Microsoft MDOP features and licensing changes


The Microsoft Management Summit has brought more great changes, this time involving MDOP.

The Microsoft Desktop Optimization Pack is a great set of additional tools aimed at making desktop management easier,faster and more dynamic – for more info, see this post:

https://richfrombechtle.wordpress.com/2009/09/05/microsoft-mdop/

MDOP 2011 will see both new products, feature enhancements and a change to the way the product is licensed.

Products:

Microsoft recently announced the “Microsoft Bitlocker Administration & Monitoring” tool aka MBAM (codename Malta), which makes the management of Bitlocker devices much easier across an organization; a big one being self-service recovery of keys…I’m sure many IT dept’s will be happy to lose that job!

This will be included in MDOP 2011 and the beta is available on Microsoft Connect here:

https://connect.microsoft.com/site1115/Downloads

Features:

DaRT – Diagnostics & Recovery Toolkit – is getting a new version with at least one new feature; the ability to do an offline remote boot, rather than needing to visit the physical machine. Again, another great time saver for some IT teams!

If you’re interested in this, the beta nomination form can be found here:

https://connect.microsoft.com/site1200/Survey/NominationSurvey.aspx?SurveyID=12358&ProgramID=6840

Licensing Availability:

Previously the only way to purchase MDOP was as an addition to having Windows 7 with Software Assurance (SA) but now it is also available to companies who have either the Virtual Desktop Access (VDA) licence or Windows InTune.

Thanks to Bridget Botelho for her article over at:

http://searchenterprisedesktop.techtarget.com/news/2240033610/Microsoft-sweetens-MDOP-deal-and-releases-Intune

Microsoft BitLocker & Security


BitLocker is Microsoft’s drive encryption software that first appeared in Vista and now Windows 7, along with Bitlocker to Go for USB devices. Having Hard drive and USB drive encryption built into the desktop OS is a great idea, as it reduces the cost & complexity barriers for companies looking to adopt better security practices.

Recently, a story came out that Bitlocker had been “broken” and that a commercially available tool was now able to bypass the security (I saw this on Ars Technica but I’m sure many other places reported it too). When I saw the headline I thought “Oh sh*t…that’s a fly in the old ointment ain’t it?” (don’t ask me why I was thinking in that style of voice!) but then I read the article and saw this gem in the 1st paragraph:

“It scans a physical memory image file of the target computer and extracts all the encryption keys for a given BitLocker disk.”

So this requires the machine to be “hot” i.e. on…as soon as it’s turned off, the memory is dumped and it’s ok…not exactly crack of the century is it?! :-) Plus most, if not all encryption offerings from TrueCrypt, PGP etc are vulnerable to this…

The vast majority of comments on Ars Technica saw this for the ineffectual non-story that it was:

 

image

image

although there were of course a few people who took this as a chance to point out that Linux was better that Microsoft and all proprietary software evil…but that’s nothing new!

Ars Technica have made an update to the article saying:

“this isn’t exactly a "crack" for BitLocker”

but it doesn’t really show, in my opinion at least, how pointless the story was and doesn’t re-assure that BitLocker is jsut as safe as people thought it was.

Paul Cooke of the Windows Blog team has a great post all about BitLocker and these recent claims here:

http://windowsteamblog.com/blogs/windowssecurity/archive/2009/12/07/windows-bitlocker-claims.aspx