Tuesday the 4th started with Stuart Kwan’s keynote at 8am – he talked about an eventual plug and play software “identity bus†where you just plug in identity management software, and it just works – the same as PCI or USB hardware does on those busses. It’s a pretty cool concept, and that Microsoft is driving in that direction is great. I just can’t see how quickly they’ll be able to get there. But it’s a well thought out plan they seem to have. I’m excited to watch it grow.
Next was 2 sessions by Darren Mar-Elia about Group Policy wrapped around a session by Group Policy Program Manager Kevin Sullivan (I couldn’t find a blog/site of his, so that’s the Group Policy team blog). Darren spoke first about automating GPO, then about performance tuning. The information on automating GPO will be used within the next few weeks at work – the one thing I dislike about my job is getting up in the middle of the night to turn on a script element, or change GPO object linking – it’s VERY simple work, takes only seconds, but has to be timed. Now that I can script and schedule, I’m a VERY happy man! Darren did some great demos, provided info about a few of the cmdlets he used, and sent me away with a ton of new info. His second session on GPO performance was really informative, and greatly influenced a few designs I have building right now. He talked about the differences between running lots of objects with few settings vs. few objects with lots of settings and how the engine parses them. It turns out that for a “gpupdate /force†or a reapply of all objects, the timing is about the same!
Kevin Sullivan talked about the new “GP Preferences†and client side extensions available for WinXP and higher OSes, that will be available with the new Remote Server Administration Tool (RSAT). I’ve been looking for that download every day since they mentioned it. Still waiting… but with some new security initiatives at one of my smaller clients, I’ll be using these soon as well!
Mark Foust from Microsoft had a great discussion on security audits and the most common problems found – they’re amazingly simple ones to fix, too, like cleaning up members of built-in groups such as “Schema Adminsâ€, that even large enterprises miss. A great reminder of where to start with security house cleaning.
We then had several “Birds of a Feather†sessions – I attended the Group Policy one lead by Kevin and Darren. We had some great back-and-forth about how other companies are using Group Policy, how to do upgrades to the new Client-Side Extensions, and other GPO subjects. There were some requests for better reporting than the RSoP provides, and a request for a way to dump RSoP reports into something that can be audited against, like with System Center 2007. It’s not something I had noticed as missing in my environments, but the idea was mentioned, I realized how great it would be. Hopefully Kevin has taken the idea back to Redmond for further review.
The evening was spent mostly in the Centrify hospitality suite, talking Linux/Windows interoperability with several other attendees, and an early trip home to rest up for the morning!