Foley: 12 Microsoft Hot Spots to Watch in 2012

JANUARY 2012 VOL. 18 NO. 1 REDMONDMAG.COM

Steve Ballmer’s potential replacement, best exec fi ghts, products that changed tech forever: Redmond editors lay out lists that IT pros shouldn’t miss. + A Look at BeyondTrust PowerBroker Desktops DLP Solve Active Directory Disasters BETTER BUSINESS INTELLIGENCE AT A BETTER PRICE UP TO 72% LESS

Untitled-8 2 6/15/10 3:19 PM S Turn your raw data into a powerful strategic advantage with Business Intelligence solutions from DellTM and Microsoft®—and do it for up to 72% less per terabyte than the competition.* Built on industry standards, Microsoft® SQL Server® 2008 R2 systems from Dell are designed to speed implementations, lower risk, and reduce complexity—all while delivering the best price-for-performance in the industry.

SIMPLIFY YOUR IT AT DELL.COM/SQLBI

*72% claim based upon a comparison of list prices of typical Business Intelligence off erings from leading hardware manufacturers versus Dell/Microsoft combined off erings. Benchmarked systems confi gured with 4-5 TB of data storage, database application software, and Business Intelligence analytic software. Dell is a trademark of Dell Inc. ©2010 Dell Inc. All rights reserved.

Untitled-8 3 6/15/10 3:20 PM Redmond The Independent Voice of the Microsoft IT CommunityContentsJANUARY 2012

COVER STORY REDMOND REPORT 9 IT Awaits Release of SQL Server 2012 Microsoft changed how its upcoming database management system will be packaged, while also rolling out release candidate software.

COLUMNS 6 Barney’s Rubble: Doug Barney The Privacy Is Dead List Issue To start 2012, we’re offering numbered thoughts from our cleverest minds on where Microsoft and IT have been and are going. Page 16

FEATURES

24 How To Fix 29 Decision Maker: AD Disasters Don Jones Spotting Active Directory Space to Watch: problems isn’t necessarily Runbook Automation simple, but it can help avoid a 30 Windows Insider: catastrophe. These tales of AD Greg Shields disasters come from real-life situations and should serve as 12 New Year’s Resolutions instruction—and perhaps a for 2012 warning—to IT pros.

REVIEWS 32 Foley on Microsoft: Product Review Mary Jo Foley 12 PowerBroker Desktops DLP 12 Microsoft Hot Buttons Safeguards Sensitive Information for 2012 The BeyondTrust application is great for putting fi les on lockdown and preventing data leakage.

ALSO IN THIS ISSUE 4 Redmondmag.com | 8 [email protected]

COVER IMAGE BY RYAN ETTER Web Content Management Software

Put your website at the center of your digital marketing strategy.

www.sitecore.net

Untitled-2 1 10/28/11 1:07 PM Redmondmag.com JANUARY 2012

VisualStudioMagazine.com Posey’s Book Review: Code First EF Tips & Tricks ohn Papa takes a sneak preview at Julie Lerman and Rowan JMiller’s new book, “Programming Entity Framework Code Be sure to check out seven- First” (O’Reilly), which was released in December. time Microsoft MVP and Brien M. Posey Noting that Lerman’s fi rst book was just too robust (800 pages) regular Redmond contributor for him and how busy he is, this second book is just the ticket: Brien M. Posey’s online-only column. “I work on a number of things at a time and with the depth Twice monthly he share’s his best-kept of Lerman’s fi rst book, it just wasn’t targeted for a guy like me. secrets on how to keep your network However, her new book is a nearly perfect fi t for me. It’s fewer in top-notch shape. You can access all than 200 pages, eight chapters and has zero fl uff . I read this book in an after- of his columns at Redmondmag.com/ noon and found it fast-moving yet very informative.” PoseyTips. But if you’re just getting your feet wet with Entity Framework, Papa points out that this isn’t the book for you; Lerman’s fi rst book (that 800 pound Getting Ready to Test-Drive Windows 8 behemoth) should be your fi rst stop. VisualStudioMagazine.com/EFBook After covering Windows Server 8, Posey installs his Developer Preview MCPmag.com (pre-beta) version of the client OS to take a look at what’s to come in the Alternate Alternate next Microsoft OS release. Credentials in PowerShell Redmondmag.com/PoseyA0112

eff ery Hicks, aka Professor PowerShell, takes a look at how Merging Contacts in Outlook Jyou can use PowerShell to specify a set of alternate Jeff ery Hicks credentials when you don’t want to use the GUI. However, he Finding mulitple entries for the same does provide one last bit of advice to readers: contact? Tired of sifting through all “I hope it goes without saying that you should never hardcode user names the duplicates? Follow Posey’s step- and passwords in your scripts. I might bend a bit on a username, but never a by-step instructions and merge your password. Security issues aside, when you change the account password you Outlook contacts in a snap. Redmondmag.com/PoseyB0112 need to remember to revise your script. The better approach is to let the user specify a username and password via parameters or command-line prompts.” MCPmag.com/Hicks0112

ID STATEMENT Redmond (ISSN 1553-7560) is published monthly by 1105 Media, Inc., 9201 Oakdale Avenue, Ste. 101, Chatsworth, CA 91311. Periodicals postage paid at Chatsworth, CA 91311-9998, and at additional mailing offi ces. What Are Complimentary subscriptions are sent to qualifying subscribers. Annual subscription rates payable in U.S. funds for non- qualifi ed subscribers are: U.S. $39.95, International $64.95. Subscription inquiries, back issue requests, and address FindIT Codes? changes: Mail to: Redmond, P.O. Box 2166, Skokie, IL 60076-7866, email [email protected] or call (866) 293- 3194 for U.S. & Canada; (847) 763-9560 for International, fax (847) 763-9564. POSTMASTER: Send address changes What we once called FindIT to Redmond, P.O. Box 2166, Skokie, IL 60076-7866. Canada Publications Mail Agreement No: 40612608. Return Unde- codes are now easy URLs. You’ll liverable Canadian Addresses to Circulation Dept. or XPO Returns: P.O. Box 201, Richmond Hill, ON L4B 4R5, Canada. COPYRIGHT STATEMENT © Copyright 2012 by 1105 Media, Inc. All rights reserved. Printed in the U.S.A. Reproductions see these embedded throughout in whole or part prohibited except by written permission. Mail requests to “Permissions Editor,” c/o Redmond, 4 Venture, Redmond so you can access any Suite 150, Irvine, CA 92618. LEGAL DISCLAIMER The information in this magazine has not undergone any formal testing by 1105 Media, Inc. and is distributed without any warranty expressed or implied. Implementation or use of any additional information quickly. information contained herein is the reader’s sole responsibility. While the information has been reviewed for accuracy, Simply type in Redmondmag.com/ there is no guarantee that the same or similar results may be achieved in all environments. Technical inaccuracies may result from printing errors and/or new developments in the industry. CORPORATE ADDRESS 1105 Media, 9201 Oakdale followed by the FindIT code into Ave. Ste 101, Chatsworth, CA 91311 www.1105media.com MEDIA KITS Direct your Media Kit requests to Matt Morollo, VP your URL address fi eld. (Note that Publishing, 508-532-1418 (phone), 508-875-6622 (fax), [email protected] REPRINTS For single article reprints all URLs do not have any spaces, (in minimum quantities of 250-500), e-prints, plaques and posters contact: PARS International Phone: 212-221-9595. E- mail: [email protected]. www.magreprints.com/QuickQuote.asp LIST RENTAL This publication’s subscriber list, and they are not case-sensitive.) as well as other lists from 1105 Media, Inc., is available for rental. For more information, please contact our list manager, Merit Direct. Phone: 914-368-1000; E-mail: [email protected]; Web: www.meritdirect.com/1105

4 | January 2012 | Redmond | Redmondmag.com | DPM’s Missing Piece Now available for DPM 2012!

DeduplicaƟ on & Compression The BridgeSTOR DeduplicaƟ on Technology for MicrosoŌ DPM combines industry-proven advanced data reducƟ on technology with high performance to reduce DPM data 35% to 60%, producing eī ecƟ ve virtual capacity that is 1.5:1 to 2.5:1 Ɵ mes the physical capacity. BridgeSTOR Appliances BridgeSTOR AOS Appliances for MicrosoŌ DPM combine hardware accelerated data deduplicaƟ on, compression and opƟ onal encrypƟ on to deliver in-line capacity opƟ mizaƟ on with an impercepƟ ble eī ect on performance, responsiveness and the user experience. BridgeSTOR ReducƟ on Cards DeduplicaƟ on Cards for DPM extend BridgeSTOR’s strategy by oī ering transparent data deduplicaƟ on, compression and opƟ onal encrypƟ on as card-and-soŌ ware soluƟ ons for new and exisƟ ng MicrosoŌ Windows Server 2008 R2, 64-bit systems.

Sign up for a free webinar to learn more: www.bridgestor.com/signup

www.bridgestor.com 1.800.280.8204

Untitled-1 1 12/5/11 11:12 AM Barney’sRubble by Doug Barney Redmond THE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY

REDMONDMAG.COM

JANUARY 2012 ■ VOL. 18 ■ NO. 1

Editorial Staff Editor in Chief Doug Barney Executive Editor, Features Lee Pender Editor at Large Jeff rey Schwartz Privacy Is Dead Managing Editor Wendy Gonchar Associate Managing Editor Katrina Carrasco

Contributing Editors Mary Jo Foley don’t look in my kids’ dressers, go on their Facebook Don Jones Greg Shields accounts, and I have to be forced to look in my gal’s pock- Art Staff Creative Director Scott Shultz Art Director Brad Zerbel etbook to get the car keys. Technology companies are less Senior Graphic Designer Alan Tao I Production Staff Director, Print Production Jenny Hernandez-Asandas reticent. Here’s a list of the egregious invasion examples. Print Production Elena Sipagan Coordinator

Online/Digital Media Vexing Verizon: I’m a Verizon Online News Editor Kurt Mackie wireless customer—but shouldn’t be. Executive Editor, New Media Michael Domingo Director, Online Media Becky Nagel That’s because Verizon recently told Associate Web Editor Chris Paoli Site Administrator Shane Lee customers it’s tracking what Web sites Designer Rodrigo Muñoz we visit, apps we use and so on. The Advertising and Sales carrier then sells this data to third par- Associate Publisher JD Holzgrefe Northwestern Regional Bruce Halldorson ties so they can send ads only to those Sales Manager Microsoft Account Manager Danna Vedder who might respond. The real concern Advertising Sales Associate Tanya Egenolf is that this is opt-out, not opt-in. Facebook Flub: Facebook has never

been a poster child for respecting pri- President Henry Allain vacy. After getting clobbered for let- Vice President, Publishing Matt Morollo Vice President, Editorial Director Doug Barney ting third parties access user data such Director, Marketing Michele Imgrund as phone numbers, Facebook in 2010 chosen recipient. And no, Google is Online Marketing Director Tracy Cook changed course, blocking the practice. not the only Web e-mail culprit. that which lets your Facebook friends In 2010 Google tried to take on Face-

see your every Facebook move in the book with Buzz, a social networking President & Neal Vitale technology based on Gmail that let Chief Executive Offi cer form of a ticker. This is an opt-in deal, Senior Vice President & Richard Vitale but one dumb move and you’ll regret you share pictures, videos and posts Chief Financial Offi cer Executive Vice President Michael J. Valenti forever allowing this service. with other Gmail, er, Buzz users. The Vice President, Finance & Christopher M. Coates Google Gotchas: Google has spent service ran into a buzz saw of privacy Administration Vice President, Erik A. Lindgren countless hours publicly defending allegations and intense government Information Technology & Application Development itself against charges of privacy inva- scrutiny led Google to shut the service Vice President, David F. Myers sion. The company alternately claims down. The whole problem was that Event Operations it doesn’t snoop, but in the next breath Gmail users didn’t opt in—they were Chairman of the Board Jeff rey S. Klein argues there’s no expectation of pri- opted in by Google. Reaching the Staff vacy on the Internet. And don’t forget Google Earth, Staff may be reached via e-mail, telephone, fax, or mail. A list of editors and contact information is also available Its search engine is so good, there’s where anyone can see what’s in my online at Redmondmag.com. E-mail: To e-mail any member of the staff , please use the very little that can’t be found by backyard; or StreetView, where anyone following form: [email protected] Framingham Offi ce (weekdays, 9:00 a.m. – 5:00 p.m. ET) human resources, an ex-girlfriend or can see what’s in the front. Telephone 508-875-6644; Fax 508-875-6633 a stalker. This ain’t good, but other It gets worse. We have hackers reading 600 Worcester Road, Suite 204, Framingham, MA 01702 Irvine Offi ce (weekdays, 9:00 a.m. – 5:00 p.m. PT) Telephone 949-265-1520; Fax 949-265-1528 engines such as Bing pretty much do our fi les, monitoring software following 4 Venture, Suite 150, Irvine, CA 92618 the same thing. our every step, CCTV, and the govern- Corporate Offi ce (weekdays, 8:30 a.m. – 5:30 p.m. PT) Telephone 818-814-5200; Fax 818-734-1522 Gmail users have long noticed that ment accessing whatever it wants. If you 9201 Oakdale Avenue, Suite 101, Chatsworth, CA 91311 The opinions expressed within the articles and other contents ads mimic the content of e-mail. That’s fi ght the feds too hard, I guarantee you herein do not necessarily express those of the publisher. because Google computers parse the have a big dossier in no time. mail and based on keywords, choose Am I just being paranoid? What do the most relevant ads. I don’t know you do to protect your privacy? Tell about you, but I don’t want anyone or me what you think at dbarney@ anything reading my mail except the redmondmag.com. ILLUSTRATION BY ALAN TAO/SHUTTERSTOCK

6 | January 2012 | Redmond | Redmondmag.com | Thinking about migrating to System z? You’re in good company.

