In my ceaseless trolling for good Enterprise Windows 7 news and info, I regularly scan the Microsoft and TechNet blogs. This morning, I decided to read the whole list of bloggers on TechNet and somewhat belatedly came across a listing called “The Deployment Guys.” I’m really glad I did because I came across quite a few gems there.
Aside from containing one of my all-time favorite “sniglets” — namely, automagically — this site offers up some incredibly useful information particularly when it comes to mastering the ins and outs of the Microsoft Deployment Toolkit 2010, including the following items among many others:
- Supporting different build types using a single deployment share
- Dynamic Computer Naming in ZTI Deployments
- Allowing Better Interaction to App-V Virtual Applications
- Finding Updates for Image Engineering
- New Optimized Desktop Resources
I could go on further, but this should be enough to show you that there’s a raft of great stuff here, along with lots of good tips and tricks about how to make the most of Windows 7/Windows Server 2008 deployment tools and technologies available from MS. If you’re at all like me, you’ll add this to your favorites, and you’ll start picking up on their Twitter or RSS feeds.
OK, so it may be too much of a stretch to compare rooting out a stubborn Registry key to Lady Macbeth’s lamentations, but it’s my blog and I can steal a line from Shakespeare with the best of them. In this case, I’m inspired by Scott Hanselman’s Computer Zen blog post entitled “How to REALLY hurt yourself with PSEXEC – Deleting the Undeletable Registry Key and More.” In a nutshell. this post explains how he got stuck with some Registry keys related to no less than SEVEN virtual network interfaces inside a VM and found himself unable to remove the registry keys responsible for their continued existence — and maddening consumption of system resources — despite running regedit.exe from an administrator account.
This whole story hinges on the wonderful Sysinternals utility called PsExec, which lets administrative users launch programs with arbitrary user rights. Hanselman couldn’t get regedit to delete the registry keys for the bogus virtual network adapters he wanted to remove from his system. Even in an account belonging to the Administrators group he was getting “Access Denied” errors when he tried to remove those registry keys.
PsExec let him load the regedit program and run it interactively at a System level of permissions (where anything is possible, and where “severe tire damage” far too likely for those who don’t proceed carefully, and don’t know in great detail what they are doing). The command syntax looks like this:
psexec -s -i regedit.exe
In this context, it’s also worth repeating Hanselman’s warnings about taking this approach to overpowering built-in Windows restrictions on deleting key registry keys, files, and other objects:
If there was one tool that really “takes the safety off the gun,” it’s PsExec. You can hurt yourself and your system with PsExec in ways where you’ll not realize until it’s too late. There aren’t enough words with big enough fonts and scary enough evocative stock photography to fully express how dangerous this tool is.
Wow! Nothing gets me as excited as the ability to do myself infinite harm, so I dove right into my Sysinternals tool directory and fired up a couple of programs using this very approach to see what I could get away with. Indeed, regedit performed as described and I was able to go in and delete anything I wanted to (which I immediately restored so as not to do any damage). The same trick also works for launching cmd.exe, and then you can use the command line to delete any Windows file you might want to get rid of without restrictions (the remorse could come later if you really shot yourself in the foot).
I think this is a great technique for Windows systems admins to add to their bag of tricks, but it really is one of those approaches that should be treated with extreme care and caution. Unless you know exactly what you’re doing and restrict your actions to repairing mistakes that Windows and other software can inflict on your system, you might be in for a world of hurt with this technique. My advice is to use it only for extremely limited purposes, and only when other tools or techniques just won’t or can’t fix your problems.
I’ve long admired and followed the work of Windows expert Ed Bott, who writes a regular blog for ZDNet (now a CNET property). His recent posting entitled “Stay safe online: 5 secrets every PC (and Mac) owner should know” is a short, sweet and extremely informative primer on what information security experts often like to call “safe computing practices” or “Internet Security Awareness.”
Ed Bott’s Safe Computing Blog
As you work with and around Windows 7 systems, you will occasionally need access to a bootable Windows 7 image from which to conduct system repairs. If you don’t have a set of 32- and 64-bit boot disks handy, nor original optical Windows 7 media, you can always go back to ISO images for Windows 7 to construct bootable images. These days, I like to use the Windows 7 USB/DVD download tool, available from the Microsoft Store online (and lots of other locations), to build bootable USB flash drives from which to launch Windows 7 reinstalls or repair operations.
But with this tool in hand, where to go to get the ISO images for Windows 7 to build the bootable UFD? If you have an MSDN membership you can download from there, or if you’ve bought Windows 7 online from Microsoft, you’ve downloaded and stored a Windows 7 ISO image somewhere locally already. If neither of these options is available to you, check out this MyDigitalLife how-to guide from November 2009 “Windows 7 ISO x86 and x64 Official Direct Download Links (Ultimate, Professional, and Home Premium).” (A word of warning: only the Digital River download links posted there currently work. The Amazon links are all DOA. )
OTOH, here’s a set of links for the Windows 7 SP1 ISOs from Windows 7 Hacker “Download Retail Windows 7 ISO from Official Website,” dated August 8, 2011 (and again, only the Digital River links appear to be working).
When you have the ISO file downloaded, you can use the Windows 7 USB/DVD download tool to construct a bootable UFD or DVD for Windows repair or reinstall purposes. Enjoy!
I just stumbled upon a ComputerWorld story by Brian Nadel entitled “Inspector Gadgets: 13 Windows 7 gadgets for monitoring your PC” that’s chock full of interesting items that systems administrators and power users will enjoy checking out (and possibly using on their desktops). I myself am a big fan of basic system monitoring gadgets on my Win7 machines, and regularly run the following on those PCs (listed in their typical order of appearance):
- All CPU Meter (V 3.7) from Addgadget.com
- The built-in Clock gadget that ships by default with Windows 7
- Network Meter (V 6.5) also from Addgadget.com
- Windows Vista Shutdown Control (GadgetsForVista.net)
Nadel’s story offers a larger and quite interesting array of gadgets, about half of which are depicted here:
Nadel’s Gadget Gallery from ComputerWorld story
I’m pleased to report that a couple of my gadgets made the cut, but even more pleased to discover some additional useful elements in Nadel’s list. Please take a look at his article to get information on the following Windows 7 Gadgets:
- System Control A1
- Core Temp Gadget
- Top Process Monitor
- Network Meter
- DC Wireless Network Monitor
- O&O DiskStat
- Drive Meter
- GPU Monitor
- Windows Firewall Profile
- 9-Skin Battery Meter
- Intel Core Series monitor
Be sure to check them out: there’s some good stuff in here!
A recently published Gartner study (cited in stories at computing.co.uk and FierceCIO TechWatch) apparently predicts numerous interesting Windows 7 developments and phenomena. First and foremost, Gartner predicts that somewhere around 42 percent of all PCs world-wide will run Windows 7 by the end of 2011, giving it first-place ranking and finally ahead of Windows XP on the desktop. Second, and perhaps more interesting is a quotation from Gartner Research Director Annette Jump that reads “Many enterprises have been planning their deployment of Windows 7 for the last 12 to 18 months, and are now moving rapidly to Windows 7.”
Headline from Gartner Press Release on Win7 Report
Reasons cited for the forecasted jump include increasing IT budgets in 2011 and 2011, along with a substantial number of Windows 7 migrations initiated in the final quarter of last year (2010). While this may seem like happy news for Microsoft, long term-predictions are less rosy for Windows. According to the already-cited TechWatch article “…it is interesting to note Gartner’s opinion that Windows 7 is likely to be the last operating system from Microsoft deployed in such numbers. Gartner attributes this prediction to the rise of ‘OS-agnostic’ applications for enterprises, meaning software not tied to a particular platform.” That story goes on to say that her research indicates that such applications are likely to comprise half of all apps in use by 2012.
I do think this means that Windows 7 has finally reached or is nearing the tipping point for enterprise adoption, but I’m not so sure that Gartner is right about a decline in Windows use in the enterprise. All that hardware (desktops and notebooks, especially) has to run some kind of OS, and there’s really no viable alternative that has all of the imaging, installation, deployment, configuration, and management tools by which enterprise IT departments live and die out there right now. I believe that Windows will remain unchallenged as the enterprise client OS until such time as a fully-fledged alternative makes itself available. Right now, this is just a mythical beast and until that critter becomes real, Windows stays in the catbird seat.
One of the best things about recent versions of Windows has been increasing transparency in the MIcrosoft development process, perforce through increased access to executives and developers alike. As Windows 7 ground its way to completion I enjoyed the various blogs it gestated, still visible on MSDN as the “Engineering Windows 7” blog. Today, Microsoft’s “Windows President” Steven Sinofsky launched a new blog for Windows 8, called “Building Windows 8″ with an introductory post entitled, appropriately enough “Welcome to Building Windows 8.”
Kick-off post launches the Building Windows 8 blog
Here are some interesting sound bites from this posting:
- …today we want to begin an open dialog with those of you who will be trying out the pre-release over the coming months.
- We intend to post regularly throughout the development of Windows 8, and to focus on the engineering of the product.
- Windows 8 reimagines Windows.
- The appearance of touch-screen mobile phones with the rich capabilities they bring, have together changed the way we all view computing. Most of all, computing is much more focused on applications and on people than on the operating system itself or the data.
- …in the next few weeks we will just start talking specifics of features, since there is no obvious place to start given the varying perspectives. [networking, storage, performance and fundamentals, developers, IT pros, and gamers all mentioned in preceding sentences]
- …we’ll work hard to have constructive conversations with you, share the data, and, when the situation calls for it, make thoughtful changes.
It sounds like a lot of interesting stuff will be breaking in this blog, so you’ll probably want to follow it along with me. You can get notifications by following @BuildWindows8 on Twitter, just like I will!
After the sizable set of updates (12-16 on my various Windows machines) last Patch Tuesday that I documented in Wednesday’s blog “First Patch Tuesday August 9…” I found myself pondering once again the incredible value that automated deployment tools bring to IT environments of any size. Not only can these tools — which include the likes of LANDesk, Altiris, CA Unicenter, and Microsoft Configuration Manager to name just a few — push updates out to desktops on a tightly scheduled basis, they can also roll back machines to a pristine, pre-update state, should anything prevent their successful application (and also perform rollbacks after the fact, if hitherto undiscovered difficulties should rear their ugly heads later on down the road).
In addition these toolsets can also apply service packs, home-grown or third party applications updates or upgrades, tally up hardware and software inventories and attributes, and manage licenses. Some of them extend these same functions to centrally managed mobile devices such as smartphones or PDAs as well.
It stands to reason that because enterprises need time to deploy patches in a test lab, and make sure they break nothing in the standard environment (or interfere with home-grown systems and applications), they also need capable tools to speed deployment of such patches and fixes as survive the testing and vetting processes. And because so many organizations work within tightly scheduled update windows that typically occur anywhere from once a month to once per quarter, they need smart tools that can work within those windows and provide intelligent rollback and recovery methods should anything go wrong before the window closes.
As we all know, it’s imperative for employees and systems to get back to work as soon as the update window closes and operations resume. Better to fail gracefully and fix problems during the next window, than to have anything prevent normal business operations from resuming on schedule in any kind of enterprise.
A quick look at Microsoft’s Security Bulletin Summary for August 2011 shows 13 security bulletins for this morning. My own machines (both 32- and 64-bit Windows versions) showed a nearly uniform list of 14 security bulletins (including some non-bulletin elements like the monthly refresh of the Windows Malicious Software Removal Tool and a keyboard driver for my Microsoft keyboards).
Microsoft Windows Security Bulletin Summary August 2011
Here’s a list of the items in the executive summaries section of the August 2011 bulletin (with links to the relevant security bulletin for each item):
- MS11-057 [CR] Cumulative Security Update for Internet Explorer (2559049)
- MS11-058 [CR] Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)
- MS11-059 [IR] Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656)
- MS11-060 [IM] Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978
- MS11-061 [IM] Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250)
- MS11-062 [IR] Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454)
- MS11-063 [IR] Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
- MS11-064 [IR] Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
- MS11-065 [IR] Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
- MS11-066 [IM] Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
- MS11-067 [IM] Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
- MS11-068 [MR] Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
- MS11-069 [MM] Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
Key to [xx] bracketed ratings information
First char describes severity ranking: C = Critical, I = Important, M = Moderate
Second char labels restart: R = requires restart, M = may require restart
MS11-058 deals with DNS servers and is highly unlikely to show up on Windows client computers, but the rest of this sometimes comes in separate 32- or 64-bit versions, all of which are likely to show up on Windows desktop machines. There will be some serious and meaningful work for system admins to get these updates into testing to determine if and when deployment will be necessary (as will probably prove to be the case for all critical and important updates in the list, where they touch functions that are present on specific Windows clients or reference builds).
For those who use automatic update, please note that there are two .NET Framework items that remain unselected for install by Microsoft’s choice: KB2468871 and KB2533623. These will need to selected for manual installation if they show up on client machines (as they will for most ordinary Windows users).
If you mess with screen captures and digital images as much as I do, you’re always having to resize images. In particular, I’ve got to do that for my PearsonITCertification.com blog, where the software won’t allow images more than 500 pixels wide to be uploaded. It’s kind of a pain to have to fire off Corel PaintShop Pro or Adobe PhotoShop just to resize an image. That’s why I was glad to see Paul Thurrot’s latest “Windows 7 App Pick” put a new version of this utility, called Image Resizer 3, in the spotlight.
It’s a trivial download (540K for 32-bit, 600K for 64-bit Windows 7 OS), that comes in
.msi (Microsoft Installer) format and takes less than one minute to install. After you install the PowerToy, when you right-click any image format, “Resize image” shows up as an option for that file. The following screen shot shows Explorer with an image file selected, and the Resize image window that pops up in response.
Here’s the Resize Image control window inside the Explorer parent frame
This little PowerToy is now part of my standard Windows desktop configuration. Perhaps it should be part of your standard image, too.