Windows 2008 R2 & Windows7

Click to edit Master title style

TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.

TechNet goes virtual

Migrating Windows XP to Windows 7: Get it done using Microsoft Deployment Tools

Harold WongIT Pro Evangelist

Microsoft Corporationblogs.technet.com/haroldwong



Event Schedule

• 8:30am – Introduction and Welcome

• 8:45am – Session 1: Migrating Windows XP to Windows 7: Get it done using Microsoft Deployment Tools

– 9:40 – Break

• 9:55 – Session 2: Securing Windows 7 in a Windows Server 2008 R2 Environment– 10:40 – Break

• 10:55 – Session 3: New Features in Windows Server 2008 R2 Directory Services– Drawing

• Afternoon MSDN will be here so stick around if you can




Migrating Windows XP to Windows 7:



Agenda

• Windows Easy Transfer• Deployment Tools• Using USMT Hard-link Migration• Summary of Deployment Solutions



Windows Easy Transfer

• Easily Move Files and Settings• Supports Windows 2000, Windows XP and

Windows Vista

• Transfer done with:– Cable– USB Drive– Between Computers in a Network



Windows Easy Transfer

Demo



Deployment Tools

• Automated Installation Toolkit (AIK)• User State Migration Tool (USMT)• Microsoft Deployment Toolkit (MDT 2010)



Automated Installation Toolkit (AIK)

• Windows System Image Manager (WSIM)• ImageX • Deployment Image Servicing and Management

(DISM) • Windows Preinstallation Environment (WinPE) • User State Migration Tool (USMT)



User State Migration Tool

• Migrates Files and Settings• Computer Replacement and Computer Refresh

Migrations• Scriptable• Hard-Link Migration Store• Benefits and Limitations



Microsoft Deployment Toolkit 2010

• Unified tools and processes • Reduced deployment time• “Lite-touch” deployments leveraging Windows

deployment tools• “Zero-touch” deployments leveraging System

Center Configuration Manager 2007 and Windows deployment tools.

• Support for Windows 7, Windows Server R2

.



Destination ComputerRun LoadState on new Widows 7 platform and restores Windows Vista user state from shared folder on Windows 7 Client

Source ComputerRun ScanState and copies user state to shared folder on Windows 7 Client

Client Migration Store – AIK and USMT

Destination ComputerRun LoadState on new Windows 7 platform and restores Windows XP user state from shared folder on Windows 7 Client

Connected to WORKGROUP

Source ComputerRun ScanState and copies user state to shared folder on Windows 7 Client

“Lite-Touch” High-Volume Deployment



“Lite-Touch” High-Volume Deployment using the User State Migration Tool’s (USMT) Scanstate and Loadstate

Demo



“Zero-Touch” High-Volume Deployment

Destination ComputerUse Log-on Script, batch file or non-Microsoft technology to run LoadState on new Windows 7 platform and restores Windows Vista user state from server

Source ComputerUse Log-on Script, batch file or non-Microsoft technology to run ScanState and copies user state to network server


Migration Store Server

Destination ComputerUse Log-on Script, batch file or non-Microsoft technology to run LoadState on new Windows 7 platform and restores Windows XP user state from server

Decommission




Summary of Deployment SolutionsHigh-Touch with

Retail MediaHigh-Touch with Standard

Imaging

Lite-Touch, High Volume Deployment

Zero-Touch, High Volume Deployment

IT Skill Level IT Generalist IT Pro IT Pro with WDS IT Pro with SCCM Experience

Windows Licensing Retail Retail and Software Assurance Software Assurance Enterprise Agreement

Number ofClient Computers <100 100-200 200-500 >500

Infrastructure Small Unmanaged MediumStandardized

Managed Network Enterprise Network + SCCM

Application Support

Manually Manually and LOB customizations

Automatically and LOB

Automatically using SCCM

User interaction Manual Hands-on Manual Hands-on

Limited Interaction Fully Automated

Tools AIK, Easy Transfer <25

AIK, MDT, ACT AIK,MDT ACT, MAPT,WDS

AIK,MDT,ACT,MAPT,WDS, SCCM

Slide 14



Summary

• Many Deployment Tools and options for all scenarios from a single PC to 1,000s

• Easy Transfer makes it simple to move user data

• New Hard-link Migration Option in USMT



TechNet Plus Direct Subscription

• The ultimate resource for IT professionals. TechNet Plus provides convenient access to full-version Microsoft evaluation software—without time limits! The annual subscription also includes Professional Support incidents, a technical information library, and many other resources for evaluating, deploying, and maintaining Microsoft software.

• Microsoft software licensed for evaluation purposes. • Beta software. • Professional Support Incidents. • Managed Newsgroup Support. • Technical resources for Microsoft products.. • Microsoft eLearning courses. • Online Concierge Chat.

• Want a 25% Discount on a new Subscription?

• Use Discount Code TMSAM04



IT Pro Momentum Invitation

• A Microsoft program focused on supporting “early adopters” – IT professionals who bet on the newest technologies to drive business value for their companies and advance in their careers

• Are you?– Interested in learning more about the newest Microsoft technologies?– Need help to evaluate different Microsoft products and features? – Willing to test and pilot in production Microsoft beta products?– Would like to have access to exclusive forums and Microsoft product support?– Want to share your early adoption experience with the IT Pro community world-

wide?

• If you answered ‘yes’ for all the questions above, IT Pro Momentum can help!

• Send email with “Add to Momentum” in the subject– [email protected]

mailto:[email protected]



Momentum 2009 ProductsTrack Technology 2009

Client Infrastructure

IE8 √

Windows 7 √

Windows Mobile 7 √

Server Infrastructure

Windows Server 2008 √

SQL Server 2008 √

Forefront Stirling √

Powershell √

VirtualizationHyper-V √

SCVMM √

Web InfrastructureIIS 7 √

Sharepoint on the Web √

HPC HPC Server 2008 √

Collaboration & Connectivity

OCS 14 √

Exchange 2010 √



Resources for Windows 7 Deployment

Windows 7 Deployment Guide• http://technet.microsoft.com/en-us/library/

dd349337(WS.10).aspx

Microsoft Deployment Toolkit 2010• https://connect.microsoft.com/content/cont

ent.aspx?ContentID=12463&SiteID=14

http://technet.microsoft.com/en-us/library/dd349337(WS.10).aspx

http://technet.microsoft.com/en-us/library/dd349337(WS.10).aspx

https://connect.microsoft.com/content/content.aspx?ContentID=12463&SiteID=14

https://connect.microsoft.com/content/content.aspx?ContentID=12463&SiteID=14




Break Time: 15 minutes




Securing Windows® 7 in a Windows Server® 2008 R2 Environment



What Will We Cover?

• Better Together• User Interface Improvements• DirectAccess and Terminal Services

Gateway• Health Policies



Agenda

• Reviewing Network Access Protection• Examining Deployment

Improvements• Exploring Configuration and

Management• Viewing Network Access Protection

Integration Improvements



Business and Technical Benefits

Reduce the risk of network security threats





Safeguard sensitive data and intellectual property





Safeguard sensitive data and intellectual property

Extend the value of existing investments



1

RemediationServersExample: Patch

Network Access Protection

RestrictedNetwork

1

WindowsClient NPS

DHCP, VPNSwitch/Router

Policy Serverssuch as: Patch, AV

Corporate Network

Client requests access to network and presents current health state





RestrictedNetwork

1

WindowsClient

2

DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS)

NPSDHCP, VPNSwitch/Router


Corporate Network

2





RestrictedNetwork

1

WindowsClient

2

3



Corporate Network

3Network Policy Server (NPS) validates against IT-defined health policy





RestrictedNetwork

1

WindowsClient

2

3

Not policy compliant


4


Corporate Network

4If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1-4)





RestrictedNetwork

1

WindowsClient

2

3

Not policy compliant

Policy compliant


4


Corporate Network5

5If policy compliant, client is granted full access to corporate network




Demonstration: Configuring NAP

• Configure PKI• Install NAP• Configure Basics



Agenda







NPS Updates

• NPS Templates• Network Policy Server• Logging Improvements• UTF-8



Agenda







Multiple SHV Policy

• A single server can now enforce a number of different health policies using a single system health validator (SHV)– Requires SHV updates for

Windows Server 2008 R2



New NAP Client User Interface

• Messaging Integration with Action Center Tray Icon

• Integration with Windows 7 Action Center



Agenda








Microsoft Confidential

Remote Desktop Gateway






DirectAccess






DirectAccess

Microsoft® Forefront™ code name Stirling



DirectAccess Technical Details

IPv6 Devices

IPv4 Devices

DirectAccessServer

Windows 7 Client

IPv6 Transition Services

Supports variety of remote network

protocols

IPSec encryption and authentication. 2

Tunnels are established -

DirectAccess Server acts as gateway

IT desktop management

Internet




IPv6 Devices

IPv4 Devices

DirectAccessServer

Windows 7 Client



protocols





Internet

AD Group Policy, NAP, software

updates




IPv6 Devices

IPv4 Devices

DirectAccessServer

Windows 7 Client

Native IPv6 with IPSec



protocols




Direct connectivity to

IPv6-based Intranet

resources


Internet


updates




IPv6 Devices

IPv4 Devices

DirectAccessServer

Windows 7 Client

Native IPv6 with IPSec



protocols




Direct connectivity to

IPv6-based Intranet

resources Support IPv4 via 6to4 transition

services or NAT-PTIT desktop management

Internet


updates




Demonstration: Direct Access - End User Experience

• DirectAccess



Session Summary

• Better Together• User Interface Improvements• DirectAccess and Terminal Services

Gateway• Health Policies




Break Time: 15 minutes




Active Directory Domain Services in Windows Server 2008 R2 Technical Overview



What Will We Cover?

