makspogonii - Fotolia
Earlier this year, Microsoft released an updated version of the Microsoft Desktop Optimization Pack. MDOP 2014 contains a suite of tools to help IT administrators more efficiently manage and virtualize Windows environments. The suite includes six core components that help maximize Windows implementations. Of those components, only two received substantial updates in MDOP 2014 -- one related to BitLocker administration and the other to application virtualization.
MDOP 2014 components
The MDOP suite is available only to Software Assurance subscribers that purchase Windows through Microsoft's Volume Licensing program; however, Microsoft Developer Network subscribers can download MDOP for testing and evaluation.
These three components focus on managing and restoring Windows:
- Advanced Group Policy Management 4.0 SP2: This extension to the Active Directory management console provides administrators with more granular control over Group Policy Objects, making it easier to keep enterprisewide desktop configurations up to date.
- Microsoft BitLocker Administration and Monitoring (MBAM) 2.5: This management tool simplifies BitLocker deployment, key recovery and compliance reporting for Windows 7, Windows 8 and Window To Go implementations.
- Diagnostic and Recovery Toolset 8.0: DaRT is a set of 14 tools that enable admins to resolve Windows problems quickly on remote and on-site systems. In the process, it can take steps such as recovering deleted files, removing malware or analyzing dump files.
In addition to these components, MDOP 2014 also offers three components that specifically target virtualization:
- Application Virtualization 5.0 SP2: App-V is an integrated tool for transforming Windows applications into centrally managed services while delivering a consistent user experience that mimics traditionally installed programs.
- User Experience Virtualization 2.0: This is an enterprise-scale virtualization product that delivers a user's personal settings across multiple instances of Windows 7 or Windows 8, including settings for Office 2007 or later.
- Microsoft Enterprise Desktop Virtualization 2.0: A tool for providing legacy applications to a newer Windows environment by delivering the apps via a virtualized PC running the older operating system that supports those apps.
Of these six components, only MBAM 2.5 and App-V 5.0 SP2 have been significantly updated with the release of MDOP 2014.
Microsoft BitLocker Administration and Monitoring
Management enhancements win big in MBAM 2.5 with the release of several new BitLocker-related Group Policy settings. For example, administrators can now enforce the use of strong PINs, allowing users to enter any characters on their keyboards, including uppercase and lowercase letters as well as numbers, symbols and spaces.
Another new Group Policy setting lets administrators provide users with a URL that links to the organization's security policies. The link appears when MBAM prompts a user to encrypt a volume.
In addition, MBAM 2.5 comes with new settings for enforcing encryption policies on client operating systems and fixed drives. The feature includes the ability to limit the number of days a user can postpone encrypting a drive.
MBAM 2.5 also adds support for high-availability deployments on Windows Server. In addition to supporting network load balancing and the Volume Shadow Copy Service, MBAM now extends to SQL Server clustering, mirroring and AlwaysOn availability groups.
Another important addition to MBAM is support for the Federal Information Processing Standard (FIPS). Organizations can now use FIPS-compliant recovery keys on Windows 8.1 devices with BitLocker encryption, helping to improve the end-user drive recovery process. Administrators can also use the Data Recovery Agent protector in FIPS environments to facilitate the recovery of BitLocker-protected drives.
MBAM 2.5 includes still more capabilities, such as support for SQL Server 2014 and multiforest domain deployments, making BitLocker management more complete than ever.
Microsoft has also made it easier to virtualize Windows applications with the release of App-V 5.0 SP2. The updated App-V now supports Windows Server 2012 R2 and Windows 8.1, as well as folder redirection for users roaming AppData virtual file system (VFS) folders.
In addition, Microsoft has enhanced a number of operations in App-V 5.0 SP2, including those related to publishing, launching and refreshing virtual applications. For example, App-V now supports parallel deployments and simplifies the procedures for testing and executing an upgraded virtualized application.
App-V also no longer prompts users to close a running virtual application when a newer release is available. As long as the app is running, the publishing operation is postponed until the virtual environment is not being used. The same goes for unpublishing an app -- the process is postponed until the environment is closed.
The latest release of App-V also includes improvements to other functionality. For example, the package conversion engine and sequencer have been enhanced, which improves package conversion rates. App-V also now supports a VFS write-mode sequencer setting to make it easier to virtualize apps that require sequencing.
Other features as well include the ability to enable dynamic virtualization in order to support shell extensions, browser helper objects and ActiveX controls. In addition, Microsoft has added how-to guides to the App-V package to help admins test, deploy and optimize their virtual applications.
Moving forward with MDOP 2014
For enterprises managing Windows desktop environments in large numbers, MDOP 2014 can prove a valuable addition to their Software Assurance subscriptions. Administrators can more efficiently support and restore systems as well as virtualize desktops and their apps.
The updated MBAM and App-V could prove especially beneficial, given how significantly they've been updated. For those not already familiar with MDOP, now's the time to take a closer look.
Microsoft releases a new version of its MDOP for 2014
Use MBAM 2.0 to ensure compliance with BitLocker encryption
Bypass Software Assurance with the Windows 8.1 volume license
FAQ: Why Group Policy settings matter
MDOP 2012 adds user experience and other features
Lock down enterprise desktops with Group Policy settings
Understand the basics of what MDOP can do