Sunday, December 28, 2008

Flash me!

This article is part of my series on exploring Linux. In my last article I had to do some fast learning to resolve some audio issues. I had to learn how to edit a config file with root credentials and find what settings would give me full sound. After that success I decided to reward myself with a little Youtube time...

Well, it certainly didn't take me long to stumble into my next problem - no Flash plugin! (Youtube uses flash to play its videos). Firefox helpfully offered me a link to get the plugin. It fired up the same package manager that I had seen for the Ubuntu updates and for the media player plugins. But alas, none of the plugins offered would work.

With a bit of research I learned that my problem may be caused by the fact I am playing in a 64-bit world. I had tried to get Adobe Flash, but they haven't actually released a 64-bit version yet. But then I learned some great news - Adobe was currently working on Flash 10 (a 64-bit version) and their first alpha release was for the Linux platform - it was made available only 2 weeks ago! Do I have great timing or what!

The download introduced me to a tar.gz file. This is the Linux world's version of a zip or rar file. Firefox helpfully offered to open it for me with an "archive manager" which turned out to be File Roller. It's a world of new file types and applications, but the experience is basically the same. I got an interface that let me extract the files to a location or drag the files somewhere, etc.

Now I was faced with a new problem. The only thing in the package was a single .so file. Nothing was helping me to work with that extension. More research revealed that this was an actual plugin file that could be found in (or should BE in) a browser's plugin folder (no installer here)... More difficulty tryng to find a valid plugin folder for my version of firefox... Then trouble trying to copy the file to the folder. I'm glad I just finished learning about Sudo so that I could overcome the security restrictions. The final command I typed into my terminal window was:

sudo cp /home/gordon/Downloads/libflashplayer.so /usr/lib/firefox-3.0.5/plugins
This copied my downloaded flash plugin to Firefox's plugins folder despite security restrictions,

When I closed and restarted Firefox, I immediately went to Youtube where it offered its bounty to me. Life is glorious once again. I decided to conduct one more test... I called my 10 year old over and had her fire up her Webkinz account (a rich online world / gaming site for kids that relies heavily on flash). It worked like a charm. We are all smiling here.

This little fix took me a couple of hours with all of the research factored in. Again, I don't think this is something our aging parents would succeed with, but on the plus side, our aging parents probably aren't playing in 64-bit so probably wouldn't experience this in the first place. I also like that this fix isn't possible in the Windows world yet - I give Linux the win for this round.

Friday, December 26, 2008

Hello...TESTING, 1, 2, 3...

This article is part of my series on exploring Linux. In my last article I was busy being impressed with how nice and easy the install went and how well everything was working. Even my 720p video sample played well - but I realized that my sound was playing at just a whisper...

There was no user setting I could adjust to get my sound up to useable levels. My first Linux glitch! Time to roll up my sleeves and figure out what to do about it.

My default approach to any problem is to fire up Google and find a generic expert blog out there like mine. I obviously suspected a bad interaction of Ubuntu with my sound card, but I didn't know exactly what sound card my laptop utilizes. I decided to do a search using the name of my laptop model: "Ubuntu low sound hp tx2604ca". I found nothing. Realizing my highly specific model number defines my RAM options, etc., I generalize it a bit. I had seen my model mentioned as being part of a series, so I tried: "Ubuntu low sound hp tx2600". Still nothing. But I did get results that told me how similar my tx2600 series was to the tx2500 series - you can guess my next search. Suddenly I hit paydirt. Choosing the right amount of generality can avoid either too few or too many results. I suddenly started getting all sorts of valuable results regarding my low sound problem.

It seems sound problems are a remarkably common phenomenon in Linux - as evidenced by this long web page: https://wiki.ubuntu.com/Gutsy_Intel_HD_Audio_Controller

In rather short order I had the solution to my problem. This is how I fixed the sound on my laptop so my video sample would play at full volume:

  • Opened Applications|Accessories|Terminal
  • Edited a config file by typing: sudo gedit /etc/modprobe.d/alsa-base
  • Pasted to the end of the file: options snd-hda-intel index=0 model=acer
  • Saved it, closed it and restarted.
  • Done.
I didn't know what the options meant, but it was a remarkably simple solution - the problem was actually knowing enough to execute it. I never did find one all-encompassing clearly described solution. Instead I had to use my technical experience to piece the solution together. For instance, I had found numerous solutions that suggested modifying the alsa-base file and adding various "option" lines to it. I had to try a few options before I got it right. But before I could try a few, I had to figure out how to modify the darn file (doing it through a GUI editor was a no-go). I had to get acquainted with the Terminal window. I then had to learn that "sudo" is a pre-command you use to get full system (root) access when you need to make changes to system files.

The lessons I learned were valuable and the skills will clearly be called upon regularly. Everything in Linux can basically be controlled from the terminal (command line) in an environment where security has always been of upmost concern. I'm liking this. But I think that a 'normal' user like our aging parents would never get to the final solution alone and would still be sitting with negligible sound. This could be a problem.

Now that I've got sound problem licked, I think I'll go relax with some Youtube videos...

Saturday, December 20, 2008

That was easy!

This article is part of my series on exploring Linux. In my last article I just finished the Ubuntu installation and was rebooting...

I was faced with a multi-boot menu that contained both my new Ubuntu install and my old Vista install. After 9 seconds Ubuntu started automatically.

The desktop that greeted me was not altogether foreign:


The only initial indication of something strange was seeing 2 task bars (called "panels" in this world) and no Vista logo. Otherwise things are remarkably similar. Programs I have running are shown in the bottom panel. The Ubuntu logo at the top takes me to my applications and there are also quick launch icons available - very similar to Vista! (Of course, this interface is highly customizable - and if you don't like this Gnome environment, you can swap it out for some other one like KDE.)


I also found a very useful set of icons on the far right:


I like that the power on/off icon is out and easily available. It offers the usual options I've come to expect from a Vista laptop like: Logout, Suspend, Hibernate, Restart, Shutdown - plus a few more I'll have to try.

I quickly spotted the bar graph that would indicate WiFi networking. I was met by a very user-friendly interface that allowed me to quickly find my home network and enter my security information. I immediately launched Firefox that came pre-installed and was on the internet - uber cool! (I'm actually posting this article from Ubuntu as I type.)

Next was the bluetooth icon. Another simple experience. In two steps I had my Logitech bluetooth keyboard and mouse connected and working. All the buttons and wheels on my mouse are working as they should. This was a sore point for me a few years ago when I tried to use these same peripherals under Windows XP. I wasn't able to use a generic bluetooth receiver, but had to stick with the Logitech version that had other limitations. No limitations now! I don't know if this is a credit to Ubuntu or HP's bluetooth receiver.

Things are going way too smoothly... I wonder what that scary looking red arrow with the exclamation point is all about... It turns out that icon is notifying me of system updates. Now that I am on the network I have 189 waiting for me! Another nice interface listing the details of each update and giving me the option to install each one or not. Let's give this a shot...

... I'm back - after 5 hours! Talk about slow data transfer. They must have a lot of people hitting their servers (there does appear to be a way to stage downloads locally for enterprises though). Interesting thing - no automatic reboot of the system. I'm liking this already! I had heard that Linux can upgrade and restart many of its services on the fly. My only indication that something had happened was a request to reauthenticate to my wifi network - obviously the network services had to be restarted. Also, the red arrow icon had now become a refresh icon that was indicating I should restart the system when it was convenient for me. [As a side note, I have noticed that in the past week there have been about 5-10 new patches every day!.)

I've been quite impressed that my basic laptop hardware, wifi and bluetooth devices have all functioned perfectly. Very impressive. I have yet to get to the web cam or fingerprint scanner however. I have noticed that my touch screen and Wacom tablet functions elicit no reaction. I will have to look into this.

