Windows Enterprise Desktop


July 18, 2011  4:22 PM

Windows 7 and Ben Franklin Collide!

Ed Tittel Ed Tittel Profile: Ed Tittel

Huh? I’m drawing from the wit and wisdom of founding father Benjamin Franklin who once said “Experience keeps a dear school, but fools will learn at no other.” I’m pretty sure this means that fools have to learn things the hard way, and this weekend I got smacked in the face by that realization as I started working on a new laptop (a reconditioned Acer 5552 that I got for an unbelievable $350 last week).

Out of force of habit, I started applying Windows Update patches (I think I started out with 88 of them pending) before I stopped to reflect that I also wanted to upgrade the OS. It shipped with Windows 7 Home Premium, which doesn’t support RDP, and I like to remote into my laptops from my desktop when I’m working at home, because it’s a got a couple of huge screens and my favorite keyboard hooked up to it. So an upgrade is absolutely essential for me, and my MSDN Premium subscription makes that easy and affordable to do on my test machines.

I already knew that I shouldn’t apply Win7 SP1 to my machine until after I upgraded, but I didn’t stop to think that it makes more sense to upgrade first, and update second, rather than the way around. And in fact, when I tried the upgrade after doing all the patches, the upgrade failed. But when Acer shipped the machine something about the way the Windows image got blown onto its hard disk created a spurious drive entry in Windows Explorer, and they either elected to turn off Windows Restore or something about that dual C: drive entry caused it to fail. I had to monkey around with System Protection options to clean up that entry, and only then was I able to turn on System Restore so I could create Restore Points.

Fortunately for me, the first Restore Point I created (somewhere around the 44th update or so), went far enough back in Windows functionality to allow the OS Upgrade to work. So I got the unique pleasure of running the second half of the update stream twice, and then applying SP1, and another raft of updates again after the Service Pack installed correctly. Back in the day when I studied databases, we used to say “selection before projection” to minimize the amount of data generated when formulating cross products across multiple tables. This weekend, I was reminded that when it comes to Windows 7 “upgrade before you update” is the right way to proceed with new machines that come with lower-level OS versions installed that you wish to bump up in functionality and capability.

Yep! Over 200 years later, Mr. Franklin’s pithy observations can still goad IT professionals into thinking more (and more deeply) before they act, rather than back-pedaling and wasting lots of time by acting too hastily. And for those of us who do act too fast from time to time, his words can remind us of better ways to do our jobs in the future!

July 15, 2011  9:26 PM

April 2012: In with the New, Out with the Old

Ed Tittel Ed Tittel Profile: Ed Tittel

According to Ed Bott’s latest Microsoft Report (“Can Windows 8 finally vanquish the ghosts of XP and Vista” two interesting Windows phenomena will coincide in April, 2012:  Windows Vista mainstream support will end, and Windows 8 will also very likely be released for General Availability (GA). Bott describes this, not without good cause, as “…an almost perfect changing of the guard.” I agree!

He then goes on to quote Microsoft Chief Operating Officer Kevin Turner, who addressed a standing-room only audience at the Microsoft Windows Worldwide Partner Conference this week as saying, “Windows XP, Office 2003, and Internet Explorer 6 deserve a standing ovation. We love those products.” According to Bott’s blog, Turner further observed that these products have also “made Microsoft and its partners a lot of money.” After a pause for dramatic effect, he added, “But they’re dead.” Bott goes on to use this as an opportunity to identify the 300 million desktops running XP worldwide as “Zombies” that are “hard to kill.”

Even though I just about fell over laughing when I read this, there’s a profound germ of truth to this statement. XP is going to outlive Vista in all likelihood, what with extended support continuing on into 2014. His guess is that businesses will really start jumping on Windows 7 at about the same time that Windows 8 becomes available. For a couple of years Microsoft will be supporting four desktop versions of Windows: XP, Vista, Windows 7, and Windows 8. I think it’s funny and sad that Vista never really got its chance, and that XP is leaning toward Zombie OS status (maybe a new category? ;-).

Whatever happens, next year should be an interesting one for those of us who work with, follow, and have to learn our way into the latest version of Windows, even as other versions still remain on the scene.


July 13, 2011  7:08 PM

July 2011 Security Bulletins Include Some Interesting Surprises

Ed Tittel Ed Tittel Profile: Ed Tittel

I’d been reading about the advance info for this month’s Patch Tuesday last week, and was a little surprised and frankly also relieved to learn that July 2011 features only four security bulletins (see all the details in the July 2011 Security Bulletin Summary from Microsoft). Imagine my surprise, therefore, when that translated into 6 bulletins for my x86 Windows 7 computers, and as many as 9 for my x64 machines (there’s also a whopping big security roll-up for Office 2010 that showed up on those machines where I’ve got this package installed).

The four bulletins listed in the Microsoft summary include the following:

  • MS11-053Vulnerability in Bluetooth Stack Could Allow Remote Code Execution: closes a loophole that could let attackers use specially constructed Bluetooth packets to install programs, mess with data, or create new user accounts with administrative rights. This one’s marked Critical and given the huge number of Bluetooth equipped systems out there is worth rushing into the field.
  • MS11-054 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege: resolves 15 different privately reported vulnerabilities, but exploits require valid logon credentials. This one’s marked Important.
  • MS11-055 Vulnerability in Microsoft Visio Could Allow Remote Code Execution: closes a backdoor that can open when a user accesses a Visio file on a network where a malicious library file is present, and could grant an attacker the same rights as the affected user. This one’s marked Important.
  • MS11-056 Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege: Resolves a handful of privately reported loopholes in the CRSS, though logon and use of a special application (attackers must have valid log on credentials and also log on locally). This one’s marked important, too.

The first Bluetooth item is a hair-raiser, the others are less dramatic or likely to be traumatic. Other items that showed up in this month’s mix included the usual Windows Malicious Software Removal Tool for July, an update to various Outlook Junk Email filters, and something called the Microsoft Office File Validation Add-in (KB2501584), used to confirm that binary files conform to requires MS Office file formats, to help users avoid potential security risks. Another interesting item that didn’t make the bulletin showed up a little later than the other updates on Tuesday: Insecure Library Loading Could Allow Remote Code Execution (KB2533623). It affects the way applications load libraries (key ingredients in the way many of them operate or behave). Other than posing a security risk if a hacked library ends up being loaded instead, I’m not really sure I fully understand this one. I’ll be looking for additional clarification and report back if I find any…

A trio of other interesting items showed up on my x64 Windows 7 machines. KB2552343 addresses a time-out error that can occur when installing a Windows Update package that includes drivers on Windows 7 or Windows Server 2008 R2 PCs (that can’t be good). Another one (KB2547666) fixes a bug that prevents users from deleting long URLs in the browsing history for IE on the same OS platforms. A third addresses the blurred-font issue I originally picked up from Ed Bott late last month (KB2545698).

All in all there was a little more to dig into, and chew on, that the advance reports led me to expect. But that’s the way it goes with Windows operating systems, for sure!


July 11, 2011  4:05 PM

Interesting For-a-Fee Windows Internals Webinar November 28-30, 2011

Ed Tittel Ed Tittel Profile: Ed Tittel

For those who don’t already know, David Solomon has been an author on an immortal classic book on Windows internals since its first edition came out way back in 1997. The book is now entitled Windows Internals, appropriately enough, and in its Fifth Edition, though this same tome appeared in its first two editions as Inside Windows NT in the 1990s.

As it happens, Mr. Solomon also runs an organization called “David Solomon Expert Seminars” that offers both online, Webinar-oriented training as well as instructor-led classroom training. For those for whom the book isn’t enough, in fact, his company offers 5-day seminars on Windows OS Internals and Windows Troubleshooting and debugging at some pretty princely prices ($2,999 if booked four or more weeks in advance; $3,499 if booked less than four weeks in advance).

Listing from Solomon Expert Seminar Site

Listing from Solomon Expert Seminar Site

More interesting to me (and probably to readers of this blog) is a two-day Webinar entitled 2 day Windows Internals with Sysinternals which goes for a mere $399 (if booked four weeks or more in advance, $499 if less than four weeks). Using the well-known Sysinternals Process Explorer, Process Monitor, and Autoruns tools (all favorites of mine, and many other experienced Windows systems administrators), admins will learn how to dive into threads, processes, and job data structures, dig into memory management mechanisms, and explore crash dumps at a fairly deep level of detail.

