Browse by Tags

• Announcement
• Anthony Bartolo
• Azure
• BYOD
• Canadian IT Folks
• Career
• Certification
• Cloud
• Coffee&Code
• CoIT
• Commentary
• Communities
• Conferences
• Consumerization of IT
• Contests
• deployment
• Domain Controllers
• EnergizeIT
• Evaluate
• Events
• Exchange Server
• français
• french
• Global Relationship Study
• Guest Bloggers
• Help
• how-to
• Hyper-V
• Hyper-V 2012
• Interesting Q&A
• IT Camps
• IT Guy / IT Gal
• Learning
• Microsoft
• Microsoft Learning
• Microsoft Office
• Microsoft Virtual Academy
• Office 365
• Online
• Operating system
• Phone Scam
• Podcast
• Podcasts
• Privte Cloud
• Rick Claus
• Security
• Security Bulletins Podcast
• Server Features
• SkyDrive
• Step-By-Step
• Support
• System Center 2012
• System Center 2012 SP1
• TechDays_ca
• TechNet Info
• training
• VDI
• Virtualization
• Webcast
• webcasts
• Windows 7
• Windows 8
• Windows 8 Management
• Windows Client
• Windows Intune
• Windows Server
• Windows Server 2008
• Windows Server 2008 R2
• Windows Server 2012
• Windows Vista

• Windows Server 2012 Active Directory – What’s New?

  Hello Folks, Today we will look at some of the new features and enhancements in Active directory with Windows Server 2012. As usual, I suggest you download the evaluation of Windows Servers 2012 and use the info in this post to setup your own lab and start exploring what’s new in Active directory. Let’s get going… Here are the points , In my own opinion, that are the most impactful enhancements of AD Virtualization That Just Works Applying a snapshot to a DC Domain Controller cloning capabilities Simplified deployment of Active Directory Simplified Administration of Active Directory Active Directory Recycle Bin Fine-grained password policies The Windows PowerShell History Viewer Dynamic Access Control   Let’s look at these in more details. Virtualization That Just Works.  Virtual environments present unique challenges to distributed workloads, such as Active Directory domain services (AD DS), that depend upon logical clock-based replication schemes. AD DS replication uses a monotonically increasing value assigned to transactions on each domain controller (known as a USN or Update Sequence Number). Each domain controller’s database instance is also given an identity, known as an InvocationID. The InvocationID of a domain controller and its USN together serve as a unique identifier associated with every write-transaction performed and must be unique within the forest. AD DS replication uses InvocationID and USNs to determine what changes need to be replicated to other domain controllers. If a domain controller is rolled back in time and a USN is reused for an entirely different transaction, replication will not converge since other domain controllers will believe they have already received the updates associated with the re-used USN. Virtual machines make it too easy for administrators to roll back a domain controller’s USNs (its logical clock) by, for example, applying a snapshot outside of the domain controller’s awareness.  That one was a BAD thing to do… Until now… In Windows 2012, AD DS relies on the hypervisor platform to expose an identifier called VM GenerationID to detect if a virtual machine has been rolled back in time. The design uses a hypervisor-agnostic mechanism for surfacing the VM GenerationID in the virtual machine. Before completing any transaction, AD DS first reads the value of this identifier and compares it against the last value stored in the directory. A mismatch is interpreted as a ‘rollback’ and the domain controller employs AD DS safeguards new to Windows Server 2012 comprised of resetting the InvocationID and discarding the RID pool. From this point forward, all transactions are associated with the domain controller’s new InvocationID. Since other domain controllers do not recognize the new InvocationID, they will conclude that they have not already seen these USNs and will accept the updates identified by the new InvocationID and USNs allowing the directory to converge. This does not mean that you should snapshot to your heart’s content from now on…  Snapshots should never be used a backup mechanism.  EVER!!!  The other virtualization enhancement we introduced in Windows Server 2012 is the Virtualized domain controller cloning capabilities.  It enables administrators to create a clone of a virtualized domain controller. With virtualized domain controller cloning, administrators can now promote a single virtual domain controller per domain and rapidly deploy all additional replica virtual domain controllers through cloning. Administrators no longer have to repeatedly deploy a sysprepped server image, promote the server to a domain controller and then complete additional configuration requirements for every replica domain controller.   Simplified deployment of Active Directory.  That means that we took the scary parts of the equation.  Really…  We did.  I’ve talk to numerous Admins that told me that their AD was still at a 2003 functional levels.  They have not upgraded their domain of forest because they are concerned with running ADPREP/FORESTPREP.  Well as my friend Rick Claus so eloquently put it, “we took ADPREP behind the wood shed and shot it!”.  It’s gone, It’s dead.  The changes needed are still being done by a “pre-requisite check” that happen in the new wizard and background PowerShell process.  This applies to the DCPROMO tool.  the name has been kept but the process is all brand new. DCs can be deployed rapidly and remotely on multiple machines from a single Windows 8 machine ,from a Windows Server 2012 console, or a PowerShell command windows. Here are other example of simplified deployment enhancements Simplified Administration of Active Directory.  The Active Directory Administrative Center (ADAC) has been enhanced to support graphical management of the Active Directory Recycle Bin and Fine-Grained Password Policies. Prior to Windows Server 2012, these activities required the use of the ADSI Edit tool, which was cumbersome and non-intuitive.  The Windows PowerShell History Viewer and the ability to deploy Dynamic Access Control  have also been added to the ADAC. Active Directory Recycle Bin:  When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion.  For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains. Active Directory Recycle Bin works for both Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS) environments. Fine-grained password policies:  You can use fine-grained password policies to specify multiple password policies within a single domain and apply different restrictions for password and account lockout policies to different sets of users in a domain.  For example, you can apply stricter settings to privileged accounts and less strict settings to the accounts of other users. In other cases, you might want to apply a special password policy for accounts whose passwords are synchronized with other data sources. The Windows PowerShell History Viewer displays Windows PowerShell commands when a task is performed through the user interface.  In Windows Server 2012, Administrators can leverage Active Directory Administrative Center to learn Windows PowerShell for Active Directory cmdlets. As actions are executed in the user interface, the equivalent Windows PowerShell for Active Directory command is shown to the user in Windows PowerShell History Viewer. These commands in turn can be copied and reused in administrators’ scripts. This improvement reduces the time to learn Windows PowerShell for Active Directory. It also increases the users’ confidence in the correctness of their automation scripts.  PowerShell current history is stored "in-memory". You can archive it by using the "Start-Transcript" and "Stop-Transcript" if you want to preserve it. Dynamic Access Control:  It allows the organization to leverage the information in AD to calculate permissions to access to data.  This help organizations reach data compliance.  DAC, uses the following info: Who the user is What device they are using, and What data is being accessed in an expression-based access policy to calculate access.  Here is an example:  Allow | Read, Write | if (@User.Department == @File.Department) AND (@Device.Managed == True)   In Windows Server 2012, we also made improvements to Group Policies, (I’m working on another post just on GPOs that should be out very soon). For more information on the added Active Directory value please see the following: What's New in Active Directory Domain Services http://technet.microsoft.com/en-us/library/dd378796(v=ws.10).aspx   And if you have time you can view Rick Claus’ session at TechEd New Zealand “What's New in Active Directory in Windows Server 2012” below. As always, I want to hear from you.  Is there a feature you want me to explore for you?  Just leave a comment, or email us at CDN-ITPro-Feedback@microsoft.com and we’ll get right on it. Cheers! Pierre Roman, MCITP, ITIL | Technology Evangelist Twitter | Facebook | LinkedIn Posted Tuesday, May 21, 2013 12:54 AM from Canadian IT Professionals | 0 Comments Filed under: Pierre Roman, Windows Server 2012, Domain Controllers

• Summer is approaching, don't just plan to work on your tan.

  I love this time of year. The days are getting longer, warmer and the deck is calling my name. (these are my feet….) At my house, summer months are very busy.  the kids are home, my wife is at home (she’s a teacher) so I tend to hide in my office with the door shut so I can get work done. it’s busy at home but in a lot of IT shops, things slow down a bit.  With the majority of Canadian IT pros taking one, two or more weeks of vacation it can feel like some projects slow down to a crawl. Why not take that time to invest in yourselves? complete that certification you’ve been considering.  Learn how to harness that new technology you’ve been reading about.  both you and your organization will benefit from it.  you will gain new skills and experiences.  The business will gain efficiencies.  Everyone wins. You’re the only one that can make the time for yourself.  some of my friends in the industry keep telling me that they’re too busy, they don't have the resources to learn, they don't know where to start. I call B.S… all you need is the will. The resources are here for you to use. Use the #CANITPRO Step-By-Step series to build your skills Download and install Windows Server 2012 in your lab to complete the provided exercises. Alternatively labs can also be completed in a virtual lab scenario by downloading and installing Hyper-V Server 2012. We are also standing by to assist.  we’re continuing the step-by-step series.  We want to hear what you need.  tell us which of the following would you like to see us dive deeper into? Configure server roles and features which role? Which feature? Configure Hyper-V the networking, the storage, the replication, … Deploy and configure core network services Install and administer Active Directory Create and manage Group Policy Deploy, manage, and maintain servers Configure file and print services Configure network services and access Configure a Network Policy Server infrastructure etc.. We’re willing to go where you needs us to…  just leave a comment, or email us at CDN-ITPro-Feedback@microsoft.com Have a great weekend.   Pierre Roman, MCITP, ITIL | Technology Evangelist Twitter | Facebook | LinkedIn Posted Thursday, May 16, 2013 10:01 PM from Canadian IT Professionals | 0 Comments Filed under: Career, Certification, Pierre Roman, training, Learning, Microsoft

