Windows Enterprise Desktop


February 5, 2009  4:00 PM

A Fabulous WinPE Resource: VistaPE

Ed Tittel Ed Tittel Profile: Ed Tittel

As I’ve learned to build various types of bootable CDs and UFDs with the Vista-based WinPE environment, I’ve also been working to learn more about its inner workings and capabilities. As I struggled to figure out how to add Windows Explorer and some kind of Web browser to a runtime WinPE image (which usually takes the form of a Windows image file named boot.wim or something similar) I discovered what might not unfairly be called the “ultimate Windows PE resource.” It’s a Web site that serves a very active and capable developer and user community called VistaPE.

Let me explain what makes VistaPE tick first and foremost, then explain what VistaPE has to offer. The foundation for VistaPE is a scripting and Windows build tool called WinBuilder. It works from either Windows XP or Vista to create boot disks (and in fact, incorporates WinPE 2.0 for Vista into the Vista side of that equation), but it goes way beyond what the basic Microsoft toolkit provides via imagex.exe and the other basic elements in their toolbox. VistaPE builds on this foundation to add significant applications and capabilities on top of the WinPE 2.0 kernel to support a more-or-less complete graphical user interface (GUI) environment. Thus, the VistaPE runtime environment–which is incredibly user-configurable and flexible, and continuously extended and expanded upon through a growing script library–is more like a “real Windows” than a basic command line interpreter (CLI) environment.

Here’s how I found VistaPE: In seeking to extend my WinPE skills and abilities, I’d started trying to research methods to include Windows Explorer in the WinPE environment after reading several postings online that (a) mentioned this could be done and (b) finding no concrete details on exactly how to do so. My basic computer science training told me that it would require mapping out the code dependencies from within Explorer to determine what other DLLs and executable elements were required to make the program run. I quickly discovered thereafter that some DLLs must be registered with Windows as well as present in the runtime environment to work properly, after a simple analysis with Mark Russinovich’s dllist utility failed to produce the desired results. That’s what led me back on the research trail and, ultimately, to the VistaPE Web site.

I knew I’d struck paydirt when, after downloading and installing WinBuilder and the VistaPE script library, I was able to produce this screenshot:

The VistaPE scripts in WinBuilder make adding Explorer a piece of cake
The VistaPE scripts in WinBuilder make adding Explorer a piece of cake

As it turns out, adding Explorer just barely begins to describe what VistPE can do within WinBuilder. It also provides an alternate and somewhat more functional graphic file system interface tool called BS Explorer 2, and even supports the Linux-inspired Grub4DOS boot management toolset.

But beyond the VistaPE Base toolset shown in the preceding screenshot, please note the other major checkbox elements in WinBuilder’s left-column pane:

  • Addons: scripts and settings for common WinPE components (WSH, MDAC, HTA, WMI, and XML), plus a GUI for diskpart.exe, common dll-based libraries for Visual Basic and more, Internet Explorer 7, PE’s network configuration tool (PENetCfg), and lots more.
  • Drivers: drivers required for chipsets, LAN interfaces, storage devices, and standard VGA graphics.
  • Tweaks: elements to enhance the user interface, control various applications, manage graphic shells,…
  • App: add-ins for a huge library of basic applications from antivirus, to file compression, to data recovery, and a great deal more.
  • OtherOS: access to other OS tools and environments for multi-boot setups.
  • Finalize: tools use to complete the construction of a Windows image (.wim) file from all the preceding VistaPE scripts (which include binary code as well as assembly instructions, so you can add executables right into the boot.wim base image)
  • Virtual Test: lets you load and run your Windows image file in a virtual machine to see how (and if) it works as you want it to.
  • Debug: used to mount and inspect .wim files and edit Registry hives to check and fix problems.

To me, VistaPE is an entirely new and wonderful world of capability and functionality that cries out for more study and improved understanding. I’ve already been able to use it to build much more powerful and capable boot images than I had been able to hand-craft on my own. But I can also see that there’s a great deal more going on here than immediately meets the eye, or falls readily into my grasp. If you dig into this environment, you’ll come to the same realizations equally quickly yourself. Please check it out soon!

February 2, 2009  5:34 PM

Windows Service Pack Blocker soon to lose XP (SP3), Vista (SP1) blocks

Ed Tittel Ed Tittel Profile: Ed Tittel

Since December 2007, Microsoft has offered a Windows Service Pack Blocker Tool Kit to organizations that wish to prevent deployment of service packs in their environments. Blogging for the Vista Team Blog, Microsoft Windows Communication Manager Matt LeBlanc indicated on 1/29/2008 that this tool will soon relinquish its ability to block XP SP3 and Vista SP1. The expiration date for XP SP3 is 5/19/2008 and for Vista SP1 is 4/28/2009, each 12 months to the day from the original release of those service packs, and each in keeping with the tool’s stated ability to block current service packs up to 12 months after their release dates. After these dates, these SPs will be available directly from Windows Update.

