Escape from Expensive Licensing: RemoteApp

Nowadays, the cost involved in the user license for some applications are too high. But off course we cannot avoid this, but for an extent can be minimized smartly by using the RemoteApp. Though RemoteApp is not the first to exist, prior can be done via Citrix.

For example just think about common application used internally which has the per user license, can be published in RemoteApp, in turn used for n number of users.

But there are high end application cover this loop holes, their licensing terms have the virtualizing license terms and also blocked the feasibility of terminal session publish options. As long as the application allows as to work smoothly in RemoteApp, no harm in using it. This can save some serious money for your organization.

Thanks

Logan

Directory Partitions in Active Directory:

We will discuss on the directory partitions in active directory and its purpose served in the windows domain environment. The active directory database is logically separated into directory partitions:

• Schema partition

• Configuration partition

• Domain partition

• Application partition

Each partition is a unit of replication, and each partition has its own replication topology. Replication occurs between replicas of directory partition. Minimum two directory partitions are common among all domain controllers in the same forest: the schema and configuration partitions. All domain controllers which are in the same domain, in addition, share a common domain partition.

Schema Partition

1. Only one schema partition exists per forest.

2. The schema partition is stored on all domain controllers in a forest.

3. The schema partition contains definitions of all objects and attributes that you can create in the directory, and the rules for creating and manipulating them.

4. Schema information is replicated to all domain controllers in the attribute definitions.

Configuration Partition

1. There is only one configuration partition per forest.

2. Second on all domain controllers in a forest.

3. The configuration partition contains information about the forest-wide active directory structure including what domains and sites exist, which domain controllers exist in each forest, and which services are available.

4. Configuration information is replicated to all domain controllers in a forest.

Domain Partition

1. Many domain partitions can exist per forest.

2. Domain partitions are stored on each domain controller in a given domain.

3. A domain partition contains information about users, groups, computers and organizational units.

4. The domain partition is replicated to all domain controllers of that domain. All objects in every domain partition in a forest are stored in the global catalog with only a subset of their attribute values.

Application Partition

1. Application partitions store information about application in Active Directory.

2. Each application determines how it stores, categorizes, and uses application specific information. To prevent unnecessary replication to specific application partitions, you can designate which domain controllers in a forest host specific application partitions. Unlike a domain partitions, an application partition cannot store security principal objects, such as user accounts. In addition, the data in an application partition is not stored in the global catalog.

As an example of application partition, if you use a Domain Name System (DNS) that is integrated with Active Directory you have two application partitions for DNS zones -- ForestDNSZones and DomainDNSZones:

• ForestDNSZones is part of a forest. All domain controllers and DNS servers in a forest receive a replica of this partition. A forest-wide application partition stores the forest zone data.

• DomainDNSZones is unique for each domain. All domain controllers that are DNS servers in that domain receive a replica of this partition. The application partitions store the domain DNS zone in the DomainDNSZones.

Each domain has a DomainDNSZones partition, but there is only one ForestDNSZones partition. No DNS data is replicated to the global catalog server.

The below are some useful commands related to the application partitions in NTDSUTIL,

Creating and deleting application directory partitions,

#CREATE NC dc=application,dc=example,dc=com server.example.com

Or

#CREATE NC dc=application,dc=example,dc=com null

#DELETE NC dc=application,dc=example,dc=com

Creating and deleting replicas,

#ADD NC REPLICA dc=application,dc=example,dc=com server2.example.com

Or

#ADD NC REPLICA dc=application,dc=example,dc=com null

#REMOVE NC REPLICA dc=application,dc=example,dc=com server2.example.com

Or

#REMOVE NC REPLICA dc=application,dc=example,dc=com null

Defining a replication schedule,

#SET NC REPLICATE NOTIFICATION DELAY dc=application,dc=example,dc=com 10 15

Displaying replica information,

#LIST NC REPLICAS dc=application,dc=example,dc=com

Thanks

Logan

New Features in Windows server 2008:

Hi Friends,

Getting busy on testing out some appl like SCCM 2007 and SCOM made me to stay away from blogging, so thought of writing one.

It’s been quite a time for windows server 2003, people already started using windows server 2008 and are happy with the new features available. This article gives you the new features available in Windows server 2008.

