This post (and the last few below) are late due to server outage while I went to Disney (more on that in other blog). TechEd ended at 4 PM last Friday June 8th. I went to sessions up the end as did many in the sessions with me, more than I thought. It is unfortunate that some of the best sessions were on the last day since quite a few people probably missed them.
Another good TechEd, I probably won't be back until '09. See you then.
This is the last session time of TechEd, the only people here are the people who really want to hear this session. There are quite a few people here even taking that into account.
Polling is bad, NotifyChange good. I need to check out Process Tree, very powerful.
I am going to distill the presentation down to use Process Monitor, it is very powerful. If you can get the deck or even better a recording it is well worth it for troubleshooting guidance.
Steve was also chatting with the crowd before he started. I asked him about speaking in foreign countries and he said he mostly speaks in English world wide. In Vietnam he said he had translator, which makes his presentation take a bit longer. The jokes are especially interesting with delayed laughter.
Hackers are no longer just script kiddies and hobbyists, it has moved to professionals for financial gain and even national security.
Phishing is not about stealing identity's (except maybe MySpace) it is about stealing money. Two-factor authentication won't stop phishing only change the attacks. Asian banks send an SMS challenge to cell phone for one time key, it actually works to prevent phishing.
Three dimensions of data:
Confidentiality - Public, Internal, Confidential, Private
Retention - Regulated, Contracts, Temporary
Recovery - Mission-Critical, Urgent, Non-Urgent
Encryption turns data into goo, unless you have the secret.
S/MIME for E-Mail
EFS and BitLocker for files / hard drive
RMS for controlling data flow
Steve went about 15 minutes long, but another good session.
I got the chance to talk with Mark before the session, really good guy. Just amazing his knowledge. Before the official talk began Mark took some questions and talked about his new role at Microsoft and how it affects his tools.
Everyone is standard user, even admin. The UAC prompt simply doesn't ask for username and password if you are already running as admin. However everything else runs as normal user.
In Vista many things that needed admin rights are now changed to standard user to lower the need for admin rights. A lot of applications force themselves to into places like HKLM\Software and Program Files needlessly.
I am still concerned about gotchas with virtualization and app changes or now multiple users. There are so many kernel mode storage level drivers I would love to see a hierarchy of them. Only HKLM\Software is virtualized, except Microsoft\Windows and Windows NT.
Standard User Analyzer could help me get BlackBaud apps working.
Elevation prompts are color coded: Blue - core windows; Grey - digitally signed code; Orange unsigned code. Elevated processes are isolated from other applications.
Integrity != Permission. A lower integrity process cannot write to higher level process or data but it can read from the data if it has access to it. What this means is a malware might not be able write itself to disk for persistence but it can read everything it has access to via permissions while it is running. By default you are standard user so the malware should be restricted.
This session I will admit is just for me. I am interested in this technology and want to see what they have to say about it.
By default Home Server backs up everything except page file and temp internet files. Open restores as mounted drive for easy access through explorer. Crashed HD recovery is done via boot cd and pulling back most recent full backup.
The way to think of Home Server is a further refined and wizard based version of Small Business Server which is a version of Windows Server. Each one has less features than the latter, but also as far less complexity to go along with it. Home Server is like a domain for your home when you don't have the understanding or need of a domain.
Full system backups via VSS. The backups are incremental block based backups. The backups are duplicate aware.
Home server will auto-configure a UPnP router. There will also be a name.homserver.com domain name created with dynamic DNS if you want to access server remotely. From the web site you can have access to all the shared folders, either personal or public. When you want to grab files it automatically zips the files and sends you the zip. You can connect to RDP of clients via Remote Server.
Under the covers this machine is a Windows 2003 Server machine. Anything that a 2003 server can do, this server can do in theory. However most (the majority) of features are not exposed in UI, only those that the product is target toward. There is a limit of 10 clients and 10 users on the server.
The audience for this session want to push this product way beyond its defined market. Lots of question around features it isn't intended for.
This is the sister session to the CLI426 session I went to earlier this afternoon. They are very similar topics and just cover different areas more applicable to either the client or server. It is in an even bigger room than his last session but it seems to be just as full.
