when you run them low.
One of my favorite utilities is the cmdhere.inf tool from the Windows 2000 Resource Kit. It puts a "command prompt here" command on the context menu for folders in Windows Explorer. However, with Vista cmdhere no longer works, and if you tweak it to work you get a non-elevated command prompt. Using the elevate tool,
this little utility adds an "elevated command prompt here" item to the shortcut menu.
Windows ships with a large number of processes built-in, although many are not installed in a default installation. In some cases, it is highly interesting to know what privileges these processes have, what accounts they have in their tokens, and what the access control list (ACL) on the process itself is.
This document summarizes these parameters for a stand-alone Windows Vista Ultimate x86 system with all optional components installed. The data in the document shows a start mode for each service. This is the mode that service will have if it is installed. Some of these services are not installed by default.
Download the Privileges for Built-in Processes document
A new feature in Windows Vista makes it possible to configure international settings from the command line using an extension of the Regional and Languages Options Control Panel. For example, a network administrator may wish to mandate that all corporate computers in his international branch offices use the ISO standard date format (YYYY-MM-dd). By describing this property in an XML file, the network administrator can create script(s) to automate the configuration of the international setting(s) for any Windows Vista installation.
This command line method of configuring international settings requires Windows Vista. It is bundled into the intl.cpl binary that ships with the operating system. (
more)
Lee Desmond writes:
in Windows Server 2008, the setup of a domain controller in an Active Directory network has undergone a couple of notable changes. Let us walk through the setup of a brand new Active Directory infrastructure to illustrate this.
(
continue at source)
Jeff Guillet writes:
I do a lot of work using Remote Desktop Connections. Sure beats the old "sneaker net" days where you had to physically log into each server you needed to manage.
I'm sure you know that you can
connect to the console session using MSTSC /CONSOLE from the command line. This is helpful when you need to establish a third RDP session because the other two are in use, or when you need to install software that can only be done from the console.
One of the questions I'm asked is how to tell if you're connected via RDP to the console from the RDP session. To do this, simply open a command prompt and enter QWINSTA. You will see output similar to the screen above.
Take a look at the session ID in the example above. When you're in an RDP session to the console, the session ID will always be 0 (zero). That's all there is to it!
Download the Vista Sidebar Gadget for your computer: installing the new Sidebar Gadget is simple, just right click the download link and select "Save Target As..." unzip the downloaded file and double-click to auto-install. You will see a new Gadget appear in your sidebar instantly.
Vista sidebar gadget: 2008 Launch Wave
Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object's schema, and execute sophisticated searches that you can save and re-execute.
AD Explorer also includes the ability to save snapshots of an AD database for off-line viewing and comparisons. When you load a saved snapshot, you can navigate and explorer it as you would a live database. If you have two snapshots of an AD database you can use AD Explorer's comparison functionality to see what objects, attributes and security permissions changed between them.(
more)
Download AdExplorer (220 KB)
As you begin to evaluate the role of Internet Protocol version 6 (
IPv6) on your intranet and start planning for its deployment, you should understand how IPv6 traffic is supported over virtual private network (
VPN) connections in Windows. With VPN connections, you can extend your network to include links across public networks such as the Internet. VPN connections are protected by strong authentication protocols to validate the credentials of the connecting user, and encryption methods to provide data confidentiality.
Windows® XP and Windows Server® 2003 include an IPv6 protocol stack, but many core services and networking components do not support IPv6. Windows Vista™ and Windows Server 2008, formerly code-named "Longhorn," have full-featured support for IPv6, which is installed and enabled by default. In fact, almost all of the networking applications and services included with Windows Vista and Windows Server 2008 support IPv6. This month, I examine the support in Windows Vista, Windows Server 2008, Windows XP, and Windows Server 2003 for IPv6 traffic sent over VPN connections that are established across the Internet Protocol version 4 (IPv4) and IPv6 Internets.(
continue at source)
ADModifier is written in C#, and unlike the
ADPopulator does not require Excel to be installed on the server. As a matter of fact all that is required to run this utility is .NET 2.0 framework.
Similarly to ADPopulator ADModifier utilizes a dictionary of European names to generate random material for SN, givenName, samAccountName, userPrincipal Name. This time in order to avoid the need for Excel or other databases I simply included the dictionary right in the executable by creating two classed FirstNames and LastNames. This change helps with rapid test environment setup, where all you need to do is just drop the executable on the server. But if you need to add some additional names into your test environment you would have to modify the source code (take a look at FirstNames and LastNames classes, I am sure it will be evident how to add additional names into the mix).
