Over the weekend, a new version of the PowerShell App Deployment Toolkit appeared online at CodePlex. Labeled Version 3.1.5, this latest iteration to a substantial collection of PowerShell scripts designed to help sysadmins deploy Windows applications in an enterprise setting includes numerous useful facilities worth investigating. These scripts integrate nicely with System Center, but can also function independently (or with other .NET-based management consoles and suites). And best of all, they’re free (Open Source, actually) for commercial use. Here’s the page header info from the project’s home page at CodePlex:
This latest update at CodePlex is worth checking out, and should be helpful for most sysadmins charged with application deployment on Windows networks.
New features in this latest update include a handy “Send-Keys” function that permits PowerShell scripts to send keystroke sequences to an application Window to help automate in-app post-install configuration and customization, and several improvements to the “Execute-Process” script designed to implement recently promulgated MS best practice recommendations. Numerous bug fixes are also included as indicated on the afore-linked project home page as well. The project includes a reasonably detailed 61-page MS-Word file that serves as a user manual, and also presents a handful of readable and informative “Example Projects” that explore deployment of Adobe Reader in a variety of runtime situations (including SCCM 2007 and 2012, as well as standalone PowerShell-only).
Worth checking out!
With the upcoming release of Windows 8.1 Update 2 reportedly immanent, expected to fall on Patch Tuesday in August (8/12/2014), there’s certainly been a lot of fuss and bother lately about what’s coming (or not) for upcoming Windows releases including that particular one. With a variety of Russian and Chinese leakers posting sometimes irreconcilable (or incorrect) suppositions, separating the fruit from the nuts can sometimes be challenging. That’s why I was relieved and delighted to find a rumor roundup story from Windowsmaster Woody Leonhard over at Infoworld entitled “What we know about the next versions of Windows” to lay things out in workmanlike fashion.
1. Windows 8.1 Update 2
Woody confirms that what we know about the upcoming update — scheduled less than a week from today — is best summarized as “not much.” Nobody’s leaked credible details or particulars, and most rumors have agreed that there won’t be much new visible functionality making it onto the scene with that update. Russian-speaking readers may be pleased to learn that Windows 8.1 Update 2 is highly likely to include support for the Ruble currency character, which isn’t even available as a Unicode character at this point in time to my great surprise and astonishment.
A character layout map for the rouble symbol, probably headed for Unicode representation no later than year’s end.
2. Windows 8.1 Update 3?
Woody has some interesting things to say about a possible Windows 8.1 Update 3, which is represented as a “fallback patch in case work on the next big version of Windows falls behind.” In such an event, it would probably include the recently promised and much-ballyhooed return of the Start Window, along with “Modern UI app in a desktop window” (a la Stardock ModernMix), both of which MS has promised to deliver in some form or fashion sometime sooner or later (this is where things get muddier still, in case you hadn’t noticed).
3. Threshold versus Windows 9 versus Plan 9 from Outer Space…
The second page of Woody’s roundup is where things get really wonky, bizarre, and interesting. My favorite sentence: “Perhaps there are updates and there are Updates, if you know what I mean” (capitalization his, and worth noting). He notes that the next big version may not even be called Windows 9, however popular that terminology may be outside Microsoft right now. He also notes that the number of versions — which he labels as Metro, desktop, consumer, and corporate — isn’t completely clear, and then tosses in the OEM version Windows 365 which is currently tied to Bing but upgradeable online. How many versions does this mean? Nobody knows right now.
He also points out that a Brandon Paddock tweet via @BrandonLive on 6/27 equates the next update (3, not 2) of Windows 8.1 with Threshold, and that Chinese leaker Faikee opined in a Neowin discussion on July 16 that it’s really a “Plan B” (or “Plan 9″ if you prefer) in case the next major release of Windows gets delayed (which puts it in the same hopper as other rumors already reported under the Windows 8.1 Update 3 heading). From there, Woody goes on to point out some inconsistencies he spotted in various purported screenshots of leaked future Windows versions to emphasize the indisputable fact that nobody seems to have a definitive handle on future Windows versions right now. His summary of circumstances is both apt and a little scary: “There are no legitimate leaked screenshots of any future version of Windows, no leaked builds. We have unattributed reports of planned features, many of which contradict each other.”
