Q1 Southern California Session Slides

Migrating Windows XP to Windows 7: Get it done using Microsoft Deployment Tools
Harold Wong
IT Pro Evangelist
Microsoft Corporation
blogs.technet.com/haroldwong

Event Schedule
8:30am – Introduction and Welcome
8:45am –Session 1: Migrating Windows XP to Windows 7:
Get it done using Microsoft Deployment Tools
9:40 – Break
9:55 –Session 2: Securing Windows 7 in a Windows Server 2008 R2 Environment
10:40 – Break
10:55 –Session 3: New Features in Windows Server 2008 R2 Directory Services
– Drawing
Afternoon MSDN will be here so stick around if you can 

Migrating Windows XP to Windows 7:

Agenda
Windows Easy Transfer
Deployment Tools
Using USMT Hard-link Migration
Summary of Deployment Solutions

Easily Move Files and Settings
Supports Windows 2000, Windows XP and Windows Vista
Transfer done with:
Cable
USB Drive
Between Computers in a Network

Demo

Deployment Tools
Automated Installation Toolkit (AIK)
User State Migration Tool (USMT)
Microsoft Deployment Toolkit (MDT 2010)

Automated Installation Toolkit (AIK)
Windows System Image Manager (WSIM)
ImageX
Deployment Image Servicing and Management (DISM)
Windows Preinstallation Environment (WinPE)
User State Migration Tool (USMT)

User State Migration Tool
Migrates Files and Settings
Computer Replacement and Computer Refresh Migrations
Scriptable
Hard-Link Migration Store
Benefits and Limitations

Microsoft Deployment Toolkit 2010
Unified tools and processes
Reduced deployment time
“Lite-touch” deployments leveraging Windows deployment tools
“Zero-touch” deployments leveraging System Center Configuration Manager 2007 and Windows deployment tools.
Support for Windows 7, Windows Server R2
.

“Lite-Touch” High-Volume Deployment
Client Migration Store – AIK and USMT
Connected to WORKGROUP
Source Computer
Run ScanStateand copies user state to shared folder on Windows 7 Client
Destination Computer
RunLoadStateon new Windows 7 platform and restores Windows XP user state from shared folder on Windows 7 Client
RunLoadStateon new Widows 7 platform and restores Windows Vista user state from shared folder on Windows 7 Client
Source Computer
Run ScanStateand copies user state to shared folder on Windows 7 Client

Demo
“Lite-Touch” High-Volume Deployment using the User State Migration Tool’s (USMT) Scanstate and Loadstate

“Zero-Touch” High-Volume Deployment
Migration Store Server
Decommission
Use Log-on Script, batch file or non-Microsoft technology to run LoadStateon new Windows 7 platform and restores Windows XP user state from server
Source Computer
Use Log-on Script, batch file or non-Microsoft technology to run ScanStateand copies user state to network server
Source Computer
Use Log-on Script, batch file or non-Microsoft technology to runLoadStateon new Windows 7 platform and restores Windows Vista user state from server
Source Computer

Summary of Deployment Solutions
Slide 14

Summary
Many Deployment Tools and options for all scenarios from a single PC to 1,000s
Easy Transfer makes it simple to move user data
New Hard-link Migration Option in USMT

TechNet Plus Direct Subscription
The ultimate resource for IT professionals. TechNet Plus provides convenient access to full-version Microsoft evaluation software—without time limits! The annual subscription also includes Professional Support incidents, a technical information library, and many other resources for evaluating, deploying, and maintaining Microsoft software.
Microsoft software licensed for evaluation purposes.
Beta software.
Professional Support Incidents.
Managed Newsgroup Support.
Technical resources for Microsoft products..
Microsoft eLearning courses.
Online Concierge Chat.
Want a 25% Discount on a new Subscription?
Use Discount Code TMSAM04

IT Pro Momentum Invitation
A Microsoft program focused on supporting “early adopters” – IT professionals who bet on the newest technologies to drive business value for their companies and advance in their careers
Are you?
Interested in learning more about the newest Microsoft technologies?
Need help to evaluate different Microsoft products and features?
Willing to test and pilot in production Microsoft beta products?
Would like to have access to exclusive forums and Microsoft product support?
Want to share your early adoption experience with the IT Pro community world-wide?
If you answered ‘yes’ for all the questions above, IT Pro Momentum can help!
Send email with “Add to Momentum” in the subject
Harold.wong@microsoft.com

Momentum 2009 Products

Resources for Windows 7 Deployment
Windows 7 Deployment Guide
http://technet.microsoft.com/en-us/library/dd349337(WS.10).aspx
Microsoft Deployment Toolkit 2010
https://connect.microsoft.com/content/content.aspx?ContentID=12463&SiteID=14

Break Time: 15 minutes

Securing Windows® 7 in a Windows Server® 2008 R2 Environment

What Will We Cover?
Better Together
User Interface Improvements
DirectAccess and Terminal Services Gateway
Health Policies

Agenda
Reviewing Network Access Protection
Examining Deployment Improvements
Exploring Configuration and Management
Viewing Network Access Protection Integration Improvements

Business and Technical Benefits
Reduce the risk of network security threats

Safeguard sensitive data and intellectual property

Safeguard sensitive data and intellectual property
Extend the value of existing investments

Remediation
Servers
Example: Patch
Network Access Protection
Corporate Network
Policy Servers
such as: Patch, AV
1
DHCP, VPN
Switch/Router
Windows
Client
Restricted
Network
NPS
Client requests access to network and presents current health state
1

Remediation
Servers
Example: Patch
Corporate Network
Policy Servers
such as: Patch, AV
1
2
DHCP, VPN
Switch/Router
Windows
Client
Restricted
Network
NPS
DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS)
2

Remediation
Servers
Example: Patch
Corporate Network
Policy Servers
such as: Patch, AV
3
1
2
DHCP, VPN
Switch/Router
Windows
Client
Restricted
Network
NPS
Network Policy Server (NPS) validates against IT-defined health policy
3

Remediation
Servers
Example: Patch
Corporate Network
Policy Servers
such as: Patch, AV
3
1
2
Not policy compliant
4
DHCP, VPN
Switch/Router
Windows
Client
Restricted
Network
NPS
If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1-4)
4

Remediation
Servers
Example: Patch
Corporate Network
Policy Servers
such as: Patch, AV
3
1
2
Not policy compliant
4
DHCP, VPN
Switch/Router
Windows
Client
Restricted
Network
NPS
Policy compliant
5
If policy compliant, client is granted full access to corporate network
5

Demonstration: Configuring NAP

Configure PKI
Install NAP
Configure Basics

Agenda

NPS Updates
NPS Templates
Network Policy Server
Logging Improvements
UTF-8

Agenda

Multiple SHV Policy
A single server can now enforce a number of different health policies using a single system health validator (SHV)
Requires SHV updates for Windows Server 2008 R2

New NAP Client User Interface
Messaging Integration with Action Center Tray Icon
Integration with Windows 7 Action Center

Agenda

Integration Improvements
Remote Desktop Gateway
Microsoft Confidential

DirectAccess

DirectAccess
Microsoft® Forefront™ code name Stirling

DirectAccess Technical Details
IPv6 Devices
IPv4 Devices
IT desktop management
IPv6 Transition Services
Internet
DirectAccess
Server
IPSec encryption and authentication. 2 Tunnels are established - DirectAccess Server acts as gateway
Supports variety of remote network protocols
Windows 7 Client

IPv6 Devices
IPv4 Devices
AD Group Policy, NAP, software updates
Internet
DirectAccess
Server
Windows 7 Client

Direct connectivity to IPv6-based Intranet resources
IPv6 Devices
IPv4 Devices
Native IPv6 with IPSec
Internet
DirectAccess
Server
Windows 7 Client

Direct connectivity to IPv6-based Intranet resources
IPv6 Devices
IPv4 Devices
Support IPv4 via 6to4 transition services or NAT-PT
Native IPv6 with IPSec
Internet
DirectAccess
Server
Windows 7 Client

Demonstration: Direct Access - End User Experience

DirectAccess

Session Summary
Better Together
User Interface Improvements
DirectAccess and Terminal Services Gateway
Health Policies

Break Time: 15 minutes

Active Directory Domain Services in Windows Server 2008 R2 Technical Overview

What Will We Cover?
Identity Management and Simplified Management Capabilities
Improved Management of User Accounts
Enhanced Windows Management Deployments

Agenda
Active Directory Overview
Active Directory Management
Managing Active Directory Deployments
Identity and Access Management

Solutions That Address IT Pro Challenges
New Windows PowerShell cmdlets
Console Enhancements

