WindowsNetworking.com Monthly Newsletter of July 2009 Sponsored by: UniPrint

Welcome to the WindowsNetworking.com newsletter by Thomas W Shinder MD, MVP. Each month we will bring you interesting and helpful information on the world of Windows Networking. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: tshinder@windowsnetworking.com

1. What is Intel vPro?

When I think of Intel, I think about processors and chipsets. In fact, lately I have been thinking about Intel a lot because of the major advancements they have been making in chip technology. I have had the chance to use Intel Core i7 and Xeon 5500 series processors in my workstations and servers and the performance improvements are simply amazing. I have always looked at new processors with a somewhat jaundiced eye, since the improvements I have seen in the past always seemed incremental. With the new Nehalem microarchitecture, the performance improvements are simply breathtaking.

However, I notice that Intel seems to be focusing quite a bit of its advertising efforts lately on something called vPro. This got me curious, since I do not have any computers that have vPro in them. Maybe I need vPro? Maybe you need vPro? Maybe we all need vPro?

In order to decide if I needed vPro, I started to do some research. What I found is that vPro is not a single technology, but a collection of Intel chip based technologies that make computers more manageable. Intel vPro technology is instantiated on a collection of chips, including the processor, chipset, on-board memory, and even disk controller technology.

With Intel vPro, you can do the following things:

• Use IDE Redirect to remote boot a machine from files stored on a network drive. This allows IT to repair a machine or install an OS from a network .iso file or CD/DVD drive. That is pretty sweet since you do not need to send someone to the computer to install or repair an OS.
• Use Serial over LAN (SOL) to connect to the machine in a pre-boot environment. This allows you to get the BIOS and make configuration changes using a vPro out-of-band TCP/IP stack. This looks pretty useful since Windows 7 Virtual PC and XP Mode requires you to turn virtual processor extensions on, so you would not have to leave the service center to do that, just connect over the network and configure the BIOS.
• Obtain inventory information from wired and wireless computers, even if they are turned off, have a broken OS that would not boot, or even a failed disk drive. This seems very useful, since I know from experience that a good percentage of machines in my business are turned off and those machines get missed in my inventory. This feature also includes storing hardware and other information on a chip on the motherboard, so useful inventory and event information is available at all times.
• Remote Power-on allows you to turn on machine from the service center. This allows you to install patches or deploy new operating systems (like Windows 7) even when computers are turned off at the end of the day or on the weekend. This saves a lot of energy and keeps power costs down because you do not need to tell your users to leave their computers on, on patch day or on OS migration weekends. It also means you do not have to leave your desk to turn on all the computers that have been powered off.
• Intel VT is a "vPro technology". Since Windows Virtual PC included with Windows 7 requires virtual hardware assist, Intel VT can be used to meet that requirement.
• vPro has some useful security technologies, such as network filters that are infused into the hardware so that if a machine is compromised by malware, it can be isolated from the network to prevent it from spreading the compromised material. What is very cool is that while the OS network stack can be isolated, you can still connect to the machine via the uncompromised out of band stack.

All of these capabilities are built into the hardware, so even if the OS is broken, you can still get into the machine and effect a fix.

The trick is to make sure you buy a laptop or desktop with vPro. Most consumer machines don't have vPro, but all of the major computer makers have business lines of PCs that do support vPro. However, vPro isn't yet available on Nehalem based machines, so when you refresh your client PC fleet (vPro is not available on server motherboards), you will be upgrading them to Intel Core 2 desktops or Core 2 based Centrino laptops.

What do you think? Is vPro something that you are looking into? If you did not know about vPro before, do you think these features sound attractive enough to learn more? Are you already using vPro? If so, what do you think of it? Did you find the investment in vPro enabled desktops and laptops worth it? Let me know! Send a note to tshinder@windowsnetworking.com and I will share your experiences in the next newsletter.

Thanks! See you next month!
Tom
tshinder@windowsnetworking.com

For ISA or TMG firewall, as well as other Forefront Consulting Services and Microsoft virtualization technology consulting in the USA, call me at 206-443-1117 or visit Prowess Consulting web site.

Got a networking question that you can't find the answer to? Send a note to Dr. Tom at tshinder@windowsnetworking.com and he'll answer your question in next month's newsletter.

=======================
Quote of the Month - "Ability will never catch up with the demand for it." - Malcolm Forbes (1919 - 1990)
======================

2. ISA Server 2006 Migration Guide - Order Today!

3. WindowsNetworking.com Articles of Interest

• Using the New Microsoft Network Monitor (netmon) 3.3 with Network Experts
  
• Windows XP Mode for Windows 7 (Part 1)
  
• Deploying Windows 7 - Part 4: Using MAP 4.0
  
• Working with Read Only Domain Controllers (Part 2)
  
• Troubleshooting common Remote Access Service Problems
  
• Group Policy Preferences: Understanding and Implementing Item - Level Targeting
  

4. KB Article of the Month

How to force Kerberos to use TCP instead of UDP in Windows

The Windows Kerberos authentication package is the default authentication package in Windows Server 2003, in Windows Server 2008, and in Windows Vista. It coexists with the NTLM challenge/response protocol and is used in instances where both a client and a server can negotiate Kerberos. Request for Comments (RFC) 1510, states that the client should send a User Datagram Protocol (UDP) datagram to port 88 to the IP address of the Key Distribution Center (KDC) when a client contacts the KDC. The KDC should respond with a reply datagram to the sending port at the sender's IP address. The RFC also states that UDP must be the first protocol that is tried.

The problem is that UDP supports a limited payload length compared to TCP. This can cause problem with certain intradomain communications.

Check out Microsoft's support site for details on how to configure a fix.

5. Windows Networking Tip of the Month

There are a number of things you can do to make your computer-based work more efficient. Some people like using command line interfaces, like PowerShell, to automate tasks in becoming more efficient. However, PowerShell and other command line solutions involve steep learning curves, and can take a while before you even get to a point of being able to tell up from down.
So while you are counting the hours until your time investment in PowerShell starts generating some returns, when can you do to make your work faster? How about keyboard shortcuts? You can get a quick return on investment by learning just a handful of keyboard shortcuts, but which ones? The ones you think you will use the most!

Check the following link out for a comprehensive list of keyboard shortcuts used in Windows.

6. WindowsNetworking Links of the Month

• Introduction to Windows Server 2008 R2
  
• Windows Server 2008 R2 Reviewers Guide
  
• Windows 7 and Windows Server 2008 R2 Networking Enhancements for Enterprises
  
• Hyper-V VM Processor Compatibility In Brief
  
• TS Gateway Scalability Whitepaper
  
• Threats and Vulnerabilities Mitigation
  

7. Ask Dr. Tom

QUESTION:

Hi Tom,

I have been playing a lot with Windows 7 and I really like it! I never took to Vista and mostly stayed with Windows XP. However, Windows 7 feels like a completely different animal. There is one problem though that I have been having and is driving me nuts. It is related to a new eSATA drive I have connected to the machine.

When I turn on the machine I do not have any problem with the eSATA drive. I notice that the drive seems to "disappear" after a while. When experimenting with this, I notice that it does not happen as long as I put VM files on this drive and keep the VMs running. However, if the drive is not being used for anything in particular, it seems to drop off the system.

Is there anything I can do to keep the drive from being "dropped" by the Windows 7 operating system? Thanks!

- Terry

ANSWER:

I checked out your problem and it appears to be vexing a lot of people running a number of different operating systems. That's good to hear, since I was concerned that perhaps this was a Windows 7 problem.

We have some machines here in our office that use eSATA drives and I tried to simulate your problem. Its appears to be related to power management settings on your hard disk. Some eSATA drives, when they go to sleep, will cause them to drop off the operating system. To fix this, you need to edit the power plan on your Windows 7 computer so that the drive does not go to sleep.

The figure below shows the settings you need to configure. In the Power Options dialog box, Advanced Settings tab, expand the Hard Disk setting and then expand the Turn off hard disk after setting. In the Setting section, set the value to 0. The 0 value is the same as setting the hard disk to never sleep. Click OK to save the settings and away you go. The drive will no longer disappear from your Explorer interface and operating system.

Got a question for Dr. Tom? Send it to tshinder@windowsnetworking.com.