Server 2008 is last 32-bit version of server. No more uni-processor kernel, no need. Hot add PCI-Express, Memory and even CPU. Crazy. New hardware reporting architecture.
Self-Healing NTFS now in Server 2008. Background process runs to monitor for corruption.
SMB2
There are much deeper differences between AMD Opteron's and Intel's Core Architecture based Xeon's then I ever realized. Opteron's are NUMA based (like the Xbox 360) and the Xeon's are not. Some of the details may make performance differences in quad core CPU's, especially in 2008. It will be interesting to see specific workload benchmarks between the two architectures.
Clean shutdown had been enhanced in Server 2008. Services can ask for delay. Service can take as long as they want as long as they respond. If service doesn't respond for 3 minutes, system gives up on it.
Address Space Load Randomization allows services, kernel, user space and programs to be in a different place every boot. This will prevent direct code injection based on memory location. Some viruses and other attacks used that as a vector.
Even really smart people like Mark have glitches, and Dave Solomon stopped in virtually to say hi.
I think the fact that this session is a repeat and was a late add really hurt its attendance. Also as soon as the session was announced about 1/3 - 1/2 of the already small crowd left. The crowd that is in here could easily fit in a smaller space. Luckily it is in the same place as my next session which is going to be much more full.
IIS7 is now option for server core. Redesigned Server 2008 for Web, much improved hardware allowances. Code has actually been removed from the base install for things not needed (or allowed) on Server 2008 for Web.
Running on IIS6 today - MySpace - 23 Billion pages/month; Microsoft.com - 10K/sec; Match - 30 Million pages/day.
No IIS6 critical patches since RTM, not a one.
IIS7 broken into 40 modules that can be installed by choice. Greatly reduce potential attack surface area and reduced footprint.
The metabase is dead, the world rejoices. Moving settings from one box to another is simply copy. The new IIS7 manager looks much more user friendly.
Demo virtual machine hiccups are painful sometimes.
IIS7 has hooks in PowerShell as well, definitely a good sign. IUSR no longer named with machine name, about time. IUSR now built into IIS, no password to worry about. URLAuth native in IIS7. IIS7 integrates URLScan style rules.
Mark's sessions are one of the major reasons I come to TechEd. I always look forward to his sessions.
The time slice scheduler has been re-written to work better and properly report using features in newer processors. Vista can give multimedia applications higher priority than other applications to make sure the sound and video are glitch free. I think I have seen this myself while playing podcasts through iTunes while playing highly demanding games. Protected processes were put in to allow for secure memory for DRM or encrypted media content.
Symbolic links are now in Vista, use mklink. You can cancel I/O such as net use to non-existent server. I/O prioritization allows for background applications such as virus scanning, without changing CPU priority. Bandwidth reservation for streaming I/O to ensure media plays properly, also optimizes size of I/O.
Superfetch uses all available memory in attempt to predict what you will want to do and speed it up. It even watches what you do at certain times of day to try and prepare the machine for next action. ReadyBoost, ReadyBoot, ReadyDrive are all ready to help you.
Dekayed auto start upon boot for services so that the logon process is more friendly for users. Things like Windows Update can do this, hopefully anti-virus will do it as well. More reliable sleep transitions. Vista doesn't ask to sleep it tells the apps and drivers to sleep.
Volume Shadow Copy in Vista. Enables rollback on the client just like Windows 2003 server did for server drives.
UAC in 10 minutes in this session, 75 minutes in the session I am going to tomorrow.
4 integrity levels
Low - Protected IE
Normal - LUA User
High - Elevated user
System - System process
Virtualized files might have a hidden (to me at least) gotcha. If you have an application that has virtualized files and then is upgraded to have a Vista capable manifest it won't have access to those previously virtualized files. This could catch a bunch of people of guard I think with application upgrades.
As some of you might have noticed there was a bit of confusion on the bus line this on Thursday morning. Apparently an unfortunate chap fell while getting off bus and broke his leg. From a distance I saw what looked like a Microsoft blue shirt, but I wasn't sure. Hopefully he isn't hurt too bad and I wish him a hasty recovery.
In the main expo hall there are two spotlight signs saying Best of TechEd 2007 over closed refreshment stands. Why are they there? It seems there should be something the lights should be drawing attention too?
HP is running a deal at TechEd that I just couldn't resist. They take $250 off a configured tx1000z tablet. Right now on the web there is already a $150 off instant rebate so it is actually only another $100 off. Also on the web they are running a deal for $50 off the 2 GB upgrade, free LightScribe DVD burner upgrade and free shipping. The biggest bang for the buck in the deal however is the free RETAIL copies of Windows Vista Ultimate DVD and Office 2007 Ultimate DVD. Right now on Amazon the pair go for $339.99 + 529.99 respectively and list for $399.95 + 679.95 so that adds another $869.98 in software at least. The machine itself also comes with at least Home Premium. I went ahead and placed an order for a machine and the total including tax was $1222.19 for the below config. This config is about as low as you can go since it has to start at $1399.99 to get the $250 off. If you are interested in laptop / tablet it is worth checking out.
HP Pavilion tx1000z CTO NB
- Genuine Windows Vista Home Premium (32-bit)
- AMD Turion(TM) 64 X2 Dual-Core TL-56(1.8GHz/1MB)
- 12.1" WXGA BrightView w/Integrated Touch-screen
- $50 off upgrade from 1GB (2 Dimm) to 2GB (2 Dimm)!
- NVIDIA(R) GeForce(R) Go 6150
- HP Imprint Finish + Microphone + Webcam
- 802.11b/g WLAN
- 80GB 5400RPM SATA Hard Drive
- FREE Upgrade - LightScribe DVD+/-RW w/Double Layer
- 6 Cell Lithium Ion Battery
- Microsoft(R) Works 8.0
Since I will be buying a new Exchange server in the next month I am curious to see what info this session has. Sizing knowledge from 2003 and before not very useful in regards to 2007.
Due to expanded memory footprint IOPs have greatly been reduced. Much larger cache allows for much less disc access. The more memory you have the less IOPs you need.
It sound like with 2007 I might be able to get my boss's multi-GB mailbox to open quickly, thus making here happy.
Luckily my puny 1000 users with about 40% concurrency I don't have to worry about the really high end issues. The biggest problem I have is huge mailboxes and provided speed for those users.
High FSB more important than GHz. Watch for memory speed as number of DIMMs increase. SAS is faster by about 10-15% than U320 SCSI.
The session could be Windows / Linux / Unix Network, centered on Windows due to audience. The whole session is LIVE, only 3 slides. Very popular session, even at 8 AM S330 is pretty much full.
Homemade trojan using Beast 2.07, inject into allowed programs, terminate anti-virus. Kind of scary to see how easy a trojan that he made in minutes was able to comprimise a machine.
The security guard and red shirts walking around forcing people to move isn't TOO distracting.
Second demo is using Core Impact, has an amazing list of known vulnerabilities. Hack the banner sites to quickly hit lots of (semi) trusted sites.
Third demo was code injection into SQL, almost too easy and poweful.
Fourth demo is wireless. WEP is a waste, don't do it. AirCrack. % minutes of traffic cracks 128 bit WEP. WPA problem is easy to guess keys. WPA key is stored on client.
Fifth demo is physical attack. Trick security is easiest access method. Foreign USB keys can be a huge risk.
Internal attacks are next. Grab the hash from one workstation. If as normal all local admin passwords are the same you can access any workstation. Find the workstation used by the Domain Admin. Dump the hashes on that one. Use hash injection tool to then access the domain controller. Scary stuff.
Great Session, it will be repeated tomorrow if you missed it.
Lots of cmdlets already built and lots more coming (soon hopefully). The only downside to PowerShell so far is that the Server 2008 management is NOT built on it. Why? I am guessing PowerShell wasn't ready in time to be a basis for 2008, coming in NT7 (Vista and 2008 are NT6 in case you are wondering).
PowerShell looks like it is working on text lists, but it is actually working on objects that have properties and possibly actions. The ability to open files and parse with a simple command is awesome, no more creating objects in VBScript.
The registry can be navigated from PowerShell just as a disk can be. Extensions have been created to add Active Directory as drive as well.
Quest has cmdlet plug-ins to add in AD (ADSI) access to PowerShell.
I thought Tuesday that started with sessions at 8:30 AM and the last session ending at 5:45 PM was long. On Wednesday though the TechEd organizers wanted to top themselves. Wednesday also started at 8:30 AM but the last session isn't ending until 6:45 PM. That is a long day by anyone's standards. On Thursday they split the difference by starting at 8 AM and ending at 5:45 PM. I remember previous TechEd's being long days, but this seems to be even more so. Maybe cut out a little of the junk in the middle of the day intended to force people into the partner pavilion next year?
This is another session I am looking forward to after seeing Johan's first one. He is really good presenter and knows his stuff.
It seems like I will have a little easier time since I don't have to worry about anything prior to WinPE 2.0. It sounds like there are a lot of fixes and new features are in the newer WinPE.
BCDEdit TFTP Block Size - Anticipating Windows Size of 8K
Default Domain Policy / Ris Settings / Enable Tools and Disable all others.
Hopefully I won't have to use most of the deep tricks that were shown, but it is good to know about them.
Public folder management through GUI is coming back in SP1, not in RTM. Quick find is also only in SP1. It looks like Exchange 2007 management is returning to Exchange 5.5 days of being able to do it all itself as opposed to Exchange 2000-3 where it handed everything over to Active Directory Users and Computers. One really cool feature is the one liner screen that shows the powershell command that was used to complete the command. This will allow people to create scripts much easier simply by watching what the GUI does. I will definitely be re-writing scripts this summer it seems.
At first I was worried about the slowness / dryness of session but now I am even more excited to start using Exchange 2007 and powershell. It looks like it will make my life that much easier. You can save the customized filters for easy access later too.
Need to look up slide deck for UNC309.
This is an update of the post I did 2 years ago. I thought I would add the more up to date list. Since I happen to be sitting near the signing board I can go back to the beginning. Looking at the complete list now it has been in Orlando six times including next year, New Orleans four times, Dallas twice and everywhere else only once. Maybe in '09 it will go back to New Orleans, hopefully it will be ready by then.
TechEd '93 - Orlando, FL
TechEd '94 - New Orleans, LA
TechEd '95 - New Orleans, LA
TechEd '96 - Los Angeles, CA
TechEd '97 - Orlando, FL
TechEd '98 - New Orleans, LA
TechEd '99 - Dallas, TX - Went
TechEd '00 - Orlando, FL
TechEd '01 - Atlanta, GA
TechEd '02 - New Orleans, LA - Went
TechEd '03 - Dallas, TX - Went
TechEd '04 - San Diego, CA
TechEd '05 - Orlando, FL - Went
TechEd '06 - Boston, MA
TechEd '07 - Orlando, FL - Going
TechEd '08 - Orlando, FL - Doubt I will make it, see you in '09
When it started in '93 with 2500 people it must have been about Windows 3.1, LAN Manger and maybe NT 3.1. Long time ago.
Lots of work has gone into Vista to extend and harden GPO.
Sound problems in S330 again, grr.
A lot of the info so far has been repeat of what I have heard in other sessions.
PolicyMaker has been acquired by Microsoft. It allows setting of far more settings it seems. GPOVault is also now included in Desktop Optimization Pack.
A lot of the stuff in session I had already heard in other sessions.
There is a wall of fabric to allow those who have been here for previous TechEd's to sign the wall. I signed all my years. It is interesting to see how the list shrinks the farther back you go.
The interactive projection wall near the store is fun. It is 2 or 3 projectors wide and it detects people in front of it. As it scrolls through various pictures each one is interactive. There is one with butterflies following people around, another that makes splashes that appear and lots of others. Just fun to watch and also funny when people don't realize it is happening and are surprised by it.
There are (at least) four people walking around in suits like the Channel 9 Guy for pictures and other fun. They are advertising Vista, Visual Studio and few other things.
One of the parts of TechEd I always enjoy is finding old friends and co-workers from years past. I will update this as the week goes on.
First Session - Steve Simmering (I always spell it wrong) from JDIS (Wordlink)
Second day at MS IAG Booth - Paul Edlund (He also was in that first session and asked question, just didn't realize it was him then) from Planet Technologies (Equest)
Third day at MS Compute Cluster Booth - Jeff Wierer (Again I never spell right) from Microsoft (Wordlink)
Server 2003 initial setup was very fragmented and overlapping with its tools. Server 2008 goal is to streamline the setup of roles in unified tools.
Events specific to a role can be shown easily. Also the services relating to that role are listed in the view. Overall view shows the roles status.
servermanagercmd -install ?? -whatif tells you what would need to be installed to enable a role.
Check out SVR312 session or deck.
Event forwarding should really help monitor tablets, especially errors. Event viewer custom views will be really useful, it is the same idea as filtering today but you can save the filter set for easy recall later.
Task scheduler is amazingly more robust. You can have a task fire on a trigger. Also the task can be controlled with much greater granularity.
You can search for GPO settings now and also add your own notes to add knowledge as to why the setting was used. New All Settings view, has literally thousands of settings. It can be searched and filtered however. Makes it easier to find settings.
WSUS 3.0 is MMC based not web based, woo-hoo. Built in cleanup wizards, about time.
This session is being given by one of the people Johan mentioned in his talk, which gives me hope it is a good session. This session seems to be more of an introduction to BDD2007, hopefully they will go more into how-to.
Refresh as a re-imaging option seems to have promise, I will have to test it for next summer. Need to research Windows Deployment Services for further automating the image deployment process.
Good into actual usage methodology. Richard walked though the entire process of creating a lite touch deployment and running through it. He had recorded screen captures to speed the process up since what he did would have taken several hours realtime.
The Zero Touch portion is meaningless to me since we don't use SMS. A little overkill for my environment.
BDD 2007 gets better over the next year with additional support.
My battery died so I am doing these notes from memory totally instead of during the session.
Exchange 2007 seems to have even more greatly defined the individual roles. There has also been a few roles added. The idea of admin groups has been dropped as has routing groups. Routing is now defined by the AD sites setup. New Edge server role is even more hardened for external facing.
The new setup process much better streamlined and resilient. ExBPA is integrated and will download latest knowledge before install runs. If install fails it will recover at that point rather than fully rolling back.
The install can be fully scripted and much more simply using powershell now. Powershell seems very powerful and I may be able to very simply replace some if not all of my VBS/ADSI scripts that I have now.
I am interested to see what is new in OWA 2007 and what features will be useful to the remote users. Quotas now displayed prominently in OWA. A lot more inline features such as search instead of pop-up windows. Upgrade Front End (CAS) servers first. SP1 is going to be adding (back) a bunch of OWA features.
Replacement themes seem easy to create.
I wanted to come to this session to see if there is anything I am missing in MOSS, haven't dug in very deep myself. I am hoping to get some ideas to take back to everyone else.
This session is very heavy on workflow. For me while interesting, the majority of it is beyond the scope of what we will be using MOSS 2007 for. I was hoping for a little more broad into parts of MOSS.
Infopath is something we might be able to use to recreate some forms more easily.
Sharepoint conference next year.
This session is about troubleshooting more than the new features in Vista GP.
Sound problems in room S330 again, just like last afternoon.
To create GP Central Stoe:
\PolicyDefinitions in SYSVOL
\EN-US inside the above
GPOGuy.com
ADMX Migrator
SysProSoft PolicyReporter
Look up folder redirection logging keys
Computer | Admin Temp | System | Verbose vs Normal status messages - really helps impatient users.
Great Session.
Funny, good start. It looks like some of this will also be bringing attention to things that were released in 2003 R2. You can have a File Server Role. Roles seem to be the extension of the installed features method in 2003.
Single Instance Storage on NTFS is going to be available in all versions of Server 2008, not just in Storage Server edition. About time.
It seems this session should have been titled Server 2003 R2 features that have been enhanced in 2008 or Features in 2008 that were also in 2003 R2 but you didn't know about.
It sounds like the way 2008 treats the users will not change at all from 2003 R2.
Good session, but not labeled correctly.
This session is about Volume Activation 2.0. Which comes down to MAK or KMS. I am going to have to deploy KMS and want to see some more info on it. So far this session has been an explanation of how the activation methods work, not as much about how to do it.
KMS can monitor MAK activation as well to some extent which can be useful.
The idea of having one presenter ask questions of the other presenter on just presented material is not a good presentation method. It just feels very forced way of repeating info.
I have a better understanding of VA2.0, however I don't really know anything about deploying KMS. It sounds like people aren't happy about the KMS 25 machine minimum limit.
