- Monthly Newsletter - June 2013

Welcome to the newsletter by Debra Littlejohn Shinder, MVP. Each month we will bring you interesting and helpful information on the world of Windows Networking. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to:

BYOD: Microsoft says "Bring it On!"

The Bring Your Own Device (BYOD) trend has been a mixed bag for most companies. Management and the finance folks like it; IT, not so much. On the one hand, it saves the organization money when employees pay for the laptops, tablets and smartphones they use to get work done, instead of having that expense come out of the company's capital expenditures budget. It makes sense in the context of the new "do more with less" philosophy that's been imposed by a shaky economy.

BYOD is also popular with employees. Even though it costs them money, it also gives them more flexibility to use the devices they prefer rather than being limited to a specific "one size fits all" company-issued model.

On the other hand, having all those different types of devices connecting to the company network – after being connected to other, untrusted networks – poses a big security risk. If you have no control over the apps being used, some of them may (inadvertently or otherwise) expose sensitive company information or introduce malware to the network.

Like it or not, though, it doesn't look as if the BYOD phenomenon is going away anytime soon. IT departments are going to have to find ways to deal with it, both from a policy standpoint and from a practical administrative standpoint. Many companies have moved to prohibit certain apps on personally owned devices used for work, either because of security concerns or because they're considered time-wasters. See this list of most frequently banned apps on iOS and Android.

Another concern is how personally-owned mobile devices are allowed to access resources on the company network. Should employees be able to have full access from mobile devices to the same degree they have from their corporate desktops? The good news is that enterprise software systems are now being developed to take mobile device management into account and there are a plethora of solutions on the market already.

At TechEd earlier this month, Microsoft introduced its own solution for managing employee personal devices right alongside of PCs, using the same centralized management tools and providing a consistent experience that should help to make IT admins' lives a little easier. The strategy will be based on a combination of Microsoft products: Windows Server 2012 R2, System Center R2's System Configuration Manager and Intune, their subscription-based management service.

Brad Anderson (Microsoft Vice President), gave a presentation that outlined how this set of products will enable you to manage Windows 8 and RT devices, Windows Phone 8, and eventually iOS and Android devices that are registered with the network, and control how they are able to access and interact with resources on the company network.

Intune makes sense for workers who connect their mobile devices to the company network across the Internet rather than on-premises – and that's going to be an increasingly popular scenario as the workplace becomes more mobile. Of course, this also fits into Microsoft's new self-identification as a devices and services company rather than "just" a software company – they get to sell each company a subscription to the service.

Intune and System Configuration Manager will work together, with the latter serving as a management console for updating and applying policies to the operating systems and applications on the devices and as a portal for users to download necessary applications for their devices. Devices are registered via each employee's company log-in credentials and each device will need a digital certificate.

The components for this new management strategy are all expected to be available sometime this year. As with most Microsoft products, it's likely that the initial iteration may be a little rough around the edges and may lack some of the features found in some of the third party solutions – but it's also likely that they will be putting a lot of effort into tweaking it and making it better, since mobile devices are obviously the future of computing. It will be interesting to see how it evolves.

What mobile device management solution is your company using or considering? Does the imminent emergence of a Microsoft solution make a difference in your strategy?

By Debra Littlejohn Shinder, MVP

Quote of the Month - To argue with a person who has renounced the use of reason is like administering medicine to the dead. – Thomas Paine

2. ISA Server 2006 Migration Guide - Order Today!

Dr. Tom Shinder's best selling books on ISA Server 2000 and 2004 were the "ISA Firewall Bibles" for thousands of ISA Firewall administrators. Dr. Tom and his illustrious team of ISA Firewall experts now present to you , ISA Server 2006 Migration Guide. This book leverages the over two years of experience Tom and his team of ISA Firewall experts have had with ISA 2006, from beta to RTM and all the versions and builds in between. They've logged literally 1000's of flight hours with ISA 2006 and they have shared the Good, the Great, the Bad and the Ugly of ISA 2006 with their no holds barred coverage of Microsoft's state of the art stateful packet and application layer inspection firewall..

Order your copy of ISA Server 2006 Migration Guide. You'll be glad you did.


Click here to Order your copy today


3. Articles of Interest

4. Administrator KB Tip of the Month

Forcing the removal of Active Directory Directory Services

The demotion of domain controllers can fail when the domain controller on which you are performing this action has no connectivity with other domain controllers in the domain. If this happens, try selecting the "Force The Removal Of This Domain Controller" check box on the Credentials page of the AD DS Configuration Wizard when you are attempting to demote the domain controller.

For more great admin tips, check out

5. Windows Networking Tip of the Month

BitLocker is a great drive/volume encryption technology that allows you to encrypt both fixed and removable media, right out of the box. You can control its behavior using group policy and you can force members of a particular OU to always encrypt specific drives. However, what do you do if you are more interested in making sure that specific groups of users always use BitLocker encryption on their drives? This is a more interesting scenario, because some groups of users have access to more privileged information than others and you want to ensure that high impact information doesn't get into the hands of the wrong people. Out of the box, you can use Group Policy to force specific computers to use BitLocker, but not users. Is there a way to accomplish this? Yes! Check out the article How to Enable User-Based Control/Enforcement of BitLocker on Removable Data Drives to find out how.

6. Windows Networking Links of the Month

7. Ask Sgt. Deb


Hey Deb,

I'm really excited about what I'm hearing about the current version of Hyper-V and especially the new high availability feature – Hyper-V Replica. But I have some questions about capacity planning for the Hyper-V Replica piece. For example, how much storage do I need at my main and replica sites? What happens if I want to include multiple Replica Points? What about IOPS? These are just a few factors and there are probably a lot more. Can you give me some tips to get started on this?

Thanks! – Wally.


Hi Wally,

You're right, there are a number of factors you need to consider if you want to get the most out of the Hyper-V Replica feature. As you know, Hyper-V Replica is a great disaster recovery and business continuity solution for the workloads that are running on your virtual machines. While you could try to figure out all of this on your own, there is an easier way. You can use the Microsoft Hyper-V Replica Capacity Planner. They've done all the work for you so that you can smartly plan what you need in terms of workload, storage, network and server components. For more information, check out Hyper-V Replica Capacity Planner.