This exam applies only to those who’ve earned the Microsoft Certified Desktop Support Technician, or MCDST, credential for Windows XP who wish to upgrade their coverage to include Windows Vista. As such, it is probably of little interest to anyone except the nearly 50,000 individuals who have earned this credential according to Microsoft’s latest certification counts. Nevertheless, I include 70-621 here in the interests of complete coverage of MS Vista-related certification exams.
A quick visit to its exam page shows that it still adheres to the “old school” of layout and formatting, as opposed to others in this series (see 70-620, for example). My guess is that this is a deliberate decision on Microsoft’s part, because of the ceiling on the potential audience and the relatively short period of time that this upgrade will retain its appeal, with Windows 7 now very much in the offing, probably no further out than 2010. Then, too, the 70-621 counts only towards two certifications–namely MCTS Windows Vista Configuration and MCITP Enterprise Support Technician, which also limits the reach of this topic’s coverage and consequence. But 70-621 also satisfies the same requirements as 70-620 as well, so perhaps this exam is really just coat-tailing its immediate numerical predecessor.
this probably also explains why there’s some significant overlap between the content and coverage of 70-620 and 70-621. Recommended courses include 5119 Supporting the Windows Vista Operating System and Applications and 5118 Maintaining and Troubleshooting Windows Vista Computers. Corresponding e-learning offerings include Collection 5347 Installing and Configuring Windows Vista, Collection 5354: Configuring Windows Vista Networking and Security, and Collection 5360 Configuring Windows Vista Applications and Devices, though Collection 5103 Upgrade Skills to Configure Windows Vista may be of more interest and relevance to MCDST holders. Not surprisingly, the 70-620 and 70-622 Self-Paced Training Kits from MS Press are cited as the relevant prep books.
In fact, other than to point you at the Skills measured matrix on the 70-621 page, I’m going to punt here with the rest of this exam description and say: re-read 70-620 then go ahead to 70-622 (as soon as it’s available) to get the rest of the details. That’s because 70-621 is primarily a conflation of 70-620 and 70-622, though it does skip some basic details and information that already-experienced support personnel will already have mastered.
In digging up the info on this, the first in my series of four MCTS and MCITP Vista-related exams that I’ll be covering over the next week or so, I discovered that Microsoft has finally changed the format for its exam pages. I’ve been tuning into these documents since the late 1990s and it’s nice to see that they’ve finally gotten a facelift (looking at the source, I can see that MS has switched from HTML 4.01 to XHTML 1.0, and the markup looks programmatically generated, but I can’t find any evidence for the tools used to generate it except the file extension .aspx which would indicate ASP.NET is involved). If you take a quick look at the 70-620 exam page, you’ll see exactly what I mean.
The 70-620 counts toward a surprising number of credentials:
- Microsoft Certified IT Professional (MCITP): Consumer Support Technician
- Microsoft Certified IT Professional (MCITP): Enterprise Support Technician
- Microsoft Certified Systems Administrator (MCSA) on Windows Server 2003 and Microsoft Windows 2000
- Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003 and Microsoft Windows 2000 Server
- Microsoft Certified IT Professional (MCITP): Enterprise Administrator
This exams aims to certify that individuals have at least one year of experience working in IT, often providing telephone support at the tier-1 or tier-2 levels across various types of environment that range from retail stores, to medium sized companies, to enterprise environments. General areas of knowledge required to pursue this exam include networking, desktop operating systems, security, and end-user applications, plus basic administrative tasks including solving logon problems, resetting passwords, and supporting desktop applications.
The exam’s coverage is broken into seven areas:
- Installing and Upgrading Windows Vista
Covers the basics of hardware requirements and compatibility checks (e.g. Windows Vista Upgrade Advisor), performing a clean installation, upgrading to Vista from an earlier Windows version or from one version of Vista to another, troubleshooting installation issues, and installing and configuring Windows Vista drivers.
- Configuring and troubleshooting post-install system settings
Includes troubleshooting post-install configuration difficulties, configuring and troubleshooting Aero, parental controls, and Internet Explorer (version 7 is the primary current focus).
- Configuring Windows Security features
Working with User Account Control (UAC), Windows Defender, Dynamic Security for IE 7, and security settings in Windows Firewall and Windows Firewall with Advanced Security.
- Configuring network connectivity
Configuring networking through the Network and sharing centers, troubleshooting connectivity issues, and configuring remote access (Remote Desktop Connection).
- Configuring applications included with Windows Vista
These include media applications (Media Center, Media Player), Mail, Meeting Space, Calendar, Fax and Scan, plus the Windows Sidebar.
- Maintaining and optimizing systems that run Windows Vista
This means troubleshooting performance issues, using built-in tools to troubleshoot reliability issues (System Health Check, Reliability Monitor, Problem Reports and Solutions, and so on), plus configuring Windows Update and data protection.
- Configuring and troubleshooting mobile computing
This entails managing mobile display settings, and configuring mobile devices, Tablet PC software, and power options.
In the new exam page format, Microsoft not only lists relevant Classroom training courses, it also lists e-learning items as well as Microsoft Press books that focus on the exam. All in all this exam should help IT professionals establish a solid working knowledge of basic Vista operation, installation, configuration, and troubleshooting. As we’ll see in the next exams, things quickly get more complex and interesting from here.
OK, OK. I know I promised to dig into the various Windows Vista certification exams in their MCTS (Microsoft Certified Technical Specialist) and MCITP (Microsoft Certified IT Professional) programs as my next series of blogs. But hey! I found a resource that relates strongly to all of these credentials, and promises to impact your general learning and preparation experience for any or all of the required exams involved in a positive–and affordable–way. What am I talking about? Why it’s the Windows Vista e-Learning catalog page in the Microsoft Learning Web site, of course!
There are over 70 Vista e-Learning courses available. They cost anywhere from $15 to $192, and include small, focused items at lower prices, and collections of e-courses for higher prices, many of which target specific Vista-related certifications and/or related topics, including
- :Course 5232: Planning for 2007 Microsoft Office System Client Deployment
- Collection 5366: Maintaining and Troubleshooting Computers Running Windows Vista
- Course 5371: Advanced Troubleshooting with Windows Sysinternals Tools
- Course 5384: Protecting Against and Removing Malicious Software on Windows Vista
- Course 5381: Installing, Configuring, and Troubleshooting Client Applications in Windows Vista
- Collection 5379: Supporting Windows Vista for the Consumer Support Technician
- Collection 5106: Upgrading Enterprise Desktop Support Skills to Windows Vista
- Collection 5372: Deploying Windows Vista Desktop Images and Applications
Of course, there are oodles and oodles more of these items you can explore at the catalog page, but you’re bound to find multiple topics of interest there if you do a little digging. The value for the training offered is good, as is the coverage, so please consider adding this resource to your arsenal of potential Vista certification preparation tools.
Next blog: I promise to start with the MCTS credentials for Windows Vista. I swear!
Despite all the recent news and hoopla about Windows Vista’s failure in the enterprise marketplace, it’s by no means the case that the response to Microsoft’s Windows Vista related certification exams has been completely nugatory. As of 10/27/2008, in fact, the total number of individuals who’ve earned the 70-620 TS: Configuring Windows Vista credential stands at 45,998. By interesting contrast, the total number of MCDST credentials stands at 49,936, even though that program has been available for three years longer (the first exam for the MCDST has been around since January, 2004).
In fact, Microsoft offers four more Vista exams for IT professionals , though no counts for those who’ve passed these exams are available as yet:
- 70-621 Pro: Upgrading your MCDST Certification to MCITP Enterprise Support
- 70-622 Pro: Supporting and Troubleshooting Applications on a Windows Vista Client for Enterprise Support Technicians
- 70-632 Pro: Supporting and Troubleshooting Applications on a Windows Vista Client for Consumer Support Technicians
- 70-624 TS: Deploying and Maintaining Windows Vista Client and 2007 Microsoft Office System Desktops
Microsoft lets existing MCDSTs upgrade their credentials to an MCITP certification by taking only a single exam (60-221), offers two MCTS exams that relate to Windows Vista (70-620 and 70-624), and requires two exams (just like the MCDST) for those who seek MCITP certification on Vista. There’s a lot of interesting information lurking in these certs, and some definite value to be gained from earning them.
In my next series of Windows Vista Enterprise Desktop blogs, I’ll be looking at all five of these exams in some detail and report on their coverage and objectives, as well as pointing out some good study resources for those who might wish to pursue them.
On Tuesday, October 28, as I was knocking off for the day, after 11 PM, I noticed that the autoupdate function in Windows Update had posted two more items to my primary production Vista PC. Both look interesting, but so far I’ve had some trouble trying to ferret out more details about one of these two patches.
Here’s what I know so far:
- One of the items is a security update, labeled MS08-062 and is entitled “Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution.” Interestingly, the security bulletin is dated October 14, and it documents a serious vulnerability in the seldom-used Internet Printing Service–or rather, the IPP protocol and the Internet Printing Client that this service uses–that Vista installs by default (see this vulnerability report dated October 14 for more info on the vulnerability details; this MS White paper describes how Internet Printing works inside Vista; note further that this vulnerability applies to Windows 2000, Windows Server 2003 and 2008, and Windows XP as well). Basically an integer overflow in this service lets attackers run arbitrary code at system level privilege: a proof-of-concept exploit is known, and several “active, in-the-wild exploit attempts of this type have been detected.” If you don’t use Internet Printing, you can follow the instructions in the MS White paper to turn off the Internet Printing Client in Vista instead (under Printing Services, Turn Windows features on or off, Programs and Features, Control Panel).
- More interesting, and more mysterious is the other item: a “reliability update” for Windows Vista described in a currently unavailable Knowledge Base article (KB957200). All I can find on this update so far is the standalone download page entitled Update for Windows Vista (KB957200). Of course, I’m dying to know what’s been tweaked in this particular update, and why MS decided to push it out the door before November 11 (next patch Tuesday). The Web is abuzz with the word that the KB article remains missing in action, so I guess I’ll have to bide my time. As of this morning (10/30/2008) the article remains missing in action, so I posted a query to the Technet Windows Vista Announcements forum in hopes it might provoke some kind of official response (or better yet, the promised KB article).
My advice on MS08-062 is to download and install it, unless you never use the Internet Printing Service, in which case you can simply turn it off on your PCs, or set a GPO to do it globally. Files affected are detailed in KB 953135, and include three Vista DLLs: Msw3prt.dll, Win32spl.dll, and Printcom.dll. As far as the reliability update documented in KB957200 goes, stay tuned: I’ll provide more information about this update as soon as it becomes available.
Wow! Two out-of-cycle update postings for Windows in the same month, after 18 months with no updates except for Patch Tuesday releases. What does it all mean?
It’s difficult to make the most of a modern Windows desktop in an enterprise environment without dealing with Group Policy, and the many objects (usually called GPOs) used to implement and enforce Group Policy in the Windows environment. Group Policy has tons of functionality that is both very board and really deep. Want to lock down the Windows desktop? Try some GPOs. Need to limit application, utility, and Control Panel access? GPOs can do that, too. Want to automate and script desktop and application deployment? GPOs can help! And so forth, and so on, nearly ad infinitum. For those seeking information, advice, examples, and troubleshooting help with GPOs, I recommend these two books:
Jeremy Moskowitz: Group Policy: Management, Troubleshooting, and Security: For Windows Vista , Windows 2003, Windows XP, and Windows 2000 (Mark Minasi Windows Administrator Library), 4e, Sybex/Wiley, April 9, 2007, ISBN-13: 978-0470106426.
The first of these two books is part of the excellent Mark Minasi Windows Administrators Library (a Sybex book, which is now a Wiley imprint). Jeremy Moskowitz did the honors here–he’s a well-known and respected writer on Windows administration topics–and his book focuses on nuts-and-bolts information for working with GPOs in various Windows operating systems, including Vista, Windows Server 2003, Windows XP, and even Windows 2000. It provides good coverage of Vista and XP security topics, desktop lockdown and control, application management, MS Office topics, deployment scenarios, GPO scripting, and even how to set up and manage roaming profiles for XP and Vista desktops. ($31.49 at Amazon)
Derek Melber: Windows Group Policy Resource Kit: Windows Server 2008 and Windows Vista, Microsoft Press, March 15, 2008, ISBN-13: 978-0735625143.
I had the good fortune to work with Derek on several editions of the Exam Cram titles on Windows XP, and got to know and respect his knowledge and skills in working with all aspects of Microsoft desktop operating systems, including GPOs. His Microsoft Press book is a bit shorter than Moskowitz’s offering, but none the less valuable for its more focused coverage of the subject matter. I find the Moskowitz book to be better when troubleshooting GPO issues or mysteries, but this book to be a better general reference and how-to when it comes to implementing GPOs for enterprise use. Melber certainly hits all the key topics related to GPOs in this book, including automating typical administrative tasks, handling policy enforcement, working with system updates and software installations, dealing with security services and settings, and centralized management and control of GPOs. You’ll also find a CD included with the book that offers some nice utilities and various kinds of GPO planning and design aids. Definitely worth the price of admission ($31.49 at Amazon).
Vista admins seeking a good reference book would do well to acquire Melber’s Resource Kit; those looking for a great GPO troubleshooting resource should turn to Moskowitz instead. Me? I have both books, because I need a good reference, and I also appreciate (and use regularly) Moskowitz’s troubleshooting help and his many good examples.
Whenever you install a service pack on a Windows machine, it’s not unusual for it to leave plenty of files strewn about the system disk in its wake. What’s unusual about Windows Vista SP1, however, is that it includes its own clean-up utility.
If you run it after performing an SP1 install it can recover somewhere between 1.2 and 2.0 GB of disk space from your hard disk. That’s the upside. If you elect to use this utility, however, the SP1 install becomes irreversible (unless you can restore a backup that includes those missing files) and you can’t roll back if you want or need to. That’s the downside.
Because I now make daily backups, the prospect of losing those files didn’t scare me too much. I went ahead and ran it, and have yet to experience any ill effects as a result. Here’s how to use this utility:
1. Open a command window inside Vista (I usually just type cmd into the search box in the Vista Start menu to do this).
2. Type the program name for the SP1 cleanup utility:
3. Wait for the utility to complete.
Here’s a screen dump of what you’ll see as that process completes, rendered in plain text for easy readability:
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved
This operation will make Windows Vista Service Pack 1 permanent on this computer.
Upon completion you will not be able to remove Windows Vista Service Pack 1 from this system.
Would you like to continue? (Y/N): y
Performing Vista Service Pack 1 Disk Clean-up...
Windows Vista Service Pack 1 Disk Clean-up completed.
On my PCs, space savings from running the command amounted to just over 1.2 GB, and took less than a minute to complete. If you’ve been using SP1 for a while and no longer need to roll back, or are ready to commit to this new Service Pack, feel free to use this utility to clean up the dross that will otherwise hang around on your hard disk forever afterward. What a treat to have Microsoft provide a tool to clean up after itself!
Normally, Microsoft reserves its security patches, fixes, updates, and other software tweaks and maneuvers for the second Tuesday in each month, aka “Patch Tuesday.” Yesterday afternoon I was somewhat surprised to see various sources trumpeting the release of an out-of-schedule security patch through Windows Update on the fourth Thursday in October.
As described in Knowledge Base article 958644 and MS Security Bulletin MS08-067, this update addresses a vulnerability in the Windows Server service. The Server service is a critical portion in any modern Windows OS that responds to incoming network communication requests; it has been part of the Windows kernel since the LAN Manager days. In fact, this service is called the LAN Manager Server in the “Server service configuration and tuning” article (KB 128167). It’s also managed via a Registry key named LanmanServer in the HKLM\SYSTEM\CurrentControlSet\Services sub-tree.
In short, the Server service is so entrenched in Windows operating systems that even Windows Server 2008 installations that lack a GUI–the so-called “Server Core” minimalist version–can fall prey to this vulnerability. That explains why every Windows OS from Server 2008 and Vista, to Windows XP, Windows Server 2003, and Windows 2000, in 64- and 32-bit flavors, and server and workstation versions, where applicable, is included in this security update.
Why all this hoopla? According to Brian Livingston’s Windows Secrets Newsletter, “this is the first time in 1-1/2 years that Microsoft has released an emergency fix outside of its montly Patch Tuesday cycle.” The reason is that Microsoft discovered an RPC (remote procedure call) attack that could propagate around internal networks and the Internet with no user action needed to help it spread. Modern versions of Windows that predate User Account Control (UAC), such as XP, Windows Server 2003, and all flavors of Windows 2000, are especially susceptible to this vulnerability. At the same time, most AV vendors have also released updates to defend against this kind of attack, but Livingston’s newsletter reports “there are already nine different strains of viruses” that seek to exploit this vulnerability.
As with other patches that replace kernel files, Windows will request you to restart your PC after the patch is installed. In writing the story on this RPC vulnerability for the Windows Secrets Newsletter, writer Susan Bradley also urges administrators and users to reboot their PCs before installing the patch, just to make doubly darn sure the machine will reboot properly once the patch has been installed (the update process requires a successful restart/reboot for the patch to be completely and properly applied). Then when you reboot the machine after installation, you can be reasonably sure it will complete the installation process following a second successful restart.
If you haven’t already installed this patch, please do so now. It only replaces a single Windows file–namely Netapi32.dll–and is therefore unlikely to cause any incompatibility problems, either for server or desktop machines.
Like it or not, sometimes applications wind up on Vista desktops that have to go. Either they’ve been replaced with something different, newer, or better, or they never should have been there in the first place. Count yourself lucky if a program’s uninstall utility does a thorough job of removing its traces from the file system, the desktop, and the Windows registry. My own informal testing with hundreds of Vista apps indicates that about every other one does a decent or better job of cleaning up after itself, with no additional clean-up required. That’s not lucky enough to justify buying a lottery ticket, in other words, but it is lucky enough to guess “Heads or tails?” in a friendly coin toss.
What to do when applications leave detritus behind? This can include orphaned icons, orphaned file associations, files and folders in the
%SystemDrive%\Program Files folder, and all kinds of odd and interesting leftovers in the Windows registry. Occasionally, you may even finder helper or support applications left behind (such as various types of viewers, players, or other software the program uses to display certain files, but may not remove from your system even though it cleans up its own code quite nicely), and so forth. The answer to this dilemma depends on which installer the program uses, and what kinds of tools you’ve got at your disposal.
Let me mention two particular items of interest in this context:
- Revo Uninstaller
A free, handy, and quite usable tool that even offers various levels of post-vendor-uninstall-cleanup for you to choose. Basically, you use this tool to launch a program’s built-in uninstaller from inside this program. Revo Uninstaller watches what that program does, then checks the file system and the registry for you to remove additional remaining traces after the built-in program does its job. I’ve been using it for a couple of years now, and it’s a capable and well-maintained tool (they post updates on a regular basis, sometimes as often as once or twice a month). Grab it at www.revouninstaller.com. For a more complete review of this tool see my recent article “Should Software Makers Clean Up After Themselves?“
- Windows Installer Cleanup Utility
This tool comes from Microsoft, the same folks who created the Windows Installer, and the most likely party to use this tool for installing software (though you do find a fair number of third-party utilities that do likewise). It only works with programs that use the Windows Installer to install themselves, but it is able to clean up after incomplete or failed installs that originate with that tool. MS Help and Support provides information about and access to this tool in their “Description of the Windows Installer Cleanup Utility” article (KB290301). Please note that this tool will not clean up mangled Microsoft Office 2007 installs, and if the Windows registry’s Windows Installer configuration management data gets munged, you may be likewise out of luck.
If you run into problems or issues with these tools, there are plenty of commercial uninstaller programs that work on Vista. Fortunately for my own Vista machines, I’ve yet to encounter an uninstall problem that one or the other of these tools can’t handle. That said, if you have any experience or favorites you’d like to share, please post a comment to this blog and let us all know. I’ll keep an eye out, and review such items as attract glowing mention and my own fancy.
I recently stumbled across a hitherto unknown gem inside Windows Vista–to me, anyway. It’s called a “System Health Report” and it provides a pretty comprehensive view of a Vista system’s state, status, and current behavior. To my surprise it comes from the same facilities that support the System Reliability Monitor (see my blog “My Love-Hate Relationship with System Reliability Monitor” for my take on this built-in Vista facility) and generates a report on all major components and subsystems on the Vista PC it targets.
Here’s how to launch this facility:
- Click Start, type Performance into the Vista search box, then select Performance Information and Tools.
- Click Advanced Tools in the left panel.
- Click Generate a system health report.
At first, you’ll see a display that lets you know the program is gathering data
Once the data-gathering phase is complete, you’ll see an overview report appear instead. It offers details in a number of areas, including Diagnostic Results, Software and Hardware Configuration, and details for CPU, Network, Disk, and Memory, as well as Report Statistics. The overview report looks pretty innocuous, but you can click the arrow to the right that’s associated with any item on the left to start digging into the details.
Here, you can see the various warnings that my Vista machine collected as I ran this report. These reflect my having turned User Account Control (UAC) off on this machine, and the interesting failure of Spyware Doctor with Antivirus to register either of those components–antivirus and antispyware, that is–with the Microsoft Security Center on this machine. In this case the former is a deliberate choice, and the latter a known issue (though Spyware Doctor maintains updated signatures and software as it’s supposed to, so there’s no real cause for concern here).
If you manage a large number of Vista desktops, you may be interested to learn that this facility dovetails with products that include System Management Server or System Center Essentials to enable daily health reports to be e-mailed from each machine to a mailbox for subsequent analysis and review.
For some more good information on working with this facility in Vista, see “Scenario 6: View a diagnosis report” in the Windows Vista Performance and Reliability Monitoring Step-by-Step Guide on TechNet.