This document provides a summary of a presentation on migrating Windows XP systems to Windows 7 and securing Windows 7 environments. The presentation includes sessions on migrating to Windows 7 using deployment tools like Windows Easy Transfer and USMT, securing Windows 7 in a Windows Server 2008 R2 environment using features like NAP and DirectAccess, and new Active Directory capabilities in Windows Server 2008 R2 like the AD Administrative Center and recycle bin. It discusses tools, demonstrations, and best practices for migration and management.
1. Migrating Windows XP to Windows 7: Get it done using Microsoft Deployment Tools Harold Wong IT Pro Evangelist Microsoft Corporation blogs.technet.com/haroldwong
2. Event Schedule 8:30am – Introduction and Welcome 8:45am –Session 1: Migrating Windows XP to Windows 7: Get it done using Microsoft Deployment Tools 9:40 – Break 9:55 –Session 2: Securing Windows 7 in a Windows Server 2008 R2 Environment 10:40 – Break 10:55 –Session 3: New Features in Windows Server 2008 R2 Directory Services – Drawing Afternoon MSDN will be here so stick around if you can
4. Agenda Windows Easy Transfer Deployment Tools Using USMT Hard-link Migration Summary of Deployment Solutions
5. Windows Easy Transfer Easily Move Files and Settings Supports Windows 2000, Windows XP and Windows Vista Transfer done with: Cable USB Drive Between Computers in a Network
7. Deployment Tools Automated Installation Toolkit (AIK) User State Migration Tool (USMT) Microsoft Deployment Toolkit (MDT 2010)
8. Automated Installation Toolkit (AIK) Windows System Image Manager (WSIM) ImageX Deployment Image Servicing and Management (DISM) Windows Preinstallation Environment (WinPE) User State Migration Tool (USMT)
9. User State Migration Tool Migrates Files and Settings Computer Replacement and Computer Refresh Migrations Scriptable Hard-Link Migration Store Benefits and Limitations
10. Microsoft Deployment Toolkit 2010 Unified tools and processes Reduced deployment time “Lite-touch” deployments leveraging Windows deployment tools “Zero-touch” deployments leveraging System Center Configuration Manager 2007 and Windows deployment tools. Support for Windows 7, Windows Server R2 .
11. “Lite-Touch” High-Volume Deployment Client Migration Store – AIK and USMT Connected to WORKGROUP Source Computer Run ScanStateand copies user state to shared folder on Windows 7 Client Destination Computer RunLoadStateon new Windows 7 platform and restores Windows XP user state from shared folder on Windows 7 Client Destination Computer RunLoadStateon new Widows 7 platform and restores Windows Vista user state from shared folder on Windows 7 Client Source Computer Run ScanStateand copies user state to shared folder on Windows 7 Client
13. “Zero-Touch” High-Volume Deployment Migration Store Server Decommission Destination Computer Use Log-on Script, batch file or non-Microsoft technology to run LoadStateon new Windows 7 platform and restores Windows XP user state from server Source Computer Use Log-on Script, batch file or non-Microsoft technology to run ScanStateand copies user state to network server Source Computer Use Log-on Script, batch file or non-Microsoft technology to run ScanStateand copies user state to network server Destination Computer Use Log-on Script, batch file or non-Microsoft technology to runLoadStateon new Windows 7 platform and restores Windows Vista user state from server Source Computer Use Log-on Script, batch file or non-Microsoft technology to run ScanStateand copies user state to network server
15. Summary Many Deployment Tools and options for all scenarios from a single PC to 1,000s Easy Transfer makes it simple to move user data New Hard-link Migration Option in USMT
16. TechNet Plus Direct Subscription The ultimate resource for IT professionals. TechNet Plus provides convenient access to full-version Microsoft evaluation software—without time limits! The annual subscription also includes Professional Support incidents, a technical information library, and many other resources for evaluating, deploying, and maintaining Microsoft software. Microsoft software licensed for evaluation purposes. Beta software. Professional Support Incidents. Managed Newsgroup Support. Technical resources for Microsoft products.. Microsoft eLearning courses. Online Concierge Chat. Want a 25% Discount on a new Subscription? Use Discount Code TMSAM04
17. IT Pro Momentum Invitation A Microsoft program focused on supporting “early adopters” – IT professionals who bet on the newest technologies to drive business value for their companies and advance in their careers Are you? Interested in learning more about the newest Microsoft technologies? Need help to evaluate different Microsoft products and features? Willing to test and pilot in production Microsoft beta products? Would like to have access to exclusive forums and Microsoft product support? Want to share your early adoption experience with the IT Pro community world-wide? If you answered ‘yes’ for all the questions above, IT Pro Momentum can help! Send email with “Add to Momentum” in the subject Harold.wong@microsoft.com
19. Resources for Windows 7 Deployment Windows 7 Deployment Guide http://technet.microsoft.com/en-us/library/dd349337(WS.10).aspx Microsoft Deployment Toolkit 2010 https://connect.microsoft.com/content/content.aspx?ContentID=12463&SiteID=14
25. Business and Technical Benefits Reduce the risk of network security threats Safeguard sensitive data and intellectual property
26. Business and Technical Benefits Reduce the risk of network security threats Safeguard sensitive data and intellectual property Extend the value of existing investments
27. Remediation Servers Example: Patch Network Access Protection Corporate Network Policy Servers such as: Patch, AV 1 DHCP, VPN Switch/Router Windows Client Restricted Network NPS Client requests access to network and presents current health state 1
28. Remediation Servers Example: Patch Network Access Protection Corporate Network Policy Servers such as: Patch, AV 1 2 DHCP, VPN Switch/Router Windows Client Restricted Network NPS DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS) 2
29. Remediation Servers Example: Patch Network Access Protection Corporate Network Policy Servers such as: Patch, AV 3 1 2 DHCP, VPN Switch/Router Windows Client Restricted Network NPS Network Policy Server (NPS) validates against IT-defined health policy 3
30. Remediation Servers Example: Patch Network Access Protection Corporate Network Policy Servers such as: Patch, AV 3 1 2 Not policy compliant 4 DHCP, VPN Switch/Router Windows Client Restricted Network NPS If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1-4) 4
31. Remediation Servers Example: Patch Network Access Protection Corporate Network Policy Servers such as: Patch, AV 3 1 2 Not policy compliant 4 DHCP, VPN Switch/Router Windows Client Restricted Network NPS Policy compliant 5 If policy compliant, client is granted full access to corporate network 5
37. Multiple SHV Policy A single server can now enforce a number of different health policies using a single system health validator (SHV) Requires SHV updates for Windows Server 2008 R2
38. New NAP Client User Interface Messaging Integration with Action Center Tray Icon Integration with Windows 7 Action Center
42. Integration Improvements Remote Desktop Gateway DirectAccess Microsoft® Forefront™ code name Stirling Microsoft Confidential
43. DirectAccess Technical Details IPv6 Devices IPv4 Devices IT desktop management IPv6 Transition Services Internet DirectAccess Server IPSec encryption and authentication. 2 Tunnels are established - DirectAccess Server acts as gateway Supports variety of remote network protocols Windows 7 Client
44. DirectAccess Technical Details IPv6 Devices IPv4 Devices IT desktop management IPv6 Transition Services AD Group Policy, NAP, software updates Internet DirectAccess Server IPSec encryption and authentication. 2 Tunnels are established - DirectAccess Server acts as gateway Supports variety of remote network protocols Windows 7 Client
45. DirectAccess Technical Details Direct connectivity to IPv6-based Intranet resources IPv6 Devices IPv4 Devices IT desktop management Native IPv6 with IPSec IPv6 Transition Services AD Group Policy, NAP, software updates Internet DirectAccess Server IPSec encryption and authentication. 2 Tunnels are established - DirectAccess Server acts as gateway Supports variety of remote network protocols Windows 7 Client
46. DirectAccess Technical Details Direct connectivity to IPv6-based Intranet resources IPv6 Devices IPv4 Devices Support IPv4 via 6to4 transition services or NAT-PT IT desktop management Native IPv6 with IPSec IPv6 Transition Services AD Group Policy, NAP, software updates Internet DirectAccess Server IPSec encryption and authentication. 2 Tunnels are established - DirectAccess Server acts as gateway Supports variety of remote network protocols Windows 7 Client
50. What Will We Cover? Identity Management and Simplified Management Capabilities Improved Management of User Accounts Enhanced Windows Management Deployments
51. What Will We Cover? Identity Management and Simplified Management Capabilities Improved Management of User Accounts Enhanced Windows Management Deployments
52. Agenda Active Directory Overview Active Directory Management Managing Active Directory Deployments Identity and Access Management
53. Solutions That Address IT Pro Challenges New Windows PowerShell cmdlets Console Enhancements
54. Solutions That Address IT Pro Challenges New Windows PowerShell cmdlets Console Enhancements Task-Oriented Better Management
55. Solutions That Address IT Pro Challenges New Windows PowerShell cmdlets Console Enhancements Task-Oriented Better Management Analyzers Expanded to All Core Windows Server 2008 R2 Roles
56. Solutions That Address IT Pro Challenges Windows Server 2008 R2 Forest Functional Level New Windows PowerShell cmdlets Console Enhancements Deals with Accidental Object Deletion Deals with Mapping of Various Properties Deals with Pre-Provisioning of Computer Accounts Deals with Managed Service Accounts Task-Oriented Better Management Analyzers Expanded to All Core Windows Server 2008 R2 Roles
57. Agenda Active Directory Overview Active Directory Management Managing Active Directory Deployments Identity and Access Management
62. Create an Organizational Unit Create a User Create a New Group and Add a User Demonstration: Creating Objects Using Active Directory Administrative Center
63. Active Directory Recycle Bin Reduces Downtime and Effort AD Objects Are Preserved Functional for AD DS and AD LDS Use LDP.exe or Windows PowerShell Cmdlets
64. Active Directory Recycle Bin—Notes Reduces Downtime and Effort AD Objects Are Preserved Functional for AD DS and AD LDS Use LDP.exe or Windows PowerShell Cmdlets Setup Requirements Adprep must be used for Windows Server 2003 and Windows Server 2008 forest All domain controllers in your Active Directory forest are running Windows Server 2008 R2 Raise the functional level of your Active Directory forest to Windows Server 2008 R2
65. Active Directory Recycle Bin—Notes Reduces Downtime and Effort AD Objects Are Preserved Functional for AD DS and AD LDS Use LDP.exe or Windows PowerShell Cmdlets Setup Requirements Adprep must be used for Windows Server 2003 and Windows Server 2008 forest All domain controllers in your Active Directory forest are running Windows Server 2008 R2 Raise the functional level of your Active Directory forest to Windows Server 2008 R2 In this release, the process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, you cannot disable it.
66. Enable Active Directory Recycle Bin View Objects That Are in the Deleted Objects Container Restore Deleted Objects Demonstration: Working with the Active Directory Recycle Bin
67. Agenda Active Directory Overview Active Directory Management Managing Active Directory Deployments Identity and Access Management
93. Virtual machine configuration rulesSchema 2 BPA Run Time AD DS BPA Windows PowerShell Script Document 3 BPA Run Time AD DS BPA Rules Set 1 BPA Run Time
101. Virtual machine configuration rulesSchema 2 BPA Run Time AD DS BPA Windows PowerShell Script Document 3 BPA Run Time AD DS BPA Report AD DS BPA Rules Set 1 BPA Run Time AD DS BPA Guidance
102. Agenda Active Directory Overview Active Directory Management Managing Active Directory Deployments Identity and Access Management
103. Offline Domain Join Djoin.exe Reduces time and effort for large-scale deployments Establishes trust between operating system and Active Directory Domain
104. Offline Domain Join Djoin.exe Reduces time and effort for large-scale deployments Establishes trust between operating system and Active Directory Domain Advantages AD state changes are completed without network traffic to the computer Computer state changes are completed without any network traffic to a domain controller Each change can be completed at different times
105. Offline Domain Join —Notes Djoin.exe Reduces time and effort for large-scale deployments Establishes trust between operating system and Active Directory Domain Advantages AD state changes are completed without network traffic to the computer Computer state changes are completed without any network traffic to a domain controller Each change can be completed at different times Special Considerations Run on Windows® 7 or Windows Server 2008 R2 Must have user rights to join workstation to the domain Defaults target domain controller running a version of Windows Server 2008 R2
106. Perform an Offline Domain Join Demonstration: Using Offline Domain Join
107. Management of Service Accounts Less Disruption of Service Reduce Recurrent Administrative Tasks Domain-Based Service Accounts Managed by AD Enhanced Security Local Accounts SQL IIS
108. Management of Service Accounts Less Disruption of Service Reduce Recurrent Administrative Tasks Domain-Based Service Accounts Managed by AD Enhanced Security Managed Service Account Local Accounts SQL IIS
109. Management of Service Accounts Less Disruption of Service Reduce Recurrent Administrative Tasks Domain-Based Service Accounts Managed by AD Enhanced Security Managed Service Account Virtual Accounts Local Accounts SQL IIS
110. Management of Service Accounts Less Disruption of Service Reduce Recurrent Administrative Tasks Domain-Based Service Accounts Managed by AD Enhanced Security Administrative Benefits Create class domain accounts Accounts are now reset automatically SPN management tasks are not completed Can be delegated to non-administrators Managed Service Account Virtual Accounts Local Accounts SQL IIS
111.
112. The new Active Directory Administrative Console and Windows PowerShell module allow for flexible discovery and output
113. Use and implement the new features of Windows Server 2008 R2 Domain Services