Everybody knows what a UFO is, but let me remind readers that Microsoft interprets UFD as “USB Flash Drive.” Thus, what I’m about to describe is best understood as how to create a bootable Flash drive that includes the Windows Vista SP1 Pre-boot Environment (aka Window PE or even WinPE). Interestingly, if you simply troll TechNet or the Microsoft Download Center, you’ll be directed to Windows Automated Installation Kit version 1.0. But if you’re working from post-SP1 Vista (as most readers of this blog probably are), you really want Version 2.1, which is designed to support that environment. You’ll find that on the download page entitled “Automation Installation Kit (AIK) for Windows Vista SP1 and Windows Server 2008” instead.
You’ll download an ISO image of the latest WAIK, which you must then burn to a DVD (it’s 1.2 GB in size and won’t fit on a CD). I used Alex Feinman’s excellent Windows Explorer add-in named ISO Recorder v3 for this (and for all my iso files) but you can use any Vista-compatible DVD burning program you like to do this job. AFter that run the file named startcd.exe on the DVD to launch WAIK. This produces the following screen:
Click the option that reads Windows AIK Setup to install WAIK on your current computer (it must be running Vista SP1, in case this isn’t completely obvious). By default this installs WAIK in the C:\Program Files\Windows AIK\ directory. Click your way through the installation screens to make the various WAIK tools available on your PC (on my desktop, this took about three minutes, YMMV).
Next, click Start, All Programs, Windows AIK, then finally Windows PE Tools Command Prompt. Inside the command window, type
Copype.cmd x86 C:\winpe_x86:
where x86 indicates a 32-bit environment and x64 a 64-bit environment, and C:\winpe_x86 is where the various WinPE binaries and directories will be created. After that you can copy tools and utilities from the WAIK Tools directory for your architecture (x86 for 32-bit PCs, and so forth) into the ISO subdirectory beneath C:\Winpe_x86. I usually grab Imagex.exe and the Package Manager, using these commands:
copy "c:\program files\Windows AIK\Tools\x86\imagex.exe" c:\winpe_x86\iso\
xcopy "c:\program files\Windows AIK\Tools\x86\Servicing" c:\winpe_x86\iso\Servicing /s
Of course, you’ll have to change the architecture designation for a 64-bit install to x64, and you’ll need to tell the CLI that the xcopy command points to a directory specification, but otherwise things should work for you, if you simply cut and paste these commands into the command window you’ll have open when you create the C:\WinPE_86 environment on your machine.
Next, you must scrub your UFD clean, mark its single partition as active, and format it for FAT32. The following sequence of commands will do the trick (replace n with the actual disk number for your UFD, use the list disk command inside diskpart to get this information:
select disk n
create partition primary size=
select partition 1
After that you need only copy the ISO subdirectory from your C: drive to the drive letter for your UFD to make your bootable image thereupon. The following xcopy command will work (just be sure to correct the drive letter at the end of that command string):
xcopy c:\winpe_x86\iso\*.* /s /e /f i:\
As you work with this boot image, you’ll probably find other tools you want to add to your toolbox. You must copy them into the ISO subdirectory on your C: drive (along with any other supporting files they might need), then reformat the UFD, and repeat the preceding xcopy command to make them available when you boot from that drive.
In light of my most recent blog “Who’s Using Vista?” I decided to drop in on Microsoft’s Enterprise Vista Web pages to see what they had to say on the whole “Vista now, or Windows 7 later?” discussion. Imagine my consternation and outright stupefaction when I discovered that Microsoft’s own “Windows Vista Enterprise Operating System Features” page now also sports a Windows 7 tab!
“Holy smokes,” I said to myself, “Maybe those knucklehead conspiracy theorists are right, and even Microsoft thinks Vista is in its death spiral, on its way down the drain.” Even after checking out all of their information and discussion, I’m sure some will come away from it convinced that making a direct jump from Windows XP to Windows 7 on the desktop is precisely the right thing for them to do.
I did take some comfort from this language in the first paragraph of the text on the Windows 7 tab view of the afore-cited page: “Deploying Windows Vista today is an important step on the path to get ready for Windows 7″ (emphasis Microsoft’s). And of course, Microsoft is ready with white papers and information galore to help IT professionals work on management to convince them that an investment, or at least, some investment in Windows Vista will pay off both before and after Windows 7 hits the streets.
Microsoft also drops this interesting tidbit of information about Windows 7 release dates in the very next sentence on that same page: “With availability targeted 3 years after the release of Windows Vista, customers with Software Assurance will have access to Windows 7 as soon as it’s available.” Let’s review some dates here: Windows XP made its debut in October, 2001, and Windows Vista went RTM in November 2006, and commercial on January, 30, 2007. Three years from that last date is January, 2010, and that’s apparently when Microsoft wants us to expect Windows 7 to be ready (I still keep hearing and reading about rumors that it might be done late in Q3 or some time in Q4 this year, though).
For IT operations that haven’t yet adopted Windows Vista, a time window of even twelve more months with Windows XP will be no great shakes. I think Microsoft is fighting a very tough battle to try to move its user base to Vista in the near term, when the horizon for Windows 7 is not so very far off. Given the current state of the economy, and the time, effort and expense involved in migrating systems and users from XP to Vista, I’m guessing that the 85-90% of enterprises that haven’t yet adopted Vista will be happy to wait another year to think about jumping a generation and going straight from XP to Windows 7 instead.
Even then, I think they’ll wait another year past initial release, to see how well intrepid pioneers aka “early adopters” fare with Windows 7 before making any major moves. This lets me predict an unusually heavy interest in Windows 7 betas and release candidates, and much greater enterprise interest and participation in those programs.
As for myself, I’ve already switched to Vista as the primary OS where I work. Although I sometimes long for the stability and reliability that XP cheerfully delivered in the six years I used it full-time from 2001 to 2007, I’ve learned to live with Vista and make it work for me. I can only hope it really does give a leg up into Windows 7, when that OS finally becomes a commercial reality.
I keep reading all these stories about how nobody at the enterprise level is using Vista–or really, rather, that only a very small minority of enterprises have taken the plunge. Depending on how far back you want to go, I keep hearing numbers for enterprise Vista adoption in even percentages as high as ten percent, thus in the range from 2%, Feb ’08, to 10%, December, 2008, with plenty of inbetween values reported as well.
On the other hand, Microsoft reports sales of over 300 million Vista licenses as of December, 2008, along with adoptions at “major enterprises like Continental Airlines, the United States Air Force, Virgin Megastores, Charter, Avanade, Eastman Chemical, and PPG…” They also report from other sources that nearly half of all businesses of all sizes, including enterprises, are using or evaluating Windows Vista right now.
So what does this all mean? Alas, that depends on who you ask. I keep seeing stories about Windows 7, which may make an appearance some time next year or early in 2010, stressing the “wait and see” angle on Vista enterprise deployment and use. In some of the same information outlets, I also see reporting about a growing groundswell of Vista adoption across the entire IT landscape as home, home office, and business users find themselves more or less forced into at least trying Vista simply because it comes pre-loaded on so many notebook, laptop, and desktop PCs nowadays.
My own personal take on the situation is that enough people are using Vista to make it worthwhile for me to use it, too, and to learn as much about its inner workings, capabilities, and foibles as I can. Even if the whole world, or the whole enterprise spectrum, hasn’t yet jumped onto the Vista bandwagon, and might never do so if Windows 7 shows up soon enough, there are still enough interested parties–sometimes wary or weary, sometimes enthusiastic, but always concerned about how to make things work as well as possible–to make it worthwhile for me to keep digging into this sometimes frustrating, sometimes mysterious, but always fascinating OS.
I have to guess that many other IT professionals feel the same way, and are wondering why so many keep finding evidence that Vista has (a) failed or (b) never succeeded in any way in the first place. As far as I’m concerned it’s all just part of the ins and outs of working with a multi-million line code base with more functionality than I can learn completely in a lifetime!
Happy Holidays to one and all!
PS: Having met my monthly blogging quota (12) with the posting of this item, I’m going on hiatus until after New Year’s. Thus, let me take this opportunity to wish my readers the happiest of holiday seasons, and a safe and prosperous 2009.
The Windows Preinstallation Environment (Windows PE) 2.0 delivers a basic, no-frills operating system with limited services and no GUI capabilities that’s built upon the Windows Vista kernel. You can use it to prep a PC for Vista installation, to copy disk images from a network file server to a target machine, and to fire off Windows Vista setup and installation. To learn more about Windows PE, check out the Technet article “What is Windows PE?”
With a little foreknowledge about Windows PE at your disposal, you can’t help but find these Windows PE Walkthroughs (step-by-step instructions on building and using various Windows PE environments) on TechNet of terrific interest:
- Walkthrough: Create a Bootable Windows PE RAM Disk on CD-ROM
- Walkthrough: Create a Bootable Windows PE RAM Disk on UFD
(In case this acronym is unfamiliar to you, as it was to me: UFD = USB Flash Drive)
- Walkthrough: Create a Bootable Windows PE RAM Disk on Hard Disk
- Walkthrough: Boot Windows PE from CD-ROM
- Walkthrough: Boot Windows PE from Hard Disk
- Walkthrough: Create a Custom Windows PE Image
By the time you work your way through this material, you’ll be well-prepared to deal with most of the chores related to creating and manipulating the Windows Image (.wim) files that Vista uses for installation and setup. Definitely worth getting to know, and spending some time with. I’m pitching a book on this subject right now myself, with a Web site to go along with it, in fact. WinPE is also great for Vista troubleshooting, low-level system maintenance and repair, and more as well.
Recently, I came across an article by Lance Whitney on TechNet entitled “Utility Spotlight: Windows Installer CleanUp Utility” that might be worth a visit for those interested in that tool. Also, my colleague and occasional co-author Toby Digby–who works with me on the informative and eclectic Vizta View website–recently contacted me to share hispositive experiences in working with the for-a-fee Total Uninstall 5 product.
What this $40 program (that’s for up to 4 computers, a single computer license costs $30) does that Revo Uninstaller does not do is to detect and remove invalid or partial/failed installs and remove them on your behalf. In fact, as long as the program is installed and monitoriing your system when this occurs, it can reverse complete or partial installs with ease. It can also survey your system and detect already-installed applications, and assist with their removal as well. It uses a TripWire-like before and after snapshotting mechanism to document what apps do when they install themselves (the graphical tree this program creates to illustrate those changes is almost worth the price of admission all by itself), including all new or changed Registry items and filesystem entries.
If you’re in the market for Vista uninstall utilities, you might want to add Total Install 5 to your short list of items worth checking out, in other words. You won’t be sorry you did.
When Secunia calls a Windows security update “extremely critical” you know a serious vulnerability is being patched. The Windows security community has been abuzz since last week when a number of remote code execution vulnerabilities originally thought limited only to IE 7 turned out to affect other IE versions, and to involve general XML vulnerabilities as well. For more information on the update see “Microsoft Security Advisory (961051) Vulnerability in Internet Explorer Could Allow Remote Code Execution” and “Microsoft Security Bulletin MS08-078 – Critical.”
Security Bulletin MS08-078 specifically mentions IE 5, 6, and 7, as well as Windows 2000, Windows XP, and Windows Vista on the desktop front, plus Windows Server 2003 and Windows Server 2008, in both 32- and 64-bit versions (where applicable). This update is also associated with Pointer Reference Memory Corruption Vulnerability – CVE-2008-4844 from the Common Vulnerability and Exploits database.
The nature of the vulnerability is called “Remote Code Execution” which essentially means that an attacker can take over a system and run any code he or she wishes to at a very high level of privilege. Please visit Windows Update and download this security fix for testing and evaluation as soon as possible. Zero-day exploits have already been reported, and it is regarded as an active and hostile threat.
By itself, Vista does a pretty good job of fitting itself to the platforms on which it’s installed. But savvy administrators can do a lot more to construct custom Vista install images with a bit of time and effort, and the right tools and approaches. To get a good sense of what kinds of capabilities you can put to work, for example, read this interview from 2006 (!) Microsoft Australia’s John Pritchard. Entitled “Inside Vista’s new image-based install” it’s as good an overview of what the Windows Imaging (.WIM) file capability that drives Vista installs can do for customized images as well as standard ones. It also discusses how to integrate executable (.exe, .msi, and so forth) driver installers as part of the Vista install process to further customize Vista images for specific hardware configurations. Interested admins will also find Paul Thurrot’s “Windows Vista Review/Part 3: Installing Windows Vista” illuminating as well.
