Månedlige arkiver: juni 2012
What is orchestrator and should I care?
Well first of, you should care
This product will be a life-saver for many, and it is a crucial part of Microsoft’s private cloud solution.
But what is Orchestrator anyway?
It is a part of the Microsoft System Center family and the latest release is Orchestrator 2012, for those that don’t know the history of Orchestrator.
It was previously known as Opalis, which was actually made by a company called Opalis Software which was acquired by Microsoft.
It is a Process automation tool, and lets face it.. There are many tasks out there that could be automated but you don’t have the time or the resources to create a script to do the job. This is where Orchestrator comes it!
Microsoft describes Orchestrator as this:
Orchestrator provides a workflow management solution for the data center. Orchestrator lets you automate the creation, monitoring, and deployment of resources in your environment.
I’m going to give a short intro of how Orchestrator works, with the different roles, integration, creating “runbooks”
First of Orchestrator consists of the following roles:
A runbook server is where an instance of a runbooks run. These servere communicate directly with the Orchestrator database.
If you open the Deployment Manager you can see the runbooks server on the left side.
This database contains all the deployed runbooks, the status of these, log files and config data Orchestrator.
Orchestration Web service:
This is used by the Orchestrator console to interact with Orchestrator, it is also used to integrate with SCSM
So you can for instance attach a runbook to a request offering. (More that in a later post)
Now first of download Orchestrator and install it.
You can find Orchestrator here:
Second: You should also download the integration packs for other products like OpsMgr, ConfigMgr, SCSM, VMM.
And AD. Third party vendors like VM and HP also have some integration packs available. These packs gives orchestrator extended functionality towards the product. For instance I have imported 3 Integration packs. One for AD, 1 for ConfigMgr and 1 for SCSM. When I restart the runbook designer after I imported the packs I get extra sets of tasks available for AD, ConfigMgr and SCSM.
But of course you need to setup a connection to each individual system before you can use these tasks against the systems. So go into the options menu on Runbook Designer and you get a option pane for AD, ConfigMgr and SCSM. Go into each of these and setup a connection.
Now lets take a quick walkthrough in Runbook creating.
We will create a pretty simple Runbook which does the following. Based on the input parameters it will create an “incident” in SCSM. Since we now have the integration with SCSM its easy-peasy. First of we need a task that takes input from a users. So go into the “Runbook Control” option on the right side and find the task “Initialize data” and drag it out to the designer.
This task allows for Orchestrator to get input from the user, first of right click on the “Initialize data” and press Properties.
On the General tab you can change the name of the activity and the description. So lets change this to “Input data” and go over to Details.
Here we add 2 parameters
1: Called Title and choose String
2: Called Input and choose String.
Then click Finish
(You could also check under Run Behavior where you could add options for error reporting but
since this is a basic runbook I want to simplify it. )
Now it should look like this.
Next we add an activity from the SCSM tab, since now we have input data we have to create an incident.
Now select the CreateIncidentWithTemplate activity and drag it out to the “drawing board”
Now after that mark the “Input Data” activity then a mark will appear on the side then drag it over to the other activity. Then it should look like this
Now we have to change the other activity that it should get the input data from the first activity.
So right click on the CreateIncident activity and press properties.
(Now remember that you need to have an active connection to SCSM before you can finish this)
Go to the General tab first and alter the name of the activity to Create Incident.
Next go to the Details tab, alter the connection (click the … button and choose a scsm server)
Then on the Class choose; Incident and next choose standard template for incident.
And by default now you should get two fields down below.
Priority and Effect, but those two parameters we added in the previous activity is a string value which is intended for the title and the body of the Incident.
Therefore click, select optional fields and choose Title and Description, and click ok. Now back to the details menu right click on the white space next to the title and choose Published data.
Now you see you get the option to get the input from the previous activity. So choose Title from the input data paramter.
And do the same for Description.
Now we can see that the Incident is created in SCSM.
Well now you get the general idea of how Orchestrator works, this runbook was based on input data from the user, but we could also create a runbook that uses a monitor. For instance you can create File Monitor (That watches if a .log file is create/edited/access under the folder c:\checkthis) Lets say if app1 crashes it automatically creates a log file in that folder. So you need to restart a service in order for it to work. So I created a monitor activity, and if the file is there, it first creates a entry in the event log, restarts the service and also creates the log file (So the monitor doesn’t trigger again)
This was part 1 of Orchestrator post, stay tuned for more.
Orchestrator documentation on Technet:
Quick post, after I did some changes using the SDK for ConfigMgr 2012 I had trouble starting the console, It would just crash and report an error message.
Faulting application name: Microsoft.ConfigurationManagement.exe, version: 5.0.7743.0, time stamp: 0x4fb6dc3d
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7bafa
Exception code: 0xe0434352
Fault offset: 0x0000b727
Faulting process id: 0×1708
Faulting application start time: 0x01cd55eb018bd847
Faulting application path: C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\Microsoft.ConfigurationManagement.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 410539fd-c1de-11e1-ad00-080027082ac4
So instead on trying to debug tried to uninstall and reinstall it.
After I reinstalled the Admin Console from the Configmgr media I couldn’t connect. I got no error message what so ever, just that I couldn’t connect to that server. After inspecting the event viewer I saw that ConfigMgr was generating this error message.
Description = “Please upgrade your Admin Console to newer version”;
Operation = “ExecMethod”;
ParameterInfo = “SMS_Identification”;
ProviderName = “WinMgmt”;
StatusCode = 2147749889;
And now I though wtf?
And after consuming a coffee cup I remember that I had CTP1 installed, so reinstall the admin console from the CTP1 media not from the regular ConfigMgr 2012 and then it worked!
Wow busy weeks! I have been busting my ass of lately to study for my 3 exams I have had the last weeks.
First of I started last monday with 70-664 TS: Microsoft Lync Server 2010, Configuring
Then Thursday this week I took:
70-243 Administering and Deploying System Center 2012 Configuration Manager
70-246 Monitoring and Operating a Private Cloud with System Center 2012 (This one is part of the MCSE private cloud track)
Was it hard?
Yes.. its stressful and might give you a mild heart attack, just saying!
How did you do it?
Lync 2010: This was the hardest part since It was my first time I ever touched the Lync platform, but I already had experience on Exchange which was a huge benefit.
But I have been reading for it for about 3 months. I used this book –> http://www.amazon.co.uk/Mastering-Microsoft-Lync-Server-2010/dp/1118089537/ref=sr_1_1?ie=UTF8&qid=1340618444&sr=8-1
And I also setup a full virtual environment for Lync which I tested a lot! Of course I cannot test all of the functionality since It requires hardware I don’t have. But the book manages to give you a good understanding of how Lync works.
ConfigMgr 2012: I have been using ConfigMgr 2012 since the first beta was released, and I already had experience from SCCM 2007 so this was the easiest one.
Private Cloud: Like ConfigMgr I’ve been using all of the system center products since they were released in Beta, some of the products I had experience from the previous releases, but some I had my first experience with in the 2012 release.
Order a book! I would recommend the book I used –> http://www.amazon.co.uk/Mastering-Microsoft-Lync-Server-2010/dp/1118089537/ref=sr_1_1?ie=UTF8&qid=1340618444&sr=8-1
Setup a virtual environment! You can only get so far with just reading the book, you need hands-on experience in order to fully understand Lync, it’s a complex bit of machinery. You also need an internal PKI setup in order to install Lync.
Also you need to know the basics of how to publish resources via Forefront TMG. You don’t need to go so far as to order a book, but If you want to I would recommend this –> http://www.amazon.co.uk/Microsoft-ForeFront-Management-Administrator%2527s–Administrators/dp/0735626383/ref=sr_1_1?s=books&ie=UTF8&qid=1340618754&sr=1-1
Use Technet for Lync. Microsoft has loads documentation for their products –> http://technet.microsoft.com/en-us/library/gg398616.aspx
I also have a couple of blog posts regarding Lync basics and setup.
Remember to don’t overdo it Lync is huge and you can’t learn everything, remember what skills are tested in the Exam.
Managing Users and Client Access (20 percent)
- Configure user accounts.
- This objective may include but is not limited to: enabling Active Directory users, moving users, applying policies to users, and managing users in bulk
- Deploy and maintain clients.
- This objective may include but is not limited to: deploying Communicator, configuring group policy, configuring client version policy, deploying the Attendee/Attendant consoles
- Configure conferencing policies.
- This objective may include but is not limited to: configuring general conference settings, configuring A/V settings, configuring web conferencing settings, and configuring Application Sharing settings
- Configure Instant Messaging (IM) policies.
- This objective may include but is not limited to: file transfer filters and URL filters
- Deploy and maintain Lync Server 2010 devices.
- This objective may include but is not limited to: publishing device updates, configuring device policies, managing and deploying common area devices and analog devices
- Resolve client access issues.
- This objective may include but is not limited to: enabling/disabling logging, using Snooper to open and navigate trace file, troubleshooting EWS and Address Book errors, using client tools to troubleshoot connectivity issues, and troubleshooting certificate errors
Configuring a Lync Server 2010 Topology (21 percent)
- Prepare to deploy a topology.
- This objective may include but is not limited to: installing local configuration stores, provisioning servers in Active Directory, modifying features and roles on Windows servers, preparing DNS, deploying the Central Management Store
- Configure Lync Server 2010 by using Topology Builder.
- This objective may include but is not limited to: configuring site details, configuring simple URLs, site federation route, configuring Lync Server roles and pools, and using the Best Practices Analyzer to validate deployment
- Configure role-based access control in Lync Server 2010.
- This objective may include but is not limited to: creating and assigning roles
- Configure a location information server.
- This objective may include but is not limited to: configuring LIS with Windows PowerShell, creating and assigning location profiles, associating addresses with physical locations, and enabling/disabling E911 disclaimer
- Configure server pools for load balancing.
- This objective may include but is not limited to: hardware load balancing and DNS load balancing
Configuring Enterprise Voice (19 percent)
- Configure voice policies.
- This objective may include but is not limited to: user, site, and global, configuring phone usages, and running test cases
- Configure dial plans.
- This objective may include but is not limited to: normalization, assessing impact of trunk groups, and accommodating PBX coexistence
- Manage routing.
- This objective may include but is not limited to: configuring and troubleshooting voice routing
- Configure Microsoft Exchange Unified Messaging integration.
- This objective may include but is not limited to: dial plans and policies
- Configure dial-in conferencing.
- This objective may include but is not limited to: configuring access numbers and dial-in participant settings
- Configure call admission control.
- This objective may include but is not limited to: configuring and troubleshooting Bandwidth Management
- Configure Response Group Services (RGS).
- This objective may include but is not limited to: configuring agents, RGS groups, RGS queues, and RGS workflow
- Configure Call Park and Unassigned Number.
- This objective may include but is not limited to: feature interaction
- Manage a Mediation Server pool and PSTN Gateway.
- This objective may include but is not limited to: creating and configuring a Mediation Server pool, configuring Media Bypass, configuring Gateway settings, and coexistence and migration considerations
Configuring Lync Server 2010 for External Access (19 percent)
- Configure Edge Services.
- This objective may include but is not limited to; configuring Director Services, creating and configuring external access pools, and configuring federation
- Configure a firewall.
- This objective may include but is not limited to: IP addresses, port settings, NAT, and routing
- Configure a reverse proxy.
- This objective may include but is not limited to: configuring certificates, Lync Server web components, and Autodiscover
Monitoring and Maintaining Lync Server 2010 (21 percent)
- Back up and restore Lync Server 2010.
- This objective may include but is not limited to: SQL databases and instances, contacts with dbimpexp, topology with Topology Builder, topology with PowerShell and file shares, and activating CMS on a new front end
- Configure monitoring and archiving.
- This objective may include but is not limited to: reporting services and SQL, archiving IM and Group Chat, monitoring A/V quality, and compliance considerations
- Implement troubleshooting tools.
- This objective may include but is not limited to: analyzing events logged in Windows Event log, creating a trace file with OCSLogger, analyzing troubleshooting data, and selecting a troubleshooting tool
- Use PowerShell to test Lync Server 2010.
- This objective may include but is not limited to: proactively testing connectivity and topology and using synthetic transactions
And last but not least, get a basic understanding of what Powershell cmdlets are available.
Same procedure as Lync, first of order a book!
There are already a couple of books avaliable from Amazon.
Setup a virtual environment, ConfigMgr requires less infrastructure then Lync, and you can test all of the functionality from a virtual lab.
I have a lot of post regarding ConfigMgr 2012 how to setup and the different settings you can do.
I would also recommend taking a look at MVP Niall Brady Site windows-noob.com he has a lot of guides for ConfigMgr 2012.
And also get a good understanding of what log files are used in ConfigMgr 2012 (And there are a lot!)
Use Microsoft Technet:
Use Microsoft Virtual Academy: They have their own track for ConfigMgr 2012 which you should take!
Last but not least, remember what is being tested on the exam.
Design and Plan System Center Configuration Manager Infrastructure (13%)
- Plan System Center Configuration Manager hierarchy and site system roles.
- This objective may include but is not limited to: pre-installation requirements, examining the current computing environment, CAS, primary and secondary sites, branch cache, designing and recommending System Center Configuration Manager server architecture, extending the Active Directory schema (DNS service records, WINS), managed providers, discovery methods, and planning migration
- Plan and configure security.
- This objective may include but is not limited to: PKI or self-signed certificates, HTTP or HTTPs implementation, NAP, FEP, and planning role-based security
- Define the Business Continuity Plan (BCP).
- This objective may include but is not limited to: disaster recovery and site maintenance
Manage Operating System Deployment (OSD) (12%)
- Configure the OSD environment.
- This objective may include but is not limited to: configuring WDS, configuring PXE, configuring the VM build environment, and integrating with MDT
- Build and capture an image.
- This objective may include but is not limited to: updating base images, task sequences
- Deploy an image.
- This objective may include but is not limited to: new (bare metal) and upgrade images, VHD deployment
- Manage images.
- This objective may include but is not limited to: drivers, servicing
Deploy Applications and Software Updates (14%)
- Create an application.
- This objective may include but is not limited to: defining deployment types, deploying applications to RDSH, MSI, and App-V, and converting a package
- Deploy an application.
- This objective may include but is not limited to: user device affinity, compliance settings, Software Center, and task sequences
- Monitor application deployment.
- This objective may include but is not limited to: resolving issues, managing application distribution points, distribution point groups, Content Library, SQL Server Reporting Services (SSRS), log files, and In Console Monitoring
- Manage the software library and application catalog.
- This objective may include but is not limited to: web portal configuration, work schedule, and definition of primary machines for users
- Create and monitor software updates.
- This objective may include but is not limited to: Automatic Deployment Rules (ADR), SSRS, creating update groups, creating deployment packages, log files, and In Console Monitoring
- Configure FEP clients by using System Center Configuration Manager.
- This objective may include but is not limited to: creating and managing policy by using Configuration Manager, configuring definitions within the client policy, exporting from Configuration Manager, choosing which template to use, and select exclusions
Manage Compliance Settings (11%)
- Build a Configuration Item (CI).
- This objective may include but is not limited to: creating a CI, importing a CI, setting CI versioning, and remediation rules
- Create and monitor a baseline.
- This objective may include but is not limited to: importing a configuration pack, building a custom baseline, SSRS, log files, In Console Monitoring, deploying a baseline
Manage Sites (12%)
- Manage collections.
- This objective may include but is not limited to: setting maintenance windows, defining rules for collections (collection membership, query-based collections), collection-specific settings
- Monitor site health.
- This objective may include but is not limited to: SSRS, log files, In Console Monitoring, Toolkit
- Configure software updates.
- This objective may include but is not limited to: sync schedule, catalogs, products, WSUS, and superseded updates
- Manage site communications.
- This objective may include but is not limited to: configuring bandwidth settings for a site address, configuring senders, secondary sites (file-based replication, SQL replication paths), resolving DP connections
- Manage boundary groups.
- This objective may include but is not limited to: creating boundary groups, using boundary groups in more than one DP, client roaming, Internet-based clients
- Manage role-based security.
- This objective may include but is not limited to: security scopes, custom roles, cloned security roles and permissions
Manage Clients (14%)
- Deploy clients.
- This objective may include but is not limited to: GPO, WSUS, logon scripts, manual, client push, OSD task sequence, monitoring client health
- Manage mobile devices.
- This objective may include but is not limited to: enrolling mobile devices, Exchange Connector, AMT enrollment point (out-of-band management), and wiping mobile devices
- Manage client agent settings.
- This objective may include but is not limited to: desired configuration settings, mobile device client agent, NAP client agent, configuring power management, configuring remote control agent, hardware inventory agent, software inventory agent, software metering agent, advertised programs agent, computer agent
Manage inventory (12%)
- Manage hardware inventory.
- This objective may include but is not limited to: configuring MOF, export and import settings, enabling or disabling WMI classes, extending hardware inventory to other client assets, WMI or registry reporting
- Manage software inventory.
- This objective may include but is not limited to: standardized vendor name, list of tracked inventory, report inventory data, asset intelligence, software metering (enable or disable rules, report software metering results)
- Monitor inventory data flow.
- This objective may include but is not limited to: client-to-site, site-to-site
Manage Reports and Queries (12%)
- Build queries.
- This objective may include but is not limited to: console queries, WQL, sub-selects
- Create reports.
- This objective may include but is not limited to: cloning and modifying reports, creating custom reports, import and export reports
- Manage SSRS.
- This objective may include but is not limited to: configuring security, configuring caching, configuring subscriptions
Private Cloud 70-246:
Again, books…. There is a book available from Amazon –> http://www.amazon.co.uk/Microsoft-Private-Cloud-Computing-Aidan/dp/1118251474/ref=sr_1_1?ie=UTF8&qid=1340619577&sr=8-1
Remember this exams test your knowledge of many products which include, SCVMM, Orchestrator, Service Manager, Operations Manager, SCDPM, App Controller. It is not as “in-depth” as the other exams but you need to know your stuff.
I would also recommend visiting MVP Kristian Nese’s blog, he has a lot of post regarding much of the exam objectives –> http://kristiannese.blogspot.no/
Remember test test test in a virtual lab, know how these products integrate and how the communicate!
And Microsoftvirtualacademy.com has a lot of courses relating to each of these system center products so take a look there.
And Last but not least, don’t overdo it. Each product alone is a HUGE subject and you can’t possibly know every detail about each and every product. Look at the Exam Objectives –>
Configure Data Center Process Automation (17%)
- Implement workflows.
- This objective may include but is not limited to: SCO Runbook automation, automate remediation of incidents, design and build end-to-end automation incorporating System Center 2012 technologies
- Implement service offerings.
- This objective may include but is not limited to: Add a new service offering to the service catalog, create a custom workflow using the Service Manager console, reference Orchestrator workflows in Service Manager
Deploy Resource Monitoring (20%)
- Deploy end-to-end monitoring.
- This objective may include but is not limited to: Deploy agents, Discover and deploy network device monitoring, import and configure management packs, deploy and configure monitoring of a heterogeneous virtualization infrastructure
- Configure end-to-end monitoring.
- This objective may include but is not limited to: Configure overrides, create synthetic transactions, configure Outside-In monitoring, configure application performance monitoring (APM), create distributed application models
- Create monitoring reports and dashboards.
- This objective may include but is not limited to: Service-level tracking, reports, dashboards
Monitor Resources (23%)
- Monitor network devices.
- This objective may include but is not limited to: Analyze network device health, manage Operations Manager alerts, manage notifications
- Monitor servers.
- This objective may include but is not limited to: Monitor the Operating System Environment (OSE), monitor server applications, manage Operations Manager alerts, manage notifications
- Monitor the virtualization layer.
- This objective may include but is not limited to: Monitor host and guest performance, monitor virtual applications, manage Operations Manager alerts, manage notifications
- Monitor application health.
- This objective may include but is not limited to: Application Performance Management (APM), synthetic transactions, manage Operations Manager alerts, manage notifications, distributed applications
Configure and Maintain Service Management (18%)
- Implement service level management.
- This objective may include but is not limited to: Define service level objectives (SLOs) and service level agreements (SLAs), implement SLA management and escalation, maintain SLAs (including planning for future growth), analyze SLAs (reporting)
- Manage problems and incidents.
- This objective may include but is not limited to: Working with problems, working with incidents, root cause analysis/diagnosis
- Manage cloud resources.
- This objective may include but is not limited to: Deploy new applications, deploy VM/service (applications, SQL, roles), demonstrate application deployment leveraging service templates, manage applications, manage VM hardware (CPUs, Dynamic memory), manage self service
Manage Configuration and Protection (22%)
- Manage compliance and configuration.
- This objective may include but is not limited to: Security and compliance management (includes IT GRC process management pack), analyze and remediate configuration compliance, analyze data in System Center Advisor
- Manage updates.
- This objective may include but is not limited to: Update machine roles in a service template, manage and update applications across multiple clouds, manage software updates
- Implement backup and recovery.
- This objective may include but is not limited to: Back up/recover product settings, Back up/recover the cloud infrastructure, manage backups (protection groups, storage), implement business continuity for the cloud
I also have a some blog posts regarding each product.
With the upcoming release of Windows 8, allot of people have stated that this OS is not meant for the enterprise businesses. Some say that it will be a new vista(Even thou I was really satisfied with Vista).And some are just excited for the new release! Like myself!
(NOTE: THIS POST IS BASED ON WINDOWS RC, SOME FEATURES MAY STIL L CHANGE UNTIL RELEASE)
Either way, I can say for certain that this does not smell like a new vista release. This is a (so far since it is in RC ) stable, solid, speedy, packed with allot of features OS. So far there aren’t any BIG exciting features for the enterprise businesses that isn’t already in windows 7.
Of course there will be some people that want windows 8 because its new and hip and it has metro
But my general opinion is that windows 8 is primarily aimed at the regular user.
if you wish to deploy windows 8 in a enterprise remember the following,
1: end-user training ( this is always a point regardless of which operating system deployment) but the normal users are used to have start menu click click click.. So if you are upgrading to Windows 8 the end-user training will take a lot of time.
2: App-store and policy. With windows 8 Microsoft has released an Appstore and how will you control it within your enterprise? Should users be able to install apps from the Appstore?
3: Application comp ability (again this is a valid point for every OS deployment and every windows 7 app works with windows 8)
Of course there are some new features that is aimed at the enterprise level, I will go trough this in detail later. But this post is going to explore the new features in Windows 8 and see if it worth the investment for the user.
Let’s call it a mini review. Since this post is going to be huge.
For the end-user the biggest difference will be the new GUI called Metro.
Microsoft is going to enforce this GUI on to all users, so there is no way to disable this GUI like you could with Aero.
Bad call from Microsoft? Well…. Microsoft wishes to convert developers to develop for the Metro GUI and you can’t do that without having the users to actually use it.
And Apps that is created for Metro is also useable for Windows RT and Windows 8 phones! Which will make 1 Metro apps available for many platforms.
Users of the regular windows can switch between Metro and the regular desktop by pressing the Windows button. It takes some time getting used to, but once you get comfortable with it rocks!
IT comes by default with some Apps created from Microsoft such as Mail ,Calendar, Picture, Map, SkyDrive, Store, Camera, XBOX Live & so on.
If you need to know a bit more about Metro you can see my previous post regarding Windows 8 shortcuts.
When regarding troubleshooting, Windows has a lot of features available for the user when regarding
2: Application Troubleshooting.7
3: OS Troubleshooting.
Now if you wish to open Advanced troubleshooting menu (for a computer you have to press F8 button during boot)
And you get these options (If you have multiple OSes installed you will have another button here that says choose OS)
If we explore the Troubleshooting menu we have these options.
Microsoft has added some extra features to Windows 8, called “Refresh your PC” And “Reset your PC” Under Troubleshoot.
Refresh your PC:
Your files and personalization settings won’t change
Your PC settings will be changed back to their defaults.
Apps from the Window Store will be kept
Apps you installed from discs or websites will be removed
A list of removed apps will be saved on your desktop
This well be useful when you are getting a sluggish system.
Reset your PC:
All your personal files and apps will be removed
Your PC settings will be changed back to their defaults
Which can be useful if you say sell your computer.
If those aren’t enough Windows has some other tools we can use under Advanced Options.
System Restore is a known feature which has been included with the latest releases. System Image Recovery is also a known feature which allows you to revert your computer back in time to a state where the image was created.
Automatic Repair is a new feature that check’s if there is missing or damaged system files that make Windows unable to boot. Note this is a replacement for the “Last know good configuration” in previous version.
If you manage to come into Windows you have a lot more features there regarding troubleshooting.
Windows also have a lot of Maintance tasks in order to prevent Windows to becoming sluggish. And by default there is a Automatic Maintance that runs at 03:00 each night. (IT also by default has the right to wake computers up from sleep) (I have no idea what the task does but it is hidden in task scheduler)
Windows 8 also comes with Windows Defender, (Witch basically is Microsoft Security Essentials wrapped around with the name Windows Defender)
Is this healthy for the competition ? Not really since Microsoft is deploying its own antivirus solution with the OS, most people won’t bother getting a new one. And for most people this is enough.
Microsoft is scoring pretty high with their AV software, that it has low memory consumption and it’s free, and offers pretty decent protection.
Of course it’s not very high on features but it gets the job done.
Even if it isn’t good for competition, the fact that this is installed by default, gives the users more security as soon at the OS is installed.
Windows Firewall hasn’t changed a lot since Windows 7. You have all the same features as you did before, nothing new and exciting here.
There has been some improvements in the Zone identifier service. (In Windows 7 I had some issues with the zone identifier just switching from domain to private)
Now this is a feature I Love! View event changes on Device Drivers.
Now you can view changes in a device driver via Event Viewer (They don’t show by default in event viewer so you have to open Device Management and go to Events on a particular device)
But so far I haven’t had any faulty drivers for Windows 8, even NVidias device drivers work like a charm!
Storage Spaces, now that’s a new feature in Windows 8.
This is a software-raid feature. It allows you to add devices to the computer and then create virtual hard drives on that device. Or you can split the hard drive over multiple physical disks.
If you have 3 physical devices, you can have equivalent to RAID 5.
But remember this is not hardware based, so this might affect the CPU.
File History is a kinda-new feature for Windows, it replaces the “Shadow copy” this function’s main property is to take a copy of a file based on what settings you set.
The default setting is Save a copy each hour, use 5% of disk space and keep saved versions forever. It is also recommended that you use an external drive USB harddrive or something when you want to use file history.
And alas! Windows 8 also comes with the same Memory Diagnostic program as before.
A big change that has happened in Windows 8 is the revamp of Task Manager.
First of if you open Msconfig and check the startup pane you will see that you have to open the Task Manager in order to see that startup applications.
The Task Manager has gained a lot of improvements.
As you can see here. The Startup items is now moved to the task manager.
You can even view the App history via Task Manager (This however might be a problem, if a admin can see the App history of another user, this is configurable via Group Policy if you wish to disable App history)
You can also minimize all the services for a particular user.
The Performance window has also become a lot cleaner.
Something new to the remote desktop client is the ability to detect what kind of WAN link you are on, and configure what quality to use.
And Persistent bitmap caching is moved down and is enabled by default.
By pressing the file button you now get access to open command prompt and PowerShell
And all the toolbar buttons open a set of commands.
For application troubleshooting, you now have the option to run the compability troubleshooter directly from the Compability tab.
The settings you can apply to an application is the same as before. One new feature that might be useful for application compability is that Windows 8 now features hyper-v.
Im guessing Microsoft will be using this in the future for deploying vm hosted apps.
New password settings.
In Windows 8 you have the possibility to set a Picture password which allows you to create a gesture.
You can also create a PIN code which you can use to login in with (NOTE: This code only uses numeric code and 4 characters long and can only be used to login locally, not RDP)
You can also register/login with your windows live account.
And a very improved feature is PowerShell support.
Windows 8 now has approximately 1000 cmdlets and functions out of the box, while Windows 7 has about 400.
PowerShell ISE has gotten a revamped GUI, and you can now have all the commands available from the menu.
When selecting one commands you now get the variables available for that command up.
You can also use “Show-command” in a regular PowerShell session to get a list of all the PowerShell commands.
Now this is a nifty little feature, this allows you to have a bootable Windows 8 from a USB-drive. Which allows you to carry your OS around you on a stick!
Secure? Not-really unless you have a hardware switch that allows for encryption of the thumb-drive ( but then again you get a slower OS)
If you want to try out windows 8 to go, you need to download the tool Imagex which is found in the WAIK tool. http://www.microsoft.com/download/en/details.aspx?id=5753
Then open diskpart via a command promt (as administrator)
type list disk
find the disk drive that is going to be used with windows to go
type select disk * (where * is the number of the disk)
type clean and press enter
type create partition primary and press enter
type format fs = ntfs quick and press enter
type active and press enter
Next we have to use the Imagex tool to install windows on the usb-drive.
c:\imagex.exe /apply e:\sources\install.wim 1 f:\ and press enter
This command user Imagex to install windows from e:\ (This is the installation media of windows) onto the drive F: (This is the thumb drive)
When this is done, you have to edit the boot record.
bcdboot.exe e:\windows /s f:
Remember there are some limitations to using Windows to go:
- Hibernate and sleep are disabled by default. To help prevent Windows To Go from accidental data corruption during roaming hibernate and sleep are disabled. They can be re-enabled by using Group Policy settings.
- Internal disks are offline. To ensure data isn’t accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go. Similarly if a Windows To Go drive is inserted into a running system the Windows To Go drive will not be listed in Windows Explorer.
- Trusted Platform Module (TPM) isn’t used. When using BitLocker Drive Encryption a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers.
- Windows Recovery Environment isn’t available. In the rare case that you need to recover your Windows To Go drive, you should re-image it with a fresh image of Windows.
- Push Button Reset isn’t available. Resetting to the manufacturer’s standard for the computer doesn’t really apply when running Windows To Go, so the feature was disabled.
And note this is not as fast as using Windows 8 from a local disk, but then again you get the portability
IE10 (With Metro style and without)
Microsoft’s new and improved Browser now includes Flash player by default.
And with it comes new features regarding Privacy settings and smart screen filter.
As you can see there is a added feature regarding “Location”
As in the previous version you can activate family safety for other Local users.
And specify web filtering, time limits + Windows Store restrictions!
In Disk management you now have the option to create VDHX files instead of regular VHD.
- Support for virtual hard disk storage capacity of up to 64 TB.
- Protection against data corruption during power failures by logging updates to the VHDX metadata structures.
- Improved alignment of the virtual hard disk format to work well on large sector disks.
Windows 8 has a lot to offer, and for most enterprises a lot of the new features that are available regarding SMB shares in Windows Server 2012 requires that you have windows 8 in order for it to function. Might be that Windows will release a new Service Pack for windows 7 in order to support those last functions. For the regular user, is it worth the money? I think so…. When Microsoft releases Windows 8, Windows Phone 8 and Windows RT the Microsoft Appstore will explode with new apps. Since they all use the same platform (Metro)
I believe it is a bit faster then Windows 7, even thou I has the Metro overlay. I’m convinced is an improvement, give it a try yourself –> http://windows.microsoft.com/en-US/windows-8/iso?ocid=W_OFF_W8P_TechCenter_ISO_EN-US
Remember that you need to type the product key during install
With the coming of Metro in Windows 8 there are a lot of new keyboard shortcuts the users needs to be aware of, I have some of them here.
And so far I Love the metro GUI!
I like to have all my options in one screen instead of diving down into Start menu –> Folder –> Subfolder –> Application.
And it appear snappy, of course it takes some time getting used to.
Windows Button + D
Shows the desktop.
Windows Button + F
Opens the search menu on files
Windows Button + Q
Opens the search menu on Apps
Windows Button + R
Opens the Run Menu.
Windows Button + E
Windows Button + L
Locks the desktop
Windows Button + P
Display on a second screen
Windows Button + H
Windows Button + K
Opens the devices Menu.
Ctrl and Mouse scroll
Scroll out and if of the start menu. You can move the pointer and then scroll in to where you want to magnify.
And other stuff you can do!
you can also name groups of applications you have on your “dashboard” Scroll out and right click on a pane of applications.
Right click on a app to open the options pane. No I have the option to unpin, uninstall or make a pane smaller.
Note not all apps get the uninstall function and some might get other options like “Run As Administrator”
At first I was actually looking for software that integrates with ConfigMgr 2012 and make a post of that, but when I started trying Workspace Manager I got hocked.
First about RES Software, they have a lot of different software for different technology. But much is focused on desktop management, automation & follow-me data with RES Hyperdrive.
They have a good reputation on them, so if you are curious like me take a look at their product portfolio http://www.ressoftware.com/products
But! Back to Workspace Manager (Previously known as Powerfuse)
What does it do ?
Well according to RES it does this.
Increase User Satisfaction
To be productive, your users need access to reliable applications. By centralizing management, and providing IT services more efficiently based on rules, you can provide users the best possible desktop experience and simplify your workload.
RES Workspace Manager provides you with the ability to manage IT more efficiently, so you are equipped to handle the demand placed on your IT department. That means less time and resources spent on help desk calls and more time to focus on being a strategic asset to your organization.
Enhance Control and Compliance
RES Workspace Manager enables the control needed to protect corporate data and applications while still giving users the flexibility they are asking for. Maximize IT security through compliance, auditing, and allowing or denying access to IT services and resources based on a user’s context — including identity, location, device and time of day.
What does it really do?
Its kind of a replacement for group policies in regards of changing the desktop for users. For instance if you want to deploy a printer, shared folder, different settings you would usually do this via group policy. But now can now move these settings into
Workspace Manager, which in my experience allows for faster logon for the users. You can also filter these settings based on location, ip address of the user. You also have the option to integrate Workspace Manager with other software like App-V, Thinapp, Xenapp, Remote Apps, ConfigMgr and other RES products like Automation Manager and VDX.
Well you get the picture, it has a lot of features I’m going to go trough some of them, but I suggest you take a look yourself if you want to know more –> http://www.ressoftware.com/products/res-workspace-manager
Relay Server (optional)
You have the Management Console which establishes a connection to the datastore, which stores all the configuration settings. When you install an agent it will get a copy of the cache from the datastore and store it locally (So incase of downtime on the datastore, the local agent will still function) Workspace Composer uses the data from the local cache to build the Workspace for the user.
So in terms of communication:
Agent –> Relay (Optional) –> Datastore port 1942.
If this is your first setup choose “Set up a new enviroment”
Enter the SQL server info here.
Name for DB, Workspacemanager is the default name.
After I finished the install, I got this message. Stating that the Agent is running under local host, but since I choose Windows Authentication I need to change the default credentials for this service in order for it to function.
As you can see the console is pretty similar to other system center products.
The Console is split up to 5 categories.
User Context (This is very you specify and group machine objects based on loads of different settings, here you also can specify it to integrate RES with AD, Novell etc)
Composition (Here you specify how the Workspace is going to work, what functions are enabled, what printers that get connected, and shared folders etc)
Security (Here you specify what applications users are allowed to use, policies on removable folders, firewall settings, browser settings etc)
Diagnostics (Here you can view audit logs, agent overview, error & workspace analysis)
Administration (Here you can alter who has access to what? Overview of the agents & the relay server)
Of course there are other menus under the action pane, but these I mentioned above are the main ones.
First of ill show you how to integrate ConfigMgr 2012 with Workspace Manager, with this you can deploy software via RES.
Now lest go back to the Composition Menu.
As you can see we have a lot of different settings we can alter here. Now we can specify a setting for a group of computers or we can specify settings for users.
Now for the purpose of this post, ill just change the layout of the desktop and connect a shared folder.
I go into Files and Folders –> Drive And Port Mappings –>
If I go into Workspace Control, I allow this setting to get applied on all my computers, and Access control is restricted to my user CLOUD\Administrator.
Then click OK, next we change the default shell for this user. Go into Desktop and click Shell –> and choose “Use RES Workspace Manager Shell as the default shell” then click OK.
Something I forgot to do is to install Workspace Manager on another client. In my case I have a windows 7 client called Hulk.
It is basically the same installation we did before but we just choose “Connect to an existing environment” here.
When you have installed the software, you can see that the agent will appear under administration –> Agents.
You also have to change the “Run Workspace Composer to Automatic”
This setting will make the workspace composer start each time a user logs on.
Now if you log onto the other computer, you can see that the RES service fires up and start composing the workspace.
Now I have only touched the surface for this product, but I can say that these settings I changed went a lot faster then if I would use group policy.
And you have a lot more flexibility here when regarding to filtering, where in Group Policy you have more limited functionality.
And with the integration functions you have a lot of possibilities available. I can definitely see using this product on a RDS server where you want to restrict the use of applications to those users who actually have access and not.
A lot has happened in the last couple of months regarding Windows.
And if you haven’t gotten the latest news. Microsoft has just announced its own tablet, called Windows Surface. Which was revealed at Microsoft’s mystery event yesterday.
Picture From http://www.microsoft.com/surface/
Windows Surface will come in 2 Editions.
1 with Windows RT (Which is Windows for ARM using NVidia Tegra)
1 with Windows 8 PRO (Which uses a Intel Core i5 CPU)
The specs is as following:
Surface for Windows RT
- OS: Windows RT
- Light(1): 676 g
- Thin(2): 9.3 mm
- Clear: 10.6″ ClearType HD Display supports up to 1366 x 768 resolution
- Energized: 31.5 W-h
- Connected: microSD, USB 2.0, Micro HD Video, 2×2 MIMO antennae
- Productive: Office ‘15′ Apps, Touch Cover, Type Cover
- Practical: VaporMg Case & Stand
- Configurable: 32 GB, 64 GB
- Price ?
Surface for Windows 8 Pro
- OS: Windows 8 Pro
- Light(1): 903 g
- Thin(2): 13.5 mm
- Clear: 10.6-inch ClearType Full HD Display support up to 1920 x 1080 resolution
- Energized: 42 W-h
- Connected: microSDXC, USB 3.0, Mini Display Port Video, 2×2 MIMO antennae
- Productive: Touch Cover, Type Cover, Pen with Palm Block
- Practical: VaporMg Case & Stand
- Configurable: 64 GB, 128 GB
The tablets also come with a touch cover, which is basically the keyboard for those that prefer typing via a regular keyboard. (But not everyone want a keyboard so this should be optional, so users don’t have to pay for stuff that they aren’t going to use)
Both tablets also come with two cameras, one front and one in the back. And dual microphones.
And a lot of these specs are still not confirmed as the release is still “Along way”
From the conference “Microsoft would not confirm which processors will be in them, how much RAM they’ll have, what the battery life will be, what the price will be, when they’ll be released, what GPUs they’ll have, or what the screen resolution will be.”
A lot of people complain that Windows RT “Only supports 1366 x 768 Resolution”. While the pro version supports up to 1920 x 1080.
And someone complain that how can this compare with the Ipad ? Which has 2048×1536 resolution. Of course if you can’t compete with the IPAD with similar features well then you can’t price the tablet as high.
Then again, many people don’t see that this tablet is coming with USB support, can’t see that IPAD has that? Of course you can by an adapter from Apple themselves if you want ( how convenient )
But the minimum requirements for running Windows RT is native resolution/color depth is 1366×768 at a depth of 32-bits. So I’m guessing this might change before the release
Another thing is this release might be confusing for customers, why?
Since Microsoft is releasing this in two editions (One using Windows 8 PRO and the other using Windows RT) regular users might think that this is like the different Ipad versions. One comes with 3G + WI-FI and the other one just with WI-FI.
But there’s a huge difference. For those that don’t know Windows RT is a brand new OS made for use on ARM CPU’s. Therefore I lacks a lot of features found in the regular desktop version of Windows(Domain join, remote desktop, policies, Bitlocker etc) a lot of services removed etc.). And one other thing is that applications that a compatible with Windows 8 IS NOT COMPATIBLE WITH WINDOWS RT. Windows RT only works with Metro-style apps. And this is what Microsoft wants, since they are pushing out a new OS which comes with the new GUI “Metro” they want programmers and developers to start making metro apps. Because then you can have an application that works over different platforms.
But this will most likely confuse the customers (Why can’t I use App1 on my Windows RT tablet when it works just fine on my other Windows 8 tablet?”
Microsoft has got to work hard in order to “clear the air” before releasing the tablet and the new OS.
Many people are annoyed that Windows RT won’t be able to run native apps (Which can run on desktop versions of Windows) And it lacks a lot of other features that regular windows has.
Well I’m glad that Microsoft didn’t include things like domain join and policies. Why? first of running policies on a tablet will ruin the experience and make it sluggish, and it goes the same for domain joined.
But unlike Apple, Microsoft has a solution in order to manage these tablets, in Q1 2013 Microsoft will come with a possibility to manage these products using SCCM and Windows Intune.
And back to the native apps, of course it’s a shame that Windows RT is unable to run native apps. But its like trying to use diesel on a gasoline engine (It just won’t work)
A lot of other vendors like ASUS, ACER, HP & Toshiba have also announced that they are going to make tablet for Windows 8. So why did Microsoft want to enter the tablet market since they already have a lot of partners
that want to create tablets using Microsoft OS?? Microsoft has come to the same resolution as Apple, if you manufacture all of the different components for a system like hardware, software & the operating system yourself, you get more control and therefore you might get a more solid system. Since Microsoft already has the OS and most of the apps, why not just create the hardware beneath as well. This will also make less hassle when installing drivers for instance (For the Windows 8 Pro version)
How is this good for the consumer? Well since Microsoft is charging OEM’s for 80 – 85$ for the license for arm-based tablets. So since Microsoft themselves don’t need to pay this cost, their tablet will be a lot cheaper than the others ones for other vendors. (But then again, charging the OEM’s 80 – 85$ for the license might kill the tablets since they cannot compete with Apple on the price, it remains to see)
But then again, is this a kick in the head for hardware partner’s of Microsoft ?
A bit, since they now are going to make their own tablet which is going to cost 80- 85$ less, makes their own tablet more appealing in the market for buyers. But then again more competition always makes a product better (well almost..)
And to sum it up.
A lot is happening right now! If you aren’t convinced yet, take a look at this video from the release –>
So far my posts, have mainly focused on Microsoft products and Citrix, so I thought I needed to expand the horizon a bit
I read a post about StrataApps from Appsense the other day and thought “Wow, I need to try this” but what does it do?
First of StrataApps is labeled a application virtualization solution since it allows users to install applications in a sandboxed environment. Note thou that StrataApps is not like other applications virt software.
StrataApps’ isolation engine engages only during application installation – not during runtime as with other application virtualization solutions.
What is StrataApps?
- Securely install applications without the
need for local admin rights into an isolated
environment, separate from the underlying
desktop environment – even on a locked down desktop!
- Self-service ‘Follow-me Applications’
between your various computing devices
- Create an internal, self-contained application
So therefore I needed to give this a test run. You can download StrataApps free from Appsense here –>
http://www.appsense.com/labs/strataapps (and remember this is still in beta)
* Requires .Net 4 frameworks installed before you can start the installation.
After finished the installation you need to restart the computer.
For the purpose of this demo, id try with the Winamp installer, since WHO hasn’t used Winamp ?
The installer isn’t pretty huge so it should be easy enough to install and remove.
Accept the license terms and click next –>
Choose the features, click next –>
Choose directory –>
Click next and click install. After finished the installation you need to restart the computer.
The first screen after its finished, pretty nifty ?
Now you can just download and drag the application installer into the hub.
Cool thing is that you don’t even need to drag it into the app store, when you click on a installer file it will automatically launch within strataapps.
I downloaded the winamp setup file (which is an .exe file)
And dragged it over to the app hub.
The setup start the regular winamp installer and you just click trough the wizard like normal.
After Its finished installing you can see that setup created 2 folders containing the winamp files.
In the regular folder under C:\program files & under the App folder.
And I installed Winamp now as a regular user without admin rights.
When I lauch from the app store It launches the executable contained in the regular installer file.
If I wish to uinstall Winamp I can just click and drag the Icon to the trash bin.
Note: I ran on a little error when I tried to remove Winamp from the system, after I was finished uninstalling, I seemed like I couldn’t remove a plug-in from winamp, which stayed visible in the app store.
If this is a bug from StrataApps or from the system I cannot say.
But since its still in Beta I guess there might a a couple of bugs within the software.
I’ve worked as an it admin before I safely say that this software will be to good use!
Since it allows users to install software without admin rights will be a real time saver for it admins. I don’t know how many times I’ve needed to install a small app for a user and wasting a lot of time….
Of course this software isn’t meant to replace App-V or SCCM, but for all those small pesky software that your employees need to do some thing.
For instance winamp, which you don’t want to integrate in your gold image for OS deployment
And of course you need admin rights to deploy this software as well.
But! might this software might also add some extra security risks?
Lets say that a user A (which has never had admin rights before) and gets StrataApps installed.
And he knows that he has a pesky AV solution like Norton installed from the OS deployment. Can he then download the setup file, run it in StrataApps (The setup file of course checks if Norton is installed and gives the user the option to uninstall Norton)
UPDATE: After I posted this post, I got a quick reponse from AppSense, which confirmed that you cannot remove already installed apps with StrataApps.
Quote:StrataApps is meant to be seperate from the OS/Admin installed apps. Its meant for that session/user and therefore shouldn’t allow the installation of kernel drivers etc and should error out. I also tested with a standard application – TreesizeFree.. I installed it on my local machine.. then installed it using StrataApps as a normal user. I was able to uninstall my StrataApps app, however the locally installed install remained, as expected.
As you mentioned, this is still in BETA, so it is still being worked.
I haven’t tested this, but is it possible ? If so then StrataApps has to check the program list and verify which software was installed, that StrataApps cannot modify.
If you are interested in it, I suggest you give it a try –>
For those who aren’t actively on twitter. Microsoft has just released the CTP SP1 for System Center 2012.
For ConfigMgr this is the first CTP release. But for the other products in the System Center family its CTP 2 of SP1.
And you can download them all here –> http://www.microsoft.com/en-us/download/details.aspx?id=30133
This post will mainly focus on SCCM, but what’s new for all the releases are found here.
And as it is posted in the post (from the url) this release should contain the feature to manage mac & unix.
Support for Windows 8, including deploying Windows 8 applications and the ability to detect 3G and 4G network connections to prevent delivering software at a time when data charges may apply.
· Additional operating support to extend manageability to Mac OS X and Unix/Linux servers.
But so far I didn’t find any documentation about the configmgr release http://www.microsoft.com/en-us/download/details.aspx?id=30134
So therefore I hard to write a post about it instead (NB: found this but it didn’t contain much info: http://technet.microsoft.com/en-us/library/jj158919.aspx)
It appears that Configmgr now deploys Silverlight 5 instead of 4 with the client.
And this CTP release has no support for Linux/Unix, only Mac(software deployment only havent found any mac client avaliable in this release). And it also supports App-v5 deployments. And of course Windows 8 apps.
Before you continue, start the “Get the latest Configuration Manager updates” from the Setup menu. And you also need to download the Assessments and Deployment kit for Windows 8, (you can find it here http://www.microsoft.com/en-us/download/details.aspx?id=29929) Note this is a small file but it needs to download about 3GB of files)
In my case I choose to download it to a different location ( since my lab is not connected to the internet )
Now after this is installed you can continue with the installation of the CTP.
The setup is pretty straight forward, choose upgrade system center site.
Point this to the downloaded updates –>
Click next, next –> Then it will check prerequisites (if you installed the ADK you’ll be fine) Then click install.
So after you’ve finished installing what’s next? Open the console first.
You won’t notice any changes to the gui, just some added features here and there.
New stuff I’ve found so far.
Possible to add your App-v environment.
But what is this? When I want to search for apps I want to deploy for mac it looks for the file extension *.cmmac ? Possible that the next release will come with its own dmg to cmmac package converter app ?
Database replication status (cant remember that from before under Site Hiearchy)
New WinPE images (Winpe 4.0)
New client version ( no other changes to the GUI)
Stay tuned for more.
A quick post regarding the new release beta release of AGPM 4.0 SP1
It is a part of the MDOP pack, along with Dart, MED-V, App-V, MBAM.
But what does it do? The name AGPM stands for Advanced Group Policy Management. It gives you an extension of the existing Group Policy Management and adds more features. Today if you want to create or edit a policy, well then you either have access to the policy or you don’t. And if youre not sure if your policy will work, wouldn’t you like to get a senior administrator to take a look at it before you deployed it?
And what if someone altered a policy, didnt take a copy before he/she altered it and you have no idea what was in the previous policy?
All of these problems are adressed with AGPM.
The features included are:
If your central store is offline you have no way to edit your policies, since AGPM stores its policies in another sentral archive you can still edit your policies.
As I said before AGPM is just an extenstion to the group policy management console. Some people might be a bit confused and try to look for a AGPM console
In a typical ITIL world, no changes will be done unless they are approved by the “Change Manager” So AGPM adresses this issue by creating different roles where 1 can edit and request and another can approve the policies.
You have the ability to grant administrators different functionality within AGPM, either they have the full access, approval access, editor access, or reviewer.(Look at the different roles further down the post.
And yes you can use AGPM to control polies in different forests.
Overview of the services and roles:
AGPM Client: A computer that runs the AGPM snap-in for the Group Policy Management Console (GPMC) and from which Group Policy administrators manage GPOs.
AGPM snap-in: The software component of AGPM installed on AGPM Clients so that they can manage GPOs.
AGPM Server: A server that runs the AGPM Service and manages an archive. Each AGPM Server can manage only one archive, but one AGPM Server can manage archive data for multiple domains in one archive. An archive can be hosted on a computer other than an AGPM Server.
AGPM Service: The software component of AGPM that runs on an AGPM Server as a service. The service manages GPOs in the archive and in the production environment in that forest.Archive: In AGPM, a central store that contains the controlled GPOs that the associated AGPM Server manages, in addition to the history for each of those GPOs. This includes all previous controlled versions of each GPO. An archive consists of an archive index file and associated archive data that may include data for GPOs in multiple domains. An archive can be hosted on a computer other than an AGPM Server.
Controlled GPO: A GPO that is being managed by AGPM. AGPM manages the history and permissions of controlled GPOs, which it stores in the archive.
Uncontrolled GPO: A GPO in the production environment for a domain and not managed by AGPM.
AGPM comes with 4 access roles.
- AGPM Administrator: Gives the user full control and permission to delegate permissions to other Group Policy administrators.
- Approver: Group Policy administrators assigned the Approver role can deploy GPOs to the production environment for a domain. Approvers can also create and delete GPOs and approve or reject requests from Editors. Approvers can view the list of GPOs in a domain, view the policy settings in GPOs, and create and view reports of the policy settings in a GPO. They cannot edit the policy settings in GPOs unless they are also assigned the Editor role.
- Editor: Group Policy administrators assigned the Editor role can view the list of GPOs in a domain, view the policy settings in GPOs, edit the policy settings in GPOs, and create and view reports of the policy settings in a GPO. Unless they are also assigned the Approver role, Editors cannot create, deploy, or delete GPOs. However, they can request that GPOs be created, deployed, or deleted.
- Reviewer: Group Policy administrators assigned the Reviewer role can view the list of GPOs in a domain and create and view reports of the policy settings in a GPO. Unless they are also assigned the Editor role, they cannot edit policy settings in a GPO.
So how does a typical request go forth here?
User 1 is Editor
User 2 is a Approver
User 1 requests a new policy named “Test” send it to for approval. User 2 Approves the policy, and the policy will be created in the archive. User 1 then checks out the policy from the archive and starts editing the policy. When user 1 is finished with the policy he checks it in to the archive again, a send a request for approval to deploy the edited policy. User 2 again goes inn and approves the request and the policy is applied.
Now first we can download the beta client from connect.microsoft.com
This basicly contains a client and a server. For the purpose of this post, we will install both these roles on the same server.
NOTE: If you don’t have Group Policy Management Console installed, the installer will take care of this for you( And also installes other prerequistes as needed )