Innovative Technology Weblog

Last Tuesday at the Microsoft Tech•Ed Europe 2009 conference in Germany, Microsoft Business Division President Stephen Elop announced that Microsoft Exchange Server 2010 is now available worldwide to help businesses reduce costs, protect communications and delight e-mail users. Along with Windows 7 and Windows Server 2008 R2, Exchange Server 2010 is part of a generation of solutions designed for increased business productivity and cost savings.

 In today’s challenging economic environment, innovative use of new information technologies can result in improved operational efficiency and reduced costs. The combination of cost savings coupled with improved productivity and innovation is defined as “the New Efficiency.”

 Elop also announced the release of Forefront Protection 2010 for Exchange Server, which helps Exchange Server customers further safeguard business information.

 “Exchange Server 2010 customers are already reporting cost savings of up to 70 percent thanks to a simplified high-availability model and support for lower-cost storage. Customers are also seeing productivity gains of more than 20 percent with a universal inbox that delivers e-mail, voice mail, instant messaging and text messaging consistently across virtually any device,” Elop said. “Together with Windows 7 and Windows Server 2008 R2, the combined cost savings and improved productivity helps customers generate long-term business success.”

 According to a commissioned study of technology early adopters conducted by Forrester Consulting on behalf of Microsoft Corp., a customer can see a payback period of less than six months when upgrading to either Exchange Server 2010* or Windows Server 2008 R2.**

 Customers such as Bank of America Corp., Carnival Cruise Line, Global Crossing, Lifetime Products, Morgan Keegan & Co. Inc., NEC Philips, Subaru Canada Inc. and Telekom Austria Group are deploying Exchange Server 2010 and report impressive results with the new server.

 “We have increased storage eightfold at 25 percent of the cost with Exchange Server 2010 and our employees are seeing a reduction of unwanted e-mail by more than 70 percent, freeing us up to focus on more important client issues,” said Steve Derbyshire, operations director, NEC Philips.

 Organizations including Automatic Data Processing Inc., BMW, Baker Tilly, the City of Miami, Energizer, Getronics and Pella Corp. are deploying Windows 7 and report gains in efficiency for both business users and IT. Customers report improved user productivity and easier information access, reduced costs with streamlined management, and reduced risk through better security and increased desktop control. Supporting detail is available in recent total cost of ownership studies and analyst survey reports at http://www.microsoft.com/windows/enterprise/products/windows-7/default.aspx.

 Businesses are seeing equally significant results from Windows Server 2008 R2, with customers including Continental Airlines Inc. (U.S.), Chester Zoo (U.K.), Combell Group NV (Belgium), FinPro (Finland), Wacom Europe GmbH (Germany) and Wortell (Netherlands) noting cost savings through server consolidation, reduced power consumption and improved service levels.

 “With Windows Server 2008 R2, we’ve been able to dramatically reduce costs in our IT infrastructure while simplifying management,” said Phil Morris, IT manager, North England Zoological Society/Chester Zoo. “By virtualizing our environment with Windows Server 2008 R2 Hyper-V, we have reduced the number of servers in our environment by 80 percent while maintaining the high availability our retail staff, researchers and management team need.”

 “Windows Server 2008 R2 brings many efficiencies to our customers, including enabling new virtualization scenarios,” said Bill Laing, corporate vice president for the Windows Server and Solutions Division at Microsoft. “We’ve added the next generation of hypervisor and the new ability to perform Live Migration of virtual machines. Many customers are already seeing tangible results since deploying Windows Server 2008 R2 with Hyper-V.”

 Elop said more than 45,000 partners are trained on Windows Server 2008 R2 and Exchange Server 2010, with several partners announcing new services and solutions today, including Advanced Micro Devices Inc., Avanade, Dell Inc., EMC Corp., Kaspersky Lab, Symantec Corp. and Unisys Corp.

 Exchange Server 2010 and Forefront Protection 2010 for Exchange are available now for trial at http://www.thenewefficiency.com, along with more information about Windows 7, Windows Server 2008 R2 and partner solutions.

Howto deploy a Federated Search Connector in Windows 7

Yesterday we had a kickoff for an Early Adopter Windows 7 Community @ Microsoft in the Netherlands.
One of the presentations was about Federated Search and how this nice option will make our work much easier.

Some people were wondering howto deploy a Federated Search Connector in an Enterprise Environment, but nobody seems to know the answer. Reason for me to find out how to do this.

As for most solutions, it is not the only or the best solution, but because I like Group Policy Preferences (GPP) so much I developed a way to deploy a search connector using GPP.

In this example I will deploy the Youtube connector.
(Look for more connectors on : http://www.sevenforums.com/tutorials/742-windows-7-search-federation-providers.html)

On an admin PC just doubleclick on the downloade file, this will install the Search Connector on your PC, in fact it will install it in your user profile.

Now we need 2 files from your profile, first look up C:\USERS\<YOUR USERNAME>\LINKS\YOUTUBE.LNK
Before you copy this file right click it, choose properties and change the targetlocation to : C:\Users\%USERNAME%\Searches\Youtube.searchConnector-ms

Now copy this file to for example your NETLOGON share.

After that copy the file C:\USERS\<YOUR USERNAME>\SEARCHES\Youtube.searchConnector-ms to the NETLOGON share.

We’ve got the files that we need to deploy it to our users.

Logon to your domain controller (or the machine that you use to manage Group Policy) and open the Group Policy Management Console.
N.B. To manage Group Policy Preferences you need a Windows Server 2008 (R2), Windows Vista or Windows 7 machine.

Open your User policy and expand the User Configuration node.
Now go to Preferences -> Windows Settings -> Files.

Add these 2 files :

If you close the file screens, the preference screen will look like this (except for my domain name )

Now the only thing you have to do is wait until the user policy is refreshed ( a user does not have to take any action and will see the search provider automaticly)
And if you cant wait, just use the good old GPUPDATE.

Thats it for now, please enjoy.

Regards,

Erik

I noticed that is currently is impossible or at least difficult to apply Disk Quota’s based on Security Groups instead on Folder location / users. In this article I will try to explain a solution for this problem.

 

To successfully apply quota’s to groups, you need the following things:

• Windows 2008 Domain Controllers for Group Policy Preferences
• File Server Resource Manager (available on Windows Server 2003 R2 and Server 2008)
• A single file server
• Security Groups
• Vb Scripts

• Event triggered tasks

 

In this situation, there are 3 quota templates defined in the File Server Resource Manager:

• Bronze (100 MB), applied to the share \\SERVER1\HOME$\BRONZE
• Silver (200 MB), applied to the share \\SERVER1\HOME$\SILVER
• Gold (500 MB), applied to the share \\SERVER1\HOME$\GOLD

  

Ok here we go! This how-to is pretty straight forward, so if I am going to fast plz let me know!

 

1: Create the required QUOTA templates in FSRM (BRONZE, SILVER, GOLD)

2: Create a HOME$ share on a fileserver (in this example SERVER1)

3: For every QUOTA template, create a separate subfolder with the Quota name (BRONZE, SILVER and GOLD).

4: Apply the QUOTA templates on the in step 3 created folders (BRONZE -> BRONZE. SILVER -> SILVER etc)

5: Create three security Groups (in this example BRONZE, SILVER and GOLD)

6: Create a folder redirection policy for Desktop and Documents and configure it as show in the pictures below:

(pictures only show the BRONZE part, also add the SILVER and GOLD Groups\locations)

A while ago Otto Helweg wrote how to use the Task Scheduler shipped with Vista and Windows Server 2008 to create triggers based on certain events logged in the eventlogs. This post explains how to use event specific data in a triggered action to automate almost everything you can think of.

 

For example:

In company X, a drive mapping to a certain UNC share is based upon Group Membership.

There are 2 Groups that map the letter P. If the user is member of the Group Sales, he gets the mapping \\server1\sales. If the user is member of the Group Reception, he gets the mapping \\server1\reception.

 

What happens if the user is member of these 2 groups? Well that depends on the scripting capabilities of the IT department (or the way Group Policy Preferences is used).

I can tell you that something is not right…

 

What would you do?

 

At the moment, you depend on the user to report this so an administrator can remove the user from the other group.

 

 

1: Create the Task

 

Open the Event viewer on the Windows 2008 Domain Controller, and look for the event “4732″. (this is the event generated when a user is added to a domain local group).
This event can be found in the Security container. Right click the event and select “Attach Task To This Event…”

 

You are prompted to fill in a wizard. The only part of the wizard that requires some kind of input is the “Action” part. It doesn’t really matter what you do here, because we will change it later.

After the wizard is complete, open the task scheduler (start, type in task and press enter).
You can see the following is added:

 

 

2: Export the Task

From within Task Scheduler, export the task (as an XML file).

 

 

3: Modify the Task so it only reacts on specific 4732 events.

 

Currently the trigger is activated with every “Local Group membership change”.
We don’t need that!!! To fix this, we need to edit the exported XML with notepad and change the following text:

 

<Triggers>

    <EventTrigger>

      <Enabled>true</Enabled>

      <Subscription>&lt;QueryList&gt;&lt;Query Id=”0″ Path=”Security”&gt;&lt;Select Path=”Security”&gt;*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and EventID=4732]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>

    </EventTrigger>

  </Triggers>

 

to: 

 

<Triggers>

    <EventTrigger>

      <Enabled>true</Enabled>

      <Subscription>&lt;QueryList&gt;&lt;Query Id=”0″ Path=”Security”&gt;&lt;Select Path=”Security”&gt;*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and EventID=4732]] and *[EventData[Data[@Name="TargetUserName"]=”SALES”]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>

                </EventTrigger>

   </Triggers> 

 

By adding this line, the scheduled task is only responding to event 4732 if the value TargetUserName equals SALES (in this case this is the Local Security Group Name).

*[EventData[Data[@Name="TargetUserName"]=”SALES”]]

 

For example: If you would like to filter on certain users, you can use “MemberName” instead of “TargetUserName”).

 

 If you look at the XML view of an event, you will see how the filter works (open an event -> details -> XML view).

 

4: Modify the Task so we can use certain data from the event

 

 Now we can add some lines to use the data from the event to pass along to the action we will configure later. First we have to determine which information we want to use.
This is the Event in XML view (for me the only interesting part is the EventData section):

<Eventxmlns=”http://schemas.microsoft.com/win/2004/08/events/event”>
<System>
 <EventData>

                <Data Name=”MemberName”>CN=Benno Zelders,DC=TEST,DC=lan</Data>

                <Data Name=”MemberSid”>S-1-5-21-4012033790-4084158397-284283626-1332</Data>

                <Data Name=”TargetUserName”>SALES</Data>

                <Data Name=”TargetDomainName”>TEST</Data>

                <Data Name=”TargetSid”>S-1-5-21-4012033790-4084158397-284283626-1333</Data>

                <Data Name=”SubjectUserSid”>S-1-5-21-4012033790-4084158397-284283626-1206</Data>

                <Data Name=”SubjectUserName”>administrator</Data>

                <Data Name=”SubjectDomainName”>TEST</Data>

                <Data Name=”SubjectLogonId”>0×55193</Data>

                <Data Name=”PrivilegeList”>-</Data>

 </EventData>

</Event>

 

I personally find it very useful to use <Data Name=”MemberName”>, because it shows which user is added to the group. To allow the eventdata parameter to pass along to the action, we need to add the following lines to the XML just before the </EventTrigger> line:

 

<ValueQueries>
<Value name=”MemberName”>Event/EventData/Data[@Name='MemberName']</Value>
</ValueQueries>

 

 The end result of the <Triggers> part of the XML is:

 

<Triggers>

<EventTrigger>

<Enabled>true</Enabled>  

<Subscription>&lt;QueryList&gt;&lt;Query Id=”0″ Path=”Security”&gt;&lt;Select Path=”Security”&gt;*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and EventID=4732]] and *[EventData[Data[@Name="TargetUserName"]=”SALES”]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>

 <ValueQueries>
 <Value name=”MemberName”>Event/EventData/Data[@Name='MemberName']</Value>

</ValueQueries>
</EventTrigger>

</Triggers>

 

Now we can use the $(MemberName) variable in an action!.

 

5: Import the “Modified XML” in task scheduler

 

First we have to delete the original task from the task scheduler.

After this is done, we can import the modified XML by right clicking folder “Event Viewer Tasks” and select “Import Task”

 

 

 

6: Create the action using the variable

 

First remove the action created in the wizard (open the task, go to “Actions” and remove the existing action.  Now we can create the action to automatically remove the user from the “RECEPTION” group after he is added to the “SALES” group.  (Click New and select “Start a program”). This can be accomplished running a command by using the Active Directory extensions for powershell from QUEST (to automatically load the Quest snap-in, see this page).

 

 
Program/script:    Powershell.exe
Add arguments:    -command Remove-QADGroupMember –identity RECEPTION –member ‘$(MemberName)’

 

And click ok twice.

 

Now the user is automatically removed from the group RECEPTION after it is added to the SALES group. (if it doesn’t work, check the “Run with highest privileges” option in the tab “General”. UAC can block this action).

 

Of course this can be fine-tuned, but you get the idea right? Now it is possible to create all sort of tasks that use data passed through from an event!

 

Regards,
Benno Zelders

In an experiment in cooperation with some collegues @ VMWare and CAPGemini we developed a virtualized, portable MS Groove environment that can be started from a USB device. We had to call in support from VMWare because ThinApp wouldn’t start Groove. After making a bug report VMWare took it up seriously and supplied me with a version that does work! We are definately moving forward here; Groove without any additional infrastructural needs or traditional installation, running without administrative credentials and from a portable device is now very real. (will it work on Windows 7? More work to be done…)