Microsoft Services Premier Support

TAM Newsletter February 2011

Microsoft news and product information from microsoft.com and product team blogs

How Microsoft does IT
Deploying the Office 2010 Client at Microsoft Microsoft IT (MSIT) developed a testing and deployment
strategy to deliver Office 2010 to more than 100,000 desktop computers at Microsoft. The testing strategy
resulted in a robust product that has been rigorously tested in a production environment. Learn about the
best practices that MSIT developed, the deployment tools that MSIT used, how MSIT tested Line of
Business applications, and the key communications and training that MSIT created for the Microsoft user
community.
IT Showcase on: Windows Azure Microsoft IT is all in for cloud computing and Windows Azure. Learn how
Microsoft IT is using Windows Azure to move existing applications to the cloud and creating new
applications for the cloud.
How Microsoft IT Leverages Security Enhancements from Windows Server 2008 R2 Windows Server 2008
R2 offers significant security enhancements related to network access, branch offices, enforcement, and
applications control. Learn how Microsoft IT leverages these enhancements to provide a safer and more
secure environment for Microsoft employees and partners.
Microsoft Cloud Services
An Independent Perspective on Private Cloud I recently saw a great article by Greg Shields on TechTarget,
called Defining the Hyper-V Cloud. (You'll need to register [free] to read it, but TechTarget is an excellent
third-party source for IT insight, so it's well worth the effort.)
Now Available: January Update for The Windows Azure Platform Training Kit A newly updated version of
the Windows Azure Platform Training Kit is now available for download . This January update provides new
and updated demo scripts, as well as a new Windows Phone 7 hands-on lab (HOL) for the Windows Azure
platform.
Flickr using Windows Azure and other cloud happenings Recently, Yahoo needed a cloud service provider
that could help them quickly release their newest Flickr app for Windows 7 and Windows Phone 7. They
wanted a dynamic platform that would help engage users across a wide spectrum of connected devices. As
reported in ReadWriteWeb, Yahoo found what they were looking for in Windows Azure.
21apps, Delivering SharePoint Business Value So what is this Hybrid Organization that I speak of and why
does Microsoft Office 365 have such great synergies with it?
Office 365 for enterprises: Works With What You Know Sometimes people refer to the cloud as a
"disruptive" technology. But that's really the wrong word to describe Office 365. Constructive? Yes.
Practical? That, too. Microsoft understands that businesses don't care for surprises. We have gone to great
lengths to make Office 365 familiar and easy to use.
Overview of SQL Azure DataSync SQL Azure Data Sync provides a cloud based synchronization service
built on top of the Microsoft Sync Framework. It provides bi-directional data synchronization and capabilities
to easily share data across SQL Azure instances and multiple data centers.
How Advanced Telemetry became instantly profitable after migrating to the Windows Azure Platform We
recently published this case study on Advanced Telemetry, a startup that offers an extensible, remote,
energy-monitoring-and-control software framework.
Security
More information about the MHTML Script Injection vulnerability We released Security Advisory 2501696 to
alert customers to a publicly disclosed vulnerability in the MHTML protocol handler. This vulnerability could
allow attackers to construct malicious links pointing to HTML documents that, when clicked, would render the
targeted document and reflected script in the security context of the user and target location. The end result of
this type of vulnerability is script encoded within the link executed in the context of the target document or
target web site.
Microsoft releases Security Advisory 2501696 Weve released Security Advisory 2501696, which describes a
publicly disclosed scripting vulnerability affecting all versions of Microsoft Windows. The main impact of the
vulnerability is unintended information disclosure. We're aware of published information and proof-of-concept
code that attempts to exploit this vulnerability, but we haven't seen any indications of active exploitation.
re-BOOT This Year Clean It is that time of the year again to start anew. In terms of personal computers, the
act of restarting the machine is called a reboot an action that triggers execution of code from a special part


of the disk called the Master Boot Record (a.k.a. MBR). As the year 2010 ended, I looked at some of the
threats targeting the MBR.
FakeXPA raises a few brows When rogue security software uses multiple different names for itself, it's not
especially noteworthy. In the past we have seen rogues that changed their names almost every day, and
even a single rogue executable that could use one of 33 different names for itself.
Windows Desktop and Server 7 / 2008 / Vista / 2003 / XP
USMT 4 Update Released to Support Office 2010 Migrations, Fix Other Goo Some of you may have noticed
that if you tried to migrate Office 2010 settings using USMT 4.0, the results were often less than ideal.
Fortunately, I have good news: we have created an update for USMT 4.0 that adds support for Office 2010.
USMT 4.0 migrations of Office 2010 are now supported.
Next Generation Surface Unveiled at CES 2011 We lifted the covers off the next generation Microsoft Surface
or Surface 2.0 at CES. Surface 2.0 represents an incredible collaboration between Microsoft and
Samsung on the Samsung SUR40 for Microsoft Surface.
Remote Desktop Services: Modifying the default RDWebAccess web page for fun and profit I routinely hear
questions from customers about how to modify the default RDWebAccess website. The modifications include
setting default options, automatically inputting server or domain names, or changing the look and feel of the
page to match corporate standards.
Directory Services: AGPM Production GPOs (under the hood) Id like to talk about the inner workings of
Advanced Group Policy Management (AGPM). Lets begin by discovering what occurs behind the scenes
when you take control of a Production GPO using AGPM.
SP1 and Directory Services: Whats New As SP1 draws closer to completion, Im frequently asked about what
changes were added for Directory Services. Today I address some specifics.
PowerShell: Using WS-Man to invoke a PowerShell Cmdlet Most Windows administrators should already be
aware that PowerShell is the preferred ITPro scripting and command-line experience. Many products from
Microsoft and also third-parties expose their management interface as PowerShell cmdlets. Since
PowerShell is currently only available on Windows, how can you manage Windows from a non-Windows box?
Cluster: Configuring IP Addresses and Dependencies for Multi-Subnet Clusters This short guide will provide
a walk-through showing how easy it is to configure using Windows Server 2008 R2 Failover Clustering. See
also Part 2.
IE: HTML5 and Web Video: Questions for the Industry from the Community A Web without video would be a
dull Web and consumers, developers and businesses want video on the Web to just work. As an industry we
know this and have, until recently, been on a path to make this a reality with HTML5 by integrating video into
Web pages more natively using H.264. There is more detail and discussion below but I want to be
unambiguous on some key points.
Virtualization Technologies
Microsoft Server Application Virtualization CTP Released Run More of your Applications on Windows Azure
We are excited to announce the Community Technology Preview of Microsoft Server Application
Virtualization (Server App-V), and the Server Application Virtualization Packaging Tool.
Hyper-V: Enabling processor compatibility with a script When we released Windows Server 2008 R2 we
added the ability to make a virtual machines processor more compatible for migration between different
hardware platforms (details here). Here is a PowerShell script to do this for you.
Using Hyper-V for a high-end desktop computer I often get asked what my recommendation is for a high-end
desktop computer for the virtualization enthusiast. The root problem that causes this question is the well
noted issues with Hyper-V and high-end video cards. Thankfully this can now be a problem of the past.
MED-V: A More Granular Approach to Troubleshooting First-Time Setup of Workspaces in MED-V 1.0 Is
there a more streamlined way on troubleshooting the first-time setup? It is such a pain in the neck to have to
wait and re-download an image just to test one simple command or piece of syntax!
Breaking IT Down: Deploying MED-V with Existing Management Systems As Ive talked to IT pros at events
around the world, many of you have told me that the biggest barrier to your Windows 7 deployments has been
incompatible legacy applications. These applications may run on Windows XP or they might be browser-
based applications that run in Internet Explorer 6 or 7. While many older applications just work in Windows 7,
some may require compatibility shims. Others may require upgrades or patches. You may decide to replace
some applications or retire them altogether. For those applications that are left the ones that simply must
run on Windows XP you should know about Microsoft Enterprise Desktop Virtualization (MED-V) 2.0. MED-
V bridges the last mile of application compatibility between Windows XP and Windows 7, allowing older


