This document provides a summary of a presentation on migrating Windows XP systems to Windows 7 and securing Windows 7 environments. The presentation includes sessions on migrating to Windows 7 using deployment tools like Windows Easy Transfer and USMT, securing Windows 7 in a Windows Server 2008 R2 environment using features like NAP and DirectAccess, and new Active Directory capabilities in Windows Server 2008 R2 like the AD Administrative Center and recycle bin. It discusses tools, demonstrations, and best practices for migration and management.

1. Migrating Windows XP to Windows 7: Get it done using Microsoft Deployment Tools Harold Wong IT Pro Evangelist Microsoft Corporation blogs.technet.com/haroldwong

2. Event Schedule 8:30am – Introduction and Welcome 8:45am –Session 1: Migrating Windows XP to Windows 7: Get it done using Microsoft Deployment Tools 9:40 – Break 9:55 –Session 2: Securing Windows 7 in a Windows Server 2008 R2 Environment 10:40 – Break 10:55 –Session 3: New Features in Windows Server 2008 R2 Directory Services – Drawing Afternoon MSDN will be here so stick around if you can 

3. Migrating Windows XP to Windows 7:

4. Agenda Windows Easy Transfer Deployment Tools Using USMT Hard-link Migration Summary of Deployment Solutions

5. Windows Easy Transfer Easily Move Files and Settings Supports Windows 2000, Windows XP and Windows Vista Transfer done with: Cable USB Drive Between Computers in a Network

6. Demo Windows Easy Transfer

7. Deployment Tools Automated Installation Toolkit (AIK) User State Migration Tool (USMT) Microsoft Deployment Toolkit (MDT 2010)

8. Automated Installation Toolkit (AIK) Windows System Image Manager (WSIM) ImageX Deployment Image Servicing and Management (DISM) Windows Preinstallation Environment (WinPE) User State Migration Tool (USMT)

9. User State Migration Tool Migrates Files and Settings Computer Replacement and Computer Refresh Migrations Scriptable Hard-Link Migration Store Benefits and Limitations

10. Microsoft Deployment Toolkit 2010 Unified tools and processes Reduced deployment time “Lite-touch” deployments leveraging Windows deployment tools “Zero-touch” deployments leveraging System Center Configuration Manager 2007 and Windows deployment tools. Support for Windows 7, Windows Server R2 .

11. “Lite-Touch” High-Volume Deployment Client Migration Store – AIK and USMT Connected to WORKGROUP Source Computer Run ScanStateand copies user state to shared folder on Windows 7 Client Destination Computer RunLoadStateon new Windows 7 platform and restores Windows XP user state from shared folder on Windows 7 Client Destination Computer RunLoadStateon new Widows 7 platform and restores Windows Vista user state from shared folder on Windows 7 Client Source Computer Run ScanStateand copies user state to shared folder on Windows 7 Client

12. Demo “Lite-Touch” High-Volume Deployment using the User State Migration Tool’s (USMT) Scanstate and Loadstate

13. “Zero-Touch” High-Volume Deployment Migration Store Server Decommission Destination Computer Use Log-on Script, batch file or non-Microsoft technology to run LoadStateon new Windows 7 platform and restores Windows XP user state from server Source Computer Use Log-on Script, batch file or non-Microsoft technology to run ScanStateand copies user state to network server Source Computer Use Log-on Script, batch file or non-Microsoft technology to run ScanStateand copies user state to network server Destination Computer Use Log-on Script, batch file or non-Microsoft technology to runLoadStateon new Windows 7 platform and restores Windows Vista user state from server Source Computer Use Log-on Script, batch file or non-Microsoft technology to run ScanStateand copies user state to network server

14. Summary of Deployment Solutions Slide 14

15. Summary Many Deployment Tools and options for all scenarios from a single PC to 1,000s Easy Transfer makes it simple to move user data New Hard-link Migration Option in USMT

16. TechNet Plus Direct Subscription The ultimate resource for IT professionals. TechNet Plus provides convenient access to full-version Microsoft evaluation software—without time limits! The annual subscription also includes Professional Support incidents, a technical information library, and many other resources for evaluating, deploying, and maintaining Microsoft software. Microsoft software licensed for evaluation purposes. Beta software. Professional Support Incidents. Managed Newsgroup Support. Technical resources for Microsoft products.. Microsoft eLearning courses. Online Concierge Chat. Want a 25% Discount on a new Subscription? Use Discount Code TMSAM04

17. IT Pro Momentum Invitation A Microsoft program focused on supporting “early adopters” – IT professionals who bet on the newest technologies to drive business value for their companies and advance in their careers Are you? Interested in learning more about the newest Microsoft technologies? Need help to evaluate different Microsoft products and features? Willing to test and pilot in production Microsoft beta products? Would like to have access to exclusive forums and Microsoft product support? Want to share your early adoption experience with the IT Pro community world-wide? If you answered ‘yes’ for all the questions above, IT Pro Momentum can help! Send email with “Add to Momentum” in the subject Harold.wong@microsoft.com

18. Momentum 2009 Products

19. Resources for Windows 7 Deployment Windows 7 Deployment Guide http://technet.microsoft.com/en-us/library/dd349337(WS.10).aspx Microsoft Deployment Toolkit 2010 https://connect.microsoft.com/content/content.aspx?ContentID=12463&SiteID=14

20. Break Time: 15 minutes

21. Securing Windows® 7 in a Windows Server® 2008 R2 Environment

22. What Will We Cover? Better Together User Interface Improvements DirectAccess and Terminal Services Gateway Health Policies

23. Agenda Reviewing Network Access Protection Examining Deployment Improvements Exploring Configuration and Management Viewing Network Access Protection Integration Improvements

24. Business and Technical Benefits Reduce the risk of network security threats

25. Business and Technical Benefits Reduce the risk of network security threats Safeguard sensitive data and intellectual property

26. Business and Technical Benefits Reduce the risk of network security threats Safeguard sensitive data and intellectual property Extend the value of existing investments

27. Remediation Servers Example: Patch Network Access Protection Corporate Network Policy Servers such as: Patch, AV 1 DHCP, VPN Switch/Router Windows Client Restricted Network NPS Client requests access to network and presents current health state 1

28. Remediation Servers Example: Patch Network Access Protection Corporate Network Policy Servers such as: Patch, AV 1 2 DHCP, VPN Switch/Router Windows Client Restricted Network NPS DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS) 2

29. Remediation Servers Example: Patch Network Access Protection Corporate Network Policy Servers such as: Patch, AV 3 1 2 DHCP, VPN Switch/Router Windows Client Restricted Network NPS Network Policy Server (NPS) validates against IT-defined health policy 3

30. Remediation Servers Example: Patch Network Access Protection Corporate Network Policy Servers such as: Patch, AV 3 1 2 Not policy compliant 4 DHCP, VPN Switch/Router Windows Client Restricted Network NPS If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1-4) 4

31. Remediation Servers Example: Patch Network Access Protection Corporate Network Policy Servers such as: Patch, AV 3 1 2 Not policy compliant 4 DHCP, VPN Switch/Router Windows Client Restricted Network NPS Policy compliant 5 If policy compliant, client is granted full access to corporate network 5

33. Install NAP

35. NPS Updates NPS Templates Network Policy Server Logging Improvements UTF-8

36. Agenda Reviewing Network Access Protection Examining Deployment Improvements Exploring Configuration and Management Viewing Network Access Protection Integration Improvements

37. Multiple SHV Policy A single server can now enforce a number of different health policies using a single system health validator (SHV) Requires SHV updates for Windows Server 2008 R2

38. New NAP Client User Interface Messaging Integration with Action Center Tray Icon Integration with Windows 7 Action Center

39. Agenda Reviewing Network Access Protection Examining Deployment Improvements Exploring Configuration and Management Viewing Network Access Protection Integration Improvements

40. Integration Improvements Remote Desktop Gateway Microsoft Confidential

41. Integration Improvements Remote Desktop Gateway DirectAccess Microsoft Confidential

42. Integration Improvements Remote Desktop Gateway DirectAccess Microsoft® Forefront™ code name Stirling Microsoft Confidential

43. DirectAccess Technical Details IPv6 Devices IPv4 Devices IT desktop management IPv6 Transition Services Internet DirectAccess Server IPSec encryption and authentication. 2 Tunnels are established - DirectAccess Server acts as gateway Supports variety of remote network protocols Windows 7 Client

44. DirectAccess Technical Details IPv6 Devices IPv4 Devices IT desktop management IPv6 Transition Services AD Group Policy, NAP, software updates Internet DirectAccess Server IPSec encryption and authentication. 2 Tunnels are established - DirectAccess Server acts as gateway Supports variety of remote network protocols Windows 7 Client

45. DirectAccess Technical Details Direct connectivity to IPv6-based Intranet resources IPv6 Devices IPv4 Devices IT desktop management Native IPv6 with IPSec IPv6 Transition Services AD Group Policy, NAP, software updates Internet DirectAccess Server IPSec encryption and authentication. 2 Tunnels are established - DirectAccess Server acts as gateway Supports variety of remote network protocols Windows 7 Client

46. DirectAccess Technical Details Direct connectivity to IPv6-based Intranet resources IPv6 Devices IPv4 Devices Support IPv4 via 6to4 transition services or NAT-PT IT desktop management Native IPv6 with IPSec IPv6 Transition Services AD Group Policy, NAP, software updates Internet DirectAccess Server IPSec encryption and authentication. 2 Tunnels are established - DirectAccess Server acts as gateway Supports variety of remote network protocols Windows 7 Client

48. Break Time: 15 minutes

49. Active Directory Domain Services in Windows Server 2008 R2 Technical Overview

50. What Will We Cover? Identity Management and Simplified Management Capabilities Improved Management of User Accounts Enhanced Windows Management Deployments

51. What Will We Cover? Identity Management and Simplified Management Capabilities Improved Management of User Accounts Enhanced Windows Management Deployments

52. Agenda Active Directory Overview Active Directory Management Managing Active Directory Deployments Identity and Access Management

53. Solutions That Address IT Pro Challenges New Windows PowerShell cmdlets Console Enhancements

54. Solutions That Address IT Pro Challenges New Windows PowerShell cmdlets Console Enhancements Task-Oriented Better Management

55. Solutions That Address IT Pro Challenges New Windows PowerShell cmdlets Console Enhancements Task-Oriented Better Management Analyzers Expanded to All Core Windows Server 2008 R2 Roles

56. Solutions That Address IT Pro Challenges Windows Server 2008 R2 Forest Functional Level New Windows PowerShell cmdlets Console Enhancements Deals with Accidental Object Deletion Deals with Mapping of Various Properties Deals with Pre-Provisioning of Computer Accounts Deals with Managed Service Accounts Task-Oriented Better Management Analyzers Expanded to All Core Windows Server 2008 R2 Roles

57. Agenda Active Directory Overview Active Directory Management Managing Active Directory Deployments Identity and Access Management

58. Active Directory Administrative Center Customizable GUI

59. Active Directory Administrative Center Customizable GUI

60. Active Directory Administrative Center Customizable GUI

61. Demonstration Environment

62. Create an Organizational Unit Create a User Create a New Group and Add a User Demonstration: Creating Objects Using Active Directory Administrative Center

63. Active Directory Recycle Bin Reduces Downtime and Effort AD Objects Are Preserved Functional for AD DS and AD LDS Use LDP.exe or Windows PowerShell Cmdlets

64. Active Directory Recycle Bin—Notes Reduces Downtime and Effort AD Objects Are Preserved Functional for AD DS and AD LDS Use LDP.exe or Windows PowerShell Cmdlets Setup Requirements Adprep must be used for Windows Server 2003 and Windows Server 2008 forest All domain controllers in your Active Directory forest are running Windows Server 2008 R2 Raise the functional level of your Active Directory forest to Windows Server 2008 R2

65. Active Directory Recycle Bin—Notes Reduces Downtime and Effort AD Objects Are Preserved Functional for AD DS and AD LDS Use LDP.exe or Windows PowerShell Cmdlets Setup Requirements Adprep must be used for Windows Server 2003 and Windows Server 2008 forest All domain controllers in your Active Directory forest are running Windows Server 2008 R2 Raise the functional level of your Active Directory forest to Windows Server 2008 R2 In this release, the process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, you cannot disable it.

66. Enable Active Directory Recycle Bin View Objects That Are in the Deleted Objects Container Restore Deleted Objects Demonstration: Working with the Active Directory Recycle Bin

67. Agenda Active Directory Overview Active Directory Management Managing Active Directory Deployments Identity and Access Management

68. Best Practices Analyzer 1 BPA Run Time

69. Best Practices Analyzer AD DS BPA Windows PowerShell Script 1 BPA Run Time

71. Operation master connectivity rules

72. Operation master ownership rules

73. Number of controllers in the domain

74. Required services rules

75. Replication configurations rules

76. W32time configuration rules

77. Virtual machine configuration rulesBest Practices Analyzer AD DS BPA Windows PowerShell Script 1 BPA Run Time

79. Operation master connectivity rules

80. Operation master ownership rules

81. Number of controllers in the domain

82. Required services rules

83. Replication configurations rules

84. W32time configuration rules

85. Virtual machine configuration rulesSchema 2 BPA Run Time AD DS BPA Windows PowerShell Script Document 1 BPA Run Time

87. Operation master connectivity rules

88. Operation master ownership rules

89. Number of controllers in the domain

90. Required services rules

91. Replication configurations rules

92. W32time configuration rules

93. Virtual machine configuration rulesSchema 2 BPA Run Time AD DS BPA Windows PowerShell Script Document 3 BPA Run Time AD DS BPA Rules Set 1 BPA Run Time

95. Operation master connectivity rules

96. Operation master ownership rules

97. Number of controllers in the domain

98. Required services rules

99. Replication configurations rules

100. W32time configuration rules

101. Virtual machine configuration rulesSchema 2 BPA Run Time AD DS BPA Windows PowerShell Script Document 3 BPA Run Time AD DS BPA Report AD DS BPA Rules Set 1 BPA Run Time AD DS BPA Guidance

102. Agenda Active Directory Overview Active Directory Management Managing Active Directory Deployments Identity and Access Management

103. Offline Domain Join Djoin.exe Reduces time and effort for large-scale deployments Establishes trust between operating system and Active Directory Domain

104. Offline Domain Join Djoin.exe Reduces time and effort for large-scale deployments Establishes trust between operating system and Active Directory Domain Advantages AD state changes are completed without network traffic to the computer Computer state changes are completed without any network traffic to a domain controller Each change can be completed at different times

105. Offline Domain Join —Notes Djoin.exe Reduces time and effort for large-scale deployments Establishes trust between operating system and Active Directory Domain Advantages AD state changes are completed without network traffic to the computer Computer state changes are completed without any network traffic to a domain controller Each change can be completed at different times Special Considerations Run on Windows® 7 or Windows Server 2008 R2 Must have user rights to join workstation to the domain Defaults target domain controller running a version of Windows Server 2008 R2

106. Perform an Offline Domain Join Demonstration: Using Offline Domain Join

107. Management of Service Accounts Less Disruption of Service Reduce Recurrent Administrative Tasks Domain-Based Service Accounts Managed by AD Enhanced Security Local Accounts SQL IIS

108. Management of Service Accounts Less Disruption of Service Reduce Recurrent Administrative Tasks Domain-Based Service Accounts Managed by AD Enhanced Security Managed Service Account Local Accounts SQL IIS

109. Management of Service Accounts Less Disruption of Service Reduce Recurrent Administrative Tasks Domain-Based Service Accounts Managed by AD Enhanced Security Managed Service Account Virtual Accounts Local Accounts SQL IIS

110. Management of Service Accounts Less Disruption of Service Reduce Recurrent Administrative Tasks Domain-Based Service Accounts Managed by AD Enhanced Security Administrative Benefits Create class domain accounts Accounts are now reset automatically SPN management tasks are not completed Can be delegated to non-administrators Managed Service Account Virtual Accounts Local Accounts SQL IIS

112. The new Active Directory Administrative Console and Windows PowerShell module allow for flexible discovery and output

113. Use and implement the new features of Windows Server 2008 R2 Domain Services