ADModifer utilizes .NET config file (ADModifer.exe.config) for its configuration settings. I will go over the config file parameters in detail later in this blog.
Download ADModifier v1.0
If you want to automate the backup of sealed or unsealed MPs for disaster recovery, then this will help. This
Powershell script will initiate the Ops Mgr Console to export all un-sealed Management Packs to the specified directory. You can run this from Ops Mgr 2007 or from the OS Scheduler.
Powershell c:\export-UnSealedMP.ps1 -rootMS rms.server.local -targetFilePath ‘c:\backup\mp\’
-rootMS: Enter the FQDN of the RMS
-targetFilePath: the target path of the MP backup files
You can download the script from here
Confirming what many had expected, Microsoft announced on Tuesday that the next version of its server operating system, Windows Server 2008, won't formally launch until next year.
Microsoft said it will launch the product, which it has said will be finalized before the end of the year, at an event in Los Angeles on February 27. The company will also launch Visual Studio 2008 and Microsoft SQL Server 2008 at the same event. The company made the announcement at its Worldwide Partner Conference here.
The new operating system, formerly code-named Longhorn Server, includes the PowerShell scripting language, role-based deployment options as well as network access protection features.
It seems that Microsoft has quietly release the Operations Manager 2007 Authoring console:
Systems Center Operations Manager 2007 Documentation
Go to the download link, scroll down and select "Download" behind the line with "
OM2007_AuthConsole.exe". I am unsure which other downloads (for instance: MP guides) came available with this Download update..
UPDATE: The EXE download only shows a file called "OM2007_AuthConsole.chm" after unpacking, no sign of the real Authoring Console
I have met Kerrie Meyler and Cameron Fuller (MOM-MVP) two times in person and they are great people. They have written the "MOM 2005 Unleashed" book in the past and are currently working on an Operations Manager 2007 book.
(I believe I will be credited in that upcoming book, due to a reference to my Powershell MP backup script, which is great!)
Kerrie and Cameron co-presented an Operations Manager session on TechEd in June and were recored for Virtual Teched in the main hall. Microsoft has published that video online. Check it out to get some background on how the process of writing an Operations Manager book is:
Virtual Teched - Kerrie and Cameron.
Last week I posted a blogcast on Operations Manager 2007's ability to
create and monitor Distributed Applications.
This week, I am posting a blogcast about Operations Manager 2007 reporting. The new version has powerful reporting capabilities and I know of companies who bought OpsMgr even for that reason only! Join me in my 5 minute video to explore some features:
Techlog Blogcast: Operations Manager 2007 Reporting
Stay tuned for the next one about System Center Essentials. Also check out our
Blogcast Archive for more great product and feature demonstrations.
(more)
Announced at Microsoft’s Worldwide Partner Conference today:
"
System Center Remote Operations Manager (ROM) 2007. ROM, scheduled to RTM later this month, is a new product from the Microsoft System Center family that enables solution providers to more effectively and proactively monitor, control, update, and manage their mid-market customers’ distributed infrastructures from a secure remote console.
Specifically, Remote Operations Manager with System Center Essentials at the customer end-point:
Creates a business advantage for IT service providers by enabling them to customize monitoring policies, configure and patch customer IT environments without interrupting users or network service, and providing access to expert knowledge for managing Windows platforms, applications and workloads.
Provides increased security and reliability by establishing a single aggregate view of customer health status and quickly resolve issues when an alert is raised.
Enables the customer to transition from reactive in-house troubleshooting to proactive outsourced management; takes the burden of constant monitoring and availability off of internal IT staff, freeing them to focus on innovation and development. (more)
A customer asked me to clean up his Active Directory structure, while this is a half way solution ( AD will be a mess and inconsistent again within two weeks after the clean up). I searched for a quick and flexible tool that could help me to add new accounts, synchronising account data and deleting user accounts in Active Directory.
We already had a new naming convention. We had to find the most stable naming convention, one that didn’t affect the account name when people marry and 2 weeks later divorce ;] We decided to go with a combination of the first name and the maiden name. These never change. So directories, and login names will stay the same when people get married or divorce. SMTP aliases could be added, so the new name of a person was usable for the outside world.