• Identity Management and Simplified Management Capabilities

• Improved Management of User Accounts

• Enhanced Windows Management Deployments



Agenda

• Active Directory Overview • Active Directory Management • Managing Active Directory

Deployments• Identity and Access Management



Solutions That Address IT Pro Challenges

New Windows PowerShell cmdletsConsole Enhancements





Task-OrientedBetter Management






Analyzers Expanded to All Core Windows Server 2008 R2 Roles




Windows Server 2008 R2 Forest Functional Level



Deals with Accidental Object DeletionDeals with Mapping of Various PropertiesDeals with Pre-Provisioning of Computer AccountsDeals with Managed Service AccountsAnalyzers Expanded

to All Core Windows Server 2008 R2 Roles



Agenda

• Active Directory Overview • Active Directory Management• Managing Active Directory




Active Directory Administrative Center

Customizable GUI



Demonstration Environment

Internal Network192.168.16.0

`

SEA-WRK-001192.168.16.5Windows 7

SEA-DC-01192.168.16.2


`

SEA-WRK-002192.168.16.6Windows 7

SEA-CS-01192.168.16.3




• Create an Organizational Unit

• Create a User• Create a New Group and

Add a User

Demonstration: Creating Objects Using Active Directory Administrative Center



Active Directory Recycle Bin

Reduces Downtime and EffortAD Objects Are PreservedFunctional for AD DS and AD LDSUse LDP.exe or Windows PowerShell Cmdlets



Active Directory Recycle Bin—Notes

Setup RequirementsAdprep must be used for Windows Server 2003 and Windows Server 2008 forestAll domain controllers in your Active Directory forest are running Windows Server 2008 R2Raise the functional level of your Active Directory forest to Windows Server 2008 R2




Active Directory Recycle Bin—Notes

Setup RequirementsAdprep must be used for Windows Server 2003 and Windows Server 2008 forestAll domain controllers in your Active Directory forest are running Windows Server 2008 R2Raise the functional level of your Active Directory forest to Windows Server 2008 R2

In this release, the process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, you cannot disable it.




• Enable Active Directory Recycle Bin

• View Objects That Are in the Deleted Objects Container

• Restore Deleted Objects

Demonstration: Working with the Active Directory Recycle Bin



Agenda





Best Practices Analyzer

BPA Run Time

1




BPA Run Time

AD DS BPA Windows PowerShell

Script

1



AD DS BPA scans verify:DNS rulesOperation master connectivity rulesOperation master ownership rulesNumber of controllers in the domainRequired services rulesReplication configurations rulesW32time configuration rulesVirtual machine configuration rules


BPA Run Time


Script

1



Best Practices Analyzer—Notes


BPA Run Time


Script

BPA Run Time

Document

Schema

1

2





BPA Run Time


Script

AD DS BPARules Set

BPA Run Time

BPA Run Time

Document

Schema

1

2

3





BPA Run Time


Script

AD DS BPAGuidance

AD DS BPARules Set

BPA Run Time

BPA Run TimeAD DS BPA

Report

Document

Schema

1

2

3



Agenda





Offline Domain Join

Reduces time and effort for large-scale deploymentsEstablishes trust between operating system and Active Directory Domain

Djoin.exe



Offline Domain Join


Djoin.exe

Advantages

AD state changes are completed without network traffic to the computerComputer state changes are completed without any network traffic to a domain controllerEach change can be completed at different times



Offline Domain Join —Notes

Run on Windows® 7 or Windows Server 2008 R2Must have user rights to join workstation to the domainDefaults target domain controller running a version of Windows Server 2008 R2

Special Considerations


Djoin.exe

Advantages

AD state changes are completed without network traffic to the computerComputer state changes are completed without any network traffic to a domain controllerEach change can be completed at different times



• Perform an Offline Domain Join

Demonstration: Using Offline Domain Join



Management of Service Accounts

Domain-Based Service Accounts Managed by ADEnhanced Security

Less Disruption of ServiceReduce Recurrent Administrative Tasks

SQL IIS

Local Accounts






SQL IIS

Managed ServiceAccount

Local Accounts






SQL IIS


Local Accounts

Virtual Accounts






Administrative BenefitsCreate class domain accountsAccounts are now reset automaticallySPN management tasks are not completedCan be delegated to non-administrators

SQL IIS


Local Accounts

Virtual Accounts



Session Summary

• Active Directory Domain Services improves management capabilities that automate Active Directory tasks

• The new Active Directory Administrative Console and Windows PowerShell module allow for flexible discovery and output

• Use and implement the new features of Windows Server 2008 R2 Domain Services

Windows 2008 R2 & Windows7

Documents

Transcript of Windows 2008 R2 & Windows7