Taking the Windows 10 Plunge

Ready to take the Windows 10 Plunge?

Over the next couple of weeks, you will be able to find a plethora of articles and blog posts on how to upgrade to Windows 10, along with performance reviews. I would like to share with you my Windows 10 upgrade experience.  Which I did this morning, on the system I am currently typing this blog. I also want to talk about my initial experience using the new operating system.

I need to let you know that this is not my first installation of Windows 10. I have had a prerelease version running on a couple of virtual machines for a few months now. The experience I had with the prerelease made me feel comfortable with upgrading my main desktop in my home-office. I want you to know how critical the PC being upgraded is to me. My main PC is one of the most important tools I have for work and for home life. So, the first thing I did was confirm a backup of my important data. Thanks to Carbonite, I was not worried. The next thing I needed to do was get the installation media for the release version of Windows 10. Most of us know about the icon that appeared in our system tray that will allow us to upgrade to Windows 10. To keep servers from going down and bandwidth from being obliterated, Microsoft is allowing upgrades in steps, so your PC may not have been able to upgrade on July 29, while others could. I was not one of the lucky ones to get the go ahead on the 29th. However, I did get a notice about being able to download the installer from this location: Media Creation Tool. This option is for those of us comfortable with installing an operating system.

First, I downloaded the .ISO file and burned it to a DVD (must be a DVD, not a CD). Keep in mind that this is for Windows 10 Home or Pro. There are different versions of Windows 10. Home and Pro are what were released for PC and laptop this week. If your current version of Windows is Enterprise, you can upgrade to Pro now. Otherwise you will need to wait until the Enterprise version has been released. Once you upgrade an older Windows Enterprise version to 10 Pro, I am not sure if you can freely upgrade to Enterprise again when it is released. I upgraded Windows 7 Pro to Windows 10 Pro.

So, what was the process like? I started by shutting down my PC and booting to the Windows 10 DVD. I followed the prompts, got to the option to perform an upgrade, and hit a wall. The installation process told me that I need to reboot my PC and start the installation process while in Windows. My bad, the prerelease versions were fresh installs, so I did not know this about performing an upgrade. I booted back into Windows 7 and launched the upgrade installation. It immediately asked if I wanted to allow updates. Knowing I can change it later, I let the system go ahead with what it wanted. At another point, I was offered the options to install Windows 10 Pro and whether I desired to keep my existing personal data. I checked the boxes for both options. I was warned that multiple reboots would occur and they did. The process started in Windows 7 and rebooted to its own installation procedure (as seen here):


After this process hit 100 percent, the PC rebooted, told me ‘We are settings things up for you’ and then launched Windows 10. The first thing I noticed was that the display was at the lowest resolution and only one of my two monitors was active. I performed a Windows Update just for the sake of it and waited while drivers started being recognized. After five minutes, I rebooted. This time, my second monitor came up and I was able to change to the monitor’s native resolutions. This is what my desktop looked like:


I was/am up and running. Now I needed to test my applications. I tested the following applications which are crucial to me:

  • Office 365 – Word, Excel, Outlook, etc,
  • Lync/Skype for Business
  • Citrix Receiver
  • Citrix GotoAssist
  • Snag-IT
  • World of Warcraft

The only priority application that did not function was the Cisco VPN client. When it failed to launch, I tried to reinstall it and Windows 10 told me ‘not gonna happen’. I was informed that there is no compatibility and the program will not be installed. Edge, the replacement for Internet Explorer, worked pretty well. The only issue I had there was that it will not run or install Java (by design – more about that in another blog). I use Chrome as well and it worked just fine. The last thing I am having trouble with is my fingerprint reader. I have one for my desktop and Windows 10 is not recognizing it (yet).

I have been operating on Windows 10 all day now and I can tell you that it has been a very easy
adjustment coming from a Windows 7 preference and not having touch screens. The start button is really nice. The mix of the old Metro interface along with menu access is a good touch. Cortana is very responsive. Using voice, I asked for file searches, web searches, map searches, and more. Most of the time I was given what I was looking for. One thing I noticed in searches is that I got back a lot of web clutter when looking for something local, but there is a button to select local items and that removed the web clutter.

I will play around with Windows 10 further and probably blog about my experiences in the future. In the meantime, I just want to point out that this has been an easy update and one that I have little hesitation to recommend (it is still new). Just please preform a backup of your data before you try an in-place upgrade. Better safe than sorry. Also, better safe than blaming Craig because he said it worked well for him.

