paul a. cooke - cissp director microsoft session code: cli311
TRANSCRIPT
![Page 1: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/1.jpg)
![Page 2: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/2.jpg)
Windows 7 BitLocker: Configuration and Deployment
Paul A. Cooke - CISSPDirectorMicrosoftSession Code: CLI311
![Page 3: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/3.jpg)
Windows Vista BitLocker
Encrypts the OS volumeHelps prevent the unauthorized disclosure of data when it is at restDesigned to utilize a Trusted Platform Module (TPM) v1.2
Secure key storageBoot Integrity
Vista SP1 added support for multi-volume/drive protection!
![Page 4: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/4.jpg)
Windows 7 BitLockerWhat’s New• BitLocker Enhancements
Automatic 100 Mb hidden boot partition
New Key Protectors
Domain Recovery Agent (DRA)
Passwords
Smart card
Auto-Unlock
![Page 5: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/5.jpg)
Windows 7 BitLockerWhat’s New
BitLocker To Go
Support for FAT*
Protectors: DRA, passphrase, smart card and/or auto-unlock
Management: protector configuration, encryption enforcement
Read-only access on Windows Vista & Windows XP
![Page 6: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/6.jpg)
Architectural Overview
![Page 7: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/7.jpg)
Disk Layout and Key StorageOperating system volume contains:
Encrypted OSEncrypted page fileEncrypted temp filesEncrypted dataEncrypted hibernation file
Where’s the encryption key?SRK (Storage Root Key) contained in TPM SRK encrypts the VMK (Volume Master Key)VMK encrypts FVEK (Full Volume Encryption Key) – used for the actual data encryptionFVEK and VMK are stored encrypted on the Operating System Volume
Operating System Volume
SystemSystem volume contains:
MBR Boot Manager Boot Utilities
FVEKSRK
VMK
![Page 8: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/8.jpg)
TMP Only“What it is.”
Dongle Only“What you have.”
TPM + PIN“What you know.”
TPM + Dongle“Two what I
have’s.”
OS Volume Key ProtectorsEa
se o
f Use
BitLocker offers a spectrum of protection allowing customers to balance ease-of-use against the threats they are most concerned with
Protects against: SW-only attacks
Vulnerable to: HW attacks (including
potential “easy” HW attacks)
Security
Protects against: All HW attacks
Vulnerable to: Losing dongle Pre-OS attacks
XXXXX
Protects against: Many HW attacks
Vulnerable to: TPM breaking
attacks
Protects against: Many HW attacks
Vulnerable to: HW attacks
XXXXX
![Page 9: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/9.jpg)
All Boot Blobs
unlocked
Volume Blob of Target OS unlocked
Trusted Platform Module (TPM)Static root of trust measurement of early boot components
PreOS Static OS
TMP Init
BIOS
MBR
BootSector
BootBlock
BootManager
OS Loader
StartOS
![Page 10: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/10.jpg)
Windows Vista BitLocker Volume
Boot Sector Boot Sector
Encrypted Volume Data
BitLocker Metadata Copies
Pointer to Primary Metadata Copy
Pointers to other metadata copies
![Page 11: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/11.jpg)
Windows 7 BitLocker Volume
Virtual Boot Sector
Virtual Boot Sector
Encrypted Volume Data
BitLocker Metadata Copies
Pointer to Primary Metadata Copy
Pointers to other metadata copies
Boot Sector
![Page 12: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/12.jpg)
Infrastructure PreparationOperating system partition
![Page 13: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/13.jpg)
Hardware RequirementsTrusted Platform Module
Trusted Platform Module (TPM) v1.2Trusted Platform Module (TPM) Compatible BIOS
USB Flash DriveThe system BIOS must support both reading and writing small files on a USB flash drive in the pre-operating system environment
Disk PartitioningSeparate reserved system partition using NTFSSystem partition minimum size of at least 100MBChoosing the right partitioning is key for a successful deploymentSystem partition is a Windows 7 requirement not specific to BitLocker
![Page 14: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/14.jpg)
Note: An additional 50MB is required on the recovery partition for volume snapshots during Complete PC backups
Disk Partitioning RequirementsPossible examples
Windows RE250 MB
NTFS
System Partition100 MB
NTFS
OS - EncryptedRemaining Disk
NTFS
System Partition/Windows RE300 MB
NTFS
OS - EncryptedRemaining Disk
NTFS
![Page 15: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/15.jpg)
RecommendationsStandardize the hardware
Hardware pre-build configuration (OEM)BIOS settingsEnable and Activate the TPMBIOS passwords
Minimize the number of reboots for your usersWorst scenario – 4 rebootsBest scenario – 1 rebootNumber of reboots is key in a successful deployment of BitLocker
![Page 16: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/16.jpg)
RecommendationsWhat requires reboots?
