CERN – the European Organization for Nuclear Research – recently announced in its computing newsletter that it is replacing Symantec with Forefront Client Security to protect PCs on its network. 

Why?  From the newsletter:

By the end of this year, all NICE PCs will have MS Forefront Client Security installed. This new anti-virus and anti-malware application will replace the current anti-virus product from Symantec. The reasons for this change include the small footprint of the client application, excellent response times for pattern updates and very good integration with the existing NICE infrastructure.

This in addition to handily beating out Symantec in both the AV-Comparatives & VB100 detection tests for both reactive (signature definition-based detection) as well as proactive detection. (detection of malware based on behavior or binary instructions instead of a predefined signature within a dictionary)

• AV-Comparatives – May 2009
  http://av-comparatives.org/images/stories/test/ondret/avc_report22.pdf
• VB100/Virus Bulletin – August 2009:
  http://www.virusbtn.com/vb100/archive/2009/08

If you’re interested in taking a look at Forefront Client Security, check out the following site.

• Forefront Client Security – 120 day Trial:
  http://www.microsoft.com/forefront/clientsecurity/en/us/try-it.aspx

As you prepare to deploy Windows® 7 and Windows Server® 2008 R2, get a jump start with Microsoft® Deployment Toolkit (MDT) 2010. Leverage this Solution Accelerator to achieve efficient, cost-effective deployment of Windows 7 and Windows Server 2008 R2.

MDT is the recommended process and toolset to automate desktop and server deployment. MDT provides you with the following benefits:

• Unified tools and processes required for desktop and server deployment in a common deployment console and collection of guidance.
• Reduced deployment time and standardized desktop and server images, along with improved security and ongoing configuration management.
• Fully automated Zero Touch Installation deployments by leveraging System Center Configuration Manager 2007 Service Pack 2 Release Candidate and Windows deployment tools. For those without a System Center Configuration Manager 2007 infrastructure, MDT leverages Windows deployment tools for Lite Touch Installation deployments.

MDT 2010 includes new features such as flexible driver management, optimized user interface workflow, and Windows PowerShell^TM command line interface to help simplify deployment and make your job easier. Deploy faster and more easily with MDT 2010.

New in MDT 2010

Improvements in MDT 2010 allow you to:

• Access deployment shares from anywhere on the network and replicate files and settings across organizational boundaries or sites.
• Organize and manage drivers, operating systems, applications, packages, and task sequences with an improved UI.
• Automate UI functionality using the new Windows PowerShell command line interface.

Next steps

• Download Microsoft Deployment Toolkit 2010. (http://go.microsoft.com/fwlink/?LinkId=159061)
• Learn more about MDT by visiting the MDT site on TechNet. (www.microsoft.com/mdt)
• Get the latest news by visiting Microsoft Deployment Toolkit Team blog. (http://blogs.technet.com/msdeployment/default.aspx )
• Provide feedback to the Solution Accelerator Team at satfdbk@microsoft.com.

Today, the System Center team is excited to share with you our plan to release System Center Configuration Manager 2007 R3.  This new release of the ConfigMgr is packed with some extremely cool features, which over the coming months we plan to share with you in different ways. 

Recent shifts in the world economy have brought new focus on IT departments, and also to technology investment.  Organizations are being pressured to do more with less, while at the same time manage an increasing range of working scenarios, mobility requirements, and business demands.  Through all of this, they need to maintain security levels, answer compliance challenges and address the growing Green IT landscape.

As organizations look to reduce financial costs and environmental impacts, power management is proving to be a successful approach. The payback for power management is clear – when a PC is using less power it translates directly into reduced operational costs – either directly through reduced energy consumption or from a growing number of electrical companies that offer rebates to companies that can prove enforcement of centralized power management policies. In addition, continuous PC power management pays environmental dividends measured in terms like Kwh, or CO2 emissions savings.

Forrester estimates that more than 90% of firms are implementing or considering PC power management. Despite the advanced capabilities provided in Windows Vista and Windows 7, The U.S. Environmental Protection Agency estimates that no more than 10% of all enterprise PCs in use have their power management capabilities turned on today. Without centralized management power management simply doesn’t happen.  Through research with our customers, partners, and industry experts, it became clear that System Center needed to deliver this capability in the box, with ‘R3’ as the release vehicle.  

System Center Configuration Manager 2007 R3

There are a few areas of focus for ConfigMgr R3, with the main engineering effort concentrating on Power Management.  Here are the goals for this feature:

Power Management
The goal of this capability is to enable Configuration Manager to further reduce the operational costs of IT by providing basic power management features native to the product.  Our approach is based on 3 primary areas:

1. Help the organization plan a power strategy by monitoring current power state and consumptions and reporting on machine utilization trends, current power settings and current energy consumption
2. Enable the Administrator to easily create, deploy and enforce specific power settings using the existing ConfigMgr infrastructure 
      −Ability to set peak and non-peak schedules
      −Ability to remediate settings if changed
      −Ability to opt out machines from power policy
3. Provide the business meaningful report formats that are relevant to Power Management

An effective approach to power management needs to maximize power policy deployment while minimizing the impact to the end-user. System Center Configuration Manager helps customers further reduce their operational costs by adding new in box capability to their ConfigMgr infrastructure, and by seamlessly enabling power management client agent services to their existing Collection landscape.

In addition to power management, ConfigMgr R3 will provide customers with enhanced scale and performance support above current numbers.  In addition, further capabilities – in time for your Window 7 deployments – around Operating System Deployment will be enabled.

Configuration Manager 2007 R3 will release as a beta at the end of October 2009, with a targeted release of late Q1 calendar 2010.  Continued blogging and product news, Twitter updates, interviews with key people on the project, and some videos and demos of the new code in action will be releasing over the coming months.

Configuration Manager 2007 R3 TAP Nominations now Open
Product feedback is very important to the success of any product.  The nomination survey for ConfigMgr 2007 R3 TAP is now open.  You can access this nomination survey here.

Look to the following resources in the coming months for more information on our plans:

• System Center
  http://www.microsoft.com/systemcenter/en/us/default.aspx
• Configuration Manager
  http://www.microsoft.com/systemcenter/configurationmanager/en/us/default.aspx

(taken from the System Center blog – http://blogs.technet.com/systemcenter/archive/2009/09/08/announcing-system-center-configuration-manager-2007-r3.aspx)

The Security Compliance Management Toolkit series provides IT professionals like you with an end-to-end solution to help your organization plan, deploy, and monitor security baselines of Windows® operating systems and 2007 Microsoft® Office applications.

This Solution Accelerator is designed to help your organization meet its security and compliance requirements by providing the following resources:

• Prescriptive, tested, end-to-end security guidance from Microsoft for Windows Vista® Service Pack 1 (SP1), Windows XP® Professional SP3, Windows Server® 2008, Windows Server® 2003 SP2, and 2007 Microsoft Office SP1.
• Automated tools like the GPOAccelerator to help you configure and deploy recommended security settings.
• Configuration Packs for you to use with the desired configuration management (DCM) feature of Microsoft® System Center Configuration Manager 2007 SP1 to monitor the Microsoft security guidance deployed in your environment. You can also remediate security baseline issues with this functionality.
• Reporting functionality you can use to notify auditors that the computers in your environment are in compliance with best practices and the security recommendations for these Windows operating systems and Office applications.

Please join Microsoft and Northwest Cadence for this free half-day session designed to introduce you to the quality tools of Microsoft Visual Studio Team System 2010.
Session Overview

Learn how Application Lifecycle Management (ALM) coupled with ALM tooling will help organizations build quality into their lifecycle. Many of the great features of Visual Studio Team System 2010 will help you break down organizational walls between your developers and testers. Get better software with Visual Studio Team System 2010. Period. Come see how!
This event is geared towards both non-technical and technical testers, developers, project managers, QA managers, and others interested in improving the quality of your code.
Session Topics

• Understanding the Visual Studio Team System Quality Tools
  Tour the quality tools available in VSTS 2010, including Test Case Management, Bug Tracking, Test Cases and the new Microsoft Test and Lab Manager interface. See how VSTS 2010 can provide traceability from requirements to code, test runs, bugs, tested environments and code.
• Running Test Cases & Filing Bugs
  We will show you how to use the Test Runner to run manual tests against a particular test environment, take screenshots, and file a series of bugs. All this while automatically recording a video of your test being completed? We will show you how!
• Fixing the Bug (Developer)
  Learn how Historical Debugging is a new feature of VSTS 2010 that you will not want to miss! Learn how to simply reproduce filed bugs using Historical Debugging, enabling you to break down the biggest wall separating developers and testers.
• Automating a Regression Test
  Find out how to turn a manual test into an automated regression test. You can even schedule it to run during an automated build!
• Creating a New Test Plan
  Join us as we create a new test plan, showing you how to set up Data Collectors for the computers in your environment, define the various test environment combinations, and map relationships between test cases and requirements.
• Rounding Out Your Knowledge
  Understand the more advanced features of VSTS 2010 including Lab Manager, Test Controllers and Agents, and the numerous quality reports that can guide an effective development process.

Location:
Microsoft Corporation
333 South Grand Ave.
Los Angeles, CA 90071

If you’re a customer of mine, please contact me for dates/times and registration information.

A co-worker of mine in the UK DPE group, put together this exceptionally creative INTERACTIVE video that allows you to see what’s new with Windows 7, Windows Server 2008 R2, and the benefit of having both together.

(Wait a second while he draws the objects on the screen before attempting to interact with the video.)

http://www.youtube.com/watch?v=zVTOuQwOxFc

Seriously.  If you haven’t played around with this demo, you really ought to give it a try.  It’s one of the best interactive demos for Windows I’ve seen to date.

LINK:
http://www.youtube.com/user/ukdpe

UPDATE:  9/8/10:
The URL changed for the demo site and it now requires a secure username and password in order to access it.  See below for updated information.

UPDATE 9/9/09:
We have a demo of the installed Productivity Hub available for perusal at the following web site in case you’re interested in taking a look at the full blown product.  Remember:  This is free and completely extensible for your own applications such as line of business tools or important 3rd party apps like Adobe Photoshop or something.

• DEMO SITE:  “Productivity Hub”
  http://templates.wssdemo.com:8080/sites/productivity
  (Username: corp\demouser  Password: pass@word1)

————-

Microsoft has developed the Productivity Hub to help support your ongoing end user training efforts.

The Hub is a SharePoint Server 2007 site collection that serves as a learning community and is fully customizable. It provides a central place for your training efforts, and includes training content from Microsoft’s core products. Microsoft also provides ongoing and updated content packs.

The Hub uses SharePoint Server’s social networking capabilities, such as blogs and discussion groups. In addition, it offers the Coach program, a change management feature to help you train end users to self-help, reducing the burden on your training and IT staff. The Coach program impacts productivity in a collaborative and positive way.

What the Productivity Hub is:

• Format: Pre-loaded SharePoint site collection, optimized for Web 2.0 functionality and easily deployed within SharePoint Server 2007 environment.
• Content: Convenient end user productivity training in a variety of formats (documents, videos, podcasts, etc.). Receive free quarterly updates of content that you will learn about through the Productivity blog.
• Blog: The Productivity blog offers tips and tricks for end user productivity. Use it as is, or your training staff can use the posts as their own to help them get started in running an internal blog.
• Train the trainer: Includes IT/Manager section to aid with deployment of the site collection, and guidance to develop the Coach program.
• Products: Office 2007 System applications including SharePoint Server 2007. Windows 7 and others will be added in the future.

Out of the box, we provide ‘Help modules’ that contain How-To videos, quick reference guides, step-by-step documentation, and other aids for the following products:

• Fluent (The “Ribbon”)
• Word, Excel, Powerpoint, Outlook, Access
• Sharepoint
• OneNote
• Groove
• LiveMeeting
• Communicator
• Infopath
• Publisher
• Project
• Visio
• Windows

You can also download additional content packages that expand the training materials you can make available through the Hub.  We have 4 updates already planned along with Office 2010 specific content on the way, including a migration path for customers that would like to move to Sharepoint Server 2010.

DOWNLOAD:  Microsoft Productivity Hub (383MB)
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=277fefca-d62f-41bc-943d-79002254cfee

The System Center Configuration Manager team would like to announce that the following has been released and available for download:

Configuration Manager 2007 Service Pack 2 Release Candidate
This is the official Release Candidate build for Configuration Manager 2007 SP2.

What’s New?
ConfigMgr07 SP2 will include new OS support along with improving on the Intel AMT integration.

New Operating System Support

• Windows 7
• Windows Server 2008 R2
• Windows Server 2008 SP2
• Windows Vista Sp2

*Branch Cache a new Windows and Windows Server 2008 R2 feature for peer to peer content distribution will be support

New Features in Out of Band Management
Configuration Manager 2007 Service Pack 2 improves on the Intel AMT integration provided in Service Pack 1. SP2 adds full feature support for computers that have the Intel vPro chip set and AMT firmware versions 4 & 5. In addition to providing feature parity with SP1 and AMT firmware versions 3.2.1, 4.0 and 5.0, the following new features are supported:

Wireless Management (mobile only)

• Up to eight (8) wireless profiles per out of band service point
• Profiles support SSID, WAP2-Enterprise or WAP-Enterprise security, AES or TKIP encryption, client authentication options of EAP-TLS or EAP-TTLS/MSCHAPv2 or PEAPv0/EAP-MSCHAPv2
• Versions of AMT earlier than 3.2.1 are supported with the Intel translator

Authenticated Wired 802.1x Management

• Single profile
• Profile supports client authentication options of EAP-TLS or EAP-TTLS/MSCHAPv2 or PEAPv0/EAP-MSCHAPv2
• Versions of AMT earlier than 3.2.1 are supported with the Intel translator

Audit Logging

• Supported on AMT versions 4 and 5
• Select which out of band management features to audit (critical events not supported)
• Enable or disable audit logging per computer after provisioning
• View, clear, and export to file the audit log entries by using the out of band management console

Power State Configuration

• Enable configuration of the power settings to specify whether out of band management activity is supported when the host is on (S0), host is on (S0) or in standby (S3), or always on (S0-S5)

Data Storage

• Save up to 4096 bytes in ASCII characters in the AMT data storage of each computer
• View and save to the data store by using the out of band management console

Additional information:

• Hotfixes included in SP2 article can be found on the primary Configuration Manager MSConnect page at https://connect.microsoft.com/content/content.aspx?ContentID=12645&SiteID=16.
• Deployment guides for BranchCache and the new AMT features are available in the download section.
• The new OpsMgr07 R2 ConfigMgr07 Management Pack can also be downloaded, this supports 64bit OpsMgr client agents.
• Please review the Release Notes before performing any installation and upgrade.

Feedback and Support:

• All registered Sp2 Open Beta users can submit bugs, design change requests (DCR’s), and other feedback. See the help link on the ConfigMgr MSConnect homepage for more instructions.
• Newsgroups are a great way to post questions and receive general support question answers.

If you experience any issues with the download or the MSConnect site please contact, sccmtap@microsoft.com

Registration:

1. Go to http://connect.microsoft.com
2. Login with a Windows Live ID (http://www.passport.net if you don’t have one already)
3. Click on CONNECTION DIRECTORY
4. Search for System Center Configuration Manager 2007
5. Click on APPLY NOW next to “Configuration Manager 2007 Service Pack 2 Open Beta Program”

As of the beginning of this month, all customers that either purchase licenses of Windows Server 2008 RDS CALs or own Windows Server 2008 R2 RDS CALs by having their Terminal Services CALs be on Software Assurance, will immediately get the rights to use App-V for Terminal Services for all their CALs at no additional charge.

That’s right:  If you have Terminal Services CALs on maintenance, you’ve been granted the right to use App-V for Terminal Services.

So for all you folks worried about application compatibilities between installed apps on a Terminal Server… worry no more!  App-V will virtualize the OS to each application making it’s installation & execution completely invisible between applications… and between running terminal sessions!

If you haven’t already figured it out:  This is a really big deal for customers looking for a more manageable alternative to Virtual Desktop Infrastructure. 

Customers can now:

• Deliver presentation layer Windows experiences to thin clients over a remote desktop protocol without worrying about installation collisions between applications
• Be confident that applications that are executed in different sessions won’t interfere with each other
• Provision the “desktop experience” with applications dynamically (and de-provision them if required)

———-

Microsoft Application Virtualization for Terminal Services now included as part of Windows Server 2008 RDS CAL
As of September 1, 2009, all users or devices connecting to Windows Server 2008 R2 Remote Desktop Session Host Server or Windows Server 2008 Terminal Server managed with Microsoft Application Virtualization for Terminal Services no longer need to acquire a separate Microsoft Application Virtualization CAL for Terminal Services. See more details.

Server growth is a costly issue for organizations that rely on Terminal Services. To avoid application conflicts, applications must undergo significant testing to determine which applications will collide and, therefore, must be separated and run on different Terminal Server silos-a time-consuming and costly process.

Running multiple separate terminal servers for each application routinely results in servers being underutilized because each one is locked into a specific configuration, capable of serving only a limited set of non-conflicting applications, typically using just 25 percent of capacity. Often, 20 servers are required to support 1,000 users. Microsoft App-V for Terminal Services completely changes this situation. Microsoft Application Virtualization for Terminal Services offers the following features and benefits:

• Consolidate servers and end server siloing, increasing server farm ROI: App-V’s application virtualization allows any application to run alongside any other—even applications that normally conflict, multiple versions of the same application, and many applications that previously could not run under Terminal Services. This eliminates the need for server silos and significantly improves server utilization. As a result, the number of servers needed is much lower, operational costs for managing the remaining servers are reduced, and the server farm ROI is increased. For instance, it has enabled Russell Investment Group and Fidelity National Financial to shrink their application server farms by 33 to 40 percent.
• End application conflicts and regression testing: By eliminating the need to permanently install applications on servers, and shielding the operating system and applications from changes created when installed applications run, Microsoft App-V for Terminal Services prevents problems that hinder deployments. The need to perform lengthy regression testing is also significantly reduced.
• Accelerate application deployment: Applications that use App-V only need to be packaged once for desktop or terminal services platforms. This reduces the need for "double packaging" or creating two different processes and packages when providing the choice for running an application on a desktop or via a terminal server.
• Reduce Deployment Risk: Installing a new application on a terminal server was traditionally a risky process; first you had to ensure all users were logged off, then you had to change the mode of terminal server, followed often by reboots. Software updates and uninstalls provide even great complexity and risk. With Microsoft App-V applications can be deployed and updated on demand to users without having to reboot or log users off.
• Simplify Profile Management: Microsoft App-V allows application settings and data to be stored in a single network location. This ensures a user’s application settings are available no matter what terminal server is used—without the need for roaming profiles. Additionally this feature makes mandatory profiles a viable option for TS scenarios—OS settings remain locked within the mandatory profile while per application settings can still be modified by the user. This dramatically simplifies the complexities of managing profile data.

LINK:  http://www.microsoft.com/systemcenter/appv/terminalsvcs.mspx