This is a pretty good deal for those looking to learn to do more with Windows Internals, and to get a crash course on the real and extensive capabilities of the Sysinternals OS utilities. For those looking to do something interesting, valuable and informative for the often fallow period from Thanksgiving through New Year’s it’s a pretty good way to end the year on a high note. Highly recommended, in fact!


July 8, 2011  3:58 PM

Why Mike Halsey Find Windows 7 Annoying

Ed Tittel Ed Tittel Profile: Ed Tittel

I always love good, strong opinion pieces on Windows, and none more than those from UK-based Microsoft MVP Mike Halsey. His latest rant is called “Windows 7 annoyances that have got to go!” Even though his story includes some very positive statements about Win7 (he says that Windows 7 is “…the most stable, dependable, attractive, feature-rich, and secure [operating system] that Microsoft have ever developed”), he raises some interesting and entirely reasonable objections to that selfsame OS.

You’ll want to read this fascinating and amusing article for all the details, but just a recitation of Halsey’s list of annoyances is enough to get even moderately experienced Win7 users’ heads bobbing up and down in entire agreement. He finds entirely plausible things to hate about Windows Upate and Action Center, libraries, homegroups, the Start menu, and the System reserved partition. Also in for his ire are various folder view options, sound device switching, desktop files, and restarts required after patch or update installations. I have hit and groused about every single one of the items on this list myself, and count myself among the head-bobbers, too, even if I do consider myself to be somewhat more than “moderately experienced” with Windows 7.

Check out Halsey’s article. If it doesn’t inspire some head-bobbing on your part, too, I’ll be surprised. But at the very least it will inspire several rueful chuckles as you read it through. I hope Microsoft reads and ponders this article carefully and takes appropriate action with Windows 8. If they wanted to, they could really learn some good stuff from this guy!


July 7, 2011  3:49 PM

Nortel IP Sale Pegs High-Tech Patent Value at $750K Apiece

Ed Tittel Ed Tittel Profile: Ed Tittel

When the dust settled on Nortel’s auction of about 6,000 patents in its intellectual property (IP) portfolio last week, a consortium that included Apple, Microsoft, and RIM, among others, paid $4.5 billion to take title to that collection. Do the math: 4.5 billion divided by 6,000 works out to $750,000 per patent. That puts a pretty high average value on a technology patent these days, and definitely sends a warning as to where settlement negotiations are liklely to begin to those organizations that may find themselves accused of infringing any of these patents in future litigation.

As somebody who works occasionally as an expert witness in patent infringement cases involving Web development technologies and commercial Web sites, I have learned to find the economics and analyses involved in setting damages in such litigation both intricate and fascinating. Basic principles dictate that plaintiffs argue for the biggest damages they can “reasonably” collect, and defendents argue to limit damages to the smallest amounts they can “reasonably” assess. But the economics and details involved in determining running royalties, deciding licensing fees to inure against patent liability, determining lump-sum damages estimates, and establishing the dates, motivations, and amounts assigned to “hypothetical negotations” (an imaginary agreement between plaintiff and defendant that goes back in time to the date when the first assumed patent infringement might have occurred) remain endlessly argumentative and infinitely absorbing. (I should observe that in working as an expert witness myself, I don’t get involved in determining damages estimates, though I am occasionally asked to provide historical data about licensing fees, royalty rates, or product costs at the time of a hypothetical negotiation.)

What’s interesting about this acquisition of a large collection of patents is that the Law of Large Numbers also dictates that the average cost per patent that emerges ($0.75 M) provides a definite and tangible benchmark for the going value of a high-tech patent nowadays. This is a pretty big number, but if the settlements that my research work and trial participation have made me learn about are any indication, this kind of investment in IP is likely to pay off handsomely for consortium members. It is more likely to serve them as a bargaining chip to fend off lawsuits rather than as a body of work to mine for lawsuits, in the sense that members can offer cross-licensing of their patents in exchange for elimination of liability for other alleged infringements from other patents belonging to third parties.

However, given the multi-million dollar settlements that are so often awarded in these cases, an outlay of $4.5 B also suggests that consortium members may have expectations for generating revenue from this outlay, as well as for obtaining some degree of “insurance value” from the Nortel portfolio’s contents. Only time will tell!


July 4, 2011  9:36 PM

Latest Patch Batch Fixes ClearType Issues in IE9

Ed Tittel Ed Tittel Profile: Ed Tittel

Thanks to Ed Bott’s June 30 blog “A fix for fuzzy fonts in IE9,” I finally get what recent fix labeled KB 2545698 is all about. Here’s Microsoft’s explanation from the just-cited Knowledge Base article:

This issue occurs because of a design change to how Internet Explorer 9 renders text. By default, Internet Explorer 9 uses sub-pixel positioned ClearType to render text by using DirectWrite, whereas Internet Explorer 8 uses whole-pixel positioned ClearType to render text by using the Microsoft Windows graphics device interface (GDI). [Quoted from the "Cause" section.]

I run a big monitor myself (a Dell 2707 WFP display) and I usually jack up the Web page display to 125% to minimize strain on my aging eyes, so I only noticed this when running my screen at true 100% resolution. But indeed the fix does make formerly fuzzy text appear more sharp and clear. This is one case where a small change in the code apparently makes a pretty big difference in readability on some displays. If your users complain about type that’s fuzzier in IE9 than it was in IE8, this fix could be worth rushing through testing and into deployment.

It worked for me, anyway. Give it a try on a test machine and see if it works for you.


July 1, 2011  9:24 PM

A Picture Tells an Interesting Mobile IPv6 Story

Ed Tittel Ed Tittel Profile: Ed Tittel

In my last blog, “The IPv6 Adventure Gets Underway,” I posted some information about getting my network boundary set up to handle IPv6 traffic. Thanks to some creative tunneling to IPv6-savvy ISP Hurricane Electric, and the acquisition of a Fortinet Fortigate 80C firewall device, my home network is now completely IPv6 capable and enabled.

After Monday’s excellent set-up and configuration examples, my partner in crime (and for the forthcoming 4th edition of Guide to TCP/IP) Jeff Carrell fired up a passel (5 to be more precise) of Wi-Fi capable mobile devices to see whether or not they too could use IPv6 on my network. As the following image attests, all devices could access and use IPv6 for their mobile communications, at least to access an IPv6-only Web page.

What you see in this picture is (clockwise from far left):

  1. HP Slate running Windows 7 Professional, showing a complete passing score from the online IPv6 test
  2. HP Mobile Workstation notebook PC also running Windows 7 Professional with the same passing display
  3. Apple iPad running IOS 4.3.2 ditto
  4. (Background) Asus TransFormer running Android 3.1 showing IPv6 compliance with a warning that the address in use contains the unit’s actual MAC address (called an EUI-64 IPv6 address, this poses the security risk that attackers can use that information to perform system footprinting). But it’s still running IPv6 and able to access IPv6 resources online.
  5. HTC Tilt 2 running Windows 6 Mobile also gets the green light from a passing IPv6 score

What this picture tells us is that most of the major mobile platforms can use and understand IPv6. Of course, this really won’t matter much until the ISPs catch up and IPv6 access becomes broadly and generally available. But it is working, and it is coming, so it’s probably time to start thinking about IPv6 network design, security, and policy.


June 28, 2011  1:11 AM

The IPv6 Adventure Gets Underway

Ed Tittel Ed Tittel Profile: Ed Tittel

When my co-author for the upcoming revision to our Guide to TCP/IP  (getting ready to come out in a 4th edition) showed up at my door mid-morning today, I finally got started on the IPv6 adventure of a lifetime. Fresh from his triumphant visit to Palo Alto (where he taught three or four IPv6 Test Lab classes at Sharkfest ’11) and Fremont (where he installed a couple of racks worth of switches, routers, firewalls, and servers at Hurricane Electric aka he.net) my good buddy Jeff Carrell came bearing a fabulous Fortinet FortiGate 80C firewall/switch/router that offers extensive and well-thought out IPv6 support.

Though the Fortinet box set me back over a grand, it comes with the most serious IPv6 support I’ve seen in a boundary device that’s suitable for SMB or “geek home” use (like at my house). Jeff had painstakingly  documented his set-up routine based on working with a handful of these devices already, so I got to guinea-pig his instructions as we updated its firmware, then worked through a standard firewall set-up, followed by a set of basic IPv6 configuration and firewall rules. I did hit some minor snags along the way (mostly owing to IPv6 address typos, or misunderstanding the configuration instructions) but we were able to shoot our way through all of this trouble in under 2 hours.

We set up an IPv6 tunnel through the he.net Tunnel Broker facility, and I can now say that my home network registers with all the important test sites as IPv6 compliant. Take a look at these results from the IPv6 connectivity test published for World IPv6 Day (held on June 8, 2011).

IPv6 is finally working on my home network (addresses munged for security reasons)

IPv6 is finally working on my home network (addresses munged for security reasons)

Now that I’ve got IPv6 up and running on this network, I can get back to work on earning Hurricane Electric’s IPv6 certification. Sage status, here I come!


June 24, 2011  10:06 AM

Get Ready for Nitro PDF 2!

Ed Tittel Ed Tittel Profile: Ed Tittel

In May of 2010, I posted a blog here entitled “New Nitro PDF Knocks Your Socks Off,” wherein I profiled my introduction to and growing satisfaction with the free Nitro PDF Reader. Over a year later, it’s still my PDF tool of choice, and I even forked over US$80 to purchase a copy of the professional version that adds support for distilling PDF and various annotation, editing, and formatting options (the list price for the program is US$100, but if you look around or wait for discounts you can usually find 15-20% off deals here and there). To me the things that make Nitro PDF Reader preferable to the Adobe or Foxit Readers are: a small executable, blazing fast performance, and value-add features out the ying-yang (other readers charge for most, if not all, of these).

I’ve just jumped into the latest release of the program, called Nitro PDF Reader 2, which hit the streets last Tuesday, July 21. It maintains the small code size (under 70 MB for the x86 version as installed, under 100 MB for the x64 version as installed), still runs like blazes, and adds a bunch of new value-adds to its latest incarnation, including:

  • Integrates with IE, Firefox, and Chrome so you can open PDFs right inside a browser tab or window.
  • Reworked PDF Creator engine runs up to 4 times faster than the previous version, and creates output PDF files half the size of those built by its predecessor.
  • Nitro PDF Reader has always done quality rendering, but on my 27 inch monitor (Dell 2707 WFP) the type is crisper and cleaner than ever with Nitro PDF Reader 2, invariably more readable than Adobe Reader.
  • Free support for incorporating a scanned handwritten signature right into fill-in form type documents (used to be available only in Nitro PDF Pro, now built right into the free Nitro PDF 2).
  • Support for content grouping layers (OCG, or Optional Content Group stuff) as well as XML Form Architecture (XFA) forms.

The latest user interface also adopts the Windows 7/Office 2007&2010 ribbon model. It looks and runs very nicely. Nitro PDF Reader 2 looks like it’s more than earned a spot on my “must-have Windows applications” roster. I’m going to spend a month or so with the program, after which I’ll report back on my experiences and continuing impressions.

Nice ribbbon, clear type, faster performance

Nice ribbbon, clear type, faster performance

I’m also pleased to report that Chris Dahl, Nitro PDF’s CTO, informed me yesterday by phone that Nitro PDF Reader is now using a single code base for both x86 and x64 versions of their programs. In the past, there had been some delays in obtaining x64 versions of the program, and it was more difficult to lay hands on the x64 version of the code. No longer. The base code for the application (the PDF renderer and UI portion) is actually the same 32-bit component, and runs as a 32 bit image on the x64 WOW (Windows-on-Windows) environment. The PDF Creator portion however (which requires a device driver, and thus can’t use 32-bit code) is implemented in native 64-bit code. Both portions installed seamlessly on my x64 test machine, and this version appeared to run just as fast (if not faster) than its 32-bit counterpart. This should be a real boon for the increasing number of users who are now running 64-bit Windows versions.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: