End of Support of Windows Client Operating Systems
End of Sales of Windows Client Operating Systems
Reference: Windows lifecycle fact sheet
End of Support of Windows Client Operating Systems
End of Sales of Windows Client Operating Systems
Reference: Windows lifecycle fact sheet
Remote Desktop Services is a server role consists of several role services. Remote Desktop Services (RDS) accelerates and securely extends desktop and applications to any device and anyplace for remote and roaming worker. Remote Desktop Services provide both a virtual desktop infrastructure (VDI) and session-based desktops.
In Windows Server 2012 R2, the following roles are available in Remote Desktop Services:
|Role service name||Role service description|
|RD Virtualization Host||RD Virtualization Host integrates with Hyper-V to deploy pooled or personal virtual desktop collections|
|RD Session Host||RD Session Host enables a server to host RemoteApp programs or session-based desktops.|
|RD Connection Broker||RD Connection Broker provides the following services
|RD Web Access||RD Web Access enables you the following services
|RD Licensing||RD Licensing manages the licenses for RD Session Host and VDI.|
|RD Gateway||RD Gateway enables you to authorized users to connect to VDI, RemoteApp|
For a RDS lab, you will need following servers.
This test lab consist of 192.168.1.1/24 subnets for internal network and a DHCP Client i.e. Client1 machine using Windows 8 operating system. A test domain called testdomain.com. You need a Shared folder hosted in File Server or SAN to Hyper-v Cluster as Virtualization Host server. All RD Virtualization Host computer accounts must have granted Read/Write permission to the shared folder. I assume you have a functional domain controller, DNS, DHCP and a Hyper-v cluster. Now you can follow the steps below.
Step1: Create a Server Group
1. Open Server Manager from Task bar. Click Dashboard, Click View, Click Show Welcome Tile, Click Create a Server Group, Type the name of the Group is RDS Servers
2. Click Active Directory , In the Name (CN): box, type RDS, then click Find Now.
3. Select RDSWEBSRV01, RDSSHSRV01, RDSCDSRV01, RDSVHSRV01 and then click the right arrow.
4. Click OK.
Step2: Deploy the VDI standard deployment
1. Log on to the Windows server by using the testdomain\Administrator account.
2. Open Server Manager from Taskbar, Click Manage, click Add roles and features.
3. On the Before You Begin page of the Add Roles and Features Wizard, click Next.
4. On the Select Installation Type page, click Remote Desktop Services scenario-based Installation, and then click Next.
5. On the Select deployment type page, click Standard deployment, and then click Next. A standard deployment allows you to deploy RDS on multiple servers splitting the roles and features among them. A quick start allows you to deploy RDS on to single servers and publish apps.
6. On the Select deployment scenario page, click Virtual Desktop Infrastructure, and then click Next.
7. On the role services page, review roles then click Next.
8. On the Specify RD Connection Broker server page, click RDSCBSRV01.Testdomain.com, click the right arrow, and then click Next.
9. On the Specify RD Web Access server page, click RDSWEBSRV01.Testdomain.com, click the right arrow, and then click Next.
10. On the Specify RD Virtualization Host server page, click RDSVHSRV01.Testdomain.com, click the right arrow, and then click Next. RDSVHSRV01 is a physical machine configured with Hyper-v. Check Create a New Virtual Switch on the selected server.
11. On the Confirm selections page, Check the Restart the destination server automatically if required check box, and then click Deploy.
12. After the installation is complete, click Close.
Step3: Test the VDI standard deployment connectivity
You can ensure that VDI standard deployment deployed successfully by using Server Manager to check the Remote Desktop Services deployment overview.
1. Log on to the DC1 server by using the testdomain\Administrator account.
2. click Server Manager, Click Remote Desktop Services, and then click Overview.
3. In the DEPLOYMENT OVERVIEW section, ensure that the RD Web Access, RD Connection Broker, and RD Virtualization Host role services are installed. If there is an icon and not a green plus sign (+) next to the role service name, the role service is installed and part of the deployment
Step4: Configure FileSRV1
You must create a network share on a computer in the testdomain domain to store the user profile disks. Use the following procedures to connect to the virtual desktop collection:
Create the user profile disk network share
1. Log on to the FileSRV1 computer by using the TESTDOMAIN\Administrator user account.
2. Open Windows Explorer.
3. Click Computer, and then double-click Local Disk (C:).
4. Click Home, click New Folder, type RDSUserProfile and then press ENTER.
5. Right-click the RDSUSERPROFILE folder, and then click Properties.
6. Click Sharing, and then click Advanced Sharing.
7. Select the Share this folder check box.
8. Click Permissions, and then grant Full Control permissions to the Everyone group.
9. Click OK twice, and then click Close.
Setup permissions on the network share
1. Right-click the RDSUSERPROFILE folder, and then click Properties.
2. Click Security, and then click Edit.
3. Click Add.
4. Click Object Types, select the Computers check box, and then click OK.
5. In the Enter the object names to select box, type RDSVHSRV01.Testdomain.com, and then click OK.
6. Click RDSVHSRV01, and then select the Allow check box next to Modify.
7. Click OK two times.
Step5: Configure RDSVHSRV01
You must add the virtual desktop template to Hyper-V so you can assign it to the pooled virtual desktop collection.
Create Virtual Desktop Template in RDSVHSRV01
1. Log on to the RDSVHSRV01 computer as a Testdomain\Administrator user account.
2. Click Start, and then click Hyper-V Manager.
3. Right-click RDSVHSRV01, point to New, and then click Virtual Machine.
4. On the Before You Begin page, click Next.
5. On the Specify Name and Location page, in the Name box, type Virtual Desktop Template, and then click Next.
6. On the Assign Memory page, in the Startup memory box, type 1024, and then click Next.
7. On the Configure Networking page, in the Connection box, click RDS Virtual, and then click Next.
8. On the Connect Virtual Hard Disk page, click the Use an existing virtual hard disk option.
9. Click Browse, navigate to the virtual hard disk that should be used as the virtual desktop template, and then click Open. Click Next.
10. On the Summary page, click Finish.
Step6: Create the managed pooled virtual desktop collection in RDSVHSRV01
Create the managed pooled virtual desktop collection so that users can connect to desktops in the collection.
1. Log on to the RDSCBSRV01 server as a TESTDOMAIN\Administrator user account.
2. Server Manager will start automatically. If it does not automatically start, click Start, type servermanager.exe, and then click Server Manager.
3. In the left pane, click Remote Desktop Services, and then click Collections.
4. Click Tasks, and then click Create Virtual Desktop Collection.
5. On the Before you begin page, click Next.
6. On the Name the collection page, in the Name box, type Testdomain Managed Pool, and then click Next.
7. On the Specify the collection type page, click the Pooled virtual desktop collection option, ensure that the Automatically create and manage virtual desktops check box is selected, and then click Next.
8. On the Specify the virtual desktop template page, click Virtual Desktop Template, and then click Next.
9. On the Specify the virtual desktop settings page, click Provide unattended settings, and then click Next. In this step of the wizard, you can also choose to provide an answer file. A Simple Answer File can be obtained from URL1 and URL2
10. On the Specify the unattended settings page, enter the following information and retain the default settings for the options that are not specified, and then click Next.
§ In the Local Administrator account password and Confirm password boxes, type the same strong password.
§ In the Time zone box, click the time zone that is appropriate for your location.
11. On the Specify users and collection size page, accept the default selections, and then click Next.
12. On the Specify virtual desktop allocation page, accept the default selections, and then click Next.
13. On the Specify virtual desktop storage page, accept the default selections, and then click Next.
14. On the Specify user profile disks page, in the Location user profile disks box, type \\FileSRV01\RDSUserProfile, and then click Next. Make sure that the RD Virtualization Host computer accounts have read and write access to this location.
15. On the Confirm selections page, click Create.
Step8: Test Remote Desktop Services connectivity
You can ensure the managed pooled virtual desktop collection was created successfully by connecting to the RD Web Access server and then connecting to the virtual desktop in the Testdomain Managed Pool collection.
1. Open Internet Explorer.
2. In the Internet Explorer address bar, type https://RDSWEBSRV01.Testdomain.com/RDWeb, and then press ENTER.
3. Click Continue to this website (not recommended).
4. In the Domain\user name box, type TESTDOMAIN\Administrator.
5. In the Password box, type the password for the TESTDOMAIN\Administrator user account, and then click Sign in.
6. Click Testdomain Managed Pool, and then click Connect.
Since the emergence of vSphere 6.0, I would like to write an article on vSphere 6.0 vs Windows Server 2012 R2. I collected vSphere 6.0 features from few blogs and VMware community forum. Note that vSphere 6.0 is in beta program which means VMware can amend anything before final release. New functionalities of vSphere 6.0 beta are already available in Windows Server 2012 R2. So let’s have a quick look on both virtualization products.
|Features||vSphere 6.0||Hyper-v Server 2012 R2|
|Certificate Authority||Active Directory Certificate Services|
|Certificate Store||Certificate Store in Windows OS|
|Single Sign on||VMware retained SSO 2.0 for vSphere 5.5||Active Directory Domain Services|
|Database||vPostgres database for VC Appliance up to 8 vCenter||Microsoft SQL Server
|Management Tools||Web Client & VI
VMware retained VI
|SCVMM Console & Hyper-v Manager|
|Installer||Combined single installer with all input upfront||Combined single installer with all input upfront|
|vMotion||Long distance Migration up to 100+ms RTTs||Multisite Hyper-v Cluster and Live Migration|
|Storage Migration||Storage vMotion with shared and unshared storage||Hyper-v Live Storage Migration between local and shared storage|
|Combined Cloud Products||Platform Services Controller (PSC) includes vCenter, vCOPs, vCloud Director, vCoud Automation||Microsoft System Center combined App Controller, Configuration Manager, Data Protection Manager, Operations Manager, Orchestrator, Service Manager, Virtual Machine Manager|
|Service Registration||View the services that are running in the system.||Windows Services|
|Licensing||Platform Services Controller (PSC) includes Licensing||Volume Activation Role in Windows Server 2012 R2|
|Virtual Datacenters||A Virtual Datacenter aggregates CPU, Memory, Storage and Network resources.||Provision CPU, Memory, Storage and network using create Cloud wizard|
Another key feature to be compared here that those who are planning to procure FC Tape library and maintain a virtual backup server note that vSphere doesn’t support FC Tape even with NPIV and Hyper-v support FC Tape using NPIV.
The SMB protocol follows the client-server model; the protocol level is negotiated by the client request and server response when establishing a new SMB connection. Windows Server 2012 introduces a feature called SMB 3.0 Multichannel. Multichannel provides link aggregation and fault tolerance.
SMB 3.0 introduces multipath I/O (MPIO) where multiple TCP connections can be established with given SMB session. Benefits include increase bandwidth, enable transparent network interface failover and load balancing per session.
Open following registry key
If you are looking fault tolerance and throughput then obvious choice is NIC teaming with RSS.
Switch(config)#Int PORT (a.e. Gi3/1)
Switch(config)#switchport mode access
Switch(config)#channel-group <40> mode active
Switch(config)#Int port (a.e. Gi3/1)
Switch(config)#switchport mode access
Switch(config)#channel-group <40> mode active
PROCURVE# trunk PORT1-PORT2 (a.e. C1/C2) Trk<ID> (a.e. Trk99) LACP
PROCURVE# vlan <VLANID>
PROCURVE# untagged Trk<ID> (a.e. Trk99)
PROCURVE# show lacp
PROCURVE# show log lacp
Get-SmbClientConfiguration | Select EnableMultichannel
Get-SmbServerConfiguration | Select EnableMultichannel
6. Enable Multichannel
Set-SmbServerConfiguration -EnableMultiChannel $true
Set-SmbClientConfiguration -EnableMultiChannel $true
7. Verify Multichannel
Deduplication in Windows Server: Data deduplication involves finding and removing duplication within data without compromising its fidelity or integrity. The goal is to store more data in less space by segmenting files into small variable-sized chunks (32–128 KB), identifying duplicate chunks, and maintaining a single copy of each chunk. Redundant copies of the chunk are replaced by a reference to the single copy. The chunks are compressed and then organized into special container files in the System Volume Information folder.
Enhanced Dedupe features in Windows Server 2012 R2
When using the Data Deduplication feature for the first time or migrating from a previous version of Windows Server, be sure to consider the following related technologies and issues:
Install and Configure Data Deduplication using GUI
1. Open Server Manager, From the Add Roles and Features Wizard, under Server Roles, select File and Storage Services.
2. Select the File Services check box, and then select the Data Deduplication check box.
3. Click Next until the Install button is active, and then click Install.
4. From the Server Manager dashboard, right-click a data volume and choose Configure Data Deduplication. The Deduplication Settings page appears.
5. In the Data deduplication box, select the workload you want to host on the volume. Select General purpose file server for general data files or Virtual Desktop Infrastructure (VDI) server when configuring storage for running virtual machines.
6. Enter the number of days that should elapse from the date of file creation until files are deduplicated, enter the extensions of any file types that should not be deduplicated, and then click Add to browse to any folders with files that should not be deduplicated.
7. Click Apply to apply these settings and return to the Server Manager dashboard, or click the Set Deduplication Schedule button to continue to set up a schedule for deduplication.
Install and Configure Data Deduplication using Windows PowerShell
Start Windows PowerShell. Right-click the Windows PowerShell icon on the taskbar, and then click Run as Administrator.
Import-Module ServerManager | Add-WindowsFeature -name FS-Data-Deduplication
Enable-DedupVolume E: -UsageType HyperV
Enable-DedupVolume E: -UsageType Default
Set-Dedupvolume E: -MinimumFileAgeDays 20
Get-DedupVolume | fl
Start-DedupJob E: –Type Optimization –Wait
This article provides actionable advice about how to manage patches to reduce downtime while still maintaining the security of software services through the proactive reduction of dependencies and the use of workaround solutions.
Windows Server patches, hotfixes and service pack is critical for compliance, service level agreement and security purposes. Keeping an operating systems and application up to date is the key to align your infrastructure with latest software. Patches and hotfixes also enable you to prevent any security breaches and malware infection.
Windows Patch Classification
The following are strongly recommended patches:
Windows Product Classification
It is highly recommended that you patch Windows Servers, Windows Clients, Office, Applications (Silverlight, .Net Framework, SQL, Exchange, SharePoint, FF TMG).
Consultants should take time to test the patches in a non-production environment prior to being deployed to production. This will help to gauge the impact of such changes. Ideally you will have the following patching groups:
1. UAT (UAT1, UAT2, etc)
2. Test Environment (Test1, Test2, etc)
3. Development Environment (Dev1, Dev2 etc)
4. Production (Prod1, Prod2, etc)
If you have clustered environment like SQL, Exchange and SharePoint then create Prod1, prod2 group and place each node on each group.
System administrators should maintain a log, written or electronic, of all changes to the operating environment, to include hardware, system security software, operating system, and applications. Prior to any changes being implemented on a system, the system administrator should receive approval of stakeholders.
Why am I discussing backup with patching best practice? In case of emergency you can rollback completely and restore a server to its original state if necessary. It is very important that servers be backed up on a regular basis. Depending on the use of the server, it may be adequate to backup the server once per week. A backup of a more critical environment may be needed daily, and possibly continuously. The backup program provided with Windows is capable of backing up to virtually any writable media, which can include network drives provided by a server in another physical location. This program is also capable of scheduling backups which can ensure backups occur on a regular interval.
Microsoft strongly recommends that you create the following backups before you install an update rollup, service pack and patch on Exchange and SQL:
Read release notes of each hotfixes you are going to apply so that you are compliant with the application installed on the server. Consult with application vendor before applying service pack to any server if the server is hosting specific business application. Consult with application engineer about the importance of server patching. Inform and educate application engineer as much as possible to avoid conflict of interest.
Documentation released with the updates is usually in the form of web pages, attached Word documents and README.TXT files. These should be printed off and attached to change control procedures as supporting documentation.
Back out Plan
A back-out plan will allow the system and enterprise to return to their original state, prior to the failed implementation. It is important that these procedures are clear, and that contingency management has tested them, because in the worst case a faulty implementation can make it necessary to activate contingency options. Historically, service packs have allowed for uninstalling, so verify there is enough free hard disk space to create the uninstall folder. Create a back out plan electronically and attach with change management software.
You need to notify helpdesk staff and support agencies of the pending changes so they may be ready for arising issues or outages.
Consistency across Servers
Always install the same service packs or hotfixes to each SQL server node, Exchange DAG member and Domain Controller.
Routine Maintenance Window
A scheduled maintenance window must be agreed with business so that application outage and server reboot can maintain a respectable Service Level Agreement (SLA). If you have a large infrastructure with thousands of servers and many regions working round the clock then you must consider application dependencies. A patching schedule can be considered in between every Friday of every month at 6:00 P.M. Friday to 6:00 A.M Monday. Setup maintenance window in system center or deadline for WSUS to make sure patches are applied when you want instead of when patch is available. In this way you will have a complete control over change windows approved by change advisory board (CAB). Do not allow end users to update patches on their client machine according to their wishes and happiness! then user will never install any patch.
I strongly recommend that you spend few $$$ to buy Microsoft System Center 2012 to manage and deploy Windows patches, service pack and hotfixes. However you can use Windows Server Update Services (WSUS) as poor man’s patching solutions.
Patching DMZ server can be accomplished using WSUS offline patching solutions available for free to download from http://download.wsusoffline.net/.
Automate, Automate and Automate!
Automated patch management using System Center could enable a single IT administrator to access a pre-populated patch policy. He then could execute the command and with the press of a single button, download the patches from Microsoft’s website, install them on a test machine and test for compatibility issues. Meanwhile, an automatic inventory check could search for systems with the affected software, wake them up, check their readiness and push the verified patches out to waiting machines. The patches would then be automatically installed on each system, and they’d reboot as necessary. The final step is an automated report on the status of the remediated devices.
Standardized patch management processes could allow for daily assessment and remediation of client devices and weekly assessment and remediation for servers. Reports can then be generated to validate system status on a weekly or bi-weekly schedule. A systems monitoring task that used to take days now takes minutes, and patches are deployed more completely and consistently across the entire IT environment. A single IT administrator can proactively manage thousands of systems tasks in the same amount of time it took an entire team to do the tasks manually.
Reboot Windows Computer
Some application may require reboot of server before patching such as RSA Secure Console. However most of the server must be rebooted after patching. Do not suppress reboot after patching in any circumstances or you will have a messy environment and broken clusters.
X86 and X64 Windows Systems
The most prominent 32-bit application you’re likely to see on a 64-bit Windows system is Office. In this sort of situation System Center benefits most because you can adjust and make decision based on architecture and compliance as well. You can approve patches based on “Needed and Not Installed”. If a server or client need update it will install if not then it will not installed. It’s safe to do so.
Antivirus and Antispyware
Servers are vulnerable to many forms of attack. Implementation and standardization of security methods should be developed to allow early and rapid deployment on servers. It’s important that a Windows server be equipped with a latest centrally managed Antivirus program. Antivirus update must be scheduled with the same maintenance window to update antivirus with latest definition.
Servers have a powerful auditing feature built in. Typically, server managers would want the auditing system to capture logins, attempted logins, logouts, administrative activities, and perhaps attempts to access or delete critical system files. Auditing should be limited to gathering just the information that is needed, as it does require CPU and disk time for auditing to gather information. Log Management software should be used, if possible, for ease of managing and analysing information. Report can be generated from Systems Center and WSUS as proof of patching cycle.
Servers keep multiple logs and, by default, may not be set to reuse log file entries. It is a good practice to expand the size of the allowed log file and to set it to reuse space as needed. This allows logging to continue uninterrupted. How far back your log entries go will depend on the size of the log file and how quickly you are accumulating log data. If your server environment is critical, you may wish to ensure that the log file size is sufficient to store about 30 days of logging information, and then rotate log files once per month.
Installing Updates on a single Exchange Server
Download Exchange Update from Microsoft Download Center. Record Current Exchange Version information
Check for publisher’s certificate revocation
1. Start Internet Explorer.
2. On the Tools menu, click Internet Options.
3. Click the Advanced tab, and then locate the Security section.
4. Clear the Check for publisher’s certificate revocation check box, and then click OK.
5. After the update rollup installation is complete, select the Check for publisher’s certificate revocation option.
Pre-check before installing
1. Determine which update rollup packages are installed on your Exchange server roles
2. Determine whether any interim updates are installed
3. Review interim updates
4. Obtain the latest update rollup package
5. Apply on a Test Exchange Server
Install Exchange Update
1. Ensure that you have downloaded the appropriate rollup to a local drive on your Exchange servers, or on a remote network share.
2. Run the Windows Installer *.msp Setup file that you downloaded in step 1.
Install Exchange Update on DAG Member
To update all DAG members, perform the following procedures on each DAG member, one at a time. Set the member server in maintenance mode using this PowerShell Command.
Install the update rollup
1. Close all Exchange management tools.
2. Right-click the Exchange update rollup file (.msp file) you downloaded, and then select Apply.
3. On the Welcome page, click Next.
4. On the License Terms page, review the license terms, select I accept the License Terms, and then click Next.
5. On the Completion page, click Finish.
Once installed exit from maintenance mode run the StopDagServerMaintenance.ps1 script. Run the following command to re-balance the DAG, as needed
.RedistributeActiveDatabases.ps1 -DagName <DAGName> -BalanceDbsByActivationPreference -ShowFinalDatabaseDistribution
When the installation is finished, complete the following tasks:
Patching Microsoft Failover Cluster
You can install Windows service packs on Windows Server Failover Cluster nodes using the following procedure. Administrative privilege is required to perform the following tasks.
Procedure to install Windows service pack or hotfixes in Windows Server 2003:
Procedure to install Windows service pack or hotfixes in Windows Server 2008 and Windows Server 2012:
You can use the following PowerShell Cmdlet to accomplish the same.
1. Load the module with the command: Import-Module FailoverClusters
2. Suspend (Pause) activity on a failover cluster nodeA: Suspend-ClusterNode nodeA
3. Move a clustered service or application (a resource group) from one node to another: Get-ClusterNode NodeA | Get-ClusterGroup | Move-Cluster Group
4. Resume activity on nodeA that was suspended in step 5: Resume-ClusterNode nodeA
5. Move a clustered service or application (a resource group) from one node to another: Get-ClusterNode NodeB | Get-ClusterGroup | Move-Cluster Group
6. Suspend (Pause) activity on other failover cluster node: Suspend-ClusterNode nodeB
7. Resume activity on nodeB that was suspended in step 10 above: Resume-ClusterNode nodeB
It is critical that when service packs, hotfixes, and security patches are required to be installed, that these best practices be followed.
1. Read all related documents.
2. Use a change control process.
3. Apply updates that are needed.
4. Test patches and hotfixes on test environment.
5. Don’t get more than 2 service packs behind.
6. Target non-critical servers first.
7. Service Pack (SP) level consistency.
8. Latest SP instead of multiple hotfixes.
9. Apply only on exact match.
10. Subscribe to Microsoft email notification.
11. Always have a back-out plan.
12. Have a working Backup and schedule production downtime.
13. Consistency across Domain Controllers and application servers.
PowerShell cmdlet scripting
Working anywhere approach, access protected data, multi-factor authentication
DNS suffix based policies
DNS PTR registration options
IP Address Management (IPAM)
Supported Upgrade Path
Windows Server 2008 R2 Web, Datacenter or enterprise with SP1
Windows Server 2012 R2 Datacenter, standard
Windows Server 2012 Standard, datacenter
Windows Server 2012 R2 Standard or Windows Server 2012 R2 Datacenter
Hyper-V Server 2012
Hyper-V Server 2012 R2
In-place upgrade of the following is unsupported:
Feature Removed or Deprecated in Windows Server 2012 R2
File Backup and Restore
File History feature
System Image Backup
Reset your PC
Drivers for tape drives
Use manufacturer drivers
Creation of recovery disk on CD or DVD
Use the Recovery Disk to USB feature
Windows Authorization Manager (AzMan)
use new management tools for virtual machine
Active Directory Rights Management Services (AD RMS) SDK
AD RMS SDK 2.0
The Application Server role
Use features and roles
IIS CertObj COM interface
NFS 3 or NFS4
Network Access Protection (NAP)
Windows Web Application Proxy
Server for Network Information Services (NIS) Tools
Use native LDAP, Samba client, Kerberos
Windows Identity Foundation (WIF) 3.5
Use WIF 4.5 and .net framework 4.5
WMI version 1
WMI version 2
AppLocker is a customizable rules that allow/disallow applications, scripts and installers on a per user or per group basis. By using this feature, an administrators can ensure that security and licensing compliance needs are met, and to provide granular level security to align with corporate security compliance. You can configure the following rules in AppLocker via group policy object
AppLocker can be found in Computer ConfigurationWindows SettingsSecurity SettingsApplication Control PoliciesAppLocker location shown in picture
an administrator creates or edits a Group Policy Object based on business needs. Rules can be created to allow/deny any applications/scripts/installers to run per user or per group. The following is an example to create a rule allowing Adobe Acrobat using AppLocker.
Right Click on Executable Rules, Click Create New Rule
On the Permission page, Click Allow, Click Next
Select Publisher, Click Next
Click Browse and go to the C:Program Files (x86)AdobeAcrobat 10.0Acrobat and select Acrobat.exe. If you would like to select specific version, Click Next otherwise drag mouse product name shown product name. in this way you have selected Adobe Acrobat and any version will be allowed by this rule.
On the Exceptions page, Click Next
On the Name page, Click Create.
Now you will see the rule in the following screen
AppLocker is a robust tool to manage corporate compliance and security on the desktop and server platform.
Windows 8.1 code name “Windows blue” will be available to download as public preview on 26 June 2013.
Microsoft sold 100 million Windows 8 license. Microsoft listened to user who complained that Windows 8 is a tablet version not a desktop. Again Microsoft will allow Windows 8 user to download and upgrade to Windows 8.1 for free via Windows store.
Previously I wrote a blog on comparing price and features of Hyper-v and VMware. I got lot of feedback and questions why I believe Microsoft will win the battle. Here is a short answer for this question.
Living in mining city of Australia, its truth that most mining, oil and gas company isn’t adopting Microsoft Hyper-v yet excluding Fortescue Metals (FMG). FMG took a smart decision to go for Microsoft cloud than any other cloud technology. But wind is shifting quickly. Not just mining, oil and gas companies. Here are other examples: ING Direct case study and Suncorp Bank case study. There is nothing to hide that Microsoft came late to Hypervisor game. Slowly but surely Microsoft is gaining momentum.
I worked in almost 15 years now. I have seen in many occasions that Microsoft crashes its opponent and gain market in their own business. This is what happening in Hypervisor battle. Let’s be honest VMware is THE leader in virtualization. I am sure there are skeptics who believe, beating VMware isn’t possible. Those skeptics betted their money on Novell Netware, IBM Lotus Notes and Corel Word Perfect in those days. If I had told you in year 2000 that Active Directory would beat Novell e-directory, you would have burst out of laugh. But now there’s nothing to comment on this. By now you rarely see and work e-directory, word perfect or lotus notes. These examples says it all. VMware’s fate is written when Microsoft released Windows Server 2012, Hyper-v Server 2012 and System Center 2012. By the next Windows, Hyper-v and System Center release VMware may extinct.
If you need more evidence then you can find Microsoft’s Oil and Gas customer’s success stories on Microsoft View Point.
Staging an RODC allows an administrator to perform installation without travelling to the site. You can stage a RODC installation in four steps. Step1, Step2 and Step3 are performed in Head office by a member of domain admin where authoritative domain controller is located. Fourth step is performed in site office where site admin and RODC is located.
· RODC NetBIOS Name: DC4
· RODC Security Group: RODCAdmins
· Forest: Superplaneteers.com
Step1: Prepare Environment
· Install Operating System on RODC Server
· Activate Windows Server 2012
· Configure TCP/IP Properties of the Server
· Rename RODC Server to desired NetBIOS name (Example-DC4)
Step2: Add Site Admin into RODCAdmins Security Groups in AD
Open Active Directory Users and Computers, Right Click on desired OU, Click new, Click Group, Create a Security group named as RODCAdmins.
Add Site Admins into RODCAdmins group.
Step3: Create an RODC Computer Account
Open Active Directory users and Computers, Select Domain Controllers OU, Click on Action, Click Pre-create Read-only Domain Controller account
Click Next, On the Welcome to the Active Directory Domain Services Installation Wizard page, if you want to modify the default the Password Replication Policy (PRP), select Use advanced mode installation, and then click Next.
On the Network Credentials page, under Specify the account credentials to use to perform the installation, click My current logged on credentials, Click Next
On the Specify the Computer Name page, type the computer name of the server that will be the RODC.
On the Select a Site page, select a site from the list or select the option to install the domain controller in the site that corresponds to the IP address of the computer on which you are running the wizard, and then click Next.
On the Additional Domain Controller Options page, make the following select Domain Naming System (DNS), Global Catalog (GC), Read-only Domain Controller (RODC) and then click Next:
On the Delegation of RODC Installation and Administration page, type the name of the user or the group who will attach the server to the RODC account that you are creating. To search the directory for a specific user or group, click Set. In Select Users, Computers, or Groups, type the name of the user or group. When you are finished, click Next.
On the Summary page, review your selections. Click Back to change any selections, if necessary.
When you are sure that your selections are accurate, click Next to create the RODC account.
On the Completing the Active Directory Domain Services Installation Wizard page, click Finish.
Step4: Attach a server to an RODC account using Server Manager
This step is performed in the site office where the RODC is located. The server where you perform this procedure must not be domain member. In Windows Server 2012, you use the Add Roles Wizard in Server Manager to attach a server to an RODC account. Follow the procedure to promote a RODC at the branch office.
1. Log on to Server DC4 as local Administrator. In Server Manager, click Add roles and features. On the Before you begin page, click Next.
2. On the Select installation type page, click Role-based or feature-based installation and then click Next.
3. On the Select destination server page, click Select the local server from the server pool, click Next.
4. On the Select server roles page, click Active Directory Domain Services, click Add Features and then click Next.
5. On the Select features page, select any additional features that you want to install and click Next.
6. On the Active Directory Domain Services page, review the information and then click Next.
7. On the Confirm installation selections page, click Install.
8. On the Results page, verify Installation succeeded, and click Promote this server to a domain controller to start the Active Directory Domain Services Configuration Wizard.
9. On the Deployment Configuration page, click Add a domain controller to an existing domain, type the name of the domain superplaneteers.com and specify an account who is a member of RODCAdmins group that is delegated to manage and install the RODC, and then click Next.
10. On the Domain Controller Options page, click Use existing RODC account in this case DC4, type and confirm the Directory Services Restore Mode password, and then click Next.
11. On the Additional Options page, select the head office domain controller that you want to replicate the AD DS installation data from or if you have correct sites configured then allow the wizard to select any domain controller and then click Next.
12. On the Paths page, type the locations for the Active Directory database, log files, and SYSVOL folder, or accept default locations, and then click Next.
13. On the Review Options page, confirm your selections, click Next.
14. Once Prerequisites Check is successful then click Install.
15. To complete the AD DS installation, the server will restart automatically.
See details on Windows Phone Blog
System Requirements: Windows 8 Enterprise Version Windows Server 2008 or Windows Server 2012 Microsoft .NET Framework version 3.5 with SP1 or later Windows PowerShell™ 2.0 or later Windows 7 Automated Installation Kit Active Directory Domain Services Dynamic Host Configuration Protocol … Continue reading
Hyper-V has been integral part of Windows Server 2008 and enhanced with great features in Windows Server 2012. According to Gartner’s magic quadrant Microsoft Hyper-v has been positioned in the leader category second to VMware. Combining Windows Server 2012 and System Center 2012 provide you a high performance Cloud Technology. Microsoft licensing model is highly flexible and charges only by physical processors and offer unlimited virtualization rights with Datacenter editions. With Hyper-v, your return on investment (ROI) increases as your workload density increases.
The pricing is based on the following assumptions:
Server Virtualization Environment:
Microsoft Server Virtualization Cost break-down
VMware Server Virtualization Cost break-down
Features VS Cost Breakdown- Multi-Site Private Cloud Computing
Together with Windows Server 2012 and System Center 2012 is truly a cloud and datacenter management solution with eight separate components such as management, monitoring, provisioning, disaster recovery integrated into one unified product. A unified System Center management solution delivers greater OPEX cost savings than VMware in addition to CAPEX cost savings.
Breakdown in resources (/Host/Guest/Cluster):
Truth about VMware lies:
You don’t have to be Einstein to understand that VMware is in significant pressure from all sides. Hence they are misleading Cloud market with biased information. I would strongly recommend you to assess your business position, compare apple to apple before renewing/buying your next Cloud products. Though VMware is still no.1 player in Cloud Computing market but their fear is real that VMware loyal Customer is switching continuously to Microsoft Cloud Technology. A declining enterprise market leads them to spread the following one sided information.
1. VMware claim: VMware vSphere 5.1 can achieve an 18.9% higher VM density per host than with Microsoft Hyper-V.
Facts: In one of VMware’s own tests, when provided adequate memory to support the number of users the performance variance between vSphere 5.1 and Hyper-V R2 SP1 was only 2% (using 24VM’s).
2. VMware claim: Hyper-V performance is poor. If performance is important to you, choose VMware.
Facts: In reality, Hyper-V offers near-native levels of virtualization performance, for which there are multiple supporting proof points (including independent third party validations):
3. VMware claim: Hyper-V isn’t ready for the enterprise. It can’t handle the most intensive of workloads like VMware can.
Facts: Hyper-V offers near native levels of performance for key workloads, ensuring that customers can virtualize their mission critical, high-performance applications and workloads with confidence on Hyper-V. Additionally, a growing number of enterprise customers are running their businesses on Microsoft Hyper-V. Please read Microsoft Private Cloud success stories.
4. VMware claim: Hyper-V is lacking some of the key VMware features today. Features such as vMotion, HA, Memory Overcommit, DRS, Storage vMotion and Hot-Add are important features for us, and Hyper-V simple doesn’t come close.
Facts: Hyper-V R2 SP1 and System Center 2012 provide Live Migration, High Availability, Storage Live Migration, Dynamic Memory Allocation, Hot-Add and subsequent removal of storage.
5. VMware claim: VMware vSphere 5.1 is more secure than Hyper-V because it’s architecture and small code base.
Facts: Small footprint doesn’t equal a more secure hypervisor. Both vSphere and Hyper-V use the same memory footprint to run. The disk Footprint in ESXi 5.0 (144 MB) doubled from ESXi 4.0 (70 MB). Microsoft follows the rigorous, industry-leading Secure Development Lifecycle (SDL) for all its products. It is possible to achieve a 40-60% reduction in patches using Server Core based on historical data.
6. VMware claim: There is no virtual firewall in Hyper-V while VMware provides vShield Zones.
Facts: Windows Server 2012 also includes an integrated firewall with advanced security features. An old version of vShield Zones is included with vSphere 5.1 (details here) and vShield Zones has several limitations like every VM’s traffic passes through the Zones virtual appliances which slows down the traffic.
7. VMware claim: Microsoft doesn’t offer anything comparable to VMware Fault Tolerance.
Facts: VMware Fault Tolerance has limited applicability and severe limitations. It cannot function with:
8. VMware claim: VMware significantly support for Linux operating systems than Hyper-V.
Facts: In production environment, Hyper-v supports Microsoft Windows Server and Linux Server without modifying any guest operating systems or installing tools.
9. VMware claim: VMware supports broad applications, while Hyper-V does not.
Facts: Since VMware does not have certified logo program for any application, they are not in position to dictate which application are supported or not. On the contrary, every single application that achieves a logo for Windows Server can be run on guest operating system on a Hyper-V, and is therefore inherently supported. There are over 2500 ISV applications listed on Microsoft Pinpoint that work with Hyper-V. Truth is neither Microsoft nor VMware mention which application you can install on a guest operating systems. It’s completely up to you what you would like to run on guest operating systems.
10. VMware claim: VMware’s Site Recovery Manager (SRM) enables us to simplify our DR story, and provides us with a solution to not only perform a planned failover, but test it whenever we like. Microsoft simply can’t deliver an alternative to this.
Facts: System Center 2012 components like Data Protection Manager and Orchestrator can provide tailored DR solutions. Windows Server 2012 includes an inbox replication capability, Hyper-V Replica, at no cost.
11. VMware claim: Microsoft Hyper-v isn’t ready for Hoster or Service Provider.
Facts: Hyper-v has been adopted by service provider industry to host their own infrastructure and public cloud simultaneously on Hyper-v utilizing Microsoft Network Virtualization. Click here and filter using hosting and public cloud to find the list of hoster. Examples: hostway, softsyshosting , hyper-v-mart , geekhosting , BlueFire and many more.
12. VMware Claim: Hyper-v does not fully comply with Trunking, VLANs
Facts: Microsoft Network virtualization is more advanced than VMware standard Switch and DV Switch. Microsoft Hyper-v is fully compliant with 802.1q trunking, VLANs, VIP, networking Tunneling, multitenant IP management. VMware is catching up on network virtualization. Being in back foot VMware advertised to hire a PR professional to campaign on network virtualization.
Bottom-line: Why Selecting Hyper-v Over VMware
Other than cost savings, the following reasons why you should select Hyper-V and System Center 2012 over VMware vSphere 5.1
1. Built-in Virtualization: Hyper-V is an integral part of Windows Server 2008 and Windows Server 2012
2. Familiarity with Windows: In-house IT staff can utilize their familiarity and knowledge of Windows environment to deploy Hyper-v minimizing training cost and learning time.
3. Single Platform Cloud Management Technology: System Center 2012 enables you to manage physical, virtual, private and public cloud using a common console view for multi-hypervisor management, 3rd party integration and process automation, ability to manage applications via a single view across private and public clouds, and deep application diagnostics and insights.
4. Running common Microsoft Application: It is obvious that Microsoft application will run better on Hyper-v 2012. Still Microsoft has published third-party validated lab results that prove best-in-class performance for Microsoft workloads on Hyper-V.
5. Private, Public or Hybrid Cloud: Microsoft provides complete solutions for Private, Public or Hybrid cloud with next generation computing technology like IaaS, PaaS, SaaS.
6. Value for Money: Microsoft Private Cloud provides value for money. You will receive unrestricted virtualization license once you buy Windows Server 2012 Datacenter and System Center 2012.
7. Easy Migration: Convert VMware virtual machine to Microsoft Hyper-v virtual machine in few easy steps. See this link.
8. Single Vendor: Since your existing virtualization workload is mostly Windows Server, from vendor communication and contract management point of view, having Microsoft Hyper-v make more sense.
Windows Server 2012 Step by Step is available in Amazon US, Amazon EU and Amazon Japan. This book will also be available to download from Amazon Kindle globally.
Client Hyper-V on Windows 8 provides a rich virtual platform for developers and IT professionals. You can create and manage virtual machines using client Hyper-V leveraging the security, scale, and manageability of Windows 8 and Server Hyper-V platforms. This is … Continue reading
Securing Servers from internal and external threat is the key aspect of managing and administering Windows Servers. If you carefully design, implement and maintain IT Infrastructure you will have a better night sleep knowing you are safe. There will not … Continue reading
Download Windows Server 2012 and have fun!!!