In this festive months, everyone has gone for holidays. But IT Pro Manager, Desmond Kung, of Pluto Technology isn’t going for holidays. It seems like this is the best time to get this IT infrastructure sorted out right without causing too much operational impact to this company staff. Desmond and his team leads all technology engagements in Pluto.
http://windowsmvp.spaces.live.com/blog/cns!80195647FE07388F!325.entry
Desmond believes in IT as a business multiplier. In his previous project (link above), he implemented a hybrid of Network Access Protection into his current Windows environment. He has been driving his business with Small Business Server 2003. Seeing that his business has grown, he needs an infrastructure that is more robust, and more space for growth. He is looking into replacing SBS 2003 with Full Enterprise versions.
Upgrading Active Directory from SBS2003 to Windows 2008 and Exchange 2003 in SBS to Exchange 2007. In case you need the steps, there is a discussion at the link below.
With the new Windows 2008 server, he is able to better manage the power consumption of the servers and clients he has in office. Using Active Directory, he can use Group Policies to better govern his clients. There are also power savings for Windows 2008. Check this paper: http://www.microsoft.com/downloads/details.aspx?FamilyID=61d493fd-855d-4719-8662-3a40ba3a0a5c&displaylang=en To get started with Group Policies, http://technet.microsoft.com/en-us/library/cc725828.aspx
Improving Identity Management
Migrating from Windows SBS 2003 to Windows 2008 Active Directory Domain Services (AD DS), provides a much more granular and fine tuned approach to identity management. He can now build Fine-Grained Password Policies, which isn’t possible with Windows 2003 AD. He can now define multiple password policies within a domain, instead of 1 policy per domain. Prior to this, if there are multiple password policy requires, he’ll have to create 2 domains. He can now do so with 1 domain. An example may be, a receptionist may not require the strict password policy that may be needed of a research scientist who generate intellectual property for a company.
With Windows 2008, he also has the ability to deploy Read-Only Domain controller, which improves security at a branch office. He now can deploy a Domain Controller to a branch and not worry about someone stealing it and compromising the entire domain. He can identify the potential accounts that could be compromised by a stolen domain controller from a branch and force a reset on those accounts and revoke that stolen domain controller. This provides a much more secure infrastructure for identify management.
He can also now recover a Domain Controller without the tedious hassles of rebooting into a Directory Services Restore Mode. You can now simply make use of a Restartable Active Directory Domain Services. Enter “restore mode” by stopping the AD DS service. This saves a huge a mount of time making it more robust for a system admin to recover a domain controller which may be faced with a NTDS.DIT problem. He can also use the Database Mounting Tool to examine a Domain Controller’s Database to inspect it, perhaps to look for changes, example, accidentally deleted objects.
There are several other enhancements available in AD DS. Check out this list. http://technet.microsoft.com/en-us/library/cc755093.aspx
Easier Administration and Powerful Automation
With built in Power-Shell, Pluto is able to automate and accelerate their administrations. Using scripts found at the TechNet Script Center, they could easily put together codes making automation a breeze. Since Windows 2008 and Exchange 2007 has good support for PowerShell, Pluto could automate most tasks which was previously tough or not possible. For a start, he is using the Power Shell scripts to automate configuration of systems and managing his new Exchange 2007.
To help you get started, i am including this link, “Windows PowerShell 1.0 Documentation Pack”
If you are serious about automating your Windows Servers, try out PowerShell. You will be able to save that huge amount of time and do more productive work. By being able to manage and have better control, Desmond is setting the ground for doing more. We’ll hear from Desmond more. He has just started his adventure. He will be looking at deploying Web Applications on IIS7 and of course, Virtualization.
/Dennis
