Windows 8 Enterprise Features-AppLocker


Windows 8 Enterprise Features-AppLocker

AppLocker helps administrators control which applications and files users can run. These include executable files, scripts, Windows® Installer files, DLLs, Packaged apps and Packaged app installers.

What does AppLocker do?
Using AppLocker, you can:
  • Define rules based on file attributes that persist across application updates such as the publisher name (derived from the digital signature), product name, file name and file version. You can also create rules based on the file path and hash.
  • Assign a rule to a security group or an individual user.
  • Create exceptions to rules. For example, you can create a rule that allows all users to run all Windows binaries to run except the Registry Editor (Regedit.exe).
  • Use audit-only mode to deploy the policy and understand its impact before enforcing it.
  • Create rules on a staging server, test them, then export them to your production environment and import them into a Group Policy Object.
  • Simplify creating and managing AppLocker rules by using Windows PowerShell cmdlets for AppLocker.

AppLocker helps reduce administrative overhead and helps reduce the organization’s cost of managing computing resources by decreasing the number of help desk calls that result from users running unapproved applications. AppLocker addresses the following application security scenarios:

  • Application inventory

    AppLocker has the ability to enforce its policy in an audit-only mode where all application access activity is registered in event logs. These events can be collected for further analysis. Windows PowerShell cmdlets also help you analyze this data programmatically.

  • Protection against unwanted software

    AppLocker has the ability to deny applications from running when you exclude them from the list of allowed applications. Once AppLocker rules are enforced in the production environment any application that is not covered by the allow rules is blocked from executing.

  • Licensing conformance

    AppLocker can help you create rules that preclude unlicensed software from running and restricting licensed software to authorized users.

  • Software standardization

    AppLocker policies can be configured to allow only supported or approved applications to run on computers within a business group. This permits a more uniform application deployment.

  • Manageability improvement

    AppLocker includes a number of improvements in manageability as compared to its predecessor Software Restriction Policies (SRP). Importing and exporting policies, automatic generation of rules from multiple files, audit-only mode deployment and PowerShell cmdlets are a few of the improvements over SRP.

Windows 8 Editions and Comparison

Windows 8 Edition Comparison chart

Comparison of Windows 8 editions

Features

Windows RT

Windows 8

Windows 8 Pro

Windows 8 Enterprise

Availability[14]

Pre-installed on devices

Most channels

Most channels

Volume License customers

Architecture

ARM (32-bit)

IA-32 (32-bit) or x64 (64-bit)

IA-32 (32-bit) or x64 (64-bit)

IA-32 (32-bit) or x64 (64-bit)

Maximum physical memory (RAM)[15]

?

4 GB on IA-32
128 GB on x64

4 GB on IA-32
512 GB on x64

4 GB on IA-32
512 GB on x64

Trusted boot

Yes

Yes

Yes

Yes

Picture password

Yes

Yes

Yes

Yes

Start screen, Semantic Zoom, Live Tiles

Yes

Yes

Yes

Yes

Touch and Thumb keyboard

Yes

Yes

Yes

Yes

Language packs

Yes

Yes

Yes

Yes

Updated File Explorer

Yes

Yes

Yes

Yes

Standard apps[a]

Yes

Yes

Yes

Yes

File History

Yes

Yes

Yes

Yes

Refresh and reset of OS

Yes

Yes

Yes

Yes

Play To

Yes

Yes

Yes

Yes

Connected standby

Yes

Yes

Yes

Yes

Windows Update

Yes

Yes

Yes

Yes

Windows Defender

Yes

Yes

Yes

Yes

Better multi-monitor support

Yes

Yes

Yes

Yes

New Windows Task Manager

Yes

Yes

Yes

Yes

ISO image and VHD mounting

Yes

Yes

Yes

Yes

Mobile broadband features

Yes

Yes

Yes

Yes

Microsoft account integration

Yes

Yes

Yes

Yes

Internet Explorer 10

Yes

Yes

Yes

Yes

SmartScreen

Yes

Yes

Yes

Yes

Windows Store

Yes

Yes

Yes

Yes

Xbox Live app (including Xbox Live Arcade)[16][17]

Yes

Yes

Yes

Yes

Exchange ActiveSync

Yes

Yes

Yes

Yes

Snap

Yes

Yes

Yes

Yes

Can connect to a VPN?

