Search This Blog

Saturday, October 1, 2011

Turn a PC Off or Leave It On?

Call me a tree-hugger if you must, but I see no reason to keep a computer on when it's not in use. That wastes electricity, which is bad for your pocketbook and bad for the planet. And it's probably bad for the computer.

Yes, I have seen occasional arguments that shutting down a computer, then starting it up cold, cause more wear and tear than leaving it on for 12 hours. I just don't buy them. All computers potentially suffer from heat problems, and one that never gets a chance to cool down will suffer from more of them.

Besides, a computer that's off is a computer that can't be infected with malware or behave under orders from afar if it's already infected.

If you don't like starting your computer fresh every morning, you can hibernate it rather than shutting it down. From the hardware and power-consumption points of view, there's no difference between shutting down a PC and hibernating it. But there is a difference in what happens when you boot it again in the morning. A shutdown PC will give Windows a fresh start, clear of any digital cobwebs it acquired since its last boot. A hibernated PC will wake up where you left it, with the same programs, files, and windows open.

Which you prefer is a matter of personal choice, although you should probably shut it down at least once a week to clear those cobwebs.

Friday, September 30, 2011

10 Network Admin Apps for iOS

Among the hundreds of thousands of apps in the iTunes App Store, there are numerous tools and utilities to help in network administration. They can assistance with monitoring, managing, tracking, troubleshooting, and connecting. Here we’ll look at 10 of these apps.

1. Spiceworks (Free)

This is a client for the Spiceworks IT management solution, which is 100% free ad-based software. It helps with network monitoring, helpdesk and ticketing, UPS power management, and asset inventory. The iOS and Android app lets IT staff view devices, work tickets, access user info, read IT discussions, and more.

The app lets you view your network and PC inventory. You can view, create, edit, close, and re-open trouble tickets. You can lookup contact info for end users and manage user details, with support of Active Directory. Additionally, you can communicate with other IT pros in the Spiceworks community.

2. Rove Mobile Admin Client (Free)

This is a client for the Rove Mobile Admin IT management solution and is designed for both the iPhone/iPod Touch and iPad. It helps you manage and track your IT issues, your network and computers, and integrates with a variety of third party systems and services. Though the app is free, you must have separately purchased and installed the Rove Mobile Admin server on your network, for which they offer a 14-day free trial for.

You get real-time alerts from the Rove Monitoring System, Microsoft System Center Operations Manager, BMC Performance Manager Portal, Nagios Monitoring, BMC Remedy Service Desk, CA Service Desk, and Symantec Backup Exec. You get also monitoring capabilities for Microsoft System Center Operations Manager, BMC Performance Manager Portal, and Nagios Monitoring. Additionally, virtualization control supported for VMware Infrastructure and Microsoft Hyper-V.

It offers incident report editing and searching for BMC Remedy Service Desk and CA Service Desk and Change Orders. It features mail system administration support for Microsoft Exchange and Domino. It provides numerous Windows management capabilities, including Command Prompt, Event Viewer, Local Users and Groups, File Explorer, Printers, Restart, Scheduled Tasks, Shared Folders, Services, System Information, Task Manager, Terminal Services, PowerShell, and Dial-up Connections

It supports the Active Directory and Novell Console directories. Database support includes Microsoft SQL Server and Oracle. Also supported is backup system administration of Symantec BackupExec and Symantec NetBackup. Additionally, it features management of the Microsoft IIS web server.

3. Network Utility (Free or $0.99)

This app lets you ping websites or servers using a hostname or IP address, useful during troubleshooting connectivity issues or for occasional checks. Additionally, it can do simple TCP/IP port scans, GeoIP lookups with Google Maps, or Whois queries. It also offers IP address information and can save remote addresses.

The free version includes the same features but the Pro version eliminates the Ads.

4. Scanny ($5.99)

This is a fairly advanced port scanner with additional network tools. It’s great for looking up info on devices, troubleshooting, and network security auditing. It scans the network and displays detailed device information on clients. This includes the IP and MAC address, vendor name, Windows and Bonjour hostnames, device names (UPnP, SSDP, DLNA), and opened ports. It also includes the basic networking utilities: ping, traceroute, Wake-on-LAN (WOL), Whois, and Geo IP. Additionally, it shows information about your active network connection, along with the public IP address.

You can type in a single domain name or IP of a server/device or enter a range to scan specific addresses or the entire network. Scan for devices via ICMP, TCP and UDP located on the local network or out on the Internet. Though all the popular services/ports are predefined, you can add custom entries.

To better analyze the scanning results, you can sort, copy, or email them. You can sort alphabetically by name or by the IP. It can also group the results into multiple histories.

5. AD HelpDesk (Free or $7.99)

This app lets you do Active Directory (AD) user account management. It securely connects directly to the AD server and doesn’t require any server-side software. You can diagnose and fix user account issues, such as disabled, locked, and password expired accounts.

It enables you to reset user passwords, force reset at next login, unlock accounts, enable/disable user or computer accounts, edit user and computer attributes, and manage groups and group membership. You can even send new password reminders to users via text message from your iPhone.

The free version includes all the same features and functionality of the full paid version but doesn’t offer the native iPad interface.

6. ADManger Mobile ($4.99)

This is another Active Directory (AD) management tool, designed for the iPhone and iPod Touch. You can create and modify user accounts, including passwords, unlocking, and force change on next login. In addition to user account management, it offers management of contacts, computers, groups, and organizational units. It also offers search capability of Active Directory by keyword and/or object type.

7. VMware vSphere Client for iPad (Free)

This offers a mobile interface to the VMware vSphere client so you can monitor and manage your vSphere hosts and virtual machines. You have the ability to start, stop and suspend virtual machines, and view and restore their snapshots. You can also reboot vSphere hosts or enable maintenance mode. Additionally, the built-in ping and traceroute tools come in handy when troubleshooting.

This app requires VMware vSphere or VMware vCenter Server 4.x or higher. Additionally, the vCenter Mobile Access (vCMA) virtual appliance is required. You must also have a network connection to the vCMA virtual appliance, which you can do via the built-in VPN client.

8. iSSH - SSH / VNC Console ($9.99)

This is a SSH, Telnet, VNC, and RDP client, also with an X server. It’s designed for both the iPhone/iPod Touch and iPad. Multiple concurrent connections are supported on standard or custom ports. You can save unlimited connection configurations, organize them into groups, and import/export between devices. Additionally, it can generate RSA and DSA keys and distribute them via email, password-connected SSH or pasteboard.

9. MySQL Mobile Database Client ($7.99)

You can directly connect to MySQL databases (versions 3 – 5), to browse, search, and update data. You can also run queries or use custom SQL, generate charts, and build reports. It features exporting data to Numbers, Mail, CSV files, or saving for offline access. For secure access, it has a built-in SSH client or you can use a third-party VPN client.

10. iRemoteWin (Free or $2.99)

This is a Remote Desktop client for connecting to Windows PCs via the native Microsoft RDP protocol. iRemoteWin is the iPhone and iPod Touch version and iRemoteWin HD is version designed for the iPad. These can be useful to view your files or use your applications, or for troubleshooting other computers. You can save the connection settings for the PCs. It even supports multiple simultaneous sessions and the ability to easily switch between sessions.

It lets you scroll/pan/zoom the screen in both portrait and landscape, operate the mouse, and drag and drop. It also includes a tool bar for copy/cut/paste, the Windows key, Tab key, and other shortcuts.

All the Windows editions that natively support RDP are supported. You can connect to Windows XP Professional or Media Center 2005, Windows Vista Business, Ultimate and Enterprise; and Windows 7 Professional, Ultimate and Enterprise. Windows Server and Windows Small Business Server are also supported.

Do Not Require Login to Access Shared Folders

Open access to shared folders so users don't have to enter a username and password.

If you share folders on your Windows PCs, you can require remote users on the network to login in order to access them. If you don’t want remote users to be required to login, you can also disable this functionality:

Open the Run dialog or a Command Prompt, and then enter the following and hit Enter: control userpasswords2

On the dialog box that appears, uncheck the Users must enter a user name and password to use this computer check box, and then click OK.

Thursday, September 29, 2011

Advanced Group Policy Management - Editing Controlled GPOs

Editing a Controlled GPO

In the previous article of this series, Jacky Chen, an AGPM Editor, proposed creating a new controlled GPO named New York Computers – Power GPO. Karen Berg, an AGPM Approver, received Jacky's request and approved it. Karen then deployed the new GPO into the CONTOSO production environment and linked it to the New York Computers OU so the policy settings configured in the GPO would be applied to computers in that OU. However, the New York Computers – Power GPO was deployed in a pristine state, that is, with no policy settings configured. In line with company policy, Jacky now proposes that the active power plan for New York computers be changed to Power Saver.

