Are these your problems with Windows? – part II

 

Hi, I am Ranjana Jain  (http://ranjanajain.spaces.live.com) . I was one of the presenters at the recently held Virtual Tech Days from Microsoft. I presented two sessions – a. Managing Windows Vista using Windows Powershell and b. A look at the performance changes in Windows Vista SP1. A number of questions were asked during these virtual livemeeting sessions, which may not have been answered by me primarily due to lack of time. However I feel it was important to address the queries of the attendees, so like Ravi, I too decided to do that in this blog. So here I have consolidated most of the queries asked during the sessions and have tried to provide all the info that you can benefit from.

Many more questions were also asked that may not have been articulated in the exact same words, but I am sure most of the information that was required has been provided as answers to these queries.

Q1. Can Desktop Settings of users be modified using Powershell?

Answer:  Yes, Windows Powershell is a complete administrative shell using which administrators can do anything on the computer they have rights to. This includes, modifying desktop settings, starting/stopping services, changing policy settings, editing registry and even managing event logs etc.  Here is a link where you can find scripts that have already been created to Manage Windows Desktop Settings: http://www.microsoft.com/technet/scriptcenter/scripts/msh/default.mspx?mfr=true .

Q2. Can we create batchfiles/scripts using Windows Powershell to automate the tasks?

Answer: Yes, infact creating scripts in Windows Powershell is much easier than creating scripts in Visual Basic, or other programming languages. All that you need to create a script for Windows Powershell is to write all the Powershell commands in a notepad as you would want to run in sequence on the Powershell, and just save the file with a “.ps1” extension i.e. <filename.ps1> . Now you just need to provide the complete path of this .ps1 script file at the Powershell prompts and execute it! –J Yippee!!

Q3. Can I activate Windows Vista using Windows Powershell?

Answer: Absolutey, infact a Powershell script already exists in our scripts database to activate Windows Vista: http://www.microsoft.com/technet/scriptcenter/scripts/msh/desktop/activate/default.mspx?mfr=true . These include scripts using which you can not only know the activation status but also use scripts to activate Windows both offline and online. –J

Q3. How do we run the Powershell batch files/scripts on remote computers?

Answer:  This was demonstrated as a part of the scripts I executed during the session. As I mentioned, that in most of the commands that used GetWmiObect , I could replace the “.” value for the /computername parameter with the UNC path of the computer on which you want to execute the command.
For example: – Get-WmiObject -Class Win32_
BIOS -ComputerName.
The above command displays the BIOS information on the local computer. Replacing the “.” value in the above command with the UNC path of the destination computer will display BIOS info for the destination computer.

Q4. Can we edit registry using Powershell commands?

Answer: Absolutely, infact Regedit is not required to edit registry using Windows Powershell. Windows Powershell exposes Windows Registry as a data store ( like C: and D: drives) in the form of psdrives. Therefore you can access the HKEY LOCAL MACHINE registry hive as HKLM:\ and then use usual commands to edit registry. For more information and actual commands to edit specific registry information please view the session recording at: http://www.connectwithlife.co.in/vtd/           
For Example: $value = (get-itemproperty "HKLM:\software\microsoft\internet explorer").version

Q5. Is Windows Powershell a new version of Linux shell, as you can run all Linux shell commands in Powershell?

Answer: Windows Powershell was basically developed to bridge gaps that were there wrt administration using Windows Command Line (cmd shell). We had a large number of commands to manage Windows Server 2003. Many more commands were added with Windows Server 2003 R2. But the cmd shell could still not provide the intuitiveness of Bash , the object based simplicity of Perl etc. So there was a desperate need to have an intuitive and simple command shell that could be more useful especially to administrators. Do watch/listen to this video (an interview with Jeffery Snover , Windows Powershell developer) : http://www.microsoft.com/uk/technet/spotlight/sessionh.aspx?videoid=209

Q6. How can I use Powershell to administer most activities on Windows Vista Computer?
Ans: Powershell can be used to administer Windows Vista Computers in all ways that you can do it using the GUI. Many of such administrative activities were demonstrated in the VTD session and you can even download a Powershell Owner’s manual whre you can access most of the information on how you can use it even better to administer Windows Vista:
http://www.microsoft.com/technet/scriptcenter/topics/winpsh/manual/default.mspx

Q7: Are the Powershell commands same for Windows XP and Windows Vista?

Answer: Although there are many commands that might look same for both the platforms, but yet there are many differences, mostly for administering features that were not present in Windows XP.

Q8: Can existing VB scripts be used on Windows Powershell?

