This session will explore Windows 7 manageability features for increased automation, reducing help desk calls, and flexible administrator control. We will discuss how Windows Powershell V2.0 automates desktop administrative activities to improve productivity and how Group Policy and Group Policy Preferences enhancements and Applocker make it easier and more flexible for IT Professionals to manage desktop systems. Then we will discuss improvements to desktop auditing to monitor system changes and improvements in system restore capabilities. Finally, we will discuss Support tools such as built-in Windows Troubleshooting Packs, Problem Steps Recorder capabilities, Windows Recovery Environment, Startup Repair tool, Resource Monitor that provides detailed resource utilization, and Reliability Monitor that includes more robust capabilities to help identify and solve system issues.
12. Configure power options in Group Policy Preferences Configure folder options in Group Policy Preferences Configure scheduled tasks in Group Policy Preferences Demonstration: Configuring Group Policy
44. Improved Command-Line Shell and Scripting Language Improves productivity and control Accelerates automation of system administration Easy-to-use Works with existing scripts Community model New Features Integration Microsoft Active Directory® Administration Center Internet Information Server (IIS) Power management One-to-many remote management using WS-MGMT Graphical Windows PowerShell Improved security Portability New cmdlets Remote Execution Capability Windows PowerShell 2.0
45. Improved Command-Line Shell and Scripting Language Improves productivity and control Accelerates automation of system administration Easy-to-use Works with existing scripts Community model New Features Integration Microsoft Active Directory® Administration Center Internet Information Server (IIS) Power management One-to-many remote management using WS-MGMT Graphical Windows PowerShell Improved security Portability New cmdlets Remote Execution Capability Windows PowerShell 2.0 - Notes
73. Where to Find More Information? Visit TechNet at technet.microsoft.com Also check out TechNet Edge edge.technet.com Or just visit http://go.microsoft.com/?linkid=9662638 for additional information on this session.
74. For the more titles, visit http://go.microsoft.com/?linkid=000000 Supporting Publications For the more titles, visit http://go.microsoft.com/?linkid=9662638
75. For more training information http://go.microsoft.com/?linkid=9662638 Training Resources
76. Become a Microsoft Certified Professional What are MCP certifications? Validation in performing critical IT functions. Why Certify? WW recognition of skills gained via experience. More effective deployments with reduced costs What Certifications are there for IT Pros? MCTS, MCITP. www.microsoft.com/certification
77. Microsoft TechNet Plus TechNet Plus is an essential premium web-enabled and live support resource that provides IT Professionals with fast and easy access to Microsoft experts, software and technical information, enhancing IT productivity, control and planning. Evaluate & Learn Plan & Deploy Support & Maintain 2 complimentaryProfessional Support incidents for use 24/7 (20% discount on additional incidents) Access over 100 managed newsgroups and get next business day response--guaranteed Use the TechNet Library to maintain your IT environment with security updates, service packs and utilities Use the TechNet Library to plan for deployment using the Knowledge Base, resource kits, and technical training Use exclusive tools like System Center Capacity Planner to accurately plan for and deploy Exchange Server and System Center Operations Manager Evaluate full versions of all Microsoft commercial software for evaluation—without time limits. This includes all client, server and Office applications. Try out all the latest betas before public release Keep your skills current with quarterly training resources including select Microsoft E-Learning courses Get all these resources and more with a TechNet Plus subscription. For more information visit: technet.microsoft.com/subscriptions
80. Session Credits Author: Christopher Knaus Editor: Resources Online MS Producer: Alan Le Marquand Technical Specialists [Reviewer 1] [Reviewer 2] Microsoft Reviewers
Hinweis der Redaktion
Slide Title: FeedbackKeywords: Key Message: Slide Builds: 0Slide Script: We appreciate hearing from you. To send your feedback, click the following link and type your comments in the message body. Slide Comment: To Send feedback on this slide, use the hyperlink on the feedback slide at the start and end of this deck.Additional Information:
Slide Title: Demonstration EnvironmentKeywords: Key Message: Describe the demonstration environment being used.Slide Builds: 0Slide Script: The presenter’s demonstration computer will contain 2 virtual machines. The virtual machines will be able to communicate with each other, but will not be able to communicate with the Internet, or with other host computers or the virtual machines running on them. The following is a network diagram of the computers used in this session.Slide Transition: Our first demonstration is Configuring Group PolicySlide Comment: To Send feedback on this slide, use the hyperlink on the feedback slide at the start and end of this deck.Additional Information:
To configure AppLocker:First you need to configure rule enforcement. The default setting is to Enforce rules but allow the settings to be overridden; however, you need to change this to Enforce rules. This setting will need to be changed on each set of AppLocker rules you wish to enforce. The three types of rules are Executable rules, Windows Installer rules, and Script rules.AppLocker includes default rules that you can generate to allow parts of the operating system to run. For executable rules, three default rules are created. The first default rule allows everyone to execute programs in the Program Files folder. The next default rule allows everyone to execute programs in the Windows folder. The last default rule allows local Administrators to execute all programs. You can choose to keep all these default rules or you can delete rules that may interfere with new rules you want to create in your organization. For example, if you only wanted to allow certain programs in the Program Files folder to run, you would delete the default rule for the Program Files folder and create new rules to only allow the programs to want to run. Windows Installer rules and Script rules also have default rules you can create.After you create a new rule, you need to ensure the Application Identity Service is running. If this service is not running, AppLocker will not enforce rules.To create a new rule:There are three types of rules you can create using AppLocker: Publisher rule, Path rule, and File Hash rule. Publisher rules make it possible to build rules that survive application updates by being able to specify attributes such as the version of an application. For example, an organization can create a rule to “allow all versions greater than 9.0 of the program Acrobat Reader to run if it is signed by the software publisher Adobe.” Now when Adobe updates Acrobat, you can safely push out the application update without having to build another rule for the new version of the application. Path rules allow you to create a rule for a specific file or folder path. You can use the file hash option to create a rule for an application that is not signed.
To create a Publisher rule, you need to browse for a signed file to use as a reference for the rule. Once the reference file is selected, the properties will be automatically populated. You can modify these properties according to how you wish to create the rule. In addition, you can create exceptions to the rule. For example, if you wish to create a Publisher rule that will allow users to run Microsoft Office 2007, except you don’t want them to be able to run Microsoft PowerPoint 2007, you would create an exception for PowerPoint.Slide Transition: Let’s move on to our next agenda item.Slide Comment: To Send feedback on this slide, use the hyperlink on the feedback slide at the start and end of this deck.Additional Information: http://www.microsoft.com/downloads/details.aspx?FamilyID=7a919629-4d8b-43c5-8115-78bc30a187c2&DisplayLang=en
Slide Title: Windows PowerShell 2.0Keywords: Windows PowerShell 2.0Key Message: Windows PowerShell 2.0 is new in WS08R2.Slide Builds: 0Slide Script: The Microsoft Windows PowerShell command-line shell and scripting language helps IT professionals automate common tasks. Using a new admin-focused scripting language, more than 120 standard command-line tools, and consistent syntax and utilities, Windows PowerShell allows IT professionals to more easily manage system administration and to accelerate automation. Windows PowerShell is easy to adopt and use, because it works with the existing IT infrastructure and existing script investments. It allows users to automate server management and administration tasks and the deployment of server roles, such as Terminal Server.Managing systems can be a complex endeavor, and tools that have a consistent interface help to control the inherent complexity of the process. The consistency of Windows PowerShell commands and syntax is one of its primary assets, reducing the time need to complete administrative tasks and write scripts. Windows PowerShell integrates the command-line shell and scripting language to allow administrators to more efficiently complete and automate system administration tasks. Windows PowerShell improves upon the Windows Command Prompt and Windows Script Host (WSH) by providing cmdlets (command-line tools) that have the exact same syntax as the scripting language. The command that is typed in the Windows PowerShell command prompt is the same command that would be used in a script for automating the task across multiple servers.
Windows PowerShell 2.0 now has remoting. You type a command on your computer, then that command is transmitted via WinRM and the SOAP protocol to the remote machine. These transmissions are encrypted and secure. In return, a new instance of Windows PowerShell is instantiated on the remote computer. The command you issued runs on the remote machine, then the output is sent back to your computer. In other words, remoting involves a “conversation” between two instances of Windows PowerShell: one on your computer, one on the remote computer. It is important to note that all the computers involved in a Windows PowerShell remoting session must have both Windows PowerShell 2.0 and WinRM installed.Slide Transition: One can script Group Policy using PowerShell 2.0.Slide Comment: To Send feedback on this slide, use the hyperlink on the feedback slide at the start and end of this deck.Additional Information: Windows PowerShell 2.0 CTP http://www.microsoft.com/technet/scriptcenter/topics/winpsh/newin2.mspx
Slide Title: Scripting Group PolicyKeywords: PowerShell, group policyKey Message: One can script group policy.Slide Builds: 0Slide Script: Windows PowerShell is a Windows command-line shell and scripting language that you can use to automate many of the same tasks that you perform in the user interface by using the Group Policy Management Console or GPMC. To help you perform these tasks, Group Policy in Windows 7 provides more than 25 cmdlets. Each cmdlet is a simple, single-function command-line tool.You can use the Group Policy cmdlets to perform the following tasks for domain-based Group Policy objects or GPOs:Maintaining GPOs: GPO creation, removal, backup, and import.Associating GPOs with Active Directory® containers: Group Policy link creation, update, and removal.Setting inheritance flags and permissions on Active Directory organizational units (OUs) and domains.Configuring registry-based policy settings and Group Policy Preferences Registry settings: Update, retrieval, and removal.Creating and editing Starter GPOs.Slide Transition: Now we will demonstrate this and other uses of Windows PowerShell 2.0.Slide Comment: To Send feedback on this slide, use the hyperlink on the feedback slide at the start and end of this deck.Additional Information:
Slide Title: Support ToolsKeywords: System RestoreKey Message: Windows 7 has a number of improvements in system restore.Slide Builds: 4Slide Script: Windows Vista introduced the Reliability Monitor, a tool that provides a timeline of system events that correlate with the overall stability of the PC. With Windows 7, Reliability Monitor is now integrated with Problem Reports and Solutions to better correlate system changes, events, and potential resolutions. Windows 7 also enhances Reliability Monitor by exposing the reliability data via the Windows Management Interface (WMI). Using WMI, you can gather reliability data remotely and process it using PowerShell scripts and WMI-related cmdlets. Now, IT professionals can leverage WMI to centrally collect or inspect the reliability of Windows 7 computers throughout the network, either proactively or during a support call. [BUILD1] Windows 7 includes an enhanced version of Resource Monitor, which provides this sort of detailed resource utilization information on a process-by-process basis. One can use Resource Monitor to view:Which processes are using the most processor time and memoryWhich services are hosted within a SvcHost.exe process Which handles (including devices, registry keys, and files) a process is accessing Which modules (including DLLs) a process is accessing Which processes are reading and writing the most data to the diskHow much network data each process is sending and receiving Which processes are listening for incoming network connections or have network connections open How much memory each process is using
[BUILD2] To help users easily resolve startup problems, Windows Vista introduced two tools—the Windows Recovery Environment and the Startup Repair tool. Users or IT professionals can start Windows RE by booting a computer from the Windows Vista DVD. The tools included with Windows RE can often automatically fix startup problems, requiring no troubleshooting from the IT professional. Like Windows Vista, Windows 7 includes Windows RE, including improved versions of the system recovery tools. The most significant improvement is that Windows RE is automatically installed on the local hard disk as part of the Windows 7 setup, ensuring that the tools are available even if the Windows 7 DVD is not.[BUILD3] Windows Vista included Windows System Restore to store “snapshots” of the system on the local hard drive, either at regular intervals or to a point before the system updates or application/device driver installations were downloaded. These earlier versions of Windows made it difficult for users or IT professional to determine which components would be affected by restoring to a System Restore point. With Windows 7, the user or IT professional can view a list of software changes before rolling Windows 7 back to an earlier state. By offering a more complete explanation of a System Restore outcome, such as removing an application that should be preserved, an IT professional can choose a different restore point or make certain to reinstall the application afterward. [BUILD4] For those problems that still require a call to the support center, Windows 7 enables IT professionals to quickly diagnose and solve problems. Anyone who has struggled to reproduce the problem a user describes will appreciate the Problem Steps Recorder, which captures click-by-click screenshots showing what user actions led to the problem.Slide Transition: Let’s explore the Problem Steps Recorder in more detail.Slide Comment: To Send feedback on this slide, use the hyperlink on the feedback slide at the start and end of this deck.Additional Information: http://technet.microsoft.com/en-us/library/cc766048.aspx
Slide Title: Problem Steps RecorderKeywords: Problem Steps RecorderKey Message: Problem Steps RecorderSlide Builds: 0Slide Script: Typically, the most complicated aspect of troubleshooting is reproducing the conditions that demonstrate a problem, especially if the affected user is working remotely or communicating by telephone. If IT can’t reproduce a user’s problem, they can’t easily diagnose its source. The Windows 7’solution to this impasse is the Problem Steps Recorder. Users simply run the recorder to log the steps taken when an reproducible problem occurs. Users click Start Record, reproduce the problem, enter comments where appropriate, click Stop Record, and then send the recording via e-mail or share to their IT professional. Every time a user clicks or types, a screenshot of the action is recorded, along with accompanying logs and software configuration data. Users’ text comments to describe something happening on the computer that isn’t recorded—for example, poor responsiveness or excessive paging—are also captured.The Problem Steps Recorder creates a .MHT file (a type of HTML document that includes images in a single file) compressed in a zip archive. The IT professional can open the .MHT file to view screenshots and get an exact description of the user’s actions.The Problem Steps Recorder can save the IT professional a significant amount of time. Furthermore, it helps overcome language barriers, allowing IT professionals to diagnose problems regardless of language differencesSlide Transition: Windows 7 includes 20 built-in Troubleshooting Packs that address more than 100 root causes of problems.Slide Comment: To Send feedback on this slide, use the hyperlink on the feedback slide at the start and end of this deck.Additional Information: http://technet.microsoft.com/en-us/library/cc766048.aspx
Slide Title: Windows Troubleshooting PacksKeywords: System RestoreKey Message: Windows 7 has a number of improvements in system restore.Slide Builds: 0Slide Script: Windows Troubleshooting Packs are a collection of PowerShell scripts that attempt to diagnose a problem and, if possible, solve the problem with the user’s approval. Troubleshooting Packs can also perform ongoing maintenance of a specific feature. Microsoft designed the Troubleshooting Packs to correlate to the top 10 categories of Microsoft support calls, including Power Efficiency, Application Compatibility, Networking, and Sound. A Direct Access Troubleshooting Pack is available in Windows 7 as well. Troubleshooting Packs can diagnose complex problems, including those caused by multiple conditions, and prompt the user with tips on how to resolve each of them. Troubleshooting can be manually initiated by users from the Help and Support Center or from the Action Center. Troubleshooting can also be initiated from within applications, allowing organizations to design Windows 7 diagnostic tools as a feature of their line-of-business applications. IT professionals can execute Troubleshooting Packs remotely and use Group Policy settings to limit users to diagnosing, but not fixing, problems. IT Professionals can also run Troubleshooting Packs on a scheduled basis to automate maintenance. Like applications, Troubleshooting Packs can be signed using a certificate issued by a trusted Certification Authority (CA). Administrators can then use Group Policy settings to run Troubleshooting Packs only from trusted publishers. Troubleshooting Packs can be distributed to local computers, published on an intranet Web site, or stored on a shared folder.
The Windows Troubleshooting Pack Builder is a development kit, included with the Windows Software Development Kit (SDK), that includes a graphical tool for IT professionals and developers building Windows Troubleshooting Packs. The toolkit simplifies adding Troubleshooting Pack metadata and links to the PowerShell Integrated Scripting Environment for authoring detection, resolution, and verification scripts. Because PowerShell is so powerful, you can examine and configure almost any element of the Windows and application environment. You can deploy troubleshooting packages, using Group Policy Preferences to copy them to the local hard drive, or simply store then on a central file server.Slide Transition: Let’ s demonstrate some of the tools we’ve been discussing.Slide Comment: To Send feedback on this slide, use the hyperlink on the feedback slide at the start and end of this deck.Additional Information: http://technet.microsoft.com/en-us/library/cc766048.aspx
Slide Title: Monitor System ChangesKeywords: AuditKey Message: Windows 7 has enhanced auditing features.Slide Builds: 0Slide Script: Audit enhancements start with a simplified management approach for audit configurations and end by providing even greater visibility into what occurs in your organization. For example, Windows 7 provides greater insight into understanding exactly why someone has access to specific information, why someone was denied access to specific information, and all of the changes made by specific people or groups. In previous versions of Windows, detailed auditing could only be configured using scripts. With Windows 7, you can use Group Policy settings to enable auditing for subcategories. This auditing is designed to assist organizations in meeting regulatory and business requirements. IT professionals can also use Group Policy settings to configure which files, registry keys, and other objects will be audited. With previous versions of Windows, IT professionals had to manually configure resource auditing or write scripts that enabled auditing and run them on every computer. Slide Transition: There have been a number of improvements to system restore in Windows 7.Slide Comment: To Send feedback on this slide, use the hyperlink on the feedback slide at the start and end of this deck.Additional Information: http://technet.microsoft.com/en-us/library/dd443489.aspx
Slide Title: Improvements in System RestoreKeywords: System RestoreKey Message: Windows 7 has a number of improvements in system restore.Slide Builds: 2Slide Script: Windows Vista included Windows System Restore to store “snapshots” of the system on the local hard drive, either at regular intervals or to a point before the system updates or application/device driver installations were downloaded. With Windows 7, the user or IT professional can view a list of software changes, based on applications listed in Add/Remove Programs, before rolling Windows 7 back to an earlier state. By offering a more complete explanation of a System Restore outcome, such as removing an application that should be preserved, an IT professional can choose a different restore point or make certain to reinstall the application afterward. [BUILD1]In Windows 7, restore points will also be available from system images created by the end users, allowing System Restore to roll-back to a point further back in time than the local System Restore storage would allow. In other words, backups to external hard disks can be used for restore points, too.[BUILD2]After selecting the desired restore point, System Restore will perform the steps to restore the computer to that restore point.Like many other aspects of Windows 7, System Restore enables IT professionals to be more effective and productive through the use of PowerShell. PowerShell can create a System Restore point or restore a computer to a System Restore point, even remotely.
Therefore, while on a support call, IT professionals can connect to a computer from across the network and create a System Restore point before making any changes that might negatively affect the computer’s stability. Scripts that perform troubleshooting or configuration tasks can automatically create a System Restore point to allow changes to be easily restored. Finally, an IT professional could use a PowerShell script to restore a computer to an earlier System Restore point, even across the network.Slide Transition: We will now demonstrate the system recovery options.Slide Comment: To Send feedback on this slide, use the hyperlink on the feedback slide at the start and end of this deck.Additional Information: http://technet.microsoft.com/en-us/library/cc766048.aspx
Slide Title: TechNet Plus Direct SubscriptionKeywords: Technet, Subscription, Plus, Direct, BenefitsKey Message: TechNet Plus has some new benefits.Slide Builds: 0Slide Script: TechNet Plus is an essential premium web-enabled and live support resource that provides IT Professionals with fast and easy access to Microsoft experts, software and technical information, enhancing IT productivity, control and planning.With convenient access to all these resources in one online location, TechNet Plus provides what you need to help you:Evaluate products & learn new skillsPlan for & deploy new technologiesAnd support & maintain your IT environmentFor evaluation and learning you get access to all Microsoft full-version software for evaluation without time limits. This includes Microsoft Server, Client, and Application software titles. With full-version software, you can make informed decisions about new technologies at your own pace.You also receive access to the latest betas before public release. Be the first to try out the latest pre-release versions of Microsoft operating systems, servers and business applications.TechNet Plus also offers quarterly training resources including select Microsoft E-Learning courses for free so you can keep your skills current, prepare for a certification exam or get ready for a specific project.For planning and deployment the TechNet Library includes resources to help you plan for and deploy new technologies in your IT environment including a complete Knowledge Base, resource kits, utilities and technical training.You also get exclusive tools like System Center Capacity Planner to accurately plan for and deploy Exchange Server and System Center Operations Manager.For support and maintenance TechNet Plus comes with two complimentary Professional Support incidents. You can talk to a Microsoft Support Professional to quickly resolve your mission-critical technical issues fast.TechNet Plus also provides access to over 100 Managed Newsgroups. You can exchange ideas with other professionals and get expert answers to your technical questions within the next business day — guaranteed.You also get access to TechNet Library resources to help you support and maintain your IT environment including security updates and service packs.TechNet Plus offers proven value that far exceeds its cost. The two complimentary Professional Support incidents alone more than offset the cost of a TechNet Plus subscription. Add to that the evaluation and beta software and other technical resources, and TechNet Plus clearly boosts productivity. Every IT Professional on the team needs one.For more information or to purchase a TechNet Plus subscription, please visit: technet.microsoft.com/subscriptions.Slide Transition: Thank you for attending this TechNet event and we hope that you enjoyed learning about the new Microsoft Technologies.Slide Comment: To Send feedback on this slide, use the hyperlink on the feedback slide at the start and end of this deck.Additional Information: technet.microsoft.com/subscriptions
Slide Title: FeedbackKeywords: Key Message: Slide Builds: 0Slide Script: We appreciate hearing from you. To send your feedback, click the following link and type your comments in the message body. Slide Comment: To Send feedback on this slide, use the hyperlink on the feedback slide at the start and end of this deck.Additional Information: