I’ve been working in some depth around Windows security topics since 1997, when I began teaching Windows hardening classes at Interop with my colleague and co-author James Michael Stewart. In 2003, I started researching malware topics and tools, a quest that eventually led to my 2005 book “Fighting Spyware, Viruses, and Malware” for PC Magazine Press. Along that path, I became familiar with Swedish infosec firm Secunia, whose many threat and vulnerability warnings, proof of concept exploits, and timely malware information always proved accurate and reliable.
Yesterday, Secunia released a final version (184.108.40.206) of its Personal Security Inspector, a free, single-shot vulnerability scanner that examines Windows PCs running Windows 2000, Windows XP, Windows Server 2003, and Windows Vista to make sure that Windows Updates are current and correct, and that checks installed applications to make sure they are also patched and up-to-date. The tool flags unpatched code, and end-of-life programs that are no longer being updated, to help individuals update or replace potential sources of vulnerability on their desktops.
For enterprise use, Secunia also makes a Network Software Inspector (NSI, currently at version 2.0) available to companies and organizations that want to perform similar scans on the PCs on their networks. At 20 Euros per machine per year (about $25.68 at today’s exchange rates), it’s not too different from what the Microsoft Baseline Security Analyzer (MBSA) can do for Windows and MS apps. But when you add its substantial (over 7,000 programs) database of applications with security status, and its built-in, easy-to-use, and intelligible remediation advice, NSI comes out way ahead at a very reasonable per-user cost (contact Secunia sales for purchases of over 50 seats, where discounts begin to kick in).
If you’re interested in trying out this outstanding tool, you can download a 30-day evaluation copy at no charge. It’s definitely worth digging into further for those companies or organizations seeking to deploy a good vulnerability scanner, or those interested in replacing their current scanner with something better and more capable.
On a personal note, let me wish all my readers and their families a happy holiday, with plenty of quality leisure time and good eats. I’m off shortly to pick up a brined Kosher turkey, and expect wonderful results when it emerges from the oven tomorrow afternoon.
I’ve grappled with this problem on various Vista systems for over a year now. A user will be tooling along merrily in Vista on his or her desktop when all of a sudden BAM! Explorer.exe crashes, and automatically restarts itself. A look into the Event Log on the affected desktop usually produces an Event 1000 Error, with the following General log entry:
Faulting application Explorer.EXE, version 6.0.6001.18000, time stamp 0x47918e5d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000096, fault offset 0x027262f3, process id 0xc44, application start time 0x01c94d7badff6da6.
The two keys to unraveling this problem are the identification of Explorer.exe (which your users will tell you about anyway) and the privileged exception error code 0xC0000096. If you research this history of this code along with explorer.exe, you won’t find much about it on Vista per se, but there are plenty of postings on this topic related to XP. Further digging reveals that file associations active inside Explorer, especially those that invoke non-Microsoft viewers (as when, for example, you designate WinZIP as the default tool for opening .ZIP files, or Paintshop Pro as the default for .jpg, .gif, and .png files) can sometimes cause delays in getting Explorer to open drive icons (it’s chasing viewers down to populate listings with thumbnails in case you wonder why this happens), and can also cause occasional, apparently random crashes as various activities you undertake cause Explorer to refresh views of a drive or folder.
There’s a nifty little freeware program available from Nirsoft called ShellExView that will show you all of the Shell Extensions installed on Windows Vista (and thus also, part of Windows Explorer). By carefully disabling third-party (non-Microsoft, that is) shell extensions inside Explorer–especially those your users never touch, and therefore don’t need anyway–you can usually stop these problems dead in their tracks. When you see how many file extensions appear on a typical desktop (the one shown has 341 shell extensions installed, of which just over 30 come from third parties, and the rest from Microsoft) you’ll develop a profound appreciate of how the occasional tangle here could easily cause problems.
The accepted technique for troubleshooting such issues is to start by disabling all non-MS shell extensions, then re-enable third-party entries in vendor-specific groups to isolate the offending party or parties. My experience has been that you can disable those that aren’t used without any difficulty, then concentrate on those that are used. I’ve been able to identify the culprits in most cases by doing away with unused shell extensions, and have never had to spend more than 15 minutes running down other culprits.
Try it: you’ll find ShellExView to be a very useful tool.
At last, a Vista exam title that you can get out of your mouth out loud without having to stop halfway through to draw breath! That said, this Technology Specialist exam is not without some interesting twists and turns, and includes coverage of Windows Home Server as well as numerous aspects of Windows Vista. Candidates typically come from the ranks of retail support operations who can recommend, implement, and (most important) troubleshoot connected solutions based on Windows Vista. Some experience in installing Vista, managing Vista security, and troubleshooting Vista networking issues is also required, with a minimum of six to twelve months in harness as a retail support technician.
The only preparation tools available for this exam come from a handful of e-learning offerings:
- Collection 7038: Microsoft Consumer Technology Solutions Sales and Technical Training
- Course 7040: Designing and Building a Consumer Technology Network
- Course 7041: Setting up Windows Vista for a Consumer Technology Solution
- Course 7043: Configuring and Troubleshooting Networking in a Consumer Technology Solution
- Course 7044: Setting Up Windows Home Server for a Consumer Technology Solution
To follow one list with another, here’s a rundown on the skills measured table from the Exam Page:
- Installing or upgrading Windows Vista:
prepare a system for clean install or upgrade, deploy Vista from upgrade or clean install, perform post-install tasks, and troubleshoot deployment issues.
- Configuring connected solutions:
Configure Windows Media Connect and Media Sharing, Configure MS Xbox 360 and Media Center Extender v1 for Media Sharing, and Configure Media Center Extender v2.
- Managing and maintaining Windows Vista systems:
Configure an troubleshoot security for IE7, troubleshoot Windows Firewall and Defender issues, apply software updates, set up user accounts and parental controls, and troubleshoot issues using Reliability and Performance Monitor.
- Configuring Windows Home Server (WHS):
Set up WHS, add users and media to WHS, set up PC backup within a WHS network, restore PCs within a WHS network, and troubleshoot issues with WHS or networking.
It’s interesting to note that the total count for those who’ve taken this exam and earned the TS: Windows Home Integrator credential stands at a relatively miniscule 235 as of 10/27/2008. The exam went live in August, so that shows less than 100 people passing this test per month, on average. Interesting exam but perhaps not as commercially viable a focus as Microsoft might like it to be? Only time will tell, and it will be equally interesting to see if the run rate climbs, holds steady, or falls in the months ahead. I’m not sure if there are enough people working at the intersection of Windows Vista and Windows Media technologies to make this credential truly popular, but we’ll be finding out!
Another doozy of a title, this exam is likely to appeal to IT professionals who work with Vista in all situations (SOHO, SMB, tech support, enterprise, and so forth) and of all stripes (help desk, tech support, IT administration, and so on). As with other exams in the 70-620 through 70-625 Vista sequence, this one’s Preparation Guide follows the old-style format. In short, anybody who deploys or maintains Windows Vista desktops is likely to benefit from studying for and taking this exam, even though its official target audience is candidates with “a minimum of one year of experience managing day-to-day issues with desktop deployments.”
There’s one more incredibly useful nugget inside this prep guide. It reads: “This exam is the Windows Vista version of Exam 74-134: Pre-Installing Microsoft Products and Technologies, [and is] focused on the OEM Pre-Installation Kit (OPK).” Why so? Because you’ll find some great links to study materials for the other exam on its prep page (linked at the head of this paragraph) that don’t appear on the 70-624 exam page.
The prep tools and resources that appear on the 70-624 page include the following:
- Classroom training: Course 5105: Deploying Windows Vista Business Desktops and Course 5058: Deploying Microsoft Office 2007 Professional.
- e-learning offerings: Collection 5058: Deploying 2007 Microsoft Office System Client Products.
The lack of books and complete e-learning coverage explains nicely why the 74-134 page is referenced, and also why it’s a good idea to dig up its study material citations to help you get ready for this exam as well.
Skills measured on the 70-624 exam break down as follows:
- Deploying 2007 MS Office System:
Configure MS Office settings & components, install 2007 MS Office system, and migrate from earlier MS Office versions.
- Configuring Windows Vista Automated Installation Settings:
Configure Vista automated install settings, manage Windows Vista catalogs, add device drivers to Vista installs, manage Windows components, and configure and manipulate Windows Imaging Format (WIM) images.
- Deploying Windows Vista:
Deploy Vista using Lite Touch Installation (LTI) and Zero Touch Installation (ZTI), customize Windows Preinstallation Environment (PE), and troubleshoot deployment issues.
- Using Business Desktop Deployment (BDD) Workbench:
Install BDD, configure distribution point in BDD 2007 Workbench, create a reference computer image, manage XML files in BDD Workbench, automate 2007 MS Office system installation, and customize and maintain Windows PE in BDD Workbench.
- Application Compatibility Toolkit (ACT):
Install and configure ACT 5, deploy ACT 5 agents, report application compatibility, and fix compatibility issues.
- Managing User State Migration:
Upgrade user state from XP to Vista, automate user state migration, manage Vista deployments using SMS 2003, determine Operating System Deployment (OSD) prerequisites, install and configure SMS 2003 OSD Feature Pack, and troubleshoot and plan for user state migrations.
There’s a lot more to this exam than the title conveys, especially where automation, deployment, and user state migration are concerned. This one’s going to take some work and experience to get through, so be prepared to invest substantial time and effort in preparing, unless you work with these tools and technologies on a daily basis. My guess is that those conditions hold only in enterprises or outside services companies big or specialized enough to have their own Vista deployment teams. How many of those can there be? The total count for MCTS: Business Desktop Deployment certified professionals as of 10/27/08 is 4,868, so the answer could be: “More than you think!”
Occasionally, admins need to break the rules that Vista applies–sometimes quite severely–to its users. Case in point: Vista absolutely refuses to permit any account to delete files from the %windir%\System32 and %SystemDrive%\Program Files directories. You can try all kinds of contortions: changing permissions, forced delete utilities, command line install repair console, and so forth, to get rid of such things without success.
On the other hand, there is sometimes virtue in booting a Vista machine with a different operating system when the time comes to violate such rules and restrictions. Belgian developer Tom Kerremans (who goes by the nomme de wire “Harakiri”) has created a bootable ISO image called the Trinity Rescue Kit (TRK) that can help savvy admins to sidestep such restrictions, when they have Vista problems that they know how to fix, but simply can’t fix inside Vista itself.
For the issue described (deleting files in restricted Vista directories) you can copy the ISO image to a USB Flash drive (assuming your Vista PC’s BIOS will let you boot from such a device) or burn a bootable CD from that image (Alex Feinman’s ISO Recorder PowerToy makes this quite easy to do). When you boot from the TRK image, it does a very good job of recognizing Windows system hardware and loading the correct drivers to create a workable Linux command line environment (bash for those who appreciate the various shell possibilities this might mean).
After that, you can use Kerreman’s mountallfs -g shell script to mount all of your NTFS drives for access inside TRK. As it happens, the -g switch is absolutely essential, because the default NTFS driver loaded when this parameter is missing preserves Vista’s NTFS restrictions, and won’t let you delete or alter protected files, either! With the right mountpoints loaded, you can use the ls, cd, rm, and rmdir commands to navigate to the drive you want to manage, jump into the target directories, and delete what you like. In my case, I used this facility to delete the %windir% and %SystemDrive%\Program Files directories from an old former system/boot drive I had converted to a data drive in the wake of the crash of the other drive in a mirrored pair. In a more typical case, admins might use this capability to remove pesky malware-related .exe or .dll files from either or both of these directories.
Other useful TRK facilities include NTFS boot sector repairs (relocntfs), a mass clone (mclone) utility to clone Vista images over the network to multiple machines using multicast IP, a Windows install locator (winpass), remote access support (TRSP), various drive rescue tools (ddrescue and dd_rescue, memtest86+ version 2.01, and a whole bunch more. For a more in-depth look at TRK (a couple of versions back: the package is currently at 3.3 and the review is 3.1) check out Mayank Sharma’s review at Linux.com.
Another gargantuan title not only heads up this exam, but also helps to tell would-be candidates if this represents their particular cup or tea or not. Like 70-622, 70-623 features another old-fashioned exam page. Along with exam 70-620, passing this exam qualifies individuals for the MCITP Customer Support Technician credential. Although this is not strictly an enterprise-focused Vista certification is remains pretty germane to such operations, especially those that operate their own help desks or tech support operations, or who want to establish sufficiently high bars for their vendors to jump to make sure outsourced service or support meets their needs.
The target position for this credential is somebody who works as a consumer, customer, or user support technician. To succeed with this exam, candidates should be experienced across a range of desktop OSes, applications, and mobile devices. They should also have some experience (more is better) in handling network, malware, and hardware support issues from reporting through research and investigation into reporting and resolution phases. Likewise, candidates need experience in implementing, managing, and troubleshooting desktop OSes in stand-alone or SOHO network situations.
Here’s the drill on the preparation tools and resources available for this exam:
- Classroom training: Course 5118: Maintaining and Troubleshooting Windows Vista Computers, and Course 5119 Supporting the Windows Vista Operating System and Applications.
- e-Learning offerings: Collection 5366: Maintaining and Troubleshooting Computers Running Windows Vista, Collection 5372: Deploying Windows Vista Desktop Images and Applications, and Collection 4379: Supporting Windows Vista for the Consumer Support Technician. Those who already hold an MCDST can also dig into Collection 5104: Upgrade Skills to Support Windows Vista Consumers.
- MS Press book: There’s a Self-Paced Training Kit available for Exam 70-623 as well.
Here are some highlights of what this exam covers (for all the gory details, check out the “Skills Measured” table on the exam page; as with other exams, configuration and troubleshooting element recur repeatedly throughout this entire list):
- Install and Upgrade Windows Vista:
Evaluate potential upgrade enviornments, prepare to install Vista, troubleshoot and resolve installation issues, likewise for post-install issues.
- Post-Installation: Customize and Configure Settings:
Configure Sidebar, Aero, user accounts, and evaluate user requirements to recommend, set up, and configure desktop apps, then recommend appropriate settings by evaluating user systems to optimize performance.
- Configure Vista Security:
Work with Windows Security Center, firewalls, Windows Update, Defender, parental controls, IE 7, UAC, and data protection settings and configuration.
- Configure, troubleshoot, and repair networking:
Work with network protocols, network services (client side), Network and Sharing Center, wireless networking, file and print sharing, and Media Center settings, configuration, and troubleshooting.
- Install, Configure, and Troubleshoot Devices:
Connect peripherals; install, configure, and troubleshoot: mobile devices, digital cameras and camcorders, media devices, and printers, fax machines, and copy devices.
- Troubleshoot and repair Windows Vista:
Diagnose specific issues, repair a corrupted OS, and remove malware from a client system.
Where over 7,000 of the MCITP Enterprise Support Technician credentials have been granted as of October 2008, only 987 hardy souls had completed the MCITP Consumer Support Technician credential by that same date. What does this say about the relative importance or popularity of these two credentials? Perhaps that enterprises understand the need for certification (as do their employees) more than do independent or in-store support or help desk operations. This exam is probably not as important for enterprise types, unless they run their own support or help desk operations that include in-home support for mobile, telecommuting, temporary, contract, or other off-site workers. In such situations, however, it should be absolutely invaluable.
Wow! What an exam title, eh? Interestingly, 70-622 also still sports an old-fashioned exam page, too. Along with 70-622, this MCITP exam qualifies those who pass it to earn the MCITP Enterprise Support Technicican credential, however. Together those two exams sum up the requirements for that particular certification.
Microsoft lists the following items under its “Preparation tools and resources” heading:
- Classroom courses: 5118 Maintaining and Troubleshooting Windows Vista Computers, and 5119 Supporting the Windows Vista Operating Sytem and Applications.
- E-learning offerings: Collection 5366: Maintaining and Troubleshooting Computers Running Windows Vista, and Collection 5372: Deploying Windows Vista Desktop Images and Applications.
- MS Press books: MCITP Self-Paced Training Kit (Exam 70-622) Supporting and Troubleshooting… (you know the rest: book title matches exam title).
Here are some highlights of what this exam covers (for all the details see the “Skills Measured” table on the exam page; configuration and troubleshooting topics are covered throughout):
- Deploying Windows Vista:
Analyze environment and select appropriate deployment method; prepare system for installation (clean or upgrade install); and deploy Vista from a custom image.
- Managing Vista Security:
Manage IE 7 security; apply security updates; work with UAC; manage resource access and security issues.
- Managing and maintaining Vista Systems:
Working with policy settings, Task Scheduler, Event Forwarding, Windows Update, and performance and reliability issues.
Network protocols, networks services at the client level, remote access, wireless networking, network security, and network resource access.
- Supporting and maintaining desktop applications:
support deployed applications, software restrictions, and maintain desktop applications.
So far, just over 7,000 of these certifications have been granted, which makes it neither the most nor the least popular of the MCITP designations. That may reflect its deep and broad coverage of Vista application deployment tools and technologies. Veteran Microsoft cert guy Andy Barkl took the beta version of this exam in September 2007, and wrote up a nice overview for MCP Magazine at that time. He also provides good pointers to other Microsoft materials available online through TechNet that proved useful for his exam preparations; you’ll probably find it useful, too.
This is one of the most important exams for those who work with Vista in an enterprise setting. Though you’ll want to take enough time to prepare for it properly (and neither the foregoing summary of exam objectives nor the information on the MS exam page really do its coverage complete justice, owing to the wealth of details and information these items cover), you will also learn a lot as you get ready to take this exam. Highly recommended.
This exam applies only to those who’ve earned the Microsoft Certified Desktop Support Technician, or MCDST, credential for Windows XP who wish to upgrade their coverage to include Windows Vista. As such, it is probably of little interest to anyone except the nearly 50,000 individuals who have earned this credential according to Microsoft’s latest certification counts. Nevertheless, I include 70-621 here in the interests of complete coverage of MS Vista-related certification exams.
A quick visit to its exam page shows that it still adheres to the “old school” of layout and formatting, as opposed to others in this series (see 70-620, for example). My guess is that this is a deliberate decision on Microsoft’s part, because of the ceiling on the potential audience and the relatively short period of time that this upgrade will retain its appeal, with Windows 7 now very much in the offing, probably no further out than 2010. Then, too, the 70-621 counts only towards two certifications–namely MCTS Windows Vista Configuration and MCITP Enterprise Support Technician, which also limits the reach of this topic’s coverage and consequence. But 70-621 also satisfies the same requirements as 70-620 as well, so perhaps this exam is really just coat-tailing its immediate numerical predecessor.
this probably also explains why there’s some significant overlap between the content and coverage of 70-620 and 70-621. Recommended courses include 5119 Supporting the Windows Vista Operating System and Applications and 5118 Maintaining and Troubleshooting Windows Vista Computers. Corresponding e-learning offerings include Collection 5347 Installing and Configuring Windows Vista, Collection 5354: Configuring Windows Vista Networking and Security, and Collection 5360 Configuring Windows Vista Applications and Devices, though Collection 5103 Upgrade Skills to Configure Windows Vista may be of more interest and relevance to MCDST holders. Not surprisingly, the 70-620 and 70-622 Self-Paced Training Kits from MS Press are cited as the relevant prep books.
In fact, other than to point you at the Skills measured matrix on the 70-621 page, I’m going to punt here with the rest of this exam description and say: re-read 70-620 then go ahead to 70-622 (as soon as it’s available) to get the rest of the details. That’s because 70-621 is primarily a conflation of 70-620 and 70-622, though it does skip some basic details and information that already-experienced support personnel will already have mastered.
In digging up the info on this, the first in my series of four MCTS and MCITP Vista-related exams that I’ll be covering over the next week or so, I discovered that Microsoft has finally changed the format for its exam pages. I’ve been tuning into these documents since the late 1990s and it’s nice to see that they’ve finally gotten a facelift (looking at the source, I can see that MS has switched from HTML 4.01 to XHTML 1.0, and the markup looks programmatically generated, but I can’t find any evidence for the tools used to generate it except the file extension .aspx which would indicate ASP.NET is involved). If you take a quick look at the 70-620 exam page, you’ll see exactly what I mean.
The 70-620 counts toward a surprising number of credentials:
- Microsoft Certified IT Professional (MCITP): Consumer Support Technician
- Microsoft Certified IT Professional (MCITP): Enterprise Support Technician
- Microsoft Certified Systems Administrator (MCSA) on Windows Server 2003 and Microsoft Windows 2000
- Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003 and Microsoft Windows 2000 Server
- Microsoft Certified IT Professional (MCITP): Enterprise Administrator
This exams aims to certify that individuals have at least one year of experience working in IT, often providing telephone support at the tier-1 or tier-2 levels across various types of environment that range from retail stores, to medium sized companies, to enterprise environments. General areas of knowledge required to pursue this exam include networking, desktop operating systems, security, and end-user applications, plus basic administrative tasks including solving logon problems, resetting passwords, and supporting desktop applications.
The exam’s coverage is broken into seven areas:
- Installing and Upgrading Windows Vista
Covers the basics of hardware requirements and compatibility checks (e.g. Windows Vista Upgrade Advisor), performing a clean installation, upgrading to Vista from an earlier Windows version or from one version of Vista to another, troubleshooting installation issues, and installing and configuring Windows Vista drivers.
- Configuring and troubleshooting post-install system settings
Includes troubleshooting post-install configuration difficulties, configuring and troubleshooting Aero, parental controls, and Internet Explorer (version 7 is the primary current focus).
- Configuring Windows Security features
Working with User Account Control (UAC), Windows Defender, Dynamic Security for IE 7, and security settings in Windows Firewall and Windows Firewall with Advanced Security.
- Configuring network connectivity
Configuring networking through the Network and sharing centers, troubleshooting connectivity issues, and configuring remote access (Remote Desktop Connection).
- Configuring applications included with Windows Vista
These include media applications (Media Center, Media Player), Mail, Meeting Space, Calendar, Fax and Scan, plus the Windows Sidebar.
- Maintaining and optimizing systems that run Windows Vista
This means troubleshooting performance issues, using built-in tools to troubleshoot reliability issues (System Health Check, Reliability Monitor, Problem Reports and Solutions, and so on), plus configuring Windows Update and data protection.
- Configuring and troubleshooting mobile computing
This entails managing mobile display settings, and configuring mobile devices, Tablet PC software, and power options.
In the new exam page format, Microsoft not only lists relevant Classroom training courses, it also lists e-learning items as well as Microsoft Press books that focus on the exam. All in all this exam should help IT professionals establish a solid working knowledge of basic Vista operation, installation, configuration, and troubleshooting. As we’ll see in the next exams, things quickly get more complex and interesting from here.
OK, OK. I know I promised to dig into the various Windows Vista certification exams in their MCTS (Microsoft Certified Technical Specialist) and MCITP (Microsoft Certified IT Professional) programs as my next series of blogs. But hey! I found a resource that relates strongly to all of these credentials, and promises to impact your general learning and preparation experience for any or all of the required exams involved in a positive–and affordable–way. What am I talking about? Why it’s the Windows Vista e-Learning catalog page in the Microsoft Learning Web site, of course!
There are over 70 Vista e-Learning courses available. They cost anywhere from $15 to $192, and include small, focused items at lower prices, and collections of e-courses for higher prices, many of which target specific Vista-related certifications and/or related topics, including
- :Course 5232: Planning for 2007 Microsoft Office System Client Deployment
- Collection 5366: Maintaining and Troubleshooting Computers Running Windows Vista
- Course 5371: Advanced Troubleshooting with Windows Sysinternals Tools
- Course 5384: Protecting Against and Removing Malicious Software on Windows Vista
- Course 5381: Installing, Configuring, and Troubleshooting Client Applications in Windows Vista
- Collection 5379: Supporting Windows Vista for the Consumer Support Technician
- Collection 5106: Upgrading Enterprise Desktop Support Skills to Windows Vista
- Collection 5372: Deploying Windows Vista Desktop Images and Applications
Of course, there are oodles and oodles more of these items you can explore at the catalog page, but you’re bound to find multiple topics of interest there if you do a little digging. The value for the training offered is good, as is the coverage, so please consider adding this resource to your arsenal of potential Vista certification preparation tools.
Next blog: I promise to start with the MCTS credentials for Windows Vista. I swear!