2007 - Page 15 of 27 - markwilson.it

Using snapshots as insurance for product demonstrations

Posted on Thursday 5 July 2007Friday 6 July 2007 By Mark Wilson

This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I spent this evening at Microsoft UK, attending the inaugural Windows Server UK user group meeting. There weren’t many of us there but there was a lot of information passed around as Scotty McLeod from Perot Systems and Austin Osuide from EDS gave presentations on Windows Server 2008, Read Only Domain Controllers and Terminal Services Gateway Servers.

Based on his ability to retain technical information, it strikes me that Scotty has a brain the size of a planet and Austin quite simply oozes enthusiam (he knows his stuff too!). I intend to blog some more about the topics that were covered; however I did want to mention Austin’s technique for ensuring that his demo could complete, regardless of anything going wrong (although there wasn’t much he could do about the Microsoft Campus security closedown at 10pm). When preparing his demo, with a number of virtual machines running on VMware Workstation, Austin had also taken snapshots at key points so that he could revert to a basic system and walk through the process, or jump to any point in the demo with a partially or fully completed configuration.

Some people pray to the demo gods but it seems to me that this technical approach may be more reliable!

A look forward to Windows Server 2008

Posted on Thursday 5 July 2007Monday 9 July 2007 By Mark Wilson

This evening, I’m planning to be at the inaugural Windows Server UK user group meeting, prompting me to write up my notes from the Windows Server 2008 Technical Overview event held at Microsoft UK last month. Presented by Andy Malone from Quality Training, I’ve already given my (negative, but hopefully constructive) feedback to Microsoft on this event (so I won’t dwell here on why I thought it was so bad – although the presenter seems to think that it went rather well…) but I did at least manage to glean some information about the latest Windows Server release – what follows picks out some of the highlights.

Windows Server 2008 logo Formerly codenamed Longhorn Server, Windows Server 2008 shares a common code base with Windows Vista and, not surprisingly, Microsoft is touting it as the most secure and highest quality version of Windows ever produced.

The first change is the setup; with three distinct phases of:

Setup (product installation).
Server welcome (initial configuration) – except in upgrades.
Role configuration and management.

Whilst looking at deployment, it’s worth mentioning that remote installation services (RIS) has been replaced by Windows Deployment Services (actually, this is also available with Windows Server 2003 SP2) which, unlike ADS, supports client and server operating systems as well as multicast deployment.

Windows Server 2008 also pulls much of the administration into one console – Server Manager (which made me smile, casting my mind back to the old Windows NT Server Manager console). There are some new component concepts to get around – components are now known as roles and features but more significant is Windows Server Core, an installation option consisting of a subset of executable files and libraries, providing a small footprint for a much reduced attack surface. Offering a number of server roles, Server Core provides core functionality in either a standalone (e.g. headless) scenario or as part of a larger Windows Server infrastructure. There are no GUI tools for Server Core – management is via command line tools (local and remote), terminal services (remote) or Microsoft Management Console (MMC) snap-ins (remote). Server core is an installation-time choice (there is no option to convert to a standard installation later) and Server Core will not support application installations (such as SQL Server, Exchange Server, etc.) but I can see it being very useful for running core infrastructure (AD, DNS, DHCP, etc.) servers in a secure fashion.

Other security features (some of which are already present in Windows Vista) include support for the trusted platform module, BitLocker drive encryption, a redesigned TCP/IP stack with native support for IPv6 (alongside IPv4), the updated Windows firewall, new Group Policy settings and Windows Service hardening whereby services run in their own address space and a number of layers are used to separate the kernel, service, administration, user and low-rights program layers. Windows Server 2008 will also (finally) see Microsoft introduce network access protection (NAP).

Some network features are being removed from Windows Server: the file replication service (FRS) is replaced by remote differential compression (RDC); bandwidth allocation protocol (BAP) is out, as is X.25 support, serial line interface protocol (SLIP) support, and services for Macintosh (SFM); there are also a number of changes to routing and remote access with the removal of open shortest path first (OSPF), the basic firewall and static IP filter APIs.

Terminal Services gains new functionality too – including a version 6 of the remote desktop protocol (RDP) and:

Terminal Service Gateway – providing RDP over HTTPS support for remote access to corporate applications.
Terminal Service Remote Programs – centralised management of line of business applications on a roaming basis, integrated with Terminal Service Web Access.
Single sign-on for managed clients.

At least in the beta product, Active Directory sees a number of name changes – some of which make sense and others which seem be be inteded just to cause confusion:

Old name	New name
Active Directory	Active Directory Domain Services
Active Directory Application Mode (ADAM)	Active Directory Lightweight Directory
Windows Rights Management	Active Directory Rights Management
Windows Certificate Services	Active Directory Certificate Services
Identity Integration Feature Pack	Active Directory Metadirectory

(I fully expect at least some of these to change again before product release!)

There are some Active Directory goodies too:

Backup domain controllers (BDCs) are back! Except that now they are called read-only domain controllers (with unidirectional replication to offer credential caching and whilst increasing the physical security of remote domain controllers, e.g. in branch offices).
dcpromo.exe now supports Server Core (i.e. it will run in command line mode), uses the logged on credentials for promotion and allows the seed method to be chosen (e.g. populate from a specific server offering Active Directory domain services), enables site selection (with automatic detection), provides automatic DNS configuration (for resolvers and delegation), and allows role selection for DNS (on by default), global catalog (on by default) and read-only domain controllers.
Active Directory can be restarted without rebooting (e.g. to run ntdsutil.exe with the server online, just stopping and restarting Active Directory services).
An attribute editor is available in the Active Directory Users and Computers snap-in with advanced features enabled, avoiding the need to use the ADSIedit support tool.

Of course, Internet Information Services (IIS) gets an overhaul and the new IIS version 7 features a much-improved (MMC v3) administrative interface (as well as application and architectural enhancements). Windows Server 2008 also gains improved Unix interoperability features with authentication integration, Unix scripting and application migration tools, support for both 32 and 64-bit applications and extensions to the AD schema to support UNIX-related attributes (using LDAP as a NIS service – see RFC 2307). Clustering is also improved with a new MMC v3 management interface, enhanced infrastructure (e.g. support for graphically dispersed clusters and for GUID partition table disks in cluster storage) and improved security.

Before I wrap up, I’ll mention that there is a lot of misinformation circulating around Windows Server Virtualization (WSV). WSV is not part of Windows Server 2008 but it has been announced that it will ship as a separate product within 180 days of Windows Server 2008. Some features were recently cut from the initial release (Microsoft prefers to use the term postponed) and may make it into a future service pack or other update.

As one might guess from the name Windows Server 2008, the product looks set to be released late in 2007. Looking further out at the Windows Server roadmap, we can expect a 64-bit only “release 2” in late 2009 and the next major release in 2011. It looks to me as if there’s a lot of good features in Windows Server 2008 – watch this space to learn more just as fast as I do!

More virtualisation tools from Microsoft

Posted on Wednesday 4 July 2007Wednesday 25 July 2007 By Mark Wilson

James O’Neill has an interesting post on some of the recent developments around Microsoft’s virtualisation products and strategy.

One man’s campaign for “real” telephone numbers

Posted on Wednesday 4 July 2007Monday 9 July 2007 By Mark Wilson

Microsoft’s James O’Neill has been on a crusade for a while now, trying to educate the world (well, the UK at least), that numbers written in the format +44 (0) 1234 567890 are wrong and that the E.164 format should be used instead. Of course, James is right (he explains more in a recent blog post and Ewan Dalton illustrates the issue a little more clearly in his post on the subject) but so many numbers are written incorrectly – it’s not uncommon to see 0207 xxx xxxx (the area code is 020 and the 7 is part of the local number) – and advertising only national rate numbers (as Microsoft does on it’s UK contact page) is not good practice either (another campaign related to phone numbers is Say No to 0870).

What I found particularly interesting is James’ explanation of making a phone number appear as a link in the form of tel:+44-1234-567890 so that those with a supported dialler (like Microsoft Office Communicator) can click to dial (for further information, see RFC 3966). I’ve updated my e-mail signature now (even if it does break the corporate rules for signature formatting)… unfortunately Outlook 2003 keeps on removing the link!

