I have to admit that I love Office 2007 – it has so many great new features that make it possible to make really great looking documents with minimal effort and no need to have any real design skills. However, it does drive me round the bend when I’m trying to work out how to do some very simple stuff; it is just so different from Office 2003. All these weird ribbon menus… where IS everything!? It even took me ages to work out that this:
is a menu button! I thought it was just a nice logo and was quite surprised when I clicked on it and it opened a whole new world of menus!
If, like me, you’re finding Office 2007 a tad confusing, help is at hand! Microsoft have provided a series of interactive guides here:
http://office.microsoft.com/en-us/training/HA102295841033.aspx
The guides provide an excellent way of quickly locating task buttons and menus in Office 2007, and will save many a headache for all experienced Office 2003 users who are grappling with the new Office technology! Try starting the Word interactive guide now and you’ll see what I mean. Once the Office 2003 environment starts up, click on File… Open… and then watch…
This is an end user beta (unlike beta 1) so have a look. The current ETA for IE8 is before the end of the year and some people have said November so not long now. Please note we are only starting to test this internally within ISS so we’re not sure what works/doesn’t yet so please try it on a test PC 🙂
New features include…
Web Slices
Web Slices This new feature takes feeds to a whole new level! Now you can subscribe to specific sections within a site and have updated content delivered directly to your Internet Explorer 8 menu bar. Whether it’s a gossip column, favorite blog, auction item, or a weather report, with Web Slices you’ll never skip a beat.
Accelerators
No longer do you have to open multiple browser tabs or windows to get the information you need. Accelerators are tools in Internet Explorer 8 that easily allow access to multiple points of information (maps, definitions, web searches, translations, etc.) within a single Internet Explorer 8 window. Finally, web browsing feels automatic.
Domain Highlighting
When you visit a site, its domain is highlighted in the Address Bar. This helps alert you to Web sites that are imposters of trusted sites, thus reducing the chance of compromising your personal information.
InPrivate browsing
With industry-leading security features like InPrivate, you can browse and shop confidently using Internet Explorer 8, wherever you go on the Web, knowing you have control over the protection of your personal information.
Tab Grouping
Tab Grouping makes it easier to stay organized while browsing multiple Web pages. Tabs are now visually related to one another, and you can save time by closing a set of related tabs as a group instead of one at a time. You also can right-click on a tab to close tab groups, ungroup a single tab, or clone a tab.
Please let us know your experiences.
ISS will shortly start testing the feasibility of giving significantly larger filestore quotas to staff and PhD students. In the pilot scheme, qualifying users will be able to request a “Store Folder” of 20GB, in addition to their standard 2GB Drive H.
The Store Folder is intended as an “archive” for inactive files which need to be kept for a long period of time. It will have the qualities that are associated with the Drive H filestore in terms of security and accessibility from multiple locations, but backup and restore services will be less.
For more information and details on how you can join the pilot please click here.
At the moment WIT run a collection of SQL 2000 and 2005 servers that host around a hundred databases of varying size and importance to the institution. The lion’s share of those databases are currently on the older SQL Server 2000, so several months ago, with the end of mainstream support for that product approaching, we started making plans for migration.
We’ve been keeping a close eye on the development of the latest version, SQL Server 2008, since it was announced, and trialing pre-release versions. SQL Server 2008 offers a number of advantages over previous versions and the migration path from SQL 2000 to 2005 or 2008 is much the same, so we’ve opted to take those databases that are currently on SQL 2000 straight to 2008, rather than moving them twice.
Last week, we were fortunate to have Microsoft’s Andrew Fryer spending a day with us, discussing our migration plans. Since none of our databases do anything especially odd (not that some of them aren’t complex), SQL Server 2008’s comprehensive Upgrade Advisor was able to tell us that we didn’t need to make any changes to the databases before moving them to the new version.
There are some things that Upgrade Advisor suggests for after the migration, such as re-writing DTS packages using the SSIS technology that replaced DTS in SQL Server 2005, but existing DTS packages will work in SQL Server 2008, so our advice is that the time to migrate from DTS to SSIS is when you need to alter a package.
This week SQL Server 2008 has been released to manufacture, so we’ll be moving forward with building production and test systems with the finished code. We’ve planned a setup which provides higher availability and better disaster recovery than we’ve previously implemented, and we’re looking forward to taking advantage of some of the new features (I’m especially looking forward to working with the SQL Server PowerShell functionality!).
Something else I didn’t know!
With the release of XP SP3 I assumed there was an x64 version but…
It seems this is not the case as XP x64 already has the V5.2 kernel and (something else I didn’t know) the x64’s SP2 release was 3 years later than the x86 version so it is much more up to date.
Confusing but that’s why you won’t see any SP3 x64 builds (at least for a while)!
Introduction:
This guide is based on a detailed article from the Vista TechCenter tested and modified for use on CAMPUS.
BitLocker Drive Encryption is an integral new security feature in the Windows Vista operating system that provides considerable protection for the operating system on your computer and data stored on the operating system volume. BitLocker ensures that data stored on a computer running Windows Vista remains encrypted even if the computer is tampered with when the operating system is not running. This helps protect against “offline attacks,” attacks made by disabling or circumventing the installed operating system, or made by physically removing the hard drive to attack the data separately.
This guide demonstrates how to configure a basic installation of Bitlocker with a TPM Enabled machine and assumes you are performing a clean build on a new machine using a network based WDS build.
Important thinks to remember before you begin
Prerequisites
A Machine with a TPM chip
Windows Vista DVD
Windows Vista Business, Enterprise or Ultimate Editions
A USB Key, preferably one you can dedicate to use with Bitlocker.
Access to a Printer
1. Copy the contents of
\\campus\software\ucs\SystemSW\Bitlocker to your USB Key.
2. Boot the new machine from the Windows Vista DVD. It is necessary to do this as the WDS build on the Campus Network will not allow access to the command prompt.
3. Select the locale; accept the license and call-up a command prompt by selecting SHIFT + F10.
4. At this point you can either manually run the DISKPART tool or use the script you copied on to the USB Key in Step 1.
For BitLocker to work, you must have at least two partitions on your hard disk. The first partition is the system volume and labeled S in this document. This volume contains the boot information in an unencrypted space. The second partition is the operating system volume and labelled C in this document. This volume is encrypted and contains the operating system and user data.
The script you copied to your USB key will automatically:
Select the first disk in the system (Disk 0)
Clean the partition table.
Create a 1.5GB System Partition, sets it as active and assign it the letters S.
Partition the rest of the disk and assigns it the letter C
Quick Format both volumes with the NTFS file system.
IMPORTANT: Running this script will destroy all data on the system.
To run the script, change drive to your USB Key and run bitprep.bat
5. When the script has completed, restart your machine and build the machine using WDS as normal installing Windows on drive C
6. Now would be a good time to enable your TPM in the BIOS if it is not already.. There does not seem to be any convention on how the TPM is referred to but with HP machines it is so as the ‘Embedded Security Device’
7. When your machine has finished building, installing software and is fully patched you can start to configure Bitlocker. Click Start > Control Panel > Security > BitLocker Drive Encryption.
8. On the BitLocker Drive Encryption page, click Turn On BitLocker on the operating system volume. If your TPM is not initialised, you will see the Initialize TPM Security Hardware wizard. Follow the directions to initialize the TPM and restart your computer.
9. On the Set BitLocker start-up preferences page, select the start-up option you want. You can choose only one of these options:
In this scenario Bitlocker supports the following security permutations.
TPM only
TPM + PIN
TPM + PIN + USB Key
TPM + USB Key
10. On the Save the recovery password page, you will see the following options:
The recovery password will be required in the event the encrypted drive must be moved to another computer, or changes are made to the system startup information. This password is so important that it is recommended that you make additional copies of the password stored in safe places to assure you access to your data. You will need your recovery password to unlock the encrypted data on the volume if BitLocker enters a locked state. This recovery password is unique to this particular BitLocker encryption. You cannot use it to recover encrypted data from any other BitLocker encryption session. You should store recovery passwords apart from the computer for maximum security.
11. When you have finished backing up your recovery passwords you are ready to Encrypt the volume. On the Encrypt the selected disk volume page, confirm that the Run BitLocker System Check check box is selected, and then click Continue.
Confirm that you want to restart the computer by clicking Restart Now. The computer restarts and BitLocker verifies if the computer is BitLocker-compatible and ready for encryption.
12. If the system passed the checks you will see a ‘Encryption in Progress’ notifier in the system tray.
13. You can now have an enrypted disk!
14. If you would like to add more volumes and encrypt them then create the volumes as normal and then turn on Bitlocker for that drive.
To apply a group policy to just a few selected computers in an OU containing many other computers, you can use Group Policy delegation. There are a couple of ways of doing this: one involves Denying access to a group of computers and the other involves Allowing access to a group of computers. It really depends on your local OU structure and what you want to achieve as to which method you use.
DENY
First of all, create a security group of computers (call it something meaningful) and add the PCs that you *don’t* want to get the policy.
Run the Group Policy Management Console/Snapin, and browse to the group policy in question. Click/double-click it so that you see the tabs Scope, Settings, Detail and Delegation in the right-hand pane.
Click on the Delegation tab.
Click Advanced.
Click Add and enter the name of the group of computers. (If you just want to specify a single computer name, that’s okay, but you’ll need to click on Object types first and check the Computers box – groups are easier to maintain though).
Once you’ve added the computer/group of computers to the ACL, you’ll need to check the *DENY* on Apply Group Policy. In this example, I’ve denied rights to UCS Cluster Computers to apply the policy 3 Central 7-zip 4.42:
ALLOW
This is more or less the same procedure. Create a group of computers that you *do* want to get the policy. Click on Delegation… Advanced so that the Security box appears. Remove Authenticated users from the ACL, and add your group of computers. Ensure that Apply Group Policy is selected for this group. ISS use this method for securing the 5 Licensed software policies.
Now what?
Now when you apply the group policy to an OU, only the PCs that are in the allow/deny group will be allowed/denied access to the software.
If you’re using the old Group Policy management tool (the one that’s integrated into Users and Computers), you can make the same changes by just right-clicking the Group Policy, selecting Properties, and then the Security tab.
You can use this method to secure any Group Policy regardless of its purpose, the policy doesn’t necessarily need to be a software policy. For example you can limit application of a policy that adds users to a local machine admin group.
Something to note
To change delegation on a group policy, you must have rights to modify the policy security.
Microsoft has launched a new site for The “Mojave Experiment”, where they demonstrated the next version of Windows, “codename Mojave” to a set of people and asked them to rate what they’d seen in comparison to their preconceived ideas of Vista. Then it’s revealed that what was demonstrated was Vista all along.