• Step-by-Step: Protecting your information with Dynamic Access Control

  There is a lot of new stuff in Windows Server 2012 Active Directory. Active Directory management enhancements Active Directory Administrative Center Active Directory Recycle Bin management Fine-Grained Password Policy management Windows PowerShell History Viewer Dynamic Access Control Group Policy enhancements Kerberos constrained delegation changes Active Directory deployment enhancements Remote DCPromo and built-in troubleshooting ADPrep integration Improved virtualization support Domain controller cloning Active Directory snapshots Active Directory-based activation Active Directory Federation Services 2.1 built in In this post we will concentrate on Dynamic Access Control (DAC). DAC allows administrators to create and manage central access and audit policies in Active Directory, which can be managed through the AD Administrative Console to help organizations reach data compliance. **NOTE: DAC is the amalgamation of different features working together. It leverage AD, GPO, File Servers … It is one the more involved Labs we have tackled so far. Microsoft has focused on the following areas: Identify the information that needs to be managed to meet business and compliance requirements Apply appropriate access policies to information Audit access to information Encrypt information You can now create and managed Central Access and Audit Policies in Active Directory through the ADAC . These policies are based on conditional expressions that take into account the following so that organizations can translate business requirements to efficient policy enforcement and considerably reduce the number of security groups needed for access control: Who the user is What device they are using, and What data is being accessed Dynamic Access Control integrates claims into Windows authentication (Kerberos) so that users and devices can be described not only by the security groups they belong to, but also by claims such as: "User is from the Finance department" and "User's security clearance is High" Here is a sample usage of DAC Policy Type Usage Organization-wide authorization policy Most commonly initiated from the information security office Driven by compliance or a high-level organization requirements Relevant across the organization. Example: HBI files are accessible to only full-time employees Departmental authorization policy Each department in an organization has some special data-handling requirements that they want to enforce Example: the finance department might want to limit access to finance servers to the finance employees Specific data-management policy Usually relates to compliance and business requirements, and is targeted at protecting the correct access to the information that is being managed Example: financial institutions might implement information walls so that analysts do not access brokerage information and brokers do not access analysis information Need-to-know policy Typically used in conjunction with the previous policy types Example: vendors should be able to access and edit only files that pertain to a project they are working on   You king find different scenarios of DAC usage here. What we will do in this post is setup DAC and create a rule to show the flexibility and the value you can get from this technology. Step-by-Step: enabling and configuring DAC DAC is a claim based security feature. Claims are Active Directory attributes defined to be used with Central Access Policies. The claims can be set for both users and devices. Microsoft added a new container to the Active Directory Administrative Center to implement this new feature. To configure centralized file-access policies through Dynamic Access Control, we need to configure the following parts. Claim Type Resource properties for files Resource property lists ( add resource property to global) Create new central access rule Create central access policy First, we logged on our domain controller ITCamp-DC1 and created some accounts for this lab. Create the following users with the attributes indicated:  User Username Email address Department Country/Region Myriam Delesalle MDelesalle MDelesalle@ITCAMP.Local Finance Canada Miles Reid MReid MReid@ITCAMP.Local Finance United States Esther Valle EValle EValle@ITCAMP.Local Operations Canada Maira Wenzel MWenzel MWenzel@ITCAMP.Local HR Canada Jeff Low JLow JLow@ITCAMP.Local HR United States RMS Server rms rms@ITCAMP.Local       It's now time to enable Dynamic Access Control for ITCamp.Local Open the Group Policy Management Console, click ITCamp.Local, and then double-click Domain Controllers. Right-click Default Domain Controllers Policy, and select Edit. In the Group Policy Management Editor window, double-click Computer Configuration, double-click Policies, double-click Administrative Templates, double-click System, and then double-click KDC. Double-click KDC support for claims, compound authentication, and Kerberos armoring and select the option next to Enabled. You need to enable this setting to use Central Access Policies. Open an elevated command prompt, and run the following command:   gpupdate /force   Configure Claim Type In this step we will configure Claim type for Users. We will add existing Active Directory attributes to the list of attributes that we can use when evaluating dynamic access control. In our case, the user's department and his country 1- After login to the DC , you can just open the Active Directory Administrative Center to start configuring the Dynamic Access Policy (DAP). 2- In the Claim Type Section, click "New" and "Claim Type" in the task pane, 3- Select the attribute you want to use, in our case "c" and in the suggested value section define the countries you want to define. In our Lab we will look for Canada and United States. 4- Repeat for the department attribute with the following suggested value. (HR, Finance, Operations) Configure Resource properties for files 1- In this step, we will configure the properties which will be downloaded by file servers and used to classify files or directories or shares. The DAC rules will compare user attribute values with resource properties. You can enable existing properties or create new ones. 2- Click on resource property and here you can select the existing resource properties or also you can create the new ones, I have selected Country and Department. Resource property lists (add resource property to global) 1- Each resource property must be added to at least one resource property list. It will then be downloaded by file servers in your environment. The global resource property list is downloaded by all file servers. Our properties are already part of the global list. Create new central access rule This is when we create a Rule that uses the properties we have defined earlier. This describes which conditions must be met in order for file access to be granted.   1- In the Central Access Rule section, click "New" and "Central Access Rule" 2- Give it a name in the Create Central Access Rule form. 3- In the Permission section, click "Use Following Permissions" and click "Edit" 4- Click "Add" and in the following "permission Entry for Permissions" select The "Authenticated User" as the principal and set the following conditions. 5- Click "OK" you are back to the DAC configuration screen. Create central access policy This part is very straight forward. 1- In the Central Access Policy, click "New" and "Central Access Policy" and give the new policy a name in the "Create Central Access Policy" form. We named our CAP. You also need to Add the Central Access Rule you created earlier to the policy. 2- Once that is created we need to tell AD about the policy. In the "Group Policy Management Console" we edited the "Default domain policy" but you can apply a different policy as you see fit. And in the Computer ManagementàPoliciesàWindows SettingsàSecurity settingsàFile SystemàCentral Access Policy, right-click the right pane and select manage Central Access Policy. 3- Add the Policy you created to the Applicable Central Access Policies. We are done configuring the DAC… well… not quite. We still need to configure our shares and share properties. To configure the shares the File Server Resource Manager must be installed on the server that will be used as the files server. In our case the file server we are using is VMHost10B.itcamp.local. Logon VMHost10B.itcamp.local as itcamp\administrator In Server Manager, click Add Roles and Features. On the Before you begin page, click Next. On the Select installation type page, click Next. On the Select destination server page, click Next. On the Select Server Roles page, expand File and Storage Services, select the check-box next to File and iSCSI Services, expand, and select File Server Resource Manager. In the Add Roles and Features Wizard, click Add Features, and then click Next. On the Select features page, click Next. On the Confirm installation selections page, click Install. On the Installation progress page, click Close On the VMHost10B machine we created 2 SMB Shares-Advanced shares. (HR, Finance) select all defaults to complete this part. Once the shares have been created, we need to go the location where the directory has been created and modify the properties of each folders. To include the classification of these folders. And in the advanced Security Settings, in the Central Policy Tab, change the "No central Access Policy" to "CAP" the policy we defined. You can test to see if everything worked well by using the effective Access tab. That is that start of the value that DAC can bring. But we just skimmed the surface. So try it for yourself. It's well worth the effort. You can deploy this in you lab and take advantage of the flexibility this technology can provide. Try it for yourself by downloading Windows Server 2012? Cheers! Pierre Roman, MCITP, ITIL | Technology Evangelist Twitter | Facebook | LinkedIn   Additional Resources TechNet manual : http://technet.microsoft.com/en-us/library/hh831717.aspx Hands on lab: http://technet.microsoft.com/en-us/windowsserver/hh968267.aspx (Using Dynamic Access Control to automatically and centrally secure data) Dynamic Access Control at MMS 2012: http://channel9.msdn.com/posts/Dynamic-Access-Control-Demo-and-Interview Posted Tuesday, May 07, 2013 12:56 AM from Canadian IT Professionals | 0 Comments Filed under: Pierre Roman, Windows Server 2012, Step-By-Step, Server Features