RepartitioningTPM initializationTPM ownership – requires physical presenceBitLocker System Check
Improve the user experienceDeploy Windows with the recommended drive partitionsAsk your OEM to enable the TPMStandardize the hardware to remove the requirement of the compatibility wizard
![Page 17: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/17.jpg)
Management and Recovery Preparations
![Page 18: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/18.jpg)
Group Policy PreparationBitLocker Group Policy settings can
Turn on BitLocker backup to Active DirectoryEnable advanced startup options, recovery options, etc.Configure encryption method and strengthEnable FIPS compliance - before setting up BDE keys!Enforce or disable specific protectorsEnforce a minimum PIN length
TPM Services Group Policy canTurn on TPM owner authorization backup to Active Directory Domain ServicesConfigure the list of blocked TPM commands
![Page 19: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/19.jpg)
Develop a Recovery StrategyDefine the process end-users will follow when recovery of a BitLocker system is needed
Anticipate the recovery scenariosHow to handle lost or forgotten Key Protectors?Reset PIN, lost startup keyHow are disk drive failures recovered?How are TPM hardware failures treated?Recover from core files or pre-OS file (BIOS upgrade, etc…) updates which are not plannedRecovering and diagnosing a deliberate attack
![Page 20: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/20.jpg)
Active Directory Based RecoveryBy default, no recovery information is backed up to AD
Administrators can configure GP to enable backup of BitLocker or TPM owner authorization recovery info
Schema needs to be extended Windows Server 2008 and 2008 R2 are “BitLocker Ready”All domain controllers in the domain must be at least Windows Server 2003 SP1
Recovery data saved for each computer objectRecovery passwords - a 48-digit recovery passwordKey package data (optional) - helps recovery if the disk is severely damagedThere is only one TPM owner password per computer
There can be more than one recovery password per computerO/S VolumeData Volumes
![Page 21: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/21.jpg)
Data Recovery Agent New Recovery Mechanism
Certificate-based key protectorA certificate containing a public key is distributed through Group Policy and is applied to any drive that mountsThe corresponding private key is held by a data recovery agent in the IT department
Allows IT department to have a way to unlock all protected drives in an enterpriseSaves space in AD – same Key Protector on all drives
![Page 22: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/22.jpg)
Windows Recovery EnvironmentSet of tools for troubleshooting startup problems
In Windows RE environment, user will be prompted for recovery credential on a BitLocker-enabled machineContains the necessary drivers and tools to unlock and repair if necessary a BDE-protected volume
WinRE boot image needs to reside on a non-encrypted volumeBitLocker setup is now Windows RE “aware” and will move Windows RE to a proper partition if required.
Manage-BDE and Repair-BDE are now installed per defaultIn Windows 7In Windows PE and in the Windows Recovery Environment (Windows RE)
![Page 23: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/23.jpg)
RecommendationsGroup Policies
Ensure that the group policies are configured before your deploymentMost BitLocker GPOs are not retroactiveTPM + PIN offers the best balance between security and user experienceRecovery and authentication policies are specific to Vista and Windows 7Leverage the group policy targeting mechanism for granularity
Recovery ScenariosWinRE should be deployed in its own partition or on the system partitionTest all your recovery scenariosUse Active Directory if you want to build custom recovery solutionsUse Data Recovery Agents if you have a requirement for FIPS compliance
![Page 24: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/24.jpg)
BitLocker DeploymentOperating system partition
![Page 25: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/25.jpg)
BitLocker DeploymentDeployment options
During build processPost-build processUser initiated
Deployment methodsManage-BDEWMISCCM
Windows Deployment Tools
Windows 7 Upgrade Scenario
![Page 26: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/26.jpg)
Deployment Options
Configuration during build processEnabling and activating a TPM during this process will require user interaction to meet the physical presence requirement If backup of recovery info to AD is required, BDE must be enabled after the computer has joined your AD domainStarting encryption during the build process has performance impact, for example if there are additional tasks to be performed (install apps, etc) Consider starting encryption at the very end of the build process
![Page 27: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/27.jpg)
Deployment Options Post-build configuration
Triggered immediately after the system build process completes Or triggered at a later time after the computer is delivered to the end user
Software distribution tool (SCCM)GP scriptingLogon scripts
Very flexible and can be accomplished using numerous methods
User initiated configurationAllow users to selectively enroll and configure their machines for BDENot recommended if BitLocker is mandatory
![Page 28: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/28.jpg)
Deployment MethodsManage-BDE.exe command-line tool
Provides configuration / administration on individual and remote machinesLocation: %systemdrive%\Windows\system32Leverages the BitLocker and TPM WMI providers
Create scripts with BitLocker and TPM WMI providers Useful when integrating support of BitLocker machines into your help desk environment, or user initiated configuration type of deploymentSample script (EnableBitLocker.vbs) availableRecommendation: Use for large enterprise deployments
![Page 29: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/29.jpg)
Deployment MethodsBitLocker WMI Methods allows to
Enable/activate TPM, take ownership and generate random owner passEnable BitLocker protection using supported authentication methodsCreate additional recovery key and recovery passwordReset TPM owner information
Use and modify existing sample script Manage-BDE.wsfLocation: %systemdrive%\Windows\system32Only provided as an example
Scripts can generate a rich log file, WMI exit codes are logged
Microsoft recommends Using BitLocker and TPM WMI providers for enterprise deploymentUsing manage-bde for administration of BitLocker enabled machines
![Page 30: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/30.jpg)
Deployment Methods
Systems Center Configuration Manager 2007Unify the deployment toolsets for both client and serverDeliver an end-to-end process for deploymentProvide high degrees of flexibility to accommodate complex enterprise requirementsUse native toolsets found in WindowsSupports BitLocker natively
![Page 31: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/31.jpg)
![Page 32: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/32.jpg)
Windows Deployment Tools
Systems Center Configuration Manager 2007http://www.microsoft.com/systemcenter/
Microsoft Deployment Toolkit 2008http://technet.microsoft.com/en-us/solutionaccelerators/dd407791.aspx
Windows Deployment Services
Unattended Installation
Imaging with ImageX
![Page 33: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/33.jpg)
Windows 7 Upgrade Scenario
Upgrade from a BitLocker machineNo decryption required but you need to suspend BitLockerCurrent partitioning will be preservedSystem partition will be 1.5 GBDrive letter will not be removed
Upgrade from a non-BitLocker machineCurrent partitioning will be preserved (single partition)BitLocker will automatically create a system partitionSystem partition will be 300MB with no drive letter
![Page 34: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/34.jpg)
BitLocker Server ScenariosBitLocker is a feature on Windows Server (optional component)
The feature needs to be installed through Server Manager
All the recommendations made in this presentation apply to the server scenario
BitLocker provides great value in branch office scenarios
Branch Office TechCenterhttp://technet.microsoft.com/en-us/branchoffice/default.aspx
![Page 35: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/35.jpg)
RecommendationsBare Metal install ≠ Clean install
Make sure to partition the diskFile base imaging does not partition the disk per default
Turn on BitLocker in the post build processProvides the most flexibility
Do not partition the disk post installationDeploy Windows 7 using the right partitionsOnly Shrink the O/S volume when no other options are availableIf you need to shrink the disk use bdehdcfg.exe post installation or the BitLocker Setup WizardDo not shrink from Vista for large deployments
![Page 36: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/36.jpg)
BitLocker DeploymentData Drive
![Page 37: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/37.jpg)
Data Drive Key Storage
Password
Auto-Unlock
Smartcards
Ease
of U
seBitLocker offers a spectrum of protection allowing customers to balance ease-of-use against the threats they are most concerned with
Security
Pros:Ease of use backward
compatibility BitLocker to go reader
Cons:Less secure vulnerable
to brute force and dictionary attacks
Pros:Uses a stronger key
Cons:Specific to a
single machine
Pros:Uses much stronger keys
Cons:Requires hardware not backward compatible
XXXXX
![Page 38: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/38.jpg)
Data Drive Specific Group Policy
BitLocker Group Policy settings canTurn on BitLocker backup to Active DirectoryEnable, enforce or disable password or smartcard protectorsEnforce a minimum password lengthEnforce password complexityDeny write access to drives not encrypted with BitLockerDo not allow write access to devices from other organizations
![Page 39: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/39.jpg)
BitLocker Enforcement
Requiring BitLocker for data drivesWhen this policy is enforced, all data drives will require BitLocker protection in order to have write accessAs soon as a drive is plugged into a machine, a dialog is displayed to the user to either enable BitLocker on the device or only have read-only accessThe user gets full RW access only after encryption is completedUsers can alternatively enable BitLocker at a later time
![Page 40: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/40.jpg)
BitLocker Enforcement
![Page 41: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/41.jpg)
BitLocker Cross-OrganizationThis policy will help enterprises manage compliance when a requirement exists to not allow devices to roam outside of the enterprise
When the "Deny write access to devices configured in another organization" policy is enabled
Only drives with identification fields matching the computer's identification fields will be given write accessWhen a removable data drive is accessed it will be checked for valid identification field and allowed identification fieldsThese fields are defined by the "Provide the unique identifiers for your organization" policy setting
![Page 42: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/42.jpg)
![Page 43: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/43.jpg)
![Page 44: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/44.jpg)
![Page 45: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/45.jpg)
Certificate RequirementsPossible deployment scenarios
Leverage an existing certificateLeverage a generic certificateDeploy a new BitLocker certificate
The BitLocker Object Identifier (OID)Associate a certificate to BitLocker (Certificate Application Policies)Default value: 1.3.6.1.4.1.311.67.1.1The BitLocker OID can be modified using Group Policies
![Page 46: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/46.jpg)
Certificate RequirementsSupported certificates for smart card authentication
A certificate is considered valid for BitLocker if the following conditions are met for Key Usage:
No KU is present KU is present and contains one of the following keyEncipherment bits:
CERT_DATA_ENCIPHERMENT_KEY_USAGECERT_KEY_AGREEMENT_KEY_USAGECERT_KEY_ENCIPHERMENT_KEY_USAGE
A certificate is considered valid for BitLocker if the following conditions are met for Extended Key Usage:
No EKU is presentEKU is present and contains BitLocker OIDEKU is set to anyExtendedKeyUsage
![Page 47: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/47.jpg)
RecommendationsIdentification fields
Should be set before your deployment if you are planning to use DRAs or the cross-organization policyAre automatically set during encryptionCan be set after encryption using Manage-BDE or WMI but this requires Administrator rights
CertificatesDeploy the required certificates before enabling BitLocker on data drives
BitLocker To Go ReaderInstalled per default but can be managed through group policiesRequires the use of a passwordCan be deployed separately using a software distribution tool
![Page 48: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/48.jpg)
BitLocker & BitLocker To Godemo
![Page 49: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/49.jpg)
question & answer
![Page 50: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/50.jpg)
www.microsoft.com/teched
Sessions On-Demand & Community
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learning
Microsoft Certification & Training Resources
Resources
![Page 51: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/51.jpg)
Complete an evaluation on CommNet and enter to win an Xbox 360 Elite!
![Page 52: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/52.jpg)
![Page 53: Paul A. Cooke - CISSP Director Microsoft Session Code: CLI311](https://reader036.vdocuments.us/reader036/viewer/2022081513/56649d9e5503460f94a87a0c/html5/thumbnails/53.jpg)
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.