Remember that video sample that was unwatchable in Vista? Let's see how Ubuntu handles that.

But first I needed to retrieve the video from a share on my other system. As with Windows, I was able to browse to Network Places, and then find my workgroup, server and shares. It was just as easy as being in windows - maybe easier in fact, because it also displayed the hidden shares on my server.

Back to the video test - here are the video's details:

  • resolution: 1280 x 720
  • codec: H264 (mkv file)
  • framerate: 24fps
  • audio: AC-3, 5.1 surround
I decided to try the preinstalled Movie Player. It claimed to need some new plugins and used the same mechanism as the system updates to get them. After 10 minutes or so (slow updates!) it was ready to play. Wow! Smooth video! Not like the Vista experience at all. But the system is working hard - I notice the occasional frame drop if I have other applications running in the background. But Ubuntu is clearly superior to Vista in this test.

-- But hold on a sec! Why is my audio so quiet in the video? Why can't I turn it up past a whisper? hmmm... this bears some investigation...

Sunday, December 14, 2008

Into the looking glass

As mentioned in my last article My Linux adventure begins..., I am embarking on a Linux adventure. Before I can step through the looking glass I must choose from one of the dozens (hundreds?) of Linux variants available. Choosing a flavour of the Linux operating system is tough when you know almost nothing about the OS. I figure I'd stick with the most popular in the hopes it will have the best features and driver support. Two good choices appear to be OpenSUSE and Ubuntu. I expect to ultimately use an enterprise version of SUSE since I am an enterprise type guy, but I don't feel that would be appropriate at this stage. OpenSUSE is the basis for Novell's Enterprise SUSE and looks very impressive as a personal OS, but I'll take a pass on it as well. I'm going to give Ubuntu a try. My main reasoning is that I have seen Ubuntu in the press a lot lately and it seems very popular. I'm hoping that it's popularity will translate into support for all the hardware I plan to throw at it. It would also be nice to be familiar with an additional Linux distro if I am to eventually end up in a SUSE flavour Linux.

So off I go to the Ubuntu site to get a FREE operating system... The current version available is 8.10 released October 27, 2008. This does indeed look promising - look at this feature!:

3G Support
For constant connectivity public WiFi has limitations. Improvements to the network manager in Ubuntu 8.10 makes it simple to detect and connect to 3G networks and manage connectivity. This connectivity is delivered through an inbuilt 3G modem, through 'dongle' support, through a mobile phone or through Bluetooth. It is a complex environment that Ubuntu 8.10 simplifies through a single interface and the auto-detection of many of the most popular devices.
There's my Wifi and Bluetooth mentioned in one spot! I'll have to borrow an iPhone to see how the 3G works out...

I chose to download the 64-bit Desktop version. It's a CD ISO image only 699 MB in size!

The download page offered all these resources:I'm feeling welcome so far - let's hope this positive energy stays with me :-)

I quickly found a document aimed at me: Switching from Windows. A good read. But it is scaring me slightly. I looked at the Dual Booting Windows and Linux section where is talks about how to partition my drive. I don't like that it threatens me with the statement:
After finalizing the installation, however, the hard disk will be re-partitioned and all existing data stored on it will be lost.
That is a rather blanket statement! I hope to keep my Vista partition and my HP recovery partition for the moment. I'm assuming that statement was overly generalized and that it will in fact only blow away partitions that must be modified in some way (when it makes the Windows partition smaller or something). I retreat.

I decide to use a new Windows Vista feature to shrink my Vista partition without losing data - making room for Linux (before Linux touches it). Vista makes this very easy. Under Computer Management | Disk Management I was able to right-click on my primary partition and select Shrink Volume.... From there I was able to reclaim 100GB for my Linux project. Hopefully now Linux will let me keep my "data".

Booting Ubuntu was quick and easy. Within 2 seconds I was presented with a colourful logo and great choices. I chose to install Ubuntu rather than just use it as a "Live" CD. I experienced a long period with a black screen as errors like this flowed past:
Buffer I/O error on device sr0, sector ...
end_request: I/O error, dev sr0 ...
As a normal Windows user, I might have been worried seeing all these "errors" because I am normally isolated from the underlying system. But I remember that Linux users like a verbose world and the systems always seem to spout messages. Linux doesn't just stay silent until it can tell me I have a critical problem, it knows "too much information" can be great when trying to diagnose issues.

Eventually the graphic interface appears and starts asking me questions. I am impressed by all the supported languages and keyboards. I like selecting my timezone by choosing a nearby city from an animated map - very cool. The partitioning interface was interesting. It was clear and quite usable but a bit cryptic for a Linux neophyte - so many choices! I felt somewhat better when finalizing my partition choices. The installer tells me:

WARNING: This will destroy all data on any partitions you have removed as well as on the partitions that are going to be formatted.
It then proceeds to identify exactly which partitions are going to be formatted. Much better messages than the one I saw earlier in the documentation. I'm not worried at all now. I think it might actually have been able to shrink my Vista partition for me without damaging anything. I'll save that test for another day though.

Eventually the install completed and had me reboot. Looks good! I have a multi-boot menu and can see Vista there. Stepping through the mirror into Ubuntu Linux land!...

Saturday, December 13, 2008

Topic: Linux

(Vista Vitals articles organized by topic)
These articles cover anything related to Linux:

My Linux adventure begins... - Here I explain what I am up to - exploring Linux. I describe the computer I am using and my goals.

Into the looking glass - I pick a Linux Distro and install it. I discuss my thoughts during the process.

That was easy! - My initial boot into Ubuntu. I share my thoughts while connecting to wifi and bluetooth. I test Ubuntu's performance by playing a 720p video that was unplayable under Vista.

Hello...TESTING, 1, 2, 3... - I describe the first problem I encountered with Linux (low sound volume) and how I solved the problem.

Flash me! - I had no Flash plugin for 64-bit Firefox! This article describes how I added an Alpha version of Flash 10 so that I could use sites like Youtube.

Printing before writing - I configure Ubuntu to print. It couldn't be easier to configure my colour duplex network printer!

Dueling with my Dual Monitors - Yikes! Dual monitor configuration in Ubuntu / Linux sucks! Want to read the sordid details? Thankfully I've documented my many fixes so others can benefit...

Wiimote goodness - I connected my Wiimote to my Linux OS and got readings from it! I also link to similar solutions for Mac and Windows. I also discuss some more dual-monitor issues that I experienced.

Thanks for the memory - I learned how Ubuntu allows me to explore memory cards and thumb drives. I loved the eject icon. I learned how to format partitions using GParted.

Ubuntu Reference Book - Thought you should know about a good Ubuntu book I found...

Using the terminal (command line) - Found another book called Linux 101 Hacks. It has some interesting tips, tricks and shortcuts for working with the terminal commandline.

Word! - I explored the issue of word processing. Tried out Open Office. Then tried to get MS Word 2007 working using Wine.

RDP to Windows from Ubuntu - I found a replacement for Microsoft's RDP so I can remotely access Windows desktops.

Closing down my 64-bit Ubuntu Linux experiment - Little irritations have lead me to end my experiment with Ubuntu. Read the details.

My Linux adventure begins...

Any of you who have followed my blog for the past year have probably witnessed the frustration I have felt with Vista. It's been a long road - I really tried to get over that "initial resistance" that all us techies are supposed to have to new technologies. I couldn't fall in like with this OS. I appreciate many of the technologies Vista has to offer and many of its thoughtful little features that are supposed to make my life easier. I just couldn't get over my astonishment at some of the basic ways the OS fell on its face. I couldn't get over how the engineers so often seemed to paint themselves into corners and came up with yet another band-aid solution. Where was the master architect??? I need something better.

Why don't I try Linux. I know people like it. I know it's been around a long time and that the technology is proven. I have to stop being so ignorant to this large portion of the personal computing world. In truth, although I am a reformed Novell man and senior Microsoft techie, I do have some limited experience with Linux. I installed my first Linux distro in 1992 when it was released on 90 diskettes (I think I have installed it twice since then). I have used Cygwin to create a Linux environment within Windows so I could run unique applications only available in the Linux world. Let's not forget those embedded devices! I find Linux in the most unlikely places - like on my Tivo or shoved onto someone's Xbox, etc. It's been around and I've edited the occasional config file or set the occasional permission, but it was always when following instructions and hardly because I knew what I was doing.

I want you to know where I am coming from so that perhaps you can relate to the adventure I am about to undertake. It might explain some of the assumptions I make or some of the troubles I create for myself.

I am going to install Linux. I am going to start using Linux. I am going to slowly try to use it for everything I want to do and wheen myself off of MS. I'm retooling this blog - it is now going to be a diary that follows my progress. Jump in with comments or suggestions anytime - I welcome the feedback! I won't pretend to be an expert - my articles will reveal all my warts (ignorance).

Although this is a home project, I won't be easy on myself or Linux. To start with, let's take a look at the computer I have chosen for my project. It is a small 12.1" HP tx2600 series laptop, but it is pimped out with features:

  • AMD dual-core QL-60
  • Dual Layer DVD burner w/ Lightscribe
  • ATI Radeon HD3200
  • Dual screens
  • Card reader for SD/MMC/MS/MS PRO/xD
  • Ethernet 10/100/1000
  • Wifi 802.11a/b/g/n
  • Bluetooth
  • IR receiver and remote
  • Fingerprint scanner
  • Touch screen (finger-based)
  • Wacom tablet features (pen-based)
  • Webcam
Have I missed anything? I even got a dock to test changing configurations. I want all this stuff to work in the end. If I can get all this stuff working - and working well, I think that will say a lot about Linux. Then it'll be time to explore the world of Linux applications.

At the moment the laptop is running 64-bit Windows Vista Home Premium. I've familiarized myself with all the features and how they should operate 'normally'. I'm quite impressed actually - I think I better multi-boot this puppy so I can go back and forth between operating systems.

I tried playing a full-screen 720p video sample under Vista using the VLC player from VideoLAN. It was unwatchable. The sound played but the video skipped constantly and dramatically. I'm curious to see if I get better performance using the same player under Linux...

Friday, December 12, 2008

Wrapup and retool

I'm back!

It's been 5 months since you've seen me cursing the mundane details of the OS called Vista. Although my focus hasn't been on Vista lately, I haven't gone far. I've been hard at work developing an automated installation process for Server 2008 using the Microsoft Deployment Toolkit.

I must say that I was quite impressed by Server 2008 - it's hard to believe it shares the same kernel with Vista. But I know the problems I found in Vista are present in Server 2008 as well - it's just that they aren't problems you are going to encounter in that OS because it is just used differently.

In the past 5 months I have still been using Vista and watching its evolution. There hasn't been much change that I can see. On the plus side, those articles I started writing over a year ago are still relevant. In fact, I suspect many of them will still be relevant for Windows 7 (I hope I'm wrong on this) since the underlying architecture should continue to present the same hurdles.

Looking back on my old articles I realized I didn't get around to delivering one piece of simple advice. Many of my later UAC articles (User Account Control (UAC) (16)) discussed the inability of Vista to elevate the Windows Explorer and all the problems that causes. But I never delivered the punchline...

It seems to me that Microsoft made a big engineering mistake by tying Windows Explorer processes to the main desktop process. Under UAC you want to elevate Explorer but the fact that it is already running in order to present the desktop makes that impossible. Well, you can fix this shortcoming! If you have had to drastically alter the way you work because of this limitation and wish you hadn't, here's how you go back. Use a different Windows Explorer. Don't use the product provided by Microsoft, but rather use a third party explorer - one that isn't tied to the desktop. There are many fine examples out there. Some have drastically expanded functionality that you may enjoy, but more importantly, they can all elevate! Xplorer2 is one fine example that you should play with. Their free trial will be enough to show you what I mean.

I'm now looking for my next computing adventure... Judging from some of the recent statistics, many frustrated Microsoft users are casting their gaze at Linux. I too am glancing in that direction. Those Linux users appear to be having a good time and aren't exhibiting the kind of frustration I have been of late. Join this Microsoft user on his Linux adventure!

Friday, July 18, 2008

Roll your own MS Windows OS!

Just when you think you've seen it all... there is a new twist on everyone's attempts at avoiding Microsoft's Windows Vista OS. Say hello to Windows Workstation 2008!

You've probably heard by now that Windows Server 2008 and Windows Vista share the same kernel (right down to the version number). But somehow Server 2008 doesn't seem to be as bloated and sluggish as Vista. So a Microsoft engineer had the bright idea of using Server 2008 as the OS for his workstation (must be nice to get free Windows licenses). Here's his blog entry: The Way I See It by Vijayshinva Karnure

This news caused a number of hackers to get involved and to start experimenting. They've created a dedicated blog for their effort called www.win2008workstation.com. An automated conversion tool has even been created to simplify the installation process. It can be found here. Apparently, in addition to much better stability, benchmarks are reporting a 17% speed increase - all while running your favorite applications.

A reporter with InfoWorld, Randall C. Kennedy even gave it a try and wrote a series of articles on his experience (it doesn't look like he'll be going back to Vista):

If you try this approach, please post your results here. I've got other fish to fry at the moment.

Thursday, July 17, 2008

XP: How to continue getting it after the June cutoff

There have been quite a few articles in the media about XP and people's desire to keep using it rather than moving on to Vista. Microsoft announced XP Support for 6 more years and companies such as Dell and HP announced they would make XP available after the June 30th deadline.

Well now PC World Australia has put it to the test. They actually went to nine US PC manufacturers to see what it would take to get a PC from them with Windows XP preinstalled: What does it take to get a PC with XP?

The article is loaded with great information. It will save you gobs of time when trying to get your favorite hardware bundled with XP. It will also help you cut through all the misinformation you are likely to get from various customer support reps.

Friday, June 27, 2008

Folder Redirection: IE7 Favorites Bugs

I have been amazed at how many different problems people are having just using something as simple as Favorites in IE7 under Vista. I am no different - I can't save my Favorites within IE. I have come across all sorts of possible solutions having to do with NTFS permissions and even Integrity Levels. The solutions work for some people - but not for everyone - and certainly not for me. But before I get started ranting about the IE7 bug I found, I thought I'd link to a number of the alternate solutions I found in case they are a solution for you:

  1. Here's a Microsoft blog that describes the trouble-free way to redirect the IE Favorites folder.

  2. Here's a blog that describes why NTFS permissions can stop IE Favorites from working properly.

  3. Here's a blog that describes how to fix the Integrity Levels that impact IE's ability to work with Favorites.

  4. Here's another blog that provides some additional ways of setting the integrity levels.

My Problem


Windows Internet Explorer 7 is unable to save - or even open Favorites. When trying to save Favorites I will get "access denied" errors or unspecified errors like this one:


Here is the "cannot find" error I get if I try to open a shortcut stored in a UNC path:


Who is Affected

Windows Vista users of Internet Explorer 7 (IE7) using all of the following features:
  • Protected Mode (if you aren't using protected mode you won't experience the problem).
  • User Account Control (UAC needs to be turned on in order for Protected Mode to work).
  • Folder Redirection of the Favorites folder to a local location (there is no problem redirecting to a network location).
  • Folder Redirection to UNC path (GPOs can only redirect to a UNC path on the network).
The Solution

As I mentioned, you only have the problem if you use all of the features shown above. If you can avoid using any one of those features, you can avoid the bug and go back to looking at permissions issues if the problem persists. For the rest of us that must use all of those features listed, there is no solution. You have stumbled into an IE7 bug. Microsoft is currently working on it - I'll post if I receive a fix.

