technical solutions and commentary

Today – Feb 9, 2011 – Microsoft announced a new tool for organizations using BitLocker to secure their data called Microsoft BitLocker Administration and Monitoring. In the tradition of Microsoft the acronym for the tool is MBAM.

MBAM enable an enterprise solution for BitLocker provisioning, monitoring and key recovery for Windows 7 Enterprise PCs. The tool is designed to simplify provisioning and deployment of BitLocker on machines and improve compliance through reporting and reduce support costs.

Some key points of this new tool":

• For new deployments of Windows 7 Enterprise, the MBAM client can be integrated into the task sequence in MDT or in SCCM or other Windows 7 deployment tools. The client then automates the encryption process as part of the PC deployment.
• For Windows 7 Enterprise clients that have already been deployed, the MBAM agent provides a standard user the ability to start the encryption process.  This enhances the BitLocker out-of-box experience where the end user must have administrative rights to accomplish this.
• Either way, administrators can also excuse machines from BitLocker encryption by make and model.
• Administrators can generate reports on machines that are encrypted using BitLocker and meet the organizations security policies.
• Machines with the MBAM agent can send BitLocker recovery keys to an encyrpted SQL Database as an option. Whereas, up until this point the recovery keys where stored in Active Directory.
• The MBAM tool optionally provides a web page that can enable help desk personnel to get the user’s recovery key if they get into BitLocker recovery mode. The help desk will not longer require into Active Directory to be able to get the recovery keys.
• When a recovery key is used, the MBAM client will automatically generate a new recovery key for that PC so that the original key cannot be used to gain access to the machine again.
• MBAM allows an end user with standard user rights to perform basic BitLocker tasks like changing their PIN or start the encryption process.

MBAM will be available to Software Assurance customers through the Microsoft Desktop Optimization Pack in the future. No RTM date has been announced. A public beta version will be available in March 2011.If you want to be notified when the beta is open, you can sign up here.

you can read the official blog announcement in a Q&A format here: http://windowsteamblog.com/windows/b/springboard/archive/2011/02/09/microsoft-announces-microsoft-bitlocker-administration-and-monitoring-mbam.aspx

I have been looking all over the web for a SharePoint 2010 feature comparison of Foundation Server, Standard Server and Enterprise Server. The comparison has been readily avilable for SharePoint 2007 for years, but there is no comparison for SharePoint 2010.

I put together this comparison in Excel for some customers and thought I would share it. You can download it from:

http://www.itedge.net/published/SharePoint_2010_Editions_Features_Comparison.xlsx

System Center Virtual Machine Manager Self-Service Portal 2.0 (SSP) is now available free and fully supported by Microsoft. This is a fully supported, partner extensible solution that enables you to dynamically pool, allocate, and mange compute network, and storage resources to deliver a private cloud platform to your datacenter.

Features of the System Center Virtual Machine Manager Self-Service Portal 2.0:

• Automation and Guidance: to assess, plan and design your private cloud foundation infrastructure
• Customer/Business Unit On-boarding: automated workflows to onboard business unit IT departments onto your virtualized shared resource pool
• Dynamic Provisioning Engine: to rapidly provision virtualization infrastructure in conjunction with System Center and Hyper-V
• Self-Service Portal: to empower consumers of IT to request and provision infrastructure for their Apps/Services
• Partner Extensibility: enable partners to expose their unique hardware capabilities through familiar Microsoft scripting technologies while providing variety and flexibility to IT

Learn more, get more

• Visit the Official SCVMM Self-Service Portal blog
• Download the Self-Service Portal

Microsoft’s Global Foundation Services (the team at Microsoft who operates the data centers worldwide for internal and cloud services) Cloud Infrastructure Security Team has shared a new whitepaper titled “Information Security Management System for Microsoft’s Cloud Infrastructure”.

The whitepaper and accompanying blog post by Mark Estberg examines how Microsoft addresses the security challenges it faces as a cloud provider, and explains three of the security practices Microsoft uses to secure its cloud:

• Information Security Management Forum – A structured series of management meetings in specific categories for managing the ongoing operations of securing the cloud infrastructure.
• Risk Management Program – A sequence of processes for identifying, assessing, and treating information security risks and for enabling informed risk management decisions are made.
• Information Security Policy Program – A structured process for reviewing information security policy and for making changes when deemed necessary.

For any organization that runs their own data centers, is looking at setting up an internal cloud, or is a customer of a cloud provider, this could be a helpful resource.