• Step-By-Step: Deploying ReFS

  Hello folks, In this series, we’ve looked at deploying or leveraging the goodness of Windows Server 2012.  we’ve looked at VDI, Data Deduplication, DirectAccess, Hyper-v among others… Today we’ll look at ReFS.  It’s part of the Windows Server 2012 Storage Platform. It has been designed from the ground up to meet a broad set of customer requirements, for all the different ways that Windows is deployed. ReFS interfaces with Storage Spaces to automatically fix corruption. We’ve already covered Storage Spaces & Thin provisioning. So, we’ll concentrate on ReFS for this post. ReFS inherits the features and semantics from NTFS including BitLocker encryption, access-control lists for security, USN journal, change notifications, symbolic links, junction points, mount points, reparse points, volume snapshots, file IDs, and oplocks. ReFS is very well suited for the following: General-purpose file server. Customer deploys a file server attached to a JBOD storage configuration with Serial ATA (SATA) or Serially Attached SCSI (SAS) drives. Consolidated remote application data storage. Customer deploys a scale-out, two-node file server cluster with Storage Spaces, in which the cluster uses a shared JBOD storage configuration with SATA or SAS drives. However, before we go any further,  let me state that ReFS supports the majority of the Win32 APIs, but there are certain features that ReFS does not support.  Legacy stuff like Short Names and TxF (or Transactional NTFS) NTFS-specific features like named streams, object IDs, short names, compression, file level encryption (EFS), user data transactions, sparse, hard-links, extended attributes, and quotas and for those of you who looked at my Data Deduplication post , deduplication is not supported on ReFS. deploying it is very easy.  You do not need a Storage Pool to use ReFS, (you can just create a volume with the ReFS file system,.  However, Storage Spaces protects data from partial and complete disk failures by allowing you to maintain copies on multiple disks. On read failures, Storage Spaces is able to read alternate copies, and on write failures (as well as complete media loss on read/write) it is able to reallocate data transparently. Many failures don’t involve media failure, but happen due to data corruptions, or lost and misdirected writes. These are exactly the failures that ReFS can detect using checksums. Once ReFS detects such a failure, it interfaces with Storage Spaces to read all available copies of data and chooses the correct one based on checksum validation. It then tells Storage Spaces to fix the bad copies based on the good copies. All of this happens transparently from the point of view of the application In our case we already have a Storage Pool created with a Mirrored disk created.  we called it ReFS-VDisk. 1- Using Server manger, in the “File and Storage Services, we create a new volume.   2- In the “New Volume Wizard” we select the Server and disk we want to use. in our case as mentioned we selected a Virtual disk built on a Storage Pool, with 2 mirrored drive. and click Next 3- We allocated the maximum capacity, and click Next. 4- I like to use drive letters that make sense to me…  so I selected the letter “R” for “Resilient”. and click Next,   5- When asked to select a File System, Select ReFS instead of NTFS. and click Next, you can also give it a volume name that is representative, so we called our “ReFS Volume”,   9- click “Create” to complete the creation on the ReFS volume. 10- The server will Create and format the volume, when completed you can click “Close”. 11- as you can see in File Manger, the volume is created.   We are done!. We have create a ReFS volume that will allow us to safeguard our data from corruptions. if you want to see a really cool demo of the results of that corruption protection?  please look at the following recording of Rick Claus’ session at TechEd (the ReFS demo is at time index 0:48:35)     That’s it.  Are you waiting for corruption to wipe your data? Use the Windows Server 2012 evaluation copy to try this in your own environment and see how you can protect your business from corruption. Cheers! Pierre Roman, MCITP, ITIL | Technology Evangelist Twitter | Facebook | LinkedIn     More resources Storage Spaces FAQ http://go.microsoft.com/fwlink/?LinkID=254539 How to Configure Clustered Storage Spaces in Windows Server 2012 http://go.microsoft.com/fwlink/?LinkID=254538 Virtualizing Storage for Scale, Resiliency, and Efficiency http://go.microsoft.com/fwlink/?LinkID=254536 Resilient File System Overview http://technet.microsoft.com/en-us/library/hh831724.aspx Posted Wednesday, May 01, 2013 1:02 PM from Canadian IT Professionals | 0 Comments Filed under: how-to, Pierre Roman, Windows Server 2012, Step-By-Step

• Step-by-Step: Enabling Data Deduplication on Windows Server 2012 Volumes.

  Hello folks, A new feature of Windows Server 2012 called Storage Spaces is designed to change the storage task for enterprises by providing an in-box storage virtualization that can use low-cost commodity storage devices. We’ve covered Storage Spaces a few time already: Storage Pools… Dive right in! Windows Server 2012 IT Camp – Lab #3 - Thin vs. Fixed provisioning… That is the storage management question. for this Step-by-Step we’ll look at Data Deduplication.  and how we enable and configure it on a Volume create on a Storage pool.  We’ll assume your storage pool is created and is in use with data on it.  for my lab I copied my families' picture library on it.  (I know that there are a lot of duplicates). Data Deduplication in Windows Server 2012 stores more data in less physical space. It achieves greater storage efficiency than was possible in previous releases with Single Instance Storage or NTFS Compression. It can run on dozens of large volumes of primary data simultaneously without affecting other workloads on the server. Deduplication maintains redundancy to ensure that the data is recoverable in the event of data corruption. Deduplication is only on files on a file server; it is not supported for Exchange databases and SQL databases. Today, we will do 3 things with data deduplication. Install deduplication Enable and configure deduplication on an existing volume Observe the results of deduplication Install 1- From the Add Roles and Features Wizard, under Server Roles, File and Storage Services, File and iSCSI Services and select Data Deduplication  Click Next until the Install button is active, and then click Install. When complete click Close You can also use PowerShell to install it by using the following command: PS C:\> Import-Module ServerManager PS C:\> Add-WindowsFeature -name FS-Data-Deduplication PS C:\> Import-Module Deduplication   Enable and configure deduplication on an existing volume 1- From the Server Manager dashboard, right-click a data volume and choose Configure Data Deduplication. The Deduplication Settings page appears. 2- Select the Enable data deduplication check box, enter the number of days that should elapse from the date of file creation until files are deduplicated, enter the extensions of any file types that should not be deduplicated, and then click Add to browse to any folders with files that should not be deduplicated.   ** for the purpose of this lab we set the number of days to 0. If you set MinimumFileAgeDays to 0, deduplication will process all files, regardless of their age. This is suitable for a test environment, where you want to exercise maximum deduplication. In a production environment, however, it is preferable to wait for a number of days (the default is 5 days), because files tend to change a lot for a brief period of time before the change rate slows. This allows for the most efficient use of your server resources. 3- Click Apply to apply these settings and return to the Server Manager dashboard 4- In Server Manager, under File and Storage Services, and Servers, right-click the server and select Deduplication Schedule to continue to set up a schedule for deduplication. To enable deduplication on a volume, Using PowerShell command on the server. In this example deduplication is enabled on volume G. PS C:\> Enable-DedupVolume G: Optionally, set the minimum number of days that must pass before a file is deduplicated by using the following command. PS C:\> Set-Dedupvolume G: -MinimumFileAgeDays 20   That is it.  Data deduplication has been setup and configured.   Observe the results of deduplication Let’s use PowerShell to see the results of the data Deduplication. 1) on the Server console Click Windows PowerShell. 2) Type Start-DedupJob -Type Optimization -Volume F:, and then press ENTER. 3) Type Get-Dedupjob, and then press ENTER. Run this command every few seconds until there are no active jobs. 4) Type Get-DedupStatus, and then press ENTER. you can also look at the properties of the volume to show how much space you have saved.     Go ahead and try it for yourself. You can deploy this in you lab and take advantage of the flexibility this technology can provide. Try it for yourself by downloading Windows Server 2012? Cheers! Pierre Roman, MCITP, ITIL | Technology Evangelist Twitter | Facebook | LinkedIn   More Information Data Deduplication Overview http://technet.microsoft.com/en-us/library/hh831602.aspx Posted Monday, April 29, 2013 8:00 AM from Canadian IT Professionals | 0 Comments Filed under: Pierre Roman, Learning, Windows Server 2012, Step-By-Step

