How to use Advanced Queries in Windows search.

If there was one single feature about Windows Vista which made me say “I’m never ever going back to Windows XP” it was search and the way search was integrated everywhere.  True you can download Microsoft Search for Windows XP (and , as they say other kinds of desktop search are available) but it doesn’t permeate everywhere the way it does in Vista. In Windows 7 the search has got better still, with one important exception which I will come to in a moment.

On the left you can see the result of typing in the search box ,and as you can see the search results are grouped by type. If you click on one of the of the titles it shows you just the matches of that type. However if you click “See more results” you get everything.

It so happens I was looking for copies of my invoices from Virgin media which I know are in my inbox. The problem I have is I automatically go to “see more results”, and in any event you can see that there are a lot of other things in outlook – mostly from my news feed – about what Virgin group are doing. Click through to More Results and, if you’re used to vista’s search you’ll see we’ve lost something. In Vista this box had buttons to select different kinds of content. In Windows 7 it has gone …

 

However , you can use the Advanced Query Syntax (AQS) and boy is there a lot of it. Type Kind: and you get a list to choose from. Type size: you get some classifications, type: date: you get a calendar and bands of dates, isAttachment and HasAttachement let you pick yes or no. And a quick read of the AQS page shows there is a whole lot more you can enter. Helpfully when you enter a valid field name with the colon (:) after it it turns blue , an an invalid one stays back. 

Now I doubt if anyone is going to remember every single option for AQS – and since it narrows the search down it is sometimes going to be quicker to scroll through the search than find out the way to narrow it down. Still I’m a great believer that we all use our own subsets of the available functionality, so have a look at what you  can do, make use of the bits that help you and forget the rest.

This post originally appeared on my technet blog.

A collection of links for the weekend.

Since I was talking recently about having a lot of tabs open in IE, it’s fair to say that a lot of them are open as things that might be worth writing about or sending people to; but not all of them actually get that follow-up  Here’s the current selection.

You’ll Pry Vista from My Cold Dead Hands: Linux Magazine

Why Microsoft’s XP-to-Windows-7 upgrade strategy is right – InfoWorld

Government 2.0: The Rise of the Goverati – Read Write web

Webber & Vettel rip through the F1 2009 rule book – Red Bull Racing

Engineering the windows 7 boot animation On the Engineering 7 blog.

Booting from VHD in Windows 7: Technet edge

Ballmer: Enterprise XP holdouts will get hell from consumers : InfoWorld (Interesting echo of this post of Steve Lamb’s and stuff we’ve been saying on our roadshows)

How well does Windows 7 handle 512MB? – Ed Bott on ZDNet

London by night from the air A rare thing – a “you’ve got to see this” link which came by mail which was worth visiting

Underwater cameras reveal how grizzly bears use their feet to collect dead salmon from the bottom of pools BBC natural history at its best

[Update] server problems meant this didn’t go live till Monday morning. Grrr.

This post originally appeared on my technet blog.

IE 8 – something else I’m growing to really like

A few days back I wrote about acceleators in IE 8 and talked about how search box had been streamlined as well. I knew we’d re-worked how tabs worked but my first reaction was “yeah … but so what”.
I’m a big fan of tabs: IE 7 changed my experience of the internet. I guess other tabbed browsers did the same for other people – but tabbed browsing is such a huge jump forward I just can’t remember how I managed without it. IE gets opened up within a few minutes of my machine booting, and quickly gets to twenty open tabs. The beta of IE8 in Windows 7 beta isn’t perfectly stable, but I’m running it for days on end and saved a block a 57 tabs when I had to shut down . Following links from twitter means I’m getting more tabs open especially since I still make use of IE7 pro , which has a feature named “super drag/drop” –  if you drag a link and drop it on the same page it opens in a new tab. In practice this means a flick or a “smudge” of the mouse opens in a new tab. IE7 pro also trap pages trying to open in a separate window and open them in a new tab instead.

I’ve taken to colour coded tab groups in 8 in a big way: it sounds so trivial that I sat here and wondered if I dared call it out, but I will:

Open a page as new tab and it forms a tab group with the original page. You can see on the left the tabs are green, they’re the things I’ve jumped to from Twitter, then there are a couple which aren’t grouped, followed by a couple in a fetching shade of peach which were on Geo-coding, then some purple ones which where the results of a couple of searches, next come some green ones on Aviation accidents and finally some in blue from MSDN for something I’ve been working on in PowerShell. It’s just easier to get around; when you have dozens of tabs open you can lose track of where you are.

