Monday, May 28, 2012

Thinking of Bitlocker or Bitlocker To Go?

Bitlocker works well… ‘well-ish’ is probably better to say. Let just start with the issues.

  1. No TPM, NO C: Encryption period.
  2. With TPM, you need to reboot to enable TPM, then turn on Bitlocker for C: and the process will make a new 300mb partition on the drive and reboot again. Then it will encrypt your C: – which takes 1/2 hour or more depending on size of data.
  3. BitLocker To Go – (BTG) only supports FAT/FAT32 – not NTFS?
  4. Once a drive is unlocked (D: local drive or a BTLG drive) on a user session it stays unlocked unless you script it to lock or you logout/logon again.
  5. Unlocking the drive is via a password, but to lock it again requires Administrator access CMD prompt “manage-bde –lock d:”

So that said, it does work, it works well and even lets you share USB drives with WXP and Vista users with provided software that lets you ‘unlock’ the data on those platforms. Which is nice.

Got C: Encrypted then you can pause it for updates/upgrades (you don't need to decrypt it). Which is nice.

So here is my little thought flow chart on how it works.

Encrypting the PC w7

 

Unlock as user with UAC

image

Relock running as Administrator !

image

Thursday, May 17, 2012

Microsoft Office 2010 Suite SKU options

(for any large customers you have the choice of Standard or Professional Pro)

SKUs for Volume Licensing (this is the business end of Office):

Office 2010 Standard – Word, Excel, PowerPoint, OneNote, Outlook, and Publisher. This is the basic Suite for businesses that have bought a volume programme.

Office 2010 Professional Plus – Word, Excel, PowerPoint, OneNote, Outlook, Publisher, Access, InfoPath, Communicator, and SharePoint Workspace.

office 2010 skus

SKUs for OEM, PKC or FPP:

Office 2010 Home & Student – Word, Excel, PowerPoint, and OneNote. Non-commercial use. Licensed only to the PC it was sold with (FPP it can be installed in up to 3 PCs.)

Office 2010 Home & Business – Word, Excel, PowerPoint, OneNote, and Outlook. Home-based businesses and dual users. It is the entry-level commercial Office 2010 Suite.

Office 2010 Professional – Word, Excel, PowerPoint, OneNote, Outlook, Publisher, and Access.

FREE SKU that come with new entry level PCs only:

Office 2010 Starter – Word Starter, Excel Starter. Both applications limited-functionality, advertising-based ones. It is licensed only for the PC it came pre-installed in, no installation media.

Tuesday, May 15, 2012

AD Domain forest and domain levels

 

I know this is old information, but I always seem to go back to it, so here it is for me… Oh, you can look at it too.

Forest functional level

 

Forest functional level Domain controller operating systems supported
Windows 2000 native

Windows Server 2008 R2
Windows Server 2008
Windows Server 2003
Windows 2000

Windows Server 2003

Windows Server “8” Beta
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003

Windows Server 2008

Windows Server “8” Beta
Windows Server 2008 R2
Windows Server 2008

Windows Server 2008 R2

Windows Server “8” Beta
Windows Server 2008 R2

Windows Server “8” Beta Windows Server “8” Beta

 

Domain functional level

Domain functional level Domain controller operating systems supported
Windows 2000 native

Windows 2000
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2

Windows Server 2003

Windows Server “8” Beta
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003

Windows Server 2008

Windows Server “8” Beta
Windows Server 2008 R2
Windows Server 2008

Windows Server 2008 R2

Windows Server “8” Beta
Windows Server 2008 R2

Windows Server 8 BETA Windows Server “8” Beta

Friday, May 11, 2012

Want to self install SCCM WIM?

Problem summary

Deploying a Windows 7 SOE via SCCM has the requirement on the network being available to build or install of the operating system and applications, but in the event of a critical outage (such as a network worm or major virus outbreak) the network may be down or compromised. This situation is normal for traditional organisations but in the case of a critical infrastructure service provider a solution is needed to enable end-users to rebuild their own machine (with IT direction).

Options

There are several technologies that are available for all or parts of this solution:

1. System protection (build into Windows 7)

2. Recovery console (build into Windows 7)

3. Safe Mode (build into Windows 7)

4. Windows backup (build into Windows 7)

5. Previous versions (build into Windows 7)

6. VHD, Running on (bespoke effort)

7. Self-image MOE (bespoke effort)

8. SCCM Offline Installation Media.

 

Possible solutions

Previous versions

Previous versions are copies of files and folders created automatically and saved as part of a restore point. You can use previous versions to restore files and folders that you accidentally modified or deleted, or that were damaged. Previous versions cannot be used on system files and does not offer protection for the types of errors this document is discussing.

System protection

System protection regularly creates and saves information about your computers system files and settings. It saves these files in restore points, which are created just before significant system events, such as the installation of a program, device driver or scheduled once every few days. To restore these files the user opens the control panel and restores the state via an applet.

Windows backup

The internal backup software can create a system image (exact copy of a drive). This image includes the files required for Windows to run. You can use a system image to restore the contents of your computer when your hard disk or computer fails. When you restore your computer from a system image, it’s a complete restoration – you cannot choose individual items to restore, and all of your current programs, system settings, and files are replaced with the contents of the system image.

Recovery console (aka Windows Recovery Environment)

The recovery console is a partial version of Windows 7 with a set of tools that you can use, with a backup created earlier, to recover your system. This can be used to recover drives, partitions and operating systems. This software can be made available on the local computer or restarting the computer, via pressing F8 or on a boot of a Windows 7 Setup disc.

Safe Mode

Safe mode is a troubleshooting option for the Windows 7 that starts the computer in a limited state. Only the basic files and drivers necessary to run Windows are started. This service is used by IT technicians and is complicated, not user friendly and is in general a last chance option for OS repair.

VHD Running

Windows 7 has the technology built in to run the operating system in a virtual hard drive (VHD) – as compared to a traditional disk partition. This allows the flexibility of several copies of this virtual hard disk and therefor several copies of the operating system to be available at boot time. This is flexible in some ways but does have limitations (page file etc.).

Self-image

The traditional way a Windows 7 image is deployed to a workstation is via the network from a SCCM distribution point. This gives the flexibility of the most current OS image being available at any point in time, but does limit the deployment to when the network is available. A self-image MOE would have the MOE image deployed to the local computer as a file/image and would allow the user to re-install this OS as needed with a reboot.

SCCM Offline Media

Using stand-alone media doesn’t require access to SCCM during imaging because all components needed during the imaging process are copied to the stand-alone media and available locally.

Way forward

Looking at the technologies that are available some are simply not for end users and these can be ruled out for several reasons:

1. System protection – requires the user to run the restore process, and is not a simple solution for end users.

2. Recovery console – designed for IT processional and is not suitable for end users.

3. Safe Mode – designed for IT professional and is not suitable for end users.

4. Windows backup – designed for IT professional and is not suitable for end users.

5. Previous versions – not a solution for this problem.

This leave three possible solutions that are available to address this problem. These solutions will require your evaluation, testing and prototyping to see which is the best fit for for you and can be made user friendly enough so that this can be activated by the end user as needed:

1. VHD Running

This solution would require capturing the image or deploying the image as a VHD, setting up a backup process, automate the steps and creating a boot menu for users to rollback/forward as needed on reboot.

2. Self-image MOE

This solution would possibly require repartitioning the local drive, the update of the local SOE to support the self-image, the updates to the MOE image to support self-image, automate the steps and creating a boot menu for users to rollout MOS as needed on reboot.

3. SCCM Offline Installation

This is the solution is supported by Microsoft for offline deployment and it is a more simple solution leveraging existing system management platform.

Effort

Looking at these solutions an SCCM, Windows 7 expert can build a series of lab servers, clients and tests these solutions, this will allow a prototype to be created, pros and cons identified, a gap analysis identified and plan for the production rollout.

So do you think you need this technology? If so give me a call and I can organise someone to help.

Blog Archive