Wednesday, May 30, 2012

Windows 7 – User always login with a temporary profile

Sometimes in Windows 7 it may happen for some reason (like accidentally delete a user profile) that a user starts to login with a temporary profile.

If this happens, you may follow this steps to resolve the issue:

  • Logon to the machine with the issue with an administrative account
  • Open the registry editor (start –> run –> regedit)
  • Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  • Under the ProfileList subkey, search for a SID that end with .bak

Now just restart the machine and everything should be fine.

Administrative shares on Windows 7

This one it’s just a small tip for everyone using a Windows 7 machine on as a standalone machine and not in a domain environment.

In Windows 7 the administrative shares (like C$ or ADMIN$) are still created, but they're not available out of the box for a standalone machine. To activate the administrative shares you need to:

Enable File and Print Sharing

  • Open Control Panel
  • Go to Network and Internet
  • Click on Network and Sharing Center
  • In the left column, click on Change Advanced sharing settings
  • Here you should have 2 network profiles. On the network profile you want select Turn On under the header File and Print Sharing

I believe you can also achieve this by going to Windows Firewall with Advanced Security and changing the File and Print Sharing rule to enable or allow.

Now…you still need to do a little tweak:

Registry Tweak

  • Open the registry editor (start –> run –> regedit)
  • Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  • Right-click on the right pane and create a new DWORD (32bits)
  • Give the new DWORD the name LocalAccountTokenFilterPolicy and give it the value 1

Now you just need to restart you machine and your are now able to access the machine administrative shares.

Saturday, May 26, 2012

MDOP - Microsoft BitLocker Administration and Monitoring Overview

Simplifying BitLocker management

BitLocker it’s a feature introduced by Microsoft since Windows Vista as a free alternative to other disk encryption software on the market.

In Windows 7 just the Enterprise and Ultimate flavors of the O.S. has the option to active BitLocker and this happens mainly because it’s the enterprises that use it most.
Although a lot of configurations regarding BitLocker can easily be done using Local/Domain Group Policies there’s a wide lack of options that can just be done directly on a machine.
Also, the task regarding to passwords recoveries, resets, are also a huge problem for everyone except domain administrators on a enterprise environment.

With all this in mind, Microsoft decided to create a new product that unfortunately, I may say, it’s only available through Microsoft Desktop Optimization Pack (MDOP).
As you may know, MDOP it’s only available for enterprises that has a Software Assurance agreement with Microsoft which although has a lot of good things, it’s still a bit expensive in this complicated times we’re living.

Now…about Microsoft BitLocker Administration and Monitoring that I’ll call MBAM from now on, it really is a ‘nice to have’ feature on a corporation.

Well, first things first. One of the best additions to an enterprise using MBAM it’s the ability have a webpage where the Helpdesk Department can go and do most the the work that otherwise could only be accomplished using Active Directory or an MMC, like password recovery, reset TPM, etc.

MBAM Agent

  • For MBAM to work, there’s the need to install an agent to enforce BitLocker policies so you need to deploy it or add it to your reference image.

GPO Extensions

  • MBAM extends the group policies and adds features to control the MBAM agent installed on the machines.
  • One of the nice things is that you can configure the policy in such manner that if there’s a drive that is not encrypted and it should, during boot, a popup appears to the user to encrypt the drive. The encryption in this case can be made using standard user privileges.

Compliance Reports

  • Through the Enterprise Compliance Report you can have a view of all the machines on the organization and if they are compliance or not with the defined policy for BitLocker,
  • There also a view to a single PC where you can get the information about its compliance with the Bitlocker GPO; the main user of the PC; Manufacturer/Model; and also the last time the computer communicated with the Compliance Server
  • It’s also possible to create custom reports the SQL Reporting Services tool

Key Recovery Website

  • This is one of my favorite tool in MBAM. You can give the Key Recovery Website to your helpdesk which allows them to give the recovery password to users with no need to have “special permissions” to read from the Active Directory
  • After give a recovery key to the user, the MBAM Agent contacts the MBAM server and generates a new recovery key. This enhances the security of Bitlocker because, even if the user writes down the recovery password on a paper and put it on his bag, and the bag gets stolen, that recovery password is no more helpful.

So, this is a really nice tool and a one more good reason to get Microsoft Desktop Optimization Pack (MDOP) in your enterprise.

To learn more about Microsoft Bitlocker Administration and Monitoring take a look at:
Microsoft Desktop Optimization Pack

Monday, May 21, 2012

ReFS – The next generation file system for Windows

First things first. ReFS stands for Resilient File System and it’s the next generation file system for Windows. Like NTFS, this new technology will only be available for the new Server edition of Windows 8 but of course, machines using NTFS will obviously get access to stored data on ReFS.

