Running Windows 8 on VM

Past few months were really exciting with all the System Center 2012 testing and this month was even more exciting with Windows 8 preview. I presented SCCM 2012 technical overview to Singapore Windows User Group, http://sgwindowsgroup.org/blogs/swug/archive/2011/09/08/september-2011-newsletter.aspx and it was well received!

Now is time to get started with Windows Server 8! If you are just like me, trying to setup Windows 8 on Virtual PC or Hyper-V, you might encounter an error. There are fixes out there to make it work, however, the easy way around is to use Oracle VM VirtualBox.

Have fun!

Hyper-V on Windows 8 Client

It is such a good news to hear that Microsoft will include Hyper-V in Windows 8 client OS. Hyper-V requires a 64-bit system that has Second Level Address Translation (SLAT) in the current generation of 64 bit processors by Intel and AMD, and at least 4GB of RAM.

This enables you to run multiple test environments and provide a simple mechanism to quickly switch between these environments without incurring additional hardware costs.

Read about it here.

Redirect a user profile to a network storage

Enterprise Security is always a hot topic and there are so many areas to cover in terms of Enterprise Security. Personally, I think of two areas at a very high level. The End-Point and the Network. These are two areas to begin with if you want to start focusing on Enterprise Security.

I will begin a series of blog post on Enterprise Security in the coming weeks, months or years. This is the first blog post on Enterprise Security and I am going to illustrate how to use GPO to lock down a user profile to a network location.

First, let me explain the synopsis. Every company will always want to protect its data from being leak into the hands of its competitors. Sadly, the primary source of leak is usually from internal, yes from its employees. How many of you have copy data into your USB storage devices? Let me remind you that every piece of work that you do at work belongs to the company. So as part of IT Enterprise Security, you have to ensure that these confidential data does not leave your company.

So this blog post I will illustrate how to create folder redirection to redirect a user profile to a network storage. There are a few benefits of doing this.

1. User data is not stored locally on hard disk. Data will reside on your file server.
2. User can logon to any computer as their profile are now on network storage. No worries of client hardware failure.
3. User will not scream at you when their desktop hard disk crashed and they lost all their years of work.
4. User Group Policy to set disk quotas, limiting how much space is taken up by user profile folders.

Folder Redirection is located under \User Configuration\Policies\Windows Settings\Folder Redirection.

The Target tab of the folder’s Properties box enables you to select the location of the redirected folder on a network storage. You can choose a few options from the drop-down list.

• Basic – Redirect everyone’s folder to the same location
• Redirect to the following location
• Redirect to the local user profile location
• Advanced-Specify locations for various user group
• Follow the Documents folder. (Available only for Music, Pictures and Videos folder)

The Settings tab in the Properties box for a folder enable you to configure the follow settings:

• Grant the user exclusive rights
• Move the contents of [FolderName] to the new location
• Also apply redirection policy to Windows 2000, Windows 2000 Server, Windows XP, and Windows Server 2003 operating systems.
• Policy Removal

This is the first series of locking down an End-Point client by storing its data on a network storage instead of having it on local hard disks. To find out more, please read refer to TechNet.

Microsoft shows off early peek at Windows Server 8

Today Microsoft provided a brief peek at Windows Server 8. Mary-Jo Foley blogs about it live from WPC. Check out her blog post here.

In summary, three points were covered at WPC.

16+ virtual processors within a Hyper-V VM. The team did a demo on a 16 virtual processor machine under heavy load. Note that 16 virtual processor is not the limit!

Hyper-V Replica. This is something very interesting in today’s context to achieve resiliency. Hyper-V Replica is asynchronous, application consistent and has virtual machine replication built-in. You can replicate from one location to another, independent of hardware vendor, regardless its server, network or storage.

Unlimited replication in the box. This feature is to challenge VMWare VSphere 5.0 VM replication with Site Recovery Manager. Hyper-V provides unlimited replication in the box while VMWare is charging customers per VM to replicate.

MICROSOFT HYPER-V SERVER 2008 R2 SP1 RELEASED!

The good news just keeps coming and we’re pleased to keep the momentum rolling with the latest release of our rock stable, feature rich, standalone Microsoft Hyper-V Server 2008 R2 with Service Pack 1! For those who need a refresher on Microsoft Hyper-V Server 2008 R2, it includes key features based on customer feedback such as:

• Live Migration
• High Availability with Failover Clustering
• Cluster Shared Volumes
• 10 Gb/E Ready
• Processor Compatibility Mode
• Enhanced Scalability
• …and much more.

For more info on Microsoft Hyper-V Server 2008 R2, read: http://blogs.technet.com/b/virtualization/archive/2009/07/30/microsoft-hyper-v-server-2008-r2-rtm-more.aspx. Service Pack 1 for Hyper-V Server 2008 R2 includes all the rollup fixes released since Microsoft Hyper-V Server 2008 R2 and adds two new features that greatly enhance VDI scenarios:

• Dynamic Memory
• RemoteFX

After installing the update, both Dynamic Memory and RemoteFX will be available to Hyper-V Server. These new features can be managed in a number of ways:

• Using the updated R2 SP1 Hyper-V Manager user interface on a full version of Windows Server 2008 R2 SP1
• Using the updated Remote Server Administration Tools (RSAT) for Windows 7 & Windows 7 SP1
• System Center Virtual Machine Manager 2008 R2 SP1
• System Center Virtual Machine Manager 2012 Beta

Dynamic memory is an enhancement to Hyper-V R2 which pools all the memory available on a physical host and dynamically distributes it to virtual machines running on that host as necessary. That means based on changes in workload, virtual machines will be able to receive new memory allocations without a service interruption through Dynamic Memory Balancing. In short, Dynamic Memory is exactly what it’s named. If you’d like to know more, I've included numerous links on Dynamic Memory below.

Configuring RemoteFX with Microsoft Hyper-V Server 2008 R2 SP1

Although using Dynamic Memory does not need any additional server side configuration beyond installing the R2 SP1 update, enabling RemoteFX does require some additional configuration on the host.  The exact steps for enabling the RemoteFX are detailed below:

1)      Verify the host machine meets the minimum hardware requirements for RemoteFX. 

2)      Verify the host has the latest 3D graphics card drivers installed before enabling RemoteFX.

3)      Enable the RemoteFX feature using the following command line:

Dism.exe  /online /enable-feature /featurename:VmHostAgent

4)      From a remote machine running the full version of Windows Server 2008 R2 SP1 or a client OS running the latest version of RSAT, connect to the Hyper-V Server machines, create a Windows 7 R2 SP1 virtual machine and under “Add Hardware”, select “RemoteFX 3D Video Adapter”.  Select “Add”.

If the “RemoteFX 3D Video Adapter” option is greyed out, it is usually because RemoteFX is not enabled or the 3D video card drivers have not been installed on the host yet. Before attaching the RemoteFX adapter, make sure to set user access permissions, note the computer name and enable Remote Desktop within the VM first. When the RemoteFX 3D video adapter is attached to the VM, you will no longer be able to connect to the VM local console via the Hyper-V Manager Remote Connection.  You will only be able to connect to the VM via a Remote Desktop connection.  Remove the RemoteFX adapter if you ever need to use the Hyper-V Manager Remote Connection.

Now you get Microsoft iSCSI Target for FREE!

Are one of those IT Pros whom need a SAN but don’t have the budget to pay for one? You like to deploy Hyper-V clusters for the benefits of LM and HA?

You can now build your own SAN box by installing Microsoft iSCSI software target on a Windows Server 2008 R2 system.

Read about the announcement here.

Introducing Attack Surface Analyzer

Chance upon this interesting security tool that I like to share with you. Attack Surface Analyzer is a verification tool by Microsoft to catalog changes in system state, runtime parameters, and securable objects on the Windows OS. This analysis helps identify any increase in attack surface that is caused by installing applications. Because Attack Surface Analyzer does not require source code or symbol access, IT Pros and security auditors can use the tool to gain a better understanding of the aggregate attack surface change that may result from the introduction of line-of-business (LOB) applications to the Windows platform. Attack Surface Analyzer enables:

• Developers to view changes in the attack surface resulting from their applications


• IT Pros to evaluate aggregate attack surface changes by LOB applications


• IT security auditors to identify risk related to attack surface during threat risk assessments


• IT security incident responders to better understand the state of securable objects on a system during investigations

Read more and download from here.