For this kind of task, however, the Windows Automated Installation Kit page on Technet provides pointers to the primary resources admins will need to explore these possibilities further. That’s where you’ll find pointers to the WAIK User’s Guide, a discussion of Windows Preinstallation Phases, the Deployment Tools Technical Reference, and the Unattended Windows Setup Reference, all of which play important roles in this activity.
In my next blogs, I’ll be digging into this task further, with some examples and illustrations, and exploring this document set in more detail. Stay tuned!
There’s no question that the Windows Debugger (windbg.exe) is a nonpareil tool when it comes to troubleshooting source code or digging into Vista crashdumps. But with the program’s requirement for current debug symbols, complex syntax (the downside of amazing functionality is detailed and demanding syntax), and vast power comes a certain amount of effort required to get things set up and working properly. If all you want is a quick peek at certain key fields in a full-blown crash dump (C:\Windows\Memory.dmp by default) or a minidump file (C:\Windows\Minidump\Minimmddyy-0x, where mmddyy maps into 120808 for December 8, 2008, and the x represents which minidump acquired that day you’re after, so that my December 8, 2008 mindump file is named Mini120808-01.dmp) the lightweight dumpchk.exe utility may be more to your liking.
Given the following filename example, here’s a pared-down snapshot of the command line input for dumpchk and its response:
c:\Temp>dumpchk c:\Windows\Minidump\Mini120808-01.dmp -e Loading dump file c:\Windows\Minidump\Mini120808-01.dmp ----- 32 bit Kernel Mini Dump Analysis DUMP_HEADER32: MajorVersion 0000000f MinorVersion 00001771 KdSecondaryVersion 00000000 DirectoryTableBase dc05e3e0 PfnDataBase 8236b850 PsLoadedModuleList 8234bc70 PsActiveProcessHead 82341990 MachineImageType 0000014c NumberProcessors 00000004 BugCheckCode 00000101 BugCheckParameter1 00000031 BugCheckParameter2 00000000 BugCheckParameter3 803d1120 BugCheckParameter4 00000001
The key information appears in the BugCheckCode entry (this maps to the Windows Stop error code that shows up on a bluescreen), and the four parameters that follow. A quick Google search on the Stop Error code presented as a Hexadecimal number of the form 0x00000101 is usually all it takes to find guidance on causes and potential fixes for such errors. In this case, I had to accept a light slap on the wrist for excessive over-clocking on my QX9650 processor and turn the clock rate back down in my PC’s BIOS (a reduction from 3.5 to 3.2 GHz did the trick nicely).
Sure Windbg.exe will do the same tricks, and a whole lot more, but why not use the quick’n’dirty dumpchk.exe if it will do the trick. If you download the Windows XP SP 2 Support Tools (Windows validation is required) you can grab and use dumpchk.exe on Windows Vista without difficulty.
Sometimes, the information I come across on Vista internals is just too good not to pass along. And when it comes to Vista internals nobody knows (or does) them better than Mark Russinovich, formerly a principal at SysInternals, now a Microsoft Fellow. In discussing paging file sizes in the context of Vista, Mark makes the following wonderful observation which accords entirely with my own experience:
There’s no end of ridiculous advice out on the web and in the newsstand magazines that cover Windows, and even Microsoft has published misleading recommendations. Almost all the suggestions are based on multiplying RAM size by some factor, with common values being 1.2, 1.5 and 2.
This comes from his November 17, 2008 blog entitled “Pushing the Limits of Windows: Virtual Memory,” wherein he also digs into process address spaces, explains how virtual memory gets mapped in the 32- and 64-bit worlds, and talks about committed memory that processes essentially get to own as they’re executing and the commit limit that sets the ceiling on such allocations. Along the way, he also uses his snazzy Testlimit (and Testlimit64) tool to demonstrate these principles in action.
