Disappearing SSL certificates from IIS 7.0 manager

“I install a SSL server certificate using the ‘Complete Certificate Request’ wizard in IIS manager and when I refresh the view the certificate disappears. “

I have heard that a couple of times and every time I used to go “What ?” Until someone showed it to me.

If you are one of those who are wondering about this read on.

The Server Certificates module in IIS manager displays a list of certificates from the Local Machine SSL store.

But it only lists the certificate if

1. The certificate has a private key (.pfx format)

2. The certificate is meant for Server Authentication

And this is where the disappearing act occurs.

The IIS Manager enumerates all the extensions of the certificate and checks if OID 2.5.29.37 (Extended Key Usage) exists. If it does the certificate Enhanced Key Usage section must contain 1.3.6.1.5.5.7.3.1  (Server Authentication).

Application Virtualization (App-V) 4.6 – Video Demonstrations and Tutorials

Learn how to create, configure, publish, and maintain virtual applications with Microsoft Application Virtualization with these eight new short videos from the Springboard Series.

 

Create a Virtual Application Using the App-V Sequencer

The Application Virtualization (App-V) Sequencer is a powerful, easy-to-use tool that enables IT professionals to create a new virtual application. This video will walk you through the different files that make up a virtual application package and teach you how to:

• Run the App-V 4.6 Sequencer to sequence an application.
• Create file type associations and shortcuts.
• Configure a custom application package.

[View] [Download]

 

Launch a Virtual Application and Review Client Configuration

The Application Virtualization (App-V) Client provides the IT administrator with many flexible configuration options depending on their enterprise business requirements. This video will outline the user experience when launching an application and demonstrate:

• How to apply configuration at package time, such as Send To and File Type Associations (FTAs).
• How to remove the App-V notification when an application launches, and other client configurations.
• How App-V provides a seamless user experience while leveraging the power of virtualization to avoid application conflicts and installation.

[View] [Download]

 

Publish a Virtual Application Using Full Infrastructure Mode

The Application Virtualization (App-V) Management Console enables you to publish virtual applications to your end users as well as create license metering rules and run reports about your applications. In this screencast, you’ll learn how to:

• Import a virtual application for publishing.
• Create File Type Associations (FTAs) if you chose not to do them at sequence time.
• Assign applications to the appropriate users via Active Directory security distribution groups.

[View] [Download]

 

Update a Virtual Application Using App-V

All Application Virtualization (App-V) application updates occur when the user launches the application. Updating virtual applications using App-V is a simple process that does not impact user productivity because it does not require the user to install an application, or reboot. Familiarize yourself with the upgrade experience from a user perspective then learn how to update a virtual application using App-V.

[View] [Download]

 

Deprovision a Virtual Application

One of the great capabilities provided by Application Virtualization (App-V) is its ability to seamlessly deprovision the application without impacting user productivity, requiring user or application downtime, or requiring the need to uninstall or reboot. This screencast will show you how to quickly and easily deprovision a virtual application using App-V.

[View] [Download]

 

Run Microsoft Office in an App-V Virtualized Environment

 Microsoft Application Virtualization (App-V) provides the ability to deliver virtual applications to users on demand out of the box. With App-V, you can run multiple versions of applications on the same computers where small groups of users will not be adversely impacted by fast deployment and speedy migration, or incompatibilities in file formats between versions of the same applications. In this video, we’ll demonstrate how two different versions of Microsoft Office Word can run side-by-side, and how data can be shared between the different versions.

[View] [Download]

 

Use App-V Metering to Manage Application Licenses

Microsoft Application Virtualization (App-V) provides the ability to deliver, meter, and manage virtual applications on demand out of the box without requiring any additional software or tools. This screencast will demonstrate:

• How to create, apply, and report on a metering rule.
• The user experience when a rule is enforced.
• The importance of metering in assisting IT to controlling access and in purchasing the appropriate number of application licenses.

[View] [Download]

 

Use Dynamic Suiting to Create a Plug-in Dependency for Virtual Applications

Dynamic Suite Composition (DSC) provides the ability to link applications together to create a small footprint for each application by sharing common, non-conflicting dependencies such as add-ins and middleware components. DSC also helps simplify permissions so that, once permissions are granted to the user, the user will automatically receive the plug-in the next time the application is launched without waiting for installation or having to perform an additional activity. This video will walk you through the simple process of using the DSC tool, and show you how to create a plug-in dependency in Microsoft Office Word using DSC.

[View] [Download]

Access additional resources including a Getting Started Guide, planning and design guidance, and security best practices on the MDOP page. Also read – 64-bit version of App-V 4.6 Download and MDOP 2010 Launches!

Advanced Group Policy Management (AGPM)

Microsoft Advanced Group Policy Management is a component of the Microsoft Desktop Optimization Pack for Software Assurance (MDOP SA).

The Advanced Group Policy Management (AGPM) increases the capabilities of the Group Policy Management Console (GPMC), providing:

• Standard roles for delegating permissions to manage Group Policy objects (GPOs) to multiple Group Policy administrators.
• An archive to enable Group Policy administrators to create and modify GPOs offline before deploying them to a production environment.
• The ability to roll back to any previous version of a GPO.
• Check-in/check-out capability for GPOs to ensure that Group Policy administrators do not overwrite each other's work.

If you want to more information about what it brings, have a look at the Advanced Group Policy Management datasheet.
Some features include:

• Offline editing of GPOs
• Difference reporting and audit logging
• Recovery of a deleted GPO (Recycle Bin)
• Repair of live GPOs
• Creation of GPO template libraries
• Subscription to policy change e-mail notifications
• Version tracking, history capture, and quick rollback of deployed changes
• Role-based administration (Editor, Reviewer, Approver)
• Change request approval

AGPM is built out of a client and server component, which need to be installed.

AGPM Server will host the "AGPM Service" and manages the GPO archive.  All AGPM operations are managed through this Windows service and are executed with the service's credentials.  AGPM stores all versions of each controlled Group Policy object (GPO) - which is a GPO for which AGPM provides change control - in a central archive, so that Group Policy administrators can view and modify GPOs offline without immediately impacting the deployed version of each GPO.
Each Group Policy administrator - anyone who creates, edits, deploys, reviews or deletes GPOs - must have the AGPM Client installed on computers that they use to manage GPOs.

Installation Requirements

AGPM Client requires Windows Vista (32-bit version) or Microsoft Windows Server 2003 (32-bit version) as well as the Group Policy Management Console (GPMC).  AGPM Client can be installed on the same computer running the AGPM Server.

AGPM Server requires Windows Vista (32-bit version) or Microsoft Windows Server 2003 (32-bit version) as well as the Group Policy Management Console (GPMC).  Additionally, you must be a member of the Domain Admins group to install AGPM Server.  The AGPM Server component can be installed on a member server or domain controller.

1. AGPM Server Installation Process

In the Welcome dialog box, click Next.

In the Application Path dialog box, select a location in which to install AGPM Server.  The computer on which AGPM Server is installed will host the AGPM Service and manage the archive.  Click Next.

In the Archive Path dialog box, select a location for the archive relative to the AGPM Server. The archive path can point to a folder on the AGPM Server or elsewhere, but you should select a location with sufficient space to store all GPOs and history data managed by this AGPM Server. Click Next.

In the AGPM Service Account dialog box, select a service account under which the AGPM Service will run and then click Next.

In the Archive Owner dialog box, select an account or group to which to initially assign the AGPM Administrator (Full Control) role. This AGPM Administrator can assign AGPM roles and permissions to other Group Policy administrators (including the role of AGPM Administrator). Click Next.

Click Install, and then click Finish to exit the Setup Wizard.

2. AGPM Client Installation Process

In the Welcome dialog box, click Next.

In the Application Path dialog box, select a location in which to install AGPM Client. Click Next.

In the AGPM Server dialog box, type the fully-qualified computer name and the port for the AGPM Server to which to connect. The default port for the AGPM Service is 4600. Click Next.

Click Install, and then click Finish to exit the Setup Wizard.

GPMC User Interface changes
Advanced Group Policy Management (AGPM) adds a Change Control node to each domain displayed in the Group Policy Management Console (GPMC).  In an environment where multiple domains are managed with the GPMC, each domain is listed under the Domains node in the console tree. 
Within the details pane there are 3 primary tabs, providing access to both GPO-level settings and domain-level settings for AGPM.

1. Contents Tab: GPO settings and commands and GPO-level delegation
2. Domain Delegation Tab: AGPM e-mail notification settings and domain-level delegation
3. AGPM Server Tab: Domain-level archive connection settings

AGPM adds a History tab to all Group Policy objects (GPOs) and Group Policy links displayed in the GPMC.  The features of the History tab in the details pane of a GPO are the same as those of the History window displayed through the Change Control tab (by double-clicking a "controlled/uncontrolled GPO").

In the Microsoft Windows Server 2003 operating system (only!), AGPM adds an Extensions tab to all GPOs and Group Policy links displayed in the GPMC.  This tab lists all extensions that contain settings in the GPO (or all registered extensions if "Show all registered extensions" is checked) and identifies them as part of the user or computer context.


AGPM Administrative Template
AGPM is shipped with an administrative template (AGPM.ADM located in the %windir%\inf) containing settings for Advanced Group Policy Management (AGPM) to enable you to centrally configure logging and tracing options for AGPM clients and servers to which a Group Policy object (GPO) with these settings is applied.  Similarly, these settings enable you to centrally configure archive locations and the visibility of the Change Control node and History tab for Group Policy administrators to whom a GPO with these settings is applied.

Role based administration 

In an environment where multiple people build/edit Group Policy objects (GPOs), you can delegate specific tasks to specific people for specific GPOs based on a role model (Reviewer, Editor, Approver, Administrator).
AGPM Administrators can delegate permissions to "Editors" who make changes to GPOs and to "Approvers" who deploy GPOs to the production environment.  AGPM Administrators can configure permissions to meet the needs of your organization, since the "AGPM Administrator" role includes the permissions for all other roles and thus can perform the tasks normally associated with any other role.

• Approvers can perform "Approver Tasks", such as creating, deploying, or deleting GPOs
• Editors can perform "Editor Tasks", such as editing, renaming, labeling, or importing GPOs, creating templates, or setting a default template
• Reviewers can perform "Reviewer Tasks", such as reviewing settings and comparing GPOs

 
NOTE:
To delegate (read) access to Group Policy administrators who use AGPM, you must grant them "List Contents" as well as "Read Settings" permissions (Reviewers role).  This enables them to view GPOs on the Contents tab of AGPM.  Set the permission to apply to This object and nested objects.

For more information: Advanced Group Policy Management datasheet
Also watch the AGPM video presented by Kevin Sullivan, Senior/Lead Program Manager in Group Policy Product Team (23 min)
Or listen to the AGPM talk on Technet Radio on AGPM (15 min)

Related blog post: Windows Server 2008 & Group Policy Management Console (GPMC)

Microsoft Enterprise Desktop Virtualization (MED-V) Administration Video Series

http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=1f0d3e54-25d1-4ec1-a844-3b508bd63ffa

MED-V Step by Step Setup Guide | Part 3: MED-V Client and Management Console

This is the last part of MED-V Step by Step Setup Guide which will cover the MED-V Client and Management Console installation. I will perform this installation in a Windows 7 operating system with 1.5 GB of memory. You need to have a machine with minimum of 1.5 GB memory in order to perform this installation. FYI, MED-V Client and Management Console only support Windows XP, Windows Vista, and Windows 7 with minimum of 1.5 GB memory.

First of all, we’ll need to install Virtual PC 2007 SP1 located inside the MED-V folder and the required updates within the same folder.

After you’ve installed Virtual PC 2007 and all the required updates, execute the MED-V Client installer to kick start the setup. After you executed the installer, a prerequisites will check if you passed all the requirements.

Click Next on the Welcome page

Accept the terms in the license agreement and click Next

Click Next on the Destination Folder page. Of course you can change the location by clicking Change.

On the MED-V Settings page, tick Install the MED-V Management application and also rename the Server address to you MED-V Server name. For instance, MEDVSVR is my MED-V Server name.

*If you wanted to install the MED-V Client for user only, DON’T tick Install the MED-V management application.

Click Install to start the installation.

After the installation completed, un-tick Launch Microsoft Enterprise Desktop Virtualization and then click Finish.

Next, launch MED-V Management under All Programs\MED-V to start the MED-V Management Console.

Enter the User name and Password.

Now you can manage all the virtualized desktop with this newly installed MED-V Management Console.

Cheers~!!! You have just completed the setup. Sadly that I won’t cover the administration and operation in this MED-V Step by Step Setup Guide, maybe in near future. See you~!!!

MED-V Step by Step Setup Guide | Part 2: Med-V Server Installation & Configuration

Continuing from Part 1, Part 2 will be focus on the server installation and configuration. Most of the configuration will be done on the Web Server (IIS). Before we start, please make sure that you done all the prerequisites shown in Part 1.
We’ll start with the Med-V server installation, double click the Med-V Server.msi.

Click Next on the Welcome screen

Accept the terms in the license agreement, and then click Next

Accept the default destination folder location and then click Next. You may change the location by clicking the Change button.

Click Install to proceed the installation

After the installation completed, un-tick the Launch MED-V Server Configuration Manager and Click Finish.

That’s all, the MED-V Server has been successfully installed. Now, we’ll proceed to the configuration.

Go to the Server Manager, expand Roles, expand Web Server (IIS), click Internet Information Services (IIS) Manager. Inside the IIS Manager, expand the tabs until you see the Default Web Site like picture above. Right click the Default Web Site and then click on Add Virtual Directory…

Enter the Alias and the Physical path. Click OK once you’re done

Go back to the IIS Manager and you’ll notice that a virtual directory is created after the Alias that you entered. Click on the newly created virtual directory, MEDVImages for my case. Look for MIME Types categorised under IIS, do a double click to enter.

Inside the MIME Types, click Add located under the Actions pane. You’ll need to repeat this step because there are two MIME Type needed to add.

Enter .ckm in the File name extension, and application/octet-stream in the MIME type.

Enter .index in the File name extension, and application/octet-stream in the MIME type.

Go to the IIS Manager, and click MEDVImages again. This time we need to configure the BITS Upload component located under other.

Inside the BITS Uploads, tick the Allow clients to upload files and then click Apply.

Next, Right Click the MEDVImages and select Edit Permissions…

Go to the Security tab and click Edit.

Click Add to add the appropriate groups.

In this instance, I’ll use Everyone.

Make sure that the group is granted to Read permissions.

We’ve done all the configurations needed in the Web Server (IIS), we shall proceed to MED-V Server Configuration Manager to complete the configuration. Launch the MED-V Server Configuration Manager under All Programs\MED-V.

In this instance we will use the default setting, Enable Unencrypted Connections (http), Using Port 80.

Click on the Images tab. Enter the VM Directory which is the physical path you entered during the installation, and also we configured the Web Server (IIS) to use the same directory.
As for the VMs URL, enter http://SERVERNAME/ALIAS. For instance, http://medvsvr/medvimages.

Click on the Permissions tab. You can add the preferred domain users or groups who will need permissions to manage the MED-V Management Server. I’ll accept the default, Everyone.

Click on the Reports tab. Click Create Database. If there is any failure due to administration rights, you may want to modify the Connection String to Data Source=localhost\sqlexpress;Initial Catalog=medv;UID=SA;PWD=P@ssw0rd. The UID is the SQL Server Administrator account while the PWD is the password.

Click OK after the database successfully created.

Click Test Connection to perform the database connection checking.

Click OK after the connection succeeded.

Click OK after you have configured all the configuration on the MED-V Server Configuration Manager. A window like above will be pop out, click Yes.

Good Job!!! You’ve successfully installed and configured the MED-V Server. The MED-V Server is now ready to host the MED-V images. =)

MED-V Step by Step Setup Guide | Part 1: Server Setup Prerequisites

In Part 1 of MED-V Step by Step Setup Guide, I’ll be concentrate on the prerequisites for MED-V server setup. First of all, we need to enable Web Server IIS role, followed by features like .NET Framework 3.5.1 and BITS. Lastly, we will install SQL Server 2008 SP2 Express Edition.

Open Server Manager, click Roles, and then click Add Roles

Click Next on the Before You Begin tab

Tick the Web Server IIS role on the Server Roles tab

Click Next on the Web Server (IIS) tab

Scroll down to the Security section and tick the following services:
- Basic Authentication
- Windows Authentication
- Client Certificate Mapping Authentication
Click Next once you’re done

Click Install on the Confirmation tab

Click Close after the installation finished

Go back to the Server Manager and this time click on the Features option

Tick the .NET Framework 3.5.1 features and BITS. A pop-up windows (Refer to below) will appear once you tick the features.

Click Add Required Roles

Click Add Required Roles

Click Next on the Web Server (IIS) tab

Click next on the Role Services tab

Click Install on the Confirmation tab

Click Close once the installation is done

Next, we will proceed to SQL Server installation. MED-V support both SQL Server 2005 Express Edition and SQL Server 2008 Express Edition. In my case, I'm using the SQL Server 2008 SP2 Express Edition. You can download it here.

After the SQL Server finished the extraction, click on the Installation tab. Select the first option, New SQL Server stand-alone installation or add features to an existing installation

Click OK on the Setup Support Rules page

Click next on the Product Key tab

Agree the license terms and then click Next

Click Next on the Setup Support Files tab

Click Next on the Setup Support Rules tab

On the Features Selection page, tick the Database Engine Services and then click Next

Click Next on the Instance Configuration tab

Click Next on the Disk Space Requirement page

On the Server Configuration page, select the SQL Server Database Engine Service’ Account Name as NT AUTHORITY\SYSTEM. Click Next after you’re done.

On the Database Engine Configuration page, Account Provisioning tab, select the Authentication Mode as Mixed Mode (SQL Server authentication and Windows authentication). Enter the complex password, P@ssw0rd for my case. Click Add Current User to specify the SQL Server administrators. Click Next once you’re done.

Click Next on the Error and Usage Reporting page

Click Next on the Installation Rules page

Click Next on the Ready to Install page to proceed the installation

Click Next on the Installation Progress page

Click Close once the installation completed
Hooray… You’ve done all the prerequisites already. Next, we will proceed to Part 2: MED-V Server Installation and Configuration. Stay tuned~!!!