Since the start of 2010, more than 250 companies around the world have migrated workloads (including Oracle® workloads) to System z ®. Why? Maybe it’s the savings (up to 50% on applicable IT costs). Or the top-rated EAL5 security classifi cation. Or because it delivers up to 99.999% availability and uptime. Or maybe it’s an even better reason: all of the above.

ibm.com/facts

IT COST SAVINGS refl ect overall reductions in software and/or hardware maintenance charges and reduced costs of system and workload management over a period of 3–5 years, when consolidating workloads from other systems to a virtualized Linux environment on System z. AVAILABILITY percentage is based on System z servers in a Parallel Sysplex environment, assuming application data sharing across multiple servers. Actual environmental costs and performance characteristics will vary depending on individual client confi gurations and conditions. Contact IBM to see what we can do for you. Current as of 7/7/2011. IBM, the IBM logo, ibm.com, System z, Smarter Planet and the planet icon are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at www.ibm.com/legal/copytrade.shtml. © International Business Machines Corporation 2011.

Untitled-4 1 12/1/11 2:56 PM [email protected]

To Upgrade or Not To Upgrade Great article [“Windows 8: 4 Reasons Why You Won’t Upgrade,” IT Decision Maker blog, Nov. 18, 2011], but the other problems are around hardware and software: will there be devices that do Windows 8 touch correctly and (how) will software titles (new ones and our longtime, much-beloved ones, too) (ab)use Metro? The ISV and IHV

community has a ton of catch up to do while maintaining full compatibility There’s a lot of focus [from readers] on and I wouldn’t bet early on them getting with prior Windows versions on more the UI, but one of the key elements in it right the fi rst time. Certainly, as a CIO powerful x86 and x64 systems. And Mary Jo’s argument is the dev platform or other tech decision maker, a quick developers will love the platform issue, which is much more important, move to Windows 8 is hugely risky. because the development experience because it can lock customers to a Aaron Suzuki continues to be superior. I also believe platform. Microsoft’s idea is that devel- Seattle, Wash. in Microsoft’s argument for pushing opers will write applications for a full the new UI. I was skeptical at fi rst, but Windows 8 tablet that they wouldn’t using this UI on a tablet for a month write for a lighter-weight phone-style Faulty Windows 8 has shown me the light. OS. That horse left the barn a long Mary Jo Foley’s “Why ‘Windows 8’ Anonymous time ago: writing apps for a thick client Isn’t What I Thought It Would Be” OS is dangerous, as everyone who tried garnered a ton of online reader feedback. They can’t even sell Windows Phone to upgrade Windows XP to Windows Here’s a sampling … OS on phones, you want them to put Vista and Windows 7 discovered. Most I’m not sure why Microsoft doesn’t just an OS that nobody wants, that has very of my customers develop browser-based give you the option, when loading the few developers, onto tablets too? On apps now, which will run on any client OS, of which version you want. If you what planet does Mary Jo live where and lets them upgrade, stay in place, like the Metro, you choose the Metro Windows Phone is more desirable whatever, without affecting their UI and you get an “app” that allows to the public than Windows proper? ability to get work done and makes you to switch if you need to. If Windows Phone is such a limited plat- them quite platform-agnostic. I think you choose “traditional,” then the form from a developer’s standpoint Apple has laid that argument to rest opposite happens. Russ even compared to iOS. You can’t run as well. Compare the number of new California native code on Windows Phone OS. apps written for iOS in the last two Compared to Windows 8, Windows years with the number of new apps for I believe Microsoft is right on target Phone is useless; it’s a toy with margin- the Mac and Windows combined. My with its current Windows 8 approach. al functionality. Suggesting that Win- guess is that there’s a quantum differ- We’re truly talking about an OS with dows Phone could ever give Microsoft ential. Developers aren’t feeling much a radically split personality, one of a leg up on iPad/iOS is idiotic. John pressure to write apps for the thick which can compete successfully with Posted Online client anymore and putting Windows Android and iOS, and may surpass 8 on tablets will do nothing to change their capability in due time. I expect The fi rst time I saw Windows Phone that. So Microsoft would be better ARM and low-powered x86 systems 7, I asked why Microsoft hadn’t made off with a great tablet OS, rather than implementing only the Windows Run- a tablet with that OS. A full OS like porting an OS designed to support time and the Metro UI to be competi- Windows 8 may work, but after my keyboard-intensive apps, such as Offi ce, tive with the next iOS and iPad crop experiences with Windows 7 and to it. That simply accelerates the shift right out of the gate. The core kernel, Tablet XP, I bought an iPad. away from the PC to the tablet, with no and now the user mode API, are effi - Rey net gain to Microsoft. Paul DeGroot cient and can keep out of the way. All Texas Washington

8 | January 2012 | Redmond | Redmondmag.com | IMAGE FROM SHUTTERSTOCK RedmondReport

IT Awaits Release of SQL Server 2012 Microsoft changed how its upcoming database management system will be packaged, while also rolling out release candidate software.

By Kurt Mackie Access Licensing (CAL) costs, which as a top product-line offering. hen Microsoft releases a will be higher. Microsoft will offer a Web edition of major upgrade of its fl ag- Microsoft expects to release SQL SQL Server 2012, but only to organiza- W ship relational database Server 2012 in the fi rst half of 2012. tions signing a Service Provider License management system later this year, Rob Horwitz, research chair at the Agreement. Developer, Express and enterprise customers will have to con- Kirkland, Wash.-based Directions on Compact editions will still be available tend with a new licensing model. Microsoft, an independent consultancy, after the SQL Server 2012 product is Microsoft disclosed the new licens- believes the product may appear some- released, Microsoft indicated. ing model for SQL Server 2012 in time in the second quarter of this year. November, coinciding with its issuance Licensing Changes of the release candidate test version of Edition Changes The biggest licensing change for SQL the software. SQL Server 2012 prom- SQL Server 2012 will be available in Server 2012 is Microsoft’s shift from ises self-service business intelligence three editions: Enterprise, Business counting processors to counting cores features and high-availability improve- Intelligence and Standard. The Enter- (see Table 1). The licensing describes ments when commercially launched prise edition is an all-inclusive product four cores per physical processor as (see “SQL Server 2012 RC0,” p. 10). in terms of its features, and Microsoft being the minimum licensing basis. However, organizations still will have is positioning it for “mission-critical Those organizations using virtual- to fi gure out complicated licensing applications and large-scale data ware- ization with SQL Server 2012 have considerations and costs. Microsoft housing” uses. The Business Intel- two licensing options. Organizations attempted to kick-start that effort ligence (BI) edition is a new product can license virtual machines (VMs) by publishing its “SQL Server 2012 offering. It adds BI features while also based on core licenses or they can Licensing Datasheet” white paper. including all of the features in the license VMs based on server plus CALs. Four cores per VM is the Table 1. SQL Server 2012 Available Editions minimum requirement on licensing. SQL Server 2012 Editions Description Licensing Options Pricing Maximum virtualization (that is, no Server + CAL Core-Based Open NL (US$) limits on the number of VMs) is only Enterprise High end $6,874 per Core datacenter, data available with the Enterprise edition warehousing and of SQL Server 2012, with Software BI capabilities Main Assurance being required. Editions Business Enterprise BI and $8,592 per Server* Intelligence High Scale Analytics Licensing Costs Standard Basic database and $1,793 per Core, or BI capabilities $898 per Server* The licensing costs stayed the same, Client Access Access to SQL Server $209 per CAL decreased or increased. It all depends License databases licensed on how you look at it. Horwitz shared (CAL) per server *Requires CALs, which are sold separately. his views in an e-mail, where he laid Source: “SQL Server 2012 Licensing Datasheet,” published by Microsoft on Nov. 3, 2011 out the changes in bullet points: • The price of the SQL Server CAL The new SQL Server 2012 licensing Standard edition. Microsoft recom- does go up, about 25 percent. model is based on an organization’s mends the Standard edition for “basic • The per-server license for Standard computing power, number of users and database, reporting and analytics capa- edition remains the same price as before. use of virtualization. Beyond that, the bilities,” according to its white paper. • The per-server license for BI server devil lurks in the details. The bottom Microsoft has rolled up much of the is the same price as the server license line appears to be that licensing costs SQL Server 2008 R2 Datacenter edi- for SQL Server 2008 R2 Enterprise … apparently won’t substantially change tion licensing rights into the SQL though this isn’t an apples-to-apples that much compared with SQL Server Server 2012 Enterprise edition, so the comparison given the difference in 2008 R2 licensing, except for Client old Datacenter edition will disappear SKU features.

| Redmondmag.com | Redmond | January 2012 | 9 RedmondReport

• The per-core price for SQL Server 2012 Standard and Enterprise editions SQL Server 2012 RC0 is one-quarter the price of per-proces- Microsoft released the fi rst “feature complete” Release Candidate (RC0) ver- sor licenses for equivalent editions of sion of its newest relational database management system (formerly code- SQL Server 2008 R2. So effectively, named “Denali”) in November. It follows a Community Technology Preview if you have more than four cores per 3 (CTP 3) release as Microsoft skipped the beta. Many of the new features in SQL Server 2012 were described at the PASS Summit event in Seattle last physical processor in the server, your October. Since that time, a few new features were included in the RC0. licensing fee goes up. One of the new features is an improved AlwaysOn capability. Microsoft Paul DeGroot, another Microsoft MVP Aaron Bertrand describes AlwaysOn as Microsoft’s branding for disas- software licensing expert who serves as ter recovery and high-availability features in SQL Server. AlwaysOn sup- principal consultant of Camano Island, ports the use of read-only secondaries to help take the load off a primary server by allowing users to run “certain backup operations and all reporting Wash.-based independent consultancy activity against a mirrored copy” of the server. He added that an important Pica Communications, offered other feature in SQL Server 2012 will be the ability to create “availability groups,” insights into SQL Server 2012 licens- which represent a group of databases. Users can set up failovers to move ing costs. DeGroot noted that the CAL from one availability group to another and this can be done on top of other price increased substantially from $164 failover clustering techniques, he explains. Other new features in the RC0 include improved multitenancy manage- to $209 and he speculated that Micro- ment capabilities for private clouds and an improved Power View (formerly soft felt that raising the price of the known as “Crescent”), which is Microsoft’s browser-based business intel- CALs would have less of an impact on ligence graphing feature. Microsoft also rolled out new “change data cap- customers than raising server licensing ture” support for Oracle in the RC0. —K.M. costs. Still, other price changes were somewhat neutral, he contended. licenses in the Server and CAL license should look to buy four-core processors Cost considerations largely killed model will not be sold thereafter.” at minimum to support Microsoft’s the Datacenter edition of SQL Server There’s also a core limitation. Newly licensing, DeGroot suggested. 2008 R2, DeGroot contended. “That purchased Enterprise edition licenses Customers with existing SQL $54,990 cost per proc, or twice the per and those upgraded through Software Server installations will face transition proc price of SQL 2008 R2 Enterprise,” Assurance will be “limited to server issues, “especially for customers with DeGroot said. deployments with 20 cores or less.” licenses covered by Software Assur- Similarly, cost considerations were Those organizations running more ance, including customers who buy tricky for those running VMs on SQL than 20 physical cores with SQL Serv- SQL Server under the Enrollment for Server 2008 R2, relative to SQL Server er 2008 R2 Enterprise edition and the Application Platforma special option 2008. To have unlimited VM capabil- server plus CALs model should contact within Enterprise Agreements,” Hor- ity, organizations either had to buy their Microsoft representative, the witz explained. Despite that complex- the Enterprise edition of SQL Server document states. ity, he found the licensing changes to 2008 R2 with Software Assurance or Microsoft is advising that IT pros be largely positive. they had to buy the Datacenter edi- should run the Microsoft Assessment “I think the adjustments make a lot of tion of that product. The latter option and Planning Toolkit in their com- sense for a number of reasons, includ- doubled SQL Server 2008 R2 licens- puting environments at the end of ing: competitive pressures, especially ing costs relative to SQL Server 2008 their organization’s agreement term from Oracle and how they handle licensing costs for virtualization to to take an inventory. They can use packaging/pricing; evolution of chip “about $110,000,” DeGroot said. that tool to document how many pro- architectures—more and core cores cessors were covered under Software per chip; continued expanded use of Transition Caveats Assurance (SA). virtualization within the datacenter; Enterprise edition licensing for SQL “At the end of the SA term, proces- and pressures to monetize improve- Server 2012 will move from being sor licenses will be exchanged for core ments in the technology.” processor-based to being core-based. licenses and customers can renew their Directions on Microsoft and Pica Microsoft’s document indicated a June SA on core licenses,” Microsoft’s docu- Communications both conduct work- 30, 2012, deadline for those organiza- ment explains. shops for the public on how to under- tions transitioning to SQL Server 2012 stand Microsoft’s licensing. Readers Enterprise edition. Assessments can fi nd information at each company’s “New Server licenses for EE [Enter- The move to core-based licensing was Web site. prise edition] will only be available received rather positively, both by Hor- for purchase through 6/30/2012,” the witz and DeGroot. The move may kill Kurt Mackie is the online news editor for white paper states. “Additional EE two-core designs, or at least IT pros the 1105 Enterprise Computing Group.

10 | January 2012 | Redmond | Redmondmag.com | Netezza. Up and running in 24 hours, not 24 days.

Get set up in hours instead of days, and start counting returns in minutes instead of hours. All with IBM’s Netezza data warehouse appliance for high-performance analytics. It gives you analytics reports at supersonic speeds. At a fraction of the cost of Oracle Exadata. Get real, actionable business results fast.

ibm.com/facts

COST comparison based on publicly available information as of 2/10/2011 for an Oracle Exadata X2-2 HP Full Rack and a full rack of Netezza TwinFin. The cost to acquire Netezza can be as low as 1/6 of Exadata if a client is acquiring new Oracle database licenses and as low as 1/2 if using existing Oracle database licenses. IBM, the IBM logo, ibm.com, Smarter Planet and the planet icon are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at www.ibm.com/legal/copytrade.shtml. © International Business Machines Corporation 2011.

Untitled-4 1 12/1/11 2:59 PM ProductReview

PowerBroker Desktops DLP Safeguards Sensitive Information The BeyondTrust application is great for putting fi les on lockdown and preventing data leakage.

By Brien M. Posey ne of the big problems plagu- PowerBroker Desktops DLP ing organizations is that of $64.00 per user for 500-999 users; call for pricing Odata leakage. Employees with for volume purchases legitimate access to sensitive data BeyondTrust | 800-234-9072 | beyondtrust.com may either accidentally or intention- ally expose data to the outside world. BeyontTrust offers a product called PowerBroker Desktops DLP that’s designed as a solution to the data leak- age problem. Getting Started PowerBroker DLP makes use of a reporting server and a desktop compo- nent. BeyondTrust provides the report- ing server as a pre-confi gured VMware virtual machine (VM). However, for evaluation purposes, BeyondTrust will allow you to use a reporting server that’s hosted on its servers. In addition to the reporting server, there’s also a client component that must be deployed on each desktop. In order to deploy the desktop cli- Figure 1. BeyondTrust PowerBroker Desktops DLP modifi es the local security policy. ent, there are two fi les you must run. The fi rst fi le is the actual client and is Installing the PBDLPCL64_3.2 fi le Intuitive Installation named PBDLPCL64_3.2. For the pur- proved to be idiot-proof. The installer Whenever I write a software review, poses of this review, I ran the 64-bit uses a typical installation wizard that I like to start out by trying to get the version of this fi le, but there’s also a requires little more than accepting a product up and running without using 32-bit version available. license agreement. the documentation. In the case of The second fi le that had to be Power Broker, I completed the installa- RedmondRating installed was the snap-in, which was tion with no problems. named PBDLPSNAP32_3.2. As was After downloading the documenta- Installation: 20% 10.0 the case with the fi rst fi le, this file tion, I discovered that PowerBroker Features: 20% 10.0 used a really simple installer that works by extending the machine’s Ease of use: 20% 10.0 merely required me to accept the local security policy. As such, the next Administration: 20% 10.0 license agreement. At fi rst, I step in the process was to reboot the Documentation: 20% 7.0 wondered why BeyondTrust didn’t just Windows 7 machine on which I had combine the two components into a installed the software and then open Overall: 9.4 single fi le, but this was presumably the Group Policy Editor by running Key: 1: Virtually inoperable or nonexistent done so that administrators can avoid the GPEdit.msc command. 5: Average, performs adequately having to install the snap-in onto I discovered that the software only 10: Exceptional users’ desktops. modifi es the Group Policy Editor in

12 | January 2012 | Redmond | Redmondmag.com | ProductReview

the 32-bit version of Windows 7. I was using the 64-bit edition, but was able to access the modifi cations by going to C:\Windows\SysWOW64\ and double-clicking on the GPEDIT.MSC fi le. Upon doing so, the BeyondTrust related policy settings were displayed, as shown in Figure 1. The software’s confi gured through a series of Group Policy settings. These Group Policy settings were all rather intuitive, so I set out to try to test the software. The documenta- tion indicated that you must import a license fi le before the software can be used. I sent a message to BeyondTrust and had a key within fi ve minutes. I imported the license key and the soft- ware began to work. When I started to use the software, I was impressed. The software proved to be very easy to use and completely intuitive and—most important—it Figure 2. BeyondTrust PowerBroker Desktops DLP tells the user when he’s attempted a prohibited operation. worked as advertised. documents as confi dential and then fl ush the buffer), opening my Notepad Ease of Use created a data fl ow policy that denies document and pasting its contents into There are four nodes in the Power- read access to documents. When I an e-mail message. Even after all of Broker Desktops DLP container. The attempted to open a Microsoft Word that, the software still recognized the Content Sources node allows you to document, I was presented with this data as being protected and would not defi ne various types of content. For message: “Word cannot open the exist- allow me to send it. example, you can defi ne what con- ing fi le (Normal).” My only real complaint about the stitutes a confi dential document as software is that it can actually be too opposed to what constitutes a docu- The Bottom Line effective. Out of curiosity, I decided to ment that doesn’t need to be protected. Ultimately, my opinion of Power- fi nd out what would happen if I told it The Data Flow Policy node lets you Broker Desktops DLP is that it’s to deny access to all content. In doing create rules defi ning what should hap- extremely effective. The software so, I locked myself out of Windows. I pen when protected content is accessed. goes far beyond just preventing cer- couldn’t access the Control Panel, the For instance, you can deny access to the tain types of fi les from being copied. Group Policy Editor—nothing. The content; you can also prevent protected It actually analyzes the fi les’ contents only way that I managed to regain con- content from being e-mailed, copied or and prevents protected data from being trol of the OS was to boot Windows modifi ed (among other things). extracted in a roundabout way. When into System Repair mode and recover The Applications node allows you to the BeyondTrust folks demonstrated a system restore point that was created specify the applications that you trust, the software for me, they copied before my reckless policy change. and you can even exclude applications some data from a word document into If you’re looking to protect your (such as your antivirus software) from another document and showed me that company from data leakage, Beyon- the data fl ow policies that you create. the software recognized the data and dTrust PowerBroker Desktops DLP is Finally, the Reports node provides prevented it from being e-mailed. defi nitely the way to go. instructions for generating audit reports. Assuming that the software had The software works by allowing merely captured the Windows clip- Brien M. Posey is a seven-time Microsoft you to defi ne your data at the Group board, I tried to fool the software by MVP with more than two decades of IT Policy level and then set data fl ow poli- copying the data into Notepad, sav- experience. He’s written thousands of cies that regulate what can be done ing the Notepad document, closing articles and several dozen books on a wide with that data. To show you how this Notepad, copying some non- protected variety of IT topics. Visit his Web site works, I defi ned all Microsoft Offi ce data to the clipboard (in an effort to at brienposey.com.

| Redmondmag.com | Redmond | January 2012 | 13 ADVERTISEMENT

What Could Users Possibly Do on Desktops with Administrator Privileges?

Data Leakage is Rampant!

Users granted local Administrator privileges could perform • Running Business Applications the following tasks without limitation: Both off-the-shelf and internally designed business applications can require the user to be a local Take Full Control Over an Endpoint Administrator and without this privilege, the applica- An endpoint can be removed from the domain, eliminating tion will fail to run. the effect of Group Policy and removing Domain Admins from having any control over the endpoint. • Application Installations Mobile users must install applications at remote of¿ ces Alter Key Security Con¿ gurations and customer sites to perform certain “on-site” tasks, Internet Explorer, Registry settings, application settings, but without local Administrator privileges these IP address properties, and many more local endpoint con- installations will typically fail. ¿ gurations can be modi¿ ed, overriding any Group Policy, script or image con¿ guration. • ActiveX Control Installations The cloud and other Any Software can be Installed Internet applications and Unlicensed, malicious, attack, virus laden, or any other services often are built on software can be installed on the endpoint, making the Microsoft ActiveX, requiring rogue endpoint cost extremely high. the user to be a local Administrator in order Uncontrollable Infection of Viruses, to install the ActiveX control Malware, and Spyware that is associated with the Malicious applications and code from Email and the Internet application or service. typically runs with the local logged on user credentials. Meaning users logged on with local Administrator credentials • Routine OS Features allow malicious applications and code to run freely. Defragging the hard drive, Without a least privilege solution like BeyondTrust installing a local printer PowerBroker Desktops, the following essential end user (Windows XP), changing tasks will fail to run without local Administrator privileges: date/time/clock settings, altering IP address properties when working remote, etc. require the user to be a local Administrator.

Untitled-4 2 12/8/11 12:35 PM ADVERTISEMENT

ENDPOINT SECURITY Deploying Least Privilege requires speci¿ c features to MINIMUM BEST reduce the manpower, time and money for the deploy- PRACTICES ment of the solution. Regardless of whatever solution an organization chooses, at a minimum the following The ideal endpoint security features need to be included with your solution: con¿ guration requires the endpoint to be secured for Flexibility with Existing Active Directory Design many different actions the PowerBroker Desktops provides this À exibility by allowing user might take. At a PowerBroker policies to reside in “collections” which can all minimum, endpoint security be located in a Group Policy Object linked to the domain, should include: using Item-Level Targeting at the collection level eliminates the need to redesign Active Directory. Least Privilege All non-IT employees should be Account for Exceptions for Least Privilege Rules running without any local PowerBroker Desktops provides for exceptions, within Administrator privileges, but collections or per policy, by using Item-Level Targeting to should still be allowed to run all precisely determine which users and/or computers will approved business tasks that receive the application control policy. require local Administrator privileges. Automatically Determines Elevation Requirements PowerBroker Desktops provides the Auto Rule Generator, which can scan one or many endpoints to gather all of the • Group Policy Security Settings applications, installations, OS features, etc that need elevation. Windows 2000, XP, Vista, and 7 all work in an Active Directory domain, as well as receive Group Policy Drag and Drop Rule Deployment settings to ensure the applications, OS, and PowerBroker Desktops provides this the Auto Rule communications are secure. Generator which provides a simple XML ¿ le which can be copied into a Group Policy Object, allowing you to control • Whitelisting, where appropriate which applications, installations, OS features, etc will apply to Although whitelisting is extremely dif¿ cult to imple- objects de¿ ned in the collection or the Item-Level Targeting. ment for endpoints, it should be deployed using Software Restriction Policy (SRP) and AppLocker for Visit beyondtrust.com for more information. high pro¿ le endpoints that require this level of application control. About BeyondTrust BeyondTrust is the global leader in securing the perimeter • Data Leak Protection (DLP) within to mitigate internal threat and the misuse of Endpoint security also includes the control of all data privileges. BeyondTrust offers consistent policy-driven, entering and leaving the endpoint, to ensure unauthor- role-based access control, monitoring, logging, and ized data copies, data transmissions, data leaks, and reporting to protect internal assets from the inside out. other malicious activities with the corporations intellectual property is managed and monitored. With more than 25 years of global success, BeyondTrust is the pioneer of Privileged Identity Management (PIM) Removing Admin Privileges Has solutions for heterogeneous IT environments. Never Been Faster or Easier BeyondTrust PowerBroker Desktops 5.0 is the fastest and About the Author easiest way to secure desktops by removing administrator Derek Melber (MCSE, MVP), President of BrainCore.net privileges without end user disruption. Eliminate the Derek Melber, MCSE, MVP, is an independent consultant, impact of removing administrator rights by elevating speaker, author, and trainer. Derek’s latest book, The Group privileges for applications, software installs, system tasks, Policy Resource Kit by Microsoft Press, is his latest best- scripts, control panel applets and more, allowing end users selling book covering the new Group Policy features and to remain productive. settings in Windows Server 2008 R2 and 7.

See the BeyondTrust web cast on Comprehensive Endpoint Security for Physical, Mobile, and Virtual Windows Devices: Redmondmag.com/BeyondTrust1111 To purchase this must-read book on least privilege, visit http://www.apress.com/9781430239215. You’re one click away from preventing insider threats and data breaches from your organization.

Untitled-4 3 12/8/11 12:35 PM COVER STORY | The List Issue

ists are a New Year’s tradition: lists of resolutions, To start 2012, we’re of predictions, of failed predictions from the year Lbefore, of remembrances, of old friends and rela- off ering numbered tives we accidentally left off the holiday-card list … You get the idea. Because we love lists, Redmond decided to kick off 2012 with a story full of them. thoughts from our Why a story full of lists? Let us list them for you: It’s fun to read. cleverest minds on It’s fun to write. Lists are great for generating discussion and controversy. where Microsoft Redmond’s editors were able to rope almost the entire Red- mond Media Group staff into writing for them. You’re still reading, aren’t you? and IT have been Seriously, though, these lists cover topics that are important to Microsoft IT professionals and to the industry as a whole. and are going. We’re talking about what’s next for Microsoft, what Micro- soft could have done better in the past, what the most impor- By Redmond Media Group Editorial Staff tant products in the history of IT are ... Actually, we have a whole list of lists, so we might as well get to them.

16 | January 2012 | Redmond | Redmondmag.com | ILLUSTRATION BY RYAN ETTER 12 Biggest Late last year, Ballmer patted himself on the back for ulti- mately giving up on Yahoo!, remarking, “If you think about Tech Flip Flops the timing, if Yahoo! had accepted our bid … we would have Arnold Schwarzenegger was once asked why he fl ip-fl opped. closed post Lehman Brothers.” He explained that as time goes on, one learns new things Not long after that comment, reports had it that Microsoft and should change positions (John Kerry and Mitt Romney was once again sniffi ng around Yahoo! Sounds like a fl ip, a should have thought of that!). High-tech fl ip-fl opping isn’t fl op and another fl ip. always such a bad thing, either—the tech market changes just as much as politics. 6. Nokia Sours on Symbian Nokia made millions selling Symbian-driven phones. What did it take for Nokia to sup- 1. Google’s Gotcha In 2010, Google tried to take on port Windows Phone? How about a cool billion-dollar cash Facebook with Buzz, a social networking infusion from Microsoft? ’Nuff said. technology based on Gmail. The service ran into a buzz saw of privacy allegations, and 7. Oracle and OpenOffi ce.org When Oracle acquired intense government scrutiny led Google to Sun, it also gained stewardship of OpenOffi ce.org. At fi rst, shut the service down. Oracle said it would keep OpenOffi ce.org to itself. Oracle Google had something in its back found it’s diffi cult to control open source software was pocket—Google +, which now counts more than 40 million announced. Oracle saw the light and gave OpenOffi ce.org users, the company recently said. to the Apache Group.

2. Microsoft Not Always Open to Open Source In 8. Silverlight vs. HTML5 Microsoft has 2001, Microsoft CEO Steve Ballmer called Linux a cancer, never much liked Adobe Flash. To try and kill claiming it’s all based on the theft of intellectual property. it, Microsoft invented Silverlight, designed to Microsoft launched a multi-year PR and marketing war bring dynamic graphics to the Web. So does against Linux. Internet Explorer 9 focus on native Silverlight In 2006, Ballmer struck a deal with the Novell powerhouse support? Nope. That honor goes to HTML5, which also to support each other’s products and work together on in- drives the Windows 8 Metro interface. teroperability between Linux and Windows. Microsoft re- leased Novell from the threat of patent lawsuits. Microsoft 9. Killing the Kin Microsoft spent two years building the paid Novell nearly $250 million right away, with many more Kin mobile phone, which was meant to take over the consumer millions to come. smartphone market. Six weeks after a launch with typical Micro- soft fanfare, the company saw the poor sales writing on the wall 3. HP’s Big PC Backtrack One of the fastest fl ip-fl ops in and killed the Kin. computing history came from HP. Last August, former CEO Lee Apotheker made the stunning and illogical announce- 10. Seinfeld Turnaround ment that HP was considering giving up the PC, laptop and Before Bill Gates fully retired, tablet/mobile business. That got him fi red tout suite. he did a series of TV commer- Former eBay CEO Meg Whitman replaced the deposed cials with Jerry Seinfeld. Some Apotheker and immediately reversed this bum idea. of us liked the ads. Most didn’t. Microsoft killed the campaign 4. Facebook Flubs Privacy before all the ads had run. Facebook has never been a poster child for respecting privacy. After getting 11. Project Green Goes Dark Project Green was clobbered for letting third-parties access Microsoft’s big plan a few years back to merge its four user data such as phone numbers, Dynamics ERP suites into one big product. All four were huge Facebook in 2010 changed course, block- suites and it turned out to be nigh on impossible to blend them ing the practice. into one. Instead, the separate suites remain, and Microsoft has Facebook reversed course again, this year announcing a tech- done its darndest to create a common interface. nology that allows your Facebook friends to see your every Facebook move in the form of a ticker. 12. Zune Zoinks The iPod really rubbed Redmond raw. And thus came Zune. Redmond readers actually liked the 5. Yahoo!—To Buy or Not to Buy Desperate to counter Zune quite a bit. Unfortunately, the market didn’t. With Google, in 2008 Microsoft made a very public bid to take such a soft market, Microsoft started to make some state- over Yahoo!. Initially, Yahoo! leaders resisted, and the Mi- ments. First, an executive announced the Zune was dead. He crosoft offer went up and up. Microsoft eventually gave up, was then contradicted by higher ups—it was alive after all. settling for an ad agreement and Yahoo! allowing Bing to be- Finally, the company announced the death of Zune hardware, come its default search engine. but insured the future existence of Zune software.

| Redmondmag.com | Redmond | January 2012 | 17 COVER STORY | The List Issue

Candidates To Succeed outreach to the developer community and for the growth of Steve Ballmer the company’s Server & Tools Business.

Despite hedge fund manager David Einhorn’s call for Steve 5. Kurt DelBene Despite challenges to the cash-cow Offi ce Ballmer’s head last year, there’s no evidence to suggest the business, it continues to grow. As president of the Microsoft Microsoft CEO is going anywhere in the near-term. But if Offi ce Division, Kurt DelBene is a key architect for Micro- the company’s fortunes were to go into a tailspin, anything soft’s key products, including Offi ce, SharePoint, Exchange, is possible. We’re not even entertaining the possibility of a Offi ce 365, Lync, Project and Visio. Gates comeback; that’s simply not going to happen. Nor does it appear likely that former Chief Software Architect Ray 6. Todd Bradley Can a Ozzie would ever come back to step into the shoes of Gates senior executive best known for and Ballmer. With that in mind, here’s our short list (in no his hardware chops run a soft- particular order): ware company? If anyone could, it’s Todd Bradley, executive VP 1. Steven Sinofsky If anyone is of the Hewlett-Packard Co. worshiped in Redmond these days, Personal Systems Group. Brad- it’s the head of the Windows and ley was responsible for leading HP’s effort to overthrow Dell Windows Live division. Not only as the world’s largest supplier of PCs. is Sinofsky charting the course for Microsoft’s future, he’s the public 7. J Allard Would J Allard even entertain returning to face behind those efforts. Sinofsky Microsoft after his coveted Courier project was nixed? If it currently appears to be the odds-on presented a chance to accomplish unfi nished business, why favorite to succeed Ballmer (see “10 not? While Allard is recalled these days for the Courier, his Signs Steven Sinofsky Will Be Run- imprint on Microsoft can’t be understated. It was Allard who ning Microsoft Someday”). How- was responsible for TCP/IP being added to Windows 95 and ever, his success or lack thereof remains to be seen with the for convincing Gates that the Internet would upend Micro- release of Windows 8. If Microsoft chooses to bring someone soft’s business should the company fail to embrace it. with an engineering background to run the company, Sinof- sky has the chops. Not only has he shepherded the devel- 8. Steve Mills Having been passed over to run IBM, Steve opment of Windows, but he spent much of the past decade Mills is the architect of Big Blue’s ambition to manage and overseeing the development of many versions of Offi ce. analyze all types of data. Mills has led scores of acquisitions and product-devel- 2. Kevin Turner It’s hard to envision someone who started opment projects, covering everything from out as a cashier at Walmart running the machine in Red- new mainframes to software designed to mond, but as Microsoft’s COO, he’s perhaps the closest integrate disparate data. Though Mills is thing the company has to a interesting to consider, it seems unlikely he No. 2 behind Ballmer these would land at Microsoft. days. Besides having huge operational responsibilities at 9. Mark Zuckerberg The unlikeliest of candidates is Microsoft—overseeing fi eld Mark Zuckerberg, the founder and CEO of Facebook. Why sales, marketing and corpo- would Mark Zuckerberg leave the company he founded to run rate operations—his words Microsoft? Let’s face it; he wouldn’t, but that doesn’t mean he carry weight when he key- wouldn’t be a potential candidate to replace Ballmer. Zuck- notes at company events. erberg is setting the pace for how individuals use computing devices to interact with one another. However, many of Zuck- 3. Jeff Raikes As CEO of the Bill and Melinda Gates Foun- erberg’s assets could be liabilities for running Microsoft. While dation, former Microsoft President Jeff Raikes is leading his he is setting the agenda for how consumers interact, Zucker- mentor’s charge to save the world. While the likelihood of berg lacks a track re- him stepping out of his current role appears slim, Raikes’ en- cord when it comes to gineering and business operations legacy makes him a strong business computing candidate to run Microsoft. and corporate IT. But if Microsoft wants 4. Eric Rudder Nearly seven years ago, The New York Times someone young and profi led Eric Rudder as a front-runner to take the reigns at entrepreneurial, some- Microsoft some day. The corporate VP oversees the com- one like Zuckerberg pany’s technical strategy and is credited with Microsoft’s would fi t the bill.

18 | January 2012 | Redmond | Redmondmag.com | ADVERTISEMENT

A Windows 7 Migration is the Perfect Time to Normalize, not Standardize

educed costs. Lower overhead. Easier desktop, you should focus on creating a normalized maintenance. Better reliability. All reasons desktop. It isn’t all that diff erent, but it can make all the why IT departments have typically tried to diff erence in the world to your organization. It’s even create and maintain a “standardized something a smart systems integrator can help you do, if desktop” for their users. you don’t have the resources to tackle it on your own.

Typically based upon a small number of “standard However you choose to normalize your client operating images,” the Corporate Desktop can be very fl exible, system, BDNA can help. BDNA Normalize™ — powered by or allow very little wiggle room, depending on the Technopedia™, BDNA’s IT catalog with detailed information organization. Client operating system upgrades and on hundreds of thousands of hardware and software migrations are typically the time when IT re-visits the products — helps you to accurately identify products, standard, creating new images that will hopefully help understand licensing terms, and even distinguish which achieve all of those goals for the next few years. products were installed as part of a suite or package. Hundreds of organizations rely on this continually-updated, But perhaps your Windows 7 migration should be accurate information provided by BDNA to create the diff erent. Rather than creating a new standardized normalized desktop baselines that they need.

For more information, please visit Redmondmag.com/BDNA112

Untitled-1 1 12/8/11 11:01 AM COVER STORY | The List Issue

6 High-Profi le Tech Government is, in fact, certifi ed for government use, saying, Executive Spats of 2011 “What’s more, we’ve been open and transparent with the gov- ernment, and it’s irresponsible for Microsoft to suggest other- Many tech titans have a touch of Donald Trump—they love wise.” This back-and-forth all stems from a suit that Google fi led to hear themselves talk and they enjoy a good fi ght. Here are against the Department of Interior after it allegedly excluded six examples of the latter. Google from submitting quotes for a planned department-wide move to cloud-based e-mail. 1. Oracle Corp. CEO Larry Ellison cuts Salesforce.com Inc. CEO 4. Google calls out Microsoft for allegedly “at- Marc Benioff ’s keynote from the tacking” Android. Oracle OpenWorld Conference. The patent war between Google and Microsoft over the open The relationship between the two ex- source Android OS has been largely one-sided, with Micro- ecutives was already strained, after soft racking up deal after intellectual property deal with An- Benioff made fun of Oracle at a pre- droid device makers, and Google not so quietly fuming. The vious Oracle conference. They ratch- two companies got into another round of verbal fi sticuffs in eted up their feud in October during August, after Google was shut out of bidding wars over patents Oracle’s latest OpenWorld show. First, Oracle postponed belonging to Nortel and Novell. Google’s chief legal eagle ac- then cancelled Benioff’s planned keynote, news of which Be- cused Microsoft of waging (in collaboration with Apple and nioff prominently announced on Twitter. Then, Benioff pro- Oracle) “a hostile, organized campaign against Android. The ceeded to deliver his keynote, anyway—in a restaurant across reason for the attacks, Google said, is that Android is the mar- the street from the OpenWorld venue—and even reportedly ket leader in the smartphone OS space, and Windows Phone, took the opportunity to compare Ellison to deposed third- well, isn’t. Microsoft responded on (where else?) Twitter that world dictators. Meanwhile, inside the OpenWorld conven- it offered Google a chance to also bid for the patents, but that tion hall, Ellison delivered his own address in which he called it declined. In a subsequent blog post, Google characterized Salesforce.com’s offerings “the roach motel of clouds.” Microsoft’s offer as a trick: “We didn’t fall for it.”

2. Microsoft COO Kevin Turner opens verbal fi re 5. Ousted CEO Carol Bartz tells Yahoo! off in her on Microsoft’s competitors during Worldwide fi rst post-fi ring interview with Fortune. Partner Conference (WPC) 2011. When news broke in September that Yahoo!’s board of direc- Turner’s offi cial title is chief operating offi cer, but at the 2011 tors had fi red the famously foul-mouthed WPC, Microsoft channel chief Jon Roskill poked a little fun, Bartz, it was no surprise she didn’t go se- calling co-worker Turner the company’s “chief compete of- dately. The day after she was fi red over fi cer.” Considering Turner’s conference keynote, which was the phone, Bartz spoke to Fortune maga- liberally peppered with barbs at multiple Microsoft com- zine to call the Yahoo! board “doofuses” petitors, that’s a pretty accurate title. For starters, he called and to say that “[t]hese people f---ed me Dynamics CRM Online a “humongous pacifi er to stick in over.” Perhaps the most surprising revela- the mouth of Marc Benioff.” He also promised a “Google tion is that she reportedly had a “non-dis- butt-kicker” with Offi ce 365 and added, “Google is helping paragement clause” with Yahoo!—which she almost certainly us with some of their actions, and I’m encouraged to remind violated multiple times in the Fortune interview. you all this is a company that has a mission statement that they have to remind themselves not to do evil, right?” 6. Microsoft Cofounder Paul Allen shares beef with Bill Gates in his autobiography. 3. Microsoft calls out Google Inc. for allegedly Publicly, at least, Allen has enjoyed a successful life after lying about the FISMA certifi cation for Google Apps leaving Microsoft in 1983, which made a lot of people wonder for Government. where all the apparent bitterness in his autobiography, “Idea For a while now, Microsoft and Google have been trying to Man,” came from. Allen notably recounts that sometime af- one-up each other in the number of cloud contracts won, and ter he was diagnosed with Hodgkin’s disease, he overheard public-sector cloud contracts are an especially sore spot for both Gates and now-Microsoft CEO Steve Ballmer “bemoaning companies. In April, Micro- my recent lack of production and discussing how they might soft’s deputy general counsel dilute my Microsoft equity by issuing options to themselves essentially accused Google of and other shareholders.” Ballmer apologized in person later overstating the government that night; and Gates wrote him a six-page letter. After the certifi cations that are held by book made news, Gates issued a much shorter statement: the Google Apps for Gov- “While my recollection of many of these events may differ ernment products. Google from Paul’s, I value his friendship and the important contri- didn’t take long to fi re back with a confi rmation that Apps for butions he made to the world of technology and at Microsoft.”

20 | January 2012 | Redmond | Redmondmag.com | 13 Most Important Microsoft Product Lines 7. Visual Studio The latest release, Visual Studio 2010, has enabled thousands of developers to target Microsoft’s latest Microsoft is an unusual company for the sheer number of platforms, including Windows 7, product lines that bring in more than a billion dollars. While Windows Azure, and Windows the company doesn’t break out revenues for all of its product Phone 7, as well as the forthcoming lines, Communications Director Frank Shaw famously re- Windows 8. “Visual Studio 11” is vealed Microsoft’s billion-dollar businesses to the TechFlash now in the works. news blog last year. Under those businesses, of course, are Microsoft’s most important product lines. 8. Xbox At last count, Microsoft reported 35 million members of 1. Windows Microsoft’s bread and butter is Windows and de- its Xbox Live community. In fi scal spite some who predict its demise, the OS is doing quite well. year 2011, Microsoft sold 13.7 mil- Microsoft revealed that it has sold 400 million copies of its latest lion Xbox consoles, compared with version, Windows 7. Still, Microsoft faces challenges. PC growth 10.3 million in 2010. Revenues for is slowing and with the most drastic overhaul ever of Windows the company’s Entertainment and Devices Division hit $2.7 planned for Windows 8, it remains to be seen how the market billion, a 48 percent year-over-year increase. responds to the product’s new tile- and touch-focused UI. 9. Bing It will be a long time, if ever, before Microsoft’s search 2. Offi ce Anyone who knows anything about Microsoft is engine can unseat Google as the default search engine of choice. aware how important its Offi ce franchise is to the company. But thanks to Microsoft’s partnership with Yahoo!, Bing has Microsoft has shipped 100 million copies of Offi ce 2010 grabbed a 14 percent share of the search market, up 31 percent since the product’s release in mid- over FY 2010. Still, Bing and the rest of Microsoft’s advertising 2010. Despite a long history of and online business continue to lose money to the tune of $2.5 stellar growth, consumer licens- billion, based on revenues of the same amount. ing of Offi ce dropped 8 percent last year but businesses helped 10. Dynamics Microsoft’s portfolio of ERP and CRM drive Offi ce revenues up 27 per- software and services is believed cent during the company’s 2011 fi scal year. to generate more than $1 billion in revenue. While Microsoft is in 3. Exchange While a growing number of customers are the process of updating the entire offl oading their e-mail systems to the cloud, only a small sliver portfolio with cloud and social net- of large enterprises are making the wholesale shift. Exchange working features, the company faces a barrage of rivals in this remains the most widely adopted enterprise e-mail platform. cutthroat market.

4. SharePoint While it has its share of detractors, 11. System Center Believe it or not, the Microsoft System SharePoint is a billion-plus-dollar business for Microsoft Center product line also brings in more than $1 billion in because it lets enterprises share information generated from annual revenue. Used to manage both hardware and software Offi ce and other sources. running in enterprise datacenters, Microsoft just gave the management suite a major refresh. Due out in the fi rst half of 5. SQL Server The database is a key pillar of the Micro- this year is System Center 2012, which will add new capabili- soft Server & Tools Business. SQL ties to operations and applications management. Server revenues increased 20 per- cent in fi scal year 2011. On tap for 12. Skype The newest addition to the Microsoft portfolio, this year is SQL Server 2012, code- Skype grossed $860 million in 2010, according to its IPO named “Denali,” which will push fi ling, before the company was snapped up. Between the uni- the envelope in terms of support fi ed communications business of Lync and Skype, Microsoft for business intelligence features and support for big data. says it intends to increase the availability of real-time voice and video communications to consumers and enterprises. 6. Windows Server As long as Microsoft is selling lots of SQL Server, Exchange Server, SharePoint and Dynam- 13. Windows Azure This is the only product line on the list ics, customers need Windows Server. Besides that, of course, that probably isn’t even close to generating a billion dollars in Windows Server provides enterprises with their core authen- revenue. Nevertheless, the Windows Azure platform is clearly tication services through Active Directory and virtualization an important product line as Microsoft customers and part- via Hyper-V, as well as providing the infrastructure for prod- ners transition their systems and apps to the cloud. Its success ucts such as IIS and Windows Storage Server. or failure will have huge implications for Microsoft.

| Redmondmag.com | Redmond | January 2012 | 21 COVER STORY | The List Issue

6 Microsoft Mulligans HQ. Released in late 2006 to businesses, Vista required up- In golf terms, a mulligan is a “do-over.” Hit your tee shot in the graded hardware to run, and its initial backward-compatibil- lake? Take a mulligan and pretend it never happened. Here’s ity was pitiful. what we think Microsoft would love to take a mulligan on. 4. Kin Oh Kin, we hardly knew ye. Aimed at the 15-to-30- 1. Internet Explorer 5/Windows 95 This was a mar- year-old social networking crowd, the Kin was released and riage made in Hades. Microsoft tied Internet Explorer 5 to then killed in record time. The big problem is that the Kin Windows 95 so tightly that the U.S. Department of Justice didn’t allow apps or games, so it wasn’t really a smartphone. sued Microsoft for anti-competitive practices. The idea be- But it did require a monthly data plan fee like a smartphone. hind the integration of OS and browser, in the infamous words of former Microsoft exec Paul Maritz (now CEO of VMware 5. Bob See “Clippy,” No. 2. Bob, a doofus “happy face” wear- Inc.), was to “cut off Netscape’s air supply.” Netscape, of ing specs, was another attempt to make computersuters useruser-friendly. friendly. course, was the dominant browser of the day. Instead, it annoyed and angered those users. The government won the monopoly case, and originally CEO Steve Ballmer summed up the tale of but unsuccessfully ordered Microsoft to split into two sep- this turkey in an interview: “There’s noth- arate companies. ing that we’ve undertaken—with a couple of exceptions like Microsoft Bob that I’ll cop 2. Clippy Clippy was an “assistant” intro- to in advance—where we’ve decided that we duced in Microsoft Offi ce 97 to help you do have not succeeded and let’s stop ...” things you’re not capable of without its help— you know, things like write a memo. One of 6. Windows Millenium Edition (ME) Sort of like Vis- Microsoft’s most-mocked products ever, Clippy ta, if Vista never actually worked properly. ME, eventually actually managed to hang around for a decade dubbed “Mistake Edition,” was probably the worst product before the company put out a mob hit on it. Microsoft ever shipped. A successor to Windows 98, it was so buggy and crash-prone that many users never got it to work 3. Windows Vista The fi rst attempt to replace Windows right, period. Whoever signed off on this monstrosity must XP, this is the OS that dare not speak its name at Microsoft have been drunk.

14 Products that Changed Dan Brickman and Bob Frankston, VisiCalc fi rst appeared in IT in the PC Era 1979 on the Apple II and was later released for the IBM PC. When it comes to computing hardware and software, we’ve 4. Hayes Smartmodem AT&T introduced what’s believed seen tons of products over the past three decades that had to be the fi rst modem in 1958. But in the a profound impact on how everyday people gather, process PC era, credit goes to Hayes, which un- and consume information. The following PC products have a veiled the 300-baud Smartmodem in special place in the history of computing: 1981. Hayes-compatible modems permit- ted the PC to be used to communicate 1. Altair 8800 Some would argue the era of personal com- with other computers and online services. puting was born with the release of the Apple II in 1977 and the IBM PC in 1981. Pur- 5. Novell NetWare It wasn’t long after the fi rst PCs came ists say it all began with to market that the next logical step involved making PCs the Altair, invented by Ed share information. That issue was put to rest when Novell Roberts and released in introduced the fi rst version of NetWare in 1983. NetWare 1975. Microsoft founders introduced the concept of a PC-based fi le server and would Bill Gates and Paul Allen become the de-facto standard for enterprise LANs in the developed the software gi- 1980s and 1990s. ant’s fi rst product for the Altair, a version of BASIC designed to run on the new machine. 6. Lotus Notes While the 1-2-3 spreadsheet put Lotus Development Corp. on the map, the introduction of Lotus 2. IBM PC Last year, the industry observed the 30th anni- Notes set a new bar for how enterprises would collaborate and versary of the IBM PC. The DOS-based IBM PC gave birth use messaging. In 1995, IBM bought Lotus for $3.5 billion. to personal computing as it’s known today. 7. Cisco AGS It wasn’t the fi rst network router, but the 3. VisiCalc The fi rst commercial spreadsheet for the PC, Vis- Cisco AGS (Advanced Gateway Server) was the fi rst com- iCalc helped commercialize personal computing. The effort of mercially successful one. The release of this multiprotocol

22 | January 2012 | Redmond | Redmondmag.com | router in 1986 not only bolstered the Internet but gave rise to 11. Intel Centrino There are numerous the enterprise network as well. milestones in the history of wireless network- ing that helped enable mobile computing, but 8. Windows 95 A few versions of Windows had a huge impact the launch of Intel’s Centrino mobile technol- on expanding the PC business over the past three decades, but ogy helped make WiFi ubiquitous. the release of Windows 95 was a true milestone event. It estab- lished the dominance of Windows on the desktop and effectively 12. VMware Workstation 1.0 Virtualization may have its knocked IBM’s OS/2 out of the box. It vastly simplifi ed network- roots in mainframe computing, but the release of VMware ing and introduced the concept of “plug-and-play.” Workstation in 1999 helped set the stage for virtual desktops and servers and ultimately for cloud computing. VMware 9. Linux When Linus Torvalds developed the Linux OS ker- Workstation was the company’s fi rst product, allowing com- nel, it started out as a hobby. But the 1991 announcement of panies to install and run one or multiple virtual machines on the Linux kernel set the stage for an open source OS that some Windows and Linux desktops. thought threatened the dominance of the Windows desktop. While the Linux desktop never gained critical mass, the Linux 13. BlackBerry The iPhone may have re-defi ned the server did and continues to have a strong presence both in the smartphone, but the BlackBerry was the fi rst major smart- datacenter and in the cloud. phone embraced by business users. The fi rst BlackBerry de- vices had monochrome displays, but users became addicted 10. Netscape Navigator The browser gave rise to the to their ability to exchange e-mails from their phones. But Web, and Netscape Navigator set the stage for the Internet Research In Motion Ltd. failed to keep pace with the features era. Netscape Navigator was the most widely used browser in and applications support of the iPhone, and its market share the mid-1990s, the early days of the Web. has since gone into a downward spiral. Once Microsoft realized Netscape was a threat to its desk- top dominance, Redmond put all of its resources into its own 14. Apple iPad Riding on the success of iPhone, Apple browser—Internet Explorer. Microsoft’s aggressive effort to launched the iPad and it quickly took the PC market by storm. seal bundling deals with PC OEMs and Internet service pro- Apple has shipped more than 40 million iPads since the prod- viders, along with some miscues by Netscape, rendered the uct’s release. The iPad has inspired numerous tablet computers, browser war moot by the end of the 1990s. most of which are Android-based to date.

Earn up to 10 respected industry certifications with your online IT degree—at no additional cost. • Relevant Degrees AND Certifications— Fully accredited degree programs in Networking, Databases, Security, Software, and IT management Earn your that incorporate up to 10 certifications without adding classes or costs. degree and IT certs • Opportunity to Advance Quickly— A competency-based approach to education that at the same time! lets you leverage prior experience and your IT certifications to complete your degree faster. • Flexible Online Learning—Log in and learn Online. anytime, anywhere you can find the time. Programs begin the first of every month. A smarter way to reach your future can start right now!

Find out if WGU is the right non-profit university for you: www.WGU.edu/time9 1.800.918.4830

FEATURE | Active Directory How-To How To Fix AD Disasters Spotting Active Directory problems isn’t necessarily simple, but it can help avoid a catastrophe. These tales of AD disasters come from real-life situations and should serve as instruction— and perhaps a warning—to IT pros.