All this detailed and exquisite discussion leads back to what’s really involved in sizing a paging file. It is best to understand that the commit limit imposes a ceiling on how much private (process-based) and pagefile (system-based) virtual memory can be allocated at any given moment by actively running processes. Thus the key comes from knowing the total sum of commit charges for all programs you’d like to have running concurrently. The commit limit must exceed that sum, or trouble will ensue.
His sizing approach is pretty simple: fire off all the applications you’d like to use together, then use SysInternals Process Explorer to measure the Peak Commit Charge. In fact, Russinovich recommends examining this value after running your target collection for a while to make sure you reach maximum load. After that, the formula is:
Size of Paging File = Peak Commit Charge – Amount of Physical RAM in system
If that number is negative, that doesn’t mean you want no paging file. It should be set to no smaller than whatever kind of memory dump you’ve got configured for crash reporting (default value is around 135 KB or miniscule, but a complete memory dump has to match the amount of accessible memory–same value that shows up as Total under Physical Memory in Task manager–for that memory dump to occur). By default Vista sizes the paging file to equal total memory plus 300 MB or 1 GB, whichever is larger. On my Vista machine my maximum commit limit runs at around 2.5 GB, but I’ve left the paging file alone at 3881 MB (equal to usable memory of 3,581 MB plus the aforementioned 300 MB) so I can generate a memory dump if and when I must.
On notebook and desktop PCs not quite so lavishly endowed with RAM, you can probably get by with cutting the paging file somewhat by following Mark’s formula. If you need to capture a memory dump at some point, you can always increase the paging file to accommodate that need for so long as you must capture memory dumps, then revert to earlier values after that exercise concludes.
The second Tuesday in each month is when Microsoft schedules its patches, fixes, and security updates. Recently, Microsoft has begun to offer Advance Notification for its Security Bulletins, which makes it a lot easier to tell what’s coming down the pike. For December, 8 updates have been pushed to the Windows Update servers
Of the 8 items for Vista that appeared on December 9, 6 are rated Critical and 2 Important. Here’s a brief summary of what you’ll find:
MS08-71: Vulnerabilities in GDI Could Allow Remote Code Execution
Permits a specially crafted WMF image file to inject remote code execution at the system level.
MS08-75: Vulnerabilities in Windows Search Could allow Remote Code Execution
Blocks vulnerabilities that could occur if a user opens and saves a specially-crafted save-search file in IE or clicks a similar search URL.
MS08-073: Cumulative Security Update for IE
Resolves 4 privately reported vulnerabilities including remote code execution.
MS08-070: Vulnerabilities in Visual Basic 6 Runtime Extended Files (ActiveX Controls) could allow remote code execution
Resolves 5 private and 1 public vulnerability in ActiveX controls for VB 6.0 Runtime Extended files.
MS08-072: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution
Resolves 8 privately reported MS Office and Outlook vulnerabilities related to Word or RTF file contents that devlier access at the system level.
MS08-074: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution
Resolves 3 privately reported vulnerabilities possible from specially-crafted Excel files that provide system-level access.
MS08-077: Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege
Resolves a privately reported item that allows elevation ofprivilege when authentication is bypassed by browsing to an admin URL on a SharePoint site (might result in DoS or unauthorized access).
MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution
Resolves 2 privately reported vulnerabilities in Windows Media Player, Windows Media Format Runtime, and Windows Media Services that could allow remote code execution at system level privilege.
The first six are rated Critical, the last two Important. Vista admins will probably want to start working with all of these that apply to their environments (including SharePoint and Windows Media, where applicable) because all come with potentially dire consequences if they remain unpatched. Hopefully, none of them will cause too many compatibility problems. Nonetheless I advise you to get testing underway ASAP.
I just saw an interesting story from Ryan Naraine on ZDNet that puts these Vista Updates into a different context. He calls this patch Tuesday a “whopper” because it mentions that 28 vulnerabilities in Windows, IE, and Office are addressed, of which 23 are rated “Critical.” He counts each of the reported items addressed in the preceding list of security bulletins to come up with these numbers, which certainly adds to the drama. I guess it’s all in how you play out and drum up those numbers! He also mentions that other security experts from Shavlik agree that it’s wise to start planning a roll-out of these patches ASAP because of the vulnerabilities they expose.