Yes

Yes

Yes

Yes

Desktop

Partial

Yes

Yes

Yes

Supported third-party apps[4][18]

Windows Store apps only

Windows Store and desktop

Windows Store and desktop

Windows Store and desktop

Remote Desktop

Client only

Client only

Client and host

Client and host

Storage Spaces

No

Yes

Yes

Yes

Windows Media Player

No

Yes

Yes

Yes

Encryption features

Device encryption

Unavailable

BitLocker and EFS

BitLocker and EFS

Sideload Windows Store apps

Yes

No

Yes

Yes

Boot from VHD

No

No

Yes

Yes

Can join a Windows domain?

No

No

Yes

Yes

Group Policy

No

No

Yes

Yes

Hyper-V[22]

No

No

On 64-bit versions only with SLAT capable CPU

AppLocker

No

No

No

Yes

Windows To Go

No

No

No

Yes

DirectAccess

No

No

No

Yes

BranchCache

No

No

No

Yes

Can be virtualized by RemoteFX?

No

No

No

Yes

Services for Network File System[25]

No

No

No

Yes

Microsoft Office apps bundled with OS[e]

Yes

No

No

No

Windows Media Center

No

No

Via an add-in

No

Windows RT

Windows 8

Windows 8 Pro

Windows 8 Enterprise

10 Things That Windows 8 Has and Windows 7 Doesn’t

10 Things That Windows 8 Has and Windows 7 Doesn’t

Microsoft radical shift to touch-centric computing in Windows 8 is far from the only difference between the new operating system and its predecessor.
Other differences include better integrated use of the cloud, better security, more options for use of multiple monitors and more. Here’s a list of 10 key features Windows 8 offers that aren’t part of Windows 7.

The Start screen
This is the Windows 8 answer to the Start menu that has been so familiar in Windows for years. Clicking on the Start button in the lower-left corner yielded the Start menu, a pop-up box listing apps that have been pinned there as well as quick access to search, Control Panel, Devices and Printers, photos, documents and importantly the Shut Down button to turn the machine off.
The Start menu is gone. It is replaced by the Start screen, a horizontally browsable collection of Windows 8 tiles that give one-tap access to the applications loaded on the device. Missing is Control Panel.
With a keyboard attached to a Windows 8 device, pressing Win X yields a popup box containing some of the Start menu items, but not all. You can also access some of the old Start menu features by swiping in from the left side of the screen to reveal the Charms menu, which contains a Settings charm that doesn’t lead to all the features that were contained in the Start menu.
This has caused much distress among longtime Windows users, so much so that third-party developers are selling Start Menu apps for Windows 8. These include SweetLabs’ Pokki, Lee-Soft’s ViStart 8 and Stardock’s Start8.

Snap apps
In Windows 8 users can display two applications at the same time, one occupying about three-quarters of the screen on either the left or right, the other app occupying the rest. With a touch screen, sliding the bar separating the two apps can make them larger or smaller. Both apps work.
Snap is handy if someone is working on a document, for example, and wants to draw information from a spreadsheet at the same time. But it is limited to just two apps being displayed at a time.
This differs from Windows 7 where apps can occupy as many windows as the user cares to open. Those windows can be adjusted to the exact size the user wants.

Picture password
Traditionally, users type in passwords in order to gain access to their locked computers. Windows 8 adds the picture password. When logging in, users are presented with a picture and by touching features in the photo in the right order they can unlock the device.
It’s a new password paradigm, but isn’t without criticism. One security expert calls it a “Fisher-Price toy” because swiping in the password can be stolen by videotaping it from a distance. It’s also tricky to back up in case users forget the right points and the sequence for touching them.

Refresh and reset
When Windows 8 gets corrupted, users now have two options: refresh and reset.
The first is the less extreme of the two. It reinstalls Windows 8 but preserves personal settings and personal data. It does this by saving the settings and data on a separate partition in the hard drive, installing a fresh copy of the operating system then restoring the data and settings.
It also preserves any Windows 8 modern apps that were installed on the machine. Traditional Windows apps, however, have to be manually reinstalled.
Reset lets users start over. It wipes away the operating system, settings, data and applications and reinstalls a factory-fresh copy of Windows 8. It’s as if the machine is fresh out of the box.
Windows 8 offers what it calls a thorough option for wiping out data during a reset. If the purpose of resetting was to erase sensitive data from the hard drive and make it unrecoverable, the thorough option writes random bits over all sectors of the hard drive. While it doesn’t make the data unrecoverable, it would require expensive gear that most people can’t afford, Microsoft says.

Windows Store
An important part of Windows 8 is Windows 8 applications, called modern applications, which are built to highlight the touch-centric nature of the operating system. They are available only through the Windows Store, an online market where developers can sell their apps once they have won Microsoft certification.
The idea is to encourage development of apps customers will want in order to promote sales of Windows 8 devices. The upside is that if the development community grows as it did for Apple and the App Store, customers will have a rich assortment of fun and useful software. Also, the store can send application updates directly to users’ machines.

Secure boot, trusted boot
Secure boot ensures the operating system being booted hasn’t been corrupted by verifying that the kernel is the one that was signed with a Microsoft certificate. Trusted boot calls for launching anti-malware before the operating system itself boots in order to thwart malware that might try to disable it.
This is all new for Windows and security experts say represents a significant improvement in maintaining the integrity of the system.

Skype
Skype, which is now owned by Microsoft, is integrated into Windows 8. That is, if customers buy the Skype application at the Windows Store, the app integrates with certain other apps such as the People app where the contact information for individuals is stored in the cloud and managed. Skype friends are automatically listed there. The Skype tile that appears on the Start screen is live and displays the most recent missed calls and pending messages.
Users can call others who have Skype clients or with a new dial pad in the application can call phones on the public network using prepaid minutes.

ARM
Before Windows 8, hardware for Windows machines had to be based on x86 processors — the old WinTel model. But that changes with Windows 8.
A special version of Windows 8 called Windows RT is not only designed for devices with ARM processors, the only way you can buy it is packaged with the ARM hardware. Microsoft itself is breaking its longstanding tradition of letting its OEM partners bundle Windows software with hardware by introducing Surface RT, a Windows 8 ARM tablet with an optional keyboard.
The upside of ARM is that it consumes less power than x86 chips, extending battery life for mobile use that takes users away from power outlets.
Surface RT seems aimed at consumers who want the functionality of a tablet but also want to use traditional Microsoft productivity applications. To that end, Windows RT includes an abbreviated version of Microsoft Office. One caveat: The version of Office that comes with Windows RT devices cannot be used for commercial purposes, so a separate commercial license is needed to use Windows RT at work.

SkyDrive
Like the name suggests, SkyDrive is cloud-based storage for Windows 8 documents, photos and PC settings. It can also integrate with Windows Phone, so a copy of pictures shot with the phone are automatically sent to the SkyDrive account. With an account, users can tap into their stored resources from whatever machine is available.
Also via SkyDrive, users can share whatever is stored there with others who have been authorized to do so, making it possible to conduct a form of collaboration. SkyDrive also has APIs that are available to developers who want to incorporate access to data in the cloud as part of the apps they write.

Multi-monitor options
For those who use more than one monitor with their desktops, Windows 8 has features earlier versions of Windows lack and oftentimes giving users several options for the same feature.
For example, where should the taskbar be displayed? Windows 8 doesn’t have a right answer, but offers the option of having it on all screens, having it on all screens but displaying icons only for the applications on that particular screen or only the screen where the open application is displayed.
Windows 8 features new multi-monitor keyboard shortcuts such as for moving applications from monitor to monitor, enables dragging and dropping applications from screen to screen and displaying a single image as wallpaper so it extends from one screen to another.

Exchange Server Comparison to Earlier Versions

Exchange Server Comparison to Earlier Versions

The table below includes detailed information about differences in licensing Exchange Server 2010 compared with Exchange Server 2003 and Exchange Server 2007.

Apart from new functions, there are sever

Apart from new functions, there are several major changes for licensing Exchange 2010 compared to earlier versions:

  • The Exchange 2003 license was sold with just one CAL, while the Exchange 2007 and Exchange 2010 licenses are sold with both Standard and Enterprise CALs.
  • The Exchange 2003 CAL included rights to the Outlook client. In Exchange 2007 and Exchange 2010, the Outlook client license must be purchased separately.
  • Features for managing e-mail retention have evolved from Mailbox Manager in Exchange 2003 to Managed Folders in Exchange 2007 to Retention Policies in Exchange 2010.
  • Advanced Exchange ActiveSync mobile policies were introduced in the Exchange 2007 Enterprise CAL at SP1.
  • Unified Messaging, Managed Folders, and Per-user/Per-distribution list Journaling were introduced in the Exchange 2007 Enterprise CAL.

How to create csr certificate and finally install digital certificate on tomcat server.

To generate a CSR and Private Key for Tomcat, perform the following steps:

Using the Java JDK Tool (Recommended JDK 1.4 or higher) , Keytool:  Go into the JDK/bin/ directory (/j2sdk1.4.0/bin/)

STEP 1:
Using the java keytool command line utility, the first thing you need to do is create a keystore and generate the key pair. Do this with the following command:
keytool -genkey -keysize 2048 -keyalg RSA -alias [Alias name] -keystore [Keystore Name]

Enter keystore password:  Choose a password and enter it when prompted to do so.

What is your first and last name?
[Unknown]:  www.mydomain.com (example)

What is the name of your organizational unit?
[Unknown]:  Thawte testing (example)

What is the name of your organization?
[Unknown]:  Thawte Testing (example)

What is the name of your City or Locality?
[Unknown]:  Cape Town (example)

What is the name of your State or Province?
[Unknown]:  Western Province (example)

What is the two-letter country code for this unit?
[Unknown]:  ZA (example)

Is CN=www.mydomain.com, OU=Thawte testing, O=Thawte Testing, L=Cape Town, ST=Western Province, C=ZA correct?
[no]:  yes

Enter key password for <tomcat>
(RETURN if same as keystore password)

NOTE: Please specify the same password for the keystore and the keyentry or else you will receive the following error message when you restart the jakarta engine: “java.security.UnrecoverableKeyException: Cannot recover key”

Note, that a keystore was created.

Please run: keytool -list -keystore [keystorename] to make sure you can read the keystore file.

The keystore will be stored in your JDK/bin directory. Create a copy of the keystore file and store it on a removable disk for safe keeping in case of a server crash.

STEP 2:

Backup Keystore file:  To backup the keystore file with the keyentry just created, please refer to the following solution: SO1870

STEP 3:

Generate a CSR off the newly create keystore and keyentry:
keytool -certreq -alias tomcat -keyalg RSA -file certreq.csr -keystore [keystorename]

Enter keystore password (from Step 1).

The CSR will be saved to your JDK/bin directory:

—–BEGIN NEW CERTIFICATE REQUEST—–

and

—–END NEW CERTIFICATE REQUEST—–

STEP 4:

Submit the CSR in online Certificate enrollment process and fax the necessary documentation to your certificate renewer.

Installation of certificate.

Problem:
Install certificate
Install certificate on Tomcat

Resolution:
Follow the instructions below to install the certificate on a Tomcat Server

Step 1: Download your Thawte certificate in PKCS#7 format

You will receive an email when your certificate is issued.
Retail Clients: Download your certificate in PKCS#7 format as per the instruction on the following solution:

To download your Thawte certificate, perform the following steps:

Access your Thawte account:

For Retail customers – Thawte Certificate Center (TCC):
https://ssl-certificate-center.thawte.com/process/retail/console_login?application_locale=THAWTE_US

For SPKI customers – Thawte Certificate Center Enterprise (TCCE): https://ssl-certificate-center-enterprise.thawte.com/vcce/enterprise/console_login?application_locale=THAWTE_US

For Reseller Partners – Thawte Partner Center:  Please visit the following link: https://products.thawte.com/geocenter/reseller/logon.do

Enter your Username and Password.
Select the certificate from the list of available orders then click on Pick Up Certificate link.
Note: If you have a Code Signing certificate, skip steps 6 and 7. For steps to signing your code please view : AR1119
From the  Format drop down box select the certificate format that is required. For help on which format to select, please refer to solution SO799
Click on the Copy button to highlight certificate then right click and select copy or keyboard shortcut (ctrl+c).

Paste the certificate into a text editor (ex. Notepad or Vi) and save it.
If you downloaded the PKCS#7 version, save the file with a .P7B extension.
If you downloaded the X.509 version, save the file with a .CER extension.

For the installation guide to the most common server types go to: SO1498
Note: If the server software is not listed proceed to follow the installation instructions outlined to you in your server software documentation.

Reseller Clients (bought certificate through a third party): Download your certificate in PKCS#7 format, refer to solution

Resolution

To download issued Thawte SSL certificate through User Portal, perform the following steps:

Access Thawte User Portal

Visit https://products.thawte.com/orders/orderinformation/authentication.do
Provide the common name, technical contact e-mail address associated with the SSL order, and the image number generated from the Thawte User Authentication page.
Select Request Access against the correct order ID.
An e-mail will be sent to the technical contact e-mail address specified above.
Click on the link listed in the e-mail to enter the User Portal.
Click View Certificate Information.
Copy and Paste your Thawte certificate to Notepad and save as a cert.p7b

Step 2: Install the SSL certificate

Import the certificate into the Java keystore using the following keytool command:
keytool -import -alias tomcat -trustcacerts -file cert.p7b  -keystore [keystorename]

Alternate installation instructions if the X.509 certificate is downloaded instead.

Follow Step 1 by downloading an X.509 certificate file format.
Download both Primary and Secondary Intermediate certificate as separate files, refer to article.

Thawte Intermediate and Cross Certificate CAs

Description
Thawte uses Intermediate CAs to enhance the security of SSL and Code Signing certificates. Installing the correct Intermediate CAs or CA bundle for the certificate being used is absolutely essential to ensure that users don’t see certificate errors when visiting a website or running software secured with a Thawte certificate.

The following tables list Thawte products with links to the relevant Intermediate CA certificates and CA bundles. Please read the following notes to determine which you need:

Microsoft IIS : If you obtained your SSL certificate in the PKCS#7 format from your Thawte Certificate Center (TCC) account, downloading and manually installing CA certificates shouldn’t be required. If however you installed your SSL certiifcate from the approval email, please obtain the proper Intermediate CA below and see kb solution SO14996 for installation instructions

Tomcat : Customers that selected these server platforms when enrolling will have received a version of their certificate containing the SSL certificate and all required Intermediate CAs (as a PKCS#7 bundle). Downloading and manually installing CA certificates shouldn’t be required.

Apache and Apache derivatives
Apache HTTPD, other Apache derivatives and many webhosting providers are only able to specify a single CA certificate in the server or host configuration; these customers should download a CA bundle containing the relevant Intermediate and Cross Root CAs.

Other server platforms :
Please consult the server documentation or search our Knowledge Base to determine which format is required. In many cases, separate Intermediate and Cross Root CAs are needed.
Select the Intermediate CAs link based on your certificate product type.  Once you have the SSL certificate, Primary and Secondary Intermediate CA certificate files, begin the import process.
Note: It is imperative the installation of Primary Intermediate CA, Secondary Intermediate CA and SSL certificate on the keystore is followed below.
Import the Primary Intermediate certificate (e.g., use alias: primary)
keytool -import -alias primary -trustcacerts -file primary_intermediate_file_name  -keystore [keystorename]
Import the Secondary Intermediate certificate (e.g., use alias: secondary)
keytool -import -alias secondary -trustcacerts -file secondary_intermediate_file_name  -keystore [keystorename]
Import the SSL certificate (Use the same alias name based on the created keystore and submitted CSR from Thawte)
keytool -import -alias [your_alias_name] -trustcacerts -file X.509_file_name  -keystore [keystorename]

Note:  Tomcat keeps its configuration information in the server.xml file. Configure Tomcat to reference the correct keystore and keystore password as shown in the following solution:

Enable SSL in Tomcat with server.xml

Problem
Enable SSL in Tomcat with server.xml
Configuring the SSL Connector in server.xml

Resolution
To configure the SSL in Tomcat with server.xml follow the instructions below:

1. Shutdown Tomcat, if it is running. Changes to the file <JWSDP_HOME>/conf/server.xml are read by Tomcat when it is started.

2. Open the file <JWSDP_HOME>/conf/server.xml in a text editor.

3. Find the following section of code in the file (try searching for SSL Connector). Remove comment tags around the Connector entry. The comment tags that are to be removed are shown in blue below.

<!– SSL Connector on Port 8443 –>

<!–

<Connector

className=”org.apache.coyote.tomcat4.CoyoteConnector”

port=”8443″ minProcessors=”5″

maxProcessors=”75″

enableLookups=”false”

acceptCount=”10″

connectionTimeout=”60000″ debug=”0″

scheme=”https” secure=”true”>

<Factory

className=”org.apache.coyote.tomcat4.CoyoteServerSocketFactory”

clientAuth=”false” protocol=”TLS”

keystoreFile=/”insert path to the keystore here”>

keystorePass=”insert keystore password here”/>

</Connector>

–>

4. Save and close the file.

5. Start Tomcat.

For tomcat 6 please view: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

Tomcat runs SSL over port 8443. Make sure that this port is enabled on the Tomcat server and any firewalls/proxies this server may lie behind.

For additional trouble shooting steps regarding “keytool error: java.lang.Exception: Input not an X.509 certificate” refer to solution

Troubleshooting Error: “keytool error: java.lang.Exception: Input not an X.509 certificate”

Problem
Error occurs when importing Sun Java™ certificate into the Key store:
keytool error: java.lang.Exception: Input not an X.509 certificate

Cause
There are a few causes for this error:
1. The incorrect alias was specified while trying to import the Certificate.

2. The Certificate being imported is improperly formatted.

3. The Certificate is imported into the incorrect keystore.

Resolution
Please review each of the ‘possible’ causes below and their fixes to troubleshoot this error:

1. The incorrect alias was specified while trying to import the Certificate.

2. The Certificate being imported is improperly formatted.

NOTE: Try add 2 carriage returns at the end of the downloaded certificate file.

3. The Certificate is imported into the incorrect keystore.

If the keystore is lost a new keystore will need to be generated, and the certificate reissued

Courtesy : Thawte

SharePoint Functionality & Licensing

SharePoint Functionality & Licensing

Share Point Functionality:

SharePoint 2010 has three levels of functionality, each with a set of corresponding licenses

  • Microsoft SharePoint Foundation 2010
  • Microsoft SharePoint Server 2010 plus Standard CAL
  • Microsoft SharePoint Server 2010 plus Enterprise CAL (& Standard CAL)

Product

Description

Licensing Notes

SharePoint Foundation 2010

·Provides a platform for collaboration and a foundation for building Web-based applications.

·For small companies or departments that want a low-cost, entry-level, or pilot solution for secure, Web-based collaboration.

·All features in SharePoint Foundation are also available in Microsoft SharePoint Server

·Download at no cost.

·Companies using SharePoint Foundation must be properly licensed for Microsoft Windows Server.

SharePoint Server 2010 plus Standard CAL

·Delivers the core capabilities of SharePoint 2010

  1. Sites
  2. Communities
  3. Content
  4. Search (excludes FAST Search)
  5. Composites (excludes Access Services and InfoPath Services)

·Purchase SharePoint Server 2010.

·License the Standard feature set through Standard Client Access Licenses (CALs).

SharePoint Server 2010 plus Enterprise CAL (& Standard CAL)

·Delivers the full capabilities of SharePoint 2010

  1. Sites
  2. Communities
  3. Content
  4. Search (includes client access rights for FAST Search Server 2010)
  5. Composites (includes Access Services and InfoPath Services)
  6. Insights (includes PerformancePoint Services, Excel Services, and Visio Services)

·Purchase SharePoint Server 2010.

·License the Enterprise feature set through Enterprise CALs.

· For FAST Search, purchase FAST Search Server 2010 for SharePoint for each running instance of the software.

 

Share Point Licensing Model:

SharePoint has two licensing models to accommodate two groups of users

  • Server plus CAL, for internal users
  • Server-only, for external users
Licensing Model Use Cases Licenses
Server plus CA For internal users (employees).Can also be used for external users if they are countable and CALs can be assigned to specific people.

Both Server licenses and CALs are required

  • SharePoint Server 2010: For each running instance of the server software.
  • SharePoint Server 2010 Standard CAL: For each person or device accessing a SharePoint Server.

If Enterprise features are required

  • SharePoint Server 2010 Enterprise CAL: For each person or device using the Enterprise features of a SharePoint Server.

Additional notes on the Server/CAL model:

  • CALs can be purchased on a per-user or per-device basis.
  • Enterprise CALs are additive To access the Enterprise features, a person/device must have both the Standard CAL and Enterprise CAL.
  • CALs must be for the same or later version of the server license(s).
  • While there are two levels of functionality (Standard and Enterprise), there is only one server SKU. During installation, you must decide whether to activate the Enterprise features of each server.
Server only
  • For external users (suppliers, customers, vendors, and the public).
  • Can be used for both anonymous and authenticated users.
Only server licenses are required, but they must be purchased for each running instance of the server software. There are two options

  • SharePoint Server 2010 for Internet Sites, Standard
  • SharePoint Server 2010 for Internet Sites, Enterprise

Additional notes on the Server only model

  • No CALs are required for users licensed through SharePoint Server 2010 for Internet Sites.
  • The Server only licensing model is for external users only. Internal users can use this license only if all content, information, and applications are also accessible to external users. If the server has items that are for internal use only, those users require CALs, and their servers require licenses for SharePoint Server 2010.
  • People who create content for external access can use SharePoint Server 2010 for Internet Sites. Server and CAL licensing is not required for people who use SharePoint only to author information.
  • SharePoint Server 2010 for Internet Sites must be licensed on all servers (staging, application, index, front-end) that provide content to external users.
  • If connecting internal- and external-facing SharePoint deployments, you can purchase licenses for SharePoint Server 2010 and SharePoint Server 2010 for Internet Sites, Enterprise, and assign them to the same running instances of the software.
  • You must purchase CALs for SharePoint Server 2010 for people/devices accessing content in any way not permitted under the use rights for SharePoint Server 2010 for Internet Sites.
  • SharePoint Server 2010 for Internet Sites, Enterprise, also includes the rights to FAST Search Server for use in Internet or Extranet scenarios. You can deploy a single server license of SharePoint Server 2010 for Internet Sites, Enterprise, as SharePoint server or a FAST Search server—but not both concurrently.

Windows XP Mode

Windows XP Mode

It is the best of both worlds: Windows XP Mode lets you run older Windows XP business software right on your Windows 7 desktop.
Designed primarily with small- and medium-sized businesses in mind, Windows XP Mode comes as a separate download and works only with Windows 7 Professional and Ultimate. Windows XP Mode also requires virtualization software such as Windows Virtual PC. Both are available free on the Microsoft website.

Windows XP Mode, available for the Professional and Ultimate editions of Windows 7, helps prevent older business programs from becoming obsolete.

Install and use Windows XP Mode in Windows 7

Using Windows XP Mode, you can run programs that were designed for Windows XP on computers running Windows 7 Professional, Enterprise, or Ultimate editions.

Programs can run in both Windows XP Mode and in Windows 7.

How does Windows XP Mode work?

Windows XP Mode works in two ways—both as a virtual operating system and as a way to open programs within Windows 7. Windows XP Mode runs in a separate window on the Windows 7 desktop, much like a program, except it’s a fully functional version of Windows XP. In Windows XP Mode, you can access your physical computer’s CD/DVD drive, install programs, save files, and perform other tasks as if you were using a computer running Windows XP.
When you install a program in Windows XP Mode, the program appears in both the Windows XP Mode list of programs and in the Windows 7 list of programs, so you can open the program directly from Windows 7.

Programs installed in Windows XP Mode in the Windows 7 Start menu

Notes

  •  Almost all programs compatible with Windows Vista, and the majority of Windows XP programs, run well in Windows 7. If a program doesn’t, first try the Program Compatibility troubleshooter. It can fix several problems and is included in all editions of Windows 7.
  • Some hardware and devices that work in Windows 7 might not work in Windows XP Mode. They might not be detected in Windows XP Mode.
  • Windows XP Mode was primarily designed to help businesses move from Windows XP to Windows 7. It isn’t optimized for graphic-intensive programs such as 3D games, nor is it well suited for programs with hardware requirements such as TV tuners.
  • If you’re playing music or video in Windows XP Mode using Windows Media Player, and you maximize or minimize the Windows XP Mode window, Windows Media Player will stop playing. This is due to the way Windows XP Mode works in Windows 7.

WinXPMode Brochure

Top 12 Features of SQL Server 2012

Top 12 Features of SQL Server 2012

Microsoft has introduced SQL Server 2012 to the world and it’s time for IT professionals to start to come to speed on what’s new.

Microsoft has introduced SQL Server 2012 to the world and it’s time for IT professionals to start to come to speed on what’s new in this highly anticipated version of SQL Server.

1. AlwaysOn Availability Groups — This feature takes database mirroring to a whole new level. With AlwaysOn, users will be able to fail over multiple databases in groups instead of individually. Also, secondary copies will be readable, and can be used for database backups. The big win is that your DR environment no longer needs to sit idle.

2. Windows Server Core Support — If you don’t know what Windows Server Core is, you may want to come up to speed before Windows 8 (MS is making a push back to the command line for server products). Core is the GUI-less version of Windows that uses DOS and PowerShell for user interaction. It has a much lower footprint (50% less memory and disk space utilization), requires fewer patches, and is more secure than the full install. Starting with SQL 2012, it is supported for SQL Server.

3. Columnstore Indexes — This a cool new feature that is completely unique to SQL Server. They are special type of read-only index designed to be use with Data Warehouse queries. Basically, data is grouped and stored in a flat, compressed column index, greatly reducing I/O and memory utilization on large queries.

4. User-Defined Server Roles — DBAs have always had the ability to create custom database role, but never server wide. For example, if the DBA wanted to give a development team read/write access to every database on a shared server, traditionally the only ways to do it were either manually, or using undocumented procedures. Neither of which were good solutions. Now, the DBA can create a role, which has read/write access on every DB on the server, or any other custom server wide role.

5. Enhanced Auditing Features — Audit is now available in all editions of SQL Server. Additionally, users can define custom audit specifications to write custom events into the audit log. New filtering features give greater flexibility in choosing which events to write to the log.

6. BI Semantic Model — This is replacing the Analysis Services Unified Dimensional Model (or cubes most people referred to them). It’s a hybrid model that allows one data model will support all BI experiences in SQL Server. Additionally, this will allow for some really neat text infographics

7. Sequence Objects — For those folks who have worked with Oracle, this has been a long requested feature. A sequence is just an object that is a counter — a good example of it’s use would be to increment values in a table, based a trigger. SQL has always had similar functionality with identity columns, but now this is a discrete object.

