Monthly Archives: September 2012

You are browsing the site archives by month.

So how do we license that thing?

So how do we LICENSE that HyperV replica.


Good question…. that everyone seems to be tap dancing around and not answering.


For the children, it appears that you do not need to purchase two licenses — but I’m going to bet that you will need cold server rights in order to make this legal. 


http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/1dd6e719-7693-4a41-bed7-f2e415a91943


“According to Microsoft licensing policy you can do failover with Hyper-V replica so you don’t need to buy TWO licenses for VM for primary and secondary site. But you cannot run both of them @ the same time. “


Now how do you license the HyperV parents.  Now you can use the non gui HyperV core.  But I’ll be dead honest and say that even with an annoying Metro interface with swipes and charms, I’m just still way more comfy with GUI.  Now my question is…. could you as a partner – buy Server 2012 standard for your clients, install what you want to, then for your license for the parent to get a full GUI – can you buy a Server 2012 via SPLA and SPLA license the replicating parent?


And I really hate it when the answer in the forum flagged as an answer is “call Microsoft licensing”.  Gahhh… can’t this be stated in black and white in a document please?


http://www.aidanfinn.com/?p=11419 and I’m going to disagree with the really good blogger of Aidan Finn in this case where he says “One of the cheapest around and great for the SMB is replication by System Center Data Protection Manager 2010.”…. I don’t think it’s cheap enough for the SMB space I’m thinking of.

Want to know how to set up replica?

Check out Boon's post:

How to set up Hyper-V Replica for Small Businesses | PowerBiz Solutions:
http://blog.powerbiz.net.au/hyperv/how-to-set-up-hyper-v-replica-for-small-businesses/

Getting a bit of a wired connection where there was none

Amazon.com: Western Digital WD Livewire Powerline AV Network Kit: Electronics:
http://www.amazon.com/Western-Digital-Livewire-Powerline-Network/dp/B003VWY0VY
Western Digital WD Livewire Powerline AV Network Kit Review – Watch CNET’s Video Review#!:
http://reviews.cnet.com/bridges/western-digital-wd-livewire/4505-3304_7-34161837.html#!

So I have my cable modem installed upstairs and wanted a wired connection downstairs.  While there is an ethernet jack on the back of the Motorola digital set top box downstairs, it’s not a live ethernet connection.


So I ordered a Western Digital WD Livewire and voila, my problem is solved.  I now have a wired connection downstairs that connects to a computer so I can watch streaming computer stuff on the TV.


 

Connecting Win8 to SBS 2008 after the install of the latest update rollup

Couple of tips to get the Windows 8 to connect to the server using the connect wizard.


1.  Don’t use the metro browser to connect computers to the server, use the traditional old fashioned IE 10.



2.  You’ll need to enable .net 3.5 to get it to work



3.  Go into programs and features and click on the .net 3.5 button



4. Make sure your Win8 has an internet connection as it has to download .net 3.5



5.  Add connect as a trusted site (seems to work better that way)



It should now see the win8 as a connect-able machine (this is on SBS 2008 where it offers up the “Vista” page on connect.  You’ll see Launcher.exe be offered up.


Hit the UAC prompt



And you should be on your way…

Update rollup for SBS 2008 and SBS 2011

Update Rollup 3 for Windows Small Business Server 2011 Standard and Update Rollup 6 for Windows Small Business Server 2008 Available Now – The Windows Server Essentials and Small Business Server Blog – Site Home – TechNet Blogs:
http://blogs.technet.com/b/sbs/archive/2012/09/25/update-rollup-3-for-windows-small-business-server-2011-standard-and-update-rollup-6-for-windows-small-business-server-2008-available-now.aspx

Do you need these update rollups right away?


If you have SBS 2008 – only if you need Windows 8 deployed.


Description of Windows Small Business Server 2008 Update Rollup 6:
http://support.microsoft.com/kb/2729101

And don’t forget you also need KB2734608 on the box to support Windows 8 in WSUS and see this post –


Additional note on KB 2734608 regarding WSUS, Windows 8 and Windows Server 2012 – The WSUS Support Team Blog – Site Home – TechNet Blogs:
http://blogs.technet.com/b/sus/archive/2012/09/05/additional-note-on-kb-2734608-regarding-wsu-windows-8-and-windows-server-2012.aspx


=====


For SBS 2011


Read the details of the KB:


Update Rollup 3 for Windows Small Business Server 2011 Standard is available:
http://support.microsoft.com/kb/2729100

Items 1-3 are for Windows 8 deployment


Items 4-7 see if you need these sooner versus later.


And don’t forget you’ll need KB2734608 on that box as well.

EMET part three – doing the startup script

http://technet.microsoft.com/en-us/library/cc779329(v=WS.10).aspx


Following this… we build a start up script for our EMET to take effect



Group Policy object/Computer Configuration/Policies/Windows Settings/Scripts (Startup/Shutdown)


Pick Startup


  1. In the details pane, double-click Startup.
  2. In the Startup Properties dialog box, click Add.
  3. In the Add a Script dialog box, do the following:

    • In Script Name, type the path to the script, or click Browse to search for the script file in the Netlogon shared folder on the domain controller.

I just clicked on new text file and wrote this in notepad and saved the file as EMETstart.bat


The location of the emet_conf.exe file is in Program Files (x86) in a 64bit machine, the folder is called EMET (Tech Preview)


Save the file as a .bat file



Browse to our saved script



And the result looks like this



And the group policy script section like that.



Now let’s reboot my PC and see if this worked… I have it set to just apply to my workstation at this point in time.


More good reading here while we’re waiting for a reboot — http://rationallyparanoid.com/articles/microsoft-emet-3.html

Another way to do EMET

If you want another way to deploy EMET sign up for this “mid market” techtarget journal and see how they do it:


Buffer overflow prevention: Add apps to Microsoft EMET with command line configuration:
http://searchmidmarketsecurity.techtarget.com/tip/Buffer-overflow-prevention-Add-apps-to-Microsoft-EMET-with-command-line-configuration

EMET part two – setting up the group policy files

So we’ve installed EMET on one computer.  We then take the EMET files from the following subdirectory



 


And we place them in the following directory up on our server


The EMET.admx file goes in c:\Windows\PolicyDefinitions folder



The EMET.adml goes in the c:\windows\policydefinitions\en-us



Now we go into Group policy console and find our EMET settings.


Launch group policy management.  Now go to the top of the group policy structure, right mouse click on the domain name and click on “Create a GPO in this domain, and link it here”.  Call the GPO EMET so you know what it is.  Click OK.  Right mouse click on EMET that built itself in your group policy listing and click edit.


Drill down under Computer configuration



 


On mine set up at home I specifically added iexplore.exe application to the EMET protection.



System wide I opted into DEP, SEHOP and ASLR



So lets see if we can do likewise via group policy.


The first group policy setting is ASLR


Let’s set it to enabled and application opt in



Let’s skip over application settings for a moment and hop over to DEP


Let’s set that for DEP always on



Let’s hop over the SEHOP



Let’s set that to application opt out.


Now let’s choose the default protection for Internet explorer



Now the next step is you have to deploy the EMET package to all the workstations you want covered by this.


Because it’s a MSI download – you can follow this – http://www.advancedinstaller.com/user-guide/tutorial-gpo.html 


The final step to enable the settings I just set up is that you have to run the EMET command line tool and type in EMET_Conf –refresh


You can run this command at startup or logon time.


hmmmm okay is there a better way to do that other than to do a logon script – which I really don’t want to do in the Vista and later era?


Hang on for part three of EMET via group policy.


 

Active Directory videos from TechEd AU

What’s New in Active Directory in Windows Server 2012 | TechEd Australia 2012 | Channel 9:
http://channel9.msdn.com/Events/TechEd/Australia/2012/WSV312

What you Need to Know to Successfully Recover Active Directory | TechEd Australia 2012 | Channel 9:
http://channel9.msdn.com/Events/TechEd/Australia/2012/WSV326a

Exchange 2013 videos from TechEd AU

Exchange Server 2013 Architecture Deep Dive | TechEd Australia 2012 | Channel 9:
http://channel9.msdn.com/Events/TechEd/Australia/2012/EXL311

The New Exchange – Archiving and Compliance | TechEd Australia 2012 | Channel 9:
http://channel9.msdn.com/Events/TechEd/Australia/2012/EXL333

Exchange Server 2013 High Availability and Site Resilience | TechEd Australia 2012 | Channel 9:
http://channel9.msdn.com/Events/TechEd/Australia/2012/EXL315