OK, so if you’re running Microsoft Security Essentials (MSE) installed then you must figure out what to do with an update that Microsoft pushed yesterday in its increasingly typical “2nd Patch Tuesday” release. This update is labeled KB2310138 though it is also entitled “Definition Update for Microsoft Windows Security Essentials” (which is something of a misnomer, because this actually refers to a KB article entitled “Description of Microsoft Security Essentials and of the definition file updates for beta version 2.0.0375.0” which really has nothing to do with this current update at all).
But what I experienced today on those machines where I do permit auto-updates to proceed (how else can we learn about these things? or find such gotchas?) is that applying this update causes Windows 7 to reset all known network types from “Home” or “Work” to “Public.” Of course, this immediately broke RDP access for me on my LAN since by default RDP is allowed on trusted networks, but blocked on untrusted one (which defines networks labeled “Public” by deliberate design).
Public network reassignment plays hob with all kinds of security stuff
I’ve also been followed online chatter about lots of other problems related to this update for those running Microsoft Security Essentials. Turns out that if you’ve ever installed another security package before using MSE, your machine may hang on the reboot after installing the patch, for which the only fix is to roll back to the LKGC or a restore point before installing the patch, then running a clean-up tool to remove all vestiges of the preceding security package. and trying again. Others have posted to report of issues related to MS Office network links failing (which I imagine is related to network security defaults). Seems like other bugbears are going to come pouring out of the woodwork as well, given the many other Windows widgets and behaviors that depend on secure network access.
Two observations about Windows Update KB2310138 dated 7/26/2011:
Don’t even think about rolling this out to your client base until the issues get addressed and fixed! (It takes no crystal ball to foresee some kind of follow-up, repair tool, or clean up effort appearing as soon as MS can whip something out.)
If you do work with machines for which auto-update is turned on (typical at home and in SOHO situations) be prepared for some clean-up work. For me, properly restoring the network type seemed to fix all of my problems — but then, I have messed with security software long enough to know that you never install a new such package on a Windows PC without first thoroughly cleaning up a prior such package beforehand.
Caveat emptor (or “downloador” if you prefer), baby! And for those who are compelled to ask “Who uses MSE anyway?” the answer may be surprising, given that it’s free for up to 10 PCs in home and SOHO situations, and available for generous corporate license terms. I use it in almost all of my VMs these days, because it is free and updates flow through the same mechanisms as OS updates. It’s adequate and too convenient not to use in such situations. I suspect there may be pockets of it in test and development labs, even in situations where more general licensing may not be in effect for corporate use.
About two years ago, my wife needed a new PC and I wanted to check out a mini-ITX build, so her needs and my insatiable desire to tinker coincided nicely. Out of that effort came a very nice small system for her, built around an MSI Industrial 945GME1 Core 2 Duo Mobile Mini-ITX motherboard and a Morex T-3500 150W Mini-ITX case (see photo below). I equipped it with an Intel Core Duo T2300 mobile CPU, 4 GB of RAM, and a speedy 250 GB 7200 RPM Seagate hybrid drive. It’s no screamer, but for somebody whose sole use of a PC is reading e-mail and surfing the Web, it works pretty darn well.
A sweet little mini-ITX box, except for one little thing…
There has been one little nagging problem I’ve had since installing Windows 7 SP1 on this machine. Whereas it had been waking from sleep on a mouse event beforehand just fine, since then it has fallen into what I jokingly call “the sleep of death” whenever it sits idle long enough (240 minutes, in fact, based on timers I’d set for disk spindown and screen power-down) to turn itself off.
It wasn’t until I systematically went into the Power Options item in control panel and set ALL of the timeout-based Advanced settings available for the current power plan to “Never” (hard disk and display) that the unit no longer required a hard reset to come back to life after going into a reduced power state. There’s something about the MSI MS-7265 industrial motherboard that doesn’t like it when idle power-down occurs. I’m OK with leaving a 2.5″ 7200 RPM drive spinning all the time, and instead of powering the display down, I simply run the “Blank” screensaver which turns off the screen anyway.
According to my Seasonic Power Angel, the unit draws only 35 Watts when the display turns off but the fans keep running and the drives keep spinning. Internal temps usually stay around 40 C° with the CPU cores in the 34-36 C° range. It’s like leaving a low power lamp on all the time, which I guess I’ll have to live with unless I can train “the Boss” to start shutting down at the end of her computing day. But at least the gosh-darned thing keeps running all the time now, and doesn’t need to be rebooted every time you leave it alone for a while.
I’ve known Mark Russinovich for over 10 years, thanks to some work I did for his company back in the early 2000s. I’ve known of Mark Russinovich for twice that long, thanks mostly to his fantastic work on a series of Windows Administrative tools. These days Mark still does much of the same things he’s been doing since way back when, but he now does them for Microsoft, and Microsoft continues to give his Sysinternals admnistrative utilities for Windows away for free. In fact Sysinternals has its own subdomain inside Technet: It’s called Windows Sysinternals and everybody who works on Windows computers should have it in his or her favorites list.
Finally a good book digs into the Sysinternals utilities
The Sysinternals Web pages used to the best place to look for information and guidance on using these tools, along with the occasional blog from Mr. Russinovich himself (and in fact, his latest blog is entitled Troubleshooting with the New Sysinternals Administrator’s Reference). That blog shares with this blog a primary subject — namely, the book depicted in the preceding screen cap. Entitled Windows Sysinternals Administrator’s Reference, by Mr. Russinovich and Aaron Margosis (Microsoft Press, July 20, 2011, ISBN-13: 978-0735656727, list price $49.99, $31.17 at Amazon) it not only presents and discusses all of the many tools that Sysinternals makes available to Windows admins, it distills some incredibly valuable wit and wisdom on how best to put these tools to work, straight from one of their key developers.
Nobody who works with Windows Servers should be without a copy, and anybody who works on Windows Desktops will find this book equally useful. It akes you through analyzing CPU behaviors, memory leaks, and helps demystify the many vexing and sometimes baffling problems to which Windows systems occasionally fall prey. You will also understand how to use the Sysinternals tools to look deeper into the Windows registry than you may have thought possible, and how to use memory dumps to troubleshoot not just BSODs and system hiccups, but also application or service issues as well.
At just over $31 at Amazon, the book is a steal. Even at the $45 full retail price it’s still worth every penny. If you work with Windows systems I have three words of advice: Buy. This. Book.
MS Learning Exam page for 98-349
OK, so I’m on tap with my fearless and feckless co-author and project manager, Kim Lindros, to write a short exam prep book on Windows Operating System Fundamentals (Exam 98-349). This item takes Windows 7 as its focus, and is part of Microsoft’s new Microsoft Technology Associate (MTA) certification family. For those not already in the know, the MTA program (in Microsoft’s own words):
• is targeted primarily at students who attend high schools and two-year colleges.
• assumes some hands-on experience or training but does not assume on-the-job experience.
• provides an appropriate entry point to a future career in technology.
This is an interesting exam because it provides a basic but thorough introduction to desktop operating systems as see through the lens of Windows 7. Great coverage of configuration issues, items, and tools including msconfig.exe, the Control Panel and its many built-in (and add-on) elements. Even better coverage of install and upgrade maneuvers, especially the various paths to Windows 7 install with USB now finally an official sanctioned method, and how virtualized clients figure into (and onto) the desktop. OS maintenance also gets good coverage, too.
.With all this in mind, should IT professionals who don’t fit Microsoft’s target audience consider this exam? Nah, but there’s no harm in using its curriculum, objectives, and prep materials as a great set of learning materials for those in need of Windows 7 knowledge. It’s probably best viewed as a great intro for others in your organization, and power users, who want to dig into and learn Windows 7 basics to boost their skills on the job.
Those familiar with the expansion of WHS to “Windows Home Server” will probably be wondering why I’m writing a blog post on this particular product in an Enterprise Windows Desktop blog. Good question, but I’d also like to observe I’m a dedicated home theater PC aficianado as well as an enterprise desktop kind of a geek. And this is an inarguable case where those who might read this blog, but who also run Windows at home, simply must know about a current and ongoing promotional pricing deal available for an OEM version of WHS 2011 at both Newegg ($69.99) and Amazon ($57.11).
Windows Home Server 2011 logo
This is an OEM version for which you’ll need to assemble your own hardware, and it is a 64-bit version (which requires a 64-bit capable processor, but that’s not too much of a stretch these days). I’ve got an HP Media Smart server running their customized variant of an older WHS version (2010) that I’m going to try it out on, but just about any kind of SFF or Home Theater encased modern AMD or Intel rig should do the trick. I’d recommend using 4 GB of RAM (I’m not sure more than that will really do a whole lot of good, but you can use more if you like; I do know that you want at least 2 GB to get reasonable performance out of this kind of runtime environment).
The usual price for this software is $150, so $60-70 really is a heckova deal. It presents more or less the same interface as Windows 7 and behaves in much the same way, so if you know your way around the desktop OS you’ll be reasonably proficient at doing likewise with WHS 2011. And it really is a good deal, hyperbole notwithstanding. If you’ve got a substantial media collection to manage and stream around the house, and can also use a good local network backup option, WHS 2011 should be a good fit for your home network.
Huh? I’m drawing from the wit and wisdom of founding father Benjamin Franklin who once said “Experience keeps a dear school, but fools will learn at no other.” I’m pretty sure this means that fools have to learn things the hard way, and this weekend I got smacked in the face by that realization as I started working on a new laptop (a reconditioned Acer 5552 that I got for an unbelievable $350 last week).
Out of force of habit, I started applying Windows Update patches (I think I started out with 88 of them pending) before I stopped to reflect that I also wanted to upgrade the OS. It shipped with Windows 7 Home Premium, which doesn’t support RDP, and I like to remote into my laptops from my desktop when I’m working at home, because it’s a got a couple of huge screens and my favorite keyboard hooked up to it. So an upgrade is absolutely essential for me, and my MSDN Premium subscription makes that easy and affordable to do on my test machines.
I already knew that I shouldn’t apply Win7 SP1 to my machine until after I upgraded, but I didn’t stop to think that it makes more sense to upgrade first, and update second, rather than the way around. And in fact, when I tried the upgrade after doing all the patches, the upgrade failed. But when Acer shipped the machine something about the way the Windows image got blown onto its hard disk created a spurious drive entry in Windows Explorer, and they either elected to turn off Windows Restore or something about that dual C: drive entry caused it to fail. I had to monkey around with System Protection options to clean up that entry, and only then was I able to turn on System Restore so I could create Restore Points.
Fortunately for me, the first Restore Point I created (somewhere around the 44th update or so), went far enough back in Windows functionality to allow the OS Upgrade to work. So I got the unique pleasure of running the second half of the update stream twice, and then applying SP1, and another raft of updates again after the Service Pack installed correctly. Back in the day when I studied databases, we used to say “selection before projection” to minimize the amount of data generated when formulating cross products across multiple tables. This weekend, I was reminded that when it comes to Windows 7 “upgrade before you update” is the right way to proceed with new machines that come with lower-level OS versions installed that you wish to bump up in functionality and capability.
Yep! Over 200 years later, Mr. Franklin’s pithy observations can still goad IT professionals into thinking more (and more deeply) before they act, rather than back-pedaling and wasting lots of time by acting too hastily. And for those of us who do act too fast from time to time, his words can remind us of better ways to do our jobs in the future!
According to Ed Bott’s latest Microsoft Report (“Can Windows 8 finally vanquish the ghosts of XP and Vista” two interesting Windows phenomena will coincide in April, 2012: Windows Vista mainstream support will end, and Windows 8 will also very likely be released for General Availability (GA). Bott describes this, not without good cause, as “…an almost perfect changing of the guard.” I agree!
He then goes on to quote Microsoft Chief Operating Officer Kevin Turner, who addressed a standing-room only audience at the Microsoft Windows Worldwide Partner Conference this week as saying, “Windows XP, Office 2003, and Internet Explorer 6 deserve a standing ovation. We love those products.” According to Bott’s blog, Turner further observed that these products have also “made Microsoft and its partners a lot of money.” After a pause for dramatic effect, he added, “But they’re dead.” Bott goes on to use this as an opportunity to identify the 300 million desktops running XP worldwide as “Zombies” that are “hard to kill.”
Even though I just about fell over laughing when I read this, there’s a profound germ of truth to this statement. XP is going to outlive Vista in all likelihood, what with extended support continuing on into 2014. His guess is that businesses will really start jumping on Windows 7 at about the same time that Windows 8 becomes available. For a couple of years Microsoft will be supporting four desktop versions of Windows: XP, Vista, Windows 7, and Windows 8. I think it’s funny and sad that Vista never really got its chance, and that XP is leaning toward Zombie OS status (maybe a new category? ;-).
Whatever happens, next year should be an interesting one for those of us who work with, follow, and have to learn our way into the latest version of Windows, even as other versions still remain on the scene.
I’d been reading about the advance info for this month’s Patch Tuesday last week, and was a little surprised and frankly also relieved to learn that July 2011 features only four security bulletins (see all the details in the July 2011 Security Bulletin Summary from Microsoft). Imagine my surprise, therefore, when that translated into 6 bulletins for my x86 Windows 7 computers, and as many as 9 for my x64 machines (there’s also a whopping big security roll-up for Office 2010 that showed up on those machines where I’ve got this package installed).
The four bulletins listed in the Microsoft summary include the following:
- MS11-053Vulnerability in Bluetooth Stack Could Allow Remote Code Execution: closes a loophole that could let attackers use specially constructed Bluetooth packets to install programs, mess with data, or create new user accounts with administrative rights. This one’s marked Critical and given the huge number of Bluetooth equipped systems out there is worth rushing into the field.
- MS11-054 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege: resolves 15 different privately reported vulnerabilities, but exploits require valid logon credentials. This one’s marked Important.
- MS11-055 Vulnerability in Microsoft Visio Could Allow Remote Code Execution: closes a backdoor that can open when a user accesses a Visio file on a network where a malicious library file is present, and could grant an attacker the same rights as the affected user. This one’s marked Important.
- MS11-056 Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege: Resolves a handful of privately reported loopholes in the CRSS, though logon and use of a special application (attackers must have valid log on credentials and also log on locally). This one’s marked important, too.
The first Bluetooth item is a hair-raiser, the others are less dramatic or likely to be traumatic. Other items that showed up in this month’s mix included the usual Windows Malicious Software Removal Tool for July, an update to various Outlook Junk Email filters, and something called the Microsoft Office File Validation Add-in (KB2501584), used to confirm that binary files conform to requires MS Office file formats, to help users avoid potential security risks. Another interesting item that didn’t make the bulletin showed up a little later than the other updates on Tuesday: Insecure Library Loading Could Allow Remote Code Execution (KB2533623). It affects the way applications load libraries (key ingredients in the way many of them operate or behave). Other than posing a security risk if a hacked library ends up being loaded instead, I’m not really sure I fully understand this one. I’ll be looking for additional clarification and report back if I find any…
A trio of other interesting items showed up on my x64 Windows 7 machines. KB2552343 addresses a time-out error that can occur when installing a Windows Update package that includes drivers on Windows 7 or Windows Server 2008 R2 PCs (that can’t be good). Another one (KB2547666) fixes a bug that prevents users from deleting long URLs in the browsing history for IE on the same OS platforms. A third addresses the blurred-font issue I originally picked up from Ed Bott late last month (KB2545698).
All in all there was a little more to dig into, and chew on, that the advance reports led me to expect. But that’s the way it goes with Windows operating systems, for sure!
For those who don’t already know, David Solomon has been an author on an immortal classic book on Windows internals since its first edition came out way back in 1997. The book is now entitled Windows Internals, appropriately enough, and in its Fifth Edition, though this same tome appeared in its first two editions as Inside Windows NT in the 1990s.
As it happens, Mr. Solomon also runs an organization called “David Solomon Expert Seminars” that offers both online, Webinar-oriented training as well as instructor-led classroom training. For those for whom the book isn’t enough, in fact, his company offers 5-day seminars on Windows OS Internals and Windows Troubleshooting and debugging at some pretty princely prices ($2,999 if booked four or more weeks in advance; $3,499 if booked less than four weeks in advance).
More interesting to me (and probably to readers of this blog) is a two-day Webinar entitled 2 day Windows Internals with Sysinternals which goes for a mere $399 (if booked four weeks or more in advance, $499 if less than four weeks). Using the well-known Sysinternals Process Explorer, Process Monitor, and Autoruns tools (all favorites of mine, and many other experienced Windows systems administrators), admins will learn how to dive into threads, processes, and job data structures, dig into memory management mechanisms, and explore crash dumps at a fairly deep level of detail.
This is a pretty good deal for those looking to learn to do more with Windows Internals, and to get a crash course on the real and extensive capabilities of the Sysinternals OS utilities. For those looking to do something interesting, valuable and informative for the often fallow period from Thanksgiving through New Year’s it’s a pretty good way to end the year on a high note. Highly recommended, in fact!
I always love good, strong opinion pieces on Windows, and none more than those from UK-based Microsoft MVP Mike Halsey. His latest rant is called “Windows 7 annoyances that have got to go!” Even though his story includes some very positive statements about Win7 (he says that Windows 7 is “…the most stable, dependable, attractive, feature-rich, and secure [operating system] that Microsoft have ever developed”), he raises some interesting and entirely reasonable objections to that selfsame OS.
You’ll want to read this fascinating and amusing article for all the details, but just a recitation of Halsey’s list of annoyances is enough to get even moderately experienced Win7 users’ heads bobbing up and down in entire agreement. He finds entirely plausible things to hate about Windows Upate and Action Center, libraries, homegroups, the Start menu, and the System reserved partition. Also in for his ire are various folder view options, sound device switching, desktop files, and restarts required after patch or update installations. I have hit and groused about every single one of the items on this list myself, and count myself among the head-bobbers, too, even if I do consider myself to be somewhat more than “moderately experienced” with Windows 7.
Check out Halsey’s article. If it doesn’t inspire some head-bobbing on your part, too, I’ll be surprised. But at the very least it will inspire several rueful chuckles as you read it through. I hope Microsoft reads and ponders this article carefully and takes appropriate action with Windows 8. If they wanted to, they could really learn some good stuff from this guy!