My goal for this session is to better understand what BDD can do for me and how to use it to deploy Vista. Then I can hopefully go back and get it working. I thought the title sounded familiar. I have used this presenter's website to get some ideas already, really glad I came.
Driver injection seems very powerful and easy to utilize. Seeing this in action I think I may have to reconsider moving all my older images to BDD and not use the older imaging process. It is really cool. I thought my current process was easy, but I think this will even further simplify it.
Re-imaging in the summer could potentially get much cleaner and easier as well,
Important XP Sysprep Hotfix:
KB888111
KB883667
KB890463
You can target the settings based on many different criteria.
http://blogs.msdn.com/benhunter
http://blogs.msdn.com/mniehaus
He had seen the bug I am having, but couldn't remember the fix. I may email him if I still can't work around it.
I must admit about 90% of the reason I am here is Steve Riley. I have always enjoyed his sessions. I am also interested to hear what he has to say on this topic. Since the keynote ran long the session is starting 15 minutes late.
As usual Steve is roaming the audience while speaking. He remembered to introduce himself after a few minutes for those who are new. Then started with the MS / Starbucks coffee machine bug post from someone's blog.
Trust the data or trust the client? Is it mutually exclusive? Everything (everyone) coming in is evil until proven otherwise.
Physical Security is step one. Lots of things to consider.
Internet Application Gateway 2007 == Microsoft's implementation of SSL-VPN. Something that I was not familiar with. It seems interesting, not sure how I would use it though. Now I have an idea RDP gateway. More investigation needed.
IAG doesn't have everything that ISA has, but it does have a much larger feature set. Only available as a turnkey appliance not standalone software.
It seems that a lot of the System Center suites are too large for my network, it seems MOM or SCOM now is overkill for 10 servers. I might be wrong though.
Do you have an incident response plan? Most don't. Document everything.
Great session!
This year there is only one keynote. In previous years there was usually two. I guess this one will be focused on Server 2008, SQL 2008 and the next Visual Studio. The room setup especially for the keynotes still amazes me. Seating for everyone, even taking into account people don't like to sit near each other. Then a half dozen movie screen size projectors. The stage this year actually isn't too elaborate, just a dual screen podium.
The keynote started about 5-10 minutes late. It began as usual with a comedy sketch. This time it was based around Back to the Future and stared Christopher Lloyd as Doc Brown. Bob Muglia and Doc Brown went back to visit failed promises of the past like Halestorm and WinFS. If nothing else Microsoft seems to be able to admit mistakes and laugh at itself in these skits if not the rest of the time.
The majority of the keynote was about better responding to needs and clients, especially with what you already have. There was also a focus on flexibility and adaptability to changing needs. The second half of the keynote was all demos.
Unfortunately the majority of the keynote was beyond my scope. Since I only have 10 servers and 1000 clients I don't really need to run 20 virtual servers and be able to move them around. The most interesting one was using VS 2008 and Outlook 2007 to rapidly deploy new forms. Even though I am not a developer and can't quite do what they showed.
It wasn't a bad keynote, but it wasn't great (for me at least) either.
Remember how I said it was good that I was near the food from my hotel, well that was only today. Apparently they setup a special meal location just for today to go with the keynote location. The breakfast was usual fare, eggs, bacon, fruit and bagels. I tried to find a good table to sit at but failed. No real conversation at the table. Hopefully later meals will be more successful.
I walked over to the conference center from the Rosen Plaza Hotel where I am staying. I chose this hotel because it was very close to the conference center. The only problem was what part of the conference center it is near. It is near the West concourse. The west concourse is where the food and the keynote is, but everything else including check in is in the north and south concourses. It is about a mile from the point I entered the West concourse to check in. A good 25 minute from my hotel room. Still better than the bus I am sure.
Once I got to the South Hall I found the check in area. There is a line of 30-40 people to check in attendees. When I arrived there was only about 5 people to check in. After I got checked in the line of people began yelling out that they were available, it was like some surreal helpful carney's yelling for attention. I am sure tomorrow morning they will be swamped.
After I checked in I walked around the closed of show floor (from the outside) to get a feel for the layout. I also browsed the store to see if anything caught my interest. I will have to check the sharepoint stuff again later.
