Q1 Southern California Session Slides
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Q1 Southern California Session Slides

on

  • 2,057 views

Slide deck from Events in Irvine, Los Angeles and San Diego on September 9, 10, and 11. The three sessions covered Migration from Windows XP to Windows 7, Securing Windows 7 and New Features in ...

Slide deck from Events in Irvine, Los Angeles and San Diego on September 9, 10, and 11. The three sessions covered Migration from Windows XP to Windows 7, Securing Windows 7 and New Features in Windows Server 2008 R2 Directory Services.

Statistics

Views

Total Views
2,057
Views on SlideShare
2,055
Embed Views
2

Actions

Likes
0
Downloads
50
Comments
0

1 Embed 2

http://www.slideshare.net 2

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Q1 Southern California Session Slides Presentation Transcript

  • 1. Migrating Windows XP to Windows 7: Get it done using Microsoft Deployment Tools
    Harold Wong
    IT Pro Evangelist
    Microsoft Corporation
    blogs.technet.com/haroldwong
  • 2. Event Schedule
    8:30am – Introduction and Welcome
    8:45am –Session 1: Migrating Windows XP to Windows 7:
    Get it done using Microsoft Deployment Tools
    9:40 – Break
    9:55 –Session 2: Securing Windows 7 in a Windows Server 2008 R2 Environment
    10:40 – Break
    10:55 –Session 3: New Features in Windows Server 2008 R2 Directory Services
    – Drawing
    Afternoon MSDN will be here so stick around if you can 
  • 3. Migrating Windows XP to Windows 7:
  • 4. Agenda
    Windows Easy Transfer
    Deployment Tools
    Using USMT Hard-link Migration
    Summary of Deployment Solutions
  • 5. Windows Easy Transfer
    Easily Move Files and Settings
    Supports Windows 2000, Windows XP and Windows Vista
    Transfer done with:
    Cable
    USB Drive
    Between Computers in a Network
  • 6. Demo
    Windows Easy Transfer
  • 7. Deployment Tools
    Automated Installation Toolkit (AIK)
    User State Migration Tool (USMT)
    Microsoft Deployment Toolkit (MDT 2010)
  • 8. Automated Installation Toolkit (AIK)
    Windows System Image Manager (WSIM)
    ImageX
    Deployment Image Servicing and Management (DISM)
    Windows Preinstallation Environment (WinPE)
    User State Migration Tool (USMT)
  • 9. User State Migration Tool
    Migrates Files and Settings
    Computer Replacement and Computer Refresh Migrations
    Scriptable
    Hard-Link Migration Store
    Benefits and Limitations
  • 10. Microsoft Deployment Toolkit 2010
    Unified tools and processes
    Reduced deployment time
    “Lite-touch” deployments leveraging Windows deployment tools
    “Zero-touch” deployments leveraging System Center Configuration Manager 2007 and Windows deployment tools.
    Support for Windows 7, Windows Server R2
    .
  • 11. “Lite-Touch” High-Volume Deployment
    Client Migration Store – AIK and USMT
    Connected to WORKGROUP
    Source Computer
    Run ScanStateand copies user state to shared folder on Windows 7 Client
    Destination Computer
    RunLoadStateon new Windows 7 platform and restores Windows XP user state from shared folder on Windows 7 Client
    Destination Computer
    RunLoadStateon new Widows 7 platform and restores Windows Vista user state from shared folder on Windows 7 Client
    Source Computer
    Run ScanStateand copies user state to shared folder on Windows 7 Client
  • 12. Demo
    “Lite-Touch” High-Volume Deployment using the User State Migration Tool’s (USMT) Scanstate and Loadstate
  • 13. “Zero-Touch” High-Volume Deployment
    Migration Store Server
    Decommission
    Destination Computer
    Use Log-on Script, batch file or non-Microsoft technology to run LoadStateon new Windows 7 platform and restores Windows XP user state from server
    Source Computer
    Use Log-on Script, batch file or non-Microsoft technology to run ScanStateand copies user state to network server
    Source Computer
    Use Log-on Script, batch file or non-Microsoft technology to run ScanStateand copies user state to network server
    Destination Computer
    Use Log-on Script, batch file or non-Microsoft technology to runLoadStateon new Windows 7 platform and restores Windows Vista user state from server
    Source Computer