Answer: Before using VB scripts on Windows Powershell, you need to convert them to Powershell scripts. This is a simple task that can be done using existing tools:

http://www.microsoft.com/technet/scriptcenter/topics/winpsh/convert/default.mspx

 

Above al, you can find most of the scripts, tools, guides and resources on Powershell here:

http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx

To learn more about working with Windows Powershell, you can also view many webcasts on Windows Powershell at: http://www.microsoft.com/webcasts

Virtual Lab on Windows Powershell can also be found at: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032314395&EventCategory=3 

Moreover, if you are a Windows Administrator who hates writing a script (like me –J) , please watch: http://www.microsoft.com/uk/technet/spotlight/sessionh.aspx?videoid=214&PUID=000149505AA18347

Happy Powershell Learning –J  !!!

Virtual Tech Days – September 2008 – Virtualization Security

Hi I am Ravi Sankar (http://ravisankar.spaces.live.com/blog) from the TechNet India team. First of all let me thank everyone who attended the sessions under virtualization track. We have received hundreds of questions as part of the sessions and due to time constraints the speakers could answer only a few of them. So I am taking this opportunity to answer all of those questions.

A number of questions are either repeated or asked with same concepts in mind. I have consolidated those into fewer number of questions and answered here. In other words answers written here are not 1:1 replies of your questions but essentially covers everything you wanted to know.

Q1: Is there a virtual firewall or special security protocol in Hyper-V?

A1: The answer is NO. Virtual machines can be protected using the same firewall applications and security protocols used in physical machines. To know more about virtual networks please click here

Q2: Do I need to run antivirus software in all the virtual machines in a Hyper-V based server or is it sufficient to run one instance of antivirus software in the parent partition?

A2: Antivirus software should be installed in all virtual machines including the parent partition. Also depending on the applications installed, the requirement on antivirus software would vary from one virtual machine to another virtual machine. For example, the antivirus software required for a virtual machine running Exchange Server is different from a virtual machine running SQL Server.

Q3: I have a smart client application. Will this work in a virtual machine environment (as such) or does it require customization?

A3: I don’t see any reason for additional customisations. But I do not know the details of the application you have mentioned. So I suggest you to thoroughly test the application  before using it in production

Q4: Can my offline virtual machines be patched to keep it update?

A4: Yes, you can do this. Offline Virtual Machine Servicing Tool can be used to achieve this goal. Click here to download the tool. An update version of this tools is expected soon.

Q5: Please explain the ring model of CPU as far as Hyper-V is concerned.

A5: Hypervisors work at ring –1, OS kernel works at ring 0 and user applications work at ring 3. Ring 1 & 2 are not used in Windows

Q6: What are the specific CPU features required for Hyper-V to run?

A6: For any computer to run Hyper-V it should have a CPU from Intel or AMD with hardware assisted virtualization capability. For Intel processors this technology is called Intel-VT and for AMD processors this technology is known as AMD-V. Additionally Data Execution Prevention (DEP) should be turned on for Hyper-V to run.

Q7: Will the physical environment security applications take care of the full virtual environment or do I have to consider any additional products?

A7: Security applications such as firewalls and anti malware products remain the same for virtual environments. But these security applications should be configured to secure both parent and child virtual machines

Q8: Is System Management Server/System Center Configuration Manager a supported application on Hyper-V?

A8: Yes, SMS/SCCM products can be installed in a Hyper-V based virtual machine. Hyper-V based virtual machines can also be configured as SMS/SCCM clients.

Q9: Is there a “bare metal” installation type available for Hyper-V? Is it possible to install Hyper-V without installing Windows Server 2008?

A9: Yes and this type of Hyper-V implementation is known as Microsoft Hyper-V server. For more details please follow this link http://www.microsoft.com/Hyper-VServer

Q10: How the Hyper-v architecture can mitigate security attacks?

A10: Let’s look at different potential attack vendors on the virtualized environment.

Let’s say an application that encounters malware with some frequency (e.g. a web server) is running in one of the guest virtual machines above. It becomes compromised, but the malware would still need to compromise the guest kernel OS for the virtual machine (which is typically what happens when a physical machine is running an application with a vulnerability). From there the malware could potentially target a number of vectors for broader infection:

  • The right arrow signifies that the malware could try to target other virtual machines running on the same box
  • Alternatively, it could try to target the hypervisor to bring down the overall virtualization environment, or
  • Try to target the VSPs through the VSC-VSP communications path. (Again, the virtualization service clients, or VSCs, enable virtual machines to be installed on their own Hyper-V device and to talk more directly with the virtual service providers which broker access to physical I/O.)
  • Another option is to target the individual virtual machine worker processes where the majority of the code with Hyper-V resides

Let’s now look at how the Hyper-V architecture helps to mitigate these potential attack vectors

The hardware itself mitigates attacks on the OS kernel. The latest CPUs from Intel and AMD have the ability to run this in the most privileged part of the processor, otherwise known as “Ring 0”, and to block access to this from other components (e.g. guest virtual machines running in user mode) that should not have access.

