Kurt Shintaku's Blog

Have you ever had to managed non-domain joined agents?  If you have you know you need to obtain certificates en-masse to deploy to new machines.  Before today, this was a big headache for large numbers of machines that were non-domain joined.

Now there’s the CertGenWizard.exe.

CertGenWizard.exe is a wizard tool which will take your CA information as input (it isn’t required if you are running the wizard on the box with the CA), take in the computer names (has to be FQDNs), and send out a request for the certificates you need.  Now, you no longer have to fill out the Certificate Request form or enter parameters or connect to the web enrollment service.  Once the certificates are approved, there is a Retrieve button in the CertGenWizard which will allow you to retrieve the certificates that you have requested.  On top of the personal certificates, the wizard will retrieve the root CA certificate.

The biggest benefit to this tool is the added ability to request multiple certificates at once.  If you have 100 non-domain joined agents that you need to set up cert auth for, you can simply request all 100 machine certificates at once, retrieve them all, and manually bring them over to your other machines. 

Once you have brought them to your other machines, CertInstaller.exe is a second tool that will install the certificates into the local machine store of your computer and run MOMCertImport.exe for you.  Note: Install OpsMgr Agent FIRST and then run the tool!

DOWNLOAD:  http://blogs.technet.com/momteam/attachment/3110628.ashx

LINK:  http://blogs.technet.com/momteam/archive/2008/08/22/obtaining-certificates-for-non-domain-joined-agents-made-easy.aspx

The Edge Planning Tool asks questions about your proposed or current edge server deployment. The tool uses your answers and Microsoft Office Communications Server 2007 best practices to generate the following reports:

• Settings that you can use to configure your certificates, DNS services, and firewalls
• Custom documentation for configuring your edge servers, reverse proxy, and next hop server
• A comparison of your answers to Microsoft Office Communications Server 2007 best practices

LINK:  http://communicationsserverteam.com/archive/2008/08/29/248.aspx

The Sharepoint Best Practice Series are consumable and actionable guidelines based on real-world experience from Microsoft Consulting Services (MCS) and the product team.

They are aimed to help our SharePoint customers and partners avoid some of the common SharePoint deployment pitfalls and keep their SharePoint environments available and performing well. The SharePoint Customer Team, part of the core product team dedicated to providing real-world feedback inwardly and outwardly, has put this guidance together working with a number of teams within Microsoft.

The SharePoint Best Practices Resource Center on TechNet highlights the different best practices for IT Professionals and Developers and helps you navigate through the resources. IT Professional topics include Operational Excellence, Team Collaboration Sites, Publishing Portals, Search and My Sites. Developer topics include Common Coding Issues, Using Disposable Objects, Search SQL Syntax Queries and Customization Best Practices. We will continue updating and publishing new Best Practices based on real-world experience.

LINK:  http://blogs.msdn.com/sharepoint/archive/2008/08/29/announcing-the-sharepoint-best-practices-series.aspx

That was quick.  Looks like a beta of PowerShell Plus v2.0 is out. 

In case you didn’t catch on to PowerShell v1.0:

PowerShellPlus Professional is a powerful interactive scripting environment designed to help administrators and developers learn and master Windows PowerShell. Unlike most of the basic script editors on the market today, PowerShellPlus features a powerful interactive console, an advanced script editor and a comprehensive learning center. PowerShellPlus Professional Edition is built on the backbone of PowerShellIDE, the first PowerShell application to offer a very rich graphical user interface.

• Interactive PowerShell Console
  The PowerShellPlus Console allows you to work interactively with PowerShell from a feature rich Windows UI. This integration makes working with PowerShell faster and easier to use than ever before.
• Advanced Script Editor
  The advanced debugger and script editor lets you build and test complex PowerShell scripts, try one line PowerShell commands from an embedded console window, and sign your script with a security certificate … all from a single workspace.
• Comprehensive Learning Center
  The Comprehensive Learning Center helps you experience PowerShell by example. Short tutorials guide you through basic concepts at your own pace. The Comprehensive Learning Center also includes dynamically created help topics from currently installed PowerShell CmdLets, Snap-Ins and WMI objects.

LINK:  http://www.idera.com/Products/PowerShell/

(taken from the Powershell blog at http://blogs.msdn.com/powershell/archive/2008/08/25/powershellplus-v2-0.aspx)

Ina Fried wrote an interesting post on her blog at Beyond Binary.  Admittedly, while I try to rarely write about ‘other’ companies, this had me raising my eyebrows about Google Chrome’s Omnibox:

<taken from Beyond Binary – Ina Fried’s blog on CNET>

“The auto-suggest feature of Google’s new Chrome browser does more than just help users get where they are going. It will also give Google a wealth of information on what people are doing on the Internet besides searching.

