presented by Mark Minasi [email protected] tech forum, newsletters at www.minasi.com Session Code: CLI324 1
Download ReportTranscript presented by Mark Minasi [email protected] tech forum, newsletters at www.minasi.com Session Code: CLI324 1
presented by Mark Minasi [email protected] tech forum, newsletters at www.minasi.com Session Code: CLI324 1 Topics Um, what do I do… Vista, Win 7, roll back to Windows 98? New UI stuff, networking changes Rolling it out, securing it, storing things Virtuality!!! Active Directory Saving Money 2 Okay, First Thing… What are they going to call it (Like anybody cares) Desktop = Windows 7 (unless it changes) Server=Windows Server 2008 R2 Server only comes in x64, no x86 Desktop still offers x86 3 "When? When? When?" "can I skip Vista? Can I can I can I? Pleeze?" General availability on 22 October Don't worry about XP support… it's extended to April 2014 So… Vista or not? 4 The Vista/Win 7 Choice is Easy Microsoft knows you hate Vista (I don't work for Microsoft, and you guys tell me anyway!) Vista's main problem was that it came out too early – many 2005 machines couldn't handle its needs, drivers didn't exist yet, nor did SP1 Which means that even if you think you hate Vista, the chances are good that if you took a fresh look at it today, it'd look pretty good 5 Vista or Win 7 = You're Fine Either Way And so… Speed is about equal between the two "If it's a Vista driver, it's a Win 7 driver" "If it runs Vista well, it'll run Win 7 well" Windows 7 includes nearly 400 "fixes," built-in shims that solve compatibility problems Any SDB-type patches created in Vista work on W7 Bottom line: you can use the same hardware for Vista or Win 7, so Win 7 will cause you no more planning needs than Vista would 6 UI Stuff SideBar's gone, now gadgets go right on the desktop UI does an interesting job of being more document-centric than app-centric: you can have MRU lists for as many apps as you like on the taskbar, as if the app were running You can control system tray behavior for each app 7 More UI Stuff Easy adjustment to make two windows share the screen side-by-side, half apiece Some tablet users will be able to run their Win 7 boxes as they were iPhones, all finger pushes (of course, most tablets currently don't respond to fingers…) ONE right-click on the Desktop gets you to video resolution Paint and WordPad get the Ribbon! 8 More UI: Libraries New way to show files, sort of an evolution of how (for example) Vista shows tunes differently than videos or pictures Extends to downloaded files (shows their URL), contacts (shows their essential values) Essentially it's a meta-view of a bunch of folders Includes and extends the notion of search folders 9 The Blue UI: PowerShell You'll see PowerShell support in a lot of things – it was a design goal Win 7/R2 has Powershell 2.0, which does neat remote stuff Remoting atop WinRM, not RPC .NET's now on Server Core, so PowerShell's on Server Core 10 Remote Access News You've heard about PowerShell and WinRM Terminal services has new name: Remote Desktop Services Not exactly a Win 7 topic, but MS is now pushing Hyper-V for virtual desktops ("MED-V") Server Manager now works remotely for role/feature control, even on Server Core 11 Networking Mobile broadband support makes mobile broadband look like a NIC, not dialup Different NICs can have different firewall profiles DHCP now has support for scope failover from one DHCP server to another and lets you block/allow MAC addresses 12 Deployment How will we get this thing out? Same "Panther" engine as Vista/08 Asks questions up front, you go away, come back, you've got a system running Very easy to script with Windows System Image Manager, free download from Microsoft Unpopular news for some: you can upgrade from Vista, but not XP 13 Deployment Multicasting Important new changes in WDS multicasting: three different "speed lanes" for multicasting images Dynamic driver provisioning: deploys an image, and removes unneeded drivers New tool: DISM replaces peimg, pkgmgr, and some of ImageX's features … and DISM patches offline virtual machines USMT "hard links" lets you wipe a disk but retain whatever files you choose 14 Security in Win 7 Some big stuff: DirectAccess Applocker Bitlocker to go No more LM DNSSEC And some odds 'n' ends 15 DirectAccess Call it "seamless VPN" Microsoft has used a process for years now whereby employees log onto the network, get an IPv6 address and tunnel (via Teredo) into MS's corpnet, using IPsec Local inside-corpnet-only addresses and names now look local ("Name Resolution Policy Table" accomplishes it) Difference: it's seamless Requires IPv6, IPsec, R2 RRAS servers – set up with a wizard 16 DirectAccess Benefits: Seamless remote access to internal resources VPN that doesn't force your Internet traffic to be encrypted Machine/machine connection means that central IT staff can patch/examine system even when user's not connected 17 AppLocker: SAFER, but Safer (SAFER= the beta name of Software Restriction Policies) Basically an improved Software Restrictions But it's a lot smarter about handling signed applications Includes a wizard that will look at a system and create an AppLocker policy for it automatically 18 BitLocker To Go Removable devices can now be bitlockered You can even create a group policy