If there’s one limited ray of sunshine amidst this morass of muddy madness, I would guess that the situation demonstrates the apparent success of Microsoft’s attempts to shut down leaks, and to make things more difficult for would-be leakers. Though we know less now than is typical for this stage in various Windows development cycles, maybe that’s a good thing? Woody demurs, and closes his article with “It’s almost like living under the Sinofsky lock-down, all over again. We need a Myerson glasnost.” I’d settle for a clearer sense of future plans, features, and directions.
The Bromium Labs Research Brief entitled “Endpoint Exploitation Trends H1 2014” released on July 22 shows Microsoft’s Internet Explorer in the lead for a crown it probably doesn’t want — namely, “the historic high number of security patches in over a decade” (press release). Here’s a graph snipped from that documents that counts publicly reported vulnerabilities for a number of browsers and popular related tools and technologies (2013 in light blue; 2014 in salmon).
MSIE overtakes Firefox, Chrome and Java (ahead in 2013) to take the lead for reported vulnerabilities in the first half of 2014.
[Report: Pg3; data originates from the US NIST National Vulnerability Database, aka NVD]
The report states further: “The notable aspect for this year thus far in 2014 is that Internet Explorer was the most patched and also one of the most exploited products, surpassing Oracle Java, Adobe Flash, and others in the fray. Bromium Labs believes that the browser will likely continue to be the sweet spot for attackers” (page 3). Furthermore, Bromium’s analysis shows that attackers have been able to bypass Microsoft’s Address Space Layout Randomization (ASLR) technology using a technique called Action Script Spray to dynamically create return-oriented programming (ROP) chains, and reports that two such exploits have already been identified in 2014. Likewise, data execution prevention (DEP) blocks seem less effective than initial descriptions (and tests) of the technology promised.
One potentially positive trend documented in the report is a shortened time frame between the day an exploit is reported to the day a patch becomes available. A figure on page 4 of the report shows that lag times (in days) have decreased dramatically for IE9 (over 90 days), to IE10 (over 10 days), to IE11 (under 5 days). But on page 7 of the report, Bromium muddies the waters a bit with this remark: “Web browser release cycles are compressing and the interval between the general availability of a new release and the appearance of the first security patches has been decreasing recently. This may represent greater efforts on the part of software manufacturers to secure their products, or it may represent products being released to market with less security testing than earlier versions received.” To buttress the second possibility, Bromium’s researchers point to the increasing popularity of “use-after-free” vulnerabilities in zero-day exploits — a point worth learning more about, and pondering carefully (see this Mitre CWE definition for more info).
What does this portend for Windows system and security administrators? Alas, it means the common perception that IE remains a source of security vulnerability remains as true (or truer) today than it has been in the past, and that erecting defense in depth around (or avoiding or banning) its use is a top priority. And I thought newer generations of IE were supposed to be more secure than older ones? Go figure!
A recent post over on Paul Thurrott’s SuperSite for Windows just reminded me about an essential item in any Windows admin’s repair and recovery toolkit — namely a USB 3.0 to SATA adapter or drive caddy of some kind. The “drive end” (SATA) represents the most common form of SDD and hard disk coupling in use on Windows machines nowadays, while a USB 3.0 port is available on most modern machines and combines high rates of speed for data transfers (the theoretical limit of 5 or 6 Gbps is seldom approached, but USB 3.0 is generally an order of magnitude faster than USB 2.0 or 2.1 in everyday use). Thurrott’s post is entitled “Tools of the Trade: USB 3.0 to SATA Adapter” and features an Anker device available from Newegg for $21.99, depicted here:
The secret to this choice of device, which is eminently suitable for traveling/field use, is that it accommodates an external power supply. That’s because while it is possible to buy USB to SATA adapters that either feature one or two USB connectors (the second one is used to boost power levels, as a single USB Port can deliver only 2.5 to 5.0 Watts), you can only use such devices to attach lower-power SATA drives via USB. In practice, this means 2.5″ notebook drives such as SSDs, SSHDs, or conventional hard disks. Even then, higher-capacity 2.5″ HDs (1 TB and above) might still demand too much power to be served by such an inexpensive and light-duty adapter (here’s a $12.55 part from Newegg that illustrates this kind of thing).
For shop or depot use, I’d recommend something I’ve written about before — namely, a one or two SATA connector-equipped drive caddy (see the 4/19/2013 post here entitled “MyFaves: HDD Docking Station” for more details). These devices are bigger and less portable, but also offer a more substantial tool for mounting either 2.5 or 3.5″ SATA drives of all kinds and sizes (I’ve got a 3.0 TB Toshiba drive mounted in my $58 Thermaltake BlackX Duet that I use for backups and my enormous collection of music files). A dual drive unit like this one also offers an easy way to mount two drives, so that you can image one drive directly to another (or use a tool like Paragon Software’s Migrate OS to SSD 4.0, to transfer a UEFI boot disk image from a source to a target disk without losing boot capability in the bargain).
Whether you go for the portable Anker device that Thurrott recommends, or an equivalent like the FiveStar SATA IDE Adapter ($21 at Newegg), or even the more substantial drive caddies best suited for shop or depot use, if you work regularly with imaging, building, recovering, or repairing Windows disks, you’ll find such devices invaluable elements in a well-stocked Windows PC toolkit. Highly recommended.
By Diana Hwang
That’s saying a lot since Microsoft has always had been likened to the Evil Empire and whomever was at the helm was Darth Vader.
No, Nadella is not short, green and wrinkled with big ears (far from it), but he is the intelligent yet humble public and behind-the-scenes persona that gets Microsofties to focus on the company’s big picture strategy just as Yoda guided Luke and the rebels throughout the Star Wars series. (Just for the record, I’m a fan of the old Star Wars – Episodes IV, V, and VI).
Nadella has led the $86.8 billion company for six months now, and he’s focused on a few key messages: mobility, cloud, productivity, and melding digital life and work experiences.
What does it all mean? Everything Microsoft does is about helping people be more productive and getting things done.
But here’s an interesting tidbit that came up during Microsoft’s fourth quarter and fiscal year 2014 earnings call this week: Nadella confirmed Microsoft will consolidate multiple Windows operating system into one version.
“We will streamline the next version of Windows from three operating systems into one, single converged operating system for screens of all sizes,” Nadella said during the call.
It’s about time. There is absolutely no need to have separate OSes for PCs, tablets and smartphones. Why? Because technology like CPUs and screens have improved so much that devices are much more mobile friendly. They can handle the full Windows workloads while offering workers a full day of battery life
As a result, the streamlined Windows OS built on a single core could generate other beneficial results like developers being more motivated to create more relevant business apps for the Windows Store.
The converged Windows also furthers along Microsoft’s universal apps vision. Developers won’t need to spend more time building separate Windows PCs, tablets and Windows Phone apps. This is especially important as Windows Phone and Windows tablets have a miniscule market share compared to Apple iOS and Google Android devices.
If developers can create one Windows app that works across a PC, tablet or smartphone and simply optimize it for the screen, it becomes a decent value proposition. It’s the next step for continuing this vision of the universal app Microsoft unveiled at Build 2014 this past spring. Developers can now view the world of Windows devices not in a segmented fashion but as a whole.
“We will unify our stores, commerce and developer platforms to drive more coherent user experiences and a broader developer opportunity,” Nadella said on the financial call. He promised the next wave of Windows enhancements in the coming months.
With Microsoft simplifying its engineering teams and refining its vision, the industry will closely watch how well it can execute its strategy.
The numbers don’t lie
No matter how promising the strategy, it all comes down to the bottom line.
For the fourth quarter 2014, Microsoft posted revenue of $23.38 billion and net income of $4.6 billion. For its fiscal year 2014 ended June 30, Microsoft posted revenue of $86. 8 billion and net income of $22 billion.
Microsoft attributed much of its growth to cloud services such as Office 365 and Azure. The commercial cloud annual revenue run rate doubled and hit $4.4 billion. Microsoft said it added over 1 million subscribers to Office 365, bringing the number to 5.6 million users.
But Microsoft also took a $700 million operating expense hit from the acquisition of Nokia. Just last week, Microsoft laid off 18,000 workers, of which 70% of those impacted occurred in the Nokia Devices and Services division.
The company created a new phone hardware segment to account for revenue from its smartphone business. It contributed $1.99 billion in revenue this quarter to Microsoft’s bottom line, driven by sales of its Lumia 500 and 600 series smartphones.
Microsoft will continue to compete with its OEMs to create new devices like Surface and as Nadella says, the company will “responsibly make the market for Windows Phone.”
“However, we’re not in hardware for hardware’s sake, and the first-party device portfolio will be aligned to our strategic direction as a productivity and platform company,” Nadella said.
It remains to be seen how successful Microsoft will be. Just like Star Wars Episode VII is expected to be released in 2015 with the old cast of characters returning but with some new twists. Microsoft too is coming back to its original successful productivity roots but with some new twists as well.
May the Force be with you.
It looks like there’s been a bit of misplaced hullaballoo in the wake of yesterday’s 7/22/2014 Microsoft earnings call for Q4, during which CEO Satya Nadella is quoted as saying: “We will streamline the next version of Windows from three operating systems into one single converged operating system for screens of all sizes” (source Mary Jo Foley, All About Microsoft, ZDNet). Though this sounds very much like one OS image for all possible variants, including phones, tablets, PCs, and game consoles, that’s not exactly how things should play out, according to many sources (including MJF’s aforelinked article on this subject).
Globzer’s “hypothetical” wallpaper for Windows 9 aka Threshold, where the One Windows strategy should find more tangible expression from MS.
Here’s a more reasonable interpretation of what’s going on with Windows and what Nadella sought to say:
1. One development team for Windows versions/variants — namely the Unified Operating System Group led by Terry Myerson.
2. One single, common Windows “core” — also called the NT Core, this common collection of code applies to Windows Phone, Windows 8, Windows RT, and Windows Server. According to MJF “…each OS builds on top of this core using different pieces that make sense for the form factor/hardware…” in use.
3. One unified Windows Store — By combining the Windows Phone Store and Windows Store, MS is working toward a single store for all of its platforms, where it’s likely that Windows 9 (aka “Threshold”) may be where the initial results of such efforts go on display.
4. One single unified Development effort — Perhaps best understood as “code once for all Windows platforms” this effort captures MS’s ongoing work to consolidate a core set of APIs to enable applications to run on Windows Phone, Windows (desktop and server), and the Xbox. MS’s initial efforts enable developers to reuse some code as they write what MS calls “Universal Windows apps,” but there’s still substantial work to be done in this area.
It’s tempting to try to translate this into a single installable Windows version that somehow enacts a “one image fits all platforms” approach. Ain’t gonna happen! As MJF points out, Nadella steered emphatically clear of any such promise when he said “Our SKU strategy will remain by segment. We will have multiple SKUs for enterprise, we will have for OEM, we will have for end-users… We will be disclosing and talking about our SKUs as we get further along.” ‘Nuff said!
