Occasionally, admins need to break the rules that Vista applies–sometimes quite severely–to its users. Case in point: Vista absolutely refuses to permit any account to delete files from the %windir%\System32 and %SystemDrive%\Program Files directories. You can try all kinds of contortions: changing permissions, forced delete utilities, command line install repair console, and so forth, to get rid of such things without success.
On the other hand, there is sometimes virtue in booting a Vista machine with a different operating system when the time comes to violate such rules and restrictions. Belgian developer Tom Kerremans (who goes by the nomme de wire “Harakiri”) has created a bootable ISO image called the Trinity Rescue Kit (TRK) that can help savvy admins to sidestep such restrictions, when they have Vista problems that they know how to fix, but simply can’t fix inside Vista itself.
For the issue described (deleting files in restricted Vista directories) you can copy the ISO image to a USB Flash drive (assuming your Vista PC’s BIOS will let you boot from such a device) or burn a bootable CD from that image (Alex Feinman’s ISO Recorder PowerToy makes this quite easy to do). When you boot from the TRK image, it does a very good job of recognizing Windows system hardware and loading the correct drivers to create a workable Linux command line environment (bash for those who appreciate the various shell possibilities this might mean).
After that, you can use Kerreman’s mountallfs -g shell script to mount all of your NTFS drives for access inside TRK. As it happens, the -g switch is absolutely essential, because the default NTFS driver loaded when this parameter is missing preserves Vista’s NTFS restrictions, and won’t let you delete or alter protected files, either! With the right mountpoints loaded, you can use the ls, cd, rm, and rmdir commands to navigate to the drive you want to manage, jump into the target directories, and delete what you like. In my case, I used this facility to delete the %windir% and %SystemDrive%\Program Files directories from an old former system/boot drive I had converted to a data drive in the wake of the crash of the other drive in a mirrored pair. In a more typical case, admins might use this capability to remove pesky malware-related .exe or .dll files from either or both of these directories.
Other useful TRK facilities include NTFS boot sector repairs (relocntfs), a mass clone (mclone) utility to clone Vista images over the network to multiple machines using multicast IP, a Windows install locator (winpass), remote access support (TRSP), various drive rescue tools (ddrescue and dd_rescue, memtest86+ version 2.01, and a whole bunch more. For a more in-depth look at TRK (a couple of versions back: the package is currently at 3.3 and the review is 3.1) check out Mayank Sharma’s review at Linux.com.
Exam 70-623 Pro: Supporting and Troubleshooting Applications on a Vista Client for Consumer Support Technicians
Another gargantuan title not only heads up this exam, but also helps to tell would-be candidates if this represents their particular cup or tea or not. Like 70-622, 70-623 features another old-fashioned exam page. Along with exam 70-620, passing this exam qualifies individuals for the MCITP Customer Support Technician credential. Although this is not strictly an enterprise-focused Vista certification is remains pretty germane to such operations, especially those that operate their own help desks or tech support operations, or who want to establish sufficiently high bars for their vendors to jump to make sure outsourced service or support meets their needs.
The target position for this credential is somebody who works as a consumer, customer, or user support technician. To succeed with this exam, candidates should be experienced across a range of desktop OSes, applications, and mobile devices. They should also have some experience (more is better) in handling network, malware, and hardware support issues from reporting through research and investigation into reporting and resolution phases. Likewise, candidates need experience in implementing, managing, and troubleshooting desktop OSes in stand-alone or SOHO network situations.
Here’s the drill on the preparation tools and resources available for this exam:
- Classroom training: Course 5118: Maintaining and Troubleshooting Windows Vista Computers, and Course 5119 Supporting the Windows Vista Operating System and Applications.
- e-Learning offerings: Collection 5366: Maintaining and Troubleshooting Computers Running Windows Vista, Collection 5372: Deploying Windows Vista Desktop Images and Applications, and Collection 4379: Supporting Windows Vista for the Consumer Support Technician. Those who already hold an MCDST can also dig into Collection 5104: Upgrade Skills to Support Windows Vista Consumers.