By Gary Olsen

ver since Windows 2000 introduced Active Direc- regional sites in Omaha, Dallas, Atlanta and Providence. tory, disaster recovery has been a hot topic among Each of the regions had two sub-region sites. The plan was administrators. There has been no shortage of to make three tiers—the core, region and sub-regions so that Emethods, tools and opinions about how to prevent the sub-regions replicated, then replicated up to the region a domain or forest collapse that might shut down a business sites; the region sites replicated up to the core; the cores rep- and cause an IT professional to lose his job. Disaster recov- licated to each other. This was designed to take advantage of ery certainly has evolved with improvements and effi ciencies the network topology. in core AD components; replication, design implementations Unfortunately, the topology wouldn’t work. One of the rules and the overall user experience have improved. in replication design is that links must have common sites to Over the years, I’ve been involved in a number of cases replicate. For instance, you can’t have a site link with Washing- where some form of AD disaster occurred and a recovery was ton, D.C., and Raleigh and another with Dallas and Topeka. required. In this article, I’ll describe several of these episodes, You’d need to add a link with Raleigh and Dallas, for example. working from the not-so-serious scenarios to the worst-case In this case, the IT pros put the region headquarter sites incident, where all domain controllers (DCs) in a parent do- in Omaha (OMH), Dallas (DAL), Atlanta (ATL) and Provi- main of a multi-domain forest went down, and the backup was dence (PRO) in both the second- and third-tier links (see 11 months old! Figure 1, p. 25). For instance, the OMH site was part of the Midwest Link and the West Link. Similarly, the Los Angeles Replication Disaster core site was in the East Region Link and the Core Link site In the fi rst case, the architect of an AD topology wanted a links. This would provide the glue that allows replication to tiered topology to refl ect his network. He had three core sites fl ow from third-tier sites to the core sites. in New York and Los Angeles connected with a dedicated, This design actually worked until a DC in the OMH site high-speed network link. For the next tier, there were four had a disk failure. Note that this was the “glue” site that

24 | January 2012 | Redmond | Redmondmag.com | IMAGE FROM LOOPALL/SHUTTERSTOCK continued as designed. He reconfi gured the rest of the forest, CORELINK and the replication problems all went away. The important LAX NYC thing here is that he did this during business hours. OK, rep- lication was probably broken for a couple of cycles—but it did

LAX NYC no harm. Replication was pretty resilient. There was no need to reboot, no disruption to the users. West Region East Region OMH LINK DAL ATL LINK PRO SOLUTION: Pay attention to the AD topology design and follow the rules noted here. But remember, even if it’s wrong, it can easily be fi xed.

OMH DAL ATL PRO Virtual Disaster In another situation, a perfectly logical disaster recovery plan for FTC TOP WDC MON two virtual DCs was designed and implemented, which caused the disaster. In this case, there were two physical servers, each TUS LIT RCH NOR running a virtual DC (see Figure 3, p. 26). So, the DC was really a virtual hard disk (VHD)—a fi le on the physical disk. Southwest SBD Link RAL OPL The IT pros at this organization made a backup each night of the physical host. Because the VHD fi les could be copied Southeast Northeast LAS Link Link and moved to other locations, the administrator reasoned that he could copy the datacenter 1 (DC1) VHD fi le to DC2 and Midwest Sites Linking Level 1 and Level 2 “hubs” Link the DC2 VHD fi le to DC1. They repeated this strategy for Sites Linking Level 2 and Level 3 “hubs” DC3 and DC4 so that in the end, if DC1 went down, they could restore it by copying the DC1 VHD from DC2 (or Desired Replication Path DC3 or DC4) back to DC1 or a new server and be back in Figure 1. The initial topology, shown here, eventually broke business. They did not backup the DCs in their own OS— down. hooked the other sites to the East Region sites, and with site- CORELINK LAX NYC link bridging enabled, the Knowledge Consistency Checker (KCC) was able to recover from the OMH DC loss. However, LAX-DAL link LAX-OMH when the OMH DC was restored, the KCC had picked the link Tucson (TUS) DC to replicate to for the second level. This caused all the Midwest Link DCs to replicate to the TUS DC DAL OMH rather than OMH. That disrupted the whole replication de- OMH-LAS link OMH-TUS link sign, which was based on network speed and reliability. The only way the IT people could restore the replication fl ow OMH-FTC link was to wipe and reinstall the OMH DC. A few weeks later, the FTC LAS ATL DC failed, and the KCC picked the Richmond (RCH)

DC for the ATL link DCs to replicate to. Again, the only way OMH-SBD link to get replication back to the way they wanted it was to reinstall the ATL DC. They were understandably concerned about hav- SBD TUS ing to reinstall any DC that went offl ine for a few days. In addi- tion, some other DCs in other regions started replicating to all Figure 2. The solution to the replication problem was sim- DCs in the forest. There were replication errors, and network plifying the design—creating a 1:1 relationship between the OMH site in the second-level replication tier and the third- traffi c on some DCs took a huge spike—it was quite a mess. level sites FTC, SBD, TUS and LAS. This forces the KCC to I really didn’t have an explanation for this behavior, other replicate between only two sites at a time and not have to than the KCC picking the lowest-number GUID. They had make a decision. given the KCC too much freedom to choose by putting more than two sites in a site link. The solution was to delete all the they just backed up the physical host. Note that restoring the site links and recreate them with no more than two sites per VHD will vary depending on your virtual machine (VM) link. The Midwest Link was replaced with the OMH-FTC software, but that’s not the point. This situation points out link, OMH-TUS link and so on (see Figure 2). The West the fl aws in the design. Region Link was replaced with the OMH-LAX Link, as well Satisfi ed their plan was safe, the admins decided to test the as individual links from each region headquarter site to either recovery. Reproducing this in the lab, they removed the exist- LAX or NYC site, depending on their geography. ing VM/VHD from DC1 and built a new one using the DC1 The administrator decided to just reconfi gure one region. VM/VHD that was stored on DC2. It failed, but that wasn’t To test it, he removed a DC and put it back in, and replication immediately obvious. It seemed to replicate, but updates

| Redmondmag.com | Redmond | January 2012 | 25 FEATURE | Active Directory How-To

weren’t showing up, and their peers were fi nding other anom- due to FRS folders vanishing, so he copied the SYSVOL tree alies as well. to the desktop of his DC. This effectively created a new junc- They had discovered the effects of an unintentional USN tion point, and it was replicating to both SYSVOL trees on rollback, rolling the AD on DC1 back to the previous day. that machine—it was like two DCs in one. To solve this, we There’s nothing wrong with this if you do it right. However, had to carefully delete the junction point (not the folder). De- the admins in this situation violated a few very important rules: leting the SYSVOL folders will replicate and will delete them • Never restore a DC from a snapshot image. The VHD is a on all DCs! snapshot image, but there are other ways to do this. I have seen several cases where “somehow the SYSVOL struc- • Never back up a DC by backing up the VHD fi le on the ture was deleted.” Honest! I can’t imagine how this is anything host computer. It can’t be successfully restored. but human error—maybe trying to “clean things up.” The dan- • Always back up the System State of a virtual DC (in the VM ger, of course, is losing all your Group Policies; hopefully you itself) using an “Active Directory Aware” backup and restoration have them backed up. Remember to back them up using the Group Policy Management Console (GPMC) or any number of third-party tools, or simply Host 1 Host 2 Host 3 Host 4 by copying them from the SYSVOL tree to (Virtual (Virtual (Virtual (Virtual DC1) DC2) DC3) DC4) some other location outside of SYSVOL. If a SYSVOL folder becomes corrupt or for some reason just one DC can’t get in sync, it’s easy to do either the non-authoritative or au- VHD VHD VHD VHD Copies Copies Copies Copies thoritative restore, where you sync the broken

DC2 DC1 DC1 DC1 machine up with a good DC. Microsoft KB 315457 is a good reference for this.

DC3 DC3 DC2 DC2 However, restoring the whole fi le struc- ture is quite another matter. KB 315457 is

DC4 DC4 DC4 DC3 mostly correct for this scenario, but I found a few gotchas with the linkd command. Of course, demoting (manually if necessary) and Figure 3. A confi guration with two physical servers, each running a virtual DC. re-promoting is always the short answer, but if that isn’t an option, here’s a procedure that utility. This will reset the Invocation ID of the AD database and will work to get the junction points restored properly. I will will keep all versions of the database on all the DCs in sync. assume you understand the SYSVOL structure, but as a re- The unintentional USN rollback is hard to detect and has minder, SYSVOL/Domain/Staging Areas/mydomain.com only one repair: rebuild the DC. It basically creates a gap in and SYSVOL/SYSVOL/mydomain.com are the junction the database transactions on the rolled-back DC. So other points pointing to the real directories of SYSVOL/Domain/ DCs think the transactions (adding, modifying, deleting an Staging/Domain and SYSVOL/Domain, respectively. object) have been replicated to the problem DC and they don’t SOLUTIONS: 1. How to recreate SYSVOL and junction replicate it again. The broken DC doesn’t have the objects and points when SYSVOL has been deleted from all DCs: will never be notifi ed to get them. A stalemate occurs. a. Stop the FRS service on all DCs. SOLUTION: Prevent this disaster by reading Microsoft b. Create the SYSVOL folder tree manually (This is the KB 875495. Be sure to understand the causes and effects of FQDN of your domain): unintentional USN rollback and how to recognize the situa- SYSVOL tion. Further, follow the rules noted in this article and in the Domain KB to prevent this situation from happening. DO_NOT_REMOVE_NtFrs_PreInstall_Directory Policies Deleted FRS File Structure Staging Areas This is not all that common, but it does happen. It’s disas- Staging\Domain trous and quite easy to do. The result is losing all Group Poli- SYSVOL cies on all DCs. Not a good career move. I’m sure most of Mydomain.com you reading this article have been convinced of the futility of c. Set the ACLs on the “DO_NOT_REMOVE_ getting File Replication Service (FRS) to work reliably and NtFrs_PreInstall_Directory”: have upgraded to 2008 and migrated to Distributed File Sys- i. Administrators (domain admins) and System both tem Replication (DFSR). For those unfortunate souls who set to ONLY have “Special Permissions.” are still bound with FRS, here’s a great way to restore this. ii. Set the “DO_NOT_REMOVE...” directory as Because FRS is multimaster replication (it actually relies on Hidden and Read only. AD Replication), it’s pretty easy to have a mistake replicated d. Create the junction points. Make sure the FRS is quickly. I have seen a number of cases where FRS was hosed. stopped on the DC this is executed on: In one case, the admin was afraid of losing his group policies linkd "%systemroot%\SYSVOL\SYSVOL\mydomain.com"

26 | January 2012 | Redmond | Redmondmag.com | %SYSTEMROOT\SYSVOL\DOMAIN story short, LOs are caused by a DC being inaccessible by linkd "%systemroot%\Sysvol\staging areas\mydomain.com" other DCs for longer than the tombstone lifetime (TSL) and %systemroot\sysvol\Staging\Domain then coming back online. The TSL defaults vary based on NOTE: If SYSVOL is not stored on the Windows Sys- the version of Windows you’re using and are customizable. If tem Disk, replace C:\Windows in the linkd command to the DC comes online after deleted objects have been purged refl ect the path to SYSVOL. by garbage collection (GC), having expired the TSL, it can e. How to Build the Default Domain Policy and Default replicate those objects back to healthy DCs and reanimate Domain Controller Policy: the objects. Typically, this will be a problem on the GCs i. If you don’t have backups of the Default Domain Con- when read-only objects are replicated back. troller Policy or the Default Domain Policy, then from Events 1864, 2042 and 1988 in the Directory Services event the command line of the Primary Domain Controller, log are good indicators of LOs. You can see messages in event run Microsoft’s DCGPOFIX tool. See KB 833783. logs and Repadmin/showrepl output. WARNING: This tool will create a virgin Default Domain Policy and Default Domain Controller Pol- icy—don’t use this if you have a copy of these policies I’ve seen several cases somewhere. If you do have backups, simply restore them where “somehow the to the proper location in SYSVOL. ii. It will prompt you to restore the Default Domain SYSVOL structure was Policy and will ask if you want to restore the Default deleted.” Honest! I can’t Domain Controller Policy. You should answer “Yes” to both of the questions. imagine how this is f. Replicate SYSVOL for this DC by starting FRS: C:>net Start “File Replication Service” anything but human error— NOTE: Do NOT use the Burfl ags procedure. This can maybe trying to “clean cause the SYSVOL directory to disappear. g. Make sure FRS is working. TIP: create a text fi le such things up.” as DC1.txt (on DC1) in the SYSVOL\SYSVOL di- rectory (so it’s easy to fi nd). Let replication take When LOs try to get replicated, it can trigger replication place. This fi le should end up in this location on to stop between two DCs. If the very important “Stric- all DCs. Any DC without it is not replicating FRS tReplicationConsistency” registry key is set to (1), which properly. Remember this could be due to AD Repli- means Strict behavior, and if a replication partner wants cation failure as well. to modify an object that doesn’t exist on the DC, all rep- 2. How to recreate junction points if the SYSVOL tree exists lication will be shut off. A very helpful message to this ef- but junction points don’t exist: fect will show up when executing the Repadmin/Showrepl a. Stop FRS: command, the DirSvcs Event Log, Repadmin/Replsum, C:>Net Stop "File Replication Service" and other reports and logs: b. Create the junction points. Make sure FRS is stopped The Active Directory cannot replicate with this server on the DC: because the time since the last replication with this server linkd "%systemroot%\SYSVOL\SYSVOL\mydomain.com" %SYSTEM- has exceeded the tombstone lifetime. ROOT\SYSVOL\DOMAIN There are other messages that are pretty obvious. This is good! It isolates the bad machine so you don’t have to clean up linkd "%systemroot%\Sysvol\staging areas\mydomain. all the DCs. I’ve seen many environments where this registry com" %systemroot \sysvol\Staging\Domain key is set to “loose” (0) which means the DCs will replicate NOTE: If SYSVOL isn’t stored on the Windows System LOs. Not good. If you have an environment that started out Disk, replace C:\Windows in the linkd command to re- with Windows 2000 and has been upgraded (as opposed to fl ect the path to SYSVOL. a fresh install of the entire forest) to Windows 2003, 2008, etc, then this setting is probably set to “loose” as that was the Lingering Objects default in Windows 2000. The key is located at: No AD disaster recovery discussion would be complete with- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\ out a section on Lingering Objects (LOs). LOs are more a Parameters result of some disaster but can also cause a lot of headaches ValueName = Strict Replication Consistency for IT pros. I’ve found a number of environments where LOs Thanks to some diligent work on Microsoft’s part, LOs exist—and have existed for some time—but have never been went from being a hideous nightmare in Windows 2000 to cleaned up. This is likely due to the fact that AD still works being fairly easy to clean up in 2003 and later. The key tool except for anomalies such as objects showing up in one do- is good ol’ Repadmin and the /RemoveLingeringObjects main and not in another. It’s hard to clean them up, and it switch. Can’t fi nd this option in the online help for Repad- mostly applies to multiple domain forests. To make a long min? Try Repadmin/ExpertHelp.

