How to Activate Windows Server 2008 R2 180 Days Trial

Problem: When you download and install Windows Server 2008 R2 (with or without SP1) 180 days trial software, it prompts for activation within 10 days of installation by default. So how does one activate the trial for 180 days as specified by Microsoft?

Answer:

Step 1: Install Windows Server 2008 R2 (with or without SP1) 180 days trail software.

Step 2: After a successful installation, when “Configure your Server” windows opens, click on Activate Windows or open Windows Activation.

Step 3: At the “Enter the Product Key” leave the Product Key field blank and click ‘Next’.

Step 4: Click Yes on the Confirmation Dialog box. The wizard connects to the Windows Activation service and shows “Activation was successful” messege as shown below:

System Center Hands-on-Labs Workshop for IT Pros

SCCM 2007 HOL

Linux Integration Services Version 3.1 for Hyper-V – Part 1 – Installation

When installed on a virtual machine that is running a supported Linux operating system, Linux Integration Services for Hyper-V provides the following functionality:

• Driver support: Linux Integration Services supports the network controller and the IDE and SCSI storage controllers that were developed specifically for Hyper-V.
• Fastpath Boot Support for Hyper-V: Boot devices now take advantage of the block Virtualization Service Client (VSC) to provide enhanced performance.
• Timesync: The clock inside the virtual machine will remain synchronized with the clock on the virtualization server with the help of the pluggable time source device.
• Integrated Shutdown: Virtual machines running Linux can be shut down from either Hyper-V Manager or System Center Virtual Machine Manager by using the “Shut Down” command.
• Symmetric Multi-Processing (SMP) Support: Supported Linux distributions can use up to 4 virtual processors (VP) per virtual
  machine.

 Note -SMP support is not available for 32-bit Linux guest operating systems running on Windows Server 2008 Hyper-V or Microsoft Hyper-V Server 2008.

• Heartbeat: Allows the virtualization server to detect whether the virtual machine is running and responsive.
• KVP (Key Value Pair) Exchange: Information about the running Linux virtual machine can be obtained by using the Key Value
  Pair exchange functionality on the Windows Server 2008 virtualization server.

Supported Guest Operating Systems

This version of Linux Integration Services supports the following guest operating systems and virtual CPU (vCPU) configurations:

• Red Hat Enterprise Linux 6.0 and 6.1 x86 and x64 (Up to 4 vCPU)
• CentOS 6.0 x86 and x64 (Up to 4 vCPU)

Other supported operating systems (including SUSE Linux Enterprise Server 10 and Red Hat Enterprise Linux 5) should use the version of
Linux Integration Services available at http://www.microsoft.com/downloads/en/details.aspx?FamilyID=eee39325-898b-4522-9b4cf4b5b9b64551

How to Install Linux Integration Services Version 3.1 on Red Hat Enterprise Linux 6

To install Linux Integration Services Version 3.1:

1. Open Hyper-V Manager: Click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. Create a new virtual machine where you will install Linux: In the Actions menu, click New, and then click Virtual Machine.
3. Specify the Linux installation media:
   Right-click the virtual machine that you created, and then click Settings. In IDE Controller, specify one of the following:
1. An image file in ISO format that contains the files required for installation
2. A physical CD/DVD drive that contains the installation media
4. Turn on the virtual machine: Right-click the virtual machine that you created, and then click Connect.
1. Begin installing Linux.
2. When prompted, restart the virtual machine and complete any first-boot configuration tasks.

Note: Unless a legacy network adapter was added during the virtual machine’s initial configuration, the virtual machine will not have any network support.

1. Log on to the virtual machine.
2. In Hyper-V Manager, configure LinuxIC v30.ISO (located in the directory where you extracted the downloaded files) as a physical CD/DVD drive on the virtual machine.
3. As the root user, mount the CD in the virtual machine by issuing the following command at a shell prompt:

# mount /dev/cdrom /media

4. As the root user, run the following command to install the synthetic drivers. A reboot is required after installation.

For 32-bit versions:

 # rpm –ivh /media/x86/kmod-microsoft-hyper-v-rhel6-60.1.i686.rpm

# rpm –ivh /media/x86/microsoft-hyper-v-rhel6-60.1.i686.rpm

# reboot

 For 64-bit versions:

 # rpm –ivh /media/x86_64/kmod-microsoft-hyper-v-rhel6-60.1.x86_64.rpm

# rpm –ivh /media/x86_64/microsoft-hyper-v-rhel6-60.1.x86_64.rpm

# reboot

Verifying Linux Integration Services Version 3.1 Functionality

Linux Integration Services provides support for the modinfo command. To get module information for each installed kernel module, run
the following command:

# /sbin/modinfo hv_vmbus

filename: /lib/modules/2.6.32-71.el6.i686/extra/hv_vmbus.ko

version: 3.1

license: GPL

srcversion: 56F00728DAE99444BE1FD9B

alias: acpi*:VMBus:*

alias: acpi*:VMBUS:*

depends:

vermagic: 2.6.32-71.el6.i686 SMP mod_unload modversions 686

parm: vmbus_loglevel:int

This command can be repeated for all kernel modules (hv_vmbus, hv_netvsc, hv_storvsc, hv_blkvsc, and hv_utils).

To verify that all subcomponents are running,, as the root user, issue the following command at a shell prompt:

# /sbin/lsmod | grep hv

The output should include lines similar to the following example:

hv_utils 4747 0

hv_netvsc 57832 0

hv_timesource 0 [permanent]

hv_storvsc 50288 0

hv_blkvsc 54032 3

hv_vmbus 70120 3
hv_netvsc,hv_storvsc,hv_blkvsc,hv_utils,hv_timesource,[permanent]

 Note : Your file system type or other local factors might result in different file sizes in your deployment.

• “hv_netvsc” provides support for the synthetic network card.
• “hv_storvsc” provides support for the synthetic SCSI controller and disks.
• “hv_blkvsc” provides support for synthetic IDE  disks and fastpath boot.
• “hv_timesource” is the pluggable time source module to assist in accurate timekeeping in the virtual machine.
• “hv_vmbus” is the fast communication channel between the server running Hyper-V and the virtual machine.
• “hv_utils” provides integrated shutdown, key value pair data exchange, and heartbeat.

Information Protection Technologies

Following is a table that recommends the most appropriate data protection technology that can be used to protect High Business Impact information while sharing it on different platforms:

Technology	IRM	S/MIME	EFS	BitLocker and BitLocker To Go™
Technology description	Enables you to apply specific access permissions to documents, workbooks, and presentations to prevent unauthorized forwarding, printing, or copying; and to set expiration dates after which files no longer are available or usable.	Enables you to encrypt and/or digitally sign your e-mail messages so that only the people you specify can access them.	Encrypts your files or folders, and requires users other than you to enter the appropriate decryption key before they can access the encrypted content.	Protects data on your computer by preventing unauthorized access to the hard disk drive
Transmit with internal e-mail	Acceptable solution	Preferred solution
Transmit with external e-mail		Preferred solution
Share by using SharePoint	Preferred solution
Share by using Sharepoint Workspaces	Preferred solution
Storing on a computer New hardware running Windows Vista® or newer	Acceptable solution		Acceptable solution	Preferred solution
Storing on a computer Old hardware running Windows Vista or older	Preferred solution		Acceptable solution
Storing on removable mediaUse Windows 7 or Windows Server® 2008 R2			Acceptable solution	Preferred solution

For more information and recommendations on How to Secure Business Information, download the Securing Business Information Work Smart Guide from Microsoft IT.

Evaluate the real Power Consumption of your PC using PowerCfg

PowerCfg is a utility built into Windows 7 OS, that can be used for evaluating system energy efficiency of the system. IT professionals can use these PowerCfg enhancements to diagnose and resolve end-user problems with portable computer battery life and desktop energy efficiency.

In addition to power policy configuration, PowerCfg also enables system manufacturers to inspect a Windows platform for common energy efficiency problems. Many individual energy efficiency problems can be detected, including inefficient power policy settings, USB device selective suspend issues, and platform firmware problems that relate to processor power management capabilities. Here is a video that shows how to use PowerCfg to evaluate system energy efficiency and details the energy efficiency problems that might be detected.

Automating with Windows Powershell

Windows PowerShell™ is a task-based command-line shell and scripting language designed especially for system administration. Built on the .NET Framework, Windows PowerShell™ helps IT professionals and power users control and automate the administration of the Windows operating system and applications that run on Windows.

Built-in Windows PowerShell commands, called cmdlets, let you manage the computers in your enterprise from the command line. Windows PowerShell™ providers let you access data stores, such as the registry and certificate store, as easily as you access the file system. In addition, Windows PowerShell™ has a rich expression parser and a fully developed scripting language.

Windows PowerShell™ includes the following features:

• Cmdlets for performing common system administration tasks, such as managing the registry, services, processes, and event logs, and using Windows Management Instrumentation.
• A task-based scripting language and support for existing scripts and command-line tools.
• Consistent design. Because cmdlets and system data stores use common syntax and naming conventions, data can be shared easily and the output from one cmdlet can be used as the input to another cmdlet without reformatting or manipulation.
• Simplified, command-based navigation of the operating system, which lets users navigate the registry and other data stores by using the same techniques that they use to navigate the file system.
• Powerful object manipulation capabilities. Objects can be directly manipulated or sent to other tools or databases.
• Extensible interface. Independent software vendors and enterprise developers can build custom tools and utilities to administer their software.

Watch this video to see how easily you can automate IT Tasks with Windows Powershell:

 

Technorati Tags: Powershell,Windows 7,Windows Server 2008,R2,exchange,scripting

What makes Windows 7 and Windows Server 2008 ‘Secure by Default’

Security is an integral part of how Microsoft’s new Client (Windows 7) and Server (Windows Server 2008) are designed and coded.

Microsoft Security Development Lifecycle

The concepts that make up the Microsoft Security Development Lifecycle (SDL) were formed with the Trustworthy Computing (TwC) directive of January 2002. At that time, many software development groups at Microsoft instigated "security pushes" to find ways to improve the security of existing code.

Becoming a mandatory policy in 2004, the Microsoft SDL was designed as an integral part of the software development process at Microsoft. The development, implementation and constant improvement of the SDL represents a strategic investment for Microsoft, and an evolution in the way that software is designed, developed, and tested.

Watch this video to know what makes Windows 7 and Windows Server 2008 ‘Secure by Default’ and ‘Secure by Design’

 

 

The Microsoft SDL has now matured into a well defined methodology. The increasing importance of software to society emphasizes the need for Microsoft and the industry as a whole to continue to improve software security. To that end, Microsoft committed in 2005 to supporting a more secure and trustworthy computing ecosystem and has made guidance papers, tools and training resources available to the public.

Next Steps

Know more about the Security in Windows Server 2008 and Windows Server 2008 R2

Know more about Security Enhancements in Windows 7

 

 

Technorati Tags: Windows 7,Security,Windows Server 2008,R2,SDL

Using a Data Recovery Agent to Recover BitLocker-Protected Drives in Windows 7

Data recovery agents are individuals whose public key infrastructure (PKI) certificates have been used to create a BitLocker key protector, so those individuals can use their credentials to unlock BitLocker-protected drives. Data recovery agents can be used to recover BitLocker-protected operating system drives, fixed data drives, and removable data drives. However, when used to recover operating system drives, the operating system drive must be mounted on another computer as a data drive for the data recovery agent to be able to unlock the drive. Data recovery agents are added to the drive when it is encrypted and can be updated after encryption occurs.

Pre-requisites

To complete the procedures in this scenario:

• You must be able to provide administrative credentials.
• Your computer must meet BitLocker requirements.

 

Complete the following procedures in order.

To enable BitLocker to use self-signed certificates

1. Click Start, type regedit in the Search programs and files box, right-click regedit.exe, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

2. In Registry Editor, navigate to \HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE.

3. On the Registry Editor menu, click Edit, point to New, and then click DWORD (32-bit) Value.

4. Type SelfSignedCertificates, and then press ENTER to create the SelfSignedCertificates key value.

5. Right-click SelfSignedCertificates, and then click Modify.

6. In Value data, type 1.

BitLocker can now use self-signed certificates.

To obtain a self-signed certificate to test BitLocker and data recovery agents

1. Open a text editor such as Notepad, and paste the following information into a new file:

   [NewRequest]

   Subject = "CN=BitLockerDRA"

   KeyLength = 2048

   ProviderName = "Microsoft Smart Card Key Storage Provider"

   KeySpec = "AT_KEYEXCHANGE”

   KeyUsage = "CERT_KEY_ENCIPHERMENT_KEY_USAGE"

   KeyUsageProperty = "NCRYPT_ALLOW_DECRYPT_FLAG"

   RequestType = Cert

   SMIME = FALSE

   [EnhancedKeyUsageExtension]

   OID=1.3.6.1.4.1.311.67.1.2

2. Save the file with the name bldracert.txt.

3. Insert a smart card into the smart card reader of the computer.

4. Click Start, type cmd in the Search programs and files box, right-click cmd.exe, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

5. In the Command Prompt window, navigate to the location where you saved the blcert.txt file, and type certreq –new bldracert.txt to request a new certificate based on the parameters identified in the file. There may be a slight delay while the request is carried out, and you may be prompted to insert your smart card and type your PIN.

6. When prompted to save the request file, type a file name, and click Save.

You now have a data recovery agent smart card certificate that is appropriate for use with BitLocker.

To export a BitLocker DRA certificate

1. Click Start, and then type certmgr.msc to open the Certificates snap-in.

2. In the console tree, expand Personal, and then click Certificates.

3. Double-click the BitLockerDRA certificate to display the certificate properties sheet.

4. Click the Details tab, and then click Copy to File to start the Certificate Export Wizard.

5. On the Welcome to the Certificate Export Wizard page, click Next.

6. On the Export Private Key page, verify that No, do not export the private key is selected, and then click Next.

7. On the Export File Format page, verify that DER encoded binary x.509 (.CER) is selected, and then click Next.

8. On the File to Export page, click Browse to display the Save as dialog box. In File name, type BitLockerDRA. In Save as type, verify that DER Encoded Binary X.509 (.cer) is selected, and then click Save to return to the File to Export page. The File name box on the wizard page should now display the path to the BitLockerDRA.cer file in your document library. Click Next.

9. On the Completing the Certificate Export Wizard page, verify that the information displayed is correct, and then click Finish.

10. When the certificate has been exported, the Certificate Export Wizard dialog box will be displayed with the message The export was successful. Click Close to close the dialog and the wizard.

To add a BitLocker data recovery agent and unlock a drive

1. Click Start, type gpedit.msc in the Search programs and files box, and then press ENTER.

2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

3. In the console tree under Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Public Key Policies, right-click BitLocker Drive Encryption, and then click Add Data Recovery Agent to start the Add Recovery Agent Wizard.

4. On the Select Recovery Agents page, click Browse Folder to select the BitLockerDRA.cer file you exported in the previous procedure. If you did not need to export a certificate because you already had deployed a PKI with the necessary certificates, click Browse directory to choose a certificate from Active Directory Domain Services.

5. If you are prompted to install the certificate, click Yes. You can repeat this process as necessary to add multiple data recovery agents. After all data recovery agent certificates you want to use have been specified, click Next.

6. On the Completing the Recovery Agent Wizard page, click Finish to add the data recovery agent.

7. If you have not configured the Group Policy setting to specify the BitLocker identification field, complete Configuring the BitLocker Identification Field (Windows 7) before continuing with this scenario.

8. Encrypt a data drive as described in Turning On BitLocker Drive Encryption on a Fixed or Removable Data Drive (Windows 7). For a data recovery agent to be able to unlock a drive, the BitLocker identification field must be present and match the identification field defined for your organization.

9. To put the drive into a locked state so that you can test the data recovery agent, click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes. Type the following command, replacing Volume with the drive letter of the BitLocker-protected drive you want to lock:

   Manage-bde –lock Volume :

   Do not close the Command Prompt window.

10. Now that the drive is locked, you can unlock it by using the data recovery agent. First, you need the certificate thumbprint of the data recovery agent. To find this, at the command prompt, type the following command, replacing Volume with the drive letter of the BitLocker-protected drive you want to unlock:

    Manage-bde –protectors –get Volume :

    The key protectors identified for the drive are displayed. Find the key protector identified as Data Recovery Agent (Certificate Based), and record the certificate thumbprint.

11. To unlock the drive, type the following command, replacing CertificateThumbprint with the actual certificate thumbprint of the data recovery agent recorded in the previous step:

    Manage-bde –unlock Volume : -cert –ct CertificateThumbprint -PIN

12. Enter your smart card PIN when prompted. The drive is unlocked.

By completing the procedures in this scenario, you have assigned data recovery agents to BitLocker and used a data recovery agent to unlock a BitLocker-protected drive.

 

Excerpt from : BitLocker Drive Encryption Step-by-Step Guide for Windows 7

 

 

Technorati Tags: Windows 7,Security,Bitlocker,BDE,Recovery,Data Protection

Microsoft RemoteFX – Finally here in SP1

Were you always missing the rich media experience while using Windows 7 in a virtualized environment? Were always wishing that the external devices like USB sticks attached to the client could work seamlessly with the virtual system? All this and much more… is finally here.

With the addition of Microsoft RemoteFX in Windows Server 2008 R2 SP1, a new set of remote user experience capabilities that enable a media-rich user environment for virtual desktops, session-based desktops and remote applications is introduced. Harnessing the power of virtualized graphics resources, RemoteFX can be deployed to a range of thick and thin client devices, enabling cost-effective, local-like access to graphics-intensive applications and a broad array of end user peripherals, improving productivity of remote users.

RemoteFX can function independently from specific graphics stacks and supports any screen content, including today’s most advanced applications and rich content (including Silverlight and Adobe Flash), ensuring that end users maintain a rich, local-like desktop experience even in a virtualized thin-client environment.

RemoteFX also adds mainstream USB device support to virtual desktop computing, including support for USB drives, cameras and PDAs connected to the client device. RemoteFX also provides a platform for hardware and software partners to enhance RemoteFX capabilities in a variety of possible host, client and network configurations.

To use RemoteFX, the virtualization server must be running Windows Server 2008 R2 with SP1, the virtual machine must be running Windows 7 Enterprise with SP1 or Windows 7 Ultimate with SP1, and the remote client computer must be running either Windows Server 2008 R2 with SP1 or Windows 7 with SP1. To connect to the virtual machine, the remote client computer requires an updated version of Remote Desktop Services (included in the service pack for all editions of Windows 7).