requiring it Or say, "we won't write data to this USB stick unless it's Bitlockered" As before, you can store keys in AD, or in external 48-digit keys 19 Security UAC now has a slider with four ticks on it to control how intrusive it is Windows Solution Center (which contains the old Security Center) gives you more control over what sort of notifications the system gives you, reducing its irritation factor Workgroups can now be "HomeGroups," a password-protected group that lets you connect to resources in your home's network with your company's PC without your company's security settings getting in the way 20 More Security Neat new "global security access control list" makes object access auditing more useful Just point to a user and an object and it'll tell you, "user A tried to access object B and failed/succeeded because of X group membership" Multihomed systems can now have different firewall settings Read-Only DFS for branch office security 21 And Even More… New group policies let you block NTLM logons LM can't happen Windows now has in-the-box support for biometrics (fingerprint readers etc) BitLocker To Go encrypts portable devices like USB sticks… and a group policy lets you mandate "if you want to use a USB stick, it must be encrypted" "VPN reconnect" aims to keep you connected even when the VPN's spotty, as it's smart enough to retry at multiple VPN junction points 22 DNSSEC Relatively old protocol-wise (2001-ish), but topical now Does not secure dynamic DNS updates Does secure responses to queries, with the result that it makes a DNS cache poisoning of the type recently discussed very unlikely For full effect, it'll require at least all R2 DNS servers on the forwarders/masters, and possibly on all DNS servers 23 Storage VHDs are becoming the new "container" standard, and have less and less to do with VMs You can put one on your system, install an OS to it… and tell bcdedit to boot that OS Mounting a VHD in Win7 is called "surfacing" it Diskpart is the basic tool of choice to work with it Of course, Vista & 2008 use them for backups now 24 Storage Consider the idea of a VHD-ed system; it has only A C: drive with a boot record, basically An E: drive with one file named something like "mywindows.vhd" Some BCDEDIT commands to point to e:\mywindows.vhd On drives larger than about 30 GB, Windows automatically creates a small, un-lettered partition (whether or not you mess with VHDs) Makes BitLocker easier to set up and makes for a "cleaner" looking C: drive 25 BranchCache Lite ("Distributed") So you're in a remote site, and you're using a file accessed across the WAN… Someone else on your subnet needs that file… And you supply it (without knowing) You advertise your files using a Network Discovery protocol (the thing that's replaced Computer Browser in Vista/2008) Uses multicasts, not broadcasts 26 BranchCache Lite Caches SMB and HTTP/HTTPS traffic Security integrated so you can't look at things in the cache that you don't have access to Only Windows 7 systems can participate Extra: the SMB client does more caching… reopen a file and it's as quick as if you've already opened it 27 Hosted BranchCache What's that you say, you have more than one subnet? Enable BranchCaching on a local server Caches on the basis of hashed 64K blocks Server is obviously faster and can dedicate more resources It's a "role" in 2008 R2 (Enterprise/Datacenter) Windows 7 clients know to use it because group policy tells it to 28 Virtual Machines/Hyper-V Live Migration (like VMotion), shifts in ~10 ms range New NIC hardware supports separate queues for different virtual NICs, Hyper-V supports it Ditto NICs with embedded network switches Second level address translation on CPUs now supported – solves a problem (flushing VM page tables) that can take up to 10% of CPU time 64 cores supported 29 Active Directory Changes New domain functional level New task-oriented UI: AD Administration Center PowerShell cmdlets AD Recycle Bin Automatically maintained domain-based service accounts, new type of account ("Managed Service Accounts" Best Practice Analyzer Offline Domain Join 30 AD and PS We get 70+ PowerShell cmdlets for AD New AD Administration Center is the new AD GUI tool but, interestingly enough, it's really just a PowerShell application – PowerShell 2.0 supports GUI forms, so … but under the hood, it's nothing more than a GUI front end to PowerShell commands No "reflectivity," though… bummer! 31 performance, less power, easier hardware updates… 32 Miscellaneous Good Things Problem Steps Recorder The way that the OS gives RAM to apps changes (with Vista, it's pretty generous in an attempt to make it faster), and so W7 should use less memory Non-miniport print drivers mean no (well, fewer) printer driver blue screens Print drivers can be isolated 33 Power Management Big push on this New "AQ" logo program Three power management defaults all yield 10% better power use "Core Parking" shuts down particular cores or entire sockets when not needed on Windows 7 and R2 systems 34 Thanks for coming! You can contact me at [email protected] Free technical newsletters at www.minasi.com Online technical support there as well Enjoy the conference!!!! 35 Complete an evaluation on CommNet and enter to win an Xbox 360 Elite! © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.