| Redmondmag.com | Redmond | January 2012 | 27 FEATURE | Active Directory How-To

SOLUTION: If you have any Windows 2000 in your environment and they contain LOs, the solution is to replace (don’t upgrade) them with Windows 2008 DCs (assuming you can’t get Windows 2003). Mydomain.com For Windows 2003 and later, the short answer is: 1. Set all DCs to StrictReplicationConsistency = 1. Failure to do this will allow the LOs to keep replicating. Use the Repadmin command to quickly set this on all DCs (add all the DCs in the DC_LIST; see the online help for Repad- min for details): Mydomain-DC1 repadmin /regkey DC_LIST +strict 2. Use the Repadmin /removeLingeringObject command: Repadmin /removelingeringobjects [/ADVISORY_MODE] a. Dest_DC_List: list of DCs to operate on b. Source DC GUID – the DSA GUID of a reliable DC (preferably the PDC) Child.Mydomain.com c. NC – Naming context of the domain the lingering ob- jects exist in d. /ADVISORY_MODE – identifi es what will happen when you execute the command for real Figure 4. A root So a sample command would be: domain with only one DC led to C:\>Repadmin /removeLingeringObjects wtec-dc1 f5cc63b8-cdc1- disaster. 4d43-8709-22b0e07b48d1 dc=wtec,dc=adapps,dc=hp,dc=com Child-DC1 Child-CD2 This has to be done on all DCs in the forest and can easily be scripted. c. Logon from a machine in the root domain using an ac- count in the child domain and vise versa Armageddon: Recovering a Forest d. Add test users and sites in each domain and see if they When the Root Domain Goes replicate to all DCs Away with No Backup 7. “Demote” the GC in the child domain to a DC This example is from an actual case I worked about a year 8. Let replication take place and update the root DC ago. It was easy to see the glaring design error in this con- 9. Promote at least one DC to GC fi guration. The root domain has only one DC (see Figure 10. Check event logs for errors 4). I was called when the single DC in the root domain went 11. Build a second DC for the root domain down and the company’s IT staff couldn’t recover it. It had a 12. Set the TSL to 180 days (minimum) RAID 5 disk but, as fate would have it, the IT folks lost two 12. Backup all DCs disks from the array. To make matters worse, the backup was Actually, we did all this in a lab fi rst. Using the current 11 months old. A true disaster! backups of the child domain DCs and the old backup of the The child domain had all the user accounts and interesting- root domain DC, we reproduced the environment. Then we ly, there was no user outage—no complaints. My fi rst thought executed the procedure just described. The health check in was LOs, but becuase there were no other DCs, there could the test environment actually turned up a few DNS errors— be no lingering objects in the domain. There could, however, unrelated to this procedure—so we fi xed those and some be GCs in the child domain. other issues in the production environment. At that point, SOLUTION: The plan was designed: we were confi dent that the restore would work, and it worked 1. Set the tombstone lifetime to 365 days so we don’t have without incident. The interesting thing is that we did this to risk adding LOs. This is done via the ADSIEdit tool— during business hours and experienced no outages or com- modify the TSL attribute at: plaints from users. cn=Directory Service,cn=WindowsNT,cn=Services,cn=Configurati AD disasters are easy to cause, and not always easy to recover on, dc=mycomain,dc=com from. It’s important for any AD administrator to be familiar 2. Restore the backup to the DC in the root domain. with the warning signs and pay attention to logs and reports. 3. Set the system time on the DC in the forest domain to the Pay attention and avoid disasters—I hope these tips help! current date/time 4. Set StrictReplicationConsistency to 1 on all DCs Gary L. Olsen is a systems software engineer in the Hewlett- 5. “Demote” the GC in the child domain to a DC Packard Co. Worldwide Technical Expert Center for HP Services 6. Do a health check: in Atlanta, Ga., and has worked in the IT industry since 1981. a. Event logs He’s a Microsoft MVP for Directory Services and president of the b. Validate the trust Atlanta Active Directory Users Group.

28 | January 2012 | Redmond | Redmondmag.com | DecisionMaker by Don Jones Space to Watch: Runbook Automation

love how everything old becomes new again. One of my to assume it’s a fast-moving space where the company doesn’t feel it has the time fi rst true IT jobs was working as an AS/400 operator, (from a competitive perspective) to spin I up its own solution. That’s a telltale. and although we were a fairly small shop, we still had a Gartner Inc. tells us the growth of complex computing schedule. At a certain hour each night, RBA has coincided with the need for IT operations executives to deliver and various jobs would launch to handle One of the big players in the RBA prove higher IT operational effi ciencies, restocking activities for our company’s space was Opalis, which, as you may including reducing mean time to repair, stores. At another hour, I would start know, was purchased by Microsoft not and to automate the provisioning of IT taking the system down in stages so too long ago. This is defi nitely a market resources. In other words, management that our nightly backups could run space that decision makers should keep is pushing to “do more with less,” and with full system access. We didn’t call an eye on, as Microsoft has launched automation of any kind is a means to it a runbook, but that’s basically what the beta of a re-done Opalis called Sys- that end. we had: A compilation of procedures tem Center Orchestrator 2012. You’re going to start seeing a trend and operations that my fellow sysops As Microsoft continues to invest in toward automation, and you’ll start and I would carry out. Windows PowerShell, you’re going seeing executive-level demand for it. Runbook automation (or RBA), then, to see RBA take advantage of it. Over time, the best IT teams will spend is the ability to schedule those things Third-party RBA vendors are already a great deal of time writing automa- to happen without manual interven- providing the capability of writing tions for various routine tasks, problem tion. In Windows, most of us get by automation scripts in PowerShell, giv- responses and so forth. You might be with Scheduled Tasks. In the latest ing them access to all the things that writing those by hand in PowerShell, version of Windows Server, Scheduled PowerShell can already automate. You developing them in some GUI environ- Tasks has developed a good level of can bet that System Center Orchestra- ment, or using something else. The sophistication—but it’s still not a true tor is going to have a close, personal point is that any task you perform once, RBA system. A “real” RBA system is centralized, carrying out tasks across multiple com- A “real” RBA system is centralized, carrying out puters. It can orchestrate those tasks as tasks across multiple computers. well, keeping different systems in sync with one another as tasks are carried out across them. relationship with PowerShell, especially and might perform again, is something RBA can do more than just automate as Windows 8 rolls along and intro- you should look to automate—ideally routine maintenance tasks. For exam- duces OS-wide administrative access in some RBA tool that will make it easy ple, your runbook probably contains via PowerShell. This doesn’t necessar- to re-execute that task at any time you procedures for dealing with specifi c ily mean you have to learn PowerShell need. Yes, we’ll always be dealing with problems. Such-and-such an app (although it won’t kill you); vendors are the fi re-of-the-moment, but each fi re breaks, and you know you need to go often building powerful GUIs on top we put out should become an opportu- perform these steps. A good RBA sys- of PowerShell that let you drag-and- nity to automate that particular tem can do just that—and do it faster drop your automation workfl ows, while fi refi ghting response, so that it can be and more consistently than you could still giving you access to everything done more rapidly in the future. do it yourself. Coupled with a good PowerShell can do under the hood. monitoring system, the RBA tasks So, why is RBA a space to watch? Well, Don Jones is a principal technologist for could become automated responses to fi rst of all, anytime you see Microsoft strategic consulting fi rm Concentrated detected conditions—creating a more make a major purchase and integrate it Technology. You can contact him via self-healing IT environment. into the System Center line, you have ConectratedTech.com.

| Redmondmag.com | Redmond | January 2012 | 29 WindowsInsider by Greg Shields 12 New Year’s Resolutions for 2012

he year 2012 should be a banner year for Microsoft. tasks. The year 2012 must become The Year of Application Delivery, where we With what seems like every product going through fi nally right-size our application deliv- T ery approach to the needs of our users. a major revision, this year means more changes 7. Resolve to Reject the Security for the Information Technology industry than any year in Boogeyman. Our industry has for far too long leaned on the specter of securi- recent memory. ty as a boogeyman for not doing things. In today’s world of iPads and always-on But it’s not just the version updates that process instead of doing it again. VPNs, security is already baked into that are changing the IT landscape. Hate the command line? Teach your- plenty we do. And our users are more Also in turmoil is the entire focus of self to touch type. knowledgeable than ever before. They our industry. Like at no point in its past, 3. Embrace Windows 8 Early. This know when we’re blowing smoke. Information IT as a business practice is new OS is so much more than its beau- 8. Make Computing Personal Again. at the cusp of redefi ning itself. Automa- tiful graphical facelift. If it’s Windows In cahoots with the security “no” is its tion technologies are younger brother “lockdown.” Locking coming to the forefront. down the desktop is a remnant of a secu- The GUI is moving into Make the resolution now to begin rity model long past its relevance. Every the background. The automating everything you do. lockdown you implement just drives activities we prioritize users to another Internet service they are themselves rearrang- use as a sidestep. Embrace your users’ ing to put our customers actually—and XP you’re still running, this new OS is needs for personality and free them from honestly—fi rst. your lifeline to a more secure operat- draconian ridiculousness. These are all good things. ing environment. Get in early. 9. Stop Debating the Cloud and With the turn of the New Year, and 4. Say “Enough” to Legacy Appli- Get on One. Let me clue you in on the all these changes afoot, I offer 12 reso- cations. Too many organizations get cloud’s elephant in the room: Yes, you’re lutions for Windows IT pros. See if any dragged down by their legacy appli- going to lose your job. Now, you might not of these are on your personal task list: cations. It’s high time IT made the necessarily lose your employment status, 1. Learn Windows PowerShell. stand that those legacy beasts must go but the job you do today will be far dif- And I Mean Really Learn It. I said away. Whether they support minor ferent in the years to come. it with the release of Windows 7 and fi efdoms or they’re a major business 10-12. Think Like the CEO, Think Windows Server 2008 R2. But with player, there’s far greater risk in coyly Like the CEO and Think Like the Windows 8 soon upon us, this time I watching them age than keeping them CEO. For every IT professional who really, really mean it. If the sum total around. Humbug. does this and succeeds at delivering per- of your contribution to your employer 5. Stop Saying VDI When You fectly tuned IT services, 10 others won’t today is clicking the Next button, then Mean RDS. Virtual Desktop Infra- and will complain when the industry start getting ready for a new line of structure (VDI) as “the answer” is so passes them by. The days of IT profes- work. Get on the Windows PowerShell 2009. VDI as “an answer” is absolutely sionals locked in dimly lit rooms behind train now before the Windows OS 2012. Lose the blinders. When an closed doors are gone. It’s high time we leaves you behind. application makes sense for hosting started thinking like everyone else in 2. In Fact, Stop Clicking Next. atop VDI, absolutely do so, but only our line of business. Make the resolution now to begin after exploring its feasibility atop the automating everything you do. If you vast array of lighter alternatives. Greg Shields is a partner and principal fi nd yourself clicking buttons, check- 6. Prioritize Application Delivery. technologist with Concentrated Technology, ing boxes or doing anything more than Long past are the days when managing an IT analysis and strategic consulting fi rm. once in a row, then resolve to automate Active Directory was one of our biggest Contact him at ConcentratedTech.com.

