Internet Explorer 8: better and safer surfing experience

With the release of Internet Explorer 8, Microsoft enhance IE surfing capability to new height. Its safer, better and it’s free to update for entire Microsoft community.

Accelerators: The new Accelerators in Internet Explorer 8 help users quickly perform your everyday browsing tasks without navigating to other websites to get things done. Simply highlight text from any webpage, and then click on the blue Accelerator icon that appears above your selection to obtain driving directions, translate and define words, email content to others, search with ease, and more.

InPrivate Browsing: Searching jobs at work or doing something different before wife yale on you. Its easy now. Just open IE8>Safety>Inprivate browsing. Don’t forget to close it once finish. All cookies, history will automatically be deleted. So no trace of cheating.

Web Slices: Web slice is nothing but a slice of web added into browser. Keeping you up-to-date with sports, weather etc. Using Web Slices, you can keep up with frequently updated sites directly from the new Favorites Bar. If a Web Slice is available on a page, a green Web Slices icon will appear in the upper-right hand corner of the browser. Click on this icon to easily subscribe and add the Web Slices to the Favorites Bar so you can keep track of that “slice” of the web.

Filter and Web Check: IE8 checks every website whether it is genuine and safe or not. Open IE8>Tools>SmartScreen Filter>Check this web site. If you turn on automatic check it will check itself. Malware detection software will download and install while downloading IE8. It protect you from malware, phishing websites and unsafe web sites. IE8 can check digital certificate i.e. whether specific web site got credible digital signature from VeriSign, e-trust etc.

Further Study:

Know your browser

IE addons and personalization

Download IE8

IE8 deployment guide for Techie

Windows 7: L2TP IPSec VPN dialler

Open control panel>network and sharing centre>setup a new network connection

Select use my Internet connection (VPN)

 

Type IP Address of VPN server and VPN dialler name

Type user name and password, domain optional

 

skip connection at this time.

Network and sharing centre>connect to a network>dial up and VPN> right click>property

 

Click on advanced settings>use certificate for authentication

 

Click on connect.

 

Keywords: L2TP VPN, AD CS, VPN dialler.

How to create answer file for windows 7 WDS client

Download and install Windows 7 AIK on admin PC or WDS server

Open windows system image manager>File>New Answer File>Yes

Browse>select install.wim file>yes

Now modify according to your need. you may delete unnecessary catalogs. If you are using existing image then you don’t need to use create partition option. Modify partition is ok. You must keep join domain catalog.  Also it doesn’t hurt anybody if you mention product key. Don’t mention domain credential in log in catalog then it will not ask domain credential after pressing F12. It’s unsafe. Now save this file in WDS server in WDS_unattended folder. 

You may also create answer file using sample answer file provided in %WINDIR%\program files\Windows AIK>Samples. In this case, don’t modify original. Copy original and paste>rename>modify and use it.

Now, Systems Admin can

Deploy Windows 7 using Microsoft Deployment Toolkit 2010……..Life is easy for Systems Admin

Have you added drivers after riprep in Windows 2003 RIS? Moreover, you prepared master pc, patched up, installed application and waited hours to do riprep. If you forgot to add a patch or application then gotcha!! Redo the whole thing again. I bet, you been through all these. That’s over now.

Microsoft Deployment Toolkit 2010 (MDT 2010) is a comprehensive tool that makes Windows 7 and windows Server 2008 deployment easy. I would say it made my life more comfortable when I deployed Windows 7. You will not go through all the hassles you did while adding drivers and applications in a deployable reprip image in RIS server. It’s more fun with Windows Deployment Services, windows 7 Automated Installation Kit and MDT 2010. Cheers to Microsoft. You can fully automate desktop and server deployment using Microsoft Deployment Toolkit 2010.

MDT provides you with the following benefits:

• common deployment console for desktop and server deployment
• Reduced deployment time and standardized desktop and server images
• Fully automated Zero Touch Installation
• Access from anywhere i.e. WDS server, DFS shares, Admin PC or organisation wide
• Manage drivers, operating systems, applications, packages and tasks
• Automate using Windows PowerShell command.
• Choose x86 or x64 depending on host hardware and OS
• Build ISO image or WIM file

Systems Requirement:

Windows Server 2008

Windows Deployment Services

Windows Automated Installation Kit for Windows 7

Windows 7 DVD/source

Microsoft Deployment Toolkit 2010

Working with MDT 2010:

Download and install Windows  AIK and MDT in admin pc. Create two shared folder, copy all source files (windows 7, drivers and applications) in one folder and another for WIM and ISO that will be created by MDT. Now follow the screen shots.

Step1: Prepare MDT

Step2: Add Windows 7 Source files

For this article, I kept only Business Edition and remove other versions.

Step3: Add Applications like Office 2007, Adobe, Antivirus

Step4: Add drivers. for this article I added Intel DQ35JOE drivers

Step5:Create task. Here you have the option to create ISO or WIM file for WDS.

 

Step6: Run Update

Once update finish, you can use boot disk ISO. If you select sysprep and capture without selecting standard client task sequesnce you can create WIM file, then you can directly insert into WDS server and deploy.

I found MDT is very handy and smarter tools for systems administrator. I would recommend to create a testbed before going for full deployment. Then you will have the flexibility to get desired image.

How to deploy custom windows 7 using windows deployment services (WDS) 2008

Prerequisite:

1. Windows 2008 Active Directory, DNS and DHCP
2. Download Windows Automated Installation Kit (WAIK) and installed in WDS server.
3. Windows 7 DVD

Step1 Install WDS in Windows 2008 Server. Navigate to Start > All Programs > Administrative Tools >Manage Server>Expand Roles>add new role

Follow screen shot

Step2 Install WAIK in WDS server, In windows 2008, you don’t need to install .net framework 2.0. Its inbuilt. Insert WAIK DVD in WDS server and install WAIK. nothing special, install as you install an ordinary application. 

Step3 Configure WDS Server. Navigate to Start > All Programs > Administrative Tools > Windows Deployment Services. Expand Server and right click [sever name] and click Configure Server. Click Next to start the Wizard. Check the Path (I used e:\Remoteinstall, avoid boot partition if possible). For DHCP Options 60 Check both “Do not listen on Port 67″ and “Configure DHCP option 60 to “PXE Client” and Click Next. For PXE Server Initial Settings select “Respond to all (known and unknown) client computers” and click Finish

Check both “Do not listen to port 67” and “Configure DHCP option 60 to PXE Client” option if DHCP and WDS has been configured in same Server

on WDS console expand Servers, right click on WDS server, navigate to property. Click network settings>check obtain IP address from DHCP

 

Now add winpe.wim image in WDS. WDS>right click on boot image>Add boot image>Browse and navigate to C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE.WIM  Name this image as “Capture Image”

 

add boot.wim image in WDS. Now insert windows 7 DVD in WDS server’s dvd rom.  WDS>right click on boot image>Add boot image>Browse and navigate to D:\sources\boot.WIM  (d:\ is dvd rom drive) Name this image as “Deploy Image”

 

to add x64 bit winpe.wim in boot image, WDS>right click on boot image>Add boot image>Browse and navigate to C:\Program Files\Windows AIK\Tools\PETools\amd64\WinPE.WIM and add this image. 

  

Now make image group in WDS.

 

 Step4 Install Windows 7, prepare it by installing desired application. Log on to Windows 7 computer as an administrator. Navigate to c:\windows\system32\sysprep and Run sysprep.exe /oobe /generalize /reboot  from command prompt. be careful of this reboot to capture the image, if not you will need to re-do Sysprep. Press F12 to initiate a session the WDS Server. Select capture Image option.

    

On command prompt as shown above screen, type WDSCapture and hit enter key.

Upload image to WDS server, click on connect, provide credentials if required, select Image group and name it.

Once image capture is done. navigate to WDS console>Image group>right click on windows7 image>property>check allow image to install in unattended mode>select file> browse and navigate to unattended xml file prepared using WAIK.

 

Step5  to deploy this image boot similar workstation and press F12 to PXE boot. Select deploy image option>select group>select image.

How to configure Microsoft Radius Server (IAS) for Macintosh OSX 10.5, Windows 7 and windows XP Pro client

Internet Authentication Service (IAS) is the Remote Authentication Dial-in User Service (RADIUS) server in Windows Server 2003 family. As a RADIUS server, IAS performs centralized connection authentication, authorization, and accounting for many types of network access, including wireless and virtual private network (VPN) connections. As a RADIUS proxy, IAS forwards authentication and accounting messages to other RADIUS servers. A RADIUS client (typically an access server such as a dial-up server, VPN server, or wireless access point) sends user credentials and connection parameter information in the form of a RADIUS message to a RADIUS server. Microsoft Radius supports Windows 7, Windows XP SP2 and Mac OSX clients. This article provided an overview of Microsoft RADIUS and PEAP security and described how RADIUS security are implemented and deployed in IT infrastructure.

Prerequisite : Microsoft Active Directory, DNS, DHCP and Certificate Server, Cisco 1200 series wireless AP, MAC OSX 10.5, Windows XP Pro/Windows 7.

AAA Infrastructure:

Aunthentication: Microsoft Active Directory, Authorization: Microsoft Radius (IAS), Accounting: Microsoft Radius (IAS)

Security Measures: PEAP and Shared Secret

Encryption: MSCHAPv2 

Configure IAS

Make sure all prerequisites mentioned above are ready and working. Install windows server and make it a member of Microsoft Active Directory domain.

Install machine certificate i.e. computer certificate in this server

Click on add/remove snap in

 

Click add

Select Certificates, click add

Check computer account radio button, click next

Select local computer, click finish

Right mouse click on personal and click on request certificate, follow screen shot

Click next, then click ok.

Install IAS as follows

Go to Add remove windows component, select internet Authentication Service, click ok.

Open IAS console from administrative tools, right click on IAS as above, click register service in Active Directory

Add RADIUS Client, mention Cisco access point name and IP of Cisco Access Point, click next

Select Radius standard and provide shared secret and confirm, click finish. Shared secret must be same as you mentioned in Cisco wireless access point

Create Wireless access group in windows Active Directory and Add desired members in that group

go to administrative tools in IAS server, open IAS console, Add wireless access policy in Radius server

right click in wireless access policy and create new access policy

Select as above

Check Wireless and click next

Add wireless access group from active directory by click add button

Select PEAP, click on configure

Click ok

Click finish

Now go to property of newly created access policy, click edit profile, click authentication tab, check EAP  methods as follows.

Check  encryption and authentication method. Use MSCHAP v2. Encryption 128 bits.

Configure Wireless access point as shown in the link

http://araihan.wordpress.com/2009/08/02/how-to-configure-cisco-1242-ap-to-get-authentication-from-ms-ias/

Now infrastructure is ready to authenticate iMac OSX 10.5, Windows 7 and XP via wireless.

Log on to an XP machine using user credentials who is a member of wireless access group. Go to run, type mmc and press ok. follow the steps mentioned above on top to install machine certificate but this time install user certificate i.e. check user account instead of computer account.

Once user certificate installed, right click on user certificate, click All task, click export follow screen shot

Save certificate in usb stick.

Configure Mac OSX 10.5

Now open iMac/Mac book pro. Go to utility, open Key Chain, select login, drag certificate from USB stick and drop it in key chain login, click ok

Type the password used while exporting certificate

go to system preference, open network, select AirPort, click on advance, click on +

Click on show all, select desired Mac wireless SSID, follow screen shot

type AD user name and password who is a member of wireless access group, select certificate, click  add

Now authenticated as above. all done.

It is not necessary to bind Mac OSX 10.5 to AD to get wireless authentication via RADIUS. PEAP and certificate will do. now you can add user home drive, printer from print server. 

On Windows XP or Windows 7 machine, log on using domain user credential who is a member wireless access group, install user certificate and machine/computer certificate as mentioned above. Turn on wireless, select SSID, click on connect, in few seconds it will be connected.

Deploy custom Office 2007 using GPO or command prompt

Copy office 2007 DVD content into \\servername\software\office12

go to the folder containing office 2007 from command prompt

type setup.exe /admin

Click ok.

 

Provide installation location such as

\\servername\Software\Office12\Access.en-us\AccessMUIset.msi

\\servername\Software\Office12\Excel.en-us\ExcelMUI.msi

Add according to your need. You don’t need to mention the application which you don’t want to install.

 

type or paste product key, Accept EULA, display level none, check suppress, check none

Select office application you need, select not available on application you don’t want to install.  you must select office tools

Now click on file and save this file as custom.msp in \\servername\software\office12 folder

 

Create bat file, say office2007.bat write in one line

\\servername\software\office12\setup.exe /adminfile \\servername\software\office12\custom.msp 

Go to GPO management in your server, expand domain, right click group policy object

Create new GPO and name it as you want say office 2007 custom

Expand group policy object, right click on office 2007 custom and Edit

double click on startup

click Add, browse and paste office2007.bat 

press ok. Once GP refresh as set by your GPO refresh policy, it will install office 2007.

 

Command prompt deployment

Now open a notepad and write list of netbios name of xp machine in one column and save the file as desktop.txt

I created a bat file named deploy.bat containing the following command

@echo off

\\servername\software\office12\setup.exe /adminfile \\servername\software\office12\custom.msp 

save desktop.txt and deploy.bat file in a C:\ Now go to that directory from command prompt

Type and wait until copied

FOR /F %i in (c:\desktop.txt) DO COPY Deploy.bat \\%i\c$ /Y

Type again

FOR /F %i in (c:\desktop.txt) DO AT \\%i 17:00 c:\Deploy.bat

 

Office 2007 will install in set time as 1700.