As a consumer, I am always looking for ways to save some money here and there. I was a log time fan of the AVG Free anti-virus until Microsoft came out with Windows Live OneCare, which I promptly switched to primarily for the automated backup, updating and reporting for all of my home computers and then secondly for the anti-virus, PC tuning, and security center. That was a great product that I thought was compelling enough to purchase, and it was licensed for 3 PCs. Since Microsoft stopped shipping that product, I looked at other paid Anti-virus and security suites but with the performance issues and third-party firewalls that were installed I decided against it. Even my ISP offers a security suite that is a paid retail product available for free to subscribers, but I had the same concerns. 

At the discontinuation of Live OneCare, Microsoft pulled the Anti-virus (Anti-malware) software out of that product and made it available for free as Microsoft Security Essentials. A great move for millions of consumers that don’t have ISP’s that provide free Anti-virus software, or for people that want something simple, works well with their PC and Windows Firewall, and doesn’t kill the PC performance. So, I downloaded the beta and then the full version of the software and never gave it a second thought.

Then I saw a write-up on a ZDNet Blog that talked about how free Anti-virus (Microsoft Security Essentials) outperformed paid Anti-virus. It’s an interesting read, especially if you are paying for Anti-virus software now and your subscription will be up for renewal soon. You can find the article here:
http://www.zdnet.com/blog/bott/microsoft-vs-mcafee-how-free-antivirus-outperformed-paid/2614

Before you plunk down $50 or so for Anti-virus, give it a second thought and give the free Microsoft Security Essentials a try. It’s worth a try and will save you some money too.

If you have a Mac you can get iAntiVirus Free Edition. Yes, it’s TRUE. There are thousands viruses that affect Macs floating around in contrast to popular belief.

If you have a Linux computer, you can get AVG Anti-Virus Free Edition for Linux.

The Microsoft Solution Accelerators team released new resources that you can use in combination with the Microsoft Security Compliance Manager tool: the Windows Server 2008 R2 Security Baseline and the Office 2010 Security Baseline, and setting packs for Windows 7 and Internet Explorer 8. Together with the tool, these resources are designed to help efficiently manage the security and compliance process for some of the most widely used Microsoft products.

In combination with best-practice guidance and the Security Compliance Manager tool, the baselines are designed to help you plan, deploy, and monitor the security of computers running Windows Server 2008 R2 and of Office 2010 applications. Both releases also include a settings pack (for Windows Server 2008 R2 and Office 2010) enabling you to define baselines that include settings outside the scope of the security baselines from Microsoft.

The Windows 7 and Internet Explorer 8 setting packs will enable you to define baselines that include settings outside the scope of the security baselines from Microsoft. Use these new resources to define custom baselines, meet business-critical needs, and elevate the security of Windows 7 and Internet Explorer 8.

The Security Compliance Manager works with the Microsoft Assessment and Planning (MAP) Toolkit and the Microsoft Deployment Toolkit (MDT) to help you plan, securely deploy, and manage new Microsoft technologies.

Learn more about the Security Compliance Manager tool. Next, learn more about the new security baselines and setting packs:

• Windows Server 2008 R2 Security Baseline
• Microsoft Office 2010 Security Baseline
• Windows 7 setting pack
• Windows Internet Explorer 8 setting pack

Download the tool:

• New users can access these resources by visiting the Microsoft Download Center to download the Security Compliance Manager tool.
• Existing users can access the baseline and setting packs in the tool by clicking the Tools menu, and then clicking Check for Baselines.

Simplify planning for upgrade or migration to the latest Microsoft products and technologies with the Microsoft Assessment and Planning (MAP) Toolkit 5.5 Beta. This tool is now includes assessment for easier migration to Windows Azure and SQL Azure, heterogeneous database discovery (of MySQL, Oracle and Sybase instances) for SQL Server migration projects, Internet Explorer 8 upgrade assessment, and more.

• Assess your environment for upgrade to Windows 7 and Windows Internet Explorer 8 (or the latest version). Helps to simplify the organization’s migration to Windows 7 and Internet Explorer 8. The MAP 5.5 Internet Explorer Upgrade Assessment inventories the environment and reports on deployed web browsers, Microsoft ActiveX controls, plug-ins and toolbars, and then generates a migration assessment report and proposal. Information needed to more easily migrate to Windows 7 and Internet Explorer 8 (or the latest version).
• Identify and analyze web application, and database readiness for migration to Windows Azure and SQL Azure. Simplify the move to the cloud with the MAP 5.5 automated discovery and detailed inventory reporting on database and web application readiness for Windows Azure and SQL Azure. MAP identifies web applications, IIS servers, and SQL Server databases, analyzes  performance characteristics, and estimates required cloud features such as number of Windows Azure compute instances, number of SQL Azure databases, bandwidth usage, and storage.
• Discover heterogeneous database instances for migration to SQL Server. Now with heterogeneous database inventory supported, MAP 5.5 helps accelerate migration to SQL Server with network inventory reporting for MySQL, Oracle, and Sybase instances.
• Enhanced server consolidation assessments for Hyper-V. Enhanced server consolidation capabilities help save time and effort when creating virtualization assessments and proposals. Enhancements include:

• Updated hardware libraries allowing you to select from the latest Intel and AMD processors.
• Customized server selection for easy editing of assessment data.
• Data collection and store every five minutes for more accurate reporting.
• Better scalability and reliability, requiring less oversight of the data collection process.
• Support for more machines.