• Step-By-Step: Deploying Virtual Desktops with Windows Server 2012

  What is desktop virtualization? Its many things to many people. Virtual Desktop Infrastructure (VDI) Session Virtualization RemoteApp In this post we will only cover what desktop virtualization is and what components, needs and challenges are addressed by desktop virtualization. The Microsoft Virtual Academy has a great jumpstart session on VDI.  here is the overview recording.(see the link at the bottom of this post for the entire session) VDI gives you the ability to store and offer full virtual machines (OS, Applications, Data…) on a server which may be accessed by multiple clients or devices. Session Virtualization allows users to access entire desktops (remote desktops or “sessions”) running on servers in the datacenter. It’s Terminal Services on steroids. RemoteApp allows you to deliver remote applications to users instead of full desktops. It enables a publishing process that allows apps on session or VDI hosts to be provided to users. It allows RemoteApps to run side by side with local apps and integrates with the Start menu to make it simple for users to find and launch RemoteApps. In this post we’ll take a high level look at deploying VDI (full virtual machines) in Windows Server 2012. So let’s get going 1. Open Server Manager (ideally from the Server you want to host the Session Broker role), Click on Add Roles and Features , Select Remote Desktop Services Installation and Click Next 2. Select Deployment Type of Standard deployment   3. Select Virtual machine-based desktop Deployment and Click Next 4. Click Next on the Review of role Services screen 5. Specify which server to act as the RD Connection Broker Server and Click Next 6. Specify which server to act as the RD Web Access Server and Click Next (In our example, we’re elected to host the RD Web Access role on the same host as the Session Broker role.)   7. Specify the RD Virtualization Host and Click Next In our example we’re using the same host for all 3 roles.  The Hyper-V role will be installed if it isn’t already. 8. Confirm Selection and check mark on Restart Destination Server automatically if Required, Click Deploy After completion of this process, you have successfully deployed VDI desktop virtualization to this box.  Now you need to configure the machine pool.  That’s next… Virtual Desktop Collection There are two types of virtual desktop collections available: personal and pooled. You have the option to let Remote Desktop Services automatically manage pooled virtual desktops in a collection, or you can manually manage them. We will concentrate on automatically managed pooled virtual desktop collections. A managed pooled virtual desktop collection offers the following capabilities: Automatically create pooled virtual desktops based on a virtual desktop template. Automatically install security updates and applications based on a virtual desktop template. Live migration with local caching. User profile disk support. A user profile disk stores user profile information in a separate virtual hard disk so that user profile settings are persistent across pooled virtual desktops. With either managed or unmanaged, the administrator can configure the pool to store the user profiles on User Profile disks separate from the machines. Create a Pooled - Managed Virtual desktop Collection 1. Open Server Manager, Click Remote Desktop Services and Select Overview 2. In Deployment Overview Section, Click Tasks and Select Edit Deployment properties. 3. Expand Active Directory and Select the Organization Unit if you would like to add the Virtual desktops to the domain , Click Apply 4. Select Collections tile 5. In Collection Section, Click Tasks and Select Create Virtual Desktop Collection , Click Next 6. Type the Name of the Collection and Click Next 7. Select the Pooled Virtual desktop collection and Click Next 8. Specify the Virtual Desktop Template which must be pre-configured in Hyper V (ensure that your template image is syspreped) and Click Next. 9. Click Next 10. Specify the unattended installation settings and Select the OU 11. Specify the Users and Groups and Specify the Prefix and Suffix for the Virtual Desktop 12. Specify Virtual Desktop allocation and Click Next 13. Specify Virtual desktop storage and Click Next 14. Specify User Profile disk if you want with the UNC Path and Click Next 15. Confirm Selections and Click Create 16. View Progress and Click Close 17. In Collection Section, Right Click VDI( Collection Name) and Select Task Status details This completes the Virtual Desktop Managed Pool deployment and now you’re off to the races.   You can deploy this in you lab and take advantage of the flexibility this technology can provide. Try it for yourself by downloading Windows Server 2012?   Cheers! Pierre Roman, MCITP, ITIL | IT Pro Advisor Twitter | Facebook | LinkedIn     More Information Windows Server 2012 Virtual Desktop Infrastructure http://www.microsoft.com/en-us/server-cloud/windows-server/virtual-desktop-infrastructure.aspx Remote Desktop Services Overview http://technet.microsoft.com/en-us/library/hh831447.aspx Windows Server 2012 Virtual Labs http://technet.microsoft.com/en-us/windowsserver/hh968267.aspx   Microsoft Virtual Academy Jump Start. This Jump Start covers the latest approaches to desktop virtualization, the business cases for each, guidance for choosing appropriate virtual desktop types according to requirements and architectural guidance for building a Virtual Desktop Infrastructure (VDI) with appropriate sizing, scalability and fault tolerance. In addition to VDI this training session will cover session virtualization, application and user state virtualization, and scenarios for desktop virtualization vs. traditional desktops, the Microsoft-Citrix v-Alliance program and provide context and scope for understanding when Microsoft only desktop virtualization makes sense and when a Citrix v-Alliance solution is appropriate http://channel9.msdn.com/Series/Using-Microsoft-VDI-to-Enable-New-Workstyles Posted Thursday, April 25, 2013 7:14 AM from Canadian IT Professionals | 0 Comments Filed under: Pierre Roman, Microsoft Virtual Academy, Windows Server 2012, VDI