We predicted the hardest part to be the handling double login names and customize alternatives. We tried several options like building a vbscript or microsofts csvde tool, but we came across a tool called “User Management Resource Administrator (UMRA)” from a dutch company Tools4ever (they make Spaceguard quota manager too). (more)
It’s official: We are now in the under-promise and over-deliver era at Microsoft.
Just when Microsoft had customers, partners and competitors all believing that it was going to delay the first service pack for Vista — not releasing a first beta of it until just before year-end — the company is set to deliver Beta 1 of Vista SP1 in mid-July.
Word (from various sources who asked not to be named) is Microsoft is gearing up to drop Vista SP1 some time the week of July 16. And despite what Microsoft seemingly led Google, the U.S. Department of Justice and other company watchers to believe, the final version of Vista SP1 is sounding like November 2007.
IE Maintenance policies are a collection of registry settings and files that can be used to configure either mandatory or default settings for IE. The IE Maintenance Extension leverages the Internet Explorer Administration Kit (IEAK) management infrastructure to configure IE. The settings for these policies are located in User Configuration\Windows Settings\Internet Explorer Maintenance. The IE Maintenance Extension uses two sets of extensions, a snap-in extension to the GPO editor (ieaksie.dll) and a Client-Side Extension (iedkcs32.dll). IE Maintenance settings can be set in two different modes, Policy mode or Preference mode. The mode setting for IE Maintenance extension settings is exclusive within a GPO - policy and preference mode settings cannot coexist in the same GPO.
Today we're going to discuss IE Group Policies. If you're unfamiliar with Group Policies, I highly recommend that you read our earlier post on the Basics of Group Policies. When dealing with IE group policies, there are two types of settings to consider - IE Maintenance and IE Administrative templates. Let's look at IE Maintenance policies first.
Trika Harms just announced that Microsoft will discontinuing their partnership with Pearson VUE for delivering their exams. Starting Augstus 31th 2007, Prometric will be the only provider for Microsoft exams. You can read the full story here. Here's an excerpt:
By working with one exam delivery partner, Microsoft Learning will be able to get more efficient--ultimately improving how things go for you when you're working on a Microsoft Certification. In my understanding, this could mean that you'll see things like faster roll-out of new testing technologies (maybe you've heard that our goal is to have simulations in every MCTS exam in the future?).
The objects in the "Network Adapter State" view, under Monitoring and Microsoft Windows Server, are all "Not Monitored" out of the box:
It seems that the Monitor called "Network Adapter Connection Health" is not enabled by default:
To change this, go to the Authoring pane and Monitors, deselect any scope, type "network adapter" in the Find box and click Find Now. Right click the monitor called "Network Adapter Connection Health and select Overrides, Override the Monitor and For all objects of type: Windows Server 2003 Network Adapter. Tick the checkbox beofre Enabled and set the Override setting to True:
In the next discovery, the state for the Network Adapters will be collected and your state view will be correctly showing the status.
For my current project, I needed to install the agents manually using a script. I had a hard time finding the parameters which I could use together with the MOMAgent.msi, but here they are for your reference:
msiexec.exe /i \\path\Directory\MOMAgent.msi /qn /l*v \logs\MOMAgent_install.log USE_SETTINGS_FROM_AD=0 MANAGEMENT_GROUP=
MANAGEMENT_SERVER_DNS= ACTIONS_USE_COMPUTER_ACCOUNT=0 ACTIONSUSER= ACTIONSDOMAIN= ACTIONSPASSWORD=
You can find additional information about deploying Operations Manager 2007 components using command line, here.
Based on feedback from previous BDD 2007 Beta Program surveys, we are pleased to announce the new Quick Start for BDD 2007 and Windows Vista Deployment Tools Overview guides. The 19-page Quick Start for BDD 2007 document walks through the entire BDD 2007 setup, image build and basic operating system deployment using lite touch installation. The 27-page Windows Vista Deployment Tools Overview provides concise descriptions of Microsoft desktop deployment tools.
Both documents are available with the BDD 2007 downloads at http://www.microsoft.com/downloads/details.aspx?FamilyId=13F05BE2-FD0E-4620-8CA6-1AAD6FC54741.
There was a question with great follow-up from Thomas Theiner from the Operations Manager product team (also affectionally known as the OpsMgr Reporting "guru") in the SCOM newsgroup (microsoft.public.opmsgr.reporting) which explains a bit more details about the function called "Configuration Changes" in the reporting functionality of Operations Manager 2007:
Q: I've noticed the yellow triangle on some of my availability reports which show a configuration change (e.g object discovered \ change in configuration). How do these get generated? Is there a monitor for them? I'm interested in being able to generate customised configuration change 'monitors' or 'rules' myself.
A: Every discovery script collects properties. These properties are compared when inserted into the Warehouse against the previous properties inserted by the same discovery. The yellow triangle appears whenever there is a delta discovered. You can easily add to this by creating your own discovery that runs on a scheduled basis. No monitors needed.
In my humble opinion, this is the real power that System Center Operations Manager 2007 provides you with! I know of many companies who are implementing Operations Manager only for its reporting capabilities..
You can now download our evaluation version of Xian Network Manager Io for Operations Manager 2007 using the link below:
http://www.jalasoft.com/jalasoftweb/jsp/products/downloads/productRequest.do?step=0&product_id=12&version_id=10
The Evaluation License provided will allow you to monitor up to 10 network devices and is valid for a period of 60 days. Additionally we suggest that you review our release notes, which you can find in the link below, before you install Xian Io in you environment.
http://www.jalasoft.com/jalasoftweb/jsp/products/xianio/XianIo-RTM-Release-notes.html
Their official Press Release for the release to manufacturing (RTM) of Xian Network Manager Io can be found in the following link:
http://www.jalasoft.com/jalasoftweb/jsp/products/xianio/XianIoRTM.jsp
A little known fact is that Virtual Server 2005 installs and works just fine on Windows Server 2008 core installations. All you need to do is to select to do a custom installation, uncheck the option for the Virtual Server Web Application and complete the installation. You will then get an installation of Virtual Server that you can manage using the COM interface or using a remote installation of the Virtual Server Web Application.
Check source for some screenshots
An Internet connection going down can be one of the most frustrating things that happen to you while you’re on the computer. I know a couple of people with unsolvable router problems or problems with their Internet connection where they get disconnected more than once per week. Even if it is just occurs once in a while, I find that many users resort to the long way to solving this problem such as:
- Restarting the computer
- Unplugging the router
- Unplugging the modem
The easiest way to repair a network connection, would only involve a few simple mouse movements and clicks.(continue at source)
I will be doing a series of blogcasts the coming weeks to highlight several features of great new (and upcoming) System Center products.
Most will be replicated from the demo's at my Technet Live presentation. The first one that I have recorded, is a blogcast about Operations Manager 2007 ability to create distributed applications:
Techlog Blogcast: Operations Manager 2007 Distributed Applications
Stay tuned for the next one about Operations Manager 2007 Reporting. Also check out our Blogcast Archive for more great product and feature demonstrations. (more)
Matt Goedtel has tipped me that the Operations Manager 2007 Backup and Recovery Guide has finally been released to the web.
This guide provides guidance on understanding how to compliment your current disaster recovery strategy in support of Operations Manager 2007. Such topics covered are:
1. Understanding what to backup and why.- covers all key components and services of Operations Manager 2007.
2. Effects of Failure - Summarizes impact to your Management Group and high-level steps in recovering that component or service.
3. How to backup and restore the OperationsManager database.
4. How to move the OperationsManager database to a different SQL Server.
5. How to backup the Root Management Server - specifically the Secure Encryption Key..
6. Backup and restoring the IIS 6.0 metabase.
7. Backup Custom Management Packs
System Center Operations Manager 2007 Backup & Recovery Guide
I just got this email from the Microsoft MVP program, showing me that I was awarded the Most Valueable Professional for the Operations Manager category as of today:
"Congratulations! We are pleased to present you with the 2007 Microsoft® MVP Award!
The Microsoft MVP Award is our way of saying thank you and to honor and support the significant contributions you make to communities worldwide. As a recipient of Microsoft’s Most Valuable Professional award, you join an elite group of technical community leaders from around the world who foster the free and objective exchange of knowledge by actively sharing your real world expertise with users and Microsoft.
Microsoft salutes all MVPs for promoting the spirit of community and enhancing people’s lives and the industry’s success everyday. To learn more about the MVP Program, visit: www.microsoft.com/mvp. Your extraordinary efforts in Windows Server System - MOM technical communities during the past year are greatly appreciated."
I want to thank everybody who has made this possible and I want to thank Microsoft for the recognition they are giving me in this area. This really gives me more then enough energy to support the System Center community even more! -- Maarten Goet
