August 29, 2011 2:56 PM
Posted by: Ed Tittel
Check out "The Deployment Guys" blog
, TechNet serves up a great MS deployment tools blog
In my ceaseless trolling for good Enterprise Windows 7 news and info, I regularly scan the Microsoft and TechNet blogs. This morning, I decided to read the whole list of bloggers on TechNet and somewhat belatedly came across a listing called “The Deployment Guys.” I’m really glad I did because I came across quite a few gems there.
The Deployment Guys blog banner
Aside from containing one of my all-time favorite “sniglets” — namely, automagically — this site offers up some incredibly useful information particularly when it comes to mastering the ins and outs of the Microsoft Deployment Toolkit 2010, including the following items among many others:
I could go on further, but this should be enough to show you that there’s a raft of great stuff here, along with lots of good tips and tricks about how to make the most of Windows 7/Windows Server 2008 deployment tools and technologies available from MS. If you’re at all like me, you’ll add this to your favorites, and you’ll start picking up on their Twitter or RSS feeds.
August 26, 2011 2:20 PM
Posted by: Ed Tittel
PsExec lets you overpower Windows permissions to delete anything you want; PsExec provides ability to run programs at System-level permissions
OK, so it may be too much of a stretch to compare rooting out a stubborn Registry key to Lady Macbeth’s lamentations, but it’s my blog and I can steal a line from Shakespeare with the best of them. In this case, I’m inspired by Scott Hanselman’s Computer Zen blog post entitled “How to REALLY hurt yourself with PSEXEC – Deleting the Undeletable Registry Key and More.” In a nutshell. this post explains how he got stuck with some Registry keys related to no less than SEVEN virtual network interfaces inside a VM and found himself unable to remove the registry keys responsible for their continued existence — and maddening consumption of system resources — despite running regedit.exe from an administrator account.
Scott Hanselman blog headline
This whole story hinges on the wonderful Sysinternals utility called PsExec, which lets administrative users launch programs with arbitrary user rights. Hanselman couldn’t get regedit to delete the registry keys for the bogus virtual network adapters he wanted to remove from his system. Even in an account belonging to the Administrators group he was getting “Access Denied” errors when he tried to remove those registry keys.
PsExec let him load the regedit program and run it interactively at a System level of permissions (where anything is possible, and where “severe tire damage” far too likely for those who don’t proceed carefully, and don’t know in great detail what they are doing). The command syntax looks like this:
psexec -s -i regedit.exe
In this context, it’s also worth repeating Hanselman’s warnings about taking this approach to overpowering built-in Windows restrictions on deleting key registry keys, files, and other objects:
If there was one tool that really “takes the safety off the gun,” it’s PsExec. You can hurt yourself and your system with PsExec in ways where you’ll not realize until it’s too late. There aren’t enough words with big enough fonts and scary enough evocative stock photography to fully express how dangerous this tool is.
Wow! Nothing gets me as excited as the ability to do myself infinite harm, so I dove right into my Sysinternals tool directory and fired up a couple of programs using this very approach to see what I could get away with. Indeed, regedit performed as described and I was able to go in and delete anything I wanted to (which I immediately restored so as not to do any damage). The same trick also works for launching cmd.exe, and then you can use the command line to delete any Windows file you might want to get rid of without restrictions (the remorse could come later if you really shot yourself in the foot).
I think this is a great technique for Windows systems admins to add to their bag of tricks, but it really is one of those approaches that should be treated with extreme care and caution. Unless you know exactly what you’re doing and restrict your actions to repairing mistakes that Windows and other software can inflict on your system, you might be in for a world of hurt with this technique. My advice is to use it only for extremely limited purposes, and only when other tools or techniques just won’t or can’t fix your problems.
August 24, 2011 4:06 PM
Posted by: Ed Tittel
Ed Bott gives great advice on safe computing
, see Ed Bott ZDnet blog for great end-user training piece on safe computing
I’ve long admired and followed the work of Windows expert Ed Bott, who writes a regular blog for ZDNet (now a CNET property). His recent posting entitled “Stay safe online: 5 secrets every PC (and Mac) owner should know” is a short, sweet and extremely informative primer on what information security experts often like to call “safe computing practices” or “Internet Security Awareness.”
Ed Bott’s Safe Computing Blog
There’s nothing in this blog that most IT professionals don’t already know by heart. But because it is such a nicely distilled, explained, and illustrated piece of work, I commend it to them to share with their users. And because most IT professionals are also IT advisors and informal tech support staff for their friends and families, they can recommend this piece beyond the confines of the workplace as well.