• Step-by-Step: Enabling Remote Application Access

  Hello Folks, I’m In South Carolina right now enjoying the sun and the golf courses. However, like any IT professionals, I sometimes have to access my systems and tools to address certain issues remotely. You may need remote access to address other scenarios such as: Provide access to applications to devices that are unmanaged. Deliver one or more apps instead of desktop Secure corporate data Simplify application deployment In Windows Server 2012, the Microsoft Virtual Desktop Infrastructure (VDI) deployment is a scenario-based installation that allows you to install, configure, and manage your virtual desktops from a central location. With the VDI deployment scenario, you are presented with two deployment types: Standard deployment – allows you to deploy Remote Desktop Services across multiple servers Quick Start Installs all the necessary Remote Desktop Services role services on one computer to let you install and configure them in a test environment. There are two deployment scenarios: Virtual machine-based desktop deployment – allows users to connect to virtual desktop collections that include published RemoteApp programs and virtual desktops Session-based desktop deployment – allows users to connect to session collections that include published RemoteApp programs and session-based desktops Let me run you Step-by-Step through the setup in my lab. On the server that will be exposed to the internet, Open Server Manager. Click Add roles and Features. On the Before You Begin page, click Next. On the Installation Type page, click Remote Desktop Services installation, and then click Next. On the Deployment Type page, click Quick Start, and then click Next. On the Deployment Scenario page, click Session-based desktop deployment, and then click Next. On the Server Selection page, select the server that will host the services, click Add (the right arrow button), and then click Next. Check the Restart the destination server automatically if required check box, and then click Deploy. Note: The installation and configuration will take approximately 4 minutes. Please wait for this to complete before proceeding. When the installation has completed, click Close.   couple things that need to be done in productions is to assign a trusted certificate and setup a proper licence server.  but other than that, That’s it. All you need is to expose port 80 and 443 to the internet to be able to access the RDWeb page.  In my case I'm traveling light with my Microsoft Surface and I have access to all my tools.   When I'm back we’ll look at publishing applications.  but in the mean time set it up for yourself. Why don’t you try it for yourself by downloading Windows Server 2012?    Right now I have to get back to my vacation. They’re calling us to Tee number one for our golf game.   Cheers!   Pierre Roman, MCITP, ITIL | IT Pro Advisor Twitter | Facebook | LinkedIn   More Information Windows Server 2012 Virtual Desktop Infrastructure http://www.microsoft.com/en-us/server-cloud/windows-server/virtual-desktop-infrastructure.aspx Direct Access http://technet.microsoft.com/en-us/network/dd420463.aspx Windows Server 2012 Virtual Labs http://technet.microsoft.com/en-us/windowsserver/hh968267.aspx Posted Friday, April 05, 2013 10:52 PM from Canadian IT Professionals | 0 Comments Filed under: how-to, Pierre Roman, Windows Server 2012

• Feedback regarding Office license portability

  Hello Folks, Yesterday, the "TechNet eNews - Revisiting Windows 8 and Your Feedback" mailing went out and in it I did "encourage you to continue to provide great feedback". Well, provide feedback you did…. My mailbox suddenly filled with all kinds of feedback. Some was request for help troubleshooting issues, some was constructive (which I love) some were rants. But there was one particular comments that I received several times. A lot of you were unhappy with the inability to transfer licenses of Office to another machine. There may be some confusion here so let me set the record straight. In February, the Office News published an article outlining how our Office 2010 and Office 2013 licenses compare. Since then, because of the feedback received, we have changed the Office 2013 retail license agreement to allow customers to transfer the software from one computer to another. The updated license text is as follows: Updated transferability provision to the Retail License Terms of the Software License Agreement for Microsoft Office 2013 Desktop Application Software: Can I transfer the software to another computer or user? You may transfer the software to another computer that belongs to you, but not more than one time every 90 days (except due to hardware failure, in which case you may transfer sooner). If you transfer the software to another computer, that other computer becomes the "licensed computer." You may also transfer the software (together with the license) to a computer owned by someone else if a) you are the first licensed user of the software and b) the new user agrees to the terms of this agreement before the transfer. Any time you transfer the software to a new computer, you must remove the software from the prior computer and you may not retain any copies. I also got a lot of questions regarding the different Office flavors, the different listing of flavors can be found here for business, here for home, and here For University and college students, faculty and staff only. (Find out if you're eligible.) The second set of Office comments that came to me was in regards to Office 365, Skydrive and legal requirements not to have some information on the cloud. Nowhere do we say that you can't save your data on your own premise. Skydrive is a great option when you're a mobile worker. I use both Skydrive (for home) and Skydrive Pro (for business) and it has really saved my bacon on several occasions. I love the fact that my files are on my PC and synced up to the cloud using the SkyDrive App for both my personal and work files. That way I always have access to all my files regardless where I am. I hope this helps. And I'll keep answering as much of the questions as I possibly can. Cheers! Pierre Roman, MCITP, ITIL | IT Pro Advisor Twitter | Facebook | LinkedIn   Posted Tuesday, March 19, 2013 10:43 AM from Canadian IT Professionals | 0 Comments Filed under: Microsoft Office, Pierre Roman, Office 365, Global Relationship Study, Windows 8, SkyDrive

