x64 Computing on Campus

One of our OU Administrators was recently asking for feedback on using 64 bit versions of Windows. From what I have read it seems that x64 computing has truly arrived and I thought it was worth sharing my experiences with the 64-bit version of Windows Vista.

Previously use of Windows XP x64 edition and even Vista x64 to some extent was restricted to a handful of users with special hardware and dependant on special or modified versions of software and drivers.
This is certainly no longer the case (at least in my experience). I’ve been running Windows Vista x64 on a HP xw4600, Core 2 Quad with 8GB RAM and have never seen anything like it!

The performance increase given by the extra 4GB RAM which x64 allows is immense. I am able to run multiple Virtual machines 1 or more GB of RAM each without any noticeable reduction in performance.

I’ve also had no issues with mainstream software compatibility, Vista x64 seems to take running x86 applications in its stride. The software I am running includes Adobe Flash Player , 7-Zip, Adobe Reader, Apple QuickTime, Office 2007, Shockwave, ServiceCenter, Paint.NET, VMWare Workstation and CDBurnerXP.

Paul Thurrott wrote an interesting article describing his good experiences with Vista x64 nearly a year ago and there is little doubt that things have improved even more since then.

If you or any of your users need high performance computing then I would say that Vista x64 is a safe bet. The current low memory prices may also mean that existing x64 capable hardware with less than 4GB and x86 operating systems may be candidates for upgrade.

x64

The Ultimate Steal returns

In addition to last year’s offering, Microsoft now give you the option to buy Visio and a Windows upgrade to Vista Ultimate.

The Ultimate Steal

By visiting www.theultimatesteal.co.uk, and confirming your identity as a student or member of staff with your university email address, you can purchase and download Microsoft Office 2007 Ultimate Edition for only £38.95 – saving over 90%!

The offer is available from now until the end of June 2009.

IE8 Beta 2 released

This is an end user beta (unlike beta 1) so have a look. The current ETA for IE8 is before the end of the year and some people have said November so not long now. Please note we are only starting to test this internally within ISS so we’re not sure what works/doesn’t yet so please try it on a test PC 🙂

IE8

New features include…

Web Slices

Web Slices This new feature takes feeds to a whole new level! Now you can subscribe to specific sections within a site and have updated content delivered directly to your Internet Explorer 8 menu bar. Whether it’s a gossip column, favorite blog, auction item, or a weather report, with Web Slices you’ll never skip a beat.

Accelerators

No longer do you have to open multiple browser tabs or windows to get the information you need. Accelerators are tools in Internet Explorer 8 that easily allow access to multiple points of information (maps, definitions, web searches, translations, etc.) within a single Internet Explorer 8 window. Finally, web browsing feels automatic.

Domain Highlighting

When you visit a site, its domain is highlighted in the Address Bar. This helps alert you to Web sites that are imposters of trusted sites, thus reducing the chance of compromising your personal information.

InPrivate browsing

With industry-leading security features like InPrivate, you can browse and shop confidently using Internet Explorer 8, wherever you go on the Web, knowing you have control over the protection of your personal information.

Tab Grouping

Tab Grouping makes it easier to stay organized while browsing multiple Web pages. Tabs are now visually related to one another, and you can save time by closing a set of related tabs as a group instead of one at a time. You also can right-click on a tab to close tab groups, ungroup a single tab, or clone a tab.

Please let us know your experiences.

http://www.microsoft.com/…-explorer/beta/

Configure Bitlocker on a TPM Enabled Machine

Introduction:

This guide is based on a detailed article from the Vista TechCenter tested and modified for use on CAMPUS.

BitLocker Drive Encryption is an integral new security feature in the Windows Vista operating system that provides considerable protection for the operating system on your computer and data stored on the operating system volume. BitLocker ensures that data stored on a computer running Windows Vista remains encrypted even if the computer is tampered with when the operating system is not running. This helps protect against “offline attacks,” attacks made by disabling or circumventing the installed operating system, or made by physically removing the hard drive to attack the data separately.

This guide demonstrates how to configure a basic installation of Bitlocker with a TPM Enabled machine and assumes you are performing a clean build on a new machine using a network based WDS build.

Important thinks to remember before you begin

  • Bitlocker is particularly reccomended to users of Laptops within the University.
  • Backups are more important than ever on enrypted disks as recovery will be all but impossible if the disks hardware fails.
  • Changing a systems hardware will cause the TPM to react and have the system lock down. This can easily be fixed by using the Bitlocker recovery key but only if you sill have it!

Prerequisites

A Machine with a TPM chip
Windows Vista DVD
Windows Vista Business, Enterprise or Ultimate Editions
A USB Key, preferably one you can dedicate to use with Bitlocker.
Access to a Printer

1. Copy the contents of

\\campus\software\ucs\SystemSW\Bitlocker to your USB Key.

2. Boot the new machine from the Windows Vista DVD. It is necessary to do this as the WDS build on the Campus Network will not allow access to the command prompt.

3. Select the locale; accept the license and call-up a command prompt by selecting SHIFT + F10.

4. At this point you can either manually run the DISKPART tool or use the script you copied on to the USB Key in Step 1.

For BitLocker to work, you must have at least two partitions on your hard disk. The first partition is the system volume and labeled S in this document. This volume contains the boot information in an unencrypted space. The second partition is the operating system volume and labelled C in this document. This volume is encrypted and contains the operating system and user data.

The script you copied to your USB key will automatically:

Select the first disk in the system (Disk 0)
Clean the partition table.
Create a 1.5GB System Partition, sets it as active and assign it the letters S.
Partition the rest of the disk and assigns it the letter C
Quick Format both volumes with the NTFS file system.

IMPORTANT: Running this script will destroy all data on the system.

To run the script, change drive to your USB Key and run bitprep.bat

5. When the script has completed, restart your machine and build the machine using WDS as normal installing Windows on drive C

6. Now would be a good time to enable your TPM in the BIOS if it is not already.. There does not seem to be any convention on how the TPM is referred to but with HP machines it is so as the ‘Embedded Security Device’

7. When your machine has finished building, installing software and is fully patched you can start to configure Bitlocker. Click Start > Control Panel > Security > BitLocker Drive Encryption.

8. On the BitLocker Drive Encryption page, click Turn On BitLocker on the operating system volume. If your TPM is not initialised, you will see the Initialize TPM Security Hardware wizard. Follow the directions to initialize the TPM and restart your computer.

9. On the Set BitLocker start-up preferences page, select the start-up option you want. You can choose only one of these options:

  • No additional security.
  • Require PIN at every start-up . You will see the Set the startup PIN page. Enter your PIN, confirm it, and then click Set PIN.
  • Require Startup USB key at every start-up . You will see the Save your start-up Key page. Insert your USB flash drive, choose the drive location, and then click Save.

In this scenario Bitlocker supports the following security permutations.

TPM only
TPM + PIN
TPM + PIN + USB Key
TPM + USB Key

BL0

BL1

10. On the Save the recovery password page, you will see the following options:

  • Save the password on a USB drive. Saves the password to a USB flash drive.
  • Save the password in a folder. Saves the password to a network drive or other location.
  • Print the password. Prints the password.

The recovery password will be required in the event the encrypted drive must be moved to another computer, or changes are made to the system startup information. This password is so important that it is recommended that you make additional copies of the password stored in safe places to assure you access to your data. You will need your recovery password to unlock the encrypted data on the volume if BitLocker enters a locked state. This recovery password is unique to this particular BitLocker encryption. You cannot use it to recover encrypted data from any other BitLocker encryption session. You should store recovery passwords apart from the computer for maximum security.

BL3

11. When you have finished backing up your recovery passwords you are ready to Encrypt the volume. On the Encrypt the selected disk volume page, confirm that the Run BitLocker System Check check box is selected, and then click Continue.
Confirm that you want to restart the computer by clicking Restart Now. The computer restarts and BitLocker verifies if the computer is BitLocker-compatible and ready for encryption.

12. If the system passed the checks you will see a ‘Encryption in Progress’ notifier in the system tray.

BL5

13. You can now have an enrypted disk!

BL5

14. If you would like to add more volumes and encrypt them then create the volumes as normal and then turn on Bitlocker for that drive.

BL8

The Snipping Tool

One of my favourite features (I’m easily pleased) of Windows Vista is the Snipping Tool. Fed up with the old print-screen/MS Paint/crop method of getting screen/window grabs and not wanting to use a 3rd party graphics application, I was happy to see that Microsoft introduced their Snipping Tool into Vista. It had previously only been available as a add-on for tablet PCs. You can find it under Accessories in Vista.

It seemlessly allows the creation of Window, Free-Form, rectangular or entire screen grabs that can be annotated and highlighted. It works with multiple monitors and remote desktop sessions and eases the creation of documentation or showing someone something. After all, a picture is supposed to speak a thousand words.

Snipping Tool IconSnipping Tool Interface

http://windowshelp.micros…e605b41033.mspx

Vista is the next Windows ME? The numbers don’t agree…

Microsoft’s Annual Revenue Reaches $60 Billion
Fastest annual revenue growth since 1999 fuels 32% increase in earnings per share.

If you don’t think Vista is here to stay then think again.

This fiscal year marked the launch of Microsoft’s flagship server products: Windows Server 2008, SQL Server 2008 and Visual Studio 2008. Revenue growth was primarily driven by continued customer demand for all products, including Windows Vista, which has sold over 180 million licenses since launch, the 2007 Microsoft Office system, server software, and Xbox 360 consoles and games.

Full release here.

http://www.microsoft.com/…Q4earnings.mspx