    Use Log-on Script, batch file or non-Microsoft technology to run ScanStateand copies user state to network server
  • 14. Summary of Deployment Solutions
    Slide 14
  • 15. Summary
    Many Deployment Tools and options for all scenarios from a single PC to 1,000s
    Easy Transfer makes it simple to move user data
    New Hard-link Migration Option in USMT
  • 16. TechNet Plus Direct Subscription
    The ultimate resource for IT professionals. TechNet Plus provides convenient access to full-version Microsoft evaluation software—without time limits! The annual subscription also includes Professional Support incidents, a technical information library, and many other resources for evaluating, deploying, and maintaining Microsoft software.
    Microsoft software licensed for evaluation purposes.
    Beta software.
    Professional Support Incidents.
    Managed Newsgroup Support.
    Technical resources for Microsoft products..
    Microsoft eLearning courses.
    Online Concierge Chat.
    Want a 25% Discount on a new Subscription?
    Use Discount Code TMSAM04
  • 17. IT Pro Momentum Invitation
    A Microsoft program focused on supporting “early adopters” – IT professionals who bet on the newest technologies to drive business value for their companies and advance in their careers
    Are you?
    Interested in learning more about the newest Microsoft technologies?
    Need help to evaluate different Microsoft products and features?
    Willing to test and pilot in production Microsoft beta products?
    Would like to have access to exclusive forums and Microsoft product support?
    Want to share your early adoption experience with the IT Pro community world-wide?
    If you answered ‘yes’ for all the questions above, IT Pro Momentum can help!
    Send email with “Add to Momentum” in the subject
    Harold.wong@microsoft.com
  • 18. Momentum 2009 Products
  • 19. Resources for Windows 7 Deployment
    Windows 7 Deployment Guide
    http://technet.microsoft.com/en-us/library/dd349337(WS.10).aspx
    Microsoft Deployment Toolkit 2010
    https://connect.microsoft.com/content/content.aspx?ContentID=12463&SiteID=14
  • 20. Break Time: 15 minutes
  • 21. Securing Windows® 7 in a Windows Server® 2008 R2 Environment
  • 22. What Will We Cover?
    Better Together
    User Interface Improvements
    DirectAccess and Terminal Services Gateway
    Health Policies
  • 23. Agenda
    Reviewing Network Access Protection
    Examining Deployment Improvements
    Exploring Configuration and Management
    Viewing Network Access Protection Integration Improvements
  • 24. Business and Technical Benefits
    Reduce the risk of network security threats
  • 25. Business and Technical Benefits
    Reduce the risk of network security threats
    Safeguard sensitive data and intellectual property
  • 26. Business and Technical Benefits
    Reduce the risk of network security threats
    Safeguard sensitive data and intellectual property
    Extend the value of existing investments
  • 27. Remediation
    Servers
    Example: Patch
    Network Access Protection
    Corporate Network
    Policy Servers
    such as: Patch, AV
    1
    DHCP, VPN
    Switch/Router
    Windows
    Client
    Restricted
    Network
    NPS
    Client requests access to network and presents current health state
    1
  • 28. Remediation
    Servers
    Example: Patch
    Network Access Protection
    Corporate Network
    Policy Servers
    such as: Patch, AV
    1
    2
    DHCP, VPN
    Switch/Router
    Windows
    Client
    Restricted
    Network
    NPS
    DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS)
    2
  • 29. Remediation
    Servers
    Example: Patch
    Network Access Protection
    Corporate Network
    Policy Servers
    such as: Patch, AV
    3
    1
    2
    DHCP, VPN
    Switch/Router
    Windows
    Client
    Restricted
    Network
    NPS
    Network Policy Server (NPS) validates against IT-defined health policy
    3
  • 30. Remediation
    Servers
    Example: Patch
    Network Access Protection
    Corporate Network
    Policy Servers
    such as: Patch, AV
    3
    1
    2
    Not policy compliant
    4
    DHCP, VPN
    Switch/Router
    Windows
    Client
    Restricted
    Network
    NPS
    If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1-4)
    4
  • 31. Remediation
    Servers
    Example: Patch
    Network Access Protection
    Corporate Network
    Policy Servers
    such as: Patch, AV
    3
    1
    2
    Not policy compliant
    4
    DHCP, VPN
    Switch/Router
    Windows
    Client
    Restricted
    Network
    NPS
    Policy compliant
    5
    If policy compliant, client is granted full access to corporate network
    5
  • 32. Demonstration: Configuring NAP
    • Configure PKI
    • 33. Install NAP
    • 34. Configure Basics
  • Agenda
    Reviewing Network Access Protection
    Examining Deployment Improvements
    Exploring Configuration and Management
    Viewing Network Access Protection Integration Improvements
  • 35. NPS Updates
    NPS Templates
    Network Policy Server
    Logging Improvements
    UTF-8
  • 36. Agenda
    Reviewing Network Access Protection
    Examining Deployment Improvements
    Exploring Configuration and Management
    Viewing Network Access Protection Integration Improvements
  • 37. Multiple SHV Policy
    A single server can now enforce a number of different health policies using a single system health validator (SHV)
    Requires SHV updates for Windows Server 2008 R2
  • 38. New NAP Client User Interface
    Messaging Integration with Action Center Tray Icon
    Integration with Windows 7 Action Center
  • 39. Agenda
    Reviewing Network Access Protection
    Examining Deployment Improvements
    Exploring Configuration and Management
    Viewing Network Access Protection Integration Improvements
  • 40. Integration Improvements
    Remote Desktop Gateway
    Microsoft Confidential
  • 41. Integration Improvements
    Remote Desktop Gateway
    DirectAccess
    Microsoft Confidential
  • 42. Integration Improvements
    Remote Desktop Gateway
    DirectAccess
    Microsoft® Forefront™ code name Stirling
    Microsoft Confidential
  • 43. DirectAccess Technical Details
    IPv6 Devices
    IPv4 Devices
    IT desktop management
    IPv6 Transition Services
    Internet
    DirectAccess
    Server
    IPSec encryption and authentication. 2 Tunnels are established - DirectAccess Server acts as gateway
    Supports variety of remote network protocols
    Windows 7 Client
  • 44. DirectAccess Technical Details
    IPv6 Devices
    IPv4 Devices
    IT desktop management
    IPv6 Transition Services
    AD Group Policy, NAP, software updates
    Internet
    DirectAccess
    Server
    IPSec encryption and authentication. 2 Tunnels are established - DirectAccess Server acts as gateway
    Supports variety of remote network protocols
    Windows 7 Client
  • 45. DirectAccess Technical Details
    Direct connectivity to IPv6-based Intranet resources
    IPv6 Devices
    IPv4 Devices
    IT desktop management
    Native IPv6 with IPSec
    IPv6 Transition Services
    AD Group Policy, NAP, software updates
    Internet
    DirectAccess
    Server
    IPSec encryption and authentication. 2 Tunnels are established - DirectAccess Server acts as gateway
    Supports variety of remote network protocols
    Windows 7 Client
  • 46. DirectAccess Technical Details
    Direct connectivity to IPv6-based Intranet resources
    IPv6 Devices
    IPv4 Devices
    Support IPv4 via 6to4 transition services or NAT-PT
    IT desktop management
    Native IPv6 with IPSec
    IPv6 Transition Services
    AD Group Policy, NAP, software updates
    Internet
    DirectAccess
    Server
    IPSec encryption and authentication. 2 Tunnels are established - DirectAccess Server acts as gateway
    Supports variety of remote network protocols
    Windows 7 Client
  • 47. Demonstration: Direct Access - End User Experience
    • DirectAccess
  • Session Summary
    Better Together
    User Interface Improvements
    DirectAccess and Terminal Services Gateway
    Health Policies
  • 48. Break Time: 15 minutes
  • 49. Active Directory Domain Services in Windows Server 2008 R2 Technical Overview
  • 50. What Will We Cover?
    Identity Management and Simplified Management Capabilities
    Improved Management of User Accounts
    Enhanced Windows Management Deployments
  • 51. What Will We Cover?
    Identity Management and Simplified Management Capabilities