If you are interested in previewing this before the RTM, you can join the MAP 5.5 Beta here.

I have a HTC HD7 Windows Phone 7 and have been extremely pleased with the device. Microsoft has finally released a Windows Phone OS that is modern, and intuitive to use. The App Marketplace also has a ton of Apps that are free and paid which make the device more compelling. I think for PC users that this device should be looked at if you’re in the market for a new phone.

The Zune Pass subscription is one of the best things available for all you can eat music, which you get to keep 10 songs per month as well. I’ve had the service for a year now and am using the single subscription on 3 devices (1 Windows Phone, 2 Zunes), on my Xbox for music streaming, and on my PC’s for streaming and for my library.

So with all this music available to me, the thing I hate about the HD7 is that it only comes with a max of 16GB memory. This is not much in comparison to my ZuneHD 32GB and my second gen Zune80. Some of the other Windows Phones from other manufactures come with more memory options. But if you are a T-Mobile network customer, you don’t have these devices options, at least not right now.

You can however, hack the HD7 to add more memory into it, but it does void the warranty and you risk damaging the device. The flash memory is a MicroSD card like on most other devices that is buried under plastic covers, but can be replaced. Here is a YouTube video that demonstrates how to disassemble the phone and replace the MicroSD memory card.

I did not create this video, nor have I modified my device. I also don’t recommend modifying your device, because it does void the warranty – even if the sticker is not damaged. So please don’t post questions for me to answer about this process. But for those f you who really want to add more memory to the device and are not concerned about the warranty, this may be of interest to you.

If you have a Windows Phone 7 device you know that you use primarily the Zune client to to sync videos, music, pictures and podcasts to the device. You can sync e-mail, contacts, calendar and download apps directly over the network of course. But like most of these types of devices you can’t simply connect them to your PC and view the storage as another USB drive.

If you want this capability, you can edit the registry of the PC that you have your Zune client software installed on, to obtain it. This mod only give you the ability to add music, videos, photos, and podcasts. You can’t add other content like docs, spreadsheets, PDF’s had have them show up in Office Mobile. This of course is not recommended and is not a supported configuration.

• Start “RegEdit”
• Browse to: “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\VID_045E&PID_04EC&MI_00\6&2e9930eb&0&0000\Device Parameters”
• Modify “ShowInShell” from 0 to 1
• Modify “PortableDeviceNameSpaceExcludeFromShell” from 1 to 0
• Modify “EnableLegacySupport” from 0 to 1

That’s it. Now when you plug your device into your PC, you should be able to transfer data back and forth via the “USB drive” method, or using the Zune client.

Microsoft released Lync 2010 to Manufacturing on Oct 24, 2010. Lync is the next generation of the Office Communications Server lineage. This new generation product really does take communication to the next level. I have been on the beta of the product for about 5 months. I have experienced the good, the bad and the ugly throughout the final development stages of the product. I must say that the Product Group is committed to the highest-quality and releases when the product is ready.

From my personal experience in the beta I can say that voice reliability and quality have improved over OCS 2007 R2. The new integrated features for audio, video and web conferencing are superb and the integration with Office 2010 and my Windows 7 desktop is excellent. The new client is easier to use, has a prettier interface and shows my relevant information in the client. This is all from an end user perspective however.

From the server side the Product Group has made changes to reduce infrastructure costs, and makes administration easier. Just as in OCS developers can build applications to take advantage of Lync’s single API. Lync will help businesses reduce legacy equipment costs and has amazing soft-phone VoIP capabilities that end user can even use at home over their broadband connection. I actually personally use the soft-phone capabilities in Lync from my home office using my Wireless N network to my Cable modem and have good results. It may not be a recommended configuration to use VoIP of a wireless network but it works for me.

The Virtual Launch of Lync 2010 is on November 17. You can save the date at www.microsoft.com/lync.

Other Information and Announcements:

http://www.microsoft.com/en-us/lync/new-features.aspx

http://blogs.technet.com/b/uc/archive/2010/10/27/microsoft-lync-released-to-manufacturing.aspx

http://blogs.technet.com/b/uc/archive/2010/11/02/lync-rtm-blog-post-for-november-2-2010.aspx