• Windows 7 post SP1 patch relief

  I've been getting this question a lot lately.  is there a rollup for Windows 7 Post SP1?   Well now there is. An enterprise hotfix rollup is available for Windows 7 SP1 and Windows Server 2008 R2 SP1 http://support.microsoft.com/kb/2775511 This article describes a hotfix rollup for Windows 7 Service Pack 1 (SP1)-based and Windows Server 2008 R2 SP1-based computers. This hotfix rollup contains 90 hotfixes that were released after the release of SP1 for Windows 7 and Windows Server 2008 R2. These hotfixes improve the overall performance and system reliability of Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers. This hotfix rollup includes the following improvements: Improves the Windows Client Remote File System components. These components include the following: Web-based Distributed Authoring and Versioning (WebDAV) DFSN client Folder Redirection Offline Files and Folders (CSC) SMB client Redirected Drive Buffering Subsystem (RDB) Multiple UNC Provider (MUP) Improves the SMB Service and TCP protocol components. These improvements work together with other improvements to help improve the overall networking performance on Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers. Notes To take full advantage of this improvement for Windows 7 clients that log on to Windows Server 2008 R2 servers, install this rollup update on Windows 7 clients. Additionally, install this rollup update on the Windows Server 2008 R2 servers that clients authenticate and retrieve user profiles, policies and script data from during the startup and logon process. You can update your environment by installing this hotfix rollup on both clients and servers in no particular order. Network improvements can be installed on the client or server. You may not notice any changes in performance until this update is installed on both client and server computers. Improves the processing of Group Policies and Group Policy preferences. The performance of computers is improved after you install this rollup update on Windows 7-based computers that have several Group Policy preferences configured. Additionally, the network load and the domain controller usage may be reduced. We recommend that you install this hotfix rollup on every Windows 7 computer that has Group Policy preferences configured. Improves the Windows Management Instrumentation (WMI) components to reduce the CPU usage and to improve the repository verification performance. This rollup update contains the latest version of Windows system files that are updated after the SP1 release.   I hope this helps.   Cheers! Pierre Roman, MCITP, ITIL | IT Pro Advisor Twitter | Facebook | LinkedIn Posted Tuesday, March 12, 2013 3:42 PM from Canadian IT Professionals | 0 Comments Filed under: Windows 7, Pierre Roman, Windows Server 2008 R2, Support, Operating system

• New Windows 8 Camps announced.

  Hello folks, On January 25th 2013, Chris Di Lullo had announced a new set of camps for IT pros focusing on Windows 8. The first 2 camps were very well received. During this day long camp we cover the following: Windows 8 overview Windows 8 deployment in the enterprise Using MDT 2012 Using System Center 2012 SP1 Windows 8 and flexible work style Windows 8 Apps and Apps deployment Windows 8 recovery and security   Well, I'm happy to tell you that we have scheduled 2 more delivery of this camp. March 21st 2013 in Ottawa March 27th 2013 in Montreal So go ahead and register for one of the deliveries. The seats are limited, so act now and register. In order to have the best experience please make sure you can review: Take the online training on Microsoft Virtual Academy Windows 8 System Center 2012 Download and try Windows 8 and System Center 2012 SP1 in your lab environment Or Deploy System Center 2012 SP1 on Azure I look forward to see you there!   Cheers! Pierre Roman, MCITP, ITIL | IT Pro Advisor Twitter | Facebook | LinkedIn Posted Tuesday, March 12, 2013 6:00 AM from Canadian IT Professionals | 0 Comments Filed under: Pierre Roman, IT Camps, Windows 8, Microsoft Learning

• New Virtualization User Group in Calgary

  Hello Folks, I wanted to introduce you to a new User Group in Calgary. This group is focusing on Microsoft Virtualization technologies. It provides support for people interested in Microsoft Virtualization Technology and Cloud Computing. Members of the CVUG are very welcome from all over the world. Although you may not be able to make the meetings (you never know!) it will be great to have you as a member of the group and forums. The aim of the group is to have regular meetings (hopefully 12 per year) and to enable people to become more familiar with all what Microsoft Virtualization technology could provide to your organization, especially now that Cloud Computing it's more present every single day! Their 1st CVUG Meeting will take place on Feb, 28th 2013 at 5:30 and finish at 7:30. If you happen to be in Calgary, stop by and join them. 800 - 6th Avenue SW in Calgary. Agenda: 5:30 - Welcome 5:45 - Introduction to the Microsoft Private Cloud 7:00 - CVUG Round Table Cheers! Pierre Roman, MCITP, ITIL | Technical Evangelist Twitter | Facebook | LinkedIn     Posted Monday, February 25, 2013 1:39 PM from Canadian IT Professionals | 0 Comments Filed under: Communities, Pierre Roman, Announcement, Privte Cloud, Hyper-V 2012

• Group Policy Troubleshooting Improvements in Server 2012/Windows 8

  Hello Folks, As you may know during the past few months we have been criss-crossing the country delivery a series of Windows Server 2012 camps in the following cities. Regina Montreal Ottawa Calgary Mississauga Toronto Waterloo Fredericton Vancouver Halifax Montreal Edmonton Winnipeg - March 7 (You can still register for this one) St. John's - March 14 (You can still register for this one) One of the issues we had with the camps is that there is so much new wonderful and valuable stuff in Windows Server 2012 that we can't cover it all in one days. And we kept hearing the same questions over and over again, What about Active directory Improvements? What About Group Policy improvements? Are we going to cover Dynamic Access Control? Well, we never got around in the camps. But yesterday morning I get my weekly copy of the WserverNews newsletter. It's one of the world's largest newsletter focused on system admin and security issues for Microsoft Windows Servers. And it just happens that the editor is one of us. Yep. A true Canuck. Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit from Microsoft Press and has published hundreds of articles for IT pros. Mitch is also a seven-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. For more information see http://www.mtit.com. In any case, this week he's got a wonderful article from a guest editorial by Darren Mar-Elia on "Group Policy Troubleshooting Improvements in Server 2012/Windows 8" I invite you to check it out and subscribe to his newsletter. Cheers! Pierre Roman, MCITP, ITIL | Technical Evangelist Twitter | Facebook | LinkedIn     Posted Tuesday, February 19, 2013 7:00 AM from Canadian IT Professionals | 0 Comments Filed under: Communities, Pierre Roman, Windows Server 2012