Provided that users leave Chrome’s auto-suggest feature on and have Google as their default search provider, Google will have access to any keystrokes that are typed into the browser’s Omnibox, even before a user hits enter.

What’s more, Google has every intention of retaining some of that data even after it provides the promised suggestions. A Google representative told CNET News that the company plans to store about 2 percent of that data–and plans to store it along with the Internet Protocol address of the computer that typed it.

In theory, that means that if one were to type the address of a site–even if they decide not to hit enter–they could leave incriminating evidence on Google’s servers.”"

• CNET:  Google’s Omnibox could be Pandora’s box
  http://news.cnet.com/8301-13860_3-10031661-56.html?tag=newsLeadStoriesArea.0

In a few months, we’re going to be releasing Internet Explorer 8 which, because of its adherence to strict Internet standards, is frankly going to ‘break’ the end user experience for a lot of web sites which do not comply with these standards… and this potentially includes your organization’s public Internet web site(s).

I ask that in preparation of this, you PLEASE read the information below to protect your Internet properties and potentially mitigate any issues that your customers may have with reaching your web sites.  The information below is designed to help you properly test and resolve any issues on the horizon.  If you have further questions about this issue, please feel free to contact me.

————————

Internet Explorer 8 Site Compatibility

Consistent with our efforts to promote further interoperability across the Web, Microsoft will be releasing Internet Explorer 8 to render content in its most standards-compliant way by default.  Giving top priority to Web standards interoperability allows us to help web developers and designers drive toward the ideal of “write once, run anywhere”, freeing up more time to innovate rather than modify content for different browsers.  This commitment also addresses several development and design pain points from previous Internet Explorer releases.

However, browsing with this default setting may cause content written for previous versions of Internet Explorer to display differently than intended.  This creates a call to action for site owners to ensure their content will continue to display seamlessly in Internet Explorer 8.  As such, we have provided a meta-tag usable on a per-page or per-site level to maintain backwards compatibility with Internet Explorer 7.  Adding this tag instructs Internet Explorer 8 to render content like it did in Internet Explorer 7, without requiring any additional changes.

We are encouraging site administrators to get their sites ready now for broad adoption of Internet Explorer 8, as there will be a beta release in the third quarter of this year targeted for all consumers.  To learn more and get started, please follow the step-by-step instructions located at the following link:  http://go.microsoft.com/fwlink/?LinkId=120024 .

Additional Resources

The following links provide additional information you may find useful:

• Internet Explorer 8 main site:  http://www.microsoft.com/ie/ie8
• Internet Explorer Team Blog:  http://blogs.msdn.com/ie
• Internet Explorer Developer Center: http://msdn2.microsoft.com/en-us/ie/default.aspx
• Internet Explorer 8 Readiness Toolkit (for web designers and developers): http://www.microsoft.com/windows/products/winfamily/ie/ie8/readiness/default.htm
• Microsoft Interoperability Principles:  http://www.microsoft.com/interop/principles/default.mspx

A co-worker recently wrote up the procedure for moving Terminal Services CALs from Windows Server 2003 to Windows Server 2008.  I thought I’d post it just in case there are some that might want to see it.

You need to ensure you have your licensing information handy when you call them.  If any of the Terminal Services CALs were purchased through Microsoft Open then you will need the Open licensing authorization number and the licensed number for the CALs. 

If the CALs were purchased through Microsoft Select then you will need the Enrollment number.  Since they are SA I’m guessing they were purchased through Select or as part of the EA.

Once you have the 2008 Terminal Server installed and the 2008 Terminal Server licensing server installed you need to call the licensing clearing house:  (888) 571-2048

The process entails deactivating the 2003 licensing server and reactivating it then installing only the CALs, (all but the 30 you want to move over to the 2008 license server),  that you want to remain on the 2003 licensing server.  Then you will activate the 2008 licensing server and install the upgraded 2008 Terminal server CALs.   This is done while on the phone with the Licensing Clearinghouse.

I know it sounds like a lot of messing around but the actual process shouldn’t take more than 30-40 minutes.  

Microsoft Licensing Clearinghouse phone number – (888) 571-2048
Open 24 hours a day  7 days a week.

SharePoint Administration Toolkit 2.0 is Now Available!

[Cross-posted from Zach Rosenfield’s blog.]

I’m excited to announce that the second version of the Microsoft SharePoint Administration Toolkit is available for download! As I said back in April, we would be offering regular updates to this toolkit with new features and functionality for both Microsoft Office SharePoint Server 2007 and Windows SharePoint Services v3.0. With this release we added functionality to address some of the challenges associated with running a highly available and/or geographically disperse MOSS 2007 deployment—particularly aimed at synchronizing user profiles in the Shared Service Provider (SSP). Let’s look at these two areas:

High Availability
In order to provide a highly available Shared Service Provider, your deployment needs two identical SSPs available at all times. While this is easily done with search (each SSP has its own crawler and can create their own index)—keeping user profile data in sync is a bit more involved. You can see detailed instructions on running a highly available environment on Microsoft TechNet:

Geographical Replication
If your company is geographically disperse, you may not want to have a single MySite farm serving your users worldwide since some users may experience significant lag in response times depending on WAN bandwidth and traffic characteristics. Instead, it may be better to have several SSP farms located around the globe. Just like in the highly available environment, this configuration would require that user profile data is kept in sync.

Since synchronizing user profiles is something available in the MOSS 2007 product, some of you might wonder what we’ve done in the toolkit! Well, if you’ve ever tried to use the User Profile web services to achieve synchronized profiles—you’ve noticed it’s a very involved process with lots of code (and therefore a lot of room for mistakes). In this release, we’ve built a supported tool for scheduling partial or full replications of any number of your user profile attributes:

For a full overview of features and instructions see the official Microsoft TechNet articles for MOSS 2007 and WSS v3.0.

The download links for the SharePoint Administration Toolkit v2.0
x64: http://www.microsoft.com/downloads/details.aspx?FamilyId=F8EEA8F0-FA30-4C10-ABC9-217EEACEC9CE&displaylang=en
x86: http://www.microsoft.com/downloads/details.aspx?FamilyId=263CD480-F6EB-4FA3-9F2E-2D47618505F2&displaylang=en

Zach Rosenfield
Program Manager, Microsoft Office SharePoint Server

How Microsoft IT Manages Physical Security through Strategic IT Convergence

The purpose of World Wide Security Operations is to protect Microsoft’s assets in a manner consistent with corporate culture. Through the strategic deployment of security systems, Corporate Security is improving the way that they protect Microsoft assets, information, and employees. The goal of this story is to describe the MS and partner "secure by design" technologies that support access control, monitoring solutions, and incident response and real-time communication solutions.

Technical White Paper | PowerPoint Presentation

Products & Technologies

• Microsoft Office SharePoint Server 2007
• Microsoft Office InfoPath 2007
• Microsoft MapPoint 2006
• Microsoft Office Outlook 2007
• Microsoft Office Communicator 2007
• Remote Desktop and Terminal Services
• SQL Server 2005
• 2007 Microsoft Office system

To learn more about how Microsoft does IT, please visit us!

LINK: www.microsoft.com/technet/itshowcase

Annnnnd just like the Microsoft TechEd 2008 DVD kits, the Microsoft Management Summit DVD kits are still shipping, just in case I didn’t mention this before.

It’s a TWO disc set of DVD’s that showcases all the highlights of the Microsoft Management Summit in Las Vegas this year.  Here’s a quick run down of some of the things they went over:

Recent Microsoft product releases which will be covered in detail during MMS 2008 include:

• System Center Operations Manager 2007
• System Center Configuration Manager 2007
• System Center Data Protection Manager 2007
• System Center Virtual Machine Manager 2007
• System Center Essentials 2007
• System Center Remote Operations Manager 2007
• System Center Capacity Planner 2007
• Desktop Optimization Pack for SA
• Windows Server Update Services 3.0

In addition during the event there will be early looks at some releases due to ship during the coming year, including:

• System Center Configuration Manager 2007 SP1
• System Center Configuration Manager 2007 R2
• System Center Operations Manager 2007 SP1
• System Center Mobile Device Manager

…and a ton of hands-on-labs.  Kit price is $250.

(As usual, if you’re a customer of mine, and you’re interested in a kit, let me know and I’ll see if I can get one comped for you.)

LINK:  https://shop.ecompanystore.com/mseventdvd/MSD_productdetail.asp?EventID=70873&TYPE=Microsoft+Management+Summit+2008