August 22, 2011 7:12 PM
Posted by: Ed Tittel
use tools to creat bootable Win7 repair media
, Windows 7 ISOs drive reinstalls and repairs
As you work with and around Windows 7 systems, you will occasionally need access to a bootable Windows 7 image from which to conduct system repairs. If you don’t have a set of 32- and 64-bit boot disks handy, nor original optical Windows 7 media, you can always go back to ISO images for Windows 7 to construct bootable images. These days, I like to use the Windows 7 USB/DVD download tool, available from the Microsoft Store online (and lots of other locations), to build bootable USB flash drives from which to launch Windows 7 reinstalls or repair operations.
But with this tool in hand, where to go to get the ISO images for Windows 7 to build the bootable UFD? If you have an MSDN membership you can download from there, or if you’ve bought Windows 7 online from Microsoft, you’ve downloaded and stored a Windows 7 ISO image somewhere locally already. If neither of these options is available to you, check out this MyDigitalLife how-to guide from November 2009 “Windows 7 ISO x86 and x64 Official Direct Download Links (Ultimate, Professional, and Home Premium).” (A word of warning: only the Digital River download links posted there currently work. The Amazon links are all DOA. )
OTOH, here’s a set of links for the Windows 7 SP1 ISOs from Windows 7 Hacker “Download Retail Windows 7 ISO from Official Website,” dated August 8, 2011 (and again, only the Digital River links appear to be working).
When you have the ISO file downloaded, you can use the Windows 7 USB/DVD download tool to construct a bootable UFD or DVD for Windows repair or reinstall purposes. Enjoy!
August 19, 2011 2:36 PM
Posted by: Ed Tittel
baker's dozen of Win7 monitoring gadgets
, Brian Nadel enumerates 13 great Win7 sysmon gadgets
I just stumbled upon a ComputerWorld story by Brian Nadel entitled “Inspector Gadgets: 13 Windows 7 gadgets for monitoring your PC” that’s chock full of interesting items that systems administrators and power users will enjoy checking out (and possibly using on their desktops). I myself am a big fan of basic system monitoring gadgets on my Win7 machines, and regularly run the following on those PCs (listed in their typical order of appearance):
Nadel’s story offers a larger and quite interesting array of gadgets, about half of which are depicted here:
Nadel’s Gadget Gallery from ComputerWorld story
I’m pleased to report that a couple of my gadgets made the cut, but even more pleased to discover some additional useful elements in Nadel’s list. Please take a look at his article to get information on the following Windows 7 Gadgets:
Be sure to check them out: there’s some good stuff in here!
August 17, 2011 2:36 PM
Posted by: Ed Tittel
enterprise Win7 adoptions finally picking up steam
, Gartner predicts Windows 7 will be majority OS by end of 2011
A recently published Gartner study (cited in stories at computing.co.uk and FierceCIO TechWatch) apparently predicts numerous interesting Windows 7 developments and phenomena. First and foremost, Gartner predicts that somewhere around 42 percent of all PCs world-wide will run Windows 7 by the end of 2011, giving it first-place ranking and finally ahead of Windows XP on the desktop. Second, and perhaps more interesting is a quotation from Gartner Research Director Annette Jump that reads “Many enterprises have been planning their deployment of Windows 7 for the last 12 to 18 months, and are now moving rapidly to Windows 7.”
Headline from Gartner Press Release on Win7 Report
Reasons cited for the forecasted jump include increasing IT budgets in 2011 and 2011, along with a substantial number of Windows 7 migrations initiated in the final quarter of last year (2010). While this may seem like happy news for Microsoft, long term-predictions are less rosy for Windows. According to the already-cited TechWatch article “…it is interesting to note Gartner’s opinion that Windows 7 is likely to be the last operating system from Microsoft deployed in such numbers. Gartner attributes this prediction to the rise of ‘OS-agnostic’ applications for enterprises, meaning software not tied to a particular platform.” That story goes on to say that her research indicates that such applications are likely to comprise half of all apps in use by 2012.
I do think this means that Windows 7 has finally reached or is nearing the tipping point for enterprise adoption, but I’m not so sure that Gartner is right about a decline in Windows use in the enterprise. All that hardware (desktops and notebooks, especially) has to run some kind of OS, and there’s really no viable alternative that has all of the imaging, installation, deployment, configuration, and management tools by which enterprise IT departments live and die out there right now. I believe that Windows will remain unchallenged as the enterprise client OS until such time as a fully-fledged alternative makes itself available. Right now, this is just a mythical beast and until that critter becomes real, Windows stays in the catbird seat.
August 16, 2011 12:37 AM
Posted by: Ed Tittel
Steven Sinofsky kicks off Windows 8 blog for MS
, Windows 8 blog makes its debut
, Windows 8 Engineering blog = E8
One of the best things about recent versions of Windows has been increasing transparency in the MIcrosoft development process, perforce through increased access to executives and developers alike. As Windows 7 ground its way to completion I enjoyed the various blogs it gestated, still visible on MSDN as the “Engineering Windows 7” blog. Today, Microsoft’s “Windows President” Steven Sinofsky launched a new blog for Windows 8, called “Building Windows 8″ with an introductory post entitled, appropriately enough “Welcome to Building Windows 8.”
Kick-off post launches the Building Windows 8 blog
Here are some interesting sound bites from this posting:
- …today we want to begin an open dialog with those of you who will be trying out the pre-release over the coming months.
- We intend to post regularly throughout the development of Windows 8, and to focus on the engineering of the product.
- Windows 8 reimagines Windows.
- The appearance of touch-screen mobile phones with the rich capabilities they bring, have together changed the way we all view computing. Most of all, computing is much more focused on applications and on people than on the operating system itself or the data.
- …in the next few weeks we will just start talking specifics of features, since there is no obvious place to start given the varying perspectives. [networking, storage, performance and fundamentals, developers, IT pros, and gamers all mentioned in preceding sentences]
- …we’ll work hard to have constructive conversations with you, share the data, and, when the situation calls for it, make thoughtful changes.
It sounds like a lot of interesting stuff will be breaking in this blog, so you’ll probably want to follow it along with me. You can get notifications by following @BuildWindows8 on Twitter, just like I will!
August 12, 2011 3:57 PM
Posted by: Ed Tittel
LANDesk Altiris CA Unicenter and MS Configuration Manager offer excellent patch deployment tools
, value of automated patch deployment
After the sizable set of updates (12-16 on my various Windows machines) last Patch Tuesday that I documented in Wednesday’s blog “First Patch Tuesday August 9…” I found myself pondering once again the incredible value that automated deployment tools bring to IT environments of any size. Not only can these tools — which include the likes of LANDesk, Altiris, CA Unicenter, and Microsoft Configuration Manager to name just a few — push updates out to desktops on a tightly scheduled basis, they can also roll back machines to a pristine, pre-update state, should anything prevent their successful application (and also perform rollbacks after the fact, if hitherto undiscovered difficulties should rear their ugly heads later on down the road).
In addition these toolsets can also apply service packs, home-grown or third party applications updates or upgrades, tally up hardware and software inventories and attributes, and manage licenses. Some of them extend these same functions to centrally managed mobile devices such as smartphones or PDAs as well.
It stands to reason that because enterprises need time to deploy patches in a test lab, and make sure they break nothing in the standard environment (or interfere with home-grown systems and applications), they also need capable tools to speed deployment of such patches and fixes as survive the testing and vetting processes. And because so many organizations work within tightly scheduled update windows that typically occur anywhere from once a month to once per quarter, they need smart tools that can work within those windows and provide intelligent rollback and recovery methods should anything go wrong before the window closes.
As we all know, it’s imperative for employees and systems to get back to work as soon as the update window closes and operations resume. Better to fail gracefully and fix problems during the next window, than to have anything prevent normal business operations from resuming on schedule in any kind of enterprise.
August 10, 2011 2:13 PM
Posted by: Ed Tittel
August 2011 Microsoft Security Updates
, Review of August 2011 Microsoft Security Bulletin Summary
A quick look at Microsoft’s Security Bulletin Summary for August 2011 shows 13 security bulletins for this morning. My own machines (both 32- and 64-bit Windows versions) showed a nearly uniform list of 14 security bulletins (including some non-bulletin elements like the monthly refresh of the Windows Malicious Software Removal Tool and a keyboard driver for my Microsoft keyboards).
Microsoft Windows Security Bulletin Summary August 2011
Here’s a list of the items in the executive summaries section of the August 2011 bulletin (with links to the relevant security bulletin for each item):
- MS11-057 [CR] Cumulative Security Update for Internet Explorer (2559049)
- MS11-058 [CR] Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)
- MS11-059 [IR] Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656)
- MS11-060 [IM] Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978
- MS11-061 [IM] Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250)
- MS11-062 [IR] Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454)
- MS11-063 [IR] Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
- MS11-064 [IR] Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
- MS11-065 [IR] Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
- MS11-066 [IM] Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
- MS11-067 [IM] Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
- MS11-068 [MR] Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
- MS11-069 [MM] Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
Key to [xx] bracketed ratings information
First char describes severity ranking: C = Critical, I = Important, M = Moderate
Second char labels restart: R = requires restart, M = may require restart
MS11-058 deals with DNS servers and is highly unlikely to show up on Windows client computers, but the rest of this sometimes comes in separate 32- or 64-bit versions, all of which are likely to show up on Windows desktop machines. There will be some serious and meaningful work for system admins to get these updates into testing to determine if and when deployment will be necessary (as will probably prove to be the case for all critical and important updates in the list, where they touch functions that are present on specific Windows clients or reference builds).
For those who use automatic update, please note that there are two .NET Framework items that remain unselected for install by Microsoft’s choice: KB2468871 and KB2533623. These will need to selected for manual installation if they show up on client machines (as they will for most ordinary Windows users).