Hi all
I would to thanks Mark Minasi for this tool, below a brief description and the link to entire article...

Vista includes a new notion of what were originally called "Mandatory Integrity Controls" but eventually became "Windows Integrity Controls." Under WIC, every object that have permission can also have a label that identifies its "integrity level." There are six integrity levels, from highest trustworthiness to lowest:
Trusted Installer
System (operating system processes)
High (administrators)
Medium (non-administrators)
Low (temporary Internet files)
Untrusted

Files and folders have integrity levels, as do users and processes.   What good are these "trustworthiness levels?"  Well, they act as a kind of second level of Windows permissions.  When a lower-integrity user tries to modify a higher-integrity object, then Windows integrity controls blocks the modification attempt, and blocks it even if the object's permissions list contains a "full control" permission for that user.  It is, thus, a sort of set of uber-permissions, albeit a simple one.

Read all article HERE

Summary

Today, numerous Microsoft customers deploy WINS technology and servers in their environment. WINS is an alternative name resolution protocol to DNS. It is an older service that uses NetBIOS over TCP/IP (NetBT). WINS and NetBT do not support IPv6 protocols and both are entering legacy mode for Longhorn.

 

 

To help customers migrate to DNS for all name resolution the DNS Server role in Windows Server 2008 supports a special GlobalNames Zone (GNZ) feature. Some customers in particular require the ability to have the static, global records with single-label names that WINS currently provides. These single-label names typically refer to records for important, well-known and widely-used servers for the company, servers that are already assigned static IP addresses and are currently managed by IT-administrators using WINS. GNZ is designed to enable the resolution of these single-label, static, global names for servers using DNS.

 

 

GNZ is intended to aide retirement of WINS. It is not a replacement for WINS. GNZ is not intended to support the single-label name resolution of records that are dynamically registered in WINS, records which typically are not managed by IT administrators. Support for these dynamically registered records is not scalable, especially for larger customers with multiple domains and/or forests.

 

 

This Microsoft deployment guide is designed to help customers understand how to deploy the GlobalNames Zone in a variety of scenarios.

 

 

What happened to the SGbrowser account? 

 

 

In previous releases of Application Virtualization, we required admins to specify an SGBrowser account during install of the server.  This account was used to READ Active Directory (AD) and resolve security groups on behalf of the user installing the Application Virtualization server.  In 4.5, we remove this limitation and no longer require this account since we’re now using Windows Integrated Authentication.

Read all article here

 

 

Earlier than expected, Microsoft has introduced Dynamic Suiting (interaction between separate bubbles) in the public beta release of version 4.5. It is fairly easy to allow two applications to interact with each other. The only thing you’ll need to do is to edit the OSD-file of the application that you want to allow to interact with another bubble. For example, you want to allow the application front-end to interact with middleware. Open the OSD-file of the Front-end application with a text-editor and add these lines: <VIRTUALENV TERMINATECHILDREN="FALSE">

 

 

<POLICIES>

 

 

</POLICIES>

 

 

<DEPENDENCIES>

 

 

<CODEBASE HREF="RTSP://%SFT_SOFTGRIDSERVER%:554/midware/midware.sft" GUID="06DCD3EF-1D70-4282-A117-2241BE970C27" SYSGUARDFILE="midwareosguard.cp" MANDATORY="TRUE"/>

 

 

</DEPENDENCIES>

 

 

<ENVLIST/>

 

 

</VIRTUALENV> The CODEBASE element can be copied from the middleware-OSD you want to use. All you need is the REF, GUID and SYSGUARDFILE from the middleware OSD and the additional MANDATORY=”TRUE” setting. Note: don’t confuse the <DEPENDENCIES> tag with the older <DEPENDENCY> tag. Now import the edited OSD in your VAS-server and refresh your 4.5-client (note: dynamic suiting will only work as of client version 4.5). When you launch the front-end application, the middleware bubble as defined in the OSD-file, will also be launched and interaction between the two will work like a charm. It is only possible to allow interaction between bubbles on one level. If you’d edit the OSD-file of a third application to allow access to the front-end bubble, this third application will not have access to the middleware bubble. It will be able to interact with the front-end bubble though. It is also possible to allow more than one application to interact with the same middleware bubble. This provides for several front-end applications to use the same middleware package. The Dynamic Suiting feature is great news for all of you that have been struggling with middleware. Softgrid retains its position ahead of all competitors in the market, being the only true virtualization solution that offers virtualization of services and interaction between separate virtual environments. As usual, there are some downsides as well. Administration of bubble interaction is most likely going to be your biggest nightmare. Nowhere, except in the OSD-files of application using middleware, you’ll be able to find which applications are allowed to interact with other applications. This isn’t a big problem if you have a limited number of applications, but you can imagine that it can cause severe headaches if you have several hundreds of applications, using all kinds of middleware. Microsoft has not planned for any administration tool to address this. Another possible problem is conflicts. The default behavior of interacting bubbles is that the launched front-end application precedes over the used middleware. If you have two versions of the same DLL, the version in the front-end application will ‘win’. This avoids technical conflicts, but it can introduce other issues if certain functionality needed in the (possibly newer) DLL in the middleware application is required. This scenario re-introduces regression testing, something we were happy to get rid of with Softgrid in the first place. The really good news is that you don’t need to re-sequence your existing applications: all you need to do is to edit the OSD-files to allow interaction. This of course saves you and your customers a lot of time!

 thank you Rodney Medina from Softgridblog.com (MVP Microsoft Softgrid)

 

Microsoft launches the first beta of its upcoming hypervisor Hyper-V (formerly codename Viridian / Windows Server Virtualization).  

Microsoft the first beta of its upcoming hypervisor Hyper-V (formerly codename Viridian / Windows Server Virtualization).  

 

This first beta, initially planned for the end of this year, was later postponed to February 2008, in sync with the global launch of Windows Server 2008 (formerly codename Longhorn). But Microsoft put a great effort to launch the beta ahead of time and disturb the VMware launch of VI 3.5.

 

 

The new build unlocks several critical features customers were looking for:

 

 

• Quick Migration and support for host-level HA (up to 16 nodes)

   

• Out-of-the-box integration with Windows Server 2008 Server Manager (no more separate installation)

   

• Support for Windows Server Core edition (allowing a smaller hypervisor footprint)

   

• Support for Volume Shadow Service (VSS) (which implies capability to perform VMs live backup at host level)

   

• Support for 64GB virtual RAM per VM

   

• Support for multiple virtual NICs per VM

   

• Support for 4 virtual SCSI controller per VM

   

• Replacement of the S3 emulated video card with a generic VESA

   

• Integration of VHD manipulation tools

   

With this beta Microsoft is providing support for Windows Server 2003 and 2008 guest OS, as well as Novell Linux guests.

 

 

Once again Hyper-V is directly included into Windows Server 2008 code, this time inside the Release Candidate 1 (Enterprise Edition, 64bit only).

 

 

Enlightments for Linux guest OS instead are available through a separate beta program on Connect.

 

 

Thank you to Mike Laverick for this article...

Right after the release of VMware Infrastructure 3.5, Mike Laverick publishes a 88-pages guide describing all changes introduced in this major update.

 

While it was written during VI 3.5 beta and RC phases, it's a great start to understand the product's evolution at a very technical level.

 

Download the guide, free of charge, here.

 

As described in the previous articles, Windows Server 2008 has an great option to install it with a minimal graphical user interface. This new version of Windows is called "Server Core", and it allows an administrator to only install the minimum binaries files required to run a specific server role. You can read more about it on my "Getting started with Windows Server 2008 Core" article.

 

 

 

Although Server Core has no real GUI (except a few tools how regional setting and so on), we still need to access it locally in order to run configuration and other setting on it. Some of these configuration and settings are accessible via remote MMC snap-ins, run from remote management workstations or servers (preferable Windows Server 2008 or Windows Vista). However, some commands need to be run only on the local Command Prompt, causing us to need to physically have access to the Server Core server.

 

 

Now, in order to properly configure Server Core to allow ICMP replies, follow these steps:

 

 

To manage a server running a Server Core installation by using a terminal server client

 

 

Ø  On the server running a Server Core installation, type the following command at a command prompt:

cscript C:WindowsSystem32 Scregedit.wsf /ar 0

This enables the Remote Desktop for Administration mode to accept connections.

If you want to view your current settings you need type:

cscript C:WindowsSystem32 Scregedit.wsf /ar /v



If you see "1" in the script output, that means that RDP connections are denied. If you see a "0", they will be allowed.

Note: If you are running the Terminal Services client on a previous version of Windows, you must turn off the higher security level that is set by default in Windows Server 2008. To do this, type the following command at the command prompt:

cscript C:WindowsSystem32Scregedit.wsf /cs 0

 

 

If you want to enable remote management from an RDP connection through the firewall

 

 

Ø  To enable remote management from any MMC snap-in, type the following:

netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes

 

 

To open an RDP session with the Server Core machine

 

 

1. On the remote management computer, click Start > Run, type mstsc, and then click OK.
    

    

2. In Computer, enter the name of the server running a Server Core installation
    

    

3. Log on using an administrator account.
    

    

4. When the command prompt appears, you can manage the computer using the Windows command-line tools.
   
   
   
   Note that while you're logged on to the server, the original server console session is locked out.
   
   
    

    

5. When you have finished remotely managing the computer, type logoff in the command prompt to end your Terminal Server session.

    

Summary

 

 

Windows Server 2008 Server Core installations, require remote management.

 

 

In order to allow for that, the server's Firewall and registry settings need to be changed. This article showed you how to do that.