Search This Blog

Wednesday, April 25, 2012

WindowsNetworking.com Monthly Newsletter of April 2012

-----------------------------------------
WindowsNetworking.com Monthly Newsletter of April 2012
Sponsored by: KEMP Technologies
<http://www.kemptechnologies.com/us/server-load-balancing-appliances/virtual-loadbalancer/vlm-download.html>
-----------------------------------------

Welcome to the WindowsNetworking.com newsletter by Debra Littlejohn Shinder <http://www.windowsnetworking.com/Deb_Shinder/>, MVP. Each month we will bring you interesting and helpful information on the world of Windows Networking. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: dshinder@windowsnetworking.com


1. Windows 8 Whole Volume Encryption: Building a Better BitLocker
---------------------------------------------------------

Microsoft introduced BitLocker in Windows Vista, and it was one of the most interesting and promising new security features, but that first version had a lot of limitations. BitLocker is a whole volume encryption solution that allows you to encrypt entire system and/or data volumes on your Windows computers running Vista, Windows 7, and Windows Server 2008 and above. It's pretty handy because you can encrypt your drives too so that anyone who obtains physical access to your computer won't be able to access your data or boot into the operating system without knowing your PIN or, depending on how you've implemented it, without inserting a USB device that contains the startup key.

Windows 8 adds several improvements to BitLocker to make it even more useful and manageable.

* Improvements in BitLocker provisioning
You can now enable BitLocker prior to installing the operation system. This enables you to encrypt the volume before installing the operating system, adding an extra measure of security. You do this from the Windows Preinstallation Environment (WinPE).

* Used Disk Space Only encryption
Prior to Windows 8, BitLocker encrypted the entire volume, including both the data and the free space. For larger drives, this could take a very long time. With Windows 8, you have the option to encrypt only the used space on the drive, which can significantly reduce the amount of time to initially provision the drive for BitLocker (depending on how full the volume is). There are also some new Group Policy settings that enable you to force encryption on fixed data drives, force encryption on operating system drives and force encryption on removable data drives, and to force the type of encryption (full encryption or used disk space only) that is to be used in each case.

* Standard User PIN and Password Change
In the past, you had to have administrative privileges to change the BitLocker PIN or password. With Windows 8, users that are not administrators of their machines will be able to change their own passwords and PINs by default. Note that there might be some security issues with this option, since users might use simple passwords and PINs. You can prevent this by setting complexity requirements for these strings. You also have the option to turn this capability off entirely through a Group Policy setting.

* Network Unlock
One of the major reasons why we don't use BitLocker on servers is because someone would have to be at the server during a reboot to enter the PIN. In even a moderately sized datacenter, this can be quite a challenge. In Windows 8 Server, the Network Unlock feature will allow those servers on the corporate network that are members of a domain to use DHCP to automatically unlock the encrypted volumes when they are on the network. This feature does require that the computer's hardware support a DHCP driver implemented in UEFI firmware.

* Support for Encrypted Hard Drives for Windows
With Windows 8, you will be able to take advantage of new encrypted hard drive technology and run Windows on it. These new hard drives use Full Disk Encryption (FDE), which encrypts every block on the disk. Performance is significantly improved because the encryption processing is done by the hard disk controller, not by the main CPU. Tight integration enables you to manage the FDE control through the BitLocker interface.

Windows 8 BitLocker is just one of the very cool new things about Windows 8! Make sure to test drive it when you install the Windows 8 client or server betas.

See you next month! - Deb.

By Debra Littlejohn Shinder, MVP
dshinder@windowsnetworking.com

=======================
Quote of the Month - College isn't the place to go for ideas. Helen Keller (1880 - 1968)
=======================


2. ISA Server 2006 Migration Guide - Order Today!
---------------------------------------------------------

Dr. Tom Shinder's best selling books on ISA Server 2000 and 2004 were the "ISA
Firewall Bibles" for thousands of ISA Firewall administrators. Dr. Tom and his
illustrious team of ISA Firewall experts now present to you, ISA Server 2006
Migration Guide
<http://www.amazon.com/exec/obidos/ASIN/1597491993/isaserver1-20/>. This book
leverages the over two years of experience Tom and his team of ISA Firewall
experts have had with ISA 2006, from beta to RTM and all the versions and builds
in between. They've logged literally 1000's of flight hours with ISA 2006 and
they have shared the Good, the Great, the Bad and the Ugly of ISA 2006 with
their no holds barred coverage of Microsoft's state of the art stateful packet
and application layer inspection firewall.

Order your copy of ISA Server 2006 Migration Guide
<http://www.amazon.com/exec/obidos/ASIN/1597491993/isaserver1-20/>. You'll be
glad you did.

3. WindowsNetworking.com Articles of Interest
---------------------------------------------------------

* Microsoft Cloud Networking Infrastructure Deployment Scenarios with Windows Server 8 (Part 1) - Traditional Datacenter
http://www.windowsnetworking.com/articles_tutorials/Microsoft-Cloud-Networking-Infrastructure-Deployment-Scenarios-Windows-Server-Part1.html

* Group Policy: Enforce vs. Enforced vs. Force
http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Enforce-vs-Enforced-vs-Force.html

* Trench Tales (Part 1) - Hardware Troubleshooting
http://www.windowsnetworking.com/articles_tutorials/Trench-Tales-Part1.html

* Server Hardware Explained (Part 7)
http://www.windowsnetworking.com/articles_tutorials/Server-Hardware-Explained-Part7.html