With Vista and Windows Server 2008 shortly to become the focus of a shared SP2 release (currently guesstimated for April, 2009), this tool retains its capability and may be used to block or defer installation of this new SP for up to 12 months after its eventual general availability date. The Blocker offers admins three different ways to manage Service Packs:

  • An MS-signed executable that manages a Registry Key (in HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate) to block or allow Windows Update delivery of a current SP.
  • A script that works like the MS executable except that it allows the admin to supply the name of a remote machine where the block/unblock operations may be performed.
  • An administrative (.ADM) template that permits admins to import GPOs to block or unblock delivery of SPs into a Group Policy environment.

As Microsoft observes in connection with the Blocker “this toolkit will not prevent the installation of the service pack from CD/DVD, or from the stand-alone download package. This simply prevents the service pack from being delivered over Windows Update.”

For environments where more time is often needed to test and accommodate SPs, the Blocker can be a handy tool. As long as admins understand it does not last forever–in fact, a year from the SPs general availability date is as much leeway as it can provide–the tool can be a useful element in their Vista, XP, and Windows Server 2008 toolbox.


January 30, 2009  5:19 PM

Red Hat Enterprise Linux 5.3 Ups Vista Support

Ed Tittel Ed Tittel Profile: Ed Tittel

Hey! It seems that not all the latest Vista new and information is completely negative. According a recent Red Hat Newsblog entry RHEL 5.1 Offers Customers New Features and Capabilities dated 1/20/2009, Vista support has been substantially beefed up in this latest release of RedHat’s flagship OS offering.

According to additional coverage of the release at InternetNews, RHEL 5.3 includes the following Vista-oriented updates and fixes:

  • Updates and improvements to the built-in Samba environment, which provides support for the Server Message Block (SMB) protocol used for Microsoft network file access and other communications.
  • Updates to the Common Internet File System support in RHEL 5.3, so that Linux can work as a client with Windows Servers.
  • Although the current version does not include support for the Network Access Protection (NAP) mechanisms introduced with Windows Server 2008, Red Hat plans to add support for NAP in the next point release for RHEL (5.4) in another six months or so.

This could be good news for Vista administrators who must also work with Red Hat servers as part of their network infrastructure. And it’s also a refreshing change to see a company touting its support for Vista, when so much other coverage seems to focus on low adoption rates, plans to skip over Vista entirely for Windows 7, and other, similar “doom and gloom” topics.


January 28, 2009  7:04 PM

Delays for Vista SP2 Loom Large

Ed Tittel Ed Tittel Profile: Ed Tittel

TechARP, our regular source for Microsoft release rumors, has updated its estimated dates for Windows Vista SP2 release dates. As of last week, dates have slipped by at least one month. That means that the SP2 release candidate (RC) won’t be built until March, 2009, and also means that the RTM build originally scheduled for April won’t occur until May or possibly even June. Thus, launch must also be delayed until May or June as well “barring any further delays” as TechARP so sagely observes in this connection.

It’s also interesting to read current reports that Vista had a hand in recently lowered financial results/expectations for Microsoft, and thus also how Vista played a role in Microsoft’s recently announced layoffs for 5,000 of its employees. It should be interesting to see if the layoffs turn around and lead to further stretching on this already-stretched out schedule.

Hopefully, Microsoft won’t let these delays stretch out too far. Enterprise buyers already waiting for Windows 7 and planning to jump straight from XP to the newest desktop will surely take heart from any further schedule lapses, making Vista’s problematic status only more so.


January 28, 2009  6:39 PM

Other Uses for a Bootable WinPE UFD

Ed Tittel Ed Tittel Profile: Ed Tittel

I’ve just finished writing a story for Tom’s Guide on using a bo0table WinPE UFD, and doing the research  for that story led me to a few interesting discoveries. First and foremost, no self-respecting Vista administrator should be without a bootable WinRE UFD–but perhaps, WinRE is more recognizable as the Windows Recovery Environment that you can fire up from the Windows Vista installation media.

It turns out, you can also follow my instructions on building a bootable WinPE UFD, and then use the imagex utility from the Windows Automated Installation Kit to capture the recovery environment Windows Image (.wim) file from your installation media. All you have to do then is swap the boot.wim file that my process creates in your ISO\sources directory with the boot.wim file that you export from your install media, and presto! you’ve got a WinRE console that boots in under two minutes, instead of having to wait three to five minutes for the same functionality to become available from the Vista installation DVDs.

Because I’m always messing with various Vista installs, I have to resort to the recovery environment at least once a week where I work. I’m guessing that busy system admins with any number of Vista machines to care for can beat that frequency with ease. In such cases, a bootable UFD with the WinRE console ready to hand can help save lots of wait time, and enable more “work time” on affected Vista systems.

Another, perhaps more esoteric use, might be on netbook PCs where disk space can be at a premium. I’m learning how to extend the WinPE environment to run other programs, including Windows Explorer (and some claim, even IE) from within the WinPE context. Because most simple Windows GUI apps (think items in the Accessories folder, as good examples of what this means) will already run in WinPE, it’s not hard to conceive that a somewhat extended WinPE environment could be workable for netbook users seeking to slim runtime system size to 0.5GB or smaller (by itself, the WinPE I describe how to build in my previous blog is about 367 MB in size; WinRE is less than 250 MB, but lacks network drivers and access).

As time goes by, I’m sure I’ll figure out some other cool uses for WinPE as well. If you know of any, please share them with me in the meantime!


January 21, 2009  6:11 PM

Playing with the Vista SP2 Beta

Ed Tittel Ed Tittel Profile: Ed Tittel

Over the past week or two, I’ve been messing around with the Windows Vista SP2 beta. For a release with beta status, it’s amazingly stable, and some of the new functionality is welcome (burning Blu-ray media works as advertised, and indeed wireless connectivity is a bit easier and more straightforward). The update roll-up makes it much more convenient to build a new system: by my seat-of-the-pants comparison it shaves about an hour off the time required to get a new Vista system up and running, thanks mostly to cutting the number of updates required from 60-plus to less than 10. By the time Microsoft released the RTM version the first number will undoubtedly grow, and the second number will depend on the time lag between the RTM date and the public (RTW) release date.

Some interesting observations when building Vista SP2 systems, or doing an upgrade:

  • Keep your drivers handy: although “normal Vista” finds and supplies drivers for all hardware components on my test systems, Beta SP2 somehow did away with some key elements, including network interface drivers, some mouse and keyboard drivers, and a few other odds and ends, mostly USB related.
  • Use on several notebook PCs shows improved power management promises are true, but not excessively dramatic. I observed battery life improvements of about 20-55 minutes on various systems, right at or under the 10% improvement Microsoft promises.
  • I read about but haven’t tested issues with Wireshark (WinPcap problems? Microsoft Monitor Driver, says VNUnet.com) related to an inability to capture dial-up or VPN sessions with this tool.
  • Though MS claims SP2 requires fewer resources for and better performance from Windows Sidebar, I wasn’t able to observe a noticeable difference between “before” and “after” systems (though Task Manager does report lower memory consumption).

Recent rumors (see the update to TechARP ED#106) indicate that the SP2 release has slipped by one month, as MS hunts down some substantial bugs. Apparently that now means RTM in April or later, with release to Web about six weeks thereafter. Stay tuned! I’ll keep you posted as things develop.


January 19, 2009  8:19 PM

MS eLearning Course 5352: Fundamentals of the Vista Startup Process

Ed Tittel Ed Tittel Profile: Ed Tittel

Starting Up Windows Vista covers hardware startup, BIOS, POST, then bootstrap load via MBR, and takes you all the way through the boot-up process until the initial log-in prompt appears, after which the login process, services start-up, and the overal startup process completes. I learned a fair amount from this course, although the material was already 90% familiar to me, thanks to over a year’s daily experience in working with Windows Vista.

Here’s how the course lays out

  1. Starting up Windows Vista
    1. Windows Vista startup process
    2. BIOS and MBR (Master Boot Record
    3. Windows Boot Manager in Windows Vista
    4. Windows Vista OS loader
    5. Interoperation with earlier Windows versions
  2. Logging On to Windows Vista
    1. Overview of User Logon Process
    2. Process for computer logon
    3. User and Kernel modes of operation
    4. Process for initializing drivers in Windows Vista
    5. Process for starting services in Windows Vista
    6. Process for User Logons in Windows Vista
  3. Using Other Start Mechanisms and Startup States
    1. Windows Vista Preinstallation Environment (WinPE)
    2. Pre-boot execution environment and Windows Deployment Services
    3. How Windows Vista Starts Up from the Network
    4. Additional Startup States in Windows Vista
    5. How Windows Resumes from the Sleep State
    6. How Windows Resumes from the Hibernate Stare
  4. Using Windows Advanced Boot Menu Options
    1. Windows Vista Advanced Boot Menu Options
    2. What is Safe Mode in Windows Vista?
    3. What is the LKGC Option in Windows Vista?
    4. What is Boot Logging?
    5. The Low Resolution Video Opotion
    6. Guidelines for selecting Boot Menu Options
  5. Lab: Managing the Vista Startup Process
    1. Scenario & Exercise Information
    2. Troubleshooting Missing Startup Files
    3. Troubleshooting Missing OS Files
    4. Launch Labs/Lab Review/Module Summary

Microsoft told me it would take about two hours to work my way through the class, and they were right. By and large, most of the material was well-presented and made a reasonable amount of sense. I found myself visiting TechNet a few times throughout the class when the level of detail didn’t quite go low enough to help me understand what was going on (more information about BCDedit, and a demo on running various boot-time utilities would have worked better for me than their simulated labs, wherein the interface didn’t work properly, or perhaps just not as it said it should).

This is definitely a class for those interested in learning more about Windows Vista’s inner workings. Was it worth $40. Maybe: I knew enough of this material already that I found myself wanting more, but then I have already worked with all/most of the facilities covered in the modules for the class. Somebody just digging into Vista would undoubtedly find it useful and informative, particularly if their prior experience had all been with XP and previous Windows versions (the Vista boot environment includes some significant additions to and changes from previous versions).

All in all it was a pretty interesting experience.


January 19, 2009  4:48 PM

Windows Malicious Software Removal Tool

Ed Tittel Ed Tittel Profile: Ed Tittel

Like clockwork, Microsoft proffers up a new version of the Windows Malicious Software Removal Tools on each and every Patch Tuesday. In January, 2009, that item is described in Knowledge Base article KB890830. This tool is not intended to replace anti-virus or anti-spyware tool, but it can be nice for Vista admins to recognize that the tool gets updated monthly and can more or less be guaranteed to be present on Vista PCs as long as:

  • Updates get pushed to Vista desktops regularly
  • The list of pushed updates includes the current Windows Malicious Software Removal Tool

Just for grins, I decided to dig up and learn the details involved in using this tool. The name of the executable file is mrt.exe, which is actually the recommended string to launch the tool as well (simply type mrt.exe into the Vista search box, and it’s off and to the races).

Once you fire off this program, it presents a window on the desktop that looks like this:

The Malicious Software Removal Tool Reports status as it scans

The Malicious Software Removal Tool Reports status as it scans

As it’s running, mrt.exe can consume some resources, however. Check out these screen caps from my Sidebar CPU usage widget and Task Manager’s process window, captured about the same time as the preceding screenshot:

CPU consumption usually runs about 25% for this program

CPU consumption usually runs about 25% for this program

Task Manager shows that the mrt process is pretty active

Task Manager shows that the mrt process is pretty active

The good thing about mrt.exe is that if admins need to help users cope with possible malware infestations on the road, it’s nearly always safe to assume that this tool will be available on the machine, ready to use to help track down and possibly clean up what ails it. That said, mrt.exe can be the only tool in the clean-up arsenal, where special purpose diagnostic tools such as HijackThis or various rootkit detectors must often play a role, and where special purpose one shot clean up tools from various antimalware vendors must also occasionally be called into play.

But as tools go, this one ain’t bad, and it’s never too far from any Vista machine, either. If there’s one downside to mrt.exe, it’s speed: on a test scan on my production Vista PC (Ultimate, with about 90 GB of files spread across 3 hard disks) the program took over 3 hours to perform a complete, in-depth scan of my system. Savvy admins will have tired road warriors fire this off before an extended break, or before bedtime, to help their charges avoid excessive losses of computing cycles on their traveling machines.


January 16, 2009  6:27 PM

Patch Tuesday Brings SMB Relief

Ed Tittel Ed Tittel Profile: Ed Tittel

Microsoft kicked off 2009 with a very interesting critical security update on the first “Patch Tuesday” of this year: MS09-001 Vulnerabilities in SMB Could Allow Remote Code Execution addresses issues with the Server Message Block Protocol that go all the way back to Windows 2000 (and would go further except that’s where the Microsoft  “update horizon” kicks in). This update address three vulnerabilities in all:

  1. SMB Buffer Overflow Remote Code Execution Vulnerability (CVE-2008-4834)
  2. SMB Validation Remote Code Execution Vulnerability (CVE-2008-4835)
  3. SMB Validation Denial of Service Vulnerability (CVE-2008-4114)

Of those three, the first is the scariest because it allows forged SMB packets to compromise a machine at the System level on any Windows PC running the Server service (except for Vista and Server 2008). That said, this is a “theoretically possible” exploit, rather than a known or demonstrated one. Number 2 is similar to number 1 except that it could affect Vista and Server 2008, but not in their default configurations. It’s more likely, in fact, that 1 and 2 will produce the same effects as number 3, and result in a denial of service for SMB hosts (again except for default Vista and Server 2008 configurations) than actually resulting in remote code execution. But whether you’re ducking a system takeover or just a DoS, this patch is definitely worth applying to your Vista systems anyway.

Other items from this Patch Tuesday include:

  • Updates for the various MS email (Outlook and MS Mail on most Vista machines) Junk Email Filters (KB959141 and KB905866)
  • Malicious Software Removal Tool for January, ’09 (KB890830)

These are entirely routine, and while worth grabbing, don’t really cry out for much attention or coverage. I also found a Realtek RTL8168B/8111B GbE Interface update in my queue, for several of my Vista machines including both notebooks and desktops, so I suspect others will see and welcome this driver update as well (installed without a glitch on all affected machines).


January 14, 2009  6:17 PM

Using the WinPE Boot UFD, Part 1

Ed Tittel Ed Tittel Profile: Ed Tittel

This weekend, I was fooling around with my Windows Home Server machine (a very nice HP EX475 MediaSmart Server) and found myself forced to repeatedly reinstall the Windows Home Connector software on one of my client machines. As I would learn from HP Tech Support, I was as much a victim of my own stupidity or lack of careful consideration of my install environment–I’ll tell you what happened to me in a minute, and you can make that call–as I was a victim of limitations in the software itself.

But during my troubles with the WHS connector, I downloaded and read Microsoft’s Troubleshooting WHS Connector Installation document and also grabbed its Windows Home Server Toolkit at the same time (note: this link points to the 32-bit version; a separate download is available for the 64-bit version). The only error this collection of tools and information couldn’t address was a claim of a version mismatch between my client machine and the WHS box itself; because the client actually copies that software from the server, I was mystified as to how this could be the case.

As it turns out, my client is running AVG AntiVirus 8.0 Free edition, and there’s something about this software that prevents the WHS connector from running properly on that machine and talking to the WHS box itself. I could remote desktop to the WHS server from the client, but the connector would hang as soon as it got past the login screen where I provided the administrative password that normally gives me access to the WHS console. As it turns out, something about AVG blocks IP name resolution for the server, because once the HP guy helped me pinpoint the package as the source of trouble–I disabled it, and presto! the console login completed without a hitch–a little further research showed me that adding a line into the hosts file to equate the server name with its IP address would fix the problem. And sure enough, with AVG re-enabled and the host patch in place, everything is now working as it should be.

I hope you’re asking yourself by now: what the heck does this have to do with the WinPE Boot UFD in the title of this blog? As it turns out, the help instructions for cleaning up the mismatch error that the connector troubleshooter was reporting for my notebook PC includes these instructions “On your home computer, delete the %ProgramFiles%\Windows Home Server folder if it exists. Well, it existed all right, but when I tried to delete the directory or its contents, even when using “run as Administrator,” those files stubbornly resisted deletion.

WinPE Boot UFD to the test, and ultimately, to the rescue! First, I had to change the boot device order on my notebook to hit “USB Storage Device” first. With that handled, the laptop opened a standard black-and-white progress bar at the bottom of the display, and indicated “Windows is loading files. . .”.  After a wait of about a minue, a standard “copyright Microsoft” light green progress bar flashed up for about 15 seconds, followed by a command window labeled Administrator: X:\Windows\system32\cmd.exe. To delete my resistant files I typed the following commands:

c:                                         :: change to C:\ drive
cd "C:\Program Files\Windows Home Server\" :: change to WHS directory
del *.*                                    :: delete all files
cd ..                                      :: move up one directory level
del "Windows Home Server"                  :: delete WHS directory
exit                                       :: Close WinPE (reboots system)

Everything worked like a charm and when I went back to check to the drive with Vista rebooted, sure enough those files and the directory were gone. I’ve blogged earlier about using the Linux-based TRK environment to solve this same kind of problem; it looks like this is the right Windows tool to address the same difficulty without having to venture beyond the Windows umbrella.

I’ll be working with the WinPE Boot UFD every chance I get, and keep reporting back here. If you know of any other good uses, or have an interesting and related story to tell, post a comment and I’ll put in the hopper for future coverage and inclusion, too.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: