Microsoft Tech-Ed 2008 (Day 5)

Posted: November 8, 2008 in Computer and Internet

The last day of what’s been a great week. A quick run along on the beach just aside the shore of the ocean and the sun rising over the horizon. That should get the alcohol out of my system that was consumed in the bar last night :-).
I did almost 22km this week in Barcelona and I most say that there are lots a people running in Barcelona. I crossed many runners these past few days. After a shower and breakfast it’s back to the conference center.

1st session today is Auditing in Windows Server 2008. Auditing is something lots a company think that they should have after an event occurred where data was breached or settings changed, misconfiguration etc. and they want to know who did what, where and when? The problem is that you can’t audit everything, it’s not feasible to implement or manage and it would have impact on the performance of your systems. Tracking changes is hard to do, think about when you open up the AD Users and Computers console, do you know or think about to which DC you are logon onto?
To develop on audit plan your first step should be to see what needs to be audited. Then you need to identify how the information is logged in the security event log because this will vary on the type of events that has occurred. Third step is to implement audit policy and ACL’s. In Windows Server 2008 the there are subgroups defined in the Audit Policy which makes it easier to manage. And finally you need to collect this information. My new friend Operations Manager can help you with this by using the ACS, Audit Collection Services. Isn’t this is nice product :-).

For the second session I was indecisive on what session the follow, so I did another hands on lab on Operations Manager. Some of these labs that are here at the conference you can do online if you have a TechNet Subscription. You should take time to do these, there are many tracks available and you don’t need to setup the environment yourself, which gains some time.

During lunch a went to a session on Managing GPOs with Advanced Group Policy Management. The new version of GPMC has some great new features in it. First one is the possibility to do a check in/check out when editing a policy. This is to prevent that 2 administrators would open the same group policy and  make changes on the same setting.
Roles can be defined on which group of administrators can do what in GPMC. You can for example create a group that only can edit policies but can’t deploy them. The administrator will receive a email (if the GPMC is configured to do so) that a editor has changed a policy that needs to be approved for deployment. The administrator can generate a report that displays only the changes made to that policy. The administrator can then approve and deploy the policy or reject it and give some comments that the editor will then receive in a mail with a note from the administrator.
A rollback system has been implemented. This is actually a archive of the policies that have been changed. From within this archive you can simply redeploy a older policy if something has gone wrong after deploying the new policy.
Something was mentioned that I wasn’t aware of: When you change settings in a group policy the replication of this change to other DC’s starts even before exiting the console.

Next session was Windows Mobile as Secure as Blackberry: Are you joking? One of the first things the speaker brings up is the fact that management people usually use their influences and power to let the IT-department deploy mobile devices that they like. A few years ago this started the Blackberry trend and so corporation were implementing Blackberry-server into their network. Now because of the iPhone we see that corporations are starting to deploy Active Sync.
This is not directly linked to security but up to 40.000 Windows Mobile devices can be managed on one server instance and in SP1 this would scale out to 60.000 or 80.000 devices. Since a BES-server uses MAPI to connect to the mailboxes the devices should by limited to 250 connections by default. I haven’t found any official documentation on this but even though the BES-server has 5 agent threads connecting to the exchange server this would not scale up to as much user as on the Microsoft platform.
A potential issue on a Blackberry installation is that when a user leaves the company and the account is disabled but the user still has the Blackberry device he would still be able the retrieve information from  his mailbox because the BES-server uses a super user account to retrieve the content of the mailbox.
In regards to using encryption on the removable storage card there could be a issue with Windows Mobile. If the device is been given a wipe-command the data on the device and the storage card get formatted. If the card was removed when the wipe has started al the data on the card becomes useless if encryption was applied to it because the encryption key was stored in the device memory that you just wiped. The encryption key on Windows Mobile device gets generated during the device initialisation.

The last session I attended was Windows Vista, take 2, understanding Windows Vista SP1 from A to Z. This session was given by the best speaker I’ve seen during the last week, Mark Minasi. Most of the stuff Mark showed I had already some knowledge of accept for this one. In SP1 there was an improvement made when you have 2 network interfaces on your pc, lets say a wireless connection on your laptop and your ethernet connection. If both are connected to a network Windows Vista is now smart enough to use the fastest connection you have. It will not just look at what the maximum speed of the network interface is but will test the speed is use only  the network card that has the fastest connection.
Another thing he pointed out is that if you have a problem with Windows Vista SP1 Microsoft is offering free support until 18 March 2009.

Well, that was it. It’s been a great week and hope that I can do this again next year when it’s a bit closer to home. Next year Tech-Ed EMEA is in Berlin. Hope to blog again from there :-).


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s