applications to run inside Windows XP compatibility workspaces but integrate seamlessly into your users
Windows 7 environment.
SQL Server
Install PowerPivot for SharePoint on a Domain Controller Take a video tour of this 4-part PowerPivot video
series: How to install a system and get it up and running in a standalone demo system environment.
What is the SSAS Maestros? Over the last few weeks, there has been a lot of questions, tweets, and rumors
about the SSAS Maestros program some notable blogs include Kasper de Jonges Do you have what it
takes to become SSAS Maestro and Vidas Matelis SSAS White Paper List.
New Drives Use 4K Sector Size Why am I talking about this on a SQL Server blog? - The change has impact
to your SQL Servers. There are two areas you need to be aware of. PERFORMANCE and DATA
INTEGRITY.
Tips for using DB user with password This new capability presents a lot of benefits, but it also implies new
challenges and responsibilities for DB administrators and developers in order to deploy securely. Here I
present a few tips that should be useful to make use of this new tool.
HP Business Decision Appliance A Closer Look at Backup and Availability Features Today we announced
the availability of the HP Business Decision Appliance. This is the culmination of many months of engineering
work between HP and Microsoft to develop a software/hardware solution to enable easy access to self-
service business intelligence technology. The solution is designed for medium size businesses and
departmental enterprise deployments.
Exchange Server
GAL Segmentation, Exchange Server 2010 and Address Book Policies Since the early days of Exchange
Server our customers have used various methods to provide different views of the Global Address List (GAL)
to subsets of users within the same Exchange Organization.
Obviating Outlook Client Restarts after Mailbox Moves Historically, when an administrator moved an
Exchange 2010 mailbox from one database to another, the user's Outlook client would present them with a
message stating: The Exchange administrator has made a change that requires you quit and restart
Outlook.
Robert's Rules of Exchange: Storage Planning and Testing In this post, we want to discuss some of the
thought process you should have as you decide what your storage infrastructure is for Exchange 2010.
Further, we will discuss how and why you should test your storage. These processes belong early in the
planning stages for Exchange 2010, because if you don't test your storage before moving users to that
storage, it is a lot more painful to fix than if you could fix something without affecting users.
System Center
CM: SCCM state messagingin depth State messaging is a new mechanism in SCCM which reflects point in
time conditions on the client. Status messages, by contrast, work to help administrators track the flow of data
through various SCCM components.
Whats New in the Configuration Manager 2007 R3 Transfer Site Settings Wizard The Transfer Site Settings
Wizard in Configuration Manager 2007 R3 provides two new options that are shown in the following picture:
Power Management Agent and Enable Active Directory Delta Discovery and Delta Discovery Interval.
Configuring Configuration Manager 2007 Sites for Best Performance We always seem to get a lot of
questions regarding how to configure Configuration Manager 2007 for the best performance and while we've
had this information published in TechNet for a while I thought it would be worth a mention here. Whether
you're setting up ConfigMgr 2007 for the first time or you have an implementation that's been up and running
for years, you'll probably find something valuable here.
Configuration Manager 2007 Service Pack 1 End of Support As of January 11th, 2011 ConfigMgr SP1
Support has ended. The most current Service Pack organizations should be on to remain fully supported is
Service Pack 2.
Ford Expects to Save More Than $1 Million with PC Power Management We want to highlight a recent 1E
case study with Ford Motor Company. It shows how Ford expects to save over $1M per year just by
combining the power of Configuration Manager with 1Es NightWatchman.
Guest Blog: How power consumption and cost calculations work in Configuration Manager 2007 R3 In this
post we will cover the first area of understanding Power Consumption calculations, and next week we will
publish part 2, Power Cost Calculations.
VMM: The new "Dynamic Memory" feature of Hyper-V explained Here are the links to a six part series titled
Dynamic Memory Coming To Hyper-V and an article detailing 40% greater virtual machine density with DM.
RD Connection Broker plug-in for System Center Virtual Machine Manager 2008 R2 released!


We just released an RD Connection Broker plug-in for VMM 2008 R2 that enables dynamic placement of VDI
virtual machines for both personal virtual desktops and virtual desktop pools.
DPM: How to use SAN recovery option and mapping data source volumes to Windows disks Say you want to
use the DPM SAN recovery option. This requires storage management steps for which it is useful to know
which Windows disks (LUNs) hold the associated DPM volumes for a given data source.
Opalis: New utility to automate the installation of the Opalis ops console You can read more about the utility
here, watch a demo of it in action here, and register for the download here. The utility is free, and after you
complete the short download form, you will receive an e-mail with a link to the download.
Opalis 6.3 step-by-step installation guides We have posted an article which contains links to two great
installation resources. There is a video from Charles Joy showing the installation process, and there is a
screenshot based article from Christopher Keyaert, one of our Opalis Community members.
Office SharePoint Technologies
Duet Enterprise Architecture Duet Enterprise is a jointly developed product from SAP and Microsoft that
enables customers to consume and extend SAP processes and information from within SharePoint intranet
sites and Microsoft Office 2010. Duet Enterprise Foundation is built on top of SAP Netweaver and Microsoft
SharePoint Server 2010. See also: Searching SAP Data with Duet Enterprise 1.0 and SharePoint Server
2010
SharePoint 2010 and Apple iPad Microsoft SharePoint 2010 supports several modern, standards based,
XHTML 1.0 compliant browsers such as Internet Explorer 8, Firefox 3.6 and Safari 4.x as detailed in the Plan
browser support (SharePoint Server 2010) on Microsoft TechNet. It explains in detail which features work
and which do not across the browsers and is the most up to date browser support information. The mobile
versions of Safari browser on the Apple iPhone OS (used by the iPhone and iPad) have not been tested by
Microsoft, and there may be issues using them with SharePoint 2010.
SharePoint 2010 Managed Metadata Issues Ive been working with SharePoint 2010s Managed Metadata
Service Application since the betas. Now that were nine months into the product Ive been able to help
several customers configure and utilize the service. Its powerful and extremely valuable. There are a variety
of gotchas with the Managed Metadata Service Application in SharePoint 2010, but you should not be afraid
to use it.
Use tabs to display groups of list items for easy navigation This article demonstrates a method to list groups
in a data view as show/hide tabs instead of inline with the data. This is done with a combination of a subview
(from the same list), javascript, and css.
Simple Solution for User Management in a Small SharePoint 2010 Extranet Most organizations will install
SharePoint internally and use Active Directory for user authentication and user management. That setup
works beautifully. But when you choose to use something other than Active Directory for authentication,
SharePoint does not provide a complete alternative.
Microsoft Office System
Office Templates on View Today the home page at http://www.office.com features a much richer way to
preview templates than the wee thumbnails the site traditionally offers.
Access: Evaluating database needs across SQL Server, SQL Azure, SharePoint and Access Every now and
then we hear from customers who want some cheat sheet or Excel-based "calculator" to help them decide
what technology to base their application on: SQL Server, SharePoint, Access, etc.
Project: Project Web App Help content on TechNet While the Help system within Project Web App continues
to point to Office.com, this content has been made available on TechNet for those who may have an easier
time browsing through content in the TechNet Library.
Outlook: User Datagram Protocol in Microsoft Exchange Server 2010 SP1 RU3 For those of you that are on
Exchange 2010, but arent running Outlook 2010, weve heard your feedback about the removal of User
Datagram Protocol (UDP). Were happy to announce that our partners in Exchange will re-introduce UDP in
Microsoft Exchange Server 2010 Service Pack 1 Roll-Up 3 (SP1 RU3).
PowerPoint: Reorder objects on a slide in PowerPoint for Mac 2011 If you sometimes lose objects behind
other objects on a PowerPoint slide, Office for Mac 2011 has a solution for you.
Handling Changes to the Project Start Date The advantage of Move Project is that everything in the project is
moved with respect to its original offset from the project start date. For example, in this project task b has a
deadline 5 days into the project and task c has a constraint to start 2 days after the projects start date.
Excel: Control slicers by using VBA Todays author is Jan Karel Pieterse, an Excel MVP, who explains how to
work with the SlicerCache object, and how customize buttons or change slicer properties by using VBA.


Excel table or PivotTable? In Excel there are tables and PivotTables. You may wonder why you'd need to
create a table when the whole worksheet already looks like one. And you've heard about PivotTables and
how complex they are.
OneNote: Learn OneNote on the iPhone with our free guide By now you've probably heard about our exciting
OneNote Mobile for iPhone news last week. Many of you acknowledged that Microsoft's decision to bring its
first Office program to another mobile platform is a pretty big deal, even if the iPhone may not be your
preferred smartphone.
OCS / Lync Server and Client: Introducing Microsoft Lync: Complimentary Instructor-Led Course Microsoft
now offers a complimentary instructor-led course: Introducing Microsoft Lync. In this overview session,
users will learn how Lync integrates instant messaging, audio and video calling, and online meeting
functionality into one easy to use, unified platform that will contribute to greater collaboration and more
effective communication. This 100-level course is offered virtually.
Integrating Communications Server 2007 R2 with Exchange UM When a Users Mobile Number Is Their
Primary Number If you add Exchange Unified Messaging (UM) to the mobile-phone-as-primary-number
scenario described earlier in this article, you get an issue. The integration itself works fine and as expected.
The problem occurs when the users log off their computers and go to meetings, drive home, or are generally
not logged on.
Forefront
New Certificate Required For Antigen 9 Installations on Windows Server 2000 As of January 18, 2011,
Microsoft will be signing antivirus engines used by Antigen with a new certificate in order to continue to
ensure secure and reliable virus-engine updates. This will require a new certificate implementation on any
Windows 2000 server running Antigen 9.0.
UAG: UAG and SharePoint mobile access A nice feature of SharePoint is SharePoint Mobile Access,
which allows you to access SharePoint sites on a mobile phone, without having to cope with the busy
SharePoint web interface on the phones small screen. This is a built-in feature of UAG, as well as Windows
Mobile. Configuring this on UAG is not that difficult, but many users are not familiar with how to actually use it
on the phone itself.
Other Information
Shedding Light on Our New Cloud Farms In addition to operating one of the largest global datacenter
footprints in the industry, we have been super busy working on multiple next-generation, modular facilities that
are in various phases of construction.
New themes for a new year Were kicking the year off with several new Windows 7 themes.
Data security and privacy in Windows Live Windows Live is entrusted with safekeeping the email, contacts,
photos, documents, and more that over 500 million people bring to our services each month.
Microsoft Developer Information
Expression Encoder 4 SP1 released! Today we have released a service pack for Expression Encoder 4 that
includes some new features and a bunch of bug fixes. Here is a list of the new features we have added.
Keeping an applications UI responsive with multi-threading This is not a new topic to be sure, but application
responsiveness is a fundamental issue that continues to plague many applications running on the Windows
platform.
Windows Phone 7: Windows Phone 7 Documentation Landscape Windows Phone 7 represents the
convergence of many Microsoft technologies into a single product. In addition to the phone-specific API,
applications can utilize APIs from Bing, Xbox Live, Silverlight, the XNA Framework, C#, and Visual Basic. In
this blog post, I will point you to the places where you will find the relevant documentation for Windows Phone
7 development.
SDL: It's Really Only 16 Security Practices - Implementation Guidance Included! Here is a new way to sort
and view the SDL practices and implementation guidance. In April 2010, we worked closely with the Archer
Corporation (since acquired by EMC) to integrate the Microsoft SDL into the RSA Archer eGRC Platform as
an Authoritative Source. This integration allows any company using the RSA Archer eGRC Platform to
download the Microsoft SDL Authoritative Source and manage their SDL efforts in parallel with any
compliance activities they are already managing using the RSA Archer eGRC.
New Tool: Announcing Attack Surface Analyzer! Microsoft has required attack surface validation of
applications prior to release for years - however assessing the attack surface of an application or software
platform can be an intimidating process at first glance. To help ease the process, we are releasing a tool
called Attack Surface Analyzer to assist both testers and IT Pros in assessing the security of an
application. The Attack Surface Analyzer is being released as a beta - to allow us time to gather feedback
and real world usage data from our customers.


Monthly Reminders of Good Information Sources:

Security Page Links to Key Information
Malware Protection Center The Microsoft Malware Protection Center (MMPC) provides world class antimalware
research and response capabilities that support Microsofts range of security products and services. With
laboratories in multiple locations around the globe the MMPC is able to respond quickly and effectively to new
malicious and potentially unwanted software threats wherever and whenever they arise.
HotFix & Security Bulletin Search
Microsoft Solution Accelerators are free, authoritative resources to help IT professionals proactively plan,
integrate, and operate IT systems.
Microsofts Support Lifecycle policy provides consistent and predictable guidelines for product support availability
at the time of product release.
BlogMS Monthly BlogMS consolidates a large number of highly relevant and up to date information sources
across the Microsoft product and online services portfolio. You can expect to find important announcements and
details of Microsoft news, product releases, service packs and important support issues.

Microsoft Premier Online https://premier.microsoft.com The Microsoft Premier Online (MPO) site is a secure Web site
for the exclusive use of Premier Support customers. Note some of the links below may only be available to Premier
Support customers. If you currently have Premier Support and dont have access to MPO, please let your TAM know.
Your TAM can get you access to the site.

Premier Twitter: Microsoft Premier is now on Twitter! This account will share new proactive offerings and product
information, links to important articles on TechNet or Microsoft Blogs, important lifecycle updates, and security
alerts. Start following us today by visiting here!

Support WebCasts

List of Upcoming WebCasts: http://www.microsoft.com/events/webcasts/upcoming.mspx
List of Previous WebCasts for on demand viewing: http://www.microsoft.com/events/webcasts/ondemand.mspx
See the Top Ten List of the most popular webcasts.

Recent Security Bulletins (Security Bulletin Archives)
Microsoft Security Bulletin Summary for January 2011
Microsoft Security Bulletin Summary for December 2010
Microsoft Security Bulletin Summary for November 2010
Last 5 Published or Updated Security Advisories:
Microsoft Security Advisory (2501696)
Vulnerability in MHTML Could Allow Information Disclosure
Published or Last Updated: 1/28/2011

Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
Published or Last Updated: 1/19/2011

Microsoft Security Advisory (973811)
Extended Protection for Authentication
Published or Last Updated: 1/12/2011

Microsoft Security Advisory (2488013)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published or Last Updated: 1/11/2011



Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
Published or Last Updated: 1/11/2011

For the entire list of published Security Advisories, visit the Security Advisory Archive Web site.

For the latest information and resources, see https://premier.microsoft.com