With Win10 slated to drop July 29, we give you the straight dope on support, upgrades, and the state of the bits
It’s a few days before Windows 10 is officially slated to drop, and still, confusion abounds. Worse, many fallacies regarding Microsoft’s plans around upgrades and support for Win10 remain in circulation, despite efforts to dispel them.
Here at InfoWorld, we’ve been tracking Windows 10’s progress very closely, reporting the evolving technical details with each successive build in our popular “Where Windows 10 stands right now” report. We’ve also kept a close eye on the details beyond the bits, reporting on the common misconceptions around Windows 10 licensing, upgrade paths, and updates. If you haven’t already read that article, you may want to give it a gander. Many of the fallacies we pointed out six weeks ago are still as fallacious today — and you’ll hear them repeated as fact by people who should know better.
Here, with Windows 10 nearing the finish line, we once again cut through the fictions to give you the true dirt — and one juicy conjecture — about Windows 10, in hopes of helping you make the right decisions regarding Microsoft’s latest Windows release when it officially lands July 29.
Conjecture: Windows Insiders already have the “final” version of Windows 10
Give or take a few last-minute patches, members of the Windows Insider program may already have what will be the final version of Win10. Build 10240, with applied patches, has all the hallmarks of a first final “general availability” version.
If you’re in the Insider program, either Fast or Slow ring, and your computer’s been connected to the Internet recently, you’ve already upgraded, automatically, to the Windows 10 that’s likely headed out on July 29. No, I can’t prove it. But all the tea leaves point in that direction. Don’t be surprised if Terry Myerson announces on July 29 that Insiders are already running the “real” Windows 10 — and have been running it for a couple of weeks. Everyone else can get a feel for the likely “final” Windows 10, build 10240, by checking out our ongoing Windows 10 beta coverage at “Where Windows stands right now.”
Fact: Windows 10 has a 10-year support cycle
Like Windows Vista, Win7, and Win8 before it, Windows 10 has a 10-year support cycle. In fact, we’re getting a few extra months for free: According to the Windows Lifecycle fact sheet, mainstream support ends Oct. 13, 2020, and extended support ends Oct. 14, 2025. Of course, if your sound card manufacturer, say, stops supporting Windows 10, you’re out of luck.
ALSO ON NETWORK WORLD: What if Windows went open source tomorrow?
I have no idea where Microsoft’s statement about covering Windows 10 “for the supported lifetime of the device” came from. It sounds like legalese that was used to waffle around the topic for seven frustrating months. Microsoft’s publication of the Lifecycle fact sheet shows that Windows 10 will be supported like any other version of Windows. (XP’s dates were a little different because of SP2.)
Fiction: The 10 years of support start from the day you buy or install Windows 10
There’s been absolutely nothing from Microsoft to support the claim that the Win10 support clock starts when you buy or install Windows 10, a claim that has been attributed to an industry analyst.
The new Windows 10 lifecycle and updating requirements look a lot like the old ones, except they’re accelerated a bit. In the past we had Service Packs, and people had a few months to get the Service Packs installed before they became a prerequisite for new patches. With Windows 8.1, we had the ill-fated Update 1: You had to install Update 1 before you could get new patches, and you only had a month (later extended) to get Update 1 working. The new Windows 10 method — requiring customers to install upgrades/fixes/patches sequentially, in set intervals — looks a whole lot like the old Win 8.1 Update 1 approach, although corporate customers in the Long Term Servicing Branch can delay indefinitely.
Fact: You can clean install the (pirate) Windows 10 build 10240 ISO right now and use it without entering a product key
Although it isn’t clear how long you’ll be able to continue to use it, the Windows 10 build 10240 ISO can be installed and used without a product key. Presumably, at some point in the future you’ll be able to feed it a new key (from, say, MSDN), or buy one and use it retroactively.
Fiction: You can get a free upgrade to Windows 10 Pro from Win7 Home Basic/Premium, Win8.1 (“Home” or “Core”), or Win8.1 with Bing
A common misconception is that you can upgrade, for free, from Windows 7 Home Basic or Home Premium, Windows 8.1 (commonly called “Home” or “Core”), or Windows 8.1 with Bing, to Windows 10 Pro. Nope, sorry — all of those will upgrade to Windows 10 Home. To get to Windows 10 Pro, you would then have to pay for an upgrade, from Win10 Home to Pro.
Fact: No product key is required to upgrade a “genuine” copy of Win7 SP1 or Win8.1 Update
According to Microsoft, if you upgrade a “genuine” copy of Windows 7 SP1 or Windows 8.1 Update, come July 29 or later, Windows 10 won’t require a product key. Instead, keep Home and Pro versions separate — upgrade Home to Home, Pro to Pro. If you upgrade and perform a Reset (Start, Settings, Update & Security, Recovery, Reset this PC) you get a clean install of Windows 10 — again, per Microsoft. It’ll take a few months to be absolutely certain that a Reset performs an absolutely clean install, but at this point, it certainly looks that way.
Fiction: Windows 10 requires a Microsoft account to install, use, or manage
Another common misconception is that Microsoft requires users have a Microsoft account to install, use, or manage Windows 10. In fact, local accounts will work for any normal Windows 10 activity, although you need to provide a Microsoft account in the obvious places (for example, to get mail), with Cortana, and to sync Edge.
Fact: If your tablet runs Windows RT, you’re screwed
Microsoft has announced it will release a new version of Windows RT, called Windows RT 3, in September. If anybody’s expecting it to look anything like Windows 10, you’re sorely mistaken. If you bought the original Surface or Surface RT, you’re out of luck. Microsoft sold folks an obsolete bucket of bolts that, sad to say, deserves to die. Compare that with the Chromebook, which is still chugging along.
Fiction: Microsoft pulled Windows Media Player from Windows 10
One word here seems to be tripping up folks. What Microsoft has pulled is Windows Media Center, which is a horse of a completely different color. If you’re thinking of upgrading your Windows Media Center machine to Windows 10, you’re better off retiring it and buying something that actually works like a media center. WMP is still there, although I wonder why anybody would use it, with great free alternatives like VLC readily available.
Fiction: Windows 10 is a buggy mess
In my experience, Windows 10 build 10240 (and thus, presumably, the final version) is quite stable and reasonably fast, and it works very well. There are anomalies — taskbar icons disappear, some characters don’t show up, you can’t change the picture for the Lock Screen, lots of settings are undocumented — and entire waves of features aren’t built yet. But for day-to-day operation, Win10 works fine.
Fact: The current crop of “universal” apps is an electronic wasteland
Microsoft has built some outstanding universal apps on the WinRT foundation, including the Office trilogy, Edge, Cortana, and several lesser apps, such as the Mail/Calendar twins, Solitaire, OneNote, and the Store. But other software developers have, by and large, ignored the WinRT/universal shtick. You have to wonder why Microsoft itself wasn’t able to get a universal OneDrive or Skype app going in time for July 29. Even Rovio has given a pass on Angry Birds 2 for the universal platform. Some games are coming (such as Rise of the Tomb Raider), but don’t expect a big crop of apps for the universal side of Windows 10 (and, presumably, Windows 10 Mobile) any time soon.
Fiction: Microsoft wants to control us by forcing us to go to Windows 10
I hear variations on this theme all the time, and it’s tinfoil-hat hooey. Microsoft is shifting to a different way of making money with Windows. Along the way, it’s trying out a lot of moves to reinvigorate the aging cash cow. Total world domination isn’t one of the options. And, no, the company isn’t going to charge you rent for Windows 10, though it took seven months to say so, in writing.
Fiction: Windows 7 and Windows 8 machines will upgrade directly to Windows 10
Win7 and Win8 machines won’t quite upgrade directly to Win10. You need Windows 7 Service Pack 1, or Windows 8.1 Update 1, in order to perform the upgrade. If you don’t have Windows 7 SP1, Microsoft has official instructions that’ll get you there from Windows 7. If you’re still using Windows 8, follow these official instructions to get to Windows 8.1 Update. Technically, there’s a middle step on your way to Win10.
Fact: We have no idea what will happen when Microsoft releases a really bad patch for Windows 10
If there’s an Achilles’ heel in the grand Windows 10 scheme, it’s forced updates for Windows 10 Home users and Pro users not attached to update servers. As long as Microsoft rolls out good-enough-quality patches — as it’s done for the past three months — there’s little to fear. But if a real stinker ever gets pushed out, heaven only knows how, and how well, Microsoft will handle it.
Fact: You’d have to be stone-cold crazy to install Windows 10 on a production machine on July 29
There isn’t one, single killer app that you desperately need on July 29. Those in the know have mountains of questions, some of which won’t be answered until we see how Win10 really works and what Microsoft does to support it. If you want to play with Windows 10 on a test machine, knock yourself out. I will, too. But only a certified masochist would entrust a working PC to Windows 10, until it’s been pushed and shoved and taken round several blocks, multiple times.
You have until July 29, 2016, to take advantage of the free upgrade. There’s no rush. Microsoft won’t run out of bits.
The products we reviewed show good signs that encryption has finally come of age.
best tools email encryption 1
Recipients of encrypted email once had to share the same system as the sender. Today, products have a “zero knowledge encryption” feature, which means you can send an encrypted message to someone who isn’t on your chosen encryption service. Today’s products make sending and receiving messages easier, with advances like an Outlook or browser plug-in that gives you nearly one-button encryption. And the products we reviewed have features like setting expiration dates, being able to revoke unread messages or prevent them from being forwarded. (Read the full review.)
AppRiver CipherPost Pro
Basically, you layer CipherPost Pro on top of your existing email infrastructure via a plug-in. It has mobile apps for iOS, Android, Windows phones and BlackBerry 10s that offer the ability to send and receive encrypted messages, but not attachments. To correspond with people outside your email domain, send a message with a Web link, which recipients click on and register with the system. The heart of the product is a special “Delivery Slip” sidebar that appears on the page as you are composing your message. This is where controls are located to enable message-tracking options, and to add an extra security layer. These are all nice features. If you have to send large attachments, then CipherPost should be on your short list.
DataMotion has a very mature offering that makes use of a gateway to process mail. Getting it set up will require a couple of hours, and most of that is in understanding the many mail processing rules. Users need to append a [SECURE] tag in the subject line to trigger the encryption process. You can also set up rules that will encrypt messages containing sensitive information. DataMotion doesn’t have any limits on the size of the user’s inbox. However, it does place a limit of up to 500MB worth of messages that can be sent in a user’s Track Sent Folder. Features include the ability to see exactly when your recipient opened the message and the attachment.
Voltage was recently purchased by HP and rebranded. The technology is an email gateway, software that sits on either a Linux or Windows server or in the cloud and inserts the encryption process between mail client and server. There are numerous add-on modules that come as part of this ecosystem. You administer the gateway via a Web browser, and there are dozens of options to set, similar to the DataMotion product. Voltage has a zero download client, as it calls its software that can be used to exchange messages with someone not on their system. While parts of Voltage are showing their age, the overall experience is quite capable, and the add-ons for mobile and Outlook/Office are quite nifty.
Hushmail for Business
Hushmail is the easiest of the products we tested to set up and use. There is no software to install on the client side; all mail is accessed via two ways: First, via a secure webmail client that connects to the Hush servers. This is the only way you can send encrypted email to someone who isn’t part of the Hush network. The second method is for users fond of their existing email clients and who are communicating with other Hush users. In this situation there is literally nothing for them to do: they make use of their existing client to send an encrypted message. Between the client and the Hush server, mail is encrypted using either SSL or TLS. Once it arrives on the server, it is then encrypted via PGP. Hush has a 20MB limit on attachment size, and this could be a deal breaker for some businesses.
Proton is one of the newer encrypted email services that have come along post-Snowden, with an emphasis on keeping your emails private. It makes a point of this by being based in Switzerland. However, the company is still building its product out and as a result it has a very simple Web UI for its client and admin tool. Proton uses double password protection. The first is used to authenticate the user. After that, encrypted data is sent to the user. The second password is a decryption key used to decrypt data on your device. Proton never sees that latter key so they do not have access to the decrypted data. On top of all this encryption, they also employ SSL connections so your data is encrypted across the Internet to and from their servers. There is no option for on-premises servers. While Proton is not really suitable for an enterprise deployment, it shows what the latest encryption products can deliver.
Of the products tested, Tutanota is the least reliable and least feature-laden. Tutanota uses a variety of clients to set up encrypted mail connections across your existing email infrastructure. There are no changes to your servers and you can continue using Outlook for sending unencrypted communications. We had some trouble with the installation, mainly because the software version has German instructions and installs the German version of .Net Framework. Once installed, though, the menus and commands are in English. Tutanota is based in Germany, which could be important for customers concerned about American email privacy. One of the distinguishing features is that its zero knowledge encryption process hides the message subject. Most of its competitors still send this information in the clear.
Virtru has a nice balance of plug-ins and mobile apps that support its easy-to-use encryption operations across a variety of email circumstances. If you have installed the necessary plug-in, when you want to send something, there is a small toggle switch on the top of the compose screen. Turning that on will bring up a “send secure” button to encrypt your message. There are tool tips that appear as you hover over the various options with your mouse, a nice touch. These include the ability to add an unencrypted introductory message that will introduce your recipient to the context of the message that you are sending, and why you want to encrypt the remainder of the message. You can also set when your message will expire or disable any forwarding for additional security.
Virtru also supports zero knowledge encryption, although it adds a separate activation step when a new user receives the first encrypted message.
Designed for developing economies, the Endless computer (which runs Linux) aims to deliver affordable and useful computing
Rural Mexico, the backstreets of Guatemala City, the outskirts of Mumbai; these aren’t places you find a lot of computers for one simple reason; most computers are far too expensive. What you do find are lots of TVs so why not build a cheap, flexible computer without a display? And ship it without a keyboard and mouse because those are items that can usually be sourced locally at low cost.
What would computers do for people in these places? They would deliver information, education, and opportunity. Record keeping for farmers, reading lessons for children, tools for creating and communicating … the potential for computers to improve the lot of millions of people is just waiting on the right gear and I think the right gear is what a new company, Endless, is about to launch.
The result of three years of development, the company’s eponymous machine is a slightly eccentric design which, I’m told, was very successfully tested in its target markets. The device uses an Intel® Celeron® N2807 1.7 GHz Dual-Core processor (burst speed 2.1 GHz) with 2 GB of RAM. It has an RJ-45 Gigabit Ethernet port, two USB 2.0 ports (front, lower rear), a USB 3.0 port (upper rear), stereo line out, and HDMI and VGA outputs.
There are two Endless models: The $169 version with 32 GB eMMC (embedded MultiMedia storage) and SD Storage, and the $229 version with a 500GB hard drive. They are both powered by 12V input (the included adapter handles 100V to 240V at 50Hz or 60Hz) and the versions draw 24W and 30W respectively. The 500GB hard drive version (the version I tested) also includes an integrated speaker, 802.11 b/g/n WiFi, and Bluetooth 4.0.
What sets the Endless apart from other low cost machines is Endless OS, a highly customized version of Ubuntu Linux with Gnome (and lots of other interesting technology such as Xapian and OStree) that not only handles TVs as output devices (it scales and formats video output for readability), but also includes a huge library of applications and educational content. This is important because in emerging markets the Endless system will be useful and well-featured even if you don’t have any kind of networking services available.
While it’s based on open source projects, the Endless OS is not completely open source because it contains proprietary commercial code. The company’s open source philosophy is:
We embrace the principles of free and open-source software and acknowledge a great debt to it in creating Endless OS. Whenever we can, we work upstream and contribute back to open source. Although not everything we create can be open source, we release most components of our system under free software licenses. Many members of our core team have a long history with open source projects, and continue to be an active part of those communities. / You might notice that we maintain forks of many upstream packages. In most cases, this is because we submit our patches upstream and backport them to the stable versions that we ship.
Endless OS has been localized for a remarkable number of languages and installation is polished and simple. It was in the installation process I found the only issue I could identify in the whole system: I used a Vizio VP50 50-inch 720P HD Plasma TV via HDMI and when the setup asked me if I could see the menu bars at the top and bottom of the screen I clicked on “no” and the system adjusted the overscan. The result was that I could see a little of the menu bars but I had to go into the TV setup to fix the display. It’s a minor problem but Endless OS could do with a more comprehensive overscan adjustment system.
endless os appstore pt
In operation, the system is smooth, fast, stable, and easy to understand and navigate. The applications (which include both productivity software as well as games) and content on the 500GB version I tested are extensive and the system includes a huge amount of Wikipedia and the Khan Academy (if an Internet connection is available, the system will automatically download software and content updates). You choose what content and software you want from what is essentially a built-in app store.
Endless also makes information available for developers and while the operating system is only available on Endless’ own hardware all open source modifications are available on GitHub (the company notes that it may make the disk images available in the future which will likely spawn a wave of similar hardware products).
My only concern with the Endless system are that it doesn’t have a reset button or startup so if you forget your password there’s no obvious way to wipe and start again (I tried the usual way of entering Linux recovery mode – holding down shift at boot – but that didn’t work). A similar concern applies for a way to easily wipe the system, for example, if you were going to give your Endless computer to someone else.
So, who’s the Endless computer aimed at? Endless plans to sell their machines initially into markets such as Mexico and Guatemala where it should be a good fit for schools and colleges as well as the emerging middle class. What I think is really powerful about the Endless concept is the operating system and its focus on being useful even when there’s no Internet connectivity. If we can add to that mesh networking and good old sneaker net for updates and enhancements the potential for business and education in developing economies to get a computing boost is huge.
You can’t buy an Endless computer just yet (it’s due to ship in the near future) but you can register to be notified when it will be available.
The Endless computer gets a Gearhead rating of 5 out of 5.
Can a business-grade cloud storage service that doesn’t come from Google, Microsoft or Apple make it big in the enterprise? Here’s why Dropbox for Business makes a strong case.
Apple iCloud. Google Drive. Microsoft OneDrive. Box. Dropbox. Hightail (formerly YouSendIt). Online storage services have been a mainstream option for consumers for some time now. But as the business world wrestles with adopting cloud-based collaboration services, can a so-called independent company offer a competitive product to the business-centric offerings by Google
(Apps/Drive), Apple (iCloud for Work) and Microsoft (Office 365)?
To answer this question, we take a closer look at Dropbox, arguably one of the most popular online storage services today, with more than 400 million registered users as of July 2015. Though it went through some security missteps in its early days, Dropbox successfully leveraged its popularity and success with consumers to develop a credible business-grade service – Dropbox for Business – that was launched in April 2013.
Despite being priced at $15 per user per month – compared to $10 per month for Dropbox Pro – Dropbox says the service now has 100,000 customers around the globe. (Unfortunately for power users looking to make the switch to Dropbox for Business, the plan starts at a minimum of five users. This means that small companies with fewer than five users will have to pay the equivalent of $150 per user, or $750 per year.) So what does the more expensive Dropbox for Business offer over the nonbusiness version of the product?
dropbox for business – webinterface
Administrators will see an additional “Admin Console” option added their minimalistic Dropbox Web interface. Note also the additional Dropbox for “CIO.com.”
What you get is more than what you see
To be clear, Dropbox for Business builds off the basic Dropbox offering, which includes strong encryption, support for two-step authentication and the trademark simplicity of Dropbox. In addition, both “personal” Dropbox and Dropbox for Business accounts are supported by the official software clients – albeit separately; both can also be accessed from the Dropbox home page.
How the Dropbox app looks like on Android after signing in to Dropbox for Business.
This is where the similarity ends. Unlike Dropbox Pro, Dropbox for Business comes with a long list of capabilities that include unlimited storage (available upon request; users are initially allocated 1GB each), centralized billing, phone support and an Admin Console for administrators. The Admin Console is used to access a range of other capabilities and controls endemic only to Dropbox for Business:
Depending on industry vertical, some businesses may be more concerned about the possibility of data leakage due to “over-sharing” or accidental leaks. On that front, Dropbox for Business offers various ways that organizations can tighten the lid with such controls as the ability to limit the sharing of links to external parties, or the joining of shared folders outside of your organization.
In addition, administrators can also mandate that only one Dropbox account can be linked to each computer – though users would still be able to access their private Dropbox accounts from the Web. Ultimately, while the controls won’t stop a determined insider from leaking confidential data to competitors, they should go a long way towards preventing any unintended sharing of files.
Finally, organizations will be interested in such Dropbox for Business features as its comprehensive audit log, creation of groups, unlimited file recovery and integration with third party services, each of which are outlined below.
You can also specify a date range to download the entire Activity feed as a CSV file.
Dropbox for Business maintains a comprehensive feed of various activities under the “Activity” tab, ranging from the sharing and un-sharing of a folder, and the creating and sharing of links. Similarly, activities including those related to passwords, groups, membership, logins, admin actions, apps and devices are also logged.
Audit logs brings increased visibility and control over sharing and access of company data, and could be inordinately useful to trace data leaks, as well as to narrow down misconfigured devices. By being able to track permissions and apps that are linked to the Dropbox for Business account, administrators could also potentially find successful phishing attacks, and even identify data that’s been compromised.
It’s important to note that individual file edits, deletions and additions are not currently shown in the Activity feed reports, though a running history of edits, deletions and additions of all files can be viewed from the main Dropbox Events page.
Creating a group
Larger organizations will appreciate the Group feature in Dropbox for Business, and how it allows them to create departmental or project-level groups for easier collaboration. This feature makes it possible to share new information directly with an entire group instead of having to add each person individually – and likely missing some team members. Moreover, any new members that are added to a group will be automatically granted access to all shared folders to which the group has previously been invited.
You can also manage the permission of a Group as a single entity when it comes to granting editing or view-only access, while the ability to create Groups can be restricted by the Dropbox administrator, or be left open to everyone. When individual and group permission settings differ, Dropbox will always grant the permissions that grant users with the highest level of file or folder access.
The many versions saved of this feature as it was being written. In this case, you can see that cloudHQ is used to cloud sync from a different online storage service to Dropbox.
security tools 1
One of the most powerful capabilities reserved for Dropbox for Business is undoubtedly its automatic storing of all versions of a file, as well as the ability to recover deleted files. In fact, it’s this author’s opinion that Dropbox for Business currently offers the best versioning support among the top cloud services.
Specifically, there is no limit to the number of versions that are saved, and versioning does not contribute your account’s total storage cap – which is unlimited anyway. Similarly, there are no time limits on when deleted data can be recovered.
While this feature certainly shouldn’t supplant a proper offline backup and disaster recovery strategy, storing multiple versions of a single file can be help users, groups and companies quickly recover from editing mistakes, whether the mistake is noticed hours, days or even weeks later.
Third-party enterprise integration
Dropbox for Business also stands out due to the many third-party apps and services that are built on top of the Dropbox for Business API. The API essentially gives developers access to the members, groups and audit log data for a particular Dropbox for Business deployment.
While there are too many for an in-depth evaluation in this space, a few categories stand out:
Data loss prevention (DLP). For organizations that require better tools to manage sensitive data stored on Dropbox for Business, services like CloudLock and Elastica promises enterprise-class DLP with auditing and compliance functionality.
Identity management. Larger organizations or those using Active Directory can rely on cloud services such as Microsoft Azure AD or third-party offerings such as Centrify and Meldium to keep their Dropbox for Business managed and authenticated in a seamless fashion.
eDiscovery. Integration with industry leading tools (Nuix, Splunk) makes it possible for administrators to respond to litigation, arbitration and regulatory investigations involving files stored on Dropbox for Business. The comprehensive Activity feed data is automatically collected and visualized to help businesses better understand activities related to sharing, devices and security.
Of course, there are also the many third-party apps and services that work perfectly fine with the Dropbox platform without relying on the Dropbox for Business API. For organizations that are already on Dropbox for Business, this translates into usability and flexibility that is not matched by other cloud storage services.
If you’re planning to buy a new smartphone this year, but haven’t bought one yet it might be better to wait a bit longer: Apple, Samsung Electronics and OnePlus are all expected to launch new models in the next couple of months.
Here are some of the models you should see during the second half of the year:
MORE: 10 mobile startups to watch
While most of the products on this list (and their specs) are just rumors, Chinese smartphone maker OnePlus has been busy detailing its 2 model, which will be launched on July 27.
So far, OnePlus has revealed the phone will have a fingerprint sensor and be powered by Qualcomm’s Snapdragon 810. The company is using an upgraded version of the processor, v2.1, that isn’t susceptible to the overheating issues that the first version reportedly suffered from, it said.
OnePlus has also said the 2 will be the first high-end smartphone with a USB-C port, which is meant to be an all-in-one solution for power, video, and data delivery using a single cable with a reversible connector. There are already laptops that use the technology.
Some things OnePlus is still keeping some things under wraps, including what the 2 will look like and cost.
Just like OnePlus, Dutch company Fairphone has started to build some hype for its second product. The goal is to build a smartphone that won’t easily break and can be easily repaired.
Hardware specs include a Qualcomm Snapdragon 801 processor and a 5-inch, Full HD screen. The camera has an 8-megapixel resolution and there is 32GB of storage that can be expanded using a microSD card. The LTE smartphone also has 2GB of RAM and two SIM slots. The operating system will be Android 5.1.
The Fairphone 2 will be available for pre-order before the end of August, and then ship during the following couple of months.
Samsung Galaxy Note 5
A new Galaxy Note model arriving during the second half of the year has become a bit of a tradition. A launch at the IFA trade show in the beginning of September looks likely. With the fifth version Samsung needs to step up its game if it wants to compete more successfully with Apple’s iPhone 6 Plus, the upgrade of which before the end of the year is also a forgone conclusion.
Anticipated improvements include a new design that follows in the footsteps of the Galaxy S6. The Note 4 was with its metal frame and plastic back was a step in the right direction. But the metal frame and glass back on the S6 looks classier Another reported upgrade is a screen that’s slightly larger than the Note 4’s 5.7-inch display, with a 2K or 4K resolution.
LG G4 Pro
Launching a high-end smartphone during the second half of the year would be a departure for LG. That strategy has worked well for Samsung with the Galaxy Note family, so LG might want to emulate that to boost sales instead of just relying on dropping the price tag of the G4.
The G4 Pro is rumored to have some really impressive specs, including a 5.8-inch, 1440 by 2560 pixel screen, a 27-megapixel main camera, 4GB of RAM and Qualcomm’s Snapdragon 820 processor.
Most of the parts to build a phone with those specs are shouldn’t cause LG much of a problem. The big question mark is whether the Snapdragon 820 will be ready for use in a smartphone before the end of the year. LG was the first to announce smartphones powered by the Snapdragon 808 and the 810, so the company is a likely candidate to be among the first to get its hands on the new model.
Apple iPhone 6s and 6s Plus
The iPhone 6 and 6 Plus with its bigger screens have been unmitigated successes. The challenge for the company this year will be to come up with upgrades to continue to build on that success.
Cameras are one aspect the company is expected to focus on with the iPhone 6s and 6s Plus. Upgrading the current 1.2-megapixel front camera makes a lot of sense since competing products launched this year have at least 5-megapixel cameras. To what extent an upgrade of the main camera to a reported 12-megapixel resolution will result in better image quality remains to be seen. The new models are anticipated to have a faster processor, more RAM and a speedier LTE connection.
With this announcement, it looks like Microsoft plans to release Windows 10, dev tools, and .NET framework all within two weeks.
Microsoft has announced that Visual Studio 2015 will be released for download on July 20, along with the Team Foundation Server 2015 and .NET Framework 4.6. The company will also host a Q&A session online on the day of the release with the engineering team, as well as 60 deep-dive sessions to help users understand the new features of the platform.
S. Somasegar, corporate vice president of the Developer Division at Microsoft, made the announcement on his blog.
Visual Studio has become the de facto standard for Windows development, but with this release, Microsoft is going way beyond Windows. It will support cross-platform mobile development targeting iOS, Android, and Windows, as well as game development by targeting game platforms like Unity, Unreal, Cocos and more.
For its traditional use, Visual Studio 2015 adds proactive diagnostics tooling and the new Roslyn language services for C# and VB. Together, Visual Studio 2015, Team Foundation Server 2015, and Visual Studio Online help teams embrace DevOps with Agile backlog management, Azure cloud tooling, hosted continuous integration, and Application Insights across all the components of an application.
In March, the company announced two subscription flavors: Professional and Enterprise. The standalone, non-subscription version of Visual Studio Professional is available for $499, while the Pro version with an MSDN subscription is $799. The Enterprise edition with MSDN is $1,199. Microsoft will also offer a free Community edition of Visual Studio for open source projects, academic projects and education, and for small teams.
It has been a few years since we last looked at single sign-on products, the field has gotten more crowded and more capable.
Since we last looked at single sign-on products in 2012, the field has gotten more crowded and more capable. For this round of evaluations, we looked at seven SSO services: Centrify’s Identity Service, Microsoft’s Azure AD Premium, Okta’s Identity and Mobility Management, OneLogin, Ping Identity’s Ping One, Secure Auth’s IdP, and SmartSignin. Our Clear Choice test winner is Centrify, which slightly outperformed Okta and OneLogin. (Read the full review.)
Centrify Identity Service
Centrify has put together a solid single sign-on tool that also has some terrific mobile device management features. If you are in the market for both kinds of products, this should be on your short list. The admin user interface is well thought-out. Set up was quickly accomplished. Multi-factor authentication settings are located in the policy tab for users and in the apps tab for individual apps. The MFA choices are numerous, including email, SMS texts and phone calls, and security questions. Centrify comes with dozens of canned reports, plus the ability to create your own using custom SQL queries.
Microsoft Azure Active Directory Access Control
Earlier this year Microsoft added Azure Active Directory to its collection of cloud-based offerings. It is difficult to setup because you tend to get lost in the hall of mirrors that is the Azure setup process. It is still very much a work in progress and mainly a developer’s toolkit rather than a polished service. But clearly Microsoft has big plans for Azure AD, as its new Windows App Store is going to rely on it for authentication. If you already are using Azure, then it makes sense to take a closer look at Azure AD. If you are looking for a general purpose SSO portal, then you should probably look elsewhere.
Okta Identity and Mobility Management
Okta tied for first place in our 2012 review and it remains a very capable product. Okta’s user interface is very simple to navigate. Okta has beefed up its multi-factor authentication functionality. It now offers a mobile app, Okta Verify, as a one-time password generator. It also supports other MFA methods. Okta has its own mobile app that can provide a secure browsing session and allow you to sign in to your apps from your phone. It contains some MDM functionality, although it is not a full MDM tool. Reports have been strengthened as well, but reports only show the last 30 days.
OneLogin was the other co-winner of our 2012 review and while it is still strong, its user interface has become a bit unwieldy. OneLogin has numerous SAML toolkits in a variety of languages to make it easier to integrate your apps into its SSO routines. It also has specific configuration screens to set up a VPN login and take you to specific apps. OneLogin’s AD Connector requires all of the various components of Net Framework v3.5 to be installed. Once that was done, it was a simple process to install their agent and synchronize our AD with their service. OneLogin has 11 canned reports and you can easily create additional custom ones.
Ping Identity PingOne
Ping began as on-premises solution with PingFederate, but now offers cloud-based PingOne, web access tool PingAccess and OTP soft token generator PingID. Multi-factor authentication support is somewhat limited in PingOne. You can use PingID or SafeNet’s OTP tokens. If you want more factors, you have to purchase the on-premises Ping Federate. Reports are not this product’s strong suit. The dashboard gives you an attractive summary, but there isn’t much else. Ping would be a stronger product if consolidated their various features and focused on the cloud as a primary delivery vehicle. If that isn’t important to you, or if you have complex federation needs, then you should give them more consideration and look at PingFederate.
Of the products we tested, SecureAuth has the most flexibility and the worst user interface, a combination that can be vexing at times. SecureAuth is the only product tested that has to run on a Windows Server. The interface is supposed to get a refresh later this year, but the current version makes it easy to get lost in a series of cascading menus. The real strength of SecureAuth always has been its post-authentication workflow activities. SecureAuth’s MFA support is strong, featuring a wide selection of factors and tokens to choose from. This is a testimonial to its flexibility.
SmartSignin has been acquired by PerfectCloud and integrated into their other cloud-based security offerings. They now support seven identity providers (Amazon, Netsuite and AD) with more on the horizon and more than 7,000 app integrations. The identity providers make use of SAML or other federated means, and come with extensive installation instructions. This is a little more complex than some of its competitors. When it comes to MFA support, SmartSignin is the weakest of the products we reviewed. They are working on other MFA methods, including SMS and voice, but didn’t have them when we tested. Also, MFA is just for protecting your entire user account, there is no mechanism for protecting individual apps.
Tabbed Windows. A customizable login screen. Tens of thousands of votes have poured in for these features and more, but time’s running out for these features to make it into Windows 10’s launch version.
Windows 10 is nearly baked
Although Microsoft won’t release the “final” version of Windows 10 for almost two months, we’re nearing the end. Microsoft has said it’s moved most of its development to polishing Windows 10, squashing bugs and tweaking the way it looks and feels.
Throughout the process, however, Microsoft has encouraged users and testers within its Insider program to solicit ideas and feedback on Windows 10. The Windows UserVoice forums are stuffed with hundreds of feature requests, some with tens of thousands of votes.
Not all will make it to the RTM version of Windows 10 due July 29. But there’s still hope. Microsoft will continue the Insider program even after Windows 10 ships, and will continue to add updates and new features through Windows 10’s lifespan.
Windows 10 looks very different than when it was first announced, and what users want has evolved, too. So what are the features users still yearn for most? We’ll show you. But boy, the first one looks doubtful.
Iranians want access to the Windows Store
Right now, Microsoft has blocked Iran from accessing the Windows Store, due to a long-standing trade embargo against the country by the United States government.
What Microsoft apparently hasn’t realized, however, is that the embargo was partially lifted in 2013. Iranian General License D allows some hardware, software and services to be sold to customers in Iran. Google led the way by opening its Google Play Store (but only free apps) to Iranian consumers that year.
The top request by Windows 10 users, with over 55,000 votes, is for Microsoft to lift its own embargo and provide access to the Windows Store for Iranian customers. “Why are u so selfish, we have right like other people in the world, we do nothing wrong. We’re just trapped in a wrong place. Open the store please, we need to,” Souroush Askari wrote.
It’s notable that Microsoft has already made concessions to Middle Eastern users. In October, the addition of a Persian-language calendar was one of the top feature requests for Windows 10. It has since been added.
Aero Glass forever!
In October, fans of the Windows Vista “Aero Glass” scheme had managed to drum up only 1,800 votes or so. Today, the Aero Glass movement is marching boldly forward, 49,500 votes and counting at press time.
“Microsoft is forgetting that over 250 million (75 million of them on Steam alone) are using Gaming PCs capable of driving more GPU and RAM hungry OS shells like Aero Glass,” the original submitter states. “Please allow us to have the choice to use the Aero Glass you so kindly provided in Windows 8 Developer preview and took from us in RTM.”
Well, there are solutions. Glass8.eu has released Aero Glass skins for most public builds of Windows 10. Microsoft hasn’t forgotten its very vocal Aero Glass fan base, either: Windows 10 Build 10074 adds the “frosted glass” look that Aero Glass uses in some of the builds.
Add Persian (Farsi) language support to Cortana
One phrase would make over 37,500 commenters happy: “سلام, من هستم Cortana,” or “Hi, I’m Cortana” in Farsi. Like the thousands of users who pushed Microsoft to add support for Persian-language calendars, so have Microsoft’s users begged for Microsoft’s digital assistant to speak the language spoken by about 110 million people.
While a Persian-language calendar might not be that difficult to implement, we’d have to imagine that inputting the proper phonemes into Cortana, training them, and then pushing them out to users would be a far greater challenge. It’s possible that Cortana might eventually speak Persian, but most likely well after the RTM release.
Tabbed windows in Windows Explorer/File Explorer
The ability to add multiple tabs to a Web browser is a staple of Internet Explorer and the like—so why isn’t it part of Windows’ File Explorer, as well? It’s a reasonable statement, and more than 29,200 people agree with it.
“Every other OS has this feature and Windows is severely lagging behind,” according to the submission.
Note that this feature is already available for Windows 8, via plugins like Ejie Technology’s Clover2. And just this week, Microsoft’s Matthias Baer said that Microsoft is building a feature called “Quick Access” into Windows 10. It’s not the tabbed windows that users want, but it does the next best thing: It places a user-configurable list of files and folders in a reserved area of the window that users can pin and unpin.
Customize the Windows 10 login screen
Over 27,000 people have requested that users be able to put their own wallpaper image on the lock screen, just as Windows 7 used to do.
Personally, I see no need for this. I’m sort of a nature photography junkie, and Microsoft Bing scratches my itch daily with gorgeous outdoor shots. Even better, Microsoft has recently begun adding them to the Windows 10 lock screen. So while I certainly understand why users would want to be greeted by an image of their beloved Dachshund or Mr. Fluffles the cat, I can’t help but hope that Microsoft continues its trend of reminding us what’s outside our office windows.
Mondo Messaging — including calls
In January, Microsoft wowed us all with a unified, universal Messages app that seemed to include everything: Skype messages, SMS, possibly Facebook messages, and more. It was emblematic of the unified vision that Microsoft had for Windows 10, roaming across devices as its services roamed across platforms. Unfortunately, it’s reportedly now in limbo.
Undaunted, about 27,000 people hope that Windows 10 will include a revamped app that will “‘send/receive calls, texts, Facebook Messages, play/save voicemails on desktop within one messaging conversation.” It doesn’t seem likely that you’d be able to place calls from a desktop PC (Skype excepted) but you might from a connected phone. It’s all fantasy for the moment, though, apparently.
Fix the annoying thumbnail cache deletion bug!
Yes, yes, a thousand times yes.
Almost every time you open a folder with a huge number of images in it—my own “Downloads” folder is such an example—Windows 8 insists on reindexing virtually all of it. It takes time and can be a huge annoyance. And nearly 23,000 people agree.
The bug is still present in Windows 10. But phew! It’s officially under review. “The product development team has added new diagnostic code to detect and debug as they continue to look at the issue,” Microsoft writes. Thank goodness Microsoft is in bug-squashing mode.
Include LaTeX editor in Microsoft Office
Even though Microsoft’s UserVoice section covers Windows 10, suggestions for related apps sometimes sneak in. About 18,000 people want support for a modern LaTeX editor in Microsoft Office.
“In 2009, LaTeX was used to typeset 96.9% of publications in mathematics, 89.1% of publications in statistics, 79% of publications in physics, and its use is widespread in computer sciences, engineering, geosciences, astronomy, ecology, chemistry, biology, medicine, psycology, and political and social sciences,” the submission claims. It’s used for all sorts of textbooks as well.
LaTeX is public software, although its license includes an odd provision: Modified files must be clearly marked as such to distinguish themselves from the original. That might possibly break Microsoft’s file format. (The original license prevented any modified file from using the filename of the original file.)
Windows Update: a one-stop shop for drivers?
Why should users have to download software to update their mice? And their scanner? And their graphics card? And…the list goes on. About 17,000 users want Windows to be their Wal-mart of drivers, supplying everything they could ever hope to need. And you know, we’d agree with them.
Merge the Settings, Control Panel
Forcing users to find information in one location may be constricting for some, and comforting for others. About 17,600 people fall into the latter camp, arguing the PC Settings menu makes the Control Panel redundant, or vice versa.
And it does, really, especially because the Control Panel can sometimes add more granular options that Settings doesn’t supply. Still, both Settings and the Control Panel seem to be pretty entrenched inside the Windows operating system. We’ll see how it all plays out.
So what features would you like to see added to (or subtracted from) Windows 10? Tell us in the comments.
Exam 70-331 Core Solutions of Microsoft SharePoint Server 2013
Published: 01 February 2013
Languages: English, Chinese (Simplified), French, German, Japanese, Portuguese (Brazil)
Audiences: IT professionals
Technology: Microsoft SharePoint Server 2013
Credit towards certification: MCP, MCSE
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area in the exam. The higher the percentage, the more questions you are likely to see on that content area in the exam.
Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.
Design a SharePoint topology (20–25%)
Design information architecture
Design an inter-site navigational taxonomy; design site columns and content types; design keywords, synonyms, best bets and managed properties; plan information management policies; plan managed site structures; plan term sets
Design a logical architecture
Plan application pools; plan web applications; plan for software boundaries; plan content databases; plan host-header site collections; plan zones and alternate access mapping
Design a physical architecture
Design a storage architecture; configure basic request management; define individual server requirements; define service topologies; plan server load balancing; plan a network infrastructure
Plan a SharePoint Online (Microsoft Office 365) deployment
Evaluate service offerings; plan service applications; plan site collections; plan customisations and solutions; plan security for SharePoint Online; plan networking services for SharePoint Online
Architecture design for SharePoint 2013 IT pros
SharePoint online planning guide for Office 365 enterprise and midsize
Plan security (20–25%)
Plan and configure authentication
Plan and configure Windows authentication; plan and configure identity federation; configure claims providers; configure site-to-site (S2S) intra-server and OAuth authentication; plan and configure anonymous authentication; configure connections to Access Control Service
Plan and configure authorisation
Plan and configure SharePoint users and groups; plan and configure People Picker; plan and configure sharing; plan and configure permission inheritance; plan and configure anonymous access; plan web application policies
Plan and configure platform security
Plan and configure security isolation; plan and configure services lockdown; plan and configure general firewall security; plan and configure antivirus settings; plan and configure certificate management
Plan and configure farm-level security
Plan rights management; plan and configure delegated farm administration; plan and configure delegated service application administration; plan and configure managed accounts; plan and configure blocked file types; plan and configure web part security
SharePoint security: The fundamentals of securing SharePoint deployments
Security planning for SharePoint 2013 farms
Plan authentication in SharePoint 2013
Install and configure SharePoint farms (20–25%)
Identify and configure installation prerequisites; implement scripted deployment; implement patch slipstreaming; plan and install language packs; plan and configure service connection points; plan installation tracking and auditing
Plan and configure farm-wide settings
Configure incoming and outgoing email; plan and configure proxy groups; configure SharePoint Designer settings; plan and configure a corporate catalogue; configure Office Web Apps integration; configure Microsoft Azure workflow server integration
Create and configure enterprise search
Plan and configure a search topology; plan and configure content sources; plan and configure crawl schedules; plan and configure crawl rules; plan and configure crawl performance; plan and configure security trimming
Create and configure a Managed Metadata Service (MMS) application
Configure proxy settings for managed service applications; configure content type hub settings; configure sharing term sets; plan and configure content type propagation schedules; configure custom properties; configure term store permissions
Create and configure a User Profile Service (UPA) application
Configure a UPA application; set up My Sites and My Site hosts; configure social permissions; plan and configure sync connections; configure profile properties, configure audiences
Plan for SharePoint 2013
Install and configure Microsoft SharePoint 2013
Install and configure SharePoint 2013
Create and configure web applications and site collections (15–20%)
Provision and configure web applications
Create managed paths; configure HTTP throttling; configure List throttling; configure Alternate Access Mappings (AAM); configure an authentication provider; configure SharePoint Designer settings
Create and maintain site collections
Configure Host header site collections; configure self-service site creation; maintain site owners; maintain site quotas; configure site policies; configure a team mailbox
Manage site and site collection security
Manage site access requests; manage App permissions; manage anonymous access; manage permission inheritance; configure permission levels; configure HTML field security
Manage result sources; manage query rules; manage display templates; manage Search Engine Optimisation (SEO) settings; manage result types; manage a search schema
Manage site collection term set access; manage term set navigation; manage topic catalogue pages; configure custom properties; configure search refinement; configure list refinement
Create a web application in SharePoint 2013
Manage site collections in SharePoint 2013
Managed metadata and navigation in SharePoint 2013
Maintain a core SharePoint environment (20–25%)
Monitor a SharePoint environment
Define monitoring requirements; configure performance counter capture; configure page performance monitoring; configure usage and health providers; monitor and forecast storage needs
Tune and optimise a SharePoint environment
Plan and configure SQL optimisation; execute database maintenance rules; plan for capacity software boundaries; estimate storage requirements; plan and configure caching; tune network performance
Troubleshoot a SharePoint environment
Establish baseline performance; perform client-side tracing; perform server-side tracing; analyse usage data; enable a developer dashboard; analyse diagnostic logs
Monitoring and maintaining SharePoint Server 2013
Optimise performance for SharePoint Server 2013
Troubleshooting SharePoint 2013
You create a User Profile Synchronization connection. You need to grant the necessary
permissions to the synchronization account. What should you do?
A. Grant the account Full Control on the ActiveUsers OU.
B. Grant the account Full Control on the AuthenticatedUsers AD security group.
C. Grant the account Read permission on the domain.
D. Grant the account the Replicate Directory Changes permission on the domain.
You need to ensure that content authors can publish the specified files. What should you do?
A. Create multiple authoring site collections. Create a site that contains lists, document libraries,
and a Pages library. Create an asset library in a new site collection, and enable anonymous
access to the library on the publishing web application.
B. Create multiple authoring site collections. Create a site that contains lists, document libraries,
and a Pages library. Create an asset library in the authoring site collection, and enable
anonymous access to the library on the authoring web application.
C. Create one authoring site collection. Create a site that contains multiple lists, document
libraries, and Pages libraries. Create an asset library in a new site collection, and enable
anonymous access to the library on the publishing web application.
D. Create multiple authoring site collections. Create a site that contains multiple lists, document
libraries, and Pages libraries. Create an asset library in a new site collection, and enable
anonymous access to the library on the publishing web application.
You need to ensure that user-selected subscription content automatically appear on users’ My
Sites. Which configuration option should you choose? (To answer, select the appropriate option
in the answer area.)
You need to import employee photos into SharePoint user profiles by using the least amount of
administrative effort. Which three actions should you perform? (Each correct answer presents
part of the solution. Choose three.)
A. Define a mapping for the thumbnailPhoto attribute of the Picture user profile property.
B. Run the Update-SPUserSolution Windows PowerShell cmdlet.
C. Run an incremental synchronization of the User Profile Synchronization service.
D. Run a full synchronization of the User Profile Synchronization service.
E. Run the Update-SPProfilePhotoStore Windows PowerShell cmdlet.
F. Define a mapping for the photo attribute of the Picture user profile property.
You need to install the appropriate versions of Windows Server, Microsoft SQL Server, and
Microsoft .NET Framework in the server environment. Which operating system and applications
should you install? (To answer, drag the appropriate operating systems and applications to the
correct server layers in the answer area. Each operating system or application may be used once,
more than once, or not at all. You may need to drag the split bar between panes or scroll to view
Select and Place:
Exam 70-411 Administering Windows Server 2012
Published: 17 September 2012
Languages: English, Chinese (Simplified), French, German, Japanese, Portuguese (Brazil)
Audiences: IT professionals
Technology: Windows Server 2012 R2
Credit towards certification: MCP, MCSA, MCSE
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area in the exam. The higher the percentage, the more questions you are likely to see on that content area in the exam.
Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.
As of January 2014, this exam includes content covering Windows Server 2012 R2.
Deploy, manage and maintain servers (15–20%)
Deploy and manage server images
Install the Windows Deployment Services (WDS) role; configure and manage boot, install and discover images; update images with patches, hotfixes and drivers; install features for offline images; configure driver groups and packages
Implement patch management
Install and configure the Windows Server Update Services (WSUS) role, configure group policies for updates, configure client-side targeting, configure WSUS synchronisation, configure WSUS groups, manage patch management in mixed environments
Configure Data Collector Sets (DCS), configure alerts, monitor real-time performance, monitor virtual machines (VMs), monitor events, configure event subscriptions, configure network monitoring, schedule performance monitoring
Windows Deployment Services overview
Windows Server Update Services overview
Update management in Windows Server 2012: Revealing cluster-aware updating and the new generation of WSUS
Configure File and Print Services (15–20%)
Configure Distributed File System (DFS)
Install and configure DFS namespaces, configure DFS Replication Targets, configure Replication Scheduling, configure Remote Differential Compression settings, configure staging, configure fault tolerance, clone a DFS database, recover DFS databases, optimise DFS replication
Configure File Server Resource Manager (FSRM)
Install the FSRM role service, configure quotas, configure file screens, configure reports, configure file management tasks
Configure file and disk encryption
Configure BitLocker encryption; configure the Network Unlock feature; configure BitLocker policies; configure the EFS recovery agent; manage EFS and BitLocker certificates, including backup and restore
Configure advanced audit policies
Implement auditing using Group Policy and AuditPol.exe, create expression-based audit policies, create removable device audit policies
DFS namespaces and DFS replication overview
DFS replication improvements in Windows Server 2012
File Server Resource Manager overview
Configure network services and access (15–20%)
Configure DNS zones
Configure primary and secondary zones, configure stub zones, configure conditional forwards, configure zone and conditional forward storage in Active Directory, configure zone delegation, configure zone transfer settings, configure notify settings
Configure DNS records
Create and configure DNS Resource Records (RR), including A, AAAA, PTR, SOA, NS, SRV, CNAME and MX records; configure zone scavenging; configure record options, including Time To Live (TTL) and weight; configure round robin; configure secure dynamic updates
Configure virtual private networks (VPN) and routing
Install and configure the Remote Access role, implement Network Address Translation (NAT), configure VPN settings, configure remote dial-in settings for users, configure routing, configure Web Application proxy in passthrough mode
Implement server requirements, implement client configuration, configure DNS for Direct Access, configure certificates for Direct Access
How the Domain Name System (DNS) works
DNS server operations guide
Configure a Network Policy Server (NPS) infrastructure (10–15%)
Configure Network Policy Server
Configure a RADIUS server, including RADIUS proxy; configure RADIUS clients; configure NPS templates; configure RADIUS accounting; configure certificates
Configure NPS policies
Configure connection request policies, configure network policies for VPN clients (multilink and bandwidth allocation, IP filters, encryption, IP addressing), import and export NPS policies
Configure Network Access Protection (NAP)
Configure System Health Validators (SHVs), configure health policies, configure NAP enforcement using DHCP and VPN, configure isolation and remediation of non-compliant computers using DHCP and VPN, configure NAP client settings
Network Policy and Access Services overview
Network Policy Server operations guide
Policies in NPS
Configure and manage Active Directory (10–15%)
Configure service authentication
Create and configure Service Accounts, create and configure Group Managed Service Accounts, configure Kerberos delegation, manage Service Principal Names (SPNs), configure virtual accounts
Configure domain controllers
Transfer and seize operations master roles, install and configure a read-only domain controller (RODC), configure domain controller cloning
Maintain Active Directory
Back up Active Directory and SYSVOL, manage Active Directory offline, optimise an Active Directory database, clean up metadata, configure Active Directory snapshots, perform object- and container-level recovery, perform Active Directory restore, configure and restore objects by using the Active
Directory Recycle Bin
Configure account policies
Configure domain and local user password policy settings, configure and apply Password Settings Objects (PSOs), delegate password settings management, configure account lockout policy settings, configure Kerberos policy settings
Group managed service accounts overview
Step-by-step: Safely cloning an Active Directory domain controller with Windows Server 2012
Administering Active Directory backup and recovery
Configure and manage Group Policy (15–20%)
Configure Group Policy processing
Configure processing order and precedence, configure blocking of inheritance, configure enforced policies, configure security filtering and Windows Management Instrumentation (WMI) filtering, configure loopback processing, configure and manage slow-link processing and Group Policy caching, configure client-side extension (CSE) behaviour, force Group Policy Update
Configure Group Policy settings
Configure settings, including software installation, folder redirection, scripts, and administrative template settings; import security templates; import custom administrative template file; configure property filters for administrative templates
Manage Group Policy objects (GPOs)
Back up, import, copy and restore GPOs; create and configure Migration Table; reset default GPOs; delegate Group Policy management
Configure Group Policy preferences (GPP)
Configure GPP settings, including printers, network drive mappings, power options, custom registry settings, Control Panel settings, Internet Explorer settings, file and folder deployment and shortcut deployment; configure item-level targeting
Group Policy in Windows Server 2012: Overview
Work with WMI filters
Back up, restore, import and copy Group Policy objects
You work as the network administrator for a Microsoft Windows Server 2008 domain named
Certkingdom.com. Certkingdom.com has a Development division which utilizes two organizational units
(OU) named DevelopUsers and DevelopComputers for user and computer account storage. The
Development division user and computer accounts are configured as members of global security
groups named DevUsers and DevComputers.
During the course of the week you configure two Password Settings objects for Development
division members named CredSettings01 and CredSettings02. You additionally configure a
minimum password length of 10 for CredSettings01 and 9 for CredSettings02. CertKingdom.com
wants you to determine the required password length minimum for Development division users.
What minimum password length should be configured for CredSettings01 applied to DevUsers?
A. You should configure the minimum password length to 9.
B. You should configure the minimum password length to 10.
C. You should configure the minimum password length to 5.
D. You should configure the minimum password length to 4.
You administrate an Active Directory domain named CertKingdom.com. The domain has a Microsoft
Windows Server 2012 R2 server named CertKingdom-SR01 that hosts the File Server Resource
Manager role service.
You are configuring quota threshold and want to receive an email alert when 80% of the quota has
Where would you enable the email alert?
A. You should consider creating a Data Collector Set (DCS).
B. You should use Windows Resource Monitor.
C. You should use the File Server Resource Manager.
D. You should use Disk Quota Tools.
E. You should use Performance Logs and Alerts.
To make use of email alerts, you need to configure the SMTP Server address details in the File
Server Resource Manager options.
You work as a network administrator at CertKingdom.com. CertKingdom.com has an Active Directory
Domain Services (AD DS) domain name CertKingdom.com. All servers in the CertKingdom.com domain
have Microsoft Windows Server 2012 R2 installed.
The computer accounts for all file servers are located in an organizational unit (OU) named
You are required to track user access to shared folders on the file servers.
Which of the following actions should you consider?
A. You should configure auditing of Account Logon events for the DataOU.
B. You should configure auditing of Object Access events for the DataOU.
C. You should configure auditing of Global Object Access Auditing events for the DataOU.
D. You should configure auditing of Directory Service Access events for the DataOU.
E. You should configure auditing of Privilege Use events for the DataOU.
You are the administrator of an Active Directory Domain Services (AD DS) domain named
CertKingdom.com. The domain has a Microsoft Windows Server 2012 R2 server named CertKingdomSR05
that hosts the File and Storage Services server role.
CertKingdom-SR05 hosts a shared folder named userData. You want to receive an email alert when
a multimedia file is saved to the userData folder.
Which tool should you use?
A. You should use File Management Tasks in File Server Resource Manager.
B. You should use File Screen Management in File Server Resource Manager.
C. You should use Quota Management in File Server Resource Manager.
D. You should use File Management Tasks in File Server Resource Manager.
E. You should use Storage Reports in File Server Resource Manager.
You work as a Network Administrator at CertKingdom.com. CertKingdom.com has an Active Directory
Domain Services (AD DS) domain named CertKingdom.com. All servers in the CertKingdom.com domain
have Microsoft Windows Server 2012 R2 installed and all client computers have Windows 8 Pro
BitLocker Drive Encryption (Bitlocker) is enabled on all client computers. CertKingdom.com wants you
to implement BitLocker Network Unlock.
Which of the following servers would you required to implement BitLocker Network Unlock?
A. A Domain Controller.
B. A DHCP server.
C. A DNS Server.
D. A Windows Deployment Server.
E. An Application Server.
F. A Web Server.
G. A File and Print Server.
H. A Windows Server Update Services server.
BitLocker Network Unlock requires a Windows Server 2012 R2 server running the Windows
Deployment Services (WDS) role in the environment.