8. Enhanced PowerShell Support — Windows and SQL Server admins should definitely start brushing up on their PowerShell scripting skills. Microsoft is driving a lot of development effort into instrumenting all of their server-based products with PowerShell. SQL 2008 gave DBAs some exposure to it, but there are many more in cmdlets in SQL 2012.

9. Distributed Replay — Once again this is answer to a feature that Oracle released (Real Application Testing). However, and in my opinion where the real value proposition of SQL Server is, in Oracle it is a (very expensive) cost option to Enterprise Edition. With SQL, when you buy your licenses for Enterprise Edition, you get everything. Distributed replay allows you to capture a workload on a production server, and replay it on another machine. This way changes in underlying schemas, support packs, or hardware changes can be tested under production conditions.

10. PowerView — You may have heard of this under the name “Project Crescent” it is a fairly powerful self-service BI toolkit that allows users to create mash ups of BI reports from all over the Enterprise.

11. SQL Azure Enhancements — These don’t really go directly with the release of SQL 2012, but Microsoft is making some key enhancements to SQL Azure. Reporting Services for Azure will be available, along with backup to the Windows Azure data store, which is a huge enhancement. The maximum size of an Azure database is now up to 150G. Also Azure data sync allows a better hybrid model of cloud and on-premise solutions

12. Big Data Support — I saved the biggest for last, introduced at the PASS (Professional Association for SQL Server) conference last year, Microsoft announced a partnership with Hadoop provider Cloudera. One part of this involves MS releasing a ODBC driver for SQL Server that will run on a Linux platform. Additionally, Microsoft is building connectors for Hadoop, which is an extremely popular NoSQL platform. With this announcement, Microsoft has made a clear move into this very rapidly growing space.

SQL 2012 is a big step forward for Microsoft — the company is positioning itself to be a leader in availability and in the growing area of big data. As a database professional, I look forward to using SQL 2012 to bring new solutions to my clients.

 

Planning for Windows Server 2012

Planning for Windows Server 2012

If you are planning to deploy Windows Server 2012, remember:

  •  Datacenter edition for highly-virtualized private clouds.
  •  Standard edition for lightly or non-virtualized environments.
  •  Essentials edition for small businesses with up to 25 users, running on servers with up to two processors.
  •  Foundation edition for small businesses with up to 15 users buying single processor servers from OEMs.
  • Renewing Software Assurance is the best way to protect investments while gaining access to new versions, technical assistance and Deployment Planning Services.
  • The Microsoft Enrollment for Core Infrastructure (ECI) will continue to offer the best value for private cloud and datacenter management pricing.
  • Core CAL and Enterprise CAL Suites will continue to be the most cost effective way to purchase Windows Server CALs to access Windows Server 2012 Standard and Datacenter editions.
  • Find out how flexible payments can help you get the IT you need and stay on budget.

Edition comparison by feature

Here is a summary of key server features.

  • Full
  • Partial/Limited

 

Exchange 2010 Client Access Licenses (CALs)

Exchange 2010 Client Access Licenses (CALs)

As with the Server licenses, the Exchange Server 2010 CALs have also been significantly improved from the previous versions of Exchange. The Exchange Enterprise is available in the same two variants as before; Exchange Enterprise CAL without Services and Exchange Enterprise CAL with Services.

 

The following tables provide a detailed feature breakdown for each CAL edition of Exchange Server 2010:

Feature Standard CAL Enterprise CAL Std. + Ent. CAL (with and without Services)
E-mail, Calendar, Contacts, and Tasks Yes Yes
Outlook Web App (Internet Explorer, Firefox, and Safari support) Yes Yes
Exchange ActiveSync Mobile Access Yes Yes
Rich Outlook inbox experience, including enhanced Conversation View and Mail Tips Yes Yes
Role Based Administration Control capabilities Yes Yes
Integration of IM, SMS, and RSS Yes Yes
Federated Calendar Sharing Yes Yes
Exchange ActiveSync Mobile Management Policies Standard Advanced All
Journaling Per Database Per User/Distribution List All
Voicemail with Unified Messaging No Yes Yes
Retention Policies Default Custom All
Integrated Archive* No Yes Yes
Multi-Mailbox Search and Legal Hold No Yes Yes
Information Protection & Control (IPC): journal decryption, transport protection rules, Outlook protection rules, IRM Search, and Legal Hold No Yes Yes

Customers may buy the standard CAL standalone, but those who want to acquire the Enterprise features as listed above must purchase both the standard and the Enterprise CALs.