Jacky begins by logging on to his administrator workstation and opens the Group Policy Management Console (GPMC). He selects the Change Control node and then on the Controlled tab as shown here:


Figure 1: Step 1 of editing the controlled GPO.

Before Jacky can edit the controlled GPO, he must first check the GPO out of the AGPM archive. Checking a GPO out of the archive prevents any other AGPM Editor from making changes to the GPO until Jacky finishes working with it. To check out the New York Computers – Power GPO, Jacky right-clicks on it and selects Check Out as shown here:


Figure 2: Step 2 of editing the controlled GPO.

In the Check Out GPO dialog that displays next, Jacky enters a comment to help track the history of all changes made to the GPO:


Figure 3: Step 3 of editing the controlled GPO.

After clicking OK, the checked out GPO is displayed with a red icon on the Controlled tab:


Figure 4: Step 4 of editing the controlled GPO.

The checked out GPO can now be edited, so Jacky right-clicks on the GPO and selects Edit from the context menu:


Figure 5: Step 5 of editing the controlled GPO.

Doing this opens the New York Computers – Power GPO in the Group Policy Management Editor for editing. Jacky navigates to the Select An Active Power Plan policy setting as shown next:


Figure 6: Step 6 of editing the controlled GPO.

Jacky double-clicks on the Select An Active Power Plan policy setting to open it for editing. He then enables the policy setting and selects Power Saver as the Active Power Plan:


Figure 7: Step 7 of editing the controlled GPO.

After clicking OK to close the policy setting and then closing the Group Policy Management Editor, Jacky returns to the Change Control node of the GPMC. He then right-clicks on the New York Computers – Power GPO on the Controlled tab and selects Check In to check the modified GPO back into the AGPM archive:


Figure 8: Step 8 of editing the controlled GPO.

In the Check In GPO dialog that is displayed next, Jacky enters a comment so the history of changes made to this GPO can be more easily tracked in the future:


Figure 9: Step 9 of editing the controlled GPO.

The New York Computers – Power GPO has now been configured, but only on the copy that is stored in the AGPM archive. The copy of this controlled GPO that exists in the CONTOSO production environment (i.e. in SYSVOL) has not been changed at this point, but Jacky is confident that he's configured the right policy changes so he decides to request redeployment of the GPO he has just modified. To do this, Jacky again right-clicks on the New York Computers – Power GPO and this time he selects Deploy from the shortcut menu:


Figure 10: Jacky requests redeployment of the controlled GPO he just modified.

Jacky adds his comment to the Submit Deploy Request as shown below:


Figure 11: Jacky's request for redeploying the controlled GPO to production.

Once Karen receives Jacky's Submit Deploy Request email via AGPM, it's up to her to review the changes and decide whether the modified GPO should be rolled out production. That's what we'll look at next.

Reviewing and Redeploying the Modified GPO

Karen, who as an AGPM Approver also holds the AGPM Reviewer role, is now going to review the changes that Jacky has made to the archived copy of the New York Computers – Power GPO and then redeploy the modified GPO into the production environment. To begin doing this, Karen logs on to her administrator workstation, opens the GPMC, selects the Change Control node, selects the Controlled tab, right-clicks on the New York Computers – Power GPO and selects History from the shortcut menu:


Figure 12: Step 1 of reviewing and redeploying a controlled GPO that has been modified.

In the History For dialog that displays next, the All States tab provides more information that Karen needs at he moment concerning the change history of the New York Computers – Power GPO:


Figure 13: Step 2 of reviewing and redeploying a controlled GPO that has been modified.

So Karen selects the Unique Versions tab and sees that the most recent change version was checked in by Jacky and is ready for her review:


Figure 14: Step 3 of reviewing and redeploying a controlled GPO that has been modified.

Karen then clicks the Differences button at the bottom left of the History For dialog shown above. Doing this opens Internet Explorer and displays any differences between the selected version of the controlled GPO (the version labeled "Checked in" in Figure 14 above) and the previous version of the same controlled GPO (the version labeled "Created" in Figure 14 above). The Difference Report shows that the only change Jacky made to the GPO was to enable the Active Power Plan policy setting and set it to Power Saver:


Figure 15: Step 4 of reviewing and redeploying a controlled GPO that has been modified.

Karen decides that the changes Jacky has made to the New York Computers – Power GPO are OK, so she closes Internet Explorer and clicks the Close button in the History For dialog shown in Figure 14 previously. Doing this displays the Approve Pending Operation dialog shown here:


Figure 16: Step 5 of reviewing and redeploying a controlled GPO that has been modified.

After typing her comment into the above dialog, Karen clicks Advanced to make sure the modified GPO will be redeployed properly. Clicking the Advanced button opens the GPO Links For Selected GPOs dialog, and Karen notes that redeploying the New York Computers – Power GPO will re-link it to the New York Computers OU as expected:


Figure 17: Step 6 of reviewing and redeploying a controlled GPO that has been modified.

Karen clicks OK to close the GPO Links For Selected GPOs dialog. Then she clicks OK in the Approve Pending Operation dialog shown previously in Figure 16. A progress bar indicates when the modified New York Computers – Power GPO has been redeployed into production:


Figure 18: Step 7 of reviewing and redeploying a controlled GPO that has been modified.

The modified GPO will now be applied to computers in New York according the usual Group Policy processing mechanisms.

Conclusion

In this article we've learned how to modify a controlled GPO, review changes made, and redeploy the modified GPO into your production environment. In the next article we'll examine how to roll back changes and perform other tasks with controlled GPOs using AGPM.

Hardware Considerations for RemoteFX

Microsoft® RemoteFX™ enables a rich 3-D experience in virtual desktop scenarios. RemoteFX is integrated into the Remote Desktop Virtualization Host role service, and IT administrators can provide 3-D capabilities to client computers (including thin clients). This topic provides hardware considerations for server and client computers when you are planning your RemoteFX deployment.

In this topic:

RemoteFX for RD Virtualization Host server hardware requirements

There are several hardware requirements that must be met when you deploy a RemoteFX server:

  • SLAT-enabled processor The processor in the RemoteFX server must support Second-Level Address Translation (SLAT). In virtualization scenarios, hardware-based SLAT support improves performance. On Intel processors, this is called Extended Page Tables (EPT), and on AMD processors, it is called Nested Page Tables (NPT).

  • GPU At least one graphics processing unit (GPU) is required on the RemoteFX server. The GPU driver must support DirectX 9.0c and DirectX 10.0. If more than one GPU is installed in the RemoteFX server, the GPUs must be identical. The GPU must have sufficient dedicated video memory that is separate from system memory.

    ImportantImportant
    For a list of GPUs that will work with RemoteFX in Windows Server 2008 R2 with SP1, see the blog post More partner momentum around Microsoft RemoteFX in Windows Server 2008 R2 SP1 Beta (http://go.microsoft.com/fwlink/?LinkID=197416).

    The final release of Windows Server 2008 R2 with SP1 will include an evolved list of GPUs. For a list of recommended GPU drivers, see the blog post Beta testing Microsoft RemoteFX in Service Pack 1 (http://go.microsoft.com/fwlink/?LinkID=197417).

  • RemoteFX encoder The RemoteFX encoder is optional and can be installed for additional scalability on the Microsoft® RemoteFX™ server.

  • Hyper-V The Hyper-V hardware requirements must be supported on the server. The Hyper-V hardware requirements for Windows Server 2008 R2 are available in the Windows Server 2008 R2 Technical Library (http://go.microsoft.com/fwlink/?LinkID=180919).

ImportantImportant
To use Live Migration, the source and destination RemoteFX servers must have the same GPU installed.

As the maximum monitors and resolutions are increased for each RemoteFX-enabled virtual machine, the amount of required video memory also increases. The GPUs in the server must have sufficient video memory for all virtual machines that are turned on at the same time. The following is a list of video memory requirements for a maximum resolution and number of monitors:

Maximum resolutionMaximum number of monitors in virtual machine setting

1 monitor

2 monitors

3 monitors

4 monitors

1024 x 768

75 MB

105 MB

135 MB

165 MB

1280 x 1024

125 MB

175 MB

225 MB

275 MB

1600 x 1200

184 MB

257 MB

330 MB

N/A

1920 x 1200

220 MB

308 MB

N/A

N/A

noteNote
In addition to the previous video memory table, Windows Server 2008 R2 with SP1 has been tested for up to 12 virtual machines per GPU, for a total of 24 virtual machines on two physical GPUs, providing the necessary dedicated video memory. This number will continue to be refined in later releases.

Using a baseboard management controller

A baseboard management controller is used to remotely manage the server, such as remotely configuring a server’s BIOS or viewing the server’s console. Some examples of baseboard management controllers include the Dell iDRAC, the IBM IMM, and the HP iLO. For more information about WDDM drivers can be found in the Windows Server Technical Library(http://go.microsoft.com/fwlink/?LinkId=209889).

RemoteFX requires a WDDM driver for the GPU installed on the server, but baseboard management controllers likely use an XPDM driver for its integrated video adapter. A video adapter that uses an XPDM driver and a video adapter that uses a WDDM driver cannot be simultaneously running. When a user connects to a baseboard management controller with RemoteFX enabled, the display for the server’s console will not be visible while the operating system is running.

noteNote
Any GPUs with an XPDM driver must be disabled through the BIOS or by using the RemoteFX cap driver. This includes baseboard management controllers that are used for KVM over IP. For more information about installing the RemoteFX cap driver, see Installing the RemoteFX cap driver later in this topic. For more information about disabling a GPU in the BIOS, consult the manufacturer.

When to use the RemoteFX cap driver

The RemoteFX cap driver allows you to use a baseboard management controller to view the server console during the BIOS sequence, while in safe mode, or when the Windows operating system stops unexpectedly and an error message appears on a blue screen.

ImportantImportant
If you install the RemoteFX cap driver, the integrated video adapter is disabled while the operating system is running.

The following table provides considerations for whether to use the RemoteFX cap driver. Each row is a separate option for how to enable RemoteFX when using a baseboard management controller that uses an XPDM driver.

OptionIs the console visible by using a baseboard management controller or KVM?

BIOS

Safe mode

Windows is running

The integrated video adapter that uses an XPDM driver is disabled in the server’s BIOS.

No

No

No. (The server can be viewed by using an RDP connection but not through the baseboard management controller.)

An external KVM is connected to the GPU on the RemoteFX server, which uses a WDDM driver. The integrated video adapter that uses an XPDM driver is disabled in the BIOS.

Yes

Yes

Yes. (The server can be viewed through the external KVM or by using an RDP connection.)

The RemoteFX cap driver is installed and the integrated onboard video adapter remains enabled.

Yes

Yes

No. (The server can be viewed by using an RDP connection but not through the baseboard management controller.)

Installing the RemoteFX cap driver

Before installing the RemoteFX cap driver, the WDDM driver for the video adapter should be installed and RemoteFX should be enabled. When installing the RemoteFX cap driver, ensure that the following steps are completed in order:

  1. Install the WDDM driver for the video adapter.

  2. Enable RemoteFX by using Server Manager.

  3. Install the RemoteFX cap driver.

To install the RemoteFX cap driver, type the following at a command prompt: dism /online /enable-feature /featurename:Microsoft-Windows-RemoteFX-EmbeddedVideoCap-Setup-Package, press ENTER, and then restart the computer.

ImportantImportant
In some cases, the RemoteFX cap driver may be installed on video adapters other than the integrated video adapter. To resolve this issue, you must reinstall the WDDM video adapter drivers.

You may choose to disable the RemoteFX cap driver to troubleshooting issues on the RemoteFX server. To disable the RemoteFX cap driver, type the following at a command prompt: dism /online /disable-feature /featurename:Microsoft-Windows-RemoteFX-EmbeddedVideoCap-Setup-Package, press ENTER, and then restart the computer.

RemoteFX for RD Session Host server hardware requirements

If you are using RemoteFX on an RD Session Host server, the processor on the RD Session Host server must support Streaming SIMD Extensions 2 (SSE2). The RemoteFX encoder is optional server hardware, and it can be installed for additional scalability on the RemoteFX server. The hardware encoder card must be installed in a PCI Express x4 slot or greater.

Client options

A RemoteFX-enabled client can run as software or by using a RemoteFX hardware decoder.

  • The client software is part of the Remote Desktop Connection that is included with Windows Server 2008 R2 with Service Pack 1.

  • The RemoteFX hardware decoder will be available as a complete solution through Microsoft partners.