The architecture itself creates isolation between other virtual machines, addressing the scenario of malware trying to attack other virtual machines from the infected virtual machine. If a guest wants to communicate with another guest, it must be done through the root partition. “Back-channeling” is not allowed – no two parts can communicate directly with each other, similar to how two machines connect on a physical network.

Regarding the other three attacks (on the Windows hypervisor, VSPs-VSCs, and on VM Worker processes):

  • The size of the hypervisor, VSCs/VSPs are small (i.e. lower likelihood of vulnerabilities)
  • When VSPs receive data from the VMBus, it is considered untrusted and requires validation
  • If a VM Worker process (where most of the Hyper-V code resides) is brought down, it only brings down the VM session

In short, the separation of components from each other by privilege level and architecture helps enable defence-in-depth against malware attacks.

All of the above components have been extensively tested through the Security Design Lifecycle – threat modelling, fuzz testing, and security code review.

Q11: What is Microsoft Forefront and what kind of protection does it offer?

A11: Microsoft Forefront represents a suite of security products offering protection at client, server and network edge levels. Fore more details please refer to the following link www.microsoft.com/forefront

Q12: How many virtual machines can be created in a given instance of Hyper-V?

A12: Please follow this link to see the maximum supported configurations under Hyper-V. http://blogs.msdn.com/nickmac/archive/2008/07/04/hyper-v-rtm-maximum-supported-configurations.aspx . But these are not fixed numbers. They would change with newer hardware configurations and corresponding changes made to Hyper-V.

Another link: http://support.microsoft.com/kb/956710

Q13: Please explain the difference between monolithic hypervisor and microkernelized hypervisor.

A14: The diagram below explains the difference. Hyper-V follows the more secure and stable microkernelized architecture unlike many of it’s competitors.

Q14: What kind of hardware is recommended for Hyper-V?

A14: http://technet.microsoft.com/en-us/library/cc816844.aspx

Q&A: Top 10 DMVs Admins must know in SQL Server

In the recent Virtual TechDays that got concluded we had a number of sessions and there were questions that couldnt be answered. You can download the PPT for the "Top 10 DMVs Admin must know in SQL Server" at: http://download.microsoft.com/download/6/1/A/61A76FEB-8035-47BC-9573-A438F7513E6A/DAY2/TRACK4/Top_10_DMVs.ppt

Question Asked: What is ITW in SQL 2000 and What are DMVs?

ITW is Index Tuning Wizard and was available in SQL 2000 days. We rewamped it as DTA (Database Tuning Wizard) in SQL Server 2005 which was far more powerful than the SQL 2000 ITW counterpart. Now to get into the second part, Dynamic Management Views (DMV) provide greater transparency and insight into the database and a powerful infrastructure for proactive monitoring of database health and performance to make managing data more flexible and secure.

Question Asked: do we need to run DMV on prod server or we can run on the restored DB also

We need to understand one fundamental thing here, DMV’s are like pseudo views / tables that are exposing the in-memory structures of SQL Server. These are useful to diagnoze any potential problems that might occur in that system. Some of these views are transient and some are cummulative and some get fulshed from time-to-time. Typical examples in these categories would incude Locks data is transient and changes every micro-second while data like the Index usage (seeks, scans etc) are cummulative and data like the query cache can get flushed if there is memory pressure from any other side. Having said all this, these data are NOT like metadata (e.g. sys.tables) which can be restored on another DB and analyzed. There is a way in SQL Server 2008 using Data Collector that we can do this and check the architecture here: http://msdn.microsoft.com/en-us/library/bb677355.aspx

Question Asked: all these DMV are part of SQL 2005

DMV’s were very much intrduced as concepts inside SQL Server 2005 itself. AFAIK, there were close to 80+ DMV’s with SQL Server 2005 RTM build. We increased this set to ~136 with this new version of SQL Server 2008.

Question Asked: How to get a list of all DMVs available for us to query upon….?

Here is a simple query that will help you answer this part:
SELECT * FROM sys.all_objects
   WHERE [name] LIKE ‘%dm_%’
                AND [type] IN (‘V’, ‘TF’, ‘IF’)
ORDER BY [name]

With SQL 2008 we introduced a number of DMV’s around auditing, Extended Events, CDC, Filestreams etc.

Question Asked: what will calculeted by awe_allocated_kb

This value shows the overall amount of memory that is allocated through the AWE mechanism on the 32-bit version of SQL Server. Or, this value shows the overall amount of memory that locked pages consume on the 64-bit version of the product. This value comes from the sys.dm_os_memory_clerks DMV and the documentation for the same is at: http://msdn.microsoft.com/en-us/library/ms175019.aspx.

