For most of us, this event provides confirmation that Microsoft’s planned release date in April, 2009, for Vista and Server 2008 SP2 is holding firm. System administrators in companies and organizations that have already migrated to Vista or Server 2008, or whose plans indicate sizable deployments by mid-2009, are urged to keep an eye out for the public beta of SP2 (which should occur some time in March) so they can start testing for compatibility issues, deployment considerations, and configuration necessities prior to rollout.
Just FYI, SP1 will remain a pre-requisite to SP2 (the installation process checks to make sure SP1 has been installed, and for incompatible drivers). If SP1 is missing, it must first be applied before SP2 can be installed: that’s to keep the size of the download/install files down which otherwise would have to include all 600-plus hotfixes and so forth.]]>
With Vista and Windows Server 2008 shortly to become the focus of a shared SP2 release (currently guesstimated for April, 2009), this tool retains its capability and may be used to block or defer installation of this new SP for up to 12 months after its eventual general availability date. The Blocker offers admins three different ways to manage Service Packs:
As Microsoft observes in connection with the Blocker “this toolkit will not prevent the installation of the service pack from CD/DVD, or from the stand-alone download package. This simply prevents the service pack from being delivered over Windows Update.”
For environments where more time is often needed to test and accommodate SPs, the Blocker can be a handy tool. As long as admins understand it does not last forever–in fact, a year from the SPs general availability date is as much leeway as it can provide–the tool can be a useful element in their Vista, XP, and Windows Server 2008 toolbox.]]>
Recently, I came across an article by Lance Whitney on TechNet entitled “Utility Spotlight: Windows Installer CleanUp Utility” that might be worth a visit for those interested in that tool. Also, my colleague and occasional co-author Toby Digby–who works with me on the informative and eclectic Vizta View website–recently contacted me to share hispositive experiences in working with the for-a-fee Total Uninstall 5 product.
What this $40 program (that’s for up to 4 computers, a single computer license costs $30) does that Revo Uninstaller does not do is to detect and remove invalid or partial/failed installs and remove them on your behalf. In fact, as long as the program is installed and monitoriing your system when this occurs, it can reverse complete or partial installs with ease. It can also survey your system and detect already-installed applications, and assist with their removal as well. It uses a TripWire-like before and after snapshotting mechanism to document what apps do when they install themselves (the graphical tree this program creates to illustrate those changes is almost worth the price of admission all by itself), including all new or changed Registry items and filesystem entries.
If you’re in the market for Vista uninstall utilities, you might want to add Total Install 5 to your short list of items worth checking out, in other words. You won’t be sorry you did.]]>
Security Bulletin MS08-078 specifically mentions IE 5, 6, and 7, as well as Windows 2000, Windows XP, and Windows Vista on the desktop front, plus Windows Server 2003 and Windows Server 2008, in both 32- and 64-bit versions (where applicable). This update is also associated with Pointer Reference Memory Corruption Vulnerability – CVE-2008-4844 from the Common Vulnerability and Exploits database.
The nature of the vulnerability is called “Remote Code Execution” which essentially means that an attacker can take over a system and run any code he or she wishes to at a very high level of privilege. Please visit Windows Update and download this security fix for testing and evaluation as soon as possible. Zero-day exploits have already been reported, and it is regarded as an active and hostile threat.]]>
Given the following filename example, here’s a pared-down snapshot of the command line input for dumpchk and its response:
c:\Temp>dumpchk c:\Windows\Minidump\Mini120808-01.dmp -e Loading dump file c:\Windows\Minidump\Mini120808-01.dmp ----- 32 bit Kernel Mini Dump Analysis DUMP_HEADER32: MajorVersion 0000000f MinorVersion 00001771 KdSecondaryVersion 00000000 DirectoryTableBase dc05e3e0 PfnDataBase 8236b850 PsLoadedModuleList 8234bc70 PsActiveProcessHead 82341990 MachineImageType 0000014c NumberProcessors 00000004 BugCheckCode 00000101 BugCheckParameter1 00000031 BugCheckParameter2 00000000 BugCheckParameter3 803d1120 BugCheckParameter4 00000001
The key information appears in the BugCheckCode entry (this maps to the Windows Stop error code that shows up on a bluescreen), and the four parameters that follow. A quick Google search on the Stop Error code presented as a Hexadecimal number of the form 0×00000101 is usually all it takes to find guidance on causes and potential fixes for such errors. In this case, I had to accept a light slap on the wrist for excessive over-clocking on my QX9650 processor and turn the clock rate back down in my PC’s BIOS (a reduction from 3.5 to 3.2 GHz did the trick nicely).
Sure Windbg.exe will do the same tricks, and a whole lot more, but why not use the quick’n'dirty dumpchk.exe if it will do the trick. If you download the Windows XP SP 2 Support Tools (Windows validation is required) you can grab and use dumpchk.exe on Windows Vista without difficulty.]]>
This turns out to have significant value, of course, because some updates are more important than others–Microsoft Security Updates are probably the best example, especially those pushed to Windows Update outside the usual Patch Tuesday cycle. In this case, my reminder came in the form of an observation that Sun had released a new set of Java and Java Runtime Executable (JRE) updates, which addressed some reasonably serious (Category 4) vulnerabilities from the previously-current version.
This was all the information I need to go out and grab the updates for the various Vista and XP machines that I work on every day. In an enterprise setting, the same email can trigger the download-test-push cycle that’s more typical for updates in such environments. Either way, timely access to this kind of information is absolutely invaluable, and lets us all respond more quickly as and when known vulnerabilities are patched or fixed.
The Secunia vulnerability scanning toolset is a good one, and this real-time e-mail update service only makes it better. I hope you’ll check it out, and try it out, in your own environments.
Here’s the scoop on projected dates:
The major updates in SP2 are said to include the following items:
Of course, there will also be the usual roll-up of patches, fixes, and security updates since SP1 became available on 3/4/2008 (RTM, we actually didn’t see it online until about three weeks later in the month). But it looks like there will actually be some useful functionality upgrades, especially for Blu-ray burners, Bluetooth, Wi-Fi, and Flash drive file systems. Likewise, any slippage that occurs will also be interesting to follow (dates may slip out further and are much less likely to slide in closer).
The original source for this information comes from two TechARP editorials:
1. ED#107: Latest Details on Windows Vista Service Pack 2
2. ED#106: Windows Vista Service Pack 2′s Latest Release Schedule
Except for the WUA item (KB949104), which is marked “Important,” the rest of these items are marked “Recommended.” The whole release, with the possible exception of that WUA item, leaves me scratching my head a little, wondering why MS felt compelled to push these updates out of cycle, rather than waiting for next Patch Tuesday (12/9/2008) to come around. In poking around on various Microsoft Vista and Windows Update newsgroups I don’t see much cause for urgency or alarm in any of these updates, though a few MS Office users do report problems with various applications after applying the help updates (including those posted on 11/12/2008 for most other major Office components).
What is interesting in this batch is the version number associated with the WUA update (7.2.6001.788). Unless my eyes deceive me, and my wits have deserted me, this is the first appearance of a Windows 7 component in the public eye, for general consumption. Most Vista SP1 version numbers take the form 6.0.6001.18000 or something similar, where the 6 stands for “Windows 6″ (Vista) and the 6001 indicates the SP1 build number; this version number combines a Windows 7 reference and the 6001 build number in a single item. I can’t help but wonder what it portends.
Those Vista admins whose charges use MS Office will probably want to push the Access Help update out, and their need for WUA updates will depend on how they handle Windows Updates internally within their organizations (I suspect most will not need it, because they use their own tools to push updates to user machines). The items may require some compatibility testing to determine whether or not they should be pushed out. On the face of what they cover, however, I see no compelling reasons not to wait and handle this other stuff when the next Patch Tuesday strikes on 12/9/2008.]]>
Faulting application Explorer.EXE, version 6.0.6001.18000, time stamp 0x47918e5d, faulting module unknown, version 0.0.0.0, time stamp 0×00000000, exception code 0xc0000096, fault offset 0x027262f3, process id 0xc44, application start time 0x01c94d7badff6da6.
The two keys to unraveling this problem are the identification of Explorer.exe (which your users will tell you about anyway) and the privileged exception error code 0xC0000096. If you research this history of this code along with explorer.exe, you won’t find much about it on Vista per se, but there are plenty of postings on this topic related to XP. Further digging reveals that file associations active inside Explorer, especially those that invoke non-Microsoft viewers (as when, for example, you designate WinZIP as the default tool for opening .ZIP files, or Paintshop Pro as the default for .jpg, .gif, and .png files) can sometimes cause delays in getting Explorer to open drive icons (it’s chasing viewers down to populate listings with thumbnails in case you wonder why this happens), and can also cause occasional, apparently random crashes as various activities you undertake cause Explorer to refresh views of a drive or folder.
There’s a nifty little freeware program available from Nirsoft called ShellExView that will show you all of the Shell Extensions installed on Windows Vista (and thus also, part of Windows Explorer). By carefully disabling third-party (non-Microsoft, that is) shell extensions inside Explorer–especially those your users never touch, and therefore don’t need anyway–you can usually stop these problems dead in their tracks. When you see how many file extensions appear on a typical desktop (the one shown has 341 shell extensions installed, of which just over 30 come from third parties, and the rest from Microsoft) you’ll develop a profound appreciate of how the occasional tangle here could easily cause problems.
ShellExView lists active 3rd-party extensions in pink, disabled ones in gray.
The accepted technique for troubleshooting such issues is to start by disabling all non-MS shell extensions, then re-enable third-party entries in vendor-specific groups to isolate the offending party or parties. My experience has been that you can disable those that aren’t used without any difficulty, then concentrate on those that are used. I’ve been able to identify the culprits in most cases by doing away with unused shell extensions, and have never had to spend more than 15 minutes running down other culprits.
Try it: you’ll find ShellExView to be a very useful tool.]]>
The only preparation tools available for this exam come from a handful of e-learning offerings:
To follow one list with another, here’s a rundown on the skills measured table from the Exam Page:
It’s interesting to note that the total count for those who’ve taken this exam and earned the TS: Windows Home Integrator credential stands at a relatively miniscule 235 as of 10/27/2008. The exam went live in August, so that shows less than 100 people passing this test per month, on average. Interesting exam but perhaps not as commercially viable a focus as Microsoft might like it to be? Only time will tell, and it will be equally interesting to see if the run rate climbs, holds steady, or falls in the months ahead. I’m not sure if there are enough people working at the intersection of Windows Vista and Windows Media technologies to make this credential truly popular, but we’ll be finding out!]]>