What's Going On

Basically, IE7 Protected Mode gets upset when it encounters a UNC path for the Favorites folder that points to a location on the local machine. It seems to interpret the UNC path as some sort of web address and applies some zone rules or something to it. When it sees the local machine name in the URL, it seems to think a baddie is doing an end-run around its security or something and shuts it down.

IE7 doesn't kick into this mode if a local drive letter path is used and doesn't seem bothered if the UNC path refers to some other computer. But unfortunately I must redirect to a UNC path because that is the only kind of path that the Folder Redirection GPO will allow in my situation.

I felt I had somewhat of a unique situation that got me into this predicament, but the more that I look around, I suspect that the problem is quite a bit more common. Tell me if this sounds familiar.... I have a large organization that wishes to manage things like Folder Redirection via GPO. This is not a problem for my environments with dedicated servers. But my satellite offices with less than 10 people get their shares from a non-dedicated server/workstation. These users also move about the office. When they use a simple workstation with their redirected folder pointing to another computer, there is no problem. But when a worker finds himself on the non-dedicated server, the GPO redirects the favorites folder to a local location on that machine and IE7 has a fit.

Cute eh? Obviously these people want to continue roaming and I don't want to strand their data on individual machines. I won't bother discussing any of the work-arounds I have found because they are all messy and awkward and prone to failure. I'm stuck until Microsoft solves this problem.

For those of you who would like to recommend Firefox to me, let me stop you right here... Firefox stores its Bookmarks in the Roaming AppData folder. But I've had to strand that folder locally and not use folder redirection because of another Vista problem.

Yay Vista!

Wednesday, June 25, 2008

XP Support for 6 more years

It looks like companies that are planning to continue using Windows XP beyond the June 30th deadline may be onto something. InformationWeek posted details of the ongoing support and availability of Windows XP in their article: Microsoft Pledges Windows XP Support Through 2014.

Having another 6 years of support for this product is nothing to sneeze at. It now makes the strategy of entirely skipping Vista a viable option. It is already clear that Microsoft is racing to develop Windows 7 as quickly as possible (likely hoping to sell something ASAP to those who want to skip Vista). So there will be plenty of time for Windows 7 to get released January 2010 and a Service Pack or two to follow before an organization is forced to step off its stable XP platform.

I've read plenty of articles talking about how software companies are still developing for XP (some not developing for Vista at all). Large computer manufacturers like Dell have announced that they will continue to make XP available - this of course means that drivers will also continue to be developed for the various PC components from companies like ATI, etc.

So it looks like all the pieces are in place to allow the whole world to tick along and happily pretend that Vista never existed. Frankly, after working with Vista for the past 1.5 years, I think it is a prudent strategy. But don't worry - I've already boarded the Vista boat - I'm still bailing and will continue to post when I find something of value to talk about.

Friday, June 20, 2008

Want your Windows Vista bug fixed?

I found a great plea from Soma, a Microsoft developer, on his blog Shipping Seven. It's a bit old but very relevant - I felt you should all see it so I am reprinting it here:

Do you hit the same annoying Windows Vista crashing bug day after day?

Please, please, please click the 'Send information' button when you see this crash dialog.



Why?

If in the very unlikely event that you are the first person to encounter and report this bug, a new entry in our bug database is entered automatically.

If anybody else encounters the same bug, and reports it, our automated crash reporting system finds the correct bug in our database, and then updates a counter. (Basically, there is a field in the bug that indicates that X people on the internet have encountered this bug.)

If you don't report the crash, that counter is not updated.

Why is that important?

Our ship room (a bunch of guys who decide which bugs should get fixed and added to SP1, and which bugs are too minor to be fixed) rely a lot on this counter. If the counter reaches more than [redacted], we fix it.

So, every time you encounter any crash - hit that 'Send information' button. Please.

Thursday, June 19, 2008

Windows Explorer: Magic file deletions

In my article, UAC: Elevate Windows Explorer, I grumbled about how Windows Explorer is rather uncommunicative and can be quite confusing. I mentioned how outcomes can be quite unpredictable and that you'd need to spend time getting to know Windows Explorer. To help you in that endeavor, I'd like to describe the confusing behaviors of a simple file deletion...

Consider the case where you wish to replace an executable file on a network share (I happen to be scripting some installs at the moment). It is entirely possible that someone else has accessed that share and is currently executing (holding open) the file we wish to replace. (In my case, my executable hung on my test PC and I needed to fix my bug - my test PC held the file open.)

If I tried to delete an open file in the XP days, I would have received an error message like this:


Now that's a great error message! It tells me what file is at issue and figures out that it might be a problem with the file being in use. If I try the same action in Vista I won't get any message at all. The file will simply be deleted -- but not so fast - the file just LOOKS like it is deleted.

If I now attempt to replace it with a file of the same name, I get the following error from Vista:



The message doesn't discuss my file at all. It leads me to think I have permission problems with my 'E' folder. Incredibly misleading when you find out what is really going on. If I refresh Windows Explorer's view of the folder (hit F5 or reopen Windows Explorer, etc.) I find that my old file is back! It wasn't deleted at all. And since the file is probably still in use, I am unable to replace it with my new file. How's that for strange behaviour?

But wait! - There's more! Let's pretend that we don't know what is going on and have no idea what computer is holding my file open. Let's pretend we wander off and play a great round of golf - what a great day! In the mean time, back at the office, the PC holding my file open, for whatever reason, stops holding it open - suddenly the file gets deleted! Somewhere there is a pending delete file request that actually gets actioned!

Kind of a neat feature I guess, but incredibly confusing - perhaps dangerous. Certainly no fun when you are trying to figure out what the heck is going on with Windows Explorer.

(BTW, my team managed to create a silent install of Visual Studio 6 for SMS if anyone is interested. A very, very complicated procedure to say the least. I haven't been covering any scripting yet, but I can write an article on it if there is interest.)


Tuesday, June 17, 2008

Quick Command Prompt

Previous articles have made a compelling case for the use of the Command Prompt in Windows Vista. It is an essential tool for an administrator. I think we would all prefer to work in a GUI, but Windows Explorer just doesn't get the job done. Well Tim Sneath, a Microsoft Client Platform Technical Evangelist, tells of a way to help us have the best of both worlds with his article: Windows Vista Secret #1: Open Command Prompt Here. He tells of an extra hidden item on a folder's context menu that opens a command prompt in that location (use the shift key). It has an interesting feature, but also an unfortunate limitation.

Naturally, any shortcut that speeds our navigation through the system is welcome. Being able to quickly open a command prompt at the current location is no exception. In fact this shortcut goes a step further - if you are accessing a folder in a network location (no drive mapping), the CMD prompt will temporarily map a drive letter to the location and then disconnect it when you are done. A very nice feature! I have often been disappointed that Vista dropped its old love of drive mappings for sexy UNC paths but didn't bother teaching the CMD prompt how to use them.

Unfortunately this handy shortcut doesn't support the Run As Administrator feature. As you probably know, we usually find ourselves running to the CMD prompt because of the administrative work we must perform. There's really not much point getting into a CMD prompt quickly if it doesn't elevate us to the level we need.

Note that this shortcut is not available from the left pane of Windows Explorer. It is only available from the shift-context menu of the right pane.

So, like so many of the patches that have been added to Windows Vista, this is another thing that doesn't go far enough. I know that Microsoft has been demoing some fancy Windows Explorer features for the upcoming Windows 7 - I just hope they have learned how we want to use it by the time they release that product.

Monday, June 16, 2008

Need to install XP on Vista hardware?

Judging from the petition to save Windows XP and the lack of Vista uptake in my region, a good many organizations are taking advantage of the downgrade licensing option. This option allows companies to buy Vista licenses but actually use XP instead. HP and Dell are offering to support these customers by continuing to pre-install Windows XP when customers request it. But there are plenty of systems being manufactured out there with the expectation that they will only see Vista.

Many companies haven't developed Windows XP drivers to support their hardware. In fact, you may not even be able to run the XP install on such hardware because basic things like SATA drivers are missing. If you are considering the downgrade option, you should obviously avoid companies that don't provide XP support. However, if you are stuck in the unenviable position of already owning hardware like this, I may have found a solution for you. Edmonton Geek published a great article: The easiest way to downgrade a Windows Vista machine to Windows XP. In this article they describe how to create a custom XP install disk with integrated SATA support from other sources. This hack probably isn't for everyone, but if you're in a bind, this may just be the solution you've been looking for!

Saturday, June 14, 2008

Folder Redirection: Problems with the Well-known Folder Cache

Microsoft recently published KB951049 which describes a folder redirection problem for Windows Vista and Server 2008.

If you use folder redirection to redirect your User File Folders and they either disappear or give a "currently unavailable" error after a reboot, this KB may be for you. Apparently, if you log in too soon after a reboot, Windows Explorer may attempt to display the Desktop before the Workstation service has started. This creates Well-Known folders caching problems.

I don't think I've experienced this problem myself, but I'd be curious to know if this is a common problem for any of you.

Microsoft not branding web sites

I'm starting to notice an odd trend. Teams within Microsoft are creating their own web sites - but without branding them or clearly advertising them as Microsoft property.

I first noticed this when Microsoft advertised their Windows Vista AppReadiness site during a Springboard Live! Virtual Roundtable. The AppReadiness site is devoid of any Microsoft logos, common-look-and-feel or any Microsoft copyright information. The only clue is the Vista subject material and the fact that Microsoft sends you there. Very odd.

Here is another interesting example... It appears that Microsoft Windows Sysinternals Team has decided to try a new distribution method for their Sysinternals tools. This new web site has all of the individual Sysinternal executables available for download and immediate execution (no installation required). Although extremely useful (check it out), it looks just like an FTP listing with absolutely no branding, logos, etc. One would think it was a pirate site if not for the readme that claims otherwise. I'm surprised that they wouldn't have a quick instant Microsoft template for whipping up a common-look-and-feel and that they wouldn't use it.

I am thankful that these sites exist, I just find it a little odd.

Thursday, June 5, 2008

UAC: Elevate Windows Explorer

Back in March I wrote the article UAC: How to elevate anything, where I discussed the various methods for elevating non-executables (such as .VBS scripts). At the time, I highly recommended using an elevated DOS CMD prompt and barely mentioned using Windows Explorer. Windows Explorer would seem like the logical choice, but is rarely used for elevated work. Let's cover it now. It's time to learn how to elevate Windows Explorer and discover some of its shortcomings.

The first trick is finding the darn thing (I have traditionally used the Windows+E key to launch it). To ask it to Run As Administrator, you need an actual shortcut to click on. For some reason, even though I run the thing all the time, it doesn't show up at the top of my Start menu with the rest of the recently run programs. You'll find it under Accessories:


Unfortunately, just selecting the Run as Administrator option won't get Windows Explorer to elevate. Sure, it looks like it does by providing elevation prompts - but if you try to do anything requiring elevation, it will fail - or maybe it will provide the elevation prompts again before finally doing something. The problem is caused by the fact that Windows Explorer is always running in the background in order to display your desktop. UAC can only elevate an application to a higher token when it is launching a new process - it can't elevate an existing process. Windows Explorer is already an existing process. To get around this problem, you need to set a Folder Option in Windows Explorer:


That last option "Launch folder windows in a separate process" is the one you need. With this option checked, the Windows Explorer windows you ask for will launch in a new process separate from the Desktop that is already running. This gives UAC a chance to elevate when you ask to Run as Administrator. Nice eh? It should really be the default setting. It changes Windows Explorer from being useless to being somewhat useful. But there are limitations...

You cannot have any Windows Explorer windows open when you want to elevate to the high level token. Any instance of Windows Explorer (including things like Control Panel) will already be using the separate process (all Windows Explorer windows share the same process). Again, if you accidentally leave a window open, no elevation will occur. Also, since all Windows Explorer windows will use the same process, all subsequent windows will be elevated as well - the process only dies and returns to a standard user token once all windows have been closed.

For those who wish to work the way Microsoft recommends with one standard user account and a separate administrative account, this trick still won't help. In this case you can provide credentials for another account, but it won't actually work. You either get a new window that is still using the standard token of the first user account or you get no window at all. The different behaviors will depend on how the "Launch folder windows in a separate process" option is set for the administrative account - it actually affects the behaviour in the standard user account! (You get no window if the option is set.) So even with this trick there are many occasions when you still must use a DOS CMD window.

The most annoying part is the lack of error messages when Windows Explorer fails to elevate. If you don't use the separate process trick or you mistakenly try to elevate while another window is open, Windows Explorer will never tell you. It will just sit there quietly letting you believe that you had achieved the elevation you desired. Maddening. You will just have to try things and test the results until you learn how it behaves - don't trust that it is doing what you asked it.

Also, be warned that the Vista SP1 upgrade drastically changed the rules for Windows Explorer. If you think you knew how Explorer behaved before SP1, look again - most things behave differently (in most cases better).

There are many more Windows Explorer behaviors/bugs/features that you should know about. I will cover those in future articles.

Friday, May 30, 2008

Who needs COFEE!?

Talk about timing! This is the perfect follow-up to my previous article about Microsoft's Computer Online Forensic Evidence Extractor (COFEE).

Remember I said:

Actually, my outrage is dramatized for purposes of this article. Most of us know this game of security we play only stops the casual passer-by. If someone has physical access, it's only a matter of time before they get in. If not through back doors created by Microsoft then through bugs or unknown technical trickery.
Despite Microsoft's claim that Vista is their most secure OS ever (Vista is 'more secure' says Gates), I just found a demo of the easiest hack ever! It uses the exact same trick I used on XP years ago - but much more dramatically.

On XP I used a Linux boot CD to mount my disk volume. This allowed me to bypass Windows security and do such things as hack the passwords file to gain access to the administrator account. This got me what I wanted but was hardly stealthy - it would be quite clear to anyone wanting to log into the laptop afterward that someone had really messed things up since the old passwords would no longer work.

If I was into true esponiage, I would want something much more subtle. Something that would give me access over the long term without being discovered. The Vista hack demonstrated above basically gives a spy that ability! By temporarily modifying the Ease of Access button (Utilman.exe) to gain access to Vista as the elevated system account, I would be able to do anything I wanted on the system. I could setup scheduled tasks or services (keyloggers, etc.) or examine user data. But there would be no evidence that I had been there! The existing accounts would not be damaged by me and system logs would show no evidence of me even accessing the computer. This is key to me getting something into the system and allowing it to remain for an extended period of time (very bad).

I've really been enjoying showing the video to people this week. Those in the know give a good belly laugh and those who believe the hype get this empty, sick look on their face -- try it! BTW, there is more discussion about the video on Microsoft's own Channel9 blog. There are some additional perspectives there, but they kind of miss the point.

Want to protect yourself from this threat? There is no fool-proof way - but you can at least make it more difficult:
  • Using Bitlocker to encrypt the harddrive is the most obvious approach because the Linux boot CD will be unable to even find the System32 folder. But Bitlocker isn't practical for everyone since it requires all sorts of key management.
  • The easiest approach is to prevent someone from booting with Linux by turning off the system BIOS options that allow booting from USB thumb drives or CD/DVD devices. But this also means you must password protect the BIOS. It would also be a good idea to lock the case so that the BIOS override jumper can't be used to reset the BIOS. A lock would also prevent the harddrive from being temporarily removed from the system and placed in some other computer that does allow booting (maybe the spy has an external USB chasis on his laptop). But now you are managing real keys and your IT staff have a bit more work to do before they can boot from a recovery CD or something.
  • I found another novel approach was to disable the Ease of Access Button as described on the How-To Geek site. But don't be fooled. It turns out that someone just replaced Utilman.exe with an executable of their own :-) But it is a nice demo of how the hack can be done using a Windows install program without a Linux boot CD being needed at all.
I wish you all the best in securing your Vista environment. If you think you have a secure approach, share it with others here.

Tuesday, May 20, 2008

COFEE

If you haven't heard about Microsoft's Computer Online Forensic Evidence Extractor (COFEE), it's high time you did. Here's a little intro from the Seattle Times.


I'm all for eliminating any excuse for law enforcement to take away my computer hardware, but this goes too far! This is basically a USB key that lets anyone into my computer and past any encryption that may be protecting me. I know the article says it's for law enforcement only - but how long before an officer leaves one in a donut shop and it finds its way onto the Pirate Bay? -- hold on, I better see if it's already there -- phew, not yet.

Actually, my outrage is dramatized for purposes of this article. Most of us know this game of security we play only stops the casual passer-by. If someone has physical access, it's only a matter of time before they get in. If not through back doors created by Microsoft then through bugs or unknown technical trickery.

I myself hacked a system once in my past. I was helping a director from another department with his laptop. XP was locked down by his IT folks but he really needed to get a program installed while at this conference. I had no prior hacking experience or skills to help me. I did a quick Google search and in 10 minutes burned a bootable Linux CD. It knew how to mount the NTFS volume, find the passwords file and examine its contents. Within 15 minutes I had this director in his laptop as administrator working with his critical application. Scary.

Actually, physical access isn't even needed either. I'm not talking about a generic virus or trojan. It is possible for someone to target your PC and run a program on it that can extract whatever they need remotely - without ever touching it. This past March this very thing was done to a Mac and a Vista machine at the CanSecWest conference as part of a contest.

But if you still care about the COFEE application and the dangers of making user-friendly hacking tools available...

COFEE, a preconfigured, automated tool fits on a USB thumb drive. Prior to COFEE the equivalent work would require a computer forensics expert to enter 150 complex commands manually through a process that could take three to four hours. With COFEE, you simply plug into a running computer to extract the data with the click of one button --completing the work in about 20 minutes.
  • I like this article at C|Net news where Microsoft claims the tool is just in beta but that it has 2,000 users already. This obviously won't stay secure for long.

Monday, May 19, 2008

That darn desktop cleanup wizard

This screen cap made me chuckle :o)

Windows Doesn't Know When to Shutup

I just had to share.

Has anyone ever found that wizard to be helpful in any way? I wonder how you turn that bugger off. I never thought it was a big deal but I guess it would be to some :-)

Saturday, May 17, 2008

Better Desktop.ini support please!

I swear that 60% of the traffic coming to my blog comes in on a Google search for Desktop.ini information. I've written numerous articles on the subject and have often wished that Vista and Windows Explorer did a better job of supporting the new Desktop.ini behaviors (read Vista's support for multiple languages & Folder Redirection: Not to the user's home directory).

Well, I just saw this Windows 7 Explorer demo on Youtube. I'm shocked to see a demo of that OS so soon (if it's genuine). But it got me thinking that I need to be more vocal and clear about my desire to have Vista and Windows Explorer fixed.

Windows Explorer needs an option where we can turn off its interpretation of the Desktop.ini and just show folders as they really are. Currently, many of us are resorting to a CMD prompt to do this. Let's face it, it just makes sense. The whole reason the Desktop.ini exists is to handhold (read "fool") users by showing them a folder name the OS thinks they want to see rather than the real underlying one. Anything that prevents you from seeing the truth is going to be problematic. Microsoft knew this when they allowed us to see hidden files or see hidden extensions - so why not now that they are hiding whole folder names?

I've also come to realize that more than just Windows Explorer needs to be fixed. In my article Vista's support for multiple languages I mentioned how the Start Menu didn't do a very good job - now I've found more problems. Microsoft seems to have thought the Desktop.ini would be a clever way of dealing with their multilingual problems. They thought they could now give users the Windows experience in their mother tongue while letting the OS play behind the scenes in English. The Desktop.ini would just hide everything - but it doesn't.

Take the example of a French OS. Users expect to find their programs under a folder called C:\Programmes. In the Windows XP days the users saw that folder and the programs were actually stored in a folder by that name. With Vista, the user still sees the expected folder but the system is actually storing them in C:\Program Files instead. Vista figures that since it is able to show the users one thing and the programs another, it's job is done and it can go back to sleep. But they forgot one little problem. Vista never tells the programs what folder name the user is expecting to see.

I was running a version of Visual Studio's MSDN Library on a French Vista OS. It encountered an error:

I liked my French message , but did'nt expect the English folder path. I can't use that path. When I browsed using the Dossiers (folders) pane on the left I couldn't find the path specified (the Desktop.ini hides it from me). The only way I could get to the folder was to manually type it in the address bar at the top of the Windows Explorer.

I realized that the application had no way of giving me the path I need because Vista never tells it what I am expecting to see. Programs are used to asking the OS where directors are located by using variables like %ProgramFiles% - and Vista is happy to tell them. But I think we now need variables like %DesktopProgramFiles% or something which tells the program what path to show users in messages. The two paths could be very different. Perhaps an API where you feed it a real path and it goes looking for Desktop.ini files and returns a path with all the relevant substitutions.

You might think this wouldn't be such a big requirement if I could tell Windows Explorer to ignore the Desktop.ini and allow me to navigate to the real folders. Although I tend to agree, it probably is still a requirement. I'm sure Germans or Egyptians don't want to find the programs under a C:\Program Files folder.

Do you know someone at Microsoft? Care to pass on the message?

Friday, May 16, 2008

More DRM woes for Vista users

My article, I don't like DRM, linked to a user who was having difficulty with DRM. He was being blocked from playing movies he paid for because his computer system was too high-res. Well, Vista users are suffering again.

This week Windows Vista Media Center users were being blocked from time-shifting some NBC shows. It's unclear if the broadcaster set the flags in error or whether Vista Media Center responded to them improperly. What is clear is that only Vista users were affected. TiVo and DirecTV who also respond to copy protection flags did not prevent their users from recording.

Have any of you seen this message?


[EDIT 19/5/2008] There is a good update regarding this issue here: Microsoft confirms Windows adheres to broadcast flag. Apparently Microsoft is implementing an FCC rule that was struck down in 2005. [/EDIT]

Wednesday, May 14, 2008

Microsoft's Springboard series

It appears that Mark Russinovich is presenting a Springboard area on Microsoft's web site to ease Windows Vista implementation pain by providing some much-needed guidance.

He kicked things off last month with a Springboard Live! Virtual Roundtable. He assembled a panel of experts (including Mark Minasi) and three Vista early adopter clients. They spent an hour discussing topics related to adopting Windows Vista. You know me, I'm a sucker for learning what Microsoft is thinking when it comes to Vista so I dove right in.

I found the roundtable to be a good use of my time - you likely will too - very informative. They pointed to some interesting resources that might help those of you considering a Vista deployment:

  • Microsoft Assessment and Planning Accelerator (MAP) - is supposed to be an enterprise inventory, assessment and reporting tool that can assess your readiness to move to numerous Microsoft products such as Vista.
  • Windows Vista Hardware Compatibility List - is basically a comprehensive listing of PC systems and peripherals known to be compatible with Vista (very comprehensive). Despite this simple list being incompatible with Firefox, I'm sure this information will be more reliable than the failed "Vista Capable" program.
  • Windows Vista AppReadiness - another comprehensive list - but this time of legacy software applications and their Vista compatibility.
I'm not so sure about that last one though... If I hadn't heard a Microsoft talking head send me to the site, I would have been suspicious of the strange URL, complete lack of Microsoft branding and poor resolution of the logo certificates. I'm also not sure I trust what it is telling me. I took a look at Visual Basic 6 which I am having trouble packaging for BDD at the moment. The site claims it "Works with Windows Vista". It doesn't qualify that or provide any additional guidance. However, when I attempt to run the silent install, I am only greeted with the following Vista AppCompat message and am unable to proceed:


The roundtable goes on to remind us about new features of Vista SP1 such as:
  • Bitlocker can now support multiple partitions (not just the first one).
  • Improved file copying (see Vista copies files like a duck).
  • Microsoft Deployment Toolkit replacing BDD.
  • Volume Licensing has Vista and SP1 integrated in one package (recommended for new installs).
However the three clients who were Vista early adopters were a major disappointment. Despite them being friends of Microsoft that presumably got lots of support, I was expecting them to give me hope that great Vista implementations were possible - that my own failures were somehow my own fault. They tried their best. They nodded their heads at the right places and smiled while describing how great their deployments went. But if you actually listen to the things they said during their discussions, you quickly realize the reality was very different:
  • one client admitted to turning off UAC! Not something we want to do - and certainly not what I would consider a feature of a successful Vista install.
  • while talking about hardware demands of Vista, another client admitted to only deploying to new PCs. That means he is maintaining a heavily mixed environment and can hardly be considered a successful implementation of Vista (too limited for my taste).
  • although that same client claimed to have installed Vista to laptops, you quickly realize that his "traveling nurses" probably have received a stand-alone treatment without the need for features like Offline Files.
  • another client who claimed to have rolled out to the majority of his organization, admitted to have avoided laptops. They were planning to wait for SP1 before tackling those - he had Offline Files problems no doubt.
  • that same client also admitted to having to install XP virtual machines to support some older legacy apps! That's two windows licenses and double the support per PC! Hardly what I would consider a successful Vista deployment.
But these guys were smiling and nodding their heads! Are these the BEST examples Microsoft could find? Am I the only one that doesn't know what a successful deployment means anymore? I'm so depressed.

Vista copies files like a duck

Odd title - but let me explain... I think everyone in the industry has complained about Vista's seeming inability to copy files quickly. Like a duck, it just seems to float along in no particular rush to get to the 100% mark. Maybe it looks like it is progressing quickly at one point - only to suddenly get distracted by something shiny and slow things down again. We can't believe the glacial pace of these copies and keep telling ourselves that Vista MUST be doing something remarkable in the background to justify these results.

Well, it turns out that just like a duck, Vista has indeed been paddling mightily below the surface the whole time. Mark Russinovich does a great job of describing what has been happening in his blog article: Inside Vista SP1 File Copy Improvements. This is a must read article. It really helped me to understand what has been going on and to realize that despite appearances to the contrary, technology is moving forward.

This article is going to kick off a new topic in my blog called "Windows Explorer". This is probably the last time I will have anything positive to say about that product. I have observed many other Windows Explorer behaviors that I will be discussing.

Tuesday, May 13, 2008

Topic: Windows Explorer

(Vista Vitals articles organized by topic)
These articles cover anything related to Windows Explorer. This includes File Copying, launching programs, UAC, navigation, etc. :

UAC: Microsoft Programs act weird - a little warning about Windows Explorer, Internet Explorer & Outlook.

Vista copies files like a duck - Mark Russinovich provides excellent details regarding the file copy process and how it has changed for Vista and again for Vista SP1. A must read.

UAC: Elevate Windows Explorer - Ever tried to launch Windows Explorer with Run as Administrator and fail? Find out why.

Quick Command Prompt - talks about a shortcut for opening CMD windows directly in any folder using Windows Explorer shift-context-menu.

Windows Explorer: Magic file deletions - a warning about Windows Explorer's surprising handling of attempted deletions of open files. Scary behavior you should be aware of.

Wrapup and retool - This is my wrapup to my Vista articles. I finally get around to delivering my punch line about Windows Explorer.

Monday, May 12, 2008

Windows XP SP3 deployment not going so well

Microsoft seems to be meeting the same success rolling out Windows XP SP3 as they did rolling out Vista SP1 (remember SP1 Hiccup: don't install KB937287! ?). These products must be getting too complex to anticipate all behaviors under all scenarios.

There are reports all over the web of people experiencing reboot issues once XP SP3 is installed. The best article I've seen is from the Register. It makes reference to Jesper Johansson's blog where you can find some solutions to the various problems.

Arm yourself with the solutions before your attempt a rollout of SP3 in your organization.

Friday, May 9, 2008

UAC: Microsoft Programs act weird

(This article uses a lot of technical UAC terms. If you have trouble understanding it, check out my UAC glossary: Let's Talk UAC for the Enterprise)

I thought I'd warn you about some Microsoft programs that behave rather weirdly under Vista. When I say "weird", I mean they don't act at all like generic Vista documentation says they should. This was a big problem for me in the beginning when I was trying to learn about Vista and UAC.

The programs I am talking about are Windows Explorer, Internet Explorer and Outlook. Whenever I look at my task bar, these are programs that are always running - no matter what else I might be doing. So naturally when I wanted to learn about UAC and elevation, I started playing with the ones staring me in the face. Big mistake. Confused the hell out of me.

When learning UAC, avoid Windows Explorer, Internet Explorer and Outlook. Microsoft has built extra barriers and behaviours that cause these programs to act differently. If you want to learn how programs generally behave, pick something safe like Notepad to test with.

Internet Explorer and Outlook are problematic because Microsoft has given them special attention. Historically Windows has been exploited by trojans and viruses coming from the web via web pages or e-mail. These two applications had a bad habit of letting these badies into the system to have a good time. Microsoft has introduced barriers to minimize the opportunity for these badies to get into Vista. Some good examples are Protected Mode and Low Integrity levels. I haven't done much work with these technologies, but here's an article that gives you an idea how confusing it can get when trying to understand what's going on:

http://xato.net/bl/2007/03/12/why-doesnt-ie7-protected-mode-mark-downloaded-files-as-low-integrity/

Windows Explorer's behavior is difficult to understand for different reasons. You have likely wanted to elevate Windows Explorer to an administrative token in order to perform
some work on files in a sensitive area like System32 - but failed. Explorer just wouldn't elevate for you. In this case the problem is more technical in nature resulting from Vista's design.

Vista's UAC can only elevate applications to use different tokens when the application is being launched - when a new process is being initiated. You may think this problem doesn't apply to you because you were right-clicking on Windows Explorer and choosing "Run as Administrator" when launching the program - but you'd be wrong. It turns out you weren't launching a new instance of Windows Explorer at all.

Windows Explorer does more than just show you a file management window when you demand it - it is also used to present the user interface (desktop, etc.). You are actually using Windows Explorer just by logging in and looking at the screen or navigating the Start Menu. This means the Windows Explorer is always running. When you think you are launching Windows Explorer fresh with the "Run as Administrator" option, you are actually just asking for a new file management window in an application that is already in progress. As a result, Vista is unable to elevate Windows Explorer to an Administrative Token.

I will be talking more about the problems Windows Explorer has and tricks for overcoming them in future articles. I just wanted to warn you to watch out for these three apps - they won't behave in ways you are expecting for generic applications.

Wednesday, May 7, 2008

Topic: Folders & Folder Redirection

(Vista Vitals articles organized by topic)
These articles cover anything related to folders. This includes Folder Redirection, Offline Files, Client Side Cache (CSC), Desktop.ini, etc. :

Introducing the User Files Folders! - introductions are needed - they have changed a lot since the XP days. You really need to get you head wrapped around this.

User Files Folders and the Desktop.INI - describes changes in folder behavior because of new Desktop.ini features - it even affects XP!

User Files Folders are Bilingual - describes how the new Desktop.ini makes it possible to support multiple languages with only one folder. (There are some problems you should know about though.)

Folder Redirection: Specifying a target share - a very important article on configuring Folder Redirection. You must use a GPO and can no longer redirect to a drive letter!

Folder Redirection of database files causes corruption - this is an outdated article so long as you are using SP1.

Folder Redirection: Duplicate User Files Folders - Vista has a nasty habit of creating duplicate folders for users. This article talks a bit about that.

Folder Redirection: Not to the user's home directory - Vista leaves a number of traps lying around. This one is a doozy! Make sure you never redirect user folders to the root of their network drive like you did in the XP days.

Folder Redirection: Amateur Magician - Vista really isn't good at working with redirect folders. You need to understand its limitations.

Folder Redirection: A case study - details a critical problem Vista has redirecting folders like the AppData folder for legacy applications. Unfortunately the work-around I describe breaks with Vista SP1 - so no solution is currently available.

User Files Folders: What's with all these extra folders - this article details more Vista problems caused by the new User Files Folder design.

Duplicate Folder Problems? Talk to me! - This is a roll-up of my articles that have anything to do with folder duplication because so many readers have been experiencing these problems.

Folder Redirection: Back to talk about Settings - this article is a lead-in to two other articles I wrote talking about the Move Data feature of the Folder Redirection GPOs - another Vista design flaw.

Folder Redirection: Duplicate User Files Folders II - this article describes how the Move Data option causes folder duplication and how to avoid it.

Folder Redirection: Misbehaves after target move - this is one of my most important articles! I provide a script for preventing a major Vista design flaw from wreaking havoc on your network.

Offline Files: Doesn't sync files modified while offline - this is an outdated article so long as Vista SP1 is being used.

Vista's support for multiple languages - this article demonstrates Vista's new approach to multilingual support and the problems it causes.

Better Desktop.ini support please! - another example of how the Desktop.ini doesn't go far enough to provide a user experience in their mother tongue. A request for Microsoft to make some improvements.

Folder Redirection: Problems with the Well-known Folders Cache - a KB article describing a problem with missing User Files Folders after a reboot.

Folder Redirection: IE7 Favorites Bugs - a description of a bug IE7 has. Protected Mode prevents access to Folder Redirection UNC paths that reference the local machine (think non-dedicated servers).

Topic: User Account Control (UAC)

(Vista Vitals articles organized by topic)
These articles are primarily focused on Windows Vista's new User Account Control (UAC) feature. But many other topics are covered because UAC affects so many different areas of the Windows system:

UAC: An introduction to User Account Control - Everything the web has to teach about UAC. I introduce 10 detailed information sources about UAC. A great starting point for users, administrators and developers!

UAC: Is Windows Vista secure? - my opinions and those of experts regarding Vista security. You need to know the limitations of what Vista and UAC have to offer.

UAC: Vista UAC vulnerabilities - many more discussions on the web about Vista security for those who care.

UAC: Local Admin vs. Domain Admin - one of my more important UAC articles. If you can follow it, your life as an enterprise administrator will be greatly simplified.

Disabling UAC - despite linking to instructions on disabling UAC, I actually discourage you from doing it!

Let's Talk UAC for the Enterprise - this is a must read article. This is a glossary covering many UAC terms - it summarizes them and puts them into some context. Most of the remaining articles in this topic are written with the expectation that you understand these terms.

Logon Scripts: A Token Effort - read this if you want to make your login scripts work in Vista. I discuss in detail how to overcome the barriers that UAC tokens create.

Become a Token Geek - links to articles that will teach you more than you ever wanted to know about tokens.

UAC: Avoid elevation like the plague! - a rather important article. I wish more developers knew about this.

UAC: How many tokens did I get? - describes how to figure out how many tokens a user has.

UAC: How to elevate anything - you probably have realized that you need to be able to elevate things other than .exe and .bat files (scripts, registry files, etc.). I don't think Microsoft realized that when developing UAC though. Here are some way to get around the limitation.

Welcome back Command Prompt! - the command prompt is one of the ways to get around UAC limitations. CMD has more valuable uses now under Vista than ever before! Learn about it here.

UAC: "Run As" like XP from the GUI - a review of SysInternal's ShellRunAs command. A valuable tool for your arsenal, but you need to know when to avoid using it.

UAC: This explains a few things - did you know Microsoft introduced UAC to annoy users? Read the article here.

UAC: Microsoft Programs act weird - a little warning about Windows Explorer, Internet Explorer & Outlook.

UAC: Elevate Windows Explorer - Ever tried to launch Windows Explorer with Run as Administrator and fail? Find out why.

Wrapup and retool - This is my wrapup to my Vista articles. I finally get around to delivering my punch line about Windows Explorer.

Topic: Windows Vista Service Pack 1 (SP1)

(Vista Vitals articles organized by topic)
These articles all discuss Windows Vista Service Pack 1 (SP1). There is some good technical information here that will let you know what to expect from SP1:

Service Pack 1 (SP1) for Vista is coming - well, it's now here (kinda out of date). But I discussed some spectacular ways that it broke previous functionality.

SP1 and a new kernel! - discusses SP1 changing the OS version to 6001 - the same as Windows Server 2008!

SP1 Hiccup: don't install KB937287! - don't bother with this one - out of date.

Vista SP1 Technical Information - get all your Microsoft SP1 guides here.

Vista Service Pack 1 is here! - a link to Microsoft's download site - get SP1 from here.

Vista SP1 unavailable from Windows Update? - can't get SP1 through Windows Update? Here's your answer.

Reclaim disk space from Vista's SP1 - introduces Microsoft's VSP1CLN tool which can shrink the size of OS images (deletes files that are no longer useful).

New deployment tools for Vista SP1 - these are must have tools for administrators of a Vista environment. Includes replacements for ADUC, GPMC, etc.

Vista SP1 makes some undocumented changes - good information about how the Terminal Services Client has changed.

Topic: Miscellaneous

(Vista Vitals articles organized by topic)
These articles cover a range of unique topics:

Vista's GPMC: Don't trust it - this is an outdated article covering the GPMC that was bundled with Vista. This tool was removed if you upgraded Vista to SP1.

Let's talk Roaming User Profiles - introduction to Roaming User Profiles as they pertain to Vista. Mentions some cohab issues with XP and identifies some reliability issues.

Vista deleting user profiles and data! - this outdated article describes how a buggy GPO caused the deletion of user profiles and data. The bug has been fixed as part of Vista SP1.

I don't like DRM - leads to an interesting article by Davis Freeburg describing his suffering at the hands of Vista's DRM.

Local Administrator Trumps GPO - think your GPOs have ultimate control of your enterprise workstations? Think again. - or - how to override your GPOs locally when you wish to test some alternate configurations.

GPAnswers: Group Policy Preference Extensions - an introduction to Group Policy Preference Extensions (GPPE). You will want to learn about this if you manage GPOs for your organization.

Microsoft's Springboard series - a 1 hour video discussing Vista deployment. I outline the highlights and provide a commentary.

More DRM woes for Vista users - leads to an article about Windows Vista Media Center users who were prevented from time-shifting their TV shows.

Who needs COFEE!? - a follow-up to a previous article about Microsoft's Computer Online Forensic Evidence Extractor (COFEE). Points to a demonstration of how to completely circumvent Vista security using a Linux live boot CD.

Microsoft not branding web sites - Points to some Microsoft sites that have absolutely no branding on them - weird. But useful sites nonetheless - particularly the Sysinternals executables that are ready to run.

Want your Windows Vista bug fixed? - An interesting plea to click on that Send Information button when you experience a Windows crash.

Roll your own MS Windows OS! - There is a movement out there that is hacking Windows 2008 Server to create a Windows 2008 Workstation that is one lean, mean Vista machine.