Confirmation that it is possible to upgrade from a retail edition to a volume license edition of Windows Vista

Posted on Wednesday 4 July 2007 By Mark Wilson

Just before I went on holiday, I rebuilt my company-supplied notebook PC to run Windows Vista (running Linux doesn’t look too good when you work in the Microsoft Practice of a major IT company). At the time, I didn’t have any volume license media and whilst I knew that all of the retail editions were contained in a single image on the retail DVD, that doesn’t include Windows Vista Enterprise Edition. Nevertheless, I installed Windows Vista Business Edition, choosing not to supply a product key (Vista allows 30 days before activation is required). Since then, a colleague has sent me the correct media and license keys, so tonight I was ready to rebuild on Windows Vista Enterprise Edition.

I say rebuild because I didn’t expect an in-place upgrade to work but it did – “upgrading” my Windows Vista installation to a new edition was as simple as dropping in the CD and running the installer. It seemed to take a lot longer than a fresh install (understandably) but I still have my user accounts, profile and data from prior to the upgrade. So, just to confirm, it is possible to upgrade from a retail to a volume license (enterprise) edition of Windows Vista.

BT Home Hub users beware

Posted on Tuesday 3 July 2007Tuesday 3 July 2007 By Mark Wilson

I’ve just got back from a couple of weeks holiday – a rare opportunity to spend some quality time with my wife and sons. Over that time, blogging has taken a back seat – although I had taken my laptop with me it was on the basis that it was somewhere to back up the digital photos and anything remotely work-related was strictly banned… but I’m an Internet junkie and I just had to get online.

Turning on the laptop revealed weak signals from a number of free wifi providers in the area with names like “Netgear”, “Linksys” and “D-Link”. Of course, these were unsecured access points using default configurations but more worrying were the wireless networks that Windows Vista classed as security-enabled, named “BTHomeHub-xxxx“.

Available wireless networks, as reported in Windows Vista The BT Home Hub is a popular ADSL router in the UK and, although I’ve never used one, judging by what I saw WEP appears to be the default configuration (I certainly didn’t find any evidence of anybody using anything else) – BT Home Hub users should be made aware that wired equivalent privacy (WEP) is by no means secure and can be cracked very quickly, as Michael Ossmann details in his WEP dead again articles part 1 and part 2 and as Steve Gibson explained in episode 89 of the Security Now podcast (transcript).

I should stress that I did not use any of the methods that Mike or Steve describe to hack into anybody’s network but I was tempted. Next time I may even give it a try… all in the name of security research of course.

Problems copying files from a backup… restored by thinking laterally

Posted on Saturday 16 June 2007Saturday 16 June 2007 By Mark Wilson

I don’t generally talk about my work (at least not directly) on this blog but, a couple of weeks back, I moved into a new role, which is going to involve working very closely with a certain software company from Redmond (and no, it won’t have any effect on the editorial content here – nothing on this site should be interpreted as representing the views of my employer or their partners). Clearly running Red Hat Enterprise Linux on my laptop wasn’t politically correct (I might have got away with Novell Enterprise Linux) so I needed to rebuild on Windows Vista.

As many of my corporate applications still require Windows XP and IE 6, I run a domain-joined (Windows XP) virtual machine to access them. I had been using VMware Server as the host but as VMware recently sent me a license for VMware Workstation 6.0 (as a VCP benefit) I decided to use that instead following the Vista rebuild. I backed up the virtual machine files to an external disk, rebuilt on Windows (including reformatting the internal disk) got 94% of the way through the restoration of the VM and then I was presented with this message:

Error 0x80070079: The semaphore period has expired.

Not good. I was in the middle of a restore – those files were my backup and the three problem files represented 30% of the virtual disk that makes up my D: drive (i.e. my data).

I’d written the files without errors but clearly something was wrong when reading them. I thought of buying a copy of SpinRite to check that the disk was fine but, before parting with any cash, I tried reading them on another machine and thankfully they restored without any difficulty. I don’t know if the issue was with my Vista machine’s USB device drivers (the successful restore was on my wife’s Windows XP machine), a timing issue (my wife’s machine is older and the external disk was USB 1.1) or something else (like that this is a 60GB FAT32 volume and Windows has a limit of 32GB for FAT32 volume creation – as the virtual machine files totalled 36.5GB in size, maybe the three 1.99GB files that Vista couldn’t read were physically located across and after the 32GB point on the disk) but my experience goes to show that it’s worth trying another machine before giving up totally on the data.

Steve Jobs and Bill Gates at D5

Posted on Friday 15 June 2007 By Mark Wilson

I know I’m a bit late posting this, but the Steve Jobs and Bill Gates interview at the D5 conference is available for free download at the iTunes Store (audio or video). Love them or hate them, these two pioneers of the personal computing world have far more in common than the media (and the fanboys) would generally let us believe and I personally found it very interesting.

Apple WWDC ’07 highlights

Posted on Friday 15 June 2007Saturday 10 November 2007 By Mark Wilson

So, this week is Apple’s worldwide developer conference (WWDC) and I’ve been waiting to see if:

Apple will finally update the iPod (no… unless you count the iPhone… and I don’t want an iPhone – well, never say never, but it won’t be available over here for a while yet).
Apple will launch new MacBook Pros so I can pick up one of the outgoing models at a discount (yes… they actually updated the MacBook Pro just before WWDC but that new LCD display sounds so good I might have to save up for one of the new ones instead).

The video below features some of the highlights from the conference keynote including something that I personally find interesting – Apple’s decision to release Safari for Windows. Whilst this cannot be a bad thing (hey, look what competition from Firefox did to wake up Microsoft and get them to update Internet Explorer), I don’t use Safari on my Mac because so many websites don’t work with it… I can’t see that being any different under Windows; on the flip side, it may wake developers up to the presence of Safari and they might actually develop standards-compliant sites that work across all platforms (meanwhile Apple gets the advertising revenue from the search box and a foothold for application development on the Windows desktop). Regardless of the reasoning behind producing Safari for Windows, it does kind of disprove the whole “we’re really strapped for resources getting the iPhone out and that’s why we’re delaying Leopard” argument. Then again, maybe it was a rush job, as they certainly don’t look to have spent much time making sure it was secure – beta product or not, using known tools to find a flaw inside three minutes is something that Apple should have done before they released it.

I waited to publish this post in case there were some extra items to get excited about later in the week but there doesn’t seem to have been much more to shout about. A million people downloaded Safari for Windows in the first couple of days (that’s pretty good) but I heard anecdotal reports that developers felt patronised by the whole approach to third party application development for the iPhone – John Gruber sums it up on his Daring Fireball blog when he paraphrases the Apple message as “you can write great apps for the iPhone: they’re called ‘web sites'” (he also links to Michael Tsai’s interesting observation about what Steve Jobs said on iPhone application development at D5 and what he said a week or so later at WWDC). According to the MarketWatch video below, analysts and others affiliated with Apple described the keynote as disappointing.

I’ll admit that the finder needs some tweaks and that using Coverflow for documents looks very cool but as for Steve Jobs’ statement that Tiger is already better than the competition and that Leopard will further increase that lead – I just don’t get it.

Getting tactile

Posted on Thursday 14 June 2007Wednesday 19 November 2008 By Mark Wilson

Finger creating surface ripple 2007 seems to be the year of touch computing. It started at MacWorld with the Apple iPhone announcement. Then, HTC introduced a touch phone that runs Windows (before the iPhone made it to market). Now, Microsoft has come up with Surface – a table that runs Windows using a touch-screen interface to very good effect.

I’m not really sure that this is a product that’s going anywhere fast (and I’ll spare you the Bill Gates demo – the Associated Press one is less likely to send you to sleep) but Microsoft is constantly being criticised for a lack of innovation and as a concept, Surface is certainly interesting. Personally, I can’t wait. Not to have an expensive coffee table upon which to bore people with digital photos (I can already do that with the TV!) but because I can feel a return to the “Space Invaders” tabletop video games of my youth coming on!

markwilson.it

get-info -class technology | write-output > /dev/web

Year: 2007