Although the ThinkPad 10 has been a “known entity” since late 2013, and listed at the Lenovo Store since March or April of 2014, it was only last week — while I was away from my office on vacation, as fate would have it — that Lenovo finally opened the product page for actual orders. Having now visited same to check things out, I will cheerfully admit to having a soft spot for ThinkPad products (I own two Ivy Bridge era i7 notebooks, including the X220 Tablet and a T520 notebook, each upgraded with OCZ Vertex SSDs and Plextor mSATA SSDs and 16 GB RAM). At present, however, the only model available is a 2GB RAM/64 GB SSD despite promises of a 4GB RAM/128 GB SSD model on the ThinkPad 10 Tech Specs page. I’m a little disappointed, but not terribly surprised, given that it’s taken quite some time for Lenovo to bring the product to market since it first announced the platform (I do plan to wait for the heftier model to become available before ordering one myself).
A side view of the Lenovo ThinkPad 10 sitting inside the Ultrabook Keyboard dock with its drop-in, single-angle docking connector.
The present offering includes a quad-core Intel Atom Z3795 quad-core CPU running Windows 8.1 Pro 32-bit (x86), 2.0 GB LPDDR3 RAM, and offers 1920×1200 screen resolution (somewhat better than “full HD” at 1920×1080; graphics come from integrated Intel HD circuitry in the Atom family that’s on par with Intel 3xxx capabilities on other CPUs). The base unit as described currently retails for $692.55 at the Lenovo Store, including an instant rebate of $36.45. The all-important keyboard cover accessory (called an “Ultrabook Keyboard” on the Accessories page) will set you back an additional $120, a protective case costs $55, and an external battery costs $30. This puts a reasonable configuration in the $800-850 price range, which is about $200-250 more than a similarly equipped Dell Venue 11 Pro Tablet (which supports i3 and i5 models at the top end of the feature/price spectrum at prices up to $1,180, including a keyboard dock with a second battery).
At the moment, the same dollars that the entry-level ThinkPad 10 will cost you would also buy you a 64-bit Venue 11 Pro model with twice as much RAM (4GB instead of 2) and SSD storage (128 GB instead of 64). Given those economics, it looks like Lenovo will have to bring lots of usability and capability options into the mix to give the Dell Venue 11 Pro a run for that money. I’m going to have to compare them side-by-side to see which option makes the most sense for business/professional users.
It doesn’t seem like that much time has gone by since the release of Windows 7, but free mainstream support for that operating system from Microsoft comes to an end on January 13, 2015. On July 2, 2014, MS Support posted a notification entitled “Products Reaching End of Support in the Second Half of 2014” (thanks to Mary Jo Foley and a recent ZDnet post for alerting me to this). Title notwithstanding, the second heading on page provides the lead-in for this discussion, and reads “Key Products Transitioning from Mainstream Support to Extended Support.” The explanation for Extended Support proffered there is very much worth repeating here, to help put this transition into its proper context:
Extended Support lasts for 5 years and includes security updates at no cost, and paid hotfix support. Additionally, Microsoft will not accept requests for design changes or new features during the Extended Support phase.
The following screen cap shows a list of Windows 7 products moving to extended support (for the complete list, which also includes specific releases of MS Dynamics, Exchange Server 2010, Windows Embedded and Phone, Windows Server 2008 including R2, and Windows Storage Server 2008 also including R2, please consult the notification page):
Any and all Windows 7 versions transition to Extended Support on 1/13/2015.
Does this mean that the end of life for Windows 7 is at hand? No, as the MS explanation clearly states, it still has 5 years of life left once it attains Extended Support status. But with the relentless forward march of technology continuing unabated after that, the requirement for paid hotfixes, and the absence of new features or design changes Windows 7 can’t help but be left behind in the face of new hardware and software that is certain to appear during that time window. Will enterprises want to risk being left behind to avoid migration? I have to believe the answer will shade from “Fine by us” as the 5-year-clock starts ticking, but enterprises will become increasingly less complacent — tending more toward “urgent” to “desperate” — as the 60-month window of ongoing but limited support for Windows 7 starts closing.
What does it all mean? For those enterprises who migrated to Win7 more than two years ago, it means they probably already expected to start planning the next migration at about that time (January 2015). For those who’ve completed their migrations (or haven’t yet done so) it means they must face a compressed migration schedule as their next technology lifecycle turns over.
Here’s a nice graphic from the Microsoft Security Response Center’s latest blog post, entitled “July 2014 Security Bulletin Release;” it summarizes the items pushed out via Windows Update yesterday, July 8, and presents a new look and feel for security bulletin stuff.
Sharp colors and simple labeling let you absorb the latest security bulletin deployment priorities at a glance (full-size original).
And now that MS has stopped e-mailing advance notifications and update information to users, in response to a Canadian governmental anti-spam initiative, they’ve set up something called the MyBulletins “security bulletins customization free online service,” which enables registered users to create custom dashboards so they can track security bulletins related to products and platforms deployed on their systems and networks. Here’s a snipped of what my dashboard looks like, after I registered interest in Windows 8.1 and 7, various .NET Framework releases, Windows Server 2012 and R2, and so forth.
MS now offers a way to customize a security bulletin dashboard to track only products and platforms of interest to IT professionals.
On the face of things, I’d say that MS has come up with a reasonable and perhaps even more usable alternative to its now-obsolete and unavailable e-mail notifications for security bulletins. Check it out, and see for yourself!
At the end of last week, ZDNet’s Mary Jo Foley posted a story on the upcoming next major Windows release, code-named Threshold, often called Windows 9. She slipped an interesting remark right past me therein, called into sharp relief by a follow-up story I read this morning on Gidgets.com. Here’s a paragraph from MJF’s story that lays out an interesting hypothetical situation surrounding that upcoming release:
The Microsoft OS team is hoping to get as many Windows 7 users moved to Windows 7 Service Pack 1 and Windows 8 users to Windows 8.1 Update in preparation for (hopefully) getting them to move to Threshold once it is out. It’s still early in the Windows development cycle for Microsoft to have decided on packaging, pricing and distribution, but my sources say, at this point, that Windows Threshold is looking like it could be free to all Windows 8.1 Update, and maybe even Windows 7 Service Pack 1, users.
Here’s one cut at a logo for the next generation of Windows for the desktop (Windows 9 Logo Wallpaper).
This certainly poses one interesting and compelling way for Microsoft to stimulate wholesale upgrades to Windows 9 for a large majority of users. With Windows 7 SP1 now representing over 50% of the installed Windows based, and Windows 8.* versions accounting for roughly 12% or so of what’s left over, this could provide a straightforward way to achieve critical mass for the next major Windows release. Certainly, Apple experienced higher conversion rates when they stopped charging for major releases of OS X, so there’s no reason to expect that Windows behavior would differ significantly. That said, a great many more enterprise desktops, notebooks, tablets, and so forth run Windows than MacOS, and we all understand that even if it’s cheap for such organizations to migrate, there are many other factors (and a great deal more time, effort, and expense) involved in making wholesale migrations at the large end of the scale.
This is undoubtedly an interesting hypothetical to consider, and possibly even a positive inducement for some parties to make the move up to Windows 9 from earlier versions. But from an enterprise perspective, it is only one small consideration among a host of others that can’t help but involve significant time, effort, and expense in planning and implementing an OS migration. I’d have to guess that a free upgrade wouldn’t impact corporate and large organization lifecycle planning much, if at all. It should be interesting to keep an eye on this, and to see what it morphs into in the months ahead. If other rumors about Windows 9 have any merit, we should be hearing more about the new OS later this year, and witness the developer and consumer preview releases late in 2014 and early 2015 respectively, with a GA release about a year from now. There is still plenty of time for things to change and for rumors to coalesce into actual, announced plans and releases. Stay tuned!