Microsoft Tech-Ed 2008 (Day 4)

Posted: November 7, 2008 in Computer and Internet

Not only did I had a early bird registration for Tech-Ed, I was the early bird today. The sessions today start a half hour earlier because this evening there is a community party. When checking up on my 2 colleagues to go for breakfast there was no response, probably still tired after yesterdays country drink ;-).

First session today was:  Windows Server 2008 Active Directory Best Practices! The first interesting topic they talked about was the Fine-Grained Password Policies (FGPP). By creating Password Setting Object (PSO) in Active Directory and assigning these object to groups you can set multiple password policies which was only possible on the domain level before this feature was implemented.
If you are going to deploy a Read Only Domain Controller (RODC) in a branch office you can use the install from media option. With this option it is possible to create a media via ntdsutil on the command line and burn it on cd. You can then send/use this disk to your branch office to deploy your RODC without sending the complete AD-replication over the WAN, only the delta’s need to be send over the WAN. All the secrets from this media is removed so if the media has fallen in the wrong hands no data is compromised.
If you audit your AD and you have multiple DC’s in your domain there is no consolidated view (yet) for these auditing events. You can use forwarding events from the new event viewer to forward these to one server or use System Center for this.
When you have your Global Catalog Servers in Hyper-V and it faces Exchange Servers you’ll need to take in account that this could create lots of I/O on your disk so take this in account when planning your Hyper-V. Another feature that need consideration is when you want to use Bitlocker in Hyper-V. This could be a potential problem because Bitlocker stores the encryption key in AD but if all your DC’s are on Hyper-V and you have a problem with your Hyper-V so that the DC’s can’t start, you cannot access your data that is encrypted with the Bitlocker. Therefore Microsoft recommends that you keep 1 DC on a physical machine.

The second session was The Case of the Unexpected… This session was given by Mark Russinovich who is the developer of the SysInternals tools that we all use. If you don’t you must certainly check them out!! These tools are great for trouble shooting performance problems and hangs in your systems. During a demo of Process Explorer, which is much better then the standard task manager of Windows, he explained how you can even see the stack of a process for even deeper troubleshooting. Another nice feature of this tool is the Windows Owner button that you can use to troubleshoot error message when not clear from what process the message is.

During the lunch I went to see what improvements there have been made in the Security of Internet Explorer 8. One of the new feature is Inprivate Browsing or like I like to call it, the porn surfer :p. When you use these feature it will open a new browser window for surfing. If you close this browser all history, typed url’s and cookies that were used in that browser session will be erased from the disk so that no one can tell from the browser history which sites you have surfed to. I think that if this information was written to disk it is still possible to retrieve this information with undelete tools, but it is a nice feature.
Like Google’s browser Chrome Internet Explorer 8 will also have a process per tab which means that if when sites hangs it doesn’t interfere with the rest of the browser.
There was no final release date announced because there is still coming lots of feedback from the beta 2 version from the users for the moment.

The fourth session of the day was Learn about the Cross Platform Extensions Beta for System Center Operations Manager 2007. I don’t have to monitor any Unix/Linux machines at my current job but since I’m developing my skills/interest in Operations Manager I preferred this session above others. There will by made a API available, probably in the RTM of R2 or else in a resource kit, to create scripts that read input and give output to this API which provide the data to a created Management Pack. These scripts can be Phyton, Perl,  Bash ….
Concerning monitoring network devices out of the box which was actually out of the scope of this session, this will be implemented if V10 (2010) of Operations Manager.

The next session was about Virtual System Center: Running and Maintaining the System Center Suite on Microsoft Hyper-V. This session was more of a best practices of System Center running on the Hyper-V platform. For optimising performance you should use pass trough disks on disks that need high I/O. It’s a bad idea to use dynamically expanding disk because they create even more I/O.
Microsoft recommends that you down rate your processor by 10% when planning your machine in Hyper-V, so a 2,2GHz processor in Hyper-V would be 2GHz.
For planning your Hyper-V environment you can use the Microsoft Assessment and Planning Toolkit 3.2. And as being a fresh Operations Manager fan, there is off course a management pack for Virtual Machine Manager.

The 6th session of today was Troubleshooting Group Policy for Windows Vista and Group Policy Preference Extensions. Not much new to me was told in this session, like use the Group Policy Management Console reporting option to troubleshoot if the policy isn’t applying as expected.
What was new to me was the command line tool GPlogview which can be downloaded from the Microsoft website. This tool needs to run on the client receiving to policy and keeps running in the background while you refresh the group policy with gpupdate and it will then parse all the events related to group policy for you. You can even create a html-report out of the result.

The last session of the (longest) day was Creating an Adaptive Infrastructure with HP Proliant and Microsoft. This was more of a partner session where HP presented their superior blade servers and software solutions they offer as well as HP Services that you can use to help you with the planning and/or deploying Hyper-V infrastructures. Lots of information that was told in this session can be found on the HP-website.
Oow, yes! HP creates managements packs for HP Proliant Servers that are free to download for all HP customers :p.

A website that I should mention for those of you that don’t know it is Codeplex, it’s actually the SourceForge of Microsoft. Having said that, it’s been a very long day, 7 sessions and probably even more beers and my longest blog this week I’am off………


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s