Question Asked: What permission does a user need to access the DMV’s

There are two types of dynamic management views and functions:
Server-scoped dynamic management views and functions (e.g OS, IO, Threads, tasks etc). These require VIEW SERVER STATE permission on the server.
Database-scoped dynamic management views and functions (e.g Index, Tables, partition, file etc). These require VIEW DATABASE STATE permission on the database.

Question Asked: Which DMV give me query plan or I will use old method to find query plan?

Here is a query that you can run to get the Total Elapsed time of queries and the number of times those queries were hit. It also give’s you the query and the plan used for each of those.

select qs.execution_count
     , qs.total_elapsed_time, qs.last_elapsed_time
     , qs.min_elapsed_time, qs.max_elapsed_time
     , substring(st.text, (qs.statement_start_offset/2)+1
                        , ((case qs.statement_end_offset
                              when -1 then datalength(st.text)
                              else qs.statement_end_offset
                           end – qs.statement_start_offset)/2) + 1) as statement_text
      , qp.query_plan
from sys.dm_exec_query_stats as qs
cross apply sys.dm_exec_sql_text(qs.sql_handle) as st
cross apply sys.dm_exec_query_plan (qs.plan_handle) as qp

Question Asked: How are DMV’s and DMF’s changing the memory consumptions of SQL Server? consider the dm_exec_* which store the results of the current workload.

I think this has come a number of times from various people I have interacted. As described before, DMV’s are in-memory structures and are anyway’s used by SQL Server internally. It is with SQL Server 2005 that we started exposing them in an official manner rather than doing bit-manipulations with some DBCC commands. Hence there is nothing to be worried about the load or memory consumptions. It is not as alarming as you think.

Question Asked: does there is support for DMVs in SQL 2000?

DMV’s were introduced with SQL Server 2005 onwards. Though these numbers are increasing from version to version these cannot be got with SQL 2000 version. If you are still using SQL Server 2000 version I would strongly recommend you to move to SQL Server 2008 version :).

Question Asked: it seems to be very hard to remember DMV names, is there any way to get list of DMV’s and its usage?

Fair enough and I dont think you are the only person finding it difficult :). With SQL Server 2005 I gone to BOL a number of times, but with SQL 2008 the intellisense takes away half the problem. But if you want to learn more on DMV’s and start using them then I would recommend you to book mark this page on MSDN: http://msdn.microsoft.com/en-us/library/ms188754.aspx

Due to time constraints we were not able to answer them during the session itself but I am sure these have got clarified now. Keep those questions coming and we will try our best to answer them during the session else dont forget to visit this blog post the event :). Hope this was of help, btw dont forget to login to the VTD site to register your views on Nov VTD Topics.

PS: These are the exact questions that were asked during the session. I have taken the relevant ones and compiled the same here for you. BTW, there are couple more blogs around other sessions that will get posted.

Vinod Kumar
Technology Evangelist
www.ExtremeExperts.com

VTD – Gets a start !!!

Well, officially from the TechNet team we will have the ITPro tracks starting from tomorrow and there is a dedicated track on Virtualization spanning two days and we have industry speakers from our various organizations talking on different virtualization techniques used by them. We will also have a track on SQL Server and Windows Vista Client (on 19th) that we will talk extensively.

If you have not yet joined our party, feel free to login tomm @ 10AM here.

Our SQL Evangelist blogs on his day 1 experience on the SQL Server topics on the dev track here. Pass you comments and feedbacks … We will be more than happy to hear you !!!

Virtual TechDays – Countdown begins !!!

First, let me take this opportunity to Welcome all to this blog from the TechNet India Team where we try to share our experiences, information on various events/activities we do in India. This is also a channel where we solicit feedbacks from you folks who use our product day-in-day-out. Thanks again for all the innovation you do using our tools and technologies.

This blog cannot come at a better time than now. We are about to start our "Virtual TechDays" in less than a week, actually Sep 17th, 18th and 19th. We are going to give you a tough time in choosing our sessions, as much as 48 sessions with 4 tracks in parallel this is going to be one mega online event you dont want to miss.

From the TechNet side, we have topics around "Virtualization" which is big and we are having close to 8 sessions around this theme. Many of these sessions are done by Industry speakers who have used these technologies – hence this is more of what our customers have experienced. We also have tracks around SQL Server, Windows Vista that you can attend during these three days. BTW, if you are a developer you have choices of sessions around Client development, Mobile, Web development etc. So lots in store for you.

For detailed information around the tracks and sessions, feel free to visit / register at: http://www.connectwithlife.co.in/vtd/

 There are already links from our Evangelists around Virtualization and SQL Server on their blogs.

Ref: http://blogs.technet.com/technetindia/

Advertisements

About Jaggi
love technology, always updated on the latest and current happenings, seminars, tech.Ed, virtual days! Be Yourself!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: