Yesterday was the second Tuesday of the month, Microsoft’s customary day to unleash its latest batch of updates, fixes, patches, and so forth. The October 14 collection included 30 mandatory items on my Windows 8.1 and Office 2013 equipped desktops and notebooks, along with at least one optional item as well (a fix to avoid an unwanted camera switch on PCs with more than one camera attached: this usually means a tablet or mobile device with cameras fore and aft). Eight bulletins were released to address a total of 24 vulnerabilities that touch upon most modern Windows versions (server and desktop), the MS .NET Framework, MS Office, and most versions of Internet Explorer. The most current Security Bulletin Summary provides all the gory details, but I am coming to really appreciate the “summary graphic” from the talented art staff at ghacks.net which released this gem yesterday afternoon:
Most exploitable items are numbered zero; otherwise, bulletins are ranked by severity. Lots of action — and restart items — here.
The bulletins of greatest interest appear at the top of this very informative table:
- MS14-056: Critical: Cumulative Security Update for Internet Explorer (KB2987107)
- MS14-057: Critical: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (KB3000414)
- MS14-058: Critical: Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (KB3000061)
Microsoft also release three security advisories worth digging into this month as well — namely:
- 2871997 Update to Improve Credentials Protection and Management: designed to enhance and improve credentials protection and domain authentication controls to help reduce credential theft for Windows 7 and 8.1 versions plus Windows Server versions 2008 R2, 2012, and 2012 R2.
- 2949927 Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2: adds support for SHA-2 signing and verification functionality (not needed in Windows 8 and Server 2012 versions; already included therein).
- 2977292 Update for Microsoft EAP that enables the Use of TLS: Update to the MS Extensible Authentication Protocol (EAP) to enable use of TLS 1.1 or 1.2 through system registry modifications. Works for all modern Windows versions (7 and up on the desktop; 2008 R2 and 2012 on the server).
Admins planning for update deployments should also ponder the security advisories as well, and plan their next scheduled deployments as soon as their testing and open time slots will permit. There’s some important stuff in here!
Here’s something I hadn’t seen before, on the lighter side. Check out the following screen shot, which shows the Windows 7 game collection running on the Windows 8 desktop (it works on the Windows 10 preview, too, according to Russian blogger and Windows maven Sergey Tkachenko).
Windows 7 games windows on the left, Windows 8 system widget on the right, thanks to a clever tool.
The clever tool that makes this possible is a zipped install file at MediaFire.com entitled “Windows-7-Games-For-Windows-8-8.1-32-and 64-bit.zip.” Tkachenko describes the download and install process, liberally illustrated with screenshots, in a recent blog post entitled “Get Windows 7 games for Windows 10.” For long-time Windows users like me, who learned to appreciate these games as far back as Windows XP, this makes a welcome return possible for some familiar inhabitants of the Windows desktop. Today’s blog post certainly doesn’t count as anything more than a waste of time, but it does bring back some software I’m glad to be able to use again (and again…) myself. If you feel likewise, be sure to grab and install the afore-linked download!
My son’s desktop PC is a Haswell-vintage version of the excellent Dell XPS2720 touchscreen All-in-One. Mostly, it’s a solid, stable, and dependable machine. But in the last two weeks, the network connection — which comes through a Killer N1202 wireless 802.11n interface, there being no GbE access readily available in his bedroom — has gotten increasingly flaky. Last night, he told me he couldn’t get on the network at all, so while he was getting ready for bed, I launched into a little impromptu troubleshooting. In a clear-cut case of hubris, I thought to myself “How hard can this be?” And sure enough, it turned out to be pretty darn difficult.
The Symptoms and the Trouble
Each time I reboot the machine, the network comes up with the warning asterisk on the signal strength icon in the notification area. At first, I’m able to connect to our target home network (but the “View Connections” display shows far fewer local hotspots than usual; 2 instead of the usual screen full and more). But once the machine runs for two or three minutes, the network connection drops, and I’m unable to restore it without another reboot, and the same thing repeats ad nauseam.
At this point, I’m thinking “corrupt or failing driver,” so I start researching others reporting similar trouble. I find numerous posts on the community.dell.com servers from users running the N1202 on Windows 8.1 Update 1 and newer who are reporting similar symptoms, and even when Dell recommends uninstalling the current driver, then installing the latest version from the Qualcomm servers (the makers of the Killer N1202, having taken over the BigFoot operation a couple of years back), the problems aren’t always fixed.
First thing I try is the uninstall/install latest driver approach. The Killer N1202 works with a collection of software called the Killer Suite. It’s a Windows Store (Modern) UI app, and there’s no way to uninstall it through Programs and Features, nor does the program collection itself come with an uninstall utility. So I try out the newer version of that software (22.214.171.1243) to replace the current version (1.0.30…). That installer is smart enough to uninstall the old version before installing the new one, but that requires two reboots along the way: once after uninstalling the old version, and again after installing the new one. I grind through the process, then try to establish a network connection using the new driver. No joy, as so many other online users reported.
This is when things could get really interesting, in the sense of the famous Chinese curse (“may you live in interesting times”). But I don’t feel like a deep dive into driver troubleshooting, and the Dell Support Tech’s instructions to “restore to factory default settings” can’t work for me, because I’ve long since blown away that restore partition, en route to switching from a configuration with a small SSD acting as a cache for a large conventional HD, to a configuration with a 256 GB boot SSD, and using the 2GB HD solely as a data drive. If you want to see a pretty complete litany of troubleshooting approaches, check out this set of Microsoft Social Forums postings, with special attention to the sequence described by FelixLII on 4/27/2014.
Recalling the famous tale of the Gordian knot, I decide to adopt the “Alexandrine solution.” Because I keep a couple of cheapo, low-profile 802.11n USB NICs around (I picked them up from Newegg late last year for the entirely unimpressive price of $10 a pop), I simply installed one of them in one of the three unused USB3 ports on the back of the Dell unit. The OS immediately recognized the device, loaded the appropriate driver, and I was able to connect to my home’s WAP without difficulty. It’s hard to justify hours of extended troubleshooting when for $10 (which I can cheerfully confess is significantly lower than the value of an hour of my time) you can sidestep the issue completely and effectively. As an added bonus, overall performance is at least on par with the Killer NIC; better, if you factor in non-stop, ongoing operation without intermittent failures!
This approach — namely, blow off difficult troubleshooting with a balky peripheral, and replace said peripheral with a cheapo replacement — may not be viable in all situations, but it’s certainly something to bear in mind when replacement devices are inexpensive, easy to come by and install, and don’t impose much of a burden on the users who must live with the solution. If we were talking about a Surface Pro 3 with only a couple of USB3 ports on the tablet (and only 1 port into which the device will plug without a mini-USB to conventional-USB converter), it would be a totally different story. But for this story, I’m more than happy to accept this outcome and move on to other, more pressing problems. Wouldn’t you do the same, given those options?
It’s been five months since Microsoft’s Azure RemoteApp service went into preview and some users have turned into pseudo-IT pros out of necessity.
Two professors from Creighton University Heider College of Business in Omaha, Neb. recently began deploying a pilot test with approximately 100 students on their own. The school’s IT department was already committed to other projects so the professors were largely on their own.
The pilot test started because the University had problems supporting a mixed operating system environment for its students, said Trent Wachner, associate professor of marketing at Creighton University.
With students already bringing Macs, PCs and tablets, the professors needed to learn to deploy Windows applications to students efficiently.
“This platform benefits us in different ways,” said Charlie Braymen, assistant professor for the department of economics and finance at Creighton University. Students with Mac laptops needed access to Windows applications and software from the computers without having to go to a computer lab.
The business school tested a number of offerings including those from Citrix and VMware before turning to Azure RemoteApp.
One of the key benefits to Azure RemoteApp is its ability to scale and support occasional use or leverage heavy usage from students in an entire classroom, Braymen said. In addition, the professors use Azure RemoteApp to create custom images.
While the business school has not encountered many glitches so far, the one obstacle they had was when students all logged into the service at the same time.
“It took a while for the additional virtual machines to fire up,” said Braymen. The issue was resolved quickly. Microsoft adjusted the setup to increase the number of servers and CPU cores allocated, he added.
But even if the professors turned into pseudo IT-pros for this project, they still needed support from their own IT department. The service needed to be integrated into the college’s own campus authentication system, requiring help from Microsoft and the university’s IT department to resolve the issue as quick as possible.
Creighton’s Heider College of Business has so far had a positive experience but whether the university adopts the service throughout all its colleges is unclear. The business school is ready to roll out the service when Microsoft announces pricing and moves into general availability mode.
But service licensing issues remain. Microsoft still must clarify Azure RemoteApp’s licensing and pricing policies.
Indeed the business school is working through issues as to whether licenses available for one location can be used at another.
“It’s a work in progress,” said Wachner.
Some hiccups encountered
On the other hand, some testers have encountered hiccups with hybrid deployment and accessing OneDrive uploads.
Some reported challenges include Internet latency and file access problems with OneDrive and inability to attach files to emails. Others believe the core technology works but the management features are still in its infancy.
“The biggest difference between traditional RemoteApp and Azure RemoteApp is the management [of the service],” explained Gabe Knuth, a virtualization expert and TechTarget columnist, based in Omaha, Neb. “The protocols and operating systems are the same, but managing Azure RemoteApp from the cloud is not the same as managing RemoteApp locally.”
Issues such as hybrid deployment set up, configuration of the VPN, load control and custom apps are not easy to set up, said one tester.
The setup has been so difficult that blogger Freek Berson for The Microsoft Platform published a post teaching IT pros about how to set up an Azure RemoteApp hybrid deployment.
“The team is aware of these requests and interacting closely with customers to resolve issues…,” said Klaas Langhout, principal director for program management of Microsoft’s remote desktop group.
Most users and IT pros are cognizant the service is still in beta mode and work needs to be done before companies can deploy the service.
For now, whether one deploys the service or waits, companies needs to determine whether the Azure Remote App service is for them. Companies can also look at offerings like Amazon’s Workspace or other competitive DaaS products.
In my most recent prior blog, I observed that if you’re installing Windows 10 on a Windows 8.* machine, you can simply mount the ISO as a “virtual CD drive” and install from there. That said, it’s still possible, if not downright inevitable, that you’ll need to build a bootable UFD from which to install Windows 10, be that on bare metal machines or those running older OSes that can’t mount ISOs. Of course, you could use the same approach by turning to something like Microsoft’s own free Virtual CD-ROM Control Panel or the equally good — and free — SlySoft Virtual CloneDrive utility, both of which work on Windows XP, Vista, and 7 as well. But in many cases, it makes sense to build a bootable and portable install tool, and that’s where careful crafting of a UFD is helpful.
The Win10 desktop, post-installation, courtesy of the Windows Insider Program home page.
This led me to conduct some research on suitable tools for this purpose. To begin with, assuming source and/or target machines have USB3 ports, you’re best off choosing a 16 GB or larger USB3 flash drive. I’ve got speedy models from AData (S102 32GB) and Mushkin (Ventura Pro 64GB) that have served me very well for such use. USB3 really makes a difference and can cut image construction and installation times by just over half as compared to USB2 data transfer speeds.
Here’s a gotcha that explains some interesting problems I’ve had with earlier Windows 8 installations, but didn’t know why they happened. It turns out that Microsoft’s Windows 7 USB/DVD Download Tool is perfectly capable of digesting Windows ISOs (even Win8 versions) and of building bootable install UFDs from their contents. What it can’t do, however, is to create a tool that works to construct a UEFI boot environment for the OS, instead forcing its boot images back into a conventional BIOS-based boot approach. This is fine for older PCs, but when you want a UEFI boot environment, be it to take advantage of enhanced boot security, or simply to exploit the improved and enhanced functionality that UEFI brings to the boot environment, this simply won’t do.
Fortunately, there’s another excellent — and free — ISO to bootable UFD tool available, and it does an equally good job with UEFI boot environments as it does with BIOS boot environments. It’s called Rufus, and I blogged about it earlier this year (6/9/2014) in a post entitled “Rufus Makes Short Work of ISO-based Updates.” Thus, it’s the other half of my prescription for building a perfect ISO UFD for installing Windows 7, 9, or 10 — namely:
1. Start with a fast and reasonably capacious UFD (16 GB or better)
2. Use Rufus to transform your Windows ISO into a bootable runtime environment
The best thing about the outcome of this exercise is that the same resulting UFD works as well as a bootable repair tool as it does to install the OS around which the installation environment is built. A great and necessary element in most system admin’s toolkits, in fact. So: use and enjoy!
In addition to the Windows Insider Program, qualified MSDN subscribers can also grab the Windows 10 Technical Preview ISO files from the MSDN pages, where the New Subscriber downloads page looks like this at the moment:
Chances are high that most readers of this blog will want item 7 counting down from the top: the x64 English version.
For those installing on Windows 8.1, all you really need to do is to copy the ISO to a directory accessible on your system, then double-click that file in Windows File Explorer. It should mount as a CD drive, but if that doesn’t work you can select “Mount” from the pop-up right-click menu to achieve the same result. Then you need only navigate into that drive (or mount point, rather), where you’ll launch setup.exe from its root directory. This will commence the installation, and you’ll be off and running. Just remember: the usual rules on previews apply. You should always make a backup of your old system image before installing a new OS. On the off chance that something in the new install goes amiss, you can point the repair utility at that system image and restore it (which is why I usually copy such things to a fast, USB3 external drive to reduce overall rebuild time should that prove necessary). And remember, unless somebody comes out with a registry hack to cheat the “real Windows 10 installer” when it finally emerges next year, you’ll have to perform a clean install of the final version on the test machine that will be running the preview until that time comes.
OK, so MS has confounded the pundits and bloggers, and has skipped a version to announce its latest incarnation of the Windows desktop operating system as Windows 10, not Windows 9, or something else completely. At an event in San Francisco aimed at “enterprise”/business users, the company promised to re-establish continuity with older Windows versions, especially and including Windows 7, and to create an entirely desktop-friendly working environment, since most business uses for PCs aren’t exactly touch-oriented (or even touch-capable) at the moment. As has been reported for quite some time now, the Start menu is back, and while tiles remain visible on the desktop, the impetus to force users into the Modern UI has apparently been blunted, if not sidelined altogether. Even so, Windows 10 retains touch capabilities for touch-enabled systems, and will operate across a full spectrum of host devices, including not just PCs (be they desktops, laptops, notebooks, or Wintel tablets), but also “other” tablets (non-Wintel, that is), smartphones, and embedded systems.
A smattering of systems from tiny to titanic, all running Windows 10.[Source: Blogging Windows]
Microsoft VP Terry Myerson explained the reach of Windows 10 this way “It will run on the broadest types of devices ever, from the smallest ‘Internet of things’ device, to enterprise data centers worldwide. Some of these devices have 4-inch screens, and some will have 80-inch screens. And some don’t have any screens at all.” Figuring out the details of exactly how this is to be accomplished, and what it means to work across such a broad device spectrum, and what things must change or stay the same across all of them, will be some of the most interesting aspects of Windows 10 for early and experimental adopters to explore — including yours truly, as soon as I get the chance. MS also claims that the distinction between the Modern UI and the traditional desktop UI will no longer be important. In yesterday’s event, Joe Belfiore a VP with the OS group explained that “We want users on PCs with mice and keyboards to have their familiar desktop UI — a task bar and a start menu. And regardless of how an app was written or distributed to your machine, it works the way you expect.” Here again, it will be very interesting indeed to see how this plays out in actual practice.
As I write this blog post, the Windows Insider page is still proclaiming that it is “almost here.” Later today, users will be able to sign up for the program, and then download the technical preview. As with Windows Updates, I’m guessing that means 9 AM PST (UCT -08:00), which translates into late morning my time. I’ll be aiming my Fujitsu Q704 tablet hybrid machine at this software, and very interesting to see how it fits onto that temperamental hardware platform. Soon, we’ll all be finding out how much of the recent breathless hype translates into something of interest or use in the workplace. For more information on Windows 10 of the official MS variety, check out the Blogging Windows post entitled “Announcing Windows 10;” for third-party reporting and reaction, please run this Google Search.
OK, so maybe I’ve been reading too much science fiction lately, and perhaps I’m seeing patterns where they don’t exist. But please: ponder these data points and tell me if you can’t agree that Microsoft appears more poised than it has for a long, long time to break out of its corner of the market and start busting folding chairs over the heads of Android, Chrome OS, and Google Play?
1. Microsoft has made Windows 8.1 and Windows Phone available at no cost to OEMs on devices with screens 9″ or smaller (see Thurrott’s “Microsoft’s Master Plan for Winning Back Market Share” 9/28/14 over at WindowsITPro). Likewise, a low-cost version of Windows 8.1 called “Windows 8.1 with Bing” is also available to OEMs at a price carefully calculated to be cheaper to license than Android or Chrome OS.
2. MS has removed impediments on Android device makers designed to make it hard to run either Windows Phone or Android on the same device, so that device makers in search of better margins can easily switch from Android to Windows without making hardware changes to current designs (also discussed in the aforelinked Thurrott story).
3. Starting with Windows 8.1 Update 1 and going forward, MS has lowered the hardware bar on devices that can run Windows or Windows Phone. 1GB of RAM, and 16GB of flash is all it takes now, and that’s well within the purview of all but the cheapest Android devices out there. Thurrott observes that 15 new hardware partners showed up for Windows phone right after the changes were instituted, and that now Chrome PC makers are releasing Windows versions running on the same hardware (see also Thurrott’s 9/27/14 story “Better than Chromebook? A $250 PC Gets It Done” which explains pretty nicely how Windows PCs at the traditional Chrome PC price points might just represent a better bang for a relatively small number of bucks).
4. Today’s hot rumor on Neowin.net from Brad Sams indicated that the president of Microsoft Indonesia has said that “…for users upgrading from Windows 8 to Windows 9, the upgrade will be free” (Windows 9 said to be free…). Sams goes on to speculate that should MS do likewise for Vista and Windows 7 users, MS could stimulate more likely upgrades to the entire user base, especially if the company’s “…business model has changed from upfront payments to recovering revenue through its app stores” as he opines in that story.
Tell me, please: Am I adding 1+1+1+1 and coming up with more for the total resulting import than I should be? I don’t think so, but I could always be wrong. So tell me, readers, what do YOU think? I’m starting to believe that MS may be trying some creative disruption of its own, and that the apparent future of computing may not be quite as clear-cut, or as settled, as many pundits have considered it to be of late, with the ascendance of Google and Android assured, and MS gradually slinking off into the mist. Of course, MS won’t go gentle, but perhaps they won’t go anywhere at all. That’s what remains to be determined, and it should be interesting to watch…
DataNumen is a Hong Kong based software company that specializes in data recovery technologies. For an outfit I’d never come across before, I was interested to observe a who’s-who list of flagship customers for their software on the company’s “About” page that includes AT&T Global Network Services, GE, IBM, Dell, Motorola, Procter & Gamble, FedEx, Xerox, and HP, among many others. In addition to a suite of data recovery tools and an SDK to permit developers to integrate those tools into their own applications, DataNumen also offers an interesting collection of repair utilities for a broad range of file formats that includes major Office formats (Access, Excel, Word, Outlook, and so forth), ZIP, TAR, CAB, PDF, and other popular compressed archives or content delivery mechanisms. Most of those tools only perform analysis for free (in the trial versions available for free download), but the company’s DataNumen Disk Image (DDKI) tool is freeware that can copy or clone a disk at the byte level from a source to a target drive. As the company explains, this tool is useful for both data recovery and computer forensics uses, particularly when the source drive may be failing or corrupt. Because recovery inevitably involves writing new files as pieces of old ones get stitched back together to reassemble them in as close to their original form as technology allows, it’s often best to simply copy the original drive to another drive, and then to perform recovery on the copy rather than the original (and for forensics use, leaving the original unchanged is necessary to preserve the chain of evidence as well).
DDKI offers byte- and sector-level raw data copy/clone capability from a source to a target drive for all modern Windows versions (and older OS variants as well).
For those whose duties include the occasional data recovery job, DDKI is a worthwhile addition to their Windows utility toolkit, especially if that toolkit does not already include forensics software suites such as EnCase, FTK, TSK, ProDiscover, and so forth (all of which routinely also include low-level disk copy/clone utilities as well, albeit not freeware versions). Obviously, DataNumen makes this tool available for free to help stimulate sales of its other commercial recovery utilities, because one can’t really recover the files from a cloned drive without some kind of tool to pick up their pieces on disk and put them back together in readable form. But low level drive copy/clone capability is valuable all by itself, so kudos to them for giving it away.
In trolling over some of the Windows 8 Forums looking for “interesting” Windows 8 problems, I ran across numerous references to another nice tool from the folks at Piriform (about whose CCleaner free version I blogged recently). This one is called Speccy (which I assume speaks to its ability to elicit information about your PC, and what kinds of hardware and software it is using) and it provides useful information to those looking for specifics about their machines. Here’s the program’s Summary page:
Your PC summary in Speccy includes basic info and temps for devices that measure them.
Over the years, I’ve gotten hooked on a commercial software package from Gabe Topala called SIW Pro (System Information for Windows) that does much the same thing as Speccy. It’s an excellent program, but I pay around $5 a year per copy for 10 or so copies (it costs $10 for the first year, $5 thereafter). After spending a couple of days with this program, I’ve observed that Speccy does enough of what SIW does for admins to consider making it a part of the standard utility directory on PC images they construct or, if they prefer not to put such tools in the hands of their users, to add to their standard traveling toolkit.
In particular, I found the “Device Tree” information which appears buried at the bottom of the Operating System pane to be especially interesting and informative. It unpacks the results of Windows device enumeration into a tree structure that you must expand manually, node-by-node. This takes a little time and effort but does reveal lots of detailed information about the devices Windows sees on your PC. For my PC, for example, it showed me exactly which storage devices are attached to the Marvell 91xx SATA controller, versus those attached to the Intel SATA ACHCI Controller, something I’d had difficulty determining up to that point without opening and closing lots of windows in Device Manager. Not even SIW makes this information readily available, and not in such clear form.
This tool is definitely worth checking out for sysadmins and power users. I’m adding it to my standard toolkit, in fact.