Welcome to the WindowsNetworking.com newsletter by Debra Littlejohn Shinder, MVP. Each month we will bring you interesting and helpful information on the world of Windows Networking. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: firstname.lastname@example.org
1. Windows 8 Whole Volume Encryption: Building a Better BitLocker
Microsoft introduced BitLocker in Windows Vista, and it was one of the most interesting and promising new security features, but that first version had a lot of limitations. BitLocker is a whole volume encryption solution that allows you to encrypt entire system and/or data volumes on your Windows computers running Vista, Windows 7, and Windows Server 2008 and above. It’s pretty handy because you can encrypt your drives too so that anyone who obtains physical access to your computer won’t be able to access your data or boot into the operating system without knowing your PIN or, depending on how you’ve implemented it, without inserting a USB device that contains the startup key.
Windows 8 adds several improvements to BitLocker to make it even more useful and manageable.
- Improvements in BitLocker provisioning
You can now enable BitLocker prior to installing the operation system. This enables you to encrypt the volume before installing the operating system, adding an extra measure of security. You do this from the Windows Preinstallation Environment (WinPE).
- Used Disk Space Only encryption
Prior to Windows 8, BitLocker encrypted the entire volume, including both the data and the free space. For larger drives, this could take a very long time. With Windows 8, you have the option to encrypt only the used space on the drive, which can significantly reduce the amount of time to initially provision the drive for BitLocker (depending on how full the volume is). There are also some new Group Policy settings that enable you to force encryption on fixed data drives, force encryption on operating system drives and force encryption on removable data drives, and to force the type of encryption (full encryption or used disk space only) that is to be used in each case.
- Standard User PIN and Password Change
In the past, you had to have administrative privileges to change the BitLocker PIN or password. With Windows 8, users that are not administrators of their machines will be able to change their own passwords and PINs by default. Note that there might be some security issues with this option, since users might use simple passwords and PINs. You can prevent this by setting complexity requirements for these strings. You also have the option to turn this capability off entirely through a Group Policy setting.
- Network Unlock
One of the major reasons why we don’t use BitLocker on servers is because someone would have to be at the server during a reboot to enter the PIN. In even a moderately sized datacenter, this can be quite a challenge. In Windows 8 Server, the Network Unlock feature will allow those servers on the corporate network that are members of a domain to use DHCP to automatically unlock the encrypted volumes when they are on the network. This feature does require that the computer’s hardware support a DHCP driver implemented in UEFI firmware.
- Support for Encrypted Hard Drives for Windows
With Windows 8, you will be able to take advantage of new encrypted hard drive technology and run Windows on it. These new hard drives use Full Disk Encryption (FDE), which encrypts every block on the disk. Performance is significantly improved because the encryption processing is done by the hard disk controller, not by the main CPU. Tight integration enables you to manage the FDE control through the BitLocker interface.
Windows 8 BitLocker is just one of the very cool new things about Windows 8! Make sure to test drive it when you install the Windows 8 client or server betas.
By Debra Littlejohn Shinder, MVP
Quote of the Month - College isn't the place to go for ideas. Helen Keller (1880 - 1968)
2. ISA Server 2006 Migration Guide - Order Today!
Dr. Tom Shinder's best selling books on ISA Server 2000 and 2004 were the "ISA Firewall Bibles" for thousands of ISA Firewall administrators. Dr. Tom and his illustrious team of ISA Firewall experts now present to you , ISA Server 2006 Migration Guide. This book leverages the over two years of experience Tom and his team of ISA Firewall experts have had with ISA 2006, from beta to RTM and all the versions and builds in between. They've logged literally 1000's of flight hours with ISA 2006 and they have shared the Good, the Great, the Bad and the Ugly of ISA 2006 with their no holds barred coverage of Microsoft's state of the art stateful packet and application layer inspection firewall..
Order your copy of ISA Server 2006 Migration Guide. You'll be glad you did.
Click here to Order your copy today
3. WindowsNetworking.com Articles of Interest
4. Administrator KB Tip of the Month
Configure Static IP Addresses with Netsh Command-line Utility
You can perform a variety of tasks using the Netsh command-line utility, including configuring the IP addresses of network adapters in Windows.
Here’s how to configure a static IP address:
netsh interface ip set address "connection name" static 192.168.0.101 255.255.255.0 192.168.0.1
NOTE: The default connection names are Local Area Connection for wired adapters and Wireless Network Connection for Wi-Fi adapters. The IP address order: client IP, subnet mask, and gateway IP.
Here’s how to configure the DNS addresses:
netsh interface ip add dns "connection name" 18.104.22.168
netsh interface ip add dns "connection name" 22.214.171.124 index=2
NOTE: Remember to replace the connection names and IP addresses
For more administrator tips, go to WindowsNetworking.com/WindowsTips
5. Windows Networking Tip of the Month
System Center 2012 Licensing Gets Simplified
System Center 2012 has shipped and it brings with it a slew of new capabilities and design changes, such as the ability to manage a whole virtual datacenter with System Center Virtual Machine Manager (SCVMM) and the focus on easily managing a private cloud infrastructure. But features and functionality are only half the story when it comes to deploying new solutions. Another important aspect is pricing and licensing. In the past, System Center has suffered from a confusing and convoluted licensing plan with so many different price points that organizations ended up not knowing what they were going to pay for a particular configuration.
The good news is that the licensing structure has been drastically simplified, with the individual components bundled together in one of only two packages: Standard edition and Datacenter edition, with a per-CPU pricing model. Read more about it here.
6. Windows Networking Links of the Month
I’m thinking of testing out Windows Server 8 this month. I don’t have a lot of time, so I’m wondering what new feature or capability should I focus on first? Got any recommendations?
Thanks! – Uli.
Great question! Of course, different folks may have different opinions regarding which Windows Server 8 feature is the most interesting and impactful, but I would say that you’ll get the biggest return on investment for your time if you focus on Hyper-V. Check out this list of new and improved features in the Windows Server 8 Hyper-V
Wow. That’s a lot of bang for the buck. Of these features, make sure you try out Hyper-V Replica, Storage migration, storage of virtual machines on SMB shares, and importing virtual machines – if your hardware supports them. Some of these features require advanced hardware.