Technical Training Nicola Ferrini [email protected].

146
Microsoft Desktop Optimization Pack Technical Training Nicola Ferrini [email protected]
  • date post

    20-Dec-2015
  • Category

    Documents

  • view

    220
  • download

    1

Transcript of Technical Training Nicola Ferrini [email protected].

Page 1: Technical Training Nicola Ferrini info@nicolaferrini.it.

Microsoft Desktop Optimization Pack

Technical Training

Nicola [email protected]

Page 3: Technical Training Nicola Ferrini info@nicolaferrini.it.

Introduction

This course discusses topics around concepts, benefits, installing and configuring Microsoft Desktop Optimization Pack (MDOP) technologies

Focuses on Mid Market Customers

Page 4: Technical Training Nicola Ferrini info@nicolaferrini.it.

Prerequisites

Before Starting this Course participants should be familiar with: Desktop Support and Troubleshooting Application Support and Troubleshooting Group Policy concepts including creating, modifying,

supporting, and troubleshooting. Before starting this course it would be beneficial

to have experience or familiarity with: Licensing Compliance Change Management Process Basic SQL and Operations Manager knowledge Basic Active Directory administrative skills

Page 5: Technical Training Nicola Ferrini info@nicolaferrini.it.

Agenda – Day 1

Ore 9:00 - Benvenuto Ore 9:30 - Microsoft Desktop Optimization Pack (MDOP) Ore 11:00 - Coffee Break Ore 11:30 - Microsoft SoftGrid Application Virtualization

Concepts

Ore 13:00 – Lunch

Ore 14:00 - Microsoft SoftGrid Application Virtualization Configuration

Ore 15:00 – Coffee Break Ore 16:00 – LAB Ore 17:00 – Fine lavori

Page 6: Technical Training Nicola Ferrini info@nicolaferrini.it.

Agenda – Day 2

Ore 9:00 – RiassuntoOre 9:30 – Microsoft SoftGrid Application Virtualization

SequencingOre 11:00 – Coffee BreakOre 11:30 – LABOre 12:30 – Microsoft Application Virtualization 4.5 Preview

Ore 13:00 – Lunch

Ore 14:00 – Diagnostics and Recovery Toolset (DaRT)Ore 14:30 – LABOre 14:45 – Coffee BreakOre 15:00 – Advanced Group Policy Management (AGPM)Ore 16:00 – Desktop Error Monitoring (DEM)Ore 16:30 – Application Inventory Service (AIS)Ore 17:00 – Fine lavori

Page 7: Technical Training Nicola Ferrini info@nicolaferrini.it.

What is in this course?

Module 1:Microsoft Desktop Optimization Pack (MDOP) Module 2: Microsoft SoftGrid Application Virtualization

Concepts Module 3: Microsoft SoftGrid Application Virtualization

Configuration Module 4: Microsoft SoftGrid Application Virtualization

Sequencing Module 5:Microsoft Application Virtualization 4.5

Preview Module 6:Diagnostics and Recovery Toolset (DaRT) Module 7:Advanced Group Policy Management (AGPM) Module 8:Desktop Error Monitoring (DEM) Module 9:Asset Inventory Service (AIS)

Page 8: Technical Training Nicola Ferrini info@nicolaferrini.it.

Module 1:Microsoft Desktop Optimization Pack (MDOP)

What is MDOP? Mid Market Customer Needs How does MDOP Address Customer

Needs MDOP Technology How is MDOP Licensed? What is Software Assurance?

Page 9: Technical Training Nicola Ferrini info@nicolaferrini.it.

What is MDOP?

The Microsoft Desktop Optimization Pack for Software Assurance is an add-on subscription license available to Software Assurance customers

Page 10: Technical Training Nicola Ferrini info@nicolaferrini.it.

Mid Market Customer Needs

End User Productivity Mobile Users Risk Management

Page 11: Technical Training Nicola Ferrini info@nicolaferrini.it.

How does MDOP Address Customer Needs

Increase End User Productivity Support Mobile Users Improve Risk Management

Page 12: Technical Training Nicola Ferrini info@nicolaferrini.it.

MDOP Technology

Microsoft SoftGrid Application Virtualization

Diagnostics and Recovery Toolset Advanced Group Policy Management Desktop Error Monitoring Asset Inventory Service

Page 13: Technical Training Nicola Ferrini info@nicolaferrini.it.

How is MDOP Licensed?

Low Cost Subscription Based For Customers with Software Assurance for the

Windows Desktop Select, Open Value, EA, EAS, CASA

MDOP Benefits to Customers Increase End User Productivity Support Mobile Users Improve Risk Management

MDOP Benefits to Partners Recurring Revenue Services Revenue Customer Relationship

Page 14: Technical Training Nicola Ferrini info@nicolaferrini.it.

What is Software Assurance? A comprehensive maintenance offering that helps

you get the most out of your software investment Software Assurance Benefits to Customers

Windows Vista Enterprise Spread Payments New Version Rights Desktop Optimization Pack Training Vouchers Support Incidents

Software Assurance Benefits to Partners Recurring Revenue Customer Relationship

Page 15: Technical Training Nicola Ferrini info@nicolaferrini.it.