IE 7 pro remembers recently closed pages and lets you re-open them – with a short cut for the most recently closed one.. The problem is it just remembers the last URL: the tab doesn’t open in a group (you can drag it into one) and if you want to go back through the history on the tab, no joy. In IE8 if you click on the tab strip you get the option to reopen the last closed tab in the right place with its history.  The menu can also close a whole group in one go – done with the MSDN group? Right-click, click, 4 tabs gone!  There are some bits missing: there’s no option to refresh or save a tab group and grouping tabs which aren’t yet in a group is a bit long winded. Something for the IE 7 pro folks to add for IE 8 pro

This post originally appeared on my technet blog.

Windows 7 release candidate…

First up, let me give my usual warning about ship dates. Those who talk don’t know, and those who know don’t talk. I said just after we made the beta of Windows 7 available

Past experience has led me to a rule of thumb which says a beta runs for about 3 months, so with nothing else to go on that would suggest updating to next pre-release version around April (conveniently half way to the August 1st expiry date [for the Beta]

We made windows available to technet and MSDN subscribers on Wednesday January 7th (actually early on Thursday 8th European time) and to anyone on Friday January 9th. So if we release 3 months later, on a Friday, that would say April 10th.

So I was slightly amused to find that NeoWin story “Exclusive- Windows 7 RC set for April 10, 2009”. Hmmm… That’s still six weeks away. There’s a gap – typically two weeks – between getting the build you think you will release and releasing it (the Escrow stage), so that would mean we’re still a month from the RC build. A lot can happen in a month. Neowin’s post amounts to someone telling them that 2/3 of the way into the beta, the team say they are on schedule. I don’t expect to hear anything before the builds go into Escrow (at which point I won’t be able to say anything anyway). 

What’s interesting is another comment in the NeoWin story 

Sinofsky mentioned that, “recently we’ve seen people talk about ‘RC Builds’ and the like. First, all builds since the beta are RC builds since by definition that is the next milestone. But by far the most humorous element has been that the build numbers blogged about are higher than our current build. Today’s build is 7046, but it hasn’t completed yet :-).”  See here for a story about build 7048 and build 7032:  don’t be surprised if you see build numbers which move in steps of 16.

This post originally appeared on my technet blog.

Testing Windows 7 on a Laptop ? Try this

One of the things which comes up from time to time is people saying “I don’t get as much battery life with this new OS as I used to … ” sometimes it is down to the configuration of the OS or its behaviour , but often it is due to the battery aging.

In Windows 7 the PowerCFG utility now sports a /energy switch, this will analyse your machine’s settings. (It needs to be run from an elevated command prompt) and on my Dell it warns me that some of the hardware devices might prevent the machine going to sleep, and that Windows can’t control the screen brightness to manage power.

More interesting though is the data towards the end of the report.

Battery:Battery Information

Battery ID    1997SMPDELL XY1234

Manufacturer: SMP

Serial Number: 1997

Chemistry: LION

Long Term :1

Design Capacity: 86580

Last Full Charge: 55178

 

Woah! Design capacity 86580 … it says on the battery that the life was 85 Watt Hours , so I’m guessing this is Milliwatt hours, and the last full charge was only 55 Watt hours ?  So my battery held 50% more when new ? I pinched this battery out of another laptop because when the original was 14 months old, and was getting about 30 minutes run time (batteries only get a 1 year warranty, and a new batteries are eye wateringly expensive) – it has had less than a year of active use – although it’s more than year old, so again out of warranty cover.

I’d be fascinated to know what numbers other people get.

This post originally appeared on my technet blog.

How to manage the Windows firewall settings with PowerShell

I mentioned recently that I’m writing a PowerShell configuration tool for the R2 edition of Hyper-V server and Windows server core.   One of the key parts of that is managing the firewall settings…. Now… I don’t want to plug my book too much (especially as I only wrote the PowerShell part) but I had a mail from the publisher today saying copies ship from the warehouse this week and this code appears in the book (ISBN  9780470386804 , orderable through any good bookseller)

The process is pretty simple. Everything firewall-related in Server 2008/Vista / Server R2/ Windows 7, is managed through the HNetCfg.FwPolicy2 COM object, so. First I define some hash tables to convert codes to meaningful text, and I define a function to translate network profiles to names. So on my home network

$fw=New-object –comObject HNetCfg.FwPolicy2  ;  Convert-fwprofileType $fw.CurrentProfileTypes  

returns “Private”

---

$FWprofileTypes= @{1GB=”All”;1=”Domain”; 2=”Private” ; 4=”Public”}
$FwAction      =@{1=”Allow”; 0=”Block”}
$FwProtocols   =@{1=”ICMPv4”;2=”IGMP”;6=”TCP”;17=”UDP”;41=”IPv6”;43=”IPv6Route”; 44=”IPv6Frag”;
                  47=”GRE”; 58=”ICMPv6”;59=”IPv6NoNxt”;60=”IPv6Opts”;112=”VRRP”; 113=”PGM”;115=”L2TP”;
                  ”ICMPv4”=1;”IGMP”=2;”TCP”=6;”UDP”=17;”IPv6”=41;”IPv6Route”=43;”IPv6Frag”=44;”GRE”=47;
                  ”ICMPv6”=48;”IPv6NoNxt”=59;”IPv6Opts”=60;”VRRP”=112; ”PGM”=113;”L2TP”=115}
$FWDirection   =@{1=”Inbound”; 2=”outbound”; ”Inbound”=1;”outbound”=2} 
 
Function Convert-FWProfileType
{Param ($ProfileCode)
$FWprofileTypes.keys | foreach –begin {[String[]]$descriptions= @()} `
                                -process {if ($profileCode -bAND $_) {$descriptions += $FWProfileTypes[$_]} } `
                                –end {$descriptions}
}

---

The next step is to get the general configuration of the firewall; I think my Windows 7 machine is still on the defaults, and the result looks like this

Active Profiles(s) :Private 
Network Type Firewall Enabled Block All Inbound Default In Default Out
------------ ---------------- ----------------- ---------- -----------
Domain                   True             False Block      Allow      
Private                  True             False Block      Allow      
Public                   True             False Block      Allow      

The Code looks like this 

---

Function Get-FirewallConfig {
$fw=New-object –comObject HNetCfg.FwPolicy2
"Active Profiles(s) :" + (Convert-fwprofileType $fw.CurrentProfileTypes)
@(1,2,4) | select @{Name=“Network Type”     ;expression={$fwProfileTypes[$_]}},
                   @{Name=“Firewall Enabled” ;expression={$fw.FireWallEnabled($_)}},
                   @{Name=“Block All Inbound”;expression={$fw.BlockAllInboundTraffic($_)}},
                   @{name=“Default In”       ;expression={$FwAction[$fw.DefaultInboundAction($_)]}},
                   @{Name=“Default Out”      ;expression={$FwAction[$fw.DefaultOutboundAction($_)]}}|
            Format-Table -auto
}

---

Finally comes the code to get the firewall rules. One slight pain here is that the text is often returned as pointer to a resource in a DLL, so it takes a little trial and error to find grouping information.
The other thing to note is that a change to a rule takes effect immediately, so you can enable a group of rules as easily as :

Get-FireWallRule -grouping "@FirewallAPI.dll,-29752" | foreach-object {$_.enabled = $true}

 

Function Get-FireWallRule
{Param ($Name, $Direction, $Enabled, $Protocol, $profile, $action, $grouping)
$Rules=(New-object –comObject HNetCfg.FwPolicy2).rules
If ($name)      {$rules= $rules | where-object {$_.name     –like $name}}
If ($direction) {$rules= $rules | where-object {$_.direction  –eq $direction}}
If ($Enabled)   {$rules= $rules | where-object {$_.Enabled    –eq $Enabled}}
If ($protocol)  {$rules= $rules | where-object {$_.protocol  -eq $protocol}}
If ($profile)   {$rules= $rules | where-object {$_.Profiles -bAND $profile}}
If ($Action)    {$rules= $rules | where-object {$_.Action     -eq $Action}}
If ($Grouping)  {$rules= $rules | where-object {$_.Grouping -Like $Grouping}}
$rules}

---

Since this the rules aren’t the easiest thing to read I usually pipe the output into format table for example

Get-firewallRule -enabled $true | sort direction,applicationName,name | 
            format-table -wrap -autosize -property Name, @{Label=”Action”; expression={$Fwaction[$_.action]}}, 
            @{label="Direction";expression={ $fwdirection[$_.direction]}},
@{Label=”Protocol”; expression={$FwProtocols[$_.protocol]}} , localPorts,applicationname 

 

Last, but not least if you want to create a rule from scratch you want to create a rule