Windows Enterprise Desktop

March 28, 2011  1:30 PM

Another interesting update lesson thanks to Secunia PSI

Ed Tittel Ed Tittel Profile: Ed Tittel

With six or seven computers around my office at any given time, in various states of (dis)repair, I find myself devoting at least three or four hours a week to system checkups, diagnoses, updates, and repairs or upgrades. When something like Windows 7 SP1 comes along that number hits a temporary spike but otherwise, this is a pretty consistent number (it also includes fiddling with new programs, drivers, and other aspects of PC maintenance).

This weekend, I cranked up my favorite problem child PC, an HP HDX 9203W (aka “The Dragon”) for which HP doesn’t support Windows 7 (they stopped updating software for this machine at Vista). When I ran my usual weekly Secunia check, I realized this machine had been off since before last Patch Tuesday (March 8th) because a slew of updates was waiting for me to install on that machine, including the ultimate Patch Tuesday (PT) tip-off, the Windows Malicious Software Removal Tool x64 – March 2011 (KB890830). But every time I tried to run the whole batch up updates en masse the update process would hang and never even get to downloading files. In other words, something in the batch was causing the update process to fail.

I started knocking off the March PT elements one at a time. All of the important updates went through single-file without a hitch:

  • Update for Windows 7 for x64-based systems (KB2524375)
  • Update for Windows 7 for x64-based systems (KB2505438)
  • Security Update for Windows 7 for x64-based systems (KB2479943): This is the one that Secunia noticed was missing, and what clued me in to the need for a visit to Windows Update.
  • Windows Malicious Software Removal Tool x64 – March 2011 (KB890830)
March 2011 Silverlight Security Update wouldn't install

March 2011 Silverlight Security Update would not install

It was the optional update for Silverlight [Security Update for Microsoft Silverlight (KB978464)] that was hanging. Next, I tried a couple of different installation techniques: by itself from Windows update, then from the standalone KB download link, both without success. Along the way, Windows 7 continued to perform the installation after I triggered a system restart with a new pre-shutdown message “Installing update. Do not power off your PC until installation is complete.” No dice for any scenario.

After reading up on Silverlight, I learned that MS issues a new version of the install executable each time it issues a Silverlight update. So I used a workaround to fix the problem instead: I uninstalled the old version that I couldn’t patch for whatever reason, then simply installed a brand-new version with changes already incorporated. This went without a hitch, and Windows Update even gave the system a clean bill of health when I performed a post-install check to make sure everything had worked as it should have. I’m still not sure why the Silverlight update wouldn’t install on the Dragon, but at least I found a way around that problem and have caught the machine up. It will be interesting to see if I need to go through the same manuevers the next time a Silverlight security update hits.

March 25, 2011  2:39 PM

Firefox 4 Downloads Dwarf IE 9’s

Ed Tittel Ed Tittel Profile: Ed Tittel

Holy moly! Firefox 4 hit the streets on Tuesday, March 22, and quickly blew away IE 9 download numbers from the previous week. By the end of the first day, the count topped 4.7 million (ahead of IE 9’s 2.35 million in its first 24 hours, as tallied in this CNET story), and it topped 10 million by the end of Day 2 (Wednesday, 3/23: PC Magazine reports that it hit this milestone by 4:30 PM Eastern time that day). As I write this blog, the number at the FireFox 4 Download Stats page is climbing up from 24 million, as shown in this screen cap:

On Friday, 3/25, the download count topped 20 million

On Friday, 3/25, the download count topped 20 million

That’s an impressive daily run rate so far. Already at just after 9 AM CDT (-06:00 UCT) the daily average is over 6 million for the first four days, and with 15 hours left to go in that day, it could conceivably wind up somewhere between 7 and 8 million per day by the time the clock hits midnight (a straight-line extrapolation says it will be just over 7 million but that doesn’t factor any acceleration in). But the current tally clearly demonstrates that the daily rate is accelerating from day 1, and might conceivably go as high as 175% of the first day’s numbers by the end of today, day 4. This may not wind up as high as the 8 million copies of Firefox 3 downloaded in 2008 on its first day outing, but it’s certainly sustaining itself quite nicely.

In seeking to explain why Firefox is zooming past IE9, the aforecited PC Mag article provide an entirely credible hypothesis that with over half of all PC users still running Windows XP, Firefox 4 has a much bigger audience than IE 9, which runs only on PCs with Windows Vista or Windows 7 installed (Vista’s market share is now just over 11% and Windows 7 is clocking in at just over 23%, but XP still enjoys a market share of over 55%, according to today’s Operating System Market Share numbers at What that really means is that the total percentage of users that Firefox 4 can reach is almost three times as large as the one IE 9 can serve. Seems like an entirely plausible analysis to me!

I’m running Firefox 4 on several machines now, and I already like it much better than version 3.6.3 I had been running previously. It’s more streamlined, and much faster than its predecessor. With snappy svelte new versions of Chrome, IE 9, and Firefox 4 all recently on the streets, the browser game has certainly picked up lately, hasn’t it?

March 23, 2011  2:54 PM

IE9 Sets New Download Record

Ed Tittel Ed Tittel Profile: Ed Tittel

As of March 16, Ryan Gavin at Microsoft reported that IE9 more than 2.35 Million downloads of IE occurred in the first 24 hours following its release on Monday night, March 14, 2011. He also reports that this works out to 27 downloads every second over that period. Wow!

These numbers represent more than double the download rate for the IE9 Beta upon its release, and quadruple the rate for the IE9 Release Candidate as well.

So far, I’m running IE9 on a single machine in my office (on my HP i7 quad core notebook). I’m still learning how to drive the UI and haven’t quite learned all the ins and outs yet, but I can say I like the more compact layout better than IE8. It also runs perceptibly faster than IE8 does on equivalent hardware. It still doesn’t keep up with the latest Chrome in its support for HTML5, though matters on that front have improved somewhat. I’m going to take this one slow and get to know the program better before I roll it out to all my machines.

March 17, 2011  3:52 PM

Secunia Supplies Continuing Reminders of the Interesting State of Software Security

Ed Tittel Ed Tittel Profile: Ed Tittel

I run Secunia PSI on all of my networked PCs (which means “all my PCs,” in fact). Every now and then, the program smacks me with forcible reminders of how interesting it can be for network admins to keep up with an ever-changing landscape of patches, fixes, and updates.

As the updates hit, my synch level has had some misses lately

As the updates hit, my synch level has had some misses lately

Two cases in point on my production PC this morning:

  • Secunia informed me that my Citrix WebApp plug-in was out of date and that a newer version was available. But because I’m not a licensed Citrix user at present (I was working as a contractor for a chemical company last year, and got the plug-in from them so I could use their VPN) I wasn’t able to download the latest version (no license, no access, as is perfectly understandable). I ended up having to find the directory in which the plug-in resided, and then having to manually delete same, to clear the warning on my machine. No big deal: I’m not using it anymore anyway.
  • Secunia also let me know that a new version of Chrome 10.x was out (and wow! the first one only shipped last week: those Google guys move fast!). I clicked the About menu entry in the program and it informed me that Chrome was up-to-date. So I had to go to the Chrome download page, then download and install the latest version to clear that warning.

It just goes to show you that when it comes to keeping up with software updates, it’s not always a push-button, completely automated affair. Sure, Secunia will indeed update lots of stuff for you, but there’s always something that automation doesn’t catch (my lack of Citrix download access on the one hand, and Chrome’s refusal to recognize it needed updating on the other). That’s when an admin has to step in, figure out what’s broke, and fix it the old fashioned way: diagnosis, analysis, repair, and post-assessment. I guess we should all be glad: otherwise, somebody in Pune or Hyderabad would be taking care of my machines for me, and I’d be out of a job.

[Note to the wonderful folks at Secunia, whose PSI is a real Godsend to me: my final remark about being out of a job is purely metaphorical, all my systems are in my home, and not part of a commercial enterprise. Please! Don’t take my licenses away.]

March 14, 2011  1:57 PM

Windows 7 and Restore Points

Ed Tittel Ed Tittel Profile: Ed Tittel

In reading Michael Horowitz’s “Defensive Computing” blog on ComputerWorld this morning (it’s entitled “Windows 7 Restore: less trustworthy than XP?” I was reminded how things can go wonky in a hurry when Microsoft changes its rules for system behavior. And for those who didn’t follow along from XP to Vista and thence to Windows 7, some of those rule changes can lead to some nasty surprises along the way.

Case in point: automatic system restores in Windows 7. As Horowitz quotes from MS documentation in his blog “System Restore in Windows 7 creates a scheduled restore point only if no other restore points have been created in the last 7 days.” XP makes restore points every day by default schedule, so I can see where dropping down from daily to weekly might be problematic, especially on volatile test systems where getting back to a stable state will be easier if users can expect restore points to be less than a week old.

I have several things to say about this phenomenon:

  • It’s good to be aware of this default, and to make changes if it doesn’t work for your needs. One way to do that is to check out the How-to Geek’s instructions “Change How Often System Restore Creates Restore Points in Windows 7 or Vista,” where you find step-by-step instructions for using Task Scheduler to create Restore Points at a frequency and time of your choosing. Another way to do this is to use some kind of virtualization tool to run volatile OSes, which may then be captured with regular snapshots.
  • When Windows 7 (or Vista) makes an image backup using the built-in backup utility, it captures a restore point at the same time it makes that backup. By scheduling image backups at a higher frequency than once a week, you’re guaranteed to do likewise for restore points. Here’s a screen cap from one of my fairly busy test machines that shows that both automatic and image backup restore points can be collapsed into a single snapshot (see first two entries below).
Various restore points from a busy test PC

Various restore points from a busy test PC

  • I’ve been messing about with boot/system drive SSDs for over a year now, and I’ve learned to flout conventional wisdom and/or typical advice to turn off System Restore for such drives. Yeah, sure, it means more writes on those drives and probably a shorter lifetime, but I’ve learned the hard way that the convenience and quick fixes that restore points can deliver outweigh the extension to drive life that turning restore points off for SSDs can afford. Besides, I’m pretty sure I won’t be using those drives for more than 3-5 years anyway, and the “10,000 write limit” should last quite a bit longer than that.

When it comes to Windows 7 restore points, if you don’t like the default behavior, you can — and probably should — take steps to change it. Then you won’t have to be unpleasantly surprised to learn that your most recent restore point is 7 days old, because you can take steps to ensure it will never be any older than whatever frequency you schedule for restore point creation (using Task Manager, or some other automated scheduling tool) or system image backups (using the built-in utility).

March 11, 2011  2:49 PM

Thin is In: MS Announces Windows Thin PC and More

Ed Tittel Ed Tittel Profile: Ed Tittel

At yesterday’s Microsoft Desktop Virtualization Customer Roundtable, the company soft-announced a beta date for Windows Thin PC (aka WinTPC) some time before the end of March, 2011. This is a locked down, small-footprint version of Windows 7 designed to permit existing PCs to serve as thin clients. (You can see a fascinating video about this event on the  Desktop Virtualization home page, including an on-cam interview with Microsoft Windows GM Gavriella Schuster, as she walks viewers through a raft of customer success stories on this technology.)

Microsoft has now instituted GA (general availability) for App-V 4.6 SP1 as well. It’s intended to make virtualizing applications faster and easier. The latest release includes “package accelerators” to simplify and speed up the app virtualization process, and deliver those virtualized apps over their network infrastructures. These package accelerators should be available in early April, with tools for Adobe Reader, Office 2010, and Microsoft Project planned among the first such offerings.

At the same time, Microsoft Enterprise Desktop Virtualization (MED-V) version 2.0 is also in GA status. This technology permits IT professionals to package up and deliver legacy applications inside VMs that can run on Windows 7 through direct desktop integration (packaged apps run from icons on the desktop or Start Menu entries, though their runtime environments operate inside VMs running older MS operating systems, typically Windows XP). This latest release includes improved linkages with System Center Configuration Manager as well as various third party solutions.

Of course, these technologies are available only to customers who have purchased Software Assurance (SA) licenses or a Virtual Desktop Access (VDA) subscription. For more information, see Dan Kuznetsky’s exellent ZDNet blog (“Virtually Speaking”) entitled “Microsoft Announces Windows Thin PC and Both App-V and MED-V Updates” or Kurt Mackie’s February 16 story for “the Journal” entitled “Windows Thin PC Details Revealed.”

March 6, 2011  10:23 PM

8 Absolutely Free e-Books from MS Press

Ed Tittel Ed Tittel Profile: Ed Tittel

Snipped from the MS Born to Learn blog for March 3, here’s a screencap of all the free e-books currently available online from Microsoft Press. Yes, you read right: free e-books. Check ’em out!

A veritable tableaux of free e-books

A veritable tableaux of free e-books

You can jump to download links for these various items on MS Press List of our free ebooks page. Care to guess which one is my favorite, given that this blog is named Windows Enterprise Desktop? (Hint: check out the item at the lower left, entitled Deploying Windows 7… Careful inspection of same will reveal, however, it’s not really a standalone book: it consists of 10 deployment related chapters from the Windows 7 Resource Kit, plus half-a-dozen reasonably useful and informative articles on the same topic culled from TechNet.)

March 4, 2011  2:56 PM

After the (snow) storm, a flurry of hiring activity for February

Ed Tittel Ed Tittel Profile: Ed Tittel

Finally! The latest Employment Situation Summary from the US Bureau of Labor Statistics released this morning shows some welcome and long-overdue signs of improvement in hiring numbers. But although nonfarm employment numbers jumped by 192,000 for February, the unemployment rate stands basically unchanged at 8.9 percent (employment gains from hiring were offset by unemployed persons once again looking for work, thereby boosting the overall employment pool). The big job gains occurred in the following sectors: manufacturing, construction, professional and business services (good news for IT contractors and consultants perhaps, if not for the entire information sector at large — more on this in the next paragraph), health care, and transportation and warehousing. Of course, we need to see monthly numbers jump by 100,000 or more above this level to really make a dent in unemployment, but good news is still good news in this troubled part of the economy.

Header for the February 2011 Employment Situation Summary

Header for the February 2011 Employment Situation Summary

 On NPR this morning, I heard a story that was much more encouraging for beleagured IT workers. Zoe Chace filed an item entitled “Want A Job? You Ought to Be a Tech Geek” In it, she recounts how upcoming and recent IT graduates with programming expertise are finding themselves in the unusual and welcome position of having to decide among multiple offers — sometimes as many as ten or more per job candidate — when it comes to choosing an employer. A strong demand for mobile app developers (there’s a surprise, eh?) is fueling this hiring frenzy, but it’s a strong showing for what has been a grim job market for recent graduates since the economy hit the skids in 2008.

Now, if only that frenzy could extend as far as rank-and-file IT jobs, the doldrums might finally be behind us. My best guess, however, is that we’re at least 12-18 months away from the kind of rising tide that is likely to float all hiring rates higher, especially for cost-center/infrastructure functions like IT. Hang in there, IT troops: looks like the first faint glimmers of improvement are finally heading our way!

March 4, 2011  2:39 PM

More Changes for WU Pending on 3/8/2011 Patch Tuesday

Ed Tittel Ed Tittel Profile: Ed Tittel

Here’s a tantalizing snippet referenced in the latest Microsoft Security Bulletin Advance Notification for March 2011. It’s from KB article 894199 entitled “Description of Software Update Services and Windows Server Update Services changes in content for 2011.”

A tantalizing description of more issues resolved in Windows Update

A tantalizing description of more issues resolved in Windows Update

Given that an update was pushed out of band in mid-February to pave the way for changes to Windows Update prior to the release of Windows 7 and Server 2008 R2 SP1, and that I believe Windows Update repairs are needed after SP1 is applied, I can only speculate that this update will probably address whatever issues the Windows Update Troubleshooter found following SP1 install on all of my machines. (See my blog on post-SP1 repairs needed for more info on what I observed.) Alas, the KB referenced in the preceding screen cap is not yet live on the MS Web site (KB2505438).

And of course, Patch Tuesday being what it is — a way for Microsoft to batch up its security updates, and for IT admins everywhere to plan to deal with them on a regular schedule — there’s also some other action in the offing for Tuesday, March 8 as well. There will be three security updates released that day as well, all of which will address remote code execution vulnerabilities. Two of these are rated Important, and one Criticial. One from each of those categories will address Microsoft Windows vulnerabilities the third (important-rated) item addresses vulnerabilities in Microsoft Office. But compared to the dozen or more security updates released in February, this makes March a light month by comparison.

Now, there’s only one thing left I’d like to know: Why did the 34 optional updates for language packs that I’d already hidden show up again in my update list this morning? Go figure…

March 2, 2011  2:16 PM

Sunsets Ahead: Ed Bott Summarizes Windows Retirement Dates

Ed Tittel Ed Tittel Profile: Ed Tittel

In the latest addition to his Microsoft Report (“How long will Microsoft support XP, Vista, and Windows 7?“) Ed Bott sums up all the forthcoming retirement dates for mainstream and extended support for all the various current Windows versions in use today: XP, Vista, and Windows 7. This is a handy-dandy tool that many IT pros will want to clip and save, as I did to create my own blog for today:

A nice summary of Windows support timelines

A nice summary of Windows support timelines

Obviously, the date that looms largest for many organizations — especially on what I like to jokingly call “the trailing edge” of technology — is the April 8, 2014 date when Windows XP SP3 support goes away forever. Despite the many predictions that Microsoft will yet again extend this date (as they’ve done twice already) I don’t think that it’s going to be stretched out any further. Otherwise, MS ends up supporting 4 OSes for some time, adding Windows 8 (or whatever final product name the “next Windows OS” takes with it to market) to the current three-OS line-up of XP, Vista, and Windows 7. Not gonna happen…

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: