Updated: January 28, 2013
Welcome to the technical library for Solution Accelerators.
Here you will find a complete alphabetical listing of all Solution Accelerators.
To find Solution Accelerators for the most recent Microsoft products and technologies, grouped by Solution Accelerator Suite (Desktop, Server, Virtualization…) or by MOF IT Service Lifecycle (Plan, Deliver, Operate…), see the Solution Accelerators Home Page.
Active Directory Directory Product Operations Guide
Describes processes and procedures for improving the management of Microsoft Active Directory directory service in an information technology (IT) infrastructure.
Administrator Accounts Security Planning Guide
Because of their inherent permissions and power, administrator accounts on computers that run Microsoft Windows Server 2003 are both the most useful and potentially the most dangerous accounts on your computer. This guide provides prescriptive guidance to address the problem of intruders who acquire administrator account credentials and then use them to compromise the network.
Application Approval Workflow
This tool takes an application request submitted through the System Center 2012 Configuration Manager Application Catalog and transforms it into a System Center 2012 - Service Manager service request, allowing flexible approval lists and activities.
Applying the Principle of Least Privilege to User Accounts on Windows
Users with administrative rights on their client computers are at increased risk from malicious software encountered via browsers, e-mail clients, and instant messaging programs. The least-privileged user account (LUA) approach is a key part of an effective defensive strategy to mitigate this risk. LUA ensures that users follow the principle of least privilege and always log on with limited user accounts.
Microsoft System Center Configuration Manager 2007 Dashboard
The Microsoft System Center Configuration Manager 2007 Dashboard lets you track the deployments of software, OS, security update and IT compliance with key regulations at a glance – with an easy to use and customizable graphical dashboard.
Data Classification Toolkit
Streamline your compliance experience with new features in the Data Classification Toolkit. The toolkit supports file servers running Windows Server 2012 and Windows Server 2008 R2 SP1. In addition to configuring File Classification Infrastructure (FCI) on your file servers, the latest version of the toolkit allows you to manage central access policy across the file servers in your organization. The toolkit enhances the user experience by providing scenario-based wizards that you can use to configure, export, import, and compare file classifications, as well as manage central access policy on your file servers. It provides tools to provision user and device claim values and central access policy across a forest to help simplify configuring Dynamic Access Control in Windows Server 2012. The toolkit also provides a new report template that you can use to review existing central access policy on file shares.
Data Encryption Toolkit for Mobile PCs
The Data Encryption Toolkit for Mobile PCs provides tested guidance and powerful tools to help you protect your organization’s most vulnerable data. The strategies outlined in this Toolkit are easy to understand, and the guidance shows you how to optimize two key encryption technologies already available to you in Microsoft Windows XP or Windows Vista: the Encrypting File System (EFS) and Microsoft BitLocker Drive Encryption (BitLocker).
DHCP Product Operations Guide
Describes processes and procedures for improving the management of Microsoft Windows Server 2003 Dynamic Host Configuration Protocol (DHCP) service in an information technology (IT) infrastructure.
DNS Product Operations Guide
Describes processes and procedures for improving the management of Microsoft Windows Server 2003 Domain Name System (DNS) Service in an information technology (IT) infrastructure.
External Collaboration Toolkit for SharePoint
The External Collaboration Toolkit for SharePoint is now being maintained and supported by the open source community. To access these resources and start contributing to the ECTS community, go here:
File Service Product Operations Guide
This guide describes processes and procedures for improving the management of Microsoft Windows Server 2003 File Service in an information technology (IT) infrastructure.
The Fundamental Computer Investigation Guide for Windows
This guide discusses processes and tools for use in internal computer investigations. It introduces a multi-phase model that is based on well-accepted procedures in the computer investigation community. It also presents an applied scenario example of an internal investigation in an environment that includes Microsoft Windows–based computers. The investigation uses Windows Sysinternals tools (advanced utilities that can be used to examine Windows–based computers) as well commonly available Windows commands and tools.
Guidance and recommendations to address key security concerns about server virtualization and consolidation of workloads to help you reduce costs and create a dynamic IT infrastructure.
Implementing Quarantine Services with Microsoft Virtual Private Network Planning Guide
VPN connections allow employees and partners to connect to a corporate local area network (LAN) over a public network in a secure manner. Although a VPN provides secure access by encrypting data though the VPN tunnel, it does not prevent intrusions by malicious software that initiates from the remote access computer. Virus or worm attacks can result from infected computers that connect to the LAN. VPN quarantine provides a mechanism to address these issues. This guide describes the challenges in planning and implementing quarantine services with VPN through the new features available in Microsoft Windows Server 2003 with Service Pack 1 (SP1).
This guide provides a logical roadmap to progress from reactive to proactive IT service management, moving from one of four defined levels of IT services to the next more efficient and streamlined level of services. Each document briefly describes each of the four levels, and explains each capability in the Microsoft Core Infrastructure Optimization Model. It then introduces high-level concepts for planning, building, deploying, and managing these capabilities and provides links to relevant resources where more detailed and actionable content can be found.
Core Infrastructure Optimization Implementer Resource Guide: Basic to Standardized
This is the first of three resource guides. Use the information contained in this guide to help you move from the Basic level to the Standardized level.
Core Infrastructure Optimization Implementer Resource Guide: Standardized to Rationalized
This is the second of three resource guides. Use the information contained in this guide to help you move from the Standardized level to the Rationalized level.
Core Infrastructure Optimization Implementer Resource Guide: Rationalized to Dynamic
This is the third of three resource guides. Use the information contained in this guide to help you move from the Rationalized level to the Dynamic level.
Infrastructure Planning and Design
The Infrastructure Planning and Design (IPD) series provides guidance for Microsoft infrastructure products, including Windows Server 2008 R2. The series is a collection of documents that lead the reader through a sequence of core decision points to design an infrastructure for Microsoft products. It also provides a means to validate design decisions with the business to ensure that the solution meets the requirements of both business and infrastructure stakeholders. It includes the following individual guides:
Active Directory Certificate Services
Active Directory Domain Services
Exchange Online—Evaluating Software-plus-Services
Exchange Server 2010
Forefront Identity Manager (FIM) 2010
Forefront Unified Access Gateway
Internet Information Services
Microsoft Application Virtualization 4.6
Microsoft Enterprise Desktop Virtualization (MED-V)
Remote Desktop Services
Selecting the Right NAP Architecture
Selecting the Right Virtualization Technology
SharePoint Online—Evaluating Software-plus-Services
SharePoint Server 2010
SQL Server 2008
System Center Configuration Manager 2007 R3 and Forefront Endpoint Protection
System Center 2012 - Data Protection Manager
System Center Data Protection Manager 2007 with SP1
System Center 2012 - Operations Manager
System Center Operations Manager 2007
System Center 2012 - Service Manager
System Center Service Manager 2010
System Center 2012 - Virtual Machine Manager
System Center Virtual Machine Manager 2008
Windows Deployment Services
Windows Server Virtualization
Windows Optimized Desktop Scenarios
Windows User State Virtualization
This guide provides easy-to-understand and extensive methodology for Microsoft Security Development Lifecycle (SDL) threat modeling. For organizations that want to establish a threat model process to help prioritize investments in IT infrastructure security.
Malware Defense Guide Beta
This guide was designed to provide your organization with the latest information to plan the most cost-effective defense approach to malicious software (also called malware), detailing considerations for planning and implementing a comprehensive antimalware defense for your organization.
Microsoft Application Approval Workflow
When a user requests an application through the System Center 2012 Configuration Manager Application Catalog that requires approval, this approval workflow solution will transform the application request into a System Center 2012 - Service Manager service request allowing flexible approval lists and activities.
Microsoft Application Virtualization Dashboard
The Microsoft Application Virtualization (App-V) Dashboard helps customers keep track of the usage, health, and compliance of their virtualized applications—in near real time! Using the Dashboard’s built-in charts, gauges, and tables, customers can track any App-V dataset. The Dashboard can be installed in minutes, and it’s easy to customize to meet the unique needs of each organization.
Microsoft Assessment and Planning Toolkit
Infrastructure assessment tool for desktop and server OS migration to Windows 7, Office 2010, and Windows Server 2012. Includes software usage tracker for streamlined management of server and client access licenses (CALs), database discovery for SQL Server consolidation, and reporting of server utilization, as well as recommendations for server consolidation and virtual machine placement using Microsoft’s Hyper-V hypervisor.
Microsoft Deployment Toolkit 2012 Update 1
Microsoft Deployment Toolkit (MDT) 2012 Update 1 is the newest version of Microsoft Deployment Toolkit, a Solution Accelerator for operating system and application deployment. MDT 2012 supports deployment of Windows 8, Windows 7, Office 2010 and 365, and, Windows Server 8 in addition to deployment of Windows Vista, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, and Windows XP.
Microsoft DirectAccess Connectivity Assistant
DCA helps organizations lower the cost of supporting DirectAccess users and significantly improve their connectivity experience. DCA is a part of the Windows Optimized Desktop Toolkit 2010.
Microsoft Forefront Integration Kit for Network Access Protection
Integrate Microsoft Forefront Client Security and Network Access Protection (NAP) to provide an additional defense-in-depth layer against attacks while giving administrators a significant degree of control over the security and health of networked computers.
Microsoft Forefront Protection Server Script Kit
This Solution Accelerator provides multi-server management capabilities for Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint.
Microsoft Identity and Access Management Series
This series of papers provides numerous identity and access management concepts, techniques, and solutions for use in heterogeneous IT environments. Identity and access management combines processes, technologies, and policies to manage digital identities and specify how they are used to access resources.
Microsoft Operations Framework 4.0
Microsoft Operations Framework (MOF) 4.0 delivers practical guidance for everyday practices and activities, helping users establish and implement reliable, cost-effective technical services.
MOF Online Content is available:
In addition to the core content, MOF Extended Guidance is available:
In addition to the core content, the MOF Technology Library is available:
MOF Continuous Improvement Roadmap
Use this IT service management toolkit to enable service management assessments and run service improvement programs.
Microsoft Virtual Machine Converter
This Solution Accelerator provides a solution for converting VMware virtual machines (VMs) and VMware virtual disks (VMDKs) to Hyper-V VMs and Hyper-V virtual hard disks (VHDs).
P2V Migration for Software Assurance
P2V Migration for Software Assurance uses the Microsoft Deployment Toolkit, Sysinternals Disk2VHD and optionally System Center Configuration Manager 2007 to convert a user’s existing Windows XP or newer client environment to a virtual hard disk. MDT automates the delivery of an updated and personalized Windows 7 operating system while the P2V process retains a virtual machine with the user’s previous Windows environment, applications and Web browser.
Payment Card Industry Data Security Standard Compliance Planning Guide
A framework-based approach to address Payment Card Industry Data Security Standard (PCI DSS) compliance requirements and respond appropriately to many other regulatory obligations.
Print Service Product Operations Guide
Describes processes and procedures for improving the management of Microsoft Windows Server 2003 Print Service in an information technology (IT) infrastructure.
Regulatory Compliance Planning Guide
See the IT Compliance Management Series.
Secure Access Using Smart Cards Planning Guide
Administrators are increasingly aware of the dangers that result if they rely only on user names and passwords to provide authentication to network resources. Smart cards and their associated PINs are an increasingly popular, reliable, and cost-effective form of two-factor authentication. With the right controls in place, the user must have the smart card and know the PIN to gain access to network resources. The two-factor requirement significantly reduces the likelihood of unauthorized access to an organization's network.
Securing Wireless LANs with Certificate Services
Securing Wireless LANs with Certificate Services is a prescriptive guide that addresses vulnerabilities in today's wireless networks. Despite the many productivity and technology benefits that WLANs offer, insufficient security has prevented a number of organizations from deploying them. This guidance provides information for IT Professionals about how to design, implement, and operate a wireless security infrastructure built with 802.1X and WLAN encryption, RADIUS, and a public key infrastructure (PKI).
Securing Wireless LANs with PEAP and Passwords
Securing Wireless LANs with PEAP and Passwords is designed to guide you through the complete life cycle of planning, deploying, testing, and managing a wireless security solution. It uses a flexible architecture that is adaptable for organizations ranging in size from less than 50 users to those with several thousand users. The guide comprises an end-to-end solution that encompasses the complete life cycle of planning, building, testing, and managing the solution. Its prescriptive guidance provides solution design choices based on best practices and knowledge gained from WLAN deployments at Microsoft and its customers.
Security Compliance Manager
An end-to-end solution to help your IT organization plan, deploy, and monitor baseline configurations for many Microsoft products.
Windows Server 2012 Security Baseline
Windows Server 2008 R2 Security Baseline
Windows Server 2008 Security Baseline
Windows Server 2003 Security Baseline
Windows 8 Security Baseline
Windows 7 Security Baseline
Windows Vista Security Baseline
Windows XP Security Baseline
Internet Explorer 10 Security Baseline
Internet Explorer 9 Security Baseline
Internet Explorer 8 Security Baseline
Exchange Server 2010 Security Baseline
Exchange Server 2007 Security Baseline
Microsoft Office 2010 Security Baseline
2007 Microsoft Office Security Baseline
Security Monitoring and Attack Detection Planning Guide
Extensive media reporting about the spread of malicious software through the Internet has significantly raised the profile of external threats to organizations' network resources. However, some of the greatest threats to any organization's infrastructure come from attacks that originate from within the internal network. This guide describes how to plan a security monitoring system on Windows-based networks. This system can detect attacks that originate from internal and external sources. The main aim of a security monitoring system is to identify unusual events on the network that indicate malicious activity or procedural errors.
Security Risk Management Guide
Customers can be overwhelmed when attempting to put in place a plan for security risk management. This can be because they do not have the in-house expertise, budget resources, or guidelines to outsource. To assist these customers, the Microsoft has developed The Security Risk Management Guide. This guide helps customers of all types plan, build, and maintain a successful security risk management program. In a four phase process, depicted below, the guide explains how to conduct each phase of a risk management program and how to build an ongoing process to measure and drive security risks to an acceptable level.
Server and Domain Isolation Using IPsec and Group Policy
Large organizations face increasing challenges in securing the perimeters of their networks. Wireless networks and wireless connection technologies have made network access easier than ever. This increased connectivity means that domain members on the internal network are increasingly exposed to significant risks from inside and outside the organization. This guide provides tested guidance around two solutions: server isolation, to ensure that a server accepts network connections only from trusted domain members or a specific group of domain members; and domain isolation, to isolate domain members from not trusted connections. These solutions can be used separately or together as part of an overall logical isolation solution.
Service Level Dashboard for System Center Operations Manager 2007
The Service Level Dashboard addresses the need for organizations to ensure that their business-critical IT resources (applications and systems) are available and performing at acceptable levels. The dashboard evaluates an application or group over a selected time period, determines whether it met the defined service level commitment, and displays summarized data.
Services and Service Accounts Security Planning Guide
This guide is an important resource to plan strategies to run services securely under the Microsoft Windows Server 2003 and Windows XP operating systems. It addresses the common problem of Windows services that are set to run with highest possible privileges, which an attacker could compromise to gain full and unrestricted access to the computer or domain, or even to the entire forest. It describes ways to identify services that can run with lesser privileges, and explains how to downgrade those privileges methodically. This guide can help you assess your current services infrastructure and make some important decisions when you plan for future service deployments.
SharePoint Capacity Planning Tool Executive Overview
The SharePoint Capacity Planning Tool is a general-purpose modeling tool that complements SharePoint’s deployment planning documentation. With this tool and the analysis it provides, you can get a head start on planning your SharePoint topology. After you provide the tool with basic information about your organization, the tool provides a first approximation of the topology your organization needs.
SharePoint Monitoring Toolkit Executive Overview
Contains two management packs for System Center Operations Manager 2007: Windows® SharePoint Services 3.0 Management Pack and Microsoft Office SharePoint Server 2007 Management Pack. These monitor the health state of the components in a SharePoint environment that affect performance and availability. When there is an issue that may cause service or performance degradation, Operations Manager 2007 uses the management packs to detect the issue, alert system administrators to its existence, and facilitate diagnosis and corrective action.
Guidance on how to use the desired configuration management (DCM) feature of Microsoft System Center Configuration Manager 2007 to scan the computers in your environment. You can then use the scan results to document the compliance level of the computers with the Federal Desktop Core Configuration (FDCC) mandate.
System Center Process Pack for IT GRC
Deeply integrated with Service Manager, the System Center Process Pack for IT GRC translates complex regulations and standards into authoritative control objectives and control activities for your IT organization’s compliance program. The process pack is designed to help customers understand and bind complex business objectives to their Microsoft infrastructure in an operationally efficient manner.
Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP
A comprehensive security setting reference that provides countermeasures for specific threats against these Windows operating systems.
Upgrade Toolkit for Windows SharePoint Services Sites and Templates Guide
This solution accelerator provides guidance and tools to enable IT Professionals and WSS users to successfully upgrade their Windows SharePoint Services 2.0 custom sites and templates.
Virtual Machine Servicing Tool (VMST) 2012
Virtual Machine Servicing Tool 2012 is designed to work with System Center 2012 – Virtual Machine Manager (VMM), System Center 2012 Configuration Manager and Windows Server Update Services (WSUS) 3.0 SP2.
Virtual Machine Servicing Tool (VMST)
VMST 3.0 helps customers reduce IT costs by making it easier to update their offline virtual machines, templates, and virtual hard disks with the latest operating system and application patches—without introducing vulnerabilities into their IT infrastructure.
Windows Optimized Desktop Scenarios
The Windows Optimized Desktop Scenarios relate the IT and user business requirements for a flexible, efficient, and managed desktop environment to sets of complementary Microsoft technologies. The guide and supporting tool in this Solution Accelerator use five standard user scenarios such as Office Worker and Mobile Worker to map requirements to technologies. This new version (v1.1) includes new features of Windows 7 and Windows Server 2008 R2 such as BranchCache, DirectAccess, BitLockerToGo, and AppBlocker.