Module 2: Microsoft SoftGrid Application Virtualization Concepts

Describe problems organizations encounter when dealing with application management

Describe the benefits of SoftGrid computing in a technical nature

Define SoftGrid computing List and explain various SoftGrid

system components Understand the SoftGrid

environment

Page 16: Technical Training Nicola Ferrini info@nicolaferrini.it.

Application Management Life Cycle

Deployment Updates Support Termination

Page 17: Technical Training Nicola Ferrini info@nicolaferrini.it.

Application Virtualization

Page 18: Technical Training Nicola Ferrini info@nicolaferrini.it.

Benefits of Microsoft SoftGrid Application Virtualization

Conflict Free Pre-Configured Applications Multiple Versions Preservation of Source Code Centralization On Demand Delivery

Page 19: Technical Training Nicola Ferrini info@nicolaferrini.it.

Feature Block 1 and 2

Package .sft don’t have to be delivered at one time

Sequencer can mark certain blocks of the .sft as critical launch phase or Feature Block 1 (FB1) During initial stream after FB1 downloaded application

can launch All other blocks are stored in Feature Block 2

(FB2) When user accesses feature not in FB1 individual

blocks of data downloaded from FB2 Operation known as Out of Sequence Operation

User customized settings are stored in UsrVol_sftfs_v1.pkg and stored in user’s AppData

Page 20: Technical Training Nicola Ferrini info@nicolaferrini.it.

Considerations

Sequencing applications requires extensive knowledge of application Knowledge of how to install the application Knowledge of how to configure the application

Limitations of Virtualization Boot-time applications Background services DCOM and COM+ applications Drivers Internet Explorer (Add-ins can be virtualized)

Page 21: Technical Training Nicola Ferrini info@nicolaferrini.it.

Application Virtualization Environment Overview

Microsoft SoftGrid Application Virtualization Sequencer

SoftGrid Management Console Microsoft SoftGrid Application Virtualization

Virtual Application Server Microsoft SoftGrid Application Virtualization

Management Web Service Microsoft SoftGrid Application Virtualization Data

Store Microsoft SoftGrid Application Virtualization Client MSI Utility for Microsoft Application Virtualization

Page 22: Technical Training Nicola Ferrini info@nicolaferrini.it.

What Happens?

Microsoft SoftGrid Application Virtualization Platform Review Sequencing Backed Server Client Launch

Pre-Launch Deployment Microsoft SoftGrid Application

Virtualization Desktop Configuration Refresh

The Launch Process:

Page 23: Technical Training Nicola Ferrini info@nicolaferrini.it.

Module 3: Application Virtualization Configuration

Describe all minimum requirements needed to install the Microsoft SoftGrid Application Virtualization Components

Detail deployment scenarios available

Complete a full installation and configuration of the Microsoft SoftGrid Application Virtualization Components

Page 24: Technical Training Nicola Ferrini info@nicolaferrini.it.

Suggested Minimum System Requirements

System Center Virtual Application Server

SoftGrid Application Virtualization Data Store

SoftGrid Application Virtualization Management Web Service

SoftGrid Management Console SoftGrid Application Virtualization

Sequencer MSI Utility for Microsoft Application

Virtualization

Page 25: Technical Training Nicola Ferrini info@nicolaferrini.it.

Deployment Scenarios

Connected Mode

Standalone ModeDelivery thru ESD not shown

Page 26: Technical Training Nicola Ferrini info@nicolaferrini.it.

Stand Alone Mode

SoftGrid Client and SoftGrid Sequencer Only No Application Streaming Client in Stand Alone Mode Deployment Options

AD publishing through GPO Media Distribution Run from File Share Software Management Systems (SMS/SCCM)

When to use? Software Management System already in place Organizations where resources are limited Network bandwidth limitations Limited budgets

Page 27: Technical Training Nicola Ferrini info@nicolaferrini.it.

Connected Mode

Known as Classic Mode Uses built-in software distribution from

Virtual Application Server (VAS) When to Use SoftGrid Connected Mode

Application Streaming Group-based Application Publishing License Enforcement Built-in SoftGrid Reporting SoftGrid Classic Software Usage Reporting

Console

Page 28: Technical Training Nicola Ferrini info@nicolaferrini.it.

Network Protocols

ManagementWorkstation

(SoftGridManagement

Console)

ODBC:1433Initial Stream

ConnectRTSP:554

Active StreamRTSP Control

RTP Data49152-65535

(2 ports)

SoftGrid Virtual

ApplicationServer

SQL Server

Connection SoftGrid to

Management Web Service

HTTP: 80

SoftGridManagement

Database

Client PCInitial Remote Management

ConnectRPC: 153

Remote Management

Return49152-65535

(1 port)

SoftGrid Management

Server(SoftGrid

Management Web Service)

OSDs & ICOsDownload via

UNC path (SMB:445)

ODBC:1433

Page 29: Technical Training Nicola Ferrini info@nicolaferrini.it.

Server Installation

Pre-Installation Checklist Account authority domain SoftGrid Administrators and Users Group MDAC 2.7 and .NET Framework 2.0 SQL Database Information SoftGrid Browser Account IIS 5.0 or higher

Typical Server Installation Virtual Application Server Data Store Management Web Service Management Console

Custom Installation Allows administrators to select individual components to install on a

server In larger scenarios integrators can spread the components over multiple

servers for higher availability and divided administrative function

Page 30: Technical Training Nicola Ferrini info@nicolaferrini.it.

SoftGrid Client Installation

Current Versions of SoftGrid Clients Windows Desktop 4.1 SP1 HFRU1 version

4.1.2.21 Windows Desktop 4.2 HFRU1 version

4.2.1.21 (Vista support) Terminal Server 4.1 SP1 HFRU1

Suggested Minimum System Requirements

Microsoft SoftGrid Application Virtualization Client Installation

Page 31: Technical Training Nicola Ferrini info@nicolaferrini.it.

Identifying Installation Options

MSI Installer CD setup Command-line setup Disk Imaging

Page 32: Technical Training Nicola Ferrini info@nicolaferrini.it.

Microsoft SoftGrid Application Virtualization Client Configuration

Root Node General Tab Interface Tab File System Tab Network Tab Connectivity Tab Permissions Tab

Applications Node File Type Associations Node Desktop Configuration Servers Node System Tray

Page 33: Technical Training Nicola Ferrini info@nicolaferrini.it.

Root Node

Page 34: Technical Training Nicola Ferrini info@nicolaferrini.it.

General Tab

Page 35: Technical Training Nicola Ferrini info@nicolaferrini.it.

Interface Tab

Page 36: Technical Training Nicola Ferrini info@nicolaferrini.it.

File System Tab

Page 37: Technical Training Nicola Ferrini info@nicolaferrini.it.

Network Tab

Page 38: Technical Training Nicola Ferrini info@nicolaferrini.it.

Connectivity Tab

Page 39: Technical Training Nicola Ferrini info@nicolaferrini.it.

Permissions Tab

Page 40: Technical Training Nicola Ferrini info@nicolaferrini.it.

Applications Node

Page 41: Technical Training Nicola Ferrini info@nicolaferrini.it.

File Type Associations Node

Page 42: Technical Training Nicola Ferrini info@nicolaferrini.it.

Desktop Configuration Servers Node

Page 43: Technical Training Nicola Ferrini info@nicolaferrini.it.

System Tray

Page 44: Technical Training Nicola Ferrini info@nicolaferrini.it.

Automating Client Configuration with Commands

SFTMime.exe SFTTRAY.EXE

Page 45: Technical Training Nicola Ferrini info@nicolaferrini.it.

MSI Utility Installation

Installing the MSI Utility Installing the Client for Stand Alone

Mode Configuring the Client for Stand

Alone Mode Installing an Application with the

Virtual Application MSI File

Page 46: Technical Training Nicola Ferrini info@nicolaferrini.it.

Server Administration

Understand how to connect to any machine running the SoftGrid Management Web Service to configure the platform.

Create new objects from within the SoftGrid Management Console, using the supplied wizards.

Explain each of the containers, objects, and properties within the SoftGrid Management Console.

Page 47: Technical Training Nicola Ferrini info@nicolaferrini.it.

SoftGrid Management Console

Page 48: Technical Training Nicola Ferrini info@nicolaferrini.it.

Application Container

Page 49: Technical Training Nicola Ferrini info@nicolaferrini.it.

Packages Container

Page 50: Technical Training Nicola Ferrini info@nicolaferrini.it.

Active Upgrade

1. Administrator Adds new package version on the server

2. User either closes application and reopens or opens it after previously streaming the older version

3. Client sees new version available and streams FB1 for new package version

4. Application launches with user’s individual application settings intact

Page 51: Technical Training Nicola Ferrini info@nicolaferrini.it.

Lab

SoftGrid Application Virtualization Publishing

Page 52: Technical Training Nicola Ferrini info@nicolaferrini.it.

Server Administration

Manage provider Policies and utilize them for Licensing

Manage multiple SoftGrid Application Virtualization Servers by using Server Groups.

Utilize reporting to track usage and licensing information.

Configure advanced server settings.

Page 53: Technical Training Nicola Ferrini info@nicolaferrini.it.

Licensing

1. Provider Policies Create a Provider Policy the enables licensing for

auditing or enforcement2. Licensing

Create a license Group for Unlimited, concurrent or named license

3. Application Assign the license group to the application record

4. Customize .OSD Modify the application .osd file to include ?

Customer=Custom Provider Policy Name at the end of the HREF URL.

Page 54: Technical Training Nicola Ferrini info@nicolaferrini.it.

Server Groups Container

Page 55: Technical Training Nicola Ferrini info@nicolaferrini.it.

SoftGrid Administrators Container

Page 56: Technical Training Nicola Ferrini info@nicolaferrini.it.

Reporting

Page 57: Technical Training Nicola Ferrini info@nicolaferrini.it.

System Options

Page 58: Technical Training Nicola Ferrini info@nicolaferrini.it.

Module 4: Application Virtualization Sequencing

Describe the role of the sequencer Discuss Planning and Installation of

the Sequencer Learn the steps of sequencing

applications Understand OSD editing for

enhancing and troubleshooting

Page 59: Technical Training Nicola Ferrini info@nicolaferrini.it.

What Is the Sequencer?

Page 60: Technical Training Nicola Ferrini info@nicolaferrini.it.

The Sequencing Process

1. Standard application installations are used.2. The application being installed is “monitored” by

SystemGuard during installation for all application components.

3. The Sequencing Station then packages all the changes, to recreate them in a virtual environment on a client machine.

4. The Sequencing Station runs the application by using SystemGuard to optimize the package and then slice the package into smaller chunks to deliver it to the client on an as-needed basis.

5. The result of running the Sequencer will generate four files: an .osd file, an .sft file, an .sprj and an .ico file. These are the files needed to run an application in the SoftGrid platform.

Page 61: Technical Training Nicola Ferrini info@nicolaferrini.it.

Sequencer Files

.ico (~24 Kb) *One per published application

▪ Used to be delivered down to the users machine to provide a means to access the virtual application (a shortcut).

.osd (~2Kb) *One per published application

▪ Contains information on how to request and run the package. Can also be used to embed scripts into (similar to an .exe)

.sft (up to 4 GB) *One per Suite of applications

▪ Contains all the virtualized components of the application. If the component isn’t part of .sft, it is expected to be present on the local machine.

.sprj (~13 Kb) *One per Suite of applications

▪ Used to publish and open existing packages to update or repair.

Page 62: Technical Training Nicola Ferrini info@nicolaferrini.it.

Basic OSD file

Page 63: Technical Training Nicola Ferrini info@nicolaferrini.it.

OSD Values

ABSTRACT CODEBASE

FILENAME HREF SIZE GUID SYSGUARDFILE PARAMETER

ENVIRONMENT VARIABLE ENVLIST

CLIENTVERSION XML Version, standalone SIZE VM

SUBSYSTEM (WIN32 OR WIN16) REGKEY

HIVE KEY

SUITE

Page 64: Technical Training Nicola Ferrini info@nicolaferrini.it.

Installing the Sequencer

Planning the Sequencer Environment SoftGrid Virtual Drive (Q:\ Drive) Partitioning Clean Operating System Multiple Sequencing Workstations

Installing the Sequncer

Page 65: Technical Training Nicola Ferrini info@nicolaferrini.it.

Sequencer Configuration

Select Tools|Options Paths Parse Items Exclusion Items Wizard Settings

Page 66: Technical Training Nicola Ferrini info@nicolaferrini.it.

Paths tab

Page 67: Technical Training Nicola Ferrini info@nicolaferrini.it.

Parse Items tab

Page 68: Technical Training Nicola Ferrini info@nicolaferrini.it.

Exclusion Items

Page 69: Technical Training Nicola Ferrini info@nicolaferrini.it.

Wizard Settings

Page 70: Technical Training Nicola Ferrini info@nicolaferrini.it.

Sequencing Best Practices Local Install Document the Installation Application Pre-installation requirements Compression and block size Destination path Suites Application components Automatic Updates Manual/Post-Installation configuration Reboot Request Stop Monitoring

Page 71: Technical Training Nicola Ferrini info@nicolaferrini.it.

Naming Conventions

ICO Application_Version

OSD Application_Version

SUITE Name Suite_Vendor_Version_MNT or Suite_Vendor_Version_VFS

Package Save Directory

Suite_Vendor_Version_MNT or Suite_Vendor_Version_VFS

SFT Suite_Vendor_Version_MNT or Suite_Vendor_Version_VFS

SPRJ Suite_Vendor_Version_MNT or Suite_Vendor_Version_VFS

Package ROOT ApplicationVersion.Package Version (8.3 naming)

Page 72: Technical Training Nicola Ferrini info@nicolaferrini.it.

Package Configuration Wizard

Page 73: Technical Training Nicola Ferrini info@nicolaferrini.it.

Installation Wizard

Page 74: Technical Training Nicola Ferrini info@nicolaferrini.it.

Application Wizard

Page 75: Technical Training Nicola Ferrini info@nicolaferrini.it.

Sequencer – Post Sequence

Page 76: Technical Training Nicola Ferrini info@nicolaferrini.it.

Package Upgrade

Page 77: Technical Training Nicola Ferrini info@nicolaferrini.it.

Lab

SoftGrid Application Virtualizaton Introduction to Sequencing

Page 78: Technical Training Nicola Ferrini info@nicolaferrini.it.

Sequence a Hard-Coded Application

Apps the don’t have the option to select the installation directory

Called VFS or Virtual File System installs

Not Recommended Creates Virtualization Overhead Driver letter sequenced to must be

present on client

Page 79: Technical Training Nicola Ferrini info@nicolaferrini.it.

Sequencing a Web Based Application

Sequence Internet Explorer add-in Active X Codecs Flash Java

Can’t sequence Internet Explorer Allows running multiple versions of

add-ins on the same machine

Page 80: Technical Training Nicola Ferrini info@nicolaferrini.it.

Custom OSD Modifications

Passing Parameters Scripting Virtual Registry TERMINATECHILDREN Tag Environment Variable Customizations

Page 81: Technical Training Nicola Ferrini info@nicolaferrini.it.

Lab

SoftGrid Application Virtualization Advanced Sequencing

Page 82: Technical Training Nicola Ferrini info@nicolaferrini.it.

Module 5: Preview of Microsoft Application Virtualization 4.5

Dynamic Virtualization Extended Scalability Globalization Microsoft Security Standards

Page 83: Technical Training Nicola Ferrini info@nicolaferrini.it.

Dynamic Virtualization

Page 84: Technical Training Nicola Ferrini info@nicolaferrini.it.

Extended Scalability

Full Infrastructure

Lightweight Infrastructure

Stand-Alone Mode

Page 85: Technical Training Nicola Ferrini info@nicolaferrini.it.

Globalization

Support for foreign language applications with special characters Foreign language Active Directory and server support Runtime Locale Detection Localized in 11 Languages

Brazilian Portuguese Chinese – Simplified, Chinese – Traditional Dutch (Client Only) French German Italian Japanese Korean Russian Spanish

Page 86: Technical Training Nicola Ferrini info@nicolaferrini.it.

Microsoft Security Standards Adopt Microsoft Security Initiatives

Trustworthy Computing (TwC) Secure Windows Initiative (SWI) Security Development Lifecycle (SDL)

Enable Internet facing scenarios No VPN Required Client is on a non-trusted network Server is on a non-trusted network

Secure by Default configuration out of the box Client Privileges locked down TLS Support via Schannel (on by default) Kerberos support Server Authentication

Page 87: Technical Training Nicola Ferrini info@nicolaferrini.it.

Module 6:Diagnostics and Recovery Toolset (DaRT)

What is DaRT? When do I use DaRT? Advantages DaRT Technology Explained Demonstration

Page 88: Technical Training Nicola Ferrini info@nicolaferrini.it.

What is DaRT?

Microsoft® Diagnostics and Recovery Toolset provides powerful, intuitive tools that help administrators recover PCs that have become unusable and easily identify root causes of system and network issues

Page 89: Technical Training Nicola Ferrini info@nicolaferrini.it.

When do I use DaRT?

Microsoft Diagnostics and Recovery Toolset can save significant time and reduce the headaches associated with repairing and troubleshooting common system failures.

System administrators may now run powerful recovery tools on unbootable systems and can quickly restore failed systems with minimal manual effort—in much less time than is required when restoring PCs from backup or reinstalling operating systems

Page 90: Technical Training Nicola Ferrini info@nicolaferrini.it.

Advantages

Rapid recovery Flexible recovery options Unique tools Cost savings

Page 91: Technical Training Nicola Ferrini info@nicolaferrini.it.

DaRT Technology Explained

WinPE/WinRE Basics DaRT Requirements DaRT Interface DaRT Interface Tools DaRT Admin Tools DaRT Network Tools DaRT System Tools Online Tools

Page 92: Technical Training Nicola Ferrini info@nicolaferrini.it.

WinPE/WinRE Basics

Windows PE was designed to allow Windows® setup or a 32-bit imaging program to run on a PC even with no version of Windows installed.

Integrates the different components of setup into one solution so that a simple boot CD could provide a minimal environment that would let 32-bit setup run

WinPE/WinRE now support 64 bit environments

Page 93: Technical Training Nicola Ferrini info@nicolaferrini.it.

DaRT 6.0 Requirements

Windows Vista Windows Server 2008 Localized in 9 languages

Chinese-simplified Dutch English French German Italian Japanese Korean Spanish

1 GHz 32-bit (x86) or 64-bit (x64) processor 512 MB of system memory A CD drive BIOS support for booting from a CD drive

Page 94: Technical Training Nicola Ferrini info@nicolaferrini.it.

DaRT 5.0 Requirements

Windows 2000 Windows XP (x86 versions) Windows Server 2003 (x86 versions) A minimum of 64 MB (128 MB

recommended) of system RAM An Intel Pentium (or compatible) 166

MHz or faster processor A CD drive BIOS support for booting from a CD

drive

Page 95: Technical Training Nicola Ferrini info@nicolaferrini.it.

DaRT 6.0 Interface (ERD Commander)

DaRT provides an extension of the WinRE functionality with additional tools for diagnosing, troubleshooting, and repairing workstations

Can be connected to the local Windows installation

Page 96: Technical Training Nicola Ferrini info@nicolaferrini.it.

DaRT 5.0 Interface (ERD Commander)

DaRT provides a GUI extension of the WinPE functionality with additional tools for diagnosing, troubleshooting, and repairing workstations

Can be connected to the local Windows installation

Looks like Windows XP

Page 97: Technical Training Nicola Ferrini info@nicolaferrini.it.

DaRT 6.0 Interface tools

Startup Repair (WinRE tool) System Restore (WinRE tool) Bitlocker Unlock (WinRE tool) Windows Complete PC Restore (WinRE

tool) Windows Memory Diagnostic Tool

(WinRE tool) Command Prompt (WinRE tool) Microsoft Diagnostics and Recovery

Toolset (DaRT tools)

Page 98: Technical Training Nicola Ferrini info@nicolaferrini.it.

DaRT 5.0 Interface tools

Command Prompt Explorer Notepad Search Solution Wizard Help

Page 99: Technical Training Nicola Ferrini info@nicolaferrini.it.

DaRT Tools

ERD Registry Editor Locksmith Crash Analyzer Wizard Disk Commander File Restore Disk Wipe Search Explorer Computer Management TCP/IP Config Hotfix Uninstall SFC Scan Standalone System Sweeper (DaRT 6.0 only)

Page 100: Technical Training Nicola Ferrini info@nicolaferrini.it.

Online tools explained (Tools that can run in the online system)

Crash Analyzer ERD Commander Boot Media Wizard File Restore (Only available in Dart

5.0)

Page 101: Technical Training Nicola Ferrini info@nicolaferrini.it.

Demonstration

Creating the CD To start the ERD commander Boot Media

Wizard▪ Walk through the installation Wizard

Creating a Bootable CD that has a time Limit

Booting into the DaRT

Page 102: Technical Training Nicola Ferrini info@nicolaferrini.it.

Lab

Microsoft Diagnostic and Recovery Toolset 6.0

Page 103: Technical Training Nicola Ferrini info@nicolaferrini.it.

Module 7:Advanced Group Policy Management (AGPM)

What is AGPM? When do I use AGPM Advantages Concepts Change Management Using GPOs and AGPM for Change

Management AGPM Technology Demonstration

Page 104: Technical Training Nicola Ferrini info@nicolaferrini.it.

What is AGPM?

Microsoft® Advanced Group Policy Management is an add-on to Group Policy Management Console that provides change management control over Group Policy Objects

Page 105: Technical Training Nicola Ferrini info@nicolaferrini.it.

When do I use AGPM?

Provide change control system for group policies

Delegate and control group policy administrators access

Provide ability to revert to previous versions of group policies

Page 106: Technical Training Nicola Ferrini info@nicolaferrini.it.

Challenges in Managing Group Policy

Edits to live GPOs can affect many or all computers on network adversely

No way to quickly revert to previous group policy settings

GPO Editors can deploy GPOs into live environment without testing

Multiple GPO editors, without audit information on individual settings

Can’t provide review process to accept or reject new settings

Page 107: Technical Training Nicola Ferrini info@nicolaferrini.it.

Microsoft Advanced Group Policy Management: Advantages

Granular administrative control Robust delegation model Role-based administration Change request approval 

Reduced risk of widespread failures Offline editing of GPOs Difference reporting and audit logging Recovery of a deleted GPO Repair of live GPOs

Enable effective Group Policy change management Creation of GPO template libraries Subscription to policy change e-mail notifications Version tracking, history capture, and quick rollback of

deployed changes

Page 108: Technical Training Nicola Ferrini info@nicolaferrini.it.

Microsoft Advanced Group Policy Management: Concepts

GPMC Integration Role-based Delegation Change Management Offline Editing Email notification Advanced Differencing Reports Templates Roll-back

Page 109: Technical Training Nicola Ferrini info@nicolaferrini.it.

GPMC Integration

Addition of Change Control Object in GPMC mmc

Page 110: Technical Training Nicola Ferrini info@nicolaferrini.it.

Role-based Delegation

Allows administration tasks to be delegated to regional or task-oriented administrators

Provide an optional workflow process that includes role-based delegation, review, and approval

Roles: Administrator, Approver, Editor, and Reviewer

Domain-level and GPO based delegation

Page 111: Technical Training Nicola Ferrini info@nicolaferrini.it.

Change Management

Store each GPO in a central Archive Administrators can view and edit

offline Stores versions for Roll-back

Page 112: Technical Training Nicola Ferrini info@nicolaferrini.it.

Using GPOs and AGPM for Change management

Create a new controlled GPO or control a previously uncontrolled GPO.

Check out the GPO, so you and only you can modify it.

Edit the GPO. Check in the edited GPO, so others can

modify it, or so it can be deployed. Review the changes. Deploy the GPO to the production

environment.

Page 113: Technical Training Nicola Ferrini info@nicolaferrini.it.

Offline Editing

Enables administrators to configure and test changes on live GPOs without effecting live environment

Requires controlled GPO that is checked out before editing

When checked out no other administrators can edit until GPO is checked in

After check in, the GPO can reviewed, approved, and deployed

Page 114: Technical Training Nicola Ferrini info@nicolaferrini.it.

Email Notification

Editor or Reviewer attempts to create, deploy, or delete GPOs an email is sent to configured Approver(s)

Approver(s) can accept or reject the request

Page 115: Technical Training Nicola Ferrini info@nicolaferrini.it.

Advanced Difference Reports

Generate HTML or XML based difference reports

Comparison of two controlled GPOs Comparison of controlled GPO and

default template All Roles of AGPM administrator can

run difference reports

Page 116: Technical Training Nicola Ferrini info@nicolaferrini.it.

Templates

Templates enable administrators to save all of the settings of a particular version of a GPO

Templates can be used as a starting point for new GPOs

Editors can select which GPO template is the default

Eliminates settings errors when configuring multiple GPOs that need to comply with company policies

Page 117: Technical Training Nicola Ferrini info@nicolaferrini.it.

Roll-back

Redeploys previous version from archive

Overwrites current version in production

Page 118: Technical Training Nicola Ferrini info@nicolaferrini.it.

AGPM Technology

Prerequisites for AGPM AGPM Server Requirements

▪ Windows Vista (32-bit version)▪ Microsoft Windows Server 2003 (32-bit version)▪ Group Policy Management Console (GPMC)▪ Membership to the Domain Admins group for install▪ Default Port for AGPM service is 4600

AGPM Client Requirements▪ Windows Vista (32-bit version)▪ Microsoft Windows Server 2003 (32-bit version)▪ Group Policy Management Console (GPMC)

Page 119: Technical Training Nicola Ferrini info@nicolaferrini.it.

Supported AGPM configurations

Windows VistaAGPM client

Windows VistaAGPM

service

All Setting

s

Windows VistaAGPM client

Windows ServerAGPM

service

Most Settings

*

Windows VistaAGPM client

Windows Longhor

nAGPM

service

All Settings

Now

availa

ble

Win

dow

s Serv

er

200

8

tim

efr

am

e

Page 120: Technical Training Nicola Ferrini info@nicolaferrini.it.

Demonstration

Installation of AGPM Server and Client

Delegation of Access to all GPOs in a domain

Configuring Email Notification Using AGPM to create and manage

GPOs Use a template to create a GPO Delete and restore a GPO

Page 121: Technical Training Nicola Ferrini info@nicolaferrini.it.

Module 8:Desktop Error Monitoring (DEM)

What is DEM? When do I use DEM? Benefits DEM Technology DEM Requirements Capacity Planning Security

Page 122: Technical Training Nicola Ferrini info@nicolaferrini.it.

What is DEM?

Built on Microsoft Operations Manager 2007

Provides a subset of the Operations Manager features

Enables collection of information about application and operating system failures

Delivers rich reporting of common errors in the environment

Can be configured to provide resolutions of common Microsoft errors

Page 123: Technical Training Nicola Ferrini info@nicolaferrini.it.

When do I use DEM?

Any organization that experiences application crashes and operating system errors

One of the most severe and difficult-to-resolve problems for users of desktop PCs is when an operating system or application stops responding

End users typically deal with this by rebooting their systems: in 90 percent of the cases, they don’t tell anyone in IT about the problem.

Page 124: Technical Training Nicola Ferrini info@nicolaferrini.it.

Benefits

Enhances IT helpdesk effectiveness, reducing cost of Windows® ownership Identifies the highest-occurring crashes Reduces resolution time by providing crash details and

responses Assists in triaging patch deployments and updates Provides metrics for monitoring post-deployment effects

Improves desktop stability, increasing enduser productivity and satisfaction Reduces downtime throughout an organization Reactive: provides real-time awareness of critical errors Proactive: helps address errors in applications before they go

into production Enables IT-controlled, custom error responses to end users

Page 125: Technical Training Nicola Ferrini info@nicolaferrini.it.

DEM Technology

Operations Manager (OM) 2007 Agentless crash monitoring Error Reporting to a central location Rich Data Analysis (utilizing OM

reporting) Direct Access to troubleshooting and

resolution knowledgebase (OM tie to Microsoft Knowledgebase)

Page 126: Technical Training Nicola Ferrini info@nicolaferrini.it.

Operations Manger 2007

System Center Operations Manager is a software solution to meet the need for end-to-end service monitoring in the enterprise IT environment

Monitors thousands of servers, applications, and clients

Provide a comprehensive view of the health of an organization’s IT environment

Page 127: Technical Training Nicola Ferrini info@nicolaferrini.it.

Agentless Exception Montioring

Monitor operating system applications failures that cause your client computers to hang or crash

Participate in the Customer Experience Improvement Program

No Agent installed on Client Configured through Group Policies

Page 128: Technical Training Nicola Ferrini info@nicolaferrini.it.

Error Reporting to a Central Location

DEM stores the error reports to a centralized shared location

Temporary location that stores information that could be analyzed by development teams

DEM will then take the data sent from the client and put it into the SQL database

Data in these directories can be forwarded to Microsoft

Page 129: Technical Training Nicola Ferrini info@nicolaferrini.it.

Rich Data Analysis (utilizing Operations Manager reporting)

Operations Manger includes SQL based reporting infrastructure

Reports available for Client Monitoring allow administrators to identify the most critical or most frequently occurring errors

Reports allow for administrators to engage Microsoft Support, a 3rd party application vendor, or have data to present to the internal development team to find resolutions to the most common or critical problems.

Page 130: Technical Training Nicola Ferrini info@nicolaferrini.it.

Direct Access to troubleshooting and resolution knowledgebase

DEM is capable of utilizing the Microsoft Knowledgebase to provide prescriptive resolutions to specific errors that are in the environment

Administrators can quickly respond to and resolve errors occurring without lengthy research

DEM needs to be configured to send information to Microsoft to receive response URLs

Page 131: Technical Training Nicola Ferrini info@nicolaferrini.it.

DEM Requirements

Windows Server 2003  Active Directory Group Policies SQL 2005 sp1 Powershell .NET 2.0

Page 132: Technical Training Nicola Ferrini info@nicolaferrini.it.

Security

Use of certificates provides capability of client to server and server to Microsoft SSL based security

Delegation of access to provide read-only access to most administrators

Page 133: Technical Training Nicola Ferrini info@nicolaferrini.it.

Demo

Installation of SCDEM Configuration of Agentless

monitoring Viewing Reports

Page 134: Technical Training Nicola Ferrini info@nicolaferrini.it.

Module 9: Asset Inventory Service (AIS)

What is AIS? When would I use AIS? Benefits of AIS AIS Client Properties Why is AIS a Hosted Solution AIS Process

Page 135: Technical Training Nicola Ferrini info@nicolaferrini.it.

What is AIS?

Advanced Inventory Scanning Comprehensive Inventory Reports Software License Management Easily administered service Security and Privacy

Page 136: Technical Training Nicola Ferrini info@nicolaferrini.it.

Advanced inventory scanning

AIS gathers data on all of your software assets

Identifies all installed software by name, ISV, family, and category

Scans systems for software through Add/Remove Programs, Start Menu, Auto start (Startup), and MSIs

Scanning is automatically randomized

Page 137: Technical Training Nicola Ferrini info@nicolaferrini.it.

Comprehensive inventory reports

Inventory data is reconciled against the Microsoft Asset Inventory Service Application Knowledgebase

Database of software contains titles representing the vast majority of commercially available software

For Microsoft and some Third Party applications AIS can interpret the type of software installed (MS: OEM, VL, Retail, 3rd Party: Purchased vs Freeware)

Page 138: Technical Training Nicola Ferrini info@nicolaferrini.it.

Software license management

Ensure that licenses you’ve paid for have been deployed and are being used

Verify software within your enterprise is compliant with your license agreements

Page 139: Technical Training Nicola Ferrini info@nicolaferrini.it.

Easily administered service

Designed for ease of use Can be enabled in just a few hours Inventory data is securely hosted by

Microsoft No servers to maintain

Page 140: Technical Training Nicola Ferrini info@nicolaferrini.it.

Security and privacy

Microsoft ensures that the data gathered in this hosted service is secure and remains confidential to your organization

Data center with a caged environment and redundant systems for reliability

Protect web sessions through a secure connection

Windows Live ID to authenticate users No identifiable Inventory data is shared

with anyone within or outside of Microsoft

Page 141: Technical Training Nicola Ferrini info@nicolaferrini.it.

When would I use AIS?

In any environment for collecting an accurate inventory on all the software installed on their desktops on an ongoing basis

Page 142: Technical Training Nicola Ferrini info@nicolaferrini.it.

Benefits of AIS

Effectively managing your software asset inventory to ensure compliance and optimize IT budgets.

Identifying applications and installations that are contrary to your corporate policies.

Analyzing usage to forecast organizational needs.

Enhancing productivity in your IT infrastructure and amongst your staff.

Page 143: Technical Training Nicola Ferrini info@nicolaferrini.it.

AIS Client Properties

Broad support 32-bit and 64-bit support Windows 2000 SP4 or greater Locale neutral

Low impact Small size: ~1.5MB Non-resident in memory when not in use Monitor its state and self heal (daily heartbeat)

Secure communication Mutual authentication with backend service Inventory upload is over SSL Agent per customer account

Page 144: Technical Training Nicola Ferrini info@nicolaferrini.it.

AIS and SMS 2003/SCCM 2007 Additional features of SMS 2003/SCCM 2007

On Premise inside of the firewall Enables both hardware and software inventory Enables real time usage metering of software application

use Why AIS if you already have SMS/SCCM

Through acquisitions organizations may choose to deploy AIS to the acquired company to assist with their due diligence in a lightweight fashion

If the customer has branch office scenarios where they do not have SMS fully deployed

Purchasing/procurement team wants to do a simple software asset review without dependencies on the IT department

Page 145: Technical Training Nicola Ferrini info@nicolaferrini.it.

Why is AIS a Hosted solution?

No expensive servers to maintain + Lower break-even point + Easy to setup + Anywhere access + Predictable cost + High reliability + Need Internet access - Perceived less secure -

Page 146: Technical Training Nicola Ferrini info@nicolaferrini.it.

AIS ProcessSign-in: sign in through passport

Download agent: MSI

package

Deploy agent: using

preferred deployment

method

Clients: set up schedule

and send inventory to the service

View reports: online reports

of software assets