ppd windows update 2009 christmas lecture (16/12/2009) by kevin dunford
TRANSCRIPT
PPD Windows update 2009
Christmas lecture (16/12/2009)By Kevin Dunford
Contents • Windows 7 64 bit – Hyper-V &
BitLocker• Hardware – Desktops & Laptops• Going Green • Coffee• Web services• Windows Security• Windows 2008 Servers - Printing,
DHCP, Active Directory• Work in progress & plans for 2010
Windows 7 64 bit• IT Service Delivery Committee – Windows 7 Working Group (RAL,
DL, UKATC (Edinburgh), RCUK (Swindon))
• One Windows 7 Enterprise image* file for both desktops and laptops with common applications (Office 2007, Exceed 2008…)
• Each department IT team customise: additional applications & settings
• Windows 7 – big improvement over Vista (All the little nagging problems fixed, or improved)
– Issue with Vista - User Access Control, CPU going 90~100% when operating system is idle
Temporally stopped deploying Windows 7 to desktopsWaiting on ITSOC (Information Strategy and Oversight Committee) Jan 2010Will Windows 7 be added to Campus Agreement (Funding)????
If not.... PPD purchase licenses - Enterprise (laptops) Professional (desktops) * Two images \ have to re-clone desktops
Slide 1
Virtual computing
•Hyper-V replaces Virtual Machine - Windows XP - non compatible applications – installed on case by case basis. •Only install 32bit Operating Systems•Host system inherits Hyper-V applications – runs Hyper–V in background
BitLocker
•Windows 7 Bitlocker is still to be reviewed for FIPS140-2 certification, uses same technology as that in Vista, which is FIPS120-2 certified.
•BitLocker (Full disk Encryption) PIN can now use numbers, letters and symbols•Integrated STFC new password policy: Length (10) and complexity •BitLocker To Go - USB drives - Compatible with Windows XP, Vista and Windows 7 but doesn’t work on Mac or Linux
Slide 2
• BitLocker restricted symbols due to US keyboard remapping at boot: @ “ £ # ~ ¬ ¦
US keyboard
UK keyboard
Desktops & Laptops - Hardware• PPD purchase around 20 new Dell OptiPlex desktops every year for business
computing. • Hardware specification - Desktop & Laptops: Core 2 Duo Processors, 4GB’s RAM
& 160GB’s HDD• Desktop monitor - AGP\DVI dual graphics card (Advanced Graphics Port \Digital
Video Input) 1 * Dell 20” TFT (Thin Film Transistor) monitor
Laptop Latitude rangeE 4300 starting weight 3.3lb £1000 (very popular) E 6400 starting weight 4.3lb £900
Laptop desktop replacement Computer group will contribute £400 towards total cost (MUST include docking
station)
PPD laptop loan pool – 4 * E4300 solid state HDD and battery slate (7 hours) with Windows 7 Enterprise
Slide 3
Going green • Dell desktops Optiplex 960
– Energy Smart power management - 90% efficient • EPEAT-Gold, TCO 05, and Blue Angel certification
– “Built with post-consumer recycled content” – 10%• Small print - available on systems ordered after December 2008
– “Dell's ultra-silent QuietKit noise-reduction solution”
• Dell servers R610 - Energy smart PSU’s & QUIET!!!• Since 2006 - Friday 10pm desktops remote shutdown• Mon ~ Thurs - Lock your accounts and turn off monitors when
going home.• Windows 7 & Vista – Configure Power Options from control
panel (Sleep: display\computer) • Unnecessary printing \ printing to wrong device
Slide 4
Tea and biscuits anyone?
Back in 15 minutes
No peeking!!!
New services – Alan Doo
• WebDAV (Web-based Distributed Authoring and Versioning) – Access DFS T:\ppdfiles – via internet – Authenticated with CLRC accounts & monitor who has access– Restricted access (DNS) Only available from RAL, ILL (France) and JPARC
(Japan)
• Remote Wake on LAN (Power on office\lab computers while offsite)
– Hosted on the secure external PPD home page – Authenticated with CLRC accounts
Slide 5
Windows Security• Alan Doo has built a new Windows 2008 server managing
Sophos and Windows Updating Server (WUS) visible externally. • All laptops owned by PPD has to be….
– Encrypted (FDE) Windows XP PointSec, Vista & Windows 7 BitLocker– Report to our Sophos server– Report to our WUS– Running Windows Firewall
• PPD laptops off site Sophos messages• Sophos for home: \\hepwin2003f\packages• Local admin accounts (laptops & lab computers)
Slide 6
Windows 2008 - (DHCP) Dynamic Host Configuration Protocol & printing
• Disabled open DHCP addresses• All desktops and laptops get IP addresses from DHCP server • Visitors laptops wishing to access the PPD network has to be
registered on the DHCP server.– Prerequisites: laptops will require an inspection by a member of the PPD
computer group (Anti Virus, Windows updates and Firewall) and a ‘PPD LAN connection request‘ form completed.
• Visitors network in your office
• Printers now hosted on HEPWIN2008A (Windows, Mac & Linux)• Automatically deployed to Windows 7 and Vista desktops• Opened ports from visitors network to PPD network (LPD & IPP)*
*This service may be removed! Networking investigating alternatives
Slide 7
Windows 2008 Active Directory
• Migrated from Windows 2003 Active directory to Windows 2008 (lots more Group Polices to play with).
Things you see• Logon screen security policy message (which you all read!!!)• Default logon domain CLRC• Drive mappings H:\, S:\ and T:\ and profile redirections• Default Internet Explorer bookmarks: PPD home page, SSC… • Microsoft Office configuration • Printers (Vista & Windows 7)
Things you don’t see• Laptops – Firewall and BitLocker configuration• Laptops – Wait for network now only 10 seconds (Windows 7)• Restricting your access to the terminal server and Virtual machines • Windows update configuration• Event logging configuration• Admin accounts
Slid8 8
Windows 2008 – Veritas Backup Exec 13
Slide 9
Proposed backup schedule • Daily – H:\, Experiments, Group’s, HEPWIN2003F O/S, web sites,
HEPWIN2003G O/S, Active Directory servers and HEPLNX163 (Keep in robot library - 4 weeks)
• Weekly – all of the above + Windows servers O/S, user profiles, HEPLNX165 (PPD fire safe - 8 weeks)
• Monthly – all of the above + kits$, images$, Packages, Old_Users, users-archive (Space Science fire safe – 1 year)
Shadow Copy: H:\, groups, Experiments Right click on file or folder and select ‘Previous Versions’ tab
Windows 2008 – SCCM
Slide 10
Alan Doo – building a ‘System Centre Configuration Manager’ Server
• Monitor the Windows servers• Deploy and update third party applications like:
Adobe, FireFox, Java, Exceed and OpenAFS.• Generates reports: software & hardware• Investigating – Off site remote management -
laptops
Plans for 2010 (funding permitted)
• Continue with deploying Windows 7 to department. Windows 7 workgroup – additional Group Policies
(Firewall)
• Investing PPD file storage \ web server requirements for the next 5 years (PPD IT forum)– Build new file server \ web server
• Email – New Exchange 2003 server in testing hardware (Dell R710)
Slide 11
Thank you