30 | January 2012 | Redmond | Redmondmag.com | advertisement John Bagley: 10 Holiday Gifts for “Independently reviewed by industry experts these free tools proved to be useful for IT pros.” IT Professionals

$XGLW$FWLYH'LUHFWRU\DQGÀOHVHUYHUVVHFXUHO\ PDQDJHSDVVZRUGVGHWHFWLQDFWLYHXVHUVDQG more – for free.

ere is the updated list of freeware tools by Redmond ² 7KLV WRRO WUDFNV GRZQ LQDFWLYH XVHU DFFRXQWV HJ WHUPLQDWHG Readers’ Choice Award-winner NetWrix Corporation employees) so you can easily disable them, or even remove them which can save you a lot of time and make your network HQWLUHO\ WKXV HOLPLQDWLQJ SRWHQWLDO VHFXULW\ KROHV 7KH WRRO VHQGV H reports on a regular schedule, showing what accounts have been PRUHHI¿FLHQW±DWDEVROXWHO\QRFRVW$OORIWKHVHWRROVDOVRKDYH LQDFWLYHIRUDFRQ¿JXUDEOHSHULRGRIWLPH HJPRQWKV  advanced commercial editions with additional features, but the Download page: ZZZXUORSHQFRP7 freeware editions will not expire, and will not stop working when \RXXUJHQWO\QHHGWKHP 6. File Server Change Reporter V\VRSVFRPZZZXUORSHQFRP3) — This is a must-have tool 1. UPDATED! Active Directory Change Reporter IRUDXGLWLQJ¿OHVHUYHUVDQGDSSOLDQFHV7KHWRROGHWHFWVFKDQJHVPDGH (Windows IT Pro, Sep’09: InstantDoc ID 102446, TechRepublic: WR¿OHVIROGHUVDQGSHUPLVVLRQVDQGWUDFNVQHZO\FUHDWHGDQGGHOHWHG ZZZXUORSHQFRP$) — This is an updated freeware version with ¿OHV7KHWRROLVXVHIXOIRUGHWHFWLQJPLVWDNHQO\GHOHWHG¿OHVDQGLW VLJQL¿FDQWO\LPSURYHG$FWLYH'LUHFWRU\FKDQJHWUDFNLQJWHFKQRORJ\ DOORZVTXLFNEDFNXSUHFRYHU\RIDFFLGHQWDOFKDQJHV The tool simply keeps tabs on what’s going on inside your Active Download page: ZZZXUORSHQFRP. Directory, tracks changes to users, groups, OUs, and all other types of AD objects, sending daily summary reports with full lists of 7. Active Directory Object Restore Wizard VSHFL¿FFKDQJHV (Windows IT Pro: ZZZXUORSHQFRP1) — This tool can save the Download page: ZZZXUORSHQFRP= day if someone accidentally (or intentionally) deletes important Active 'LUHFWRU\REMHFWV,WSURYLGHVJUDQXODUREMHFWOHYHODQGHYHQDWWULEXWH 2. NEW! Password Manager (Active Directory Tools, Jun level restore capabilities that allow quick rollbacks of unwanted ‘11: ZZZXUORSHQFRP) — A recently released freeware version FKDQJHV HJPLVWDNHQO\GHOHWHGXVHUVPRGL¿HGJURXSPHPEHUVKLSV of the Password Manager supports up to 50 users and includes major HWF Download page: ZZZXUORSHQFRP2 features of the enterprise edition: forgotten passwords reset, account lockouts troubleshooting, manual account unlock through a secure 8. Windows Service Monitor :LQGRZV5HIHUHQFHFRP ZHE EDVHG LQWHUIDFH RU D ZLQGRZV DSSOLFDWLRQ HWF7KH QHZ IUHH ZZZXUORSHQFRP-) — This very simple monitoring tool alerts tool features integration with the Windows logon procedure, Google you when some Windows service accidentally stops on one of your $SSVVXSSRUWVODQJXDJHV VHUYHUV7KH:LQGRZV,73UR&RPPXQLW\&KRLFHDQG(GLWRU¶V Download page: ZZZXUORSHQFRP Best Award-winning tool also detects services that fail to start at boot WLPHZKLFKFDQKDSSHQIRUH[DPSOHZLWK0LFURVRIW([FKDQJH 3. 3DVVZRUG ([SLUDWLRQ 1RWL¿HU (Redmond Magazine Download page: ZZZXUORSHQFRP. Feb’09, 4sysops: ZZZXUORSHQFRP8) — This tool automatically reminds users to change their passwords before they expire, helping 9. Disk Space Monitor (MS TechNet Magazine Sep’09: NHHS KHOSGHVN DGPLQLVWUDWRUV VDIH IURP SDVVZRUG UHVHW FDOOV ,W ZZZXUORSHQFRP,) — Even with today’s terabyte-large hard works nicely for users who don’t log on interactively and, thus, never GULYHVVHUYHUGLVNVSDFHWHQGVWRUXQRXWTXLFNO\DQGXQH[SHFWHGO\ receive standard password change reminders at log on time (VPN This simple monitoring tool will send you daily reports regarding all DQG2:$ Download page: ZZZXUORSHQFRP9 VHUYHUV WKDW DUH UXQQLQJ ORZ RQ GLVN VSDFH EHORZ WKH FRQ¿JXUDEOH WKUHVKROGDownload page: ZZZXUORSHQFRP+ 4. NEW! Privileged Account Manager (TechRepublic Jul’ 11: ZZZXUORSHQFRP;, SC Magazine: ZZZXUORSHQFRP:) 10. VMware Change Reporter 7HFK7DUJHW6HDUFK9LUWXDO —This new freeware product maintains a repository of privileged Desktop: ZZZXUORSHQFRP/) — If you don’t know what is being user accounts (such as Administrator, root, service accounts etc) changed by your colleagues in the VMware infrastructure, it’s very in Active Directory, servers, and other systems, providing a secure easy to get lost and miss changes that can affect things that you are web-based portal for role-based access and automatic maintenance of UHVSRQVLEOHIRU7KLV:LQGRZV,73UR&RPPXQLW\&KRLFHDQG VKDUHGDGPLQLVWUDWLYHXVHUDFFRXQWV7KHIUHHZDUHYHUVLRQVXSSRUWV Editor’s Best Award-winner tracks and reports changes in VMware up to 50 users and also inherits the brand new Managed Account Virtual Center settings and permissions, such as newly created virtual 'LVFRYHU\IHDWXUHIURPWKHXSGDWHG(QWHUSULVH(GLWLRQ PDFKLQHVFRQWDLQHUVDOHUWVDQGPRUH Download page: ZZZXUORSHQFRP< Download page: ZZZXUORSHQFRP0

5. Inactive Users Tracker (MS TechNet Magazine May’08: ZZZXUORSHQFRP6, TechRepublic: ZZZXUORSHQFRP5) Scan this code with your Smartphone to get additional info

JOHN BAGLEY MRKQBEDJOH\#VEFJOREDOQHW LVDQ DZDUGZLQQLQJSURIHVVLRQDOZULWHUDQGLQGHSHQGHQWFRQVXOWDQWZKRFRQWULEXWHVWRQHZVSDSHUVDQGPDJD]LQHV

Untitled-2 1 11/7/11 4:11 PM FoleyOnMicrosoft by Mary Jo Foley

12 Microsoft Hot Buttons for 2012

his isn’t your typical January predictions column. in 2012? Microsoft will continue pushing the message that Xbox isn’t This is more like my Post-It list of things I’ll be just for gaming, but is a TV watcher’s T dream, too. watching for from the ’Softies in the coming year. 9. Internet Explorer: IE9 has faced It’s a scary but potentially exciting reminder of just how some tough competition, especially from Chrome, in the past year. IE10 crazy-busy 2012 is going to be for Microsoft customers, will get a boost by being bundled with Windows 8. But it needs to be faster partners and watchers. and lighterweight to fend off the fast- growing Google alternative. Last year was an “in-between” year and “Apollo.” Apollo (aka Windows 10. Kinect: In 2012, the big news for Microsoft. There weren’t a whole Phone 8) is the big one, and possibly for Kinect will be on the Windows lot of brand-new product launches—but when Microsoft switches the Embed- front. Microsoft is slated to unveil 2012 will be the exact opposite. Can ded kernel for more of a MinWin/true new Kinect hardware for PCs that Microsoft deliver? How well? Will it Windows one. What will that mean for will work at closer ranges, as well as to be enough to appease employees, Wall developers and users? make Kinect for Windows available to Street and users with Apples in their eyes? Here’s my short list of Microsoft topics for 2012, in no particular order: Will Microsoft take Windows Azure more in the 1. Windows: When will the beta of Amazon direction and add additional Infrastructure Windows 8 hit? (Latest I’ve heard is as a Service functionality to boost uptake? sometime in February.) Will it RTM in time for holiday 2012 sales? (It had better.) Will the x86 and ARM versions remain in lockstep? How 5. The Skype-ization of Microsoft: developers who want to create com- will the ’Softies handle the Windows Watch for Skype functionality to begin mercially available apps. 7-Windows 8 transition? rolling out in Lync, Hotmail, Windows 11. Silverlight: Microsoft has done 2. Offi ce Client: Offi ce 15 is Offi ce Phone, Xbox and maybe even Offi ce. an abysmal job of explaining what it’s 2012, which means preview, beta and 6. Database Mania: SQL Server planning to do with Silverlight. How fi nal all happen this year. What will 2012, with its new per-core pricing will (or won’t) the development frame- the expected Metro version of Offi ce and licensing model, is due for launch work part of Silverlight move forward? for Windows 8 on ARM look like? early this year. Microsoft is looking to 12. Legal Wars: Microsoft has 3. Public-Cloud Deliverables: smooth the on-premises/cloud data- been on a tear with its Android patent Offi ce 365, Microsoft’s public-cloud base path with its SQL Azure Data licensing deals and warnings in 2011, complement to Offi ce, is selling like Sync technology. but that hasn’t helped it gain market gangbusters, the ’Softies say. Windows 7. System Center 2012: Word is the share … so far. Will legal threats curb Azure, Microsoft’s public-cloud version launch will happen at the Microsoft Android appetites in 2012? of Windows, has been less successful. Management Summit in April. Don’t be Will Microsoft take Windows Azure surprised to see Microsoft try to sim- Mary Jo Foley is editor of the ZDNet “All more in the Amazon direction and add plify its complex systems-management About Microsoft“ blog and has been cover- additional Infrastructure as a Service story by launching all 10 or so System ing Microsoft for more than two decades. functionality to boost uptake? Center products together—and selling She is author of the book, “Microsoft 4. Windows Phone: There allegedly them as a suite, instead of piecemeal. 2.0” (John Wiley & Sons, May 2008), are two updates (minor and major) to 8. Xbox Next: Will it be a whole new which examines what’s next for Microsoft the mobile OS coming in 2012: “Tango” console or just a new model of Xbox 360 in the post-Gates era.

32 | January 2012 | Redmond | Redmondmag.com | Virtual platform disk optimizer™

Your virtual platforms should be running a lot faster – and costing less! You can’t achieve the cost and storage effi ciency virtualization promises if the data on your VMs is not optimized. You get slow performance and bloated disk space. V-locity® 3 virtual platform disk optimizer prevents I/O bottlenecks with new technology and automatically increases read/write speeds by 35% or more.

Benefi ts V-locity UÊÊ>ÃÌiÀÊ6 ÊEÊœÃÌÊÉ"ÊÌ ÀœÕ} «ÕÌ UʘVÀi>Ãi`Ê >À`Ü>Àiʏˆvi UÊʺ-iÌÊÌÊ>˜`ÊœÀ}iÌÊÌ»® operation UʘVÀi>Ãi`Ê«>ÌvœÀ“ÊÀiˆ>LˆˆÌÞ delivers: UÊœÜiÀʜ«iÀ>̈˜}ÊVœÃÌà UʘVÀi>Ãi`Ê6 Ê`i˜ÃˆÌÞ UÊÊ"«Ìˆ“ˆâi`Ê6 ÊÀiÜÕÀViÊÕÃ>}i UÊ

Virtualization is about greater economy and consolidation. V-locity 3 ensures you get it.

Try it FREE for a month at: www.v-locity.com/RM1 or call us at 1-800-829-6468

Innovators in Performance and © 2012 Diskeeper Corporation. All Rights Reserved. Reliability Technologies®

Untitled-1 1 12/9/11 11:04 AM we’re not just making servers. we’re making

server history. party products belong to the companies that own them. k&LVFR6\VWHPV,QF$OOULJKWVUHVHUYHG$OOWKLUG

While innovation comes rapidly in the IT industry, basic server architectures haven’t changed for decades. That’s why Cisco answered the need for innovation by introducing the Cisco Unified Computing System — which integrates compute, high-speed networking, storage access and virtualization in one system. Since its introduction, IT departments have dramatically reduced data center complexity while:

Ȥ /RZHULQJRSHUDWLQJFRVWVE\XSWR Ȥ 5HGXFLQJ0LFURVRIWGHSOR\PHQWWLPHVIURPZHHNV to minutes

Ȥ +DUQHVVLQJWKHSRZHURIWKH8&6DUFKLWHFWXUHIRU 0LFURVRIW:LQGRZ6HUYHUDQG([FKDQJH6KDUH3RLQW DQG64/6HUYHUGHSOR\PHQWV

The Cisco Unified Computing System, powered by intelligent Intel® Xeon® processors, signals the next evolution of the data center — where everything, and everyone, works together like never before.

Find out more at www.cisco.com/go/microsoft

Untitled-2 1 10/19/11 1:59 PM