Creating the Secure Managed Desktop
(Book no longer for sale. But some key chapters are still available for sale.)
The most important "Managed Desktop" chapters have been moved over to the green book and updated for Windows 7 and Windows Server 2008 R2. And, therefore, we no longer sell this book directly.
You might, however, still want to leverage some of the "still useful" information from this book in your work. So, we've got those "left over" chapters available as purchasable, downloadable eChapters via our eBook partner, "Powell's Books."
Here you'll find five "still useful" chapters on SoftGrid (now Microsoft Application Virtualization), WSUS 3.0 and Network Access Protection. The chapters are very inexpensive (about $5 - $7 each) and contain a ton of useful information. They're also searchable as PDF files!
Chapters with the checkboxes beside them are avaiable as downloadable eChapter for purchase.
Let me guess: Your users have been working, and things have been going great. Then, over time the machine starts to, oh...let's call it "deteriorate." You load more applications, and things get slower. You add a patch, and some applications start acting "funny"-things start crashing and users are rebooting more.
And you know why.
Because Windows doesn't do a really great job at isolating applications and keeping them from kicking each other in the shins. If you have DogFoodMaker 2.0 and CatFoodMaker 3.0 and they each use a DLL named food.DLL, which application is going to use which file? And what if CatFoodMaker 3.0's DLL doesn't work quite right with DogFoodMaker 2.0?
Chaos and performance deterioration, that's what happens.
This chapter talks about Microsoft's SoftGrid. In this chapter you'll learn how to solve issues like:
- App1 and App1A on the same machine
- App1 and App1A on the same Terminal Server
- Installation of new software affects other already-running software
- General "slowing down" of Windows over time
We start out talking about the new idea of Application Virtualization in general. We discuss the various products that can help make this magic happen, but then focus on Microsoft's SoftGrid solution.
Here, you'll learn how to set up a SoftGrid server, how to get a sample application sequenced, and how to make sure the whole thing is working properly.
If you've already bought SoftGrid in the MDOP package but really don't know where to start with it -- then start right here. You'll be up and running by the time the chapter is over.
Quick note: In order to use the stuff we're going to talk about in this chapter, you have to pay Microsoft some extra. First, you positively must be a Microsoft Software Assurance (SA) customer. This means you pay a little extra insurance money up front, hoping that Microsoft produces updates that you want to install. The misconception is that SA customers must be large companies. They don't have to be. You can be an SA customer with as few as 50 seats. You can learn more about becoming an SA customer here: http://www.microsoft.com/licensing/sa/.
Next, you must be willing to buy SoftGrid in a pack of five big products which are bundled as the Microsoft Desktop Optimization Pack or MDOP for about 10 dollars per seat. People who pay now get the benefit of using these tools right away.
In the last chapter, we covered some of the basics for how to use SoftGrid. A SoftGrid 101 course, if you will. In that chapter, we learned how to set up a SoftGrid server, how to get a sample application sequenced, and how to make sure the whole thing is working properly.
In this chapter, we'll be expanding on what we previously learned and covering what's next: our SoftGrid 201 course.
The three big things we'll be covering in this chapter are the:
- SoftGrid Management console Every application starts out by being published in the SoftGrid Management Console. Here's where we get to dictate exactly how a client receives that published application and other Advanced Administration tasks.
- SoftGrid CMC Want to change the default behavior of your SoftGrid clients? Find out how.
- SoftGrid Client Applet Learn all the SoftGrid Client options available right from the system tray.
Note: This Chapter was written by Eric Johnson, SoftGrid Propeller-Head
In this chapter, we'll be covering the last major component of the SoftGrid System, the Sequencer, and how to troubleshoot application sequencing issues.
The three big things we'll be covering in this chapter are:
- The SoftGrid Sequencer Have you ever packaged an application, streamed it down to an end user only to find that your username is in the package? Or how about trying to package an application that writes files to a temp directory, and those files never seem to be added to your sequence? We'll take an in depth look at what is inside the SoftGrid sequencer application. We'll walk through all the tabs and wizards and explain exactly where everything might be used ... or might not be used in some cases.
- Advanced Sequencing Can you package a shortcut to a website? How do you package an active X plug-in? What do I do to perform an active upgrade? Why would I want to branch a package? If you have ever wanted to package something a bit out of the ordinary, this section will lead you in the right direction
- Troubleshooting sequences Sometimes when you package applications, things don't quite seem to work right the first time. Or the second time. Or the 35th time. We'll wiggle out of some sticky situations (and help you avoid those situations in the first place.) I'll share some insight I've gleaned from sequencing hundreds of applications using SoftGrid.
Note: This Chapter was written by Eric Johnson, SoftGrid Propeller-Head
Got holes in your armor? Possible?
How about likely .
You need a patch kit. And Microsoft Windows Software Update Services (WSUS) is gonna help patch you up! If you've used SUS or an older version of WSUS, you're going to love this chapter because we talk about the latest version -- WSUS 3.0 and all it's new features.
You'll learn about the seven (wow!) ways to architect WSUS (with specific advice about which ways are best for your environment.) Then, we'll deploy our WSUS and use (insert fanfare here!) Group Policy to configure those clients so they're "picked up" but the WSUS server.
But WSUS can't patch all your holes. That's where the Microsoft Baseline Security Analyzer comes in. It can find things that WSUS can't find. And we'll show you how to automate your MBSA so you're constantly "in the know" about any situations that come up.
Note: This chapter was written by WSUS and MBSA Propeller-Head Greg Shields
Group Policy has a lot of responsibility on your network. Sure, it's got its touchy-feely side, like setting the desktop background and delivering applications' settings. But it's also got a kicking-butt side, too. And that's the side we want to show you here.
In this chapter, I'll cover just one topic, but a very hot one: how to ensure that only healthy, validated machines make it onto your production network.
Without knowing the "health status" of your machines, you're just letting any machine join your network, regardless of what's running on them; and that's clearly unhealthy.
By using a new Windows Server 2008 technology, called Network Access Protection, in conjunction with Group Policy to configure it all, we'll have a network that automatically decides who lives and dies, er, gets on our network or not.
So, strap in. It's prime time butt-kicking, Group Policy style.
Learn the following things in this ground-breaking chapter:
- Learn what Network Policy Services is vs. Network Access Protection
- Create a NAP test tab, and totally WOW your boss
- Learn when clients "check in" to report their health status
- Learn how to force "unhealthy" clients to talk only with the servers you choose
- Get out of the "chicken and egg" problem so new machines can join the domain, then participate in NAP
- Learn how to make your clients "Auto-Remediate" and get healthy -- without doing anything by hand
- Use Group Policy with NAP to make most of the magic happen
And about a billion more things to protect your network from the bad guys.
