I run Secunia PSI on all of my networked PCs (which means “all my PCs,” in fact). Every now and then, the program smacks me with forcible reminders of how interesting it can be for network admins to keep up with an ever-changing landscape of patches, fixes, and updates.
Two cases in point on my production PC this morning:
- Secunia informed me that my Citrix WebApp plug-in was out of date and that a newer version was available. But because I’m not a licensed Citrix user at present (I was working as a contractor for a chemical company last year, and got the plug-in from them so I could use their VPN) I wasn’t able to download the latest version (no license, no access, as is perfectly understandable). I ended up having to find the directory in which the plug-in resided, and then having to manually delete same, to clear the warning on my machine. No big deal: I’m not using it anymore anyway.
- Secunia also let me know that a new version of Chrome 10.x was out (and wow! the first one only shipped last week: those Google guys move fast!). I clicked the About menu entry in the program and it informed me that Chrome was up-to-date. So I had to go to the Chrome download page, then download and install the latest version to clear that warning.
It just goes to show you that when it comes to keeping up with software updates, it’s not always a push-button, completely automated affair. Sure, Secunia will indeed update lots of stuff for you, but there’s always something that automation doesn’t catch (my lack of Citrix download access on the one hand, and Chrome’s refusal to recognize it needed updating on the other). That’s when an admin has to step in, figure out what’s broke, and fix it the old fashioned way: diagnosis, analysis, repair, and post-assessment. I guess we should all be glad: otherwise, somebody in Pune or Hyderabad would be taking care of my machines for me, and I’d be out of a job.
[Note to the wonderful folks at Secunia, whose PSI is a real Godsend to me: my final remark about being out of a job is purely metaphorical, all my systems are in my home, and not part of a commercial enterprise. Please! Don’t take my licenses away.]
In reading Michael Horowitz’s “Defensive Computing” blog on ComputerWorld this morning (it’s entitled “Windows 7 Restore: less trustworthy than XP?” I was reminded how things can go wonky in a hurry when Microsoft changes its rules for system behavior. And for those who didn’t follow along from XP to Vista and thence to Windows 7, some of those rule changes can lead to some nasty surprises along the way.
Case in point: automatic system restores in Windows 7. As Horowitz quotes from MS documentation in his blog “System Restore in Windows 7 creates a scheduled restore point only if no other restore points have been created in the last 7 days.” XP makes restore points every day by default schedule, so I can see where dropping down from daily to weekly might be problematic, especially on volatile test systems where getting back to a stable state will be easier if users can expect restore points to be less than a week old.
I have several things to say about this phenomenon:
- It’s good to be aware of this default, and to make changes if it doesn’t work for your needs. One way to do that is to check out the How-to Geek’s instructions “Change How Often System Restore Creates Restore Points in Windows 7 or Vista,” where you find step-by-step instructions for using Task Scheduler to create Restore Points at a frequency and time of your choosing. Another way to do this is to use some kind of virtualization tool to run volatile OSes, which may then be captured with regular snapshots.
- When Windows 7 (or Vista) makes an image backup using the built-in backup utility, it captures a restore point at the same time it makes that backup. By scheduling image backups at a higher frequency than once a week, you’re guaranteed to do likewise for restore points. Here’s a screen cap from one of my fairly busy test machines that shows that both automatic and image backup restore points can be collapsed into a single snapshot (see first two entries below).
- I’ve been messing about with boot/system drive SSDs for over a year now, and I’ve learned to flout conventional wisdom and/or typical advice to turn off System Restore for such drives. Yeah, sure, it means more writes on those drives and probably a shorter lifetime, but I’ve learned the hard way that the convenience and quick fixes that restore points can deliver outweigh the extension to drive life that turning restore points off for SSDs can afford. Besides, I’m pretty sure I won’t be using those drives for more than 3-5 years anyway, and the “10,000 write limit” should last quite a bit longer than that.
When it comes to Windows 7 restore points, if you don’t like the default behavior, you can — and probably should — take steps to change it. Then you won’t have to be unpleasantly surprised to learn that your most recent restore point is 7 days old, because you can take steps to ensure it will never be any older than whatever frequency you schedule for restore point creation (using Task Manager, or some other automated scheduling tool) or system image backups (using the built-in utility).
At yesterday’s Microsoft Desktop Virtualization Customer Roundtable, the company soft-announced a beta date for Windows Thin PC (aka WinTPC) some time before the end of March, 2011. This is a locked down, small-footprint version of Windows 7 designed to permit existing PCs to serve as thin clients. (You can see a fascinating video about this event on the Desktop Virtualization home page, including an on-cam interview with Microsoft Windows GM Gavriella Schuster, as she walks viewers through a raft of customer success stories on this technology.)
Microsoft has now instituted GA (general availability) for App-V 4.6 SP1 as well. It’s intended to make virtualizing applications faster and easier. The latest release includes “package accelerators” to simplify and speed up the app virtualization process, and deliver those virtualized apps over their network infrastructures. These package accelerators should be available in early April, with tools for Adobe Reader, Office 2010, and Microsoft Project planned among the first such offerings.
At the same time, Microsoft Enterprise Desktop Virtualization (MED-V) version 2.0 is also in GA status. This technology permits IT professionals to package up and deliver legacy applications inside VMs that can run on Windows 7 through direct desktop integration (packaged apps run from icons on the desktop or Start Menu entries, though their runtime environments operate inside VMs running older MS operating systems, typically Windows XP). This latest release includes improved linkages with System Center Configuration Manager as well as various third party solutions.
Of course, these technologies are available only to customers who have purchased Software Assurance (SA) licenses or a Virtual Desktop Access (VDA) subscription. For more information, see Dan Kuznetsky’s exellent ZDNet blog (“Virtually Speaking”) entitled “Microsoft Announces Windows Thin PC and Both App-V and MED-V Updates” or Kurt Mackie’s February 16 story for “the Journal” entitled “Windows Thin PC Details Revealed.”
Snipped from the MS Born to Learn blog for March 3, here’s a screencap of all the free e-books currently available online from Microsoft Press. Yes, you read right: free e-books. Check ’em out!
Finally! The latest Employment Situation Summary from the US Bureau of Labor Statistics released this morning shows some welcome and long-overdue signs of improvement in hiring numbers. But although nonfarm employment numbers jumped by 192,000 for February, the unemployment rate stands basically unchanged at 8.9 percent (employment gains from hiring were offset by unemployed persons once again looking for work, thereby boosting the overall employment pool). The big job gains occurred in the following sectors: manufacturing, construction, professional and business services (good news for IT contractors and consultants perhaps, if not for the entire information sector at large — more on this in the next paragraph), health care, and transportation and warehousing. Of course, we need to see monthly numbers jump by 100,000 or more above this level to really make a dent in unemployment, but good news is still good news in this troubled part of the economy.
On NPR this morning, I heard a story that was much more encouraging for beleagured IT workers. Zoe Chace filed an item entitled “Want A Job? You Ought to Be a Tech Geek” In it, she recounts how upcoming and recent IT graduates with programming expertise are finding themselves in the unusual and welcome position of having to decide among multiple offers — sometimes as many as ten or more per job candidate — when it comes to choosing an employer. A strong demand for mobile app developers (there’s a surprise, eh?) is fueling this hiring frenzy, but it’s a strong showing for what has been a grim job market for recent graduates since the economy hit the skids in 2008.
Now, if only that frenzy could extend as far as rank-and-file IT jobs, the doldrums might finally be behind us. My best guess, however, is that we’re at least 12-18 months away from the kind of rising tide that is likely to float all hiring rates higher, especially for cost-center/infrastructure functions like IT. Hang in there, IT troops: looks like the first faint glimmers of improvement are finally heading our way!
Here’s a tantalizing snippet referenced in the latest Microsoft Security Bulletin Advance Notification for March 2011. It’s from KB article 894199 entitled “Description of Software Update Services and Windows Server Update Services changes in content for 2011.”
Given that an update was pushed out of band in mid-February to pave the way for changes to Windows Update prior to the release of Windows 7 and Server 2008 R2 SP1, and that I believe Windows Update repairs are needed after SP1 is applied, I can only speculate that this update will probably address whatever issues the Windows Update Troubleshooter found following SP1 install on all of my machines. (See my blog on post-SP1 repairs needed for more info on what I observed.) Alas, the KB referenced in the preceding screen cap is not yet live on the MS Web site (KB2505438).
And of course, Patch Tuesday being what it is — a way for Microsoft to batch up its security updates, and for IT admins everywhere to plan to deal with them on a regular schedule — there’s also some other action in the offing for Tuesday, March 8 as well. There will be three security updates released that day as well, all of which will address remote code execution vulnerabilities. Two of these are rated Important, and one Criticial. One from each of those categories will address Microsoft Windows vulnerabilities the third (important-rated) item addresses vulnerabilities in Microsoft Office. But compared to the dozen or more security updates released in February, this makes March a light month by comparison.
Now, there’s only one thing left I’d like to know: Why did the 34 optional updates for language packs that I’d already hidden show up again in my update list this morning? Go figure…
In the latest addition to his Microsoft Report (“How long will Microsoft support XP, Vista, and Windows 7?“) Ed Bott sums up all the forthcoming retirement dates for mainstream and extended support for all the various current Windows versions in use today: XP, Vista, and Windows 7. This is a handy-dandy tool that many IT pros will want to clip and save, as I did to create my own blog for today:
Obviously, the date that looms largest for many organizations — especially on what I like to jokingly call “the trailing edge” of technology — is the April 8, 2014 date when Windows XP SP3 support goes away forever. Despite the many predictions that Microsoft will yet again extend this date (as they’ve done twice already) I don’t think that it’s going to be stretched out any further. Otherwise, MS ends up supporting 4 OSes for some time, adding Windows 8 (or whatever final product name the “next Windows OS” takes with it to market) to the current three-OS line-up of XP, Vista, and Windows 7. Not gonna happen…
To my great interest and surprise, this morning MS announced it would be making its cloud-based Windows InTune desktop licensing, remote access, and management tools available for $11 (without Microsoft Desktop Optimization Pack, or MDOP) or $12 (with MDOP) a month, starting March 23, 2011. I’d been reading about the offering with interest since the first beta went out in early 2010. Paul Thurrott describes the environment as “…a comprehensive, hosted solution for managing PCs in environments of all sizes…and provides a web-based interface for managing individual PCs, software updates, malware protection, software installations and licenses, (non-AD-based) policies, and more.”
To me what’s striking is that small businesses or households should find these economics very compelling, with $11 or 12 a month for the OS, plus $6 a month for Office 365, that means less than $20 a month for most of the stuff that makes desktops usable and workable. Even with double that amount for other monthly license fees, that means organizations with up to 20 PCs will be better served by this model than even the bottom-of-the-line MSDN or Microsoft Partner subscription. Though they won’t get as much test machine software out of this kind of deal, what they do get is pay-as-you go costs for their PCs, and completely legal (instead of quasi-legal) status for machines used for both production and test purposes.
The default offering includes Windows 7 Enterprise edition, though buyers can choose any version of Windows 7 they might like instead. I can’t see if this means both 32- and 64-bit versions of an OS would be available, but I’d have to guess that would be the case, just to make sure older notebooks and netbooks could run a 32-bit version, while newer or more capable machines run 64-bit.
It should be very interesting to see how this offering gets taken up in the marketplace after March 23 when it goes fully commercial. Given the ability to do remote support and administration for machines not on my LAN, it’s pretty appealing to me as the “family guru” for my sister’s family’s PCs (all 4 of them), my Dad’s PC (a D630 Latitutde notebook), and my own machines (6 to 8 of them, depending on what’s out of commission or on loan at any given time). Even with a total of 13 machines at $40 a month that’s not too bad, as long as I can “charge back” to my other family members. I have to guess lots of other SOHO “outfits” will feel the same way. It’s even more of a slam dunk for businesses not large enough to have Active Directory, but large enough to have 25-100 desktops or more.
In seeking grist for the blog mill this morning, I noticed Ed Bott’s latest ZDNet blog post “Microsoft notes Windows Update ‘inconsistencies,’ provides fix.” He reports therein that he’s monitoring the post SP1 situation in various online forums and indicates that while the SP1 release is apparently proceeding without any major hitches, a few minor ones have popped up along the way.
I was lucky enough to recover from a display driver problem in the middle of the SP1 update process on my HP HDX9203 “Dragon” yesterday, only to have Windows Update inform me that the install process had failed. I tried again, and it worked on the second try. I’ve had other Service Pack installs go south on older Windows versions (particularly Vista) where the outcome was much less pretty: a complete re-install was the only way I could recover from a mid-stream failure with Vista SP1 on a test machine. As far as I’m concerned this particular outcome was much more positive and far less traumatic!
That said, I also noticed that Ed repoorted that when he ran the Windows Update Troubleshooter (Control Panel, Troubleshooting, System and Security, Windows Update) that it came back and told him it had found and fixed some minor problems with Windows Update. “Hmmm.” I wondered to myself “Is that just his machine, or all Windows machines?” Here’s what pops up as a result of that repair, BTW:
While I can’t say for sure that *all* PCs to which Windows 7 SP1 is applied will need such repair, all 6 of my currently available PCs (I have one out on loan, and one temporarily out of service waiting for a motherboard replacement) found something to fix with Windows Update this morning when I ran the utility on those machines. I finished installing Windows 7 SP1 on those machines yesterday, and today the repairs all took root.
To me, this suggests that Windows 7 machines against which SP1 has been applied should also be subjected to the Windows Update Troubleshooter treatment — at least, those machines that use Windows Update to keep themselves current on Microsoft’s latest security patches and other updates. Think of it as a “just in case” maneuver and you may be able to avoid trouble later that you surely won’t want to shoot if and when it might occur!
I’ve written about the HP MediaSmart Server (MSS) repeatedly over the past three years: several times for Tom’s Guide and Tom’s Hardware, and several times in this very blog. I was really bummed upon learning in December that Microsoft was planning to eliminate Drive Extender technology from the upcoming Windows Home Server 2011 software, but have just run across a recent article by Paul Thurrott that gives me some comfort I’ll be able to keep using that technology for some time to come. You can check out the original, lengthy February 20 story entited “I’m Betting On Windows Home Server 2011” if you like, but I’ll summarize the key points here:
- Microsoft is keeping the centralized backup feature in WHS and extending the server backup process so it will also backup the individual machine backups (this lets users like me configure the box to duplicate backups on another drive, so if one goes bad, another remains available). Better yet, MS is extending the WHS 2011 server to enable remote Internet backups as well, so you can keep another copy in the cloud. This removes most of my objections to MS dropping Drive Extender (and Mr. Thurrott’s as well, curiously enough! ;-).
- The next version of WHS 2011 will be completely DLNA compatible (the Digital Living Network Alliance is an industry consortium of software and hardware vendors with an emphasis on home/digital media networking, sharing, and device integration). This means WHS itself will handle and share media better, instead of requiring sometimes wonky…er I mean Twonky…media extender add-ins.
- A Silverlight version of remote access will replace the current terminal services implementation, and users will be able to instruct their WHS 2011 box to stream media to them across the Internet (another frequent impetus for add-ins or additional equipment acquisitions no longer needed).
- Windows Phone 7 support will be delivered via an add-in, which should be great for those who buy into Windows Phone 7. It is supposed to deliver media streaming, phone-to-server photo upload support, and alert monitoring on the phone. Too bad I’m still planning to buy the 4G iPhone from Verizon as and when it becomes available…but maybe there’ll be an app for that, too.
- WHS 2011 will support Macs running OS X, so they too can be backed up on the server, run LaunchPad on connected Macs, and do the remote access thing from a Mac, too.
I now completely understand why HP decided to get out of the MSS business (it announced it was vacating this market last year, too, and at the time that announcement took me by surprise). With all the new built-in functionality, HPs value-add was pretty much gone, gone, gone. I’ll still have fun converting my latest MSS box to run the new version when it becomes available, though, and it’s nice to know there’ s some life in the Windows Home Server software still! And because MS is calling it WHS 2011, I’m pretty sure that means we’ll see a final commercial release before the end of this year. As far as I’m concerned: the sooner, the better! If you want to get started sooner than that, the RC beta is available for download from Microsoft Connect.