- MS Press book: There’s a Self-Paced Training Kit available for Exam 70-623 as well.
Here are some highlights of what this exam covers (for all the gory details, check out the “Skills Measured” table on the exam page; as with other exams, configuration and troubleshooting element recur repeatedly throughout this entire list):
- Install and Upgrade Windows Vista:
Evaluate potential upgrade enviornments, prepare to install Vista, troubleshoot and resolve installation issues, likewise for post-install issues.
- Post-Installation: Customize and Configure Settings:
Configure Sidebar, Aero, user accounts, and evaluate user requirements to recommend, set up, and configure desktop apps, then recommend appropriate settings by evaluating user systems to optimize performance.
- Configure Vista Security:
Work with Windows Security Center, firewalls, Windows Update, Defender, parental controls, IE 7, UAC, and data protection settings and configuration.
- Configure, troubleshoot, and repair networking:
Work with network protocols, network services (client side), Network and Sharing Center, wireless networking, file and print sharing, and Media Center settings, configuration, and troubleshooting.
- Install, Configure, and Troubleshoot Devices:
Connect peripherals; install, configure, and troubleshoot: mobile devices, digital cameras and camcorders, media devices, and printers, fax machines, and copy devices.
- Troubleshoot and repair Windows Vista:
Diagnose specific issues, repair a corrupted OS, and remove malware from a client system.
Where over 7,000 of the MCITP Enterprise Support Technician credentials have been granted as of October 2008, only 987 hardy souls had completed the MCITP Consumer Support Technician credential by that same date. What does this say about the relative importance or popularity of these two credentials? Perhaps that enterprises understand the need for certification (as do their employees) more than do independent or in-store support or help desk operations. This exam is probably not as important for enterprise types, unless they run their own support or help desk operations that include in-home support for mobile, telecommuting, temporary, contract, or other off-site workers. In such situations, however, it should be absolutely invaluable.
Exam 70-622 Pro: Supporting and Troubleshooting Applications on a Windows Vista Client for Enterprise Support Technicians
Wow! What an exam title, eh? Interestingly, 70-622 also still sports an old-fashioned exam page, too. Along with 70-622, this MCITP exam qualifies those who pass it to earn the MCITP Enterprise Support Technicican credential, however. Together those two exams sum up the requirements for that particular certification.
Microsoft lists the following items under its “Preparation tools and resources” heading:
- Classroom courses: 5118 Maintaining and Troubleshooting Windows Vista Computers, and 5119 Supporting the Windows Vista Operating Sytem and Applications.
- E-learning offerings: Collection 5366: Maintaining and Troubleshooting Computers Running Windows Vista, and Collection 5372: Deploying Windows Vista Desktop Images and Applications.
- MS Press books: MCITP Self-Paced Training Kit (Exam 70-622) Supporting and Troubleshooting… (you know the rest: book title matches exam title).
- Deploying Windows Vista:
Analyze environment and select appropriate deployment method; prepare system for installation (clean or upgrade install); and deploy Vista from a custom image.
- Managing Vista Security:
Manage IE 7 security; apply security updates; work with UAC; manage resource access and security issues.
- Managing and maintaining Vista Systems:
Working with policy settings, Task Scheduler, Event Forwarding, Windows Update, and performance and reliability issues.
Network protocols, networks services at the client level, remote access, wireless networking, network security, and network resource access.
- Supporting and maintaining desktop applications:
support deployed applications, software restrictions, and maintain desktop applications.
Here are some highlights of what this exam covers (for all the details see the “Skills Measured” table on the exam page; configuration and troubleshooting topics are covered throughout):
So far, just over 7,000 of these certifications have been granted, which makes it neither the most nor the least popular of the MCITP designations. That may reflect its deep and broad coverage of Vista application deployment tools and technologies. Veteran Microsoft cert guy Andy Barkl took the beta version of this exam in September 2007, and wrote up a nice overview for MCP Magazine at that time. He also provides good pointers to other Microsoft materials available online through TechNet that proved useful for his exam preparations; you’ll probably find it useful, too.
This is one of the most important exams for those who work with Vista in an enterprise setting. Though you’ll want to take enough time to prepare for it properly (and neither the foregoing summary of exam objectives nor the information on the MS exam page really do its coverage complete justice, owing to the wealth of details and information these items cover), you will also learn a lot as you get ready to take this exam. Highly recommended.
This exam applies only to those who’ve earned the Microsoft Certified Desktop Support Technician, or MCDST, credential for Windows XP who wish to upgrade their coverage to include Windows Vista. As such, it is probably of little interest to anyone except the nearly 50,000 individuals who have earned this credential according to Microsoft’s latest certification counts. Nevertheless, I include 70-621 here in the interests of complete coverage of MS Vista-related certification exams.
A quick visit to its exam page shows that it still adheres to the “old school” of layout and formatting, as opposed to others in this series (see 70-620, for example). My guess is that this is a deliberate decision on Microsoft’s part, because of the ceiling on the potential audience and the relatively short period of time that this upgrade will retain its appeal, with Windows 7 now very much in the offing, probably no further out than 2010. Then, too, the 70-621 counts only towards two certifications–namely MCTS Windows Vista Configuration and MCITP Enterprise Support Technician, which also limits the reach of this topic’s coverage and consequence. But 70-621 also satisfies the same requirements as 70-620 as well, so perhaps this exam is really just coat-tailing its immediate numerical predecessor.
this probably also explains why there’s some significant overlap between the content and coverage of 70-620 and 70-621. Recommended courses include 5119 Supporting the Windows Vista Operating System and Applications and 5118 Maintaining and Troubleshooting Windows Vista Computers. Corresponding e-learning offerings include Collection 5347 Installing and Configuring Windows Vista, Collection 5354: Configuring Windows Vista Networking and Security, and Collection 5360 Configuring Windows Vista Applications and Devices, though Collection 5103 Upgrade Skills to Configure Windows Vista may be of more interest and relevance to MCDST holders. Not surprisingly, the 70-620 and 70-622 Self-Paced Training Kits from MS Press are cited as the relevant prep books.
In fact, other than to point you at the Skills measured matrix on the 70-621 page, I’m going to punt here with the rest of this exam description and say: re-read 70-620 then go ahead to 70-622 (as soon as it’s available) to get the rest of the details. That’s because 70-621 is primarily a conflation of 70-620 and 70-622, though it does skip some basic details and information that already-experienced support personnel will already have mastered.
In digging up the info on this, the first in my series of four MCTS and MCITP Vista-related exams that I’ll be covering over the next week or so, I discovered that Microsoft has finally changed the format for its exam pages. I’ve been tuning into these documents since the late 1990s and it’s nice to see that they’ve finally gotten a facelift (looking at the source, I can see that MS has switched from HTML 4.01 to XHTML 1.0, and the markup looks programmatically generated, but I can’t find any evidence for the tools used to generate it except the file extension .aspx which would indicate ASP.NET is involved). If you take a quick look at the 70-620 exam page, you’ll see exactly what I mean.
The 70-620 counts toward a surprising number of credentials:
- Microsoft Certified IT Professional (MCITP): Consumer Support Technician
- Microsoft Certified IT Professional (MCITP): Enterprise Support Technician
- Microsoft Certified Systems Administrator (MCSA) on Windows Server 2003 and Microsoft Windows 2000
- Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003 and Microsoft Windows 2000 Server
- Microsoft Certified IT Professional (MCITP): Enterprise Administrator
This exams aims to certify that individuals have at least one year of experience working in IT, often providing telephone support at the tier-1 or tier-2 levels across various types of environment that range from retail stores, to medium sized companies, to enterprise environments. General areas of knowledge required to pursue this exam include networking, desktop operating systems, security, and end-user applications, plus basic administrative tasks including solving logon problems, resetting passwords, and supporting desktop applications.
The exam’s coverage is broken into seven areas:
- Installing and Upgrading Windows Vista
Covers the basics of hardware requirements and compatibility checks (e.g. Windows Vista Upgrade Advisor), performing a clean installation, upgrading to Vista from an earlier Windows version or from one version of Vista to another, troubleshooting installation issues, and installing and configuring Windows Vista drivers.
- Configuring and troubleshooting post-install system settings
Includes troubleshooting post-install configuration difficulties, configuring and troubleshooting Aero, parental controls, and Internet Explorer (version 7 is the primary current focus).
- Configuring Windows Security features
Working with User Account Control (UAC), Windows Defender, Dynamic Security for IE 7, and security settings in Windows Firewall and Windows Firewall with Advanced Security.
- Configuring network connectivity
Configuring networking through the Network and sharing centers, troubleshooting connectivity issues, and configuring remote access (Remote Desktop Connection).
- Configuring applications included with Windows Vista
These include media applications (Media Center, Media Player), Mail, Meeting Space, Calendar, Fax and Scan, plus the Windows Sidebar.
- Maintaining and optimizing systems that run Windows Vista
This means troubleshooting performance issues, using built-in tools to troubleshoot reliability issues (System Health Check, Reliability Monitor, Problem Reports and Solutions, and so on), plus configuring Windows Update and data protection.
- Configuring and troubleshooting mobile computing
This entails managing mobile display settings, and configuring mobile devices, Tablet PC software, and power options.
In the new exam page format, Microsoft not only lists relevant Classroom training courses, it also lists e-learning items as well as Microsoft Press books that focus on the exam. All in all this exam should help IT professionals establish a solid working knowledge of basic Vista operation, installation, configuration, and troubleshooting. As we’ll see in the next exams, things quickly get more complex and interesting from here.
OK, OK. I know I promised to dig into the various Windows Vista certification exams in their MCTS (Microsoft Certified Technical Specialist) and MCITP (Microsoft Certified IT Professional) programs as my next series of blogs. But hey! I found a resource that relates strongly to all of these credentials, and promises to impact your general learning and preparation experience for any or all of the required exams involved in a positive–and affordable–way. What am I talking about? Why it’s the Windows Vista e-Learning catalog page in the Microsoft Learning Web site, of course!
There are over 70 Vista e-Learning courses available. They cost anywhere from $15 to $192, and include small, focused items at lower prices, and collections of e-courses for higher prices, many of which target specific Vista-related certifications and/or related topics, including
- :Course 5232: Planning for 2007 Microsoft Office System Client Deployment
- Collection 5366: Maintaining and Troubleshooting Computers Running Windows Vista
- Course 5371: Advanced Troubleshooting with Windows Sysinternals Tools
- Course 5384: Protecting Against and Removing Malicious Software on Windows Vista
- Course 5381: Installing, Configuring, and Troubleshooting Client Applications in Windows Vista
- Collection 5379: Supporting Windows Vista for the Consumer Support Technician
- Collection 5106: Upgrading Enterprise Desktop Support Skills to Windows Vista
- Collection 5372: Deploying Windows Vista Desktop Images and Applications
Of course, there are oodles and oodles more of these items you can explore at the catalog page, but you’re bound to find multiple topics of interest there if you do a little digging. The value for the training offered is good, as is the coverage, so please consider adding this resource to your arsenal of potential Vista certification preparation tools.
Next blog: I promise to start with the MCTS credentials for Windows Vista. I swear!
Despite all the recent news and hoopla about Windows Vista’s failure in the enterprise marketplace, it’s by no means the case that the response to Microsoft’s Windows Vista related certification exams has been completely nugatory. As of 10/27/2008, in fact, the total number of individuals who’ve earned the 70-620 TS: Configuring Windows Vista credential stands at 45,998. By interesting contrast, the total number of MCDST credentials stands at 49,936, even though that program has been available for three years longer (the first exam for the MCDST has been around since January, 2004).
In fact, Microsoft offers four more Vista exams for IT professionals , though no counts for those who’ve passed these exams are available as yet:
- 70-621 Pro: Upgrading your MCDST Certification to MCITP Enterprise Support
- 70-622 Pro: Supporting and Troubleshooting Applications on a Windows Vista Client for Enterprise Support Technicians
- 70-632 Pro: Supporting and Troubleshooting Applications on a Windows Vista Client for Consumer Support Technicians
- 70-624 TS: Deploying and Maintaining Windows Vista Client and 2007 Microsoft Office System Desktops
Microsoft lets existing MCDSTs upgrade their credentials to an MCITP certification by taking only a single exam (60-221), offers two MCTS exams that relate to Windows Vista (70-620 and 70-624), and requires two exams (just like the MCDST) for those who seek MCITP certification on Vista. There’s a lot of interesting information lurking in these certs, and some definite value to be gained from earning them.
In my next series of Windows Vista Enterprise Desktop blogs, I’ll be looking at all five of these exams in some detail and report on their coverage and objectives, as well as pointing out some good study resources for those who might wish to pursue them.
On Tuesday, October 28, as I was knocking off for the day, after 11 PM, I noticed that the autoupdate function in Windows Update had posted two more items to my primary production Vista PC. Both look interesting, but so far I’ve had some trouble trying to ferret out more details about one of these two patches.
Here’s what I know so far:
- One of the items is a security update, labeled MS08-062 and is entitled “Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution.” Interestingly, the security bulletin is dated October 14, and it documents a serious vulnerability in the seldom-used Internet Printing Service–or rather, the IPP protocol and the Internet Printing Client that this service uses–that Vista installs by default (see this vulnerability report dated October 14 for more info on the vulnerability details; this MS White paper describes how Internet Printing works inside Vista; note further that this vulnerability applies to Windows 2000, Windows Server 2003 and 2008, and Windows XP as well). Basically an integer overflow in this service lets attackers run arbitrary code at system level privilege: a proof-of-concept exploit is known, and several “active, in-the-wild exploit attempts of this type have been detected.” If you don’t use Internet Printing, you can follow the instructions in the MS White paper to turn off the Internet Printing Client in Vista instead (under Printing Services, Turn Windows features on or off, Programs and Features, Control Panel).
- More interesting, and more mysterious is the other item: a “reliability update” for Windows Vista described in a currently unavailable Knowledge Base article (KB957200). All I can find on this update so far is the standalone download page entitled Update for Windows Vista (KB957200). Of course, I’m dying to know what’s been tweaked in this particular update, and why MS decided to push it out the door before November 11 (next patch Tuesday). The Web is abuzz with the word that the KB article remains missing in action, so I guess I’ll have to bide my time. As of this morning (10/30/2008) the article remains missing in action, so I posted a query to the Technet Windows Vista Announcements forum in hopes it might provoke some kind of official response (or better yet, the promised KB article).
My advice on MS08-062 is to download and install it, unless you never use the Internet Printing Service, in which case you can simply turn it off on your PCs, or set a GPO to do it globally. Files affected are detailed in KB 953135, and include three Vista DLLs: Msw3prt.dll, Win32spl.dll, and Printcom.dll. As far as the reliability update documented in KB957200 goes, stay tuned: I’ll provide more information about this update as soon as it becomes available.
Wow! Two out-of-cycle update postings for Windows in the same month, after 18 months with no updates except for Patch Tuesday releases. What does it all mean?
It’s difficult to make the most of a modern Windows desktop in an enterprise environment without dealing with Group Policy, and the many objects (usually called GPOs) used to implement and enforce Group Policy in the Windows environment. Group Policy has tons of functionality that is both very board and really deep. Want to lock down the Windows desktop? Try some GPOs. Need to limit application, utility, and Control Panel access? GPOs can do that, too. Want to automate and script desktop and application deployment? GPOs can help! And so forth, and so on, nearly ad infinitum. For those seeking information, advice, examples, and troubleshooting help with GPOs, I recommend these two books:
Jeremy Moskowitz: Group Policy: Management, Troubleshooting, and Security: For Windows Vista , Windows 2003, Windows XP, and Windows 2000 (Mark Minasi Windows Administrator Library), 4e, Sybex/Wiley, April 9, 2007, ISBN-13: 978-0470106426.
The first of these two books is part of the excellent Mark Minasi Windows Administrators Library (a Sybex book, which is now a Wiley imprint). Jeremy Moskowitz did the honors here–he’s a well-known and respected writer on Windows administration topics–and his book focuses on nuts-and-bolts information for working with GPOs in various Windows operating systems, including Vista, Windows Server 2003, Windows XP, and even Windows 2000. It provides good coverage of Vista and XP security topics, desktop lockdown and control, application management, MS Office topics, deployment scenarios, GPO scripting, and even how to set up and manage roaming profiles for XP and Vista desktops. ($31.49 at Amazon)
Derek Melber: Windows Group Policy Resource Kit: Windows Server 2008 and Windows Vista, Microsoft Press, March 15, 2008, ISBN-13: 978-0735625143.
I had the good fortune to work with Derek on several editions of the Exam Cram titles on Windows XP, and got to know and respect his knowledge and skills in working with all aspects of Microsoft desktop operating systems, including GPOs. His Microsoft Press book is a bit shorter than Moskowitz’s offering, but none the less valuable for its more focused coverage of the subject matter. I find the Moskowitz book to be better when troubleshooting GPO issues or mysteries, but this book to be a better general reference and how-to when it comes to implementing GPOs for enterprise use. Melber certainly hits all the key topics related to GPOs in this book, including automating typical administrative tasks, handling policy enforcement, working with system updates and software installations, dealing with security services and settings, and centralized management and control of GPOs. You’ll also find a CD included with the book that offers some nice utilities and various kinds of GPO planning and design aids. Definitely worth the price of admission ($31.49 at Amazon).
Vista admins seeking a good reference book would do well to acquire Melber’s Resource Kit; those looking for a great GPO troubleshooting resource should turn to Moskowitz instead. Me? I have both books, because I need a good reference, and I also appreciate (and use regularly) Moskowitz’s troubleshooting help and his many good examples.
Whenever you install a service pack on a Windows machine, it’s not unusual for it to leave plenty of files strewn about the system disk in its wake. What’s unusual about Windows Vista SP1, however, is that it includes its own clean-up utility.
If you run it after performing an SP1 install it can recover somewhere between 1.2 and 2.0 GB of disk space from your hard disk. That’s the upside. If you elect to use this utility, however, the SP1 install becomes irreversible (unless you can restore a backup that includes those missing files) and you can’t roll back if you want or need to. That’s the downside.
Because I now make daily backups, the prospect of losing those files didn’t scare me too much. I went ahead and ran it, and have yet to experience any ill effects as a result. Here’s how to use this utility:
1. Open a command window inside Vista (I usually just type cmd into the search box in the Vista Start menu to do this).
2. Type the program name for the SP1 cleanup utility:
3. Wait for the utility to complete.
Here’s a screen dump of what you’ll see as that process completes, rendered in plain text for easy readability:
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved
This operation will make Windows Vista Service Pack 1 permanent on this computer.
Upon completion you will not be able to remove Windows Vista Service Pack 1 from this system.
Would you like to continue? (Y/N): y
Performing Vista Service Pack 1 Disk Clean-up...
Windows Vista Service Pack 1 Disk Clean-up completed.
On my PCs, space savings from running the command amounted to just over 1.2 GB, and took less than a minute to complete. If you’ve been using SP1 for a while and no longer need to roll back, or are ready to commit to this new Service Pack, feel free to use this utility to clean up the dross that will otherwise hang around on your hard disk forever afterward. What a treat to have Microsoft provide a tool to clean up after itself!