Vol. 45, #8 - September 2, 2013 - Issue #945


Modern domain-join

  1. Editor's Corner
    • From the Mailbag
    • Modern domain-join
    • Tip of the Week
    • Recommended for Learning
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Events Calendar
    • MS Exchange CON 2013 Virtual Conference
    • Americas
    • Europe
    • Australia
  4. Webcast Calendar
    • Register for Webcasts
  5. Tech Briefing
    • Windows Server
    • SharePoint, Exchange and Office
    • Windows PowerShell
    • Hyper-V
    • VMware
    • Citrix
    • System Center
    • Windows Azure
    • Other cloud computing
    • Windows Client
    • Security
    • Other stuff
    • Acknowledgements
  6. Windows Server News
    • Will Google IaaS offering add fuel to cloud's price war fire?
    • USB redirection for remote desktops: A step in the right direction
    • Guidelines for moving multiple VMs with Hyper-V Live Storage Migration
    • Refresher course on VMware virtual storage management
  7. WServerNews FAVE Links
    • This Week's Links We Like. Fun Stuff.
  8. WServerNews - Product of the Week
    • Altaro Hyper-V Backup – FREE for 2 VMs


Altaro Hyper-V Backup Ė FREE for 2 VMs

Want to avoid having to set up an intricate process to keep reliable backups of your Hyper-V VMs but donít think you can afford any other option? Make backing up and restoring Hyper-V VMs easy to manage and get rid of one worry you donít need. Get started for free for up to 2 VMs. Need more? Weíre very competitively priced and donít do complicated pricing structures. Less hassle, more time left and easy on your budget.

Download the FREE or Trial version now!


Editor's Corner

This week's newsletter is all about workplace join, a new feature in Windows Server 2012 R2 Preview that provides a kind of middle ground between domains and workgroups. It's also a key enabler of the new Bring Your Own Device (BYOD) functionality included in the soon-to-be-released Windows Server 2012 R2 platform.

Of course while BYOD is the latest trend in enterprise IT, it will probably never supplant BOYB as a way of enhancing the coding capabilities of Windows programmers as this classic (and somewhat in bad taste given SteveB's recent announcement that he'll be stepping down as CEO within a year) XKCD comic illustrates:

From the Mailbag

In Issue #943 Rapid Release we included the following Reader Request from a reader named Sanj:

I have been in the IT business for over 20 years, working in operational, IT support 2nd and 3rd level, and as a Test Analyst working with for small, medium size organizations and now working for some big multinationals. I am now at a point where I need to do some more IT training but not really sure what I want to do. I keep thinking about Windows Server 2012, virtualization, storage, cloud, web and mobile technologies etc, but not sure which technologies I need to concentrate on first, and what is the best approach.

After work, it's very difficult to be get motivated and start to concentrate on learning all the new technologies. Plus having limited time after work to do all the training etc. I know you have recommended some training material that Microsoft provides and some excellent books and web sites to do some research.

The problem I am having is that you do a couple of hrs training, research etc, each day, but by the end of the week, I have already forgotten but I have learned at the beginning of the week.

Sanj's request generated a couple of responses from our readers:

I would strongly suggest Microsoft's Virtual Academy. It's obviously MS-centric, but you find a lot of topics covered - and they are divided in small pieces. Personally, I'm taking these classes in the evening where I spend 1/2 hour looking at the videos and presentations. That way I get a frequent schedule and don't forget that much. --Martin, an IT Manager from Austria

You can find the Microsoft Virtual Academy here:

I have this same issue. The way I am attempting to resolve it is by using a top shelf CBT online software (Trainsignal and/or CBT Nugget). I decided to use CBT Nugget since can include Transcendor testprep software. Each training session is from 8 to 40 minutes in length and allows you to take notes and bookmarks while watching. Some research claims that humans learn 3 times faster when they see and hear something vs. just reading in a book. I set a standing calendar appointment to train every day at the same time and keep the phone and other distractions away. --name withheld by request

Please don't take this the wrong way. I think Sanj should seriously consider a career in another field. Having worked in the computer industry since 1963 I have found some people lose the dedication required to fulfill their personal work related goals. Others simply can't deal with change. Persons I have encountered that fit these descriptions generally feel miserable and that feeling spills over negatively into their personal life. This can manifest itself into a state of depression. Life is short. Make the break from computers and get on with your life. --a reader named David

On the subject of rapid release itself, a reader named David from Michigan said:

Having more releases quicker is meaningless as the main impediment to upgrading is money with the secondary factor being down time followed with procrastination: "If it isn't broken, why fix it". Usually the driving force to update/upgrade and move forward is when feature sets essential to business needs are only available in or are supported by later Operating Systems.

Personally, I like converting legacy systems in to VM's and unless there is something intrinsically wrong with the legacy system, use it as a VM until such time as the customer can afford to upgrade to the newest OS. If a new Operating System is needed do to service an essential need, then run that OS as an additional VM. This is a Win-Win scenario for the client.

So rapid release is fine by me but it is not going to improve sales one iota unless the "rapid release" brings compelling must have feature sets.

My concern with the future is: Are we at a point in time whereby the "File Server" role is becoming obsolete? With cloud storage and collaboration tools, more and more file server roles are now fulfilled via online solutions. I am having a hard time justifying spending all that money for a server farm and even more for the operating systems when perfectly functional cloud options are here with 5 year operational costs being less than in-house legacy file server costs. So where will that leave us IT folk if we have no servers to sell, configure, support, maintain, and/or repair?

What do other readers think about this? Share your thoughts at [email protected]

By the way, our favorite Mitch clone (Mitch Garvis) will also be weighing in on this subject in a future newsletter soon.

Finally, a reader named Gary emailed us the following question:

Hi, I read your newsletter each week although I don't do a lot of server functions. Your Microsoft knowledge share is what I gleam from the newsletter. But I was wondering if there is a Desktop version of the newsletter and if so what might be the link?

Unfortunately not at this time, but we do cover Windows client in various ways since managing client computers is a key part of being in IT nowadays. Is there anything specific concerning the Windows client platforms that our readers would like to see us cover in this newsletter in the future? Let us know at [email protected]

Modern domain-join

IT has a tradition of wanting to lock down and control end-user devices and the applications running on them. There are various reasons for this as you well know, and most of these reasons are sound and defensible.

Unfortunately in today's modern workforce users often want to use their smartphones, tablets and even laptops for work purposes. The problem of course is that IT can't take over complete control of a user's personal computing device because it belongs to the user, not the company.

For Windows-based devices, IT could require that the user join their device to the Active Directory domain and then apply a special Group Policy to the device that only partially locks the device down. But what if users don't want to do this? In that case, IT could prohibit the user from using the device from accessing resources on the corporate network. But then users might complain that IT is getting in the way again and preventing them from effectively doing their job.

What's the solution? Workplace Join, a new feature introduced in the Preview release of Windows Server 2012 R2, provides a kind of middle ground between having a user's device joined to the domain or leaving it as a standalone device in a workgroup. With Workplace Join, the user can register her device so that IT can permit the user some level of access to corporate resources that is typically more restrictive than the access they would have if their devices were domain-joined.

But that's not all. Workplace Join also allows users to register non-Windows devices like an Apple iPhone or iPad to allow users of such devices to access corporate resources in a controlled and secure fashion.

How does it work?

Workplace Join uses the new capabilities of the Active Directory Federation Services (AD FS) role in Windows Server 2012 R2. Specifically, AD FS now includes a new service called the Device Registration Service that creates a device object in Active Directory when the user registers the device at a special website on the corporate network. The attributes of the device object are then used to provide conditional access to resources the user tries to access and to applications the user tries to run.

How do you implement it?

The steps for implementing Workplace Join are fairly straightforward but you'll need three servers to set things up. Here's a quick summary:

  1. You need a domain controller running Windows Server 2012 R2.
  2. You need to create a Group Managed Service Account (GMSA) account, which is basically a service account that can be used across a domain environment.
  3. You need to obtain a server SSL certificate from a certificate authority (CA) and install it on a second server running Windows Server 2012 R2.
  4. You need to install and configure the AD FS role on the second server.
  5. You need to enable and configure the Device Registration Service on the second server.
  6. You need to do some stuff on your DNS server.
  7. You need to install the IIS (Web Server) role and the Windows Identity Foundation feature on a third server running Windows Server 2012 R2.
  8. You need to install the Windows Identity Foundation SDK on the third server.
  9. You need to do a bunch of IIS configuration stuff and fiddle around with the AD FS Management console.

Now you're all ready to go. Let's say a user wants to join their iPhone to your corporate network. Here's all the user needs to do:

  1. Install an SSL certificate on their phone by browsing to a web site specified by your administrator.
  2. Open Safari on their phone and navigating to a web page by opening a special URL on your corporate network.
  3. Logging on to the web page using their domain credentials.
  4. Accepting the prompt to install a profile on their phone.
  5. Re-entering their PIN to unlock their phone.

That's it.

Learn more about it

If you want to try it out, there are some walkthroughs on TechNet you can use with the Windows Server 2012 R2 Preview eval software. Start with the "Setting up the lab environment" instructions found here:

Then to test Workplace Join with an iOS device, use this walkthrough:

And to test it with a Windows device, use this one:

The blog post titled "BYOD Basics: Enabling the use of Consumer Devices using Active Directory in Windows Server 2012 R2" which can be found on the Canadian IT Pro Connection site has some good background information:

In fact, Anthony Bartolo, a Technology Evangelist at Microsoft, has been writing a whole series of posts on the Canadian IT Pro Connection site describing the various BOYD improvements in the Windows platform here:

Adam Hall also demonstrated this functionality in his TechEd 2013 presentation, which can be viewed online on Channel9 here:

Finally, holSystems Virtual Labs has a hands-on lab you can use to configure Workplace Join:

That should be enough to get you started.

Send us feedback

Got questions or comments about anything in this newsletter? Let us know at [email protected]

Tip of the Week - Windows 8 UI

GOT TIPS you'd like to share with other readers? Email us at [email protected]

Here's a tip we received from reader Nick Rezac, a Network/Systems Engineer based in Ohio:

I was reading the tip from the analyst at HP and realized that this other tip, relating to shortcuts, might be useful to the WSNers as well. Anyways, when you move your mouse to the lower left corner and the start menu tile is displayed instead of left clicking to display the start menu, right click to bring up a very useful set of options.


Thanks very much for that tip. If anyone else has tips that might be of use to our readers, send them to us at [email protected]

Recommended for Learning

Data Science for Business: What You Need to Know About Data Mining and Data-Analytic Thinking (O'Reilly)

Written by renowned data science experts Foster Provost and Tom Fawcett, Data Science for Business introduces the fundamental principles of data science, and walks you through the "data-analytic thinking" necessary for extracting useful knowledge and business value from the data you collect. This guide also helps you understand the many data-mining techniques in use today. Rated 5 stars on Amazon.

Quote of the Week

"Good things come to those that wait, but only the things left by those that hustle." - Chris Gorman

Note to subscribers: If for some reason you don’t receive your weekly issue of this newsletter, please notify us at [email protected] and we’ll try to troubleshoot things from our end.


Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Download Free Hyper-V backup – Make backing up Hyper-V VMs easy, fast and reliable.

Find out why a server is having performance problems with FactFinder Express. Use it to see whether the issue is a slow app, slow SQL requests, or a CPU/Memory/Disk bottleneck. 30 day free trial.

Top 5 Free Tools that IT Pros Love. Free download

Microsoft Office 365 has become an option for organizations looking to move content – particularly Exchange – to the cloud. Learn about the new capabilities in Office 365 and what pitfalls await you.

Snagit can make helpdesk support easier by enabling users to make custom-sized screen captures of error dialog boxes and other problems they experience on their computers:


Events Calendar

MS Exchange CON 2013 Virtual Conference

Get your top MS Exchange questions answered!

All from the convenience of your office, on September 12, 2013!

Discover answers to questions like:

This unique, online conference is limited to 1,000 participants, so register now if you have not already done so:


Project Conference, 2014 on February 2-5 in Anaheim, California

Lync Conference 2014 on February 18-20, 2014 at The Aria in Las Vegas, Nevada

SharePoint Conference 2014 on March 3-6, 2014 at The Venetian in Las Vegas, Nevada

Microsoft Worldwide Partner Conference (WPC 2014) coming in July, 2014 in Washington, D.C.


European SharePoint Conference on May 5-8, 2014 in Barcelona, Spain


Microsoft TechEd Australia on September 3-6, 2013 in Gold Coast, Australia

Microsoft TechEd New Zealand on September 10-13, 2013 in Auckland, New Zealand

Add your event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 95,000 subscribers about? Contact [email protected]


Webcast Calendar

Register for Webcasts

 Add your Webcast

PLANNING A WEBCAST you'd like to tell our 95,000 subscribers about? Contact [email protected]


Tech Briefing

This section is organized topically by platform/product and provides you with links to tips, tools, information and other resources that can help you in your job role whether you're an IT professional or an IT decision-maker.  

Windows Server

Video: Change management for Active Directory - Part 1 (WindowSecurity.com)

Introducing Work Folders on Windows Server 2012 R2 (File Cabinet Blog)

Product Review: Idera Server Backup Enterprise (WindowsNetworking.com)


SharePoint, Exchange and Office

Office 365 Migration Considerations (Part 3) (WindowsNetworking.com)

Microsoft Publishes Office 365 Availability (John Policelli's Blog)

Metalogix Archive Manager - Voted MSExchange.org Readers' Choice Award Winner - Exchange Archiving (MSExchange.org)


Windows PowerShell

Live Migrate Your VMs in One Line of PowerShell (IT Pros ROCK! at Microsoft)

Step-by-Step: Using PowerShell to Add Servers to Server Manager in Windows Server 2012 (IT Pros ROCK! at Microsoft)

Top 10 Tips for Using PowerShell ISE (WindowsITPro)



Virtual Receive Side Scaling (vRSS) In Windows Server 2012 R2 Hyper-V (Working Hard in IT)

Product Review: Altaro Hyper-V Backup (VirtualizationAdmin.com)

VMware or Microsoft? – The Series Introduction (Full of I.T.)



Need some help getting your vCenter Single Sign On Configured? (VMware Blogs)

My Lab Environment (Long White Virtual Clouds)

Tuning Linux (Debian) in a vSphere VM – Part 2 – Virtual Hardware (VMware Directory)



Top 10 Reasons to Strengthen Information Security with Desktop Virtualisation (TechWorld)


System Center

Building a Private Cloud With System Center 2012 (Part 1) (WindowsNetworking.com)

Introduction to Service Management Automation (SMA) (Building Clouds Blog)

Meet MAT - the Migration Automation Toolkit (Building Clouds Blog)


Windows Azure

Planning a Hybrid IT Infrastructure using Windows Azure Infrastructure Services (Part 3) (WindowsNetworking.com)

Announcing CloudBurst 2013 live and online Windows Azure conference September 19-20 2013 (Magnus Martensson)

EU Trade Body Chooses Cloud Platform for European Medicines Verification System (Microsoft Case Studies)


Other cloud computing

Amazon Web Services Updates AWS CloudFormation (Talkin' Cloud)


Windows client

How to create a Windows 8.1 system image backup (step-by-step) (Pureinfotech)



Life after TMG: Considering Sophos UTM as a TMG Replacement (Part 1) (ISAserver.org)

Cryptographic Improvements in Microsoft Windows (Microsoft Security Research & Defense)

Big Data: The Security Perspective (Part 2) (WindowSecurity.com)


Other stuff

Network Load Balancers to the Rescue (WindowsITPro)

Dell Client Configuration Toolkit - change BIOS settings for Optiplex, Latitude or Precision systems, see how here (@DellCaresPRO)



We'd like to thank the following individuals for contributing items for this section from time to time:


Windows Server News

Will Google IaaS offering add fuel to cloud's price war fire?

With the limited barriers to entry, the cloud market is increasingly infiltrated with vendors. Recently, Internet giant, Google, announced their expansion into the Infrastructure as a Service competition. Hear what experts predict for the future of Google's IaaS platform along with what it will mean for the cloud consumer.

USB redirection for remote desktops: A step in the right direction

Remote and virtual desktops gave network administrators full control over every aspect of the computing environment – except one, local peripherals. Read through this tech guide to learn how USB redirection technology can help admins support and manage these devices in a VDI environment.

Guidelines for moving multiple VMs with Hyper-V Live Storage Migration

To speed up the storage migration process you can perform multiple live migrations at once, but you must carefully consider your network and hardware limitations first. This IT tip offers expert advice to help you determine how many VMs you can migrate at once without facing performance bottlenecks or downtime.

Refresher course on VMware virtual storage management

With all of the modifications and updates made to storage management tools for your VMware virtual environment, it can be difficult to stay up to date. Interact with this virtual quiz to test your memory and sort out the latest virtual VMware storage management options.


WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]


Boeing 777 spectacular wake vortex while landing at Birmingham Airport in England on a day of frequent rain showers.

Beachgoers near Kaliningrad on the Baltic Sea got a big surprise when a military hovercraft landed next to them.

And here are a few oldies but goodies from the Flixxy archive...

Conan hosts the comedian Louis CK who is talking about the spoiled generation...

Anyone who has done internet tech support will understand this.

Volkswagen's incredible transparent car factory - You have never seen a factory like this!


WServerNews - Product of the Week

Altaro Hyper-V Backup Ė FREE for 2 VMs

Want to avoid having to set up an intricate process to keep reliable backups of your Hyper-V VMs but donít think you can afford any other option? Make backing up and restoring Hyper-V VMs easy to manage and get rid of one worry you donít need. Get started for free for up to 2 VMs. Need more? Weíre very competitively priced and donít do complicated pricing structures. Less hassle, more time left and easy on your budget.

Download the FREE or Trial version now!


WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit from Microsoft Press and has published hundreds of articles for IT pros. Mitch is also a seven-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com

Ingrid Tullochis Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also Head of Research for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.