The main goals of the new FS are:

  • Maintain a high degree of compatibility with a subset of NTFS features that are widely adopted while deprecating others that provide limited value at the cost of system complexity and footprint
  • Verify and auto-correct data. Data can get corrupted due to a number of reasons and therefore must be verified and, when possible corrected automatically. Metadata must not be written in place to avoid the possibility of “torn writes”.
  • Optimize for extreme scale. Use scalable structures for everything. Don’t assume that disk-checking algorithms, in particular, can scale to the size of the entire file system.
  • Never take the file system offline. Assume that in the event of corruptions, it is advantageous to isolate the fault while allowing access to the rest of the volume. This is done while salvaging the maximum amount of data possible, all done live.
  • Provide a full end-to-end resiliency architecture when used in conjunction with the Storage Spaces feature, which was co-designed and built in conjunction with ReFS.

The key features of ReFS are the following (some with conjunction with Storage Spaces)

  • Metadata integrity with checksums
  • Integrity streams providing optional user data integrity
  • Allocate on write transactional model for robust disk updates
  • Large volume, file and directory sizes
  • Storage pooling and virtualization makes file system creation and management easy
  • Data striping for performance (bandwidth can be managed) and redundancy for fault tolerance
  • Disk scrubbing for protection against latent disk errors
  • Resiliency to corruptions with “salvage” for maximum volume availability in all cases
  • Shared storage pools across machines for additional failure tolerance and load balancing

ReFS, of course, also inherits a lot of features from NTFS and you can get a lot more info about this new file system directly from Building Windows 8 blog:
Building the next generation file system for Windows: ReFS

Tuesday, May 15, 2012

Windows 8 – All Editions Announced!

Back in April, Microsoft has finally announced all the Windows 8 flavors that we’ll have available next year and their targets.

First of all, like stated by Brandon LeBlanc on the “more-or-less” official Microsoft’s blog “Blogging Windows”, the official product name for the next operating system will in fact be…Windows 8!

So, the next-gen O.S. will have 3 versions:
.: Windows 8
.: Windows 8 Pro
.: Windows RT

 

Windows 8

This should be the most used version worldwide.It’s the base version but it should have plenty of features like the new Windows Explorer, Task Manager and a better multi-monitor support.


Windows 8 Pro

Windows 8 Pro can be called the “geek” or the “professional/enterprise” flavor of Windows 8.
It will include all the Windows 8 features, plus encryption (assumedly Bitlocker), virtualization features (Hyper-V), PC management and domain connectivity.

Reasonably Windows Media Center should be available for Windows 8 Pro has an media-pack add-on that will be available for download on Windows Store.


Windows RT

Windows RT it’s the ‘new kid on the block’. Windows 8 (RT) will be the first version of Microsoft’s well succeeded O.S. to run on ARM or WOA architecture. This version will only be available on pre-installed PCs and, most commonly, on tablets/slates with ARM processors. It will be optimized for the touch experience for the new Microsoft Office Suite to come.´


The chart bellow shows the features available for the different versions:

Feature name

Windows 8

Windows 8 Pro

Windows RT

Upgrades from Windows 7 Starter, Home Basic, Home Premium

x

x

 

Upgrades from Windows 7 Professional, Ultimate

 

x

 

Start screen, Semantic Zoom, Live Tiles

x

x

x

Windows Store

x

x

x

Apps (Mail, Calendar, People, Messaging, Photos, SkyDrive, Reader, Music, Video)

x

x

x

Microsoft Office (Word, Excel, PowerPoint, OneNote)

   

x

Internet Explorer 10

x

x

x

Device encryption

   

x

Connected standby

x

x

x

Microsoft account

x

x

x

Desktop

x

x

x

Installation of x86/64 and desktop software

x

x

 

Updated Windows Explorer

x

x

x

Windows Defender

x

x

x

SmartScreen

x

x

x

Windows Update

x

x

x

Enhanced Task Manager

x

x

x

Switch languages on the fly (Language Packs)

x

x

x

Better multiple monitor support

x

x

x

Storage Spaces

x

x

 

Windows Media Player

x

x

 

Exchange ActiveSync

x

x

x

File history

x

x

x

ISO / VHD mount

x

x

x

Mobile broadband features

x

x

x

Picture password

x

x

x

Play To

x

x

x

Remote Desktop (client)

x

x

x

Reset and refresh your PC

x

x

x

Snap

x

x

x

Touch and Thumb keyboard

x

x

x

Trusted boot

x

x

x

VPN client

x

x

x

BitLocker and BitLocker To Go

 

x

 

Boot from VHD

 

x

 

Client Hyper-V

 

x

 

Domain Join

 

x

 

Encrypting File System

 

x

 

Group Policy

 

x

 

Remote Desktop (host)

 

x

 

 

Back to writings!

Well, after 4 months away, I’m finally back again to writings. I had a lot of work, well, the truth it’s I’m still with a lot of work, but I had the need to get start writing here again after some nice e-mails I’ve received regarding to my lack of posts.

So…again, in the next posts I’ll get back to some things that are 1 or 2 months old news but that I like to share with everyone!
Hope everyone likes it!

And remember: Smile On, Hang On!