    Improved Management of User Accounts
    Enhanced Windows Management Deployments
  • 52. Agenda
    Active Directory Overview
    Active Directory Management
    Managing Active Directory Deployments
    Identity and Access Management
  • 53. Solutions That Address IT Pro Challenges
    New Windows PowerShell cmdlets
    Console Enhancements
  • 54. Solutions That Address IT Pro Challenges
    New Windows PowerShell cmdlets
    Console Enhancements
    Task-Oriented
    Better Management
  • 55. Solutions That Address IT Pro Challenges
    New Windows PowerShell cmdlets
    Console Enhancements
    Task-Oriented
    Better Management
    Analyzers Expanded to All Core Windows Server 2008 R2 Roles
  • 56. Solutions That Address IT Pro Challenges
    Windows Server 2008 R2
    Forest Functional Level
    New Windows PowerShell cmdlets
    Console Enhancements
    Deals with Accidental Object Deletion
    Deals with Mapping of Various Properties
    Deals with Pre-Provisioning of Computer Accounts
    Deals with Managed Service Accounts
    Task-Oriented
    Better Management
    Analyzers Expanded to All Core Windows Server 2008 R2 Roles
  • 57. Agenda
    Active Directory Overview
    Active Directory Management
    Managing Active Directory Deployments
    Identity and Access Management
  • 58. Active Directory Administrative Center
    Customizable GUI
  • 59. Active Directory Administrative Center
    Customizable GUI
  • 60. Active Directory Administrative Center
    Customizable GUI
  • 61. Demonstration Environment
  • 62. Create an Organizational Unit
    Create a User
    Create a New Group and Add a User
    Demonstration: Creating Objects Using Active Directory Administrative Center
  • 63. Active Directory Recycle Bin
    Reduces Downtime and Effort
    AD Objects Are Preserved
    Functional for AD DS and AD LDS
    Use LDP.exe or Windows PowerShell Cmdlets
  • 64. Active Directory Recycle Bin—Notes
    Reduces Downtime and Effort
    AD Objects Are Preserved
    Functional for AD DS and AD LDS
    Use LDP.exe or Windows PowerShell Cmdlets
    Setup Requirements
    Adprep must be used for Windows Server 2003 and Windows Server 2008 forest
    All domain controllers in your Active Directory forest are running Windows Server 2008 R2
    Raise the functional level of your Active Directory forest to Windows Server 2008 R2
  • 65. Active Directory Recycle Bin—Notes
    Reduces Downtime and Effort
    AD Objects Are Preserved
    Functional for AD DS and AD LDS
    Use LDP.exe or Windows PowerShell Cmdlets
    Setup Requirements
    Adprep must be used for Windows Server 2003 and Windows Server 2008 forest
    All domain controllers in your Active Directory forest are running Windows Server 2008 R2
    Raise the functional level of your Active Directory forest to Windows Server 2008 R2
    In this release, the process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, you cannot disable it.
  • 66. Enable Active Directory Recycle Bin
    View Objects That Are in the Deleted Objects Container
    Restore Deleted Objects
    Demonstration: Working with the Active Directory Recycle Bin
  • 67. Agenda
    Active Directory Overview
    Active Directory Management
    Managing Active Directory Deployments
    Identity and Access Management
  • 68. Best Practices Analyzer
    1
    BPA Run Time
  • 69. Best Practices Analyzer
    AD DS BPA
    Windows PowerShell
    Script
    1
    BPA Run Time
  • 70. AD DS BPA scans verify:
    • DNS rules
    • 71. Operation master connectivity rules
    • 72. Operation master ownership rules
    • 73. Number of controllers in the domain
    • 74. Required services rules
    • 75. Replication configurations rules
    • 76. W32time configuration rules
    • 77. Virtual machine configuration rules
    Best Practices Analyzer
    AD DS BPA
    Windows PowerShell
    Script
    1
    BPA Run Time
  • 78. Best Practices Analyzer—Notes
    AD DS BPA scans verify:
    • DNS rules
    • 79. Operation master connectivity rules
    • 80. Operation master ownership rules
    • 81. Number of controllers in the domain
    • 82. Required services rules
    • 83. Replication configurations rules
    • 84. W32time configuration rules
    • 85. Virtual machine configuration rules
    Schema
    2
    BPA Run Time
    AD DS BPA
    Windows PowerShell
    Script
    Document
    1
    BPA Run Time
  • 86. Best Practices Analyzer—Notes
    AD DS BPA scans verify:
    • DNS rules
    • 87. Operation master connectivity rules
    • 88. Operation master ownership rules
    • 89. Number of controllers in the domain
    • 90. Required services rules
    • 91. Replication configurations rules
    • 92. W32time configuration rules
    • 93. Virtual machine configuration rules
    Schema
    2
    BPA Run Time
    AD DS BPA
    Windows PowerShell
    Script
    Document
    3
    BPA Run Time
    AD DS BPA
    Rules Set
    1
    BPA Run Time
  • 94. Best Practices Analyzer—Notes
    AD DS BPA scans verify:
    • DNS rules
    • 95. Operation master connectivity rules
    • 96. Operation master ownership rules
    • 97. Number of controllers in the domain
    • 98. Required services rules
    • 99. Replication configurations rules
    • 100. W32time configuration rules
    • 101. Virtual machine configuration rules
    Schema
    2
    BPA Run Time
    AD DS BPA
    Windows PowerShell
    Script
    Document
    3
    BPA Run Time
    AD DS BPA
    Report
    AD DS BPA
    Rules Set
    1
    BPA Run Time
    AD DS BPA
    Guidance
  • 102. Agenda
    Active Directory Overview
    Active Directory Management
    Managing Active Directory Deployments
    Identity and Access Management
  • 103. Offline Domain Join
    Djoin.exe
    Reduces time and effort for large-scale deployments
    Establishes trust between operating system and Active Directory Domain
  • 104. Offline Domain Join
    Djoin.exe
    Reduces time and effort for large-scale deployments
    Establishes trust between operating system and Active Directory Domain
    Advantages
    AD state changes are completed without network traffic to the computer
    Computer state changes are completed without any network traffic to a domain controller
    Each change can be completed at different times
  • 105. Offline Domain Join —Notes
    Djoin.exe
    Reduces time and effort for large-scale deployments
    Establishes trust between operating system and Active Directory Domain
    Advantages
    AD state changes are completed without network traffic to the computer
    Computer state changes are completed without any network traffic to a domain controller
    Each change can be completed at different times
    Special Considerations
    Run on Windows® 7 or Windows Server 2008 R2
    Must have user rights to join workstation to the domain
    Defaults target domain controller running a version of Windows Server 2008 R2
  • 106. Perform an Offline Domain Join
    Demonstration: Using Offline Domain Join
  • 107. Management of Service Accounts
    Less Disruption of Service
    Reduce Recurrent Administrative Tasks
    Domain-Based Service Accounts Managed by AD
    Enhanced Security
    Local Accounts
    SQL
    IIS
  • 108. Management of Service Accounts
    Less Disruption of Service
    Reduce Recurrent Administrative Tasks
    Domain-Based Service Accounts Managed by AD
    Enhanced Security
    Managed Service
    Account
    Local Accounts
    SQL
    IIS
  • 109. Management of Service Accounts
    Less Disruption of Service
    Reduce Recurrent Administrative Tasks
    Domain-Based Service Accounts Managed by AD
    Enhanced Security
    Managed Service
    Account
    Virtual Accounts
    Local Accounts
    SQL
    IIS
  • 110. Management of Service Accounts
    Less Disruption of Service
    Reduce Recurrent Administrative Tasks
    Domain-Based Service Accounts Managed by AD
    Enhanced Security
    Administrative Benefits
    Create class domain accounts
    Accounts are now reset automatically
    SPN management tasks are not completed
    Can be delegated to non-administrators
    Managed Service
    Account
    Virtual Accounts
    Local Accounts
    SQL
    IIS
  • 111. Session Summary
    • Active Directory Domain Services improves management capabilities that automate Active Directory tasks
    • 112. The new Active Directory Administrative Console and Windows PowerShell module allow for flexible discovery and output
    • 113. Use and implement the new features of Windows Server 2008 R2 Domain Services