Please feel free to share your own Windows 10 upgrade experience below. You can also reach me directly by email.





Craig R. Kalty (CCIA, CCEE, CCA, MCITP:EA, MCITP:SA, VCP)| Sr. Network Consultant craig.kalty@customsystems.com



©2015 Custom Systems Corporation

Windows Server 2003 Migration: Tasks Part 3 – Build and Test

windows server 2003 R2In Part 2, we created a plan that maps out the migration from Windows Server 2003. Now we are at the point where we need to build what we designed. Notice how in all the blogs concerning decommissioning 2003 that I use the words ‘migrate’ and ‘migration’ and not upgrade? I probably should have discussed this sooner, but there is no upgrade. You cannot upgrade 32-bit Windows 2003 to 64-bit 2008 R2 or 2012 R2. No matter your plan and budget, you will need to perform a fresh install on at least one server to start the process. Also, it would be wisest to go to 2012 R2 for many reasons (particularly not having to repeat this process when 2008 reaches end-of-life). For some migration paths, you may need to install at least one 2008 server to go from 2003 to 2008 and then to 2012.

The best place to start would be a test/development environment. We know from experience that there are many smaller shops out there that do not have the budget to create a development environment. Most of them are going to rely on the expertise of their staff or outside services to get their environment from where it is now directly to an updated infrastructure without performing a lot of tests. For those environments, remember to at least do extensive planning and research beforehand to mitigate issues. For those that can build a development environment, the best way to do it is virtualization (there I go again using that word). Remember that you can make a virtual server host out of various hardware platforms. You can even install a robust hypervisor for free. To give you an example, my laptop has an extra drive that I swap instead of the DVD drive. I then manually boot to the extra hard drive where I have XenServer hosting over a dozen VMs. Is it powerful? Not really, but I can run my demo environment from it. The point is we don’t need to break the budget to make a development environment. We may not even need to touch any of the budget. If you did budget for a new virtual environment or to extend an existing one, here is where you can start utilizing that new investment. P2V (physical to Virtual) machine images of your existing infrastructure servers. From there, you can fire up a new virtual machines (VMs) housing 2012 R2 and/or 2008 R2. Once you have the test environment, take snapshots of all the VMs before making any changes. Now you can begin the process of converting your virtual infrastructure in a development environment. If you run into issues, you can utilize the snapshots to reset the environment and try again. Take detailed notes of all the steps and pay attention to any potential problems. Once you have a clear plan with detailed notes, you are less likely to run into the unexpected when updating your production environment.

So, what exactly are we testing in our development environment? There are basic services that almost every shop is going to be utilizing. Active Directory, DNS, and DHCP are the three most common services we will need to migrate to another server. The good news is that detailed directions from Microsoft and other experts can easily be found on the web. Some organizations are going to have the basics and some are going to have more services in use. For instance, some organizations may utilize Terminal Services. Migrating that to Remote Desktop Services (RDS) will be a project in itself (though a worthwhile one).

Here is an example list of services you may/will need to test:

  • Basic services:
    • Active Directory (AD)
    • Group Policy
    • Domain Naming Systems (DNS)
    • Dynamic Host Configuration Protocol (DHCP)
  • Extended services:
    • Certificate Services and Public Key Infrastructure (PKI)
    • Terminal Services
    • Distributed File Services (DFS)
    • Internet Information Services (IIS)
    • Network Load Balancing (NLB)

Each organization is different, so they may have some or all of the items from the above list. A lot of organizations will have more to add to the list. Aside from these services that come in a Windows server, we will need to test hosted applications. This set of blogs has been pretty much focused on the Active directory side of the migration, but what about applications? If you have Exchange, SQL, or another enterprise application hosted on a 2003 server, you are going to need a separate project just to migrate those applications. This may be the opportunity to move from in-house mail services to a cloud-hosted solution like Office 365. It is possible to focus on upgrading our Active Directory infrastructure first and saving the applications hosted on 2003 servers for a later project. However, research the applications to make sure they will still function in an updated AD infrastructure. If not, that is one of those symmetrical projects you will need to have in your plan.

The next step will be implementation into production. At this point, we are ready. We have performed tests in our development environment, gained experience in the tasks, created detailed instruction sets, and realized modifications needed in our plan.

As always, I welcome your comments or questions. Please feel free to leave them below or email me directly. Also, be sure to bookmark our site for more information from Microsoft. Also, please be sure to register for our live, Microsoft event – Windows Server 2003:  Security Risk and Remediation on February 18.




Sr. Network Consultant




©2015 Custom Systems Corporation

Windows Server 2003 Migration: Tasks Part 1 – Inventory

Know your environment. The very first task you need to do in a Windows Server 2003 migration is to update your inventory on your infrastructure. This does not mean only your Windows server 2003, this means your entire infrastructure. Why? Because you need to know exactly what you have, if there are any pitfalls, and if there are any synergies you can take advantage of. Just because a resource is not a Windows Server 2003, it does not mean it is exempt from the effects of the migration. In fact, you may need to update other resources in order to function with the results of the migration. You need to account for the following:

  • The quantity of Windows Server 2003 you have and their functions. How many are domain controllers? How many are just member servers?
  • The resources that are not Windows Server 2003.
  • Of the documented resources, the quantity of them still in use. You would be surprised how many organizations have orphaned servers and resources still in their environment because no one knew it was safe to remove them.
  • The hardware those resources reside on. Is the hardware still viable for today’s workloads? Is the hardware worth supporting?
  • The software/applications residing on resources. We need to know who owns it, is it still used, the resources required to install and operate the software, and if the software can be migrated.
  • The business units who use the resources. Talk to the people to find out if they actually still need the resources. Find out if they have any projects or plans to upgrade their applications that will facilitate the migration from Windows Server 2003.
  • The other resources or clients that need to communicate with the Windows Server 2003. For example, do you have a database or share on Windows Server 2003 that other servers are accessing?
  • The servers housing applications that can’t be migrated. Legacy software is one of the primary reasons we still have older servers with older operating systems. The software is still in use or is legally needed for archival purposes. There may be no upgrade path for the legacy system.
  • The people resources available. You will need to know if you have the staff with the needed experience and knowledge, the subject matter experts on the software applications, and the manpower-time needed for the project.

I won’t go into detail here on how to perform your inventory of your infrastructure. Various third-party vendors have products (inventory management systems) to help you. There are also tools on the Internet available to help with the task. Microsoft provides the Assessment and Planning Toolkit.

Once you have your inventory, you can start working on your plan. With the inventory and knowledge of the resources, you have the basis needed to determine priorities, tasks, resource assignment, scheduling and more. Now, we can move onto the planning: See our blog “Windows Server 2003 Migration: Tasks Part 2 – Planning” (available soon).

As always, I welcome your comments or questions. Please feel free to leave them below or email me directly.




Sr. Network Consultant




©2015 Custom Systems Corporation

Access Control and Authorization with Windows Server 2012

WindowsServer2012Sta_Web Have you ever needed to set up permissions on a network resource and the only way to satisfy the conditions for permission was to create a brand new security group?  Windows Server 2012 is the answer.

Let’s say you have a file share (network resource) that should only be accessed by people who are both managers and members of the HR group.  You have a Managers group and an HR group, but the requirements specify a mix of the two groups.  I have run across situations similar to this many times and I am betting many other domain administrators have run across this as well.

Prior to Windows 2012, we might need to create another group that contains users who satisfy both conditions.  This generates the need to administer another group.  Too many situations like this, and you have a huge list of groups to cover every condition.  The more groups you have, more the need to manually control group membership.  To get around this situation, we may manually set unique permissions directly on the network resource.  So now the administrator must update individual access directly on the resource instead of in a group membership.  Either way, we now have another individual point to administer and document.  The larger the organization, the more complicated this gets.

Best practice is to use groups for access control as opposed to using an individual account.  This makes things easier because all you need to do to give someone access permissions is to join them in a group.  However, what happens to administration when we create a group to cover many, many situations of multiple conditions?  Server 2012 has a new feature that alleviates this situation and empowers the administrator.  Dynamic Access Control is part of the advanced authorization and access control technologies.  Dynamic Access Control includes the following new functionalities:

  • Central Access Rules – the expression of authorization that includes one or more conditions.
  • Central Access Policies –used to bring together multiple rules of authorization to be applied across servers in a domain.
  • Claims – a unique identifier for user, device, and resource objects in a domain.  This identifier can be included in expressions.
  • Expressions – joins multiple conditions of authorization together to define access permissions.
  • Proposed Permissions – allows an administrator to predict the results of their conditional access expressions without actually applying the change.

Given the example above of HR Managers, we could go about setting up access permissions to the network share in a few new ways.  We could do it directly on the network share where we would create an expression that has the conditions of being a member of both the Managers group and the HR group.  Or, we could do it on the domain where we would create a central access rule that contains the defined conditions for group membership.  We would then include the rule in a central access policy that we could apply across multiple servers in our domain.  To test this, we could use proposed permissions to see how this new policy affects our resources without actually applying the change.  We could take this one step further by using claims.  We could create a claim on individual user accounts that gives them a unique identifier.  We could then use the unique identifier to make an expression that specifies the user is a member of the HR security group and has the associated claim to determine access permissions.  Think about how many groups and cases of unique permission administration we could eliminate.

In order to support Dynamic Access Control, a new Access Control List (ACL) editor has been included in Windows 2012.  The Enhanced ACL Editor allows you to incorporate the expressions created with the access control/permissions of the network resource.  This is the tool that allows you to create and bring together all the topics presented above.

Put a 2012 domain controller in a test environment and kick the tires of this concept.  Afraid of what you might break?  That’s what we’re here for. Call or click today for your free, network assessment.



Sr. Network Consultant
© 2014 Custom Systems Corporation

Microsoft Desktop Licensing for Beginners

Microsoft desktop licensing is one area where there are many questions.  The answers can be quite surprising.  I will focus on Microsoft Windows Operating systems and the Office suite for this post.

Windows XP, 7 & 8.  All Editions – Home, Business, Ultimate

When you purchase a new computer Windows will already be installed on the device.  This is called an OEM (Original Equipment Manufacturer) license.  Simply stated the software can only be used on the computer it was delivered on.  You cannot legally move the operating system to a new computer, old computer, home computer, your friend’s computer, etc.  If you replace the operating system with Linux or some other variant, you cannot move the Windows OEM to another computer.  It lives and dies with the computer it was delivered on.  If you have CDs or recovery DVDs they can only be legally used on this specific computer.

Windows 7/8 Upgrades – None, not available, they do not exist (think Easter Bunny) Microsoft discontinued Windows operating systems upgrades many years ago.  They simply do not exist for Windows 7 or 8. All Windows 7/8 Upgrades are a full retail license purchase that can legally be installed on only one computer.

Microsoft Office – 2007, 2010 & 2013. All Editions, Standard, Professional, Student , Small Business, Home, etc.

If your copy of Microsoft Office was included with your new computer over the last 10 years it is considered an OEM license just like the operating systems above.  It lives and dies with the PC. You cannot legally install it to another computer even if you have the CD/DVD and license keys.  Microsoft has added Product Activation to track how many times a product is installed and activated. Try it and you will see after installs… it will no longer activate.

Retail License – if you purchase a box of software from a retail location, Staples, Amazon, etc. and were provided a box with CDs and a license card you are authorized to install the product one time on a PC.  If you get a new PC you can remove the product from the old PC and install it on different PC.  If the product will not activate, you can call Microsoft and plead your case and they will reset the Product Activation.  This does not mean you can do this 10 times, you will no longer get your product activated.

The benefit of OEM and Retail licensing is low cost.  The primary disadvantage is that there are NO upgrades ever and you cannot move the software to other computers.

Open License, Open Business and Open Value Licensing

If you are a business and want the flexibility to purchase your Microsoft Office licenses in quantities greater than 10, and the ability to move licenses between any of your computers up to the quantity purchased.  Microsoft offers several license programs to accommodate your needs.  These various programs provide numerous benefits.  You can pay for it all up front, or over three annual equal payments.  The licenses cost more than an OEM license but you control what computers will have the software installed.  Microsoft’s only concern is that you only install up to the license count purchased. Many of these programs can include upgrade rights to new versions when available for an added cost. For business that wants to always be at a current version these programs offer the best value.

Licensing of Microsoft Desktop products is a simple concept, however, the variety of methods available to acquire the licenses can be intimidating.  Should you have any questions about the best license program for your business, please contact a Custom Systems Microsoft License expert at 800-359-3523.  All contact regarding license questions are kept strictly confidential.

Paul R. Cook
Paul R. Cook
Vice President, Network Services Group



© Copyright 2014 Custom Systems Corporation