Task-Oriented
Better Management

Task-Oriented
Better Management
Analyzers Expanded to All Core Windows Server 2008 R2 Roles

Windows Server 2008 R2
Forest Functional Level
Deals with Accidental Object Deletion
Deals with Mapping of Various Properties
Deals with Pre-Provisioning of Computer Accounts
Deals with Managed Service Accounts
Task-Oriented
Better Management
Analyzers Expanded to All Core Windows Server 2008 R2 Roles

Agenda

Active Directory Administrative Center
Customizable GUI

Demonstration Environment

Create an Organizational Unit
Create a User
Create a New Group and Add a User
Demonstration: Creating Objects Using Active Directory Administrative Center

Active Directory Recycle Bin
Reduces Downtime and Effort
AD Objects Are Preserved
Functional for AD DS and AD LDS
Use LDP.exe or Windows PowerShell Cmdlets

Active Directory Recycle Bin—Notes
Setup Requirements
Adprep must be used for Windows Server 2003 and Windows Server 2008 forest
All domain controllers in your Active Directory forest are running Windows Server 2008 R2
Raise the functional level of your Active Directory forest to Windows Server 2008 R2

Active Directory Recycle Bin—Notes
Setup Requirements
Adprep must be used for Windows Server 2003 and Windows Server 2008 forest
All domain controllers in your Active Directory forest are running Windows Server 2008 R2
Raise the functional level of your Active Directory forest to Windows Server 2008 R2
In this release, the process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, you cannot disable it.

Enable Active Directory Recycle Bin
View Objects That Are in the Deleted Objects Container
Restore Deleted Objects
Demonstration: Working with the Active Directory Recycle Bin

Agenda

Best Practices Analyzer
1
BPA Run Time

AD DS BPA
Windows PowerShell
Script
1
BPA Run Time

AD DS BPA scans verify:

DNS rules
Operation master connectivity rules
Operation master ownership rules
Number of controllers in the domain
Required services rules
Replication configurations rules
W32time configuration rules
Virtual machine configuration rules

AD DS BPA
Windows PowerShell
Script
1
BPA Run Time

Best Practices Analyzer—Notes

DNS rules

Schema
2
BPA Run Time
AD DS BPA
Windows PowerShell
Script
Document
1
BPA Run Time

DNS rules

Schema
2
BPA Run Time
AD DS BPA
Windows PowerShell
Script
Document
3
BPA Run Time
AD DS BPA
Rules Set
1
BPA Run Time

DNS rules

Schema
2
BPA Run Time
AD DS BPA
Windows PowerShell
Script
Document
3
BPA Run Time
AD DS BPA
Report
AD DS BPA
Rules Set
1
BPA Run Time
AD DS BPA
Guidance

Agenda

Offline Domain Join
Djoin.exe
Reduces time and effort for large-scale deployments
Establishes trust between operating system and Active Directory Domain

Offline Domain Join
Djoin.exe
Advantages
AD state changes are completed without network traffic to the computer
Computer state changes are completed without any network traffic to a domain controller
Each change can be completed at different times

Offline Domain Join —Notes
Djoin.exe
Advantages
AD state changes are completed without network traffic to the computer
Computer state changes are completed without any network traffic to a domain controller
Each change can be completed at different times
Special Considerations
Run on Windows® 7 or Windows Server 2008 R2
Must have user rights to join workstation to the domain
Defaults target domain controller running a version of Windows Server 2008 R2

Perform an Offline Domain Join
Demonstration: Using Offline Domain Join

Management of Service Accounts
Less Disruption of Service
Reduce Recurrent Administrative Tasks
Domain-Based Service Accounts Managed by AD
Enhanced Security
Local Accounts
SQL
IIS

Enhanced Security
Managed Service
Account
Local Accounts
SQL
IIS

Enhanced Security
Managed Service
Account
Virtual Accounts
Local Accounts
SQL
IIS

Enhanced Security
Administrative Benefits
Create class domain accounts
Accounts are now reset automatically
SPN management tasks are not completed
Can be delegated to non-administrators
Managed Service
Account
Virtual Accounts
Local Accounts
SQL
IIS

Session Summary

Active Directory Domain Services improves management capabilities that automate Active Directory tasks
The new Active Directory Administrative Console and Windows PowerShell module allow for flexible discovery and output
Use and implement the new features of Windows Server 2008 R2 Domain Services