1. Role based installation

Windows server 2008 has quite number of roles in the server manager, which can be installed as when required. The below are the roles,

Active Directory Certificate Services

Active Directory Domain Services

Active Directory Federation Services

Active Directory Lightweight Directory Services

Active Directory Rights Management Services

Application Server

DHCP Server

DNS Server

Fax Server

File Services

Hyper-V

Network Policy and Access Services

Print and Document Services

Remote Desktop Services

Web Services (IIS)

Windows Deployment Services

Windows Server Update Services (WSUS)

In the above some of them are new features, which I will discuss later. Also some of the above features are specific to certain edition of the windows server 2008. Please check out http://www.microsoft.com/windowsserver2008/en/us/r2-compare-roles.aspx

2. Server core

One of the expected feature and most welcomed feature which going to drive Microsoft server OS forward is the server core feature. Like UNIX server environment, you can have the server core shell windows alone, no need of having GUI with fancy GUI drivers. But the optional GUI option also available. The trend of having the single shell for server operation in a Microsoft was a dream for most of the system administrator. This server core installation option allows us to install specific server role like DHCP or Print server. So all server operation can be done sufficiently in command prompt, no more GUI specific configuration stuffs required unlike previous versions.

3. Virtualization – Hyper V

Virtualization enables you to have multiple logical servers in a single server provided with all functionality like networking, dedicated memory, high performance, etc. Since virtualization as a technology is a revelation in IT because of its cost reduction. Already we have application like VMWARE and virtual PC making ways. Hyper V along with the server OS is definitely good. Just to make it interest, please check out the below link

http://www.milesconsultingcorp.com/Hyper-V-versus-VMware-Comparison.ASPX to find the comparison between the VMWARE and Hyper V.

4. Powershell

Powershell was as expected one. Since Powershell started making news from the release of the exchange 2007. The entire administrative task can be done with ease using the Powershell, which makes the system administrator life easier. Powershell has the built-in active directory related cmdlets which can be effectively used for multiple purposes.

5. Right Management Services

Data security has been taken to the next level by means of this service. We don’t have answers for the security on documents which the end users who have the access or the mails which have the sensitive information can be forwarded to anyone outside the organization. This service helps in preventing the above scenarios. Since it is integrated with the active directory helps in providing security for file level and also emails.

6. RODC – Read Only Domain Controllers

It is one of the new features which have excellent features in terms of both functionality and design. It provides solution for the scenario like most of the branch offices DC server lacks the quality administration, henceforth chance are there for poisoning the Home DC by replicating the faulty data’s. This RODC only acts as a Read only DC; it won’t be chance to write any data and resulting in no need of sending any update to the main office. So it is unidirectional update i.e., only from normal DC to RODC. RODC do wonders for multi-site work environment.

7. IIS 7.0

IIS 7.0 has been improved mainly in terms of security when compared to the IIS 6.0. I don’t know much about this application interiors, I leave it to you people to check out the new features from the link http://learn.iis.net/page.aspx/110/changes-between-iis-60-and-iis-7-security/ . These improvements are with respect to Authentication, Authorization, SSL, Web Service Extension Restriction List and IP restrictions.

8. Enhanced Terminal Services – Remote desktop Services

The former terminal service has been renamed to Remote desktop Services and which has been significantly improved. The features are the following.

RemoteApp – Server based remote application programs can be accessed in the local computer using the terminal services, which looks like normal execution of the local application.

Web Access – Using this they will be able to access the remote app programs through internet via browser.

Gateway – Using this feature the user will be able to take the remote connection from the outside LAN i.e., from public provided the TS gateway is configured.

9. Network access protection

Network access protection is the new features which mainly related the security. This policy enables us to have the control over the connection to domain network based upon some threshold compliance, in case of any systems which are sort of the threshold compliance; it will force the missing compliance and then allow the host to connect it to the LAN. For e.g., we have the deployed some security patches for all the users, one of the user who is not part of this activity came after a long vacation. There is a chance for some security lapse; here comes the role of NAP to enforce the missing one.

10. Group Policy Management Improvements.

Group Policy Management has many improvements in account policies, password policies, etc. We have special query option in the GPMC console in order to list out the policies which are set or also no need to search for a particular policy in the hierarchy can be easily searched with the namespace.

11. Windows Deployment Services:

Using this deployment services we can even able to deploy the OS. In previous version, this option was not available and also it can be achieved by application like SCCM. Windows Deployment service use the TFTP protocol and makes it comparatively faster. Moreover it has the option for Autocast or schedulecast deployment.

The above are main new features which come to my mind; Security of the Server OS is definitely improved much when compared to the earlier versions.

Hope the above information is useful.

Thanks

Logan

Logu_microsoft@hotmail.com