• Office 2013 Quick Start Guides

  In my last role as a Technical Account Manager supporting large corporate and public sector customers, I often had discussions regarding moving to the latest versions of Office. Funny enough, the answer in a lot of cases was not the ones I expected (licensing and/or cost). But the fact the training budgets were cut and that users needed more hand holding that the IT group could handle. This weekend I found link on the Office online site that I just had to share. Quick Start Guides for: Access 2013 Excel 2013 OneNote 2013 Outlook 2013 PowerPoint 2013 roject Standard 2013 Publisher 2013 Visio 2013 Word 2013 Are now available for download here. Access 2013 Quick Start Guide Excel 2013 Quick Start Guide OneNote 2013 Quick Start Guide          Outlook 2013 Quick Start Guide PowerPoint 2013 Quick Start Guide Project 2013 Quick Start Guide          Publisher 2013 Quick Start Guide Visio 2013 Quick Start Guide Word 2013 Quick Start Guide   If you're new to Office 2013, these free guides offers useful tips to help you find your way around the best productivity suite on the planet. Also, you can find a series of very short videos outlining the new goodness in Office 2013 here. Take a look and let me know if this helps. Cheers! Pierre Roman, MCITP, ITIL | IT Pro Advisor Twitter | Facebook | LinkedIn Posted Monday, February 18, 2013 7:00 AM from Canadian IT Professionals | 0 Comments Filed under: Microsoft Office, how-to, Pierre Roman, training

• Office Goodness Wherever You Are

  Mobility has become a game changer in terms of always having access to information most important to you.  Organizations are capitalizing on that trend to ensure its employees are always connected to the latest information to stay one step ahead of the competition.  As of late, trends like BYOD or the Consumerization of IT have started to change the perspective as to how day to day activities are conducted or completed.  While this trend predominantly affects the business community, aspects of cloud utilization is now starting to become norm in people's personal life.    Microsoft's launch of Office 365 Home Premium addresses this trend and allows households gain access to Office from pretty much any connected device.  Microsoft also allows the ability to install Office on up to 5 PCs or Macs should a traditional install be required. There are differences between the business and home offerings of Office 365, however the features provided for Office 365 premium are such to allow families to better collaborate, stay organized and communicate freely over many available access points. Office 365 Home Premium allows families to: Sign in with Microsoft Account to tailor your experience in the latest versions of Word, Excel, PowerPoint, Outlook, OneNote, Publisher and Access Store, edit and share your documents online with an additional 20 GB of SkyDrive storage Use Office on Demand when you’re away to stream full versions of Office programs to any PC Share documents and edits more easily with family members Get the whole family organized with Outlook email, scheduling, and task-list tools Capture, plan, and share notes and information with OneNote Utilize 60 minutes of Skype calls each month to phones in 40+ countries Office 365 still remains as a great option for businesses, with plans designed for companies of all sizes, from individual consultants to enterprises.  Extending familiar Office applications such as Word, Excel, and PowerPoint allowing your family to create, communicate and work together even more efficiently from virtually anywhere allows for that additional benefit of Office 365 be experienced at home.  Check it out today via Microsoft's free 30 day trial.   (Written and published by Anthony Bartolo) Posted Wednesday, January 30, 2013 2:09 PM from Canadian IT Professionals | 0 Comments Filed under: Pierre Roman, Office 365, BYOD, Anthony Bartolo, CoIT

• Plan your Windows 8 deployment with the Map Toolkit.

  We recently announced the release of the Microsoft Assessment and Planning (MAP) Toolkit 8.0. The MAP Toolkit makes it easy to assess your current IT infrastructure for a variety of technology migration projects. This Solution Accelerator provides a powerful inventory, assessment, and reporting tool to simplify the migration planning process. In this version of the MAP Toolkit, there has been numerous improvements to improve overall usability, to help you accelerate your migration to Windows Server 2012, Windows 8, Windows Azure Virtual Machine, Office 2013, and Office 365. MAP is an agentless, automated, multi-product planning and assessment tool for quicker and easier desktop, server and cloud migrations. MAP provides detailed readiness assessment reports and executive proposals with extensive hardware and software information, and actionable recommendations to help organizations accelerate their IT infrastructure planning process, and gather more detail on assets that reside within their current environment. MAP also provides server utilization data for Hyper-V server virtualization planning; identifying server placements, and performing virtualization candidate assessments, including ROI analysis for server consolidation with Hyper-V. Download MAP 8.0 Toolkit Key features and benefits of MAP 8.0: Determine readiness for Windows Server 2012 and Windows 8. Assess environment for Office 2013. Plan migration to Windows Azure Virtual Machines. Track Lync Enterprise/Plus usage. MAP Toolkit 8.0 adds following four new scenarios to help you plan your IT future while supporting your current business needs New! Windows 8 and Windows 7 Migration New! Windows Server 2012 Migration New! Server Consolidation with Hyper-V New! Virtual Desktop Infrastructure Capacity Planning Additional Resources: For how-to videos and case studies, visit the Microsoft TechNet Microsoft Assessment and Planning Toolkit webpage. To interact with other members of the MAP community, learn more about the tool, and get help with questions, visit the MAP Community Forum on TechNet. To send feedback or suggestions for improving the MAP Toolkit, send email to mapfdbk@microsoft.com. For questions about how to install the MAP Toolkit, including details about prerequisites, download and refer to the Release Notes. For answers to frequently asked questions about the MAP Toolkit, see the MAP Toolkit Frequently Asked Questions The MAP blog http://blogs.technet.com/mapblog/ Training Kit with Sample Database can be found here IMPORTANT: MAP Toolkit 8.0 does not support database upgrades from previous versions of the toolkit.   Hoe this helps!   Cheers Pierre Roman, MCITP, ITIL | IT Pro Advisor Twitter | Facebook | LinkedIn Posted Monday, January 28, 2013 10:50 AM from Canadian IT Professionals | 0 Comments Filed under: Pierre Roman, deployment, Windows 8