Windows Vista SP1

Vista SP2 Inches Closer to Completion and Release

Last week, Microsoft an RC (Release Candidate) build for Windows Vista/Server 2008 SP2 through the Microsoft Connect program to a select group of pre-qualified beta testers. According to Mary Jo Foley’s ZDNet coverage on this topic, the latest build number is 6002.16670.091030 (she got this from Ars Technica, who also indicate the opportunity to grab this item ended on Saturday, February 21, and who also provide a list of all 600-plus hot fixes integrated into this upcoming release). Those interested in testing this beta should pay special attention ot the “known issues” list for this RC update that falls into general headings for application compatibility, IIS, SQL and Server 2008, with information on details and workarounds where applicable.

For most of us, this event provides confirmation that Microsoft’s planned release date in April, 2009, for Vista and Server 2008 SP2 is holding firm. System administrators in companies and organizations that have already migrated to Vista or Server 2008, or whose plans indicate sizable deployments by mid-2009, are urged to keep an eye out for the public beta of SP2 (which should occur some time in March) so they can start testing for compatibility issues, deployment considerations, and configuration necessities prior to rollout.

Just FYI, SP1 will remain a pre-requisite to SP2 (the installation process checks to make sure SP1 has been installed, and for incompatible drivers). If SP1 is missing, it must first be applied before SP2 can be installed: that’s to keep the size of the download/install files down which otherwise would have to include all 600-plus hotfixes and so forth.

Windows Service Pack Blocker soon to lose XP (SP3), Vista (SP1) blocks

Since December 2007, Microsoft has offered a Windows Service Pack Blocker Tool Kit to organizations that wish to prevent deployment of service packs in their environments. Blogging for the Vista Team Blog, Microsoft Windows Communication Manager Matt LeBlanc indicated on 1/29/2008 that this tool will soon relinquish its ability to block XP SP3 and Vista SP1. The expiration date for XP SP3 is 5/19/2008 and for Vista SP1 is 4/28/2009, each 12 months to the day from the original release of those service packs, and each in keeping with the tool’s stated ability to block current service packs up to 12 months after their release dates. After these dates, these SPs will be available directly from Windows Update.

With Vista and Windows Server 2008 shortly to become the focus of a shared SP2 release (currently guesstimated for April, 2009), this tool retains its capability and may be used to block or defer installation of this new SP for up to 12 months after its eventual general availability date. The Blocker offers admins three different ways to manage Service Packs:

• An MS-signed executable that manages a Registry Key (in HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate) to block or allow Windows Update delivery of a current SP.
• A script that works like the MS executable except that it allows the admin to supply the name of a remote machine where the block/unblock operations may be performed.
• An administrative (.ADM) template that permits admins to import GPOs to block or unblock delivery of SPs into a Group Policy environment.

As Microsoft observes in connection with the Blocker “this toolkit will not prevent the installation of the service pack from CD/DVD, or from the stand-alone download package. This simply prevents the service pack from being delivered over Windows Update.”

For environments where more time is often needed to test and accommodate SPs, the Blocker can be a handy tool. As long as admins understand it does not last forever–in fact, a year from the SPs general availability date is as much leeway as it can provide–the tool can be a useful element in their Vista, XP, and Windows Server 2008 toolbox.

More about Windows Installer CleanUp

On October 15, I wrote a blog called “Toward a more positive Vista uninstall experience,” in which I mentioned Revo Uninstaller and Microsoft’s Windows Installer CleanUp utility.

Recently, I came across an article by Lance Whitney on TechNet entitled “Utility Spotlight: Windows Installer CleanUp Utility” that might be worth a visit for those interested in that tool. Also, my colleague and occasional co-author Toby Digby–who works with me on the informative and eclectic Vizta View website–recently contacted me to share hispositive experiences in working with the for-a-fee Total Uninstall 5 product.

What this $40 program (that’s for up to 4 computers, a single computer license costs $30) does that Revo Uninstaller does not do is to detect and remove invalid or partial/failed installs and remove them on your behalf. In fact, as long as the program is installed and monitoriing your system when this occurs, it can reverse complete or partial installs with ease. It can also survey your system and detect already-installed applications, and assist with their removal as well. It uses a TripWire-like before and after snapshotting mechanism to document what apps do when they install themselves (the graphical tree this program creates to illustrate those changes is almost worth the price of admission all by itself), including all new or changed Registry items and filesystem entries.

If you’re in the market for Vista uninstall utilities, you might want to add Total Install 5 to your short list of items worth checking out, in other words. You won’t be sorry you did.

Essential out-of-cycle IE security update now available

When Secunia calls a Windows security update “extremely critical” you know a serious vulnerability is being patched. The Windows security community has been abuzz since last week when a number of remote code execution vulnerabilities originally thought limited only to IE 7 turned out to affect other IE versions, and to involve general XML vulnerabilities as well. For more information on the update see “Microsoft Security Advisory (961051) Vulnerability in Internet Explorer Could Allow Remote Code Execution” and “Microsoft Security Bulletin MS08-078 - Critical.”

Security Bulletin MS08-078 specifically mentions IE 5, 6, and 7, as well as Windows 2000, Windows XP, and Windows Vista on the desktop front, plus Windows Server 2003 and Windows Server 2008, in both 32- and 64-bit versions (where applicable). This update is also associated with Pointer Reference Memory Corruption Vulnerability - CVE-2008-4844 from the Common Vulnerability and Exploits database.

The nature of the vulnerability is called “Remote Code Execution” which essentially means that an attacker can take over a system and run any code he or she wishes to at a very high level of privilege. Please visit Windows Update and download this security fix for testing and evaluation as soon as possible. Zero-day exploits have already been reported, and it is regarded as an active and hostile threat.

Digging into Crash Dumps? Try Dumpchk first

There’s no question that the Windows Debugger (windbg.exe) is a nonpareil tool when it comes to troubleshooting source code or digging into Vista crashdumps. But with the program’s requirement for current debug symbols, complex syntax (the downside of amazing functionality is detailed and demanding syntax), and vast power comes a certain amount of effort required to get things set up and working properly. If all you want is a quick peek at certain key fields in a full-blown crash dump (C:\Windows\Memory.dmp by default) or a minidump file (C:\Windows\Minidump\Minimmddyy-0x, where mmddyy maps into 120808 for December 8, 2008, and the x represents which minidump acquired that day you’re after, so that my December 8, 2008 mindump file is named Mini120808-01.dmp) the lightweight dumpchk.exe utility may be more to your liking.

Given the following filename example, here’s a pared-down snapshot of the command line input for dumpchk and its response:

c:\Temp>dumpchk c:\Windows\Minidump\Mini120808-01.dmp -e
Loading dump file c:\Windows\Minidump\Mini120808-01.dmp
----- 32 bit Kernel Mini Dump Analysis

DUMP_HEADER32:
MajorVersion        0000000f
MinorVersion        00001771
KdSecondaryVersion  00000000
DirectoryTableBase  dc05e3e0
PfnDataBase         8236b850
PsLoadedModuleList  8234bc70
PsActiveProcessHead 82341990
MachineImageType    0000014c
NumberProcessors    00000004
BugCheckCode        00000101
BugCheckParameter1  00000031
BugCheckParameter2  00000000
BugCheckParameter3  803d1120
BugCheckParameter4  00000001

The key information appears in the BugCheckCode entry (this maps to the Windows Stop error code that shows up on a bluescreen), and the four parameters that follow. A quick Google search on the Stop Error code presented as a Hexadecimal number of the form 0×00000101 is usually all it takes to find guidance on causes and potential fixes for such errors. In this case, I had to accept a light slap on the wrist for excessive over-clocking on my QX9650 processor and turn the clock rate back down in my PC’s BIOS (a reduction from 3.5 to 3.2 GHz did the trick nicely).

Sure Windbg.exe will do the same tricks, and a whole lot more, but why not use the quick’n’dirty dumpchk.exe if it will do the trick. If you download the Windows XP SP 2 Support Tools (Windows validation is required) you can grab and use dumpchk.exe on Windows Vista without difficulty.

A Somewhat Hidden Secunia Benefit

Last week I blogged about Danish information security firm Secunia’s outstanding Network Software Inspector. In that capsule summary I neglected to mention that Secunia sends out e-mail updates to all registered users any time the rules base gets updated.

This turns out to have significant value, of course, because some updates are more important than others–Microsoft Security Updates are probably the best example, especially those pushed to Windows Update outside the usual Patch Tuesday cycle. In this case, my reminder came in the form of an observation that Sun had released a new set of Java and Java Runtime Executable (JRE) updates, which addressed some reasonably serious (Category 4) vulnerabilities from the previously-current version.

This was all the information I need to go out and grab the updates for the various Vista and XP machines that I work on every day. In an enterprise setting, the same email can trigger the download-test-push cycle that’s more typical for updates in such environments. Either way, timely access to this kind of information is absolutely invaluable, and lets us all respond more quickly as and when known vulnerabilities are patched or fixed.

The Secunia vulnerability scanning toolset is a good one, and this real-time e-mail update service only makes it better. I hope you’ll check it out, and try it out, in your own environments.

–Ed–

Rough Dates Leaked for Vista SP2

Adrian Wong’s TechARP Web site (here ARP stands for “Adrian’s Rojak Pot” not “Address Resolution Protocol” BTW) has been a reliable source of advance information about upcoming Windows Service packs for some time now. Just before Thanksgiving he disclosed some information about the next Vista Service Pack (Vista SP2, that is) which is probably of great interest to IT professionals who feed and care for Vista installed bases of any size. Apparently SP2 for Windows Server 2008 will also ship on this same schedule (but that’s outside my bailiwick so I won’t say more about it here, though you can find details in the pointers at the end of this blog).

Here’s the scoop on projected dates:

• Windows Vista SP2 release candidate should hit some time in February, 2009
• Windows Vista SP2 RTM (release to manufacturing) should follow a couple of months later, in April, 2009
• Dates for release online and through Windows Update have yet to be determined, but will occur in several waves, by language. As with Vista SP1 and XP SP3, English, German, Japanese, French and Spanish will probably come first, followed by Chinese, Korean, and Brazilian Portugese next, with other languages later still. If those recent releases are any indicator, the first wave will follow about three weeks after RTM, and the second six more weeks after that. Thus, we’re looking into May for the first wave and June or July for the second one.

The major updates in SP2 are said to include the following items:

• Windows Search 4.0, to deliver speedier, more accurate searches on the desktop
• Bluetooth 2.1 Feature Pack, to deliver support for the more recent Bluetooth Technology spec, especially beneficial for battery life when wireless human interface devices–namely, mice and keyboards–are in use
• native Vista support for burning to Blu-ray disks
• updates to Windows Connect Now (WCN) to offer improved, simplified Wi-Fi Configuration
• adds UCT timestamp support to exFAT file system used on Flash drives, and permits proper time synchronization across time zones

Of course, there will also be the usual roll-up of patches, fixes, and security updates since SP1 became available on 3/4/2008 (RTM, we actually didn’t see it online until about three weeks later in the month). But it looks like there will actually be some useful functionality upgrades, especially for Blu-ray burners, Bluetooth, Wi-Fi, and Flash drive file systems. Likewise, any slippage that occurs will also be interesting to follow (dates may slip out further and are much less likely to slide in closer).

The original source for this information comes from two TechARP editorials:
1. ED#107: Latest Details on Windows Vista Service Pack 2
2. ED#106: Windows Vista Service Pack 2’s Latest Release Schedule

More Out-of-Cycle Vista Updates Post

On 11/25/2008 Microsoft pushed a slew of updates out the door For Windows Vista, as follows:

• KB957321 - An update to add support to the XMP specification for complex data types in the Windows Imaging Component
• KB959108 - An update is available that disables the collection and transfer of Software Quality Metrics data by the Windows Portable Device (WPD) API
• KB959130 - When you run the “Connect to the Internet” Wizard and select the “Browse the Internet now” option, Internet Explorer starts instead of the default Web browser that you set in Windows Vista or in Windows Server 2008
• KB957241 - Updates for Microsoft Office Access 2007 Help (dated 11/12/2008 in the KB article, but didn’t actually get out until 11/25).
• KB949104 - More enhancements/changes to the Windows Update Agent (WUA) that interacts with Windows Update to search for and download updates from a remote server. Permits further auto-updating of WUA itself.

Except for the WUA item (KB949104), which is marked “Important,” the rest of these items are marked “Recommended.” The whole release, with the possible exception of that WUA item, leaves me scratching my head a little, wondering why MS felt compelled to push these updates out of cycle, rather than waiting for next Patch Tuesday (12/9/2008) to come around. In poking around on various Microsoft Vista and Windows Update newsgroups I don’t see much cause for urgency or alarm in any of these updates, though a few MS Office users do report problems with various applications after applying the help updates (including those posted on 11/12/2008 for most other major Office components).

What is interesting in this batch is the version number associated with the WUA update (7.2.6001.788). Unless my eyes deceive me, and my wits have deserted me, this is the first appearance of a Windows 7 component in the public eye, for general consumption. Most Vista SP1 version numbers take the form 6.0.6001.18000 or something similar, where the 6 stands for “Windows 6″ (Vista) and the 6001 indicates the SP1 build number; this version number combines a Windows 7 reference and the 6001 build number in a single item. I can’t help but wonder what it portends.

Those Vista admins whose charges use MS Office will probably want to push the Access Help update out, and their need for WUA updates will depend on how they handle Windows Updates internally within their organizations (I suspect most will not need it, because they use their own tools to push updates to user machines). The items may require some compatibility testing to determine whether or not they should be pushed out. On the face of what they cover, however, I see no compelling reasons not to wait and handle this other stuff when the next Patch Tuesday strikes on 12/9/2008.

Explorer Crashes? ShellExView to the Rescue!

I’ve grappled with this problem on various Vista systems for over a year now. A user will be tooling along merrily in Vista on his or her desktop when all of a sudden BAM! Explorer.exe crashes, and automatically restarts itself. A look into the Event Log on the affected desktop usually produces an Event 1000 Error, with the following General log entry:

Faulting application Explorer.EXE, version 6.0.6001.18000, time stamp 0×47918e5d, faulting module unknown, version 0.0.0.0, time stamp 0×00000000, exception code 0xc0000096, fault offset 0×027262f3, process id 0xc44, application start time 0×01c94d7badff6da6.

The two keys to unraveling this problem are the identification of Explorer.exe (which your users will tell you about anyway) and the privileged exception error code 0xC0000096. If you research this history of this code along with explorer.exe, you won’t find much about it on Vista per se, but there are plenty of postings on this topic related to XP. Further digging reveals that file associations active inside Explorer, especially those that invoke non-Microsoft viewers (as when, for example, you designate WinZIP as the default tool for opening .ZIP files, or Paintshop Pro as the default for .jpg, .gif, and .png files) can sometimes cause delays in getting Explorer to open drive icons (it’s chasing viewers down to populate listings with thumbnails in case you wonder why this happens), and can also cause occasional, apparently random crashes as various activities you undertake cause Explorer to refresh views of a drive or folder.

There’s a nifty little freeware program available from Nirsoft called ShellExView that will show you all of the Shell Extensions installed on Windows Vista (and thus also, part of Windows Explorer). By carefully disabling third-party (non-Microsoft, that is) shell extensions inside Explorer–especially those your users never touch, and therefore don’t need anyway–you can usually stop these problems dead in their tracks. When you see how many file extensions appear on a typical desktop (the one shown has 341 shell extensions installed, of which just over 30 come from third parties, and the rest from Microsoft) you’ll develop a profound appreciate of how the occasional tangle here could easily cause problems.

ShellExView lists active 3rd-party extensions in pink, disabled ones in gray.

The accepted technique for troubleshooting such issues is to start by disabling all non-MS shell extensions, then re-enable third-party entries in vendor-specific groups to isolate the offending party or parties. My experience has been that you can disable those that aren’t used without any difficulty, then concentrate on those that are used. I’ve been able to identify the culprits in most cases by doing away with unused shell extensions, and have never had to spend more than 15 minutes running down other culprits.

Try it: you’ll find ShellExView to be a very useful tool.

Exam 70-625 TS: Connected Home Integrator

At last, a Vista exam title that you can get out of your mouth out loud without having to stop halfway through to draw breath! That said, this Technology Specialist exam is not without some interesting twists and turns, and includes coverage of Windows Home Server as well as numerous aspects of Windows Vista. Candidates typically come from the ranks of retail support operations who can recommend, implement, and (most important) troubleshoot connected solutions based on Windows Vista. Some experience in installing Vista, managing Vista security, and troubleshooting Vista networking issues is also required, with a minimum of six to twelve months in harness as a retail support technician.

The only preparation tools available for this exam come from a handful of e-learning offerings:

• Collection 7038: Microsoft Consumer Technology Solutions Sales and Technical Training
• Course 7040: Designing and Building a Consumer Technology Network
• Course 7041: Setting up Windows Vista for a Consumer Technology Solution
• Course 7043: Configuring and Troubleshooting Networking in a Consumer Technology Solution
• Course 7044: Setting Up Windows Home Server for a Consumer Technology Solution

To follow one list with another, here’s a rundown on the skills measured table from the Exam Page:

• Installing or upgrading Windows Vista:
  prepare a system for clean install or upgrade, deploy Vista from upgrade or clean install, perform post-install tasks, and troubleshoot deployment issues.
• Configuring connected solutions:
  Configure Windows Media Connect and Media Sharing, Configure MS Xbox 360 and Media Center Extender v1 for Media Sharing, and Configure Media Center Extender v2.
• Managing and maintaining Windows Vista systems:
  Configure an troubleshoot security for IE7, troubleshoot Windows Firewall and Defender issues, apply software updates, set up user accounts and parental controls, and troubleshoot issues using Reliability and Performance Monitor.
• Configuring Windows Home Server (WHS):
  Set up WHS, add users and media to WHS, set up PC backup within a WHS network, restore PCs within a WHS network, and troubleshoot issues with WHS or networking.

It’s interesting to note that the total count for those who’ve taken this exam and earned the TS: Windows Home Integrator credential stands at a relatively miniscule 235 as of 10/27/2008. The exam went live in August, so that shows less than 100 people passing this test per month, on average. Interesting exam but perhaps not as commercially viable a focus as Microsoft might like it to be? Only time will tell, and it will be equally interesting to see if the run rate climbs, holds steady, or falls in the months ahead. I’m not sure if there are enough people working at the intersection of Windows Vista and Windows Media technologies to make this credential truly popular, but we’ll be finding out!