* 4 Hidden Wi-Fi Security Threats
http://www.windowsnetworking.com/articles_tutorials/4-Hidden-Wi-Fi-Security-Threats.html

* ServersCheck Monitoring Software - Voted WindowsNetworking.com Readers' Choice Award Winner - Network Monitoring
http://www.windowsnetworking.com/news/WindowsNetworking-Readers-Choice-Award-Network-Monitoring-ServersCheck-Monitoring-Software-Feb12.html

* New Networking Features in Windows 8 Consumer Preview (Part 1)
http://www.windowsnetworking.com/articles_tutorials/New-Networking-Features-Windows-8-Consumer-Preview-Part1.html

* Top 10 Reasons Why Group Policy Fails to Apply (Part 3)
http://www.windowsnetworking.com/articles_tutorials/Top-10-Reasons-Why-Group-Policy-Fails-to-Apply-Part3.html


4. Administrator KB Tip of the Month
---------------------------------------------------------

*Configure Static IP Addresses with Netsh Command-line Utility*

You can perform a variety of tasks using the Netsh command-line utility, including configuring the IP addresses of network adapters in Windows.

Here's how to configure a static IP address:

netsh interface ip set address "connection name" static 192.168.0.101 255.255.255.0 192.168.0.1

NOTE: The default connection names are Local Area Connection for wired adapters and Wireless Network Connection for Wi-Fi adapters. The IP address order: client IP, subnet mask, and gateway IP.

Here's how to configure the DNS addresses:

netsh interface ip add dns "connection name" 208.67.222.222
netsh interface ip add dns "connection name" 208.67.220.220 index=2

NOTE: Remember to replace the connection names and IP addresses

For more administrator tips, go to WindowsNetworking.com/WindowsTips


5. Windows Networking Tip of the Month
---------------------------------------------------------

System Center 2012 Licensing Gets Simplified

System Center 2012 has shipped and it brings with it a slew of new capabilities and design changes, such as the ability to manage a whole virtual datacenter with System Center Virtual Machine Manager (SCVMM) and the focus on easily managing a private cloud infrastructure. But features and functionality are only half the story when it comes to deploying new solutions. Another important aspect is pricing and licensing. In the past, System Center has suffered from a confusing and convoluted licensing plan with so many different price points that organizations ended up not knowing what they were going to pay for a particular configuration.

The good news is that the licensing structure has been drastically simplified, with the individual components bundled together in one of only two packages: Standard edition and Datacenter edition, with a per-CPU pricing model. Read more about it here:

http://www.informationweek.com/news/windows/microsoft_news/232400397?itc=edit_in_body_cross

6. Windows Networking Links of the Month
---------------------------------------------------------

* Windows Server 8 VDI
http://technet.microsoft.com/en-us/edge/edge-show-16-windows-server-8-vdi

* Scaling Windows 8 client to different screen sizes
http://blogs.msdn.com/b/b8/archive/2012/03/21/scaling-to-different-screens.aspx

* Getting to Know Hyper-V: A Walkthrough from Initial Setup to Common Scenarios
http://technet.microsoft.com/en-us/library/ee256064(WS.10).aspx

* What's New in Windows Server 8
http://technet.microsoft.com/en-us/library/hh831769.aspx

* How WSUS and Cluster-Aware Updating Are Affected by Windows Server 8 Beta Updates
http://social.technet.microsoft.com/wiki/contents/articles/7891.how-wsus-and-cluster-aware-updating-are-affected-by-windows-server-8-beta-updates-en-us.aspx

7. Ask Sgt. Deb
---------------------------------------------------------

QUESTION:

Hey Deb,

I'm thinking of testing out Windows Server 8 this month. I don't have a lot of time, so I'm wondering what new feature or capability should I focus on first? Got any recommendations?

Thanks! – Uli.


ANSWER:

Hi Uli,

Great question! Of course, different folks may have different opinions regarding which Windows Server 8 feature is the most interesting and impactful, but I would say that you'll get the biggest return on investment for your time if you focus on Hyper-V. Check out this list of new and improved features in the Windows Server 8 Hyper-V:

Feature/functionality New or Updated

Client Hyper-V: New
Dynamic Memory: Updated
Hyper-V module for Windows PowerShell: New
Hyper-V Replica: New
Importing of virtual machines: Updated
Live migration: Updated
Resource metering: New
Significantly increased scale and improved resiliency: Updated
Simplified authorization: New
SR-IOV: New
Storage migration: New
Storage on SMB2 file shares: New
Virtual Fibre Channel: New
Virtual hard disk format: Updated
Virtual machine snapshots: Updated
Virtual NUMA: New
Virtual switch: Updated

Wow. That's a lot of bang for the buck. Of these features, make sure you try out Hyper-V Replica, Storage migration, storage of virtual machines on SMB shares, and importing virtual machines – if your hardware supports them. Some of these features require advanced hardware.

TechGenix Sites
---------------------------------------------------------

MSExchange.org <http://www.msexchange.org/>
WindowSecurity.com <http://www.windowsecurity.com/>
ISAserver.org <http://www.isaserver.org/>
VirtualizationAdmin.com <http://www.virtualizationadmin.com/>

--
Visit the Subscription Management <http://www.techgenix.com/newsletter/>
section to unsubscribe.
WindowsNetworking.com is in no way affiliated with Microsoft Corp.
http://www.techgenix.com/advert/index.htm for sponsorship
information or contact us at advertising@windowsnetworking.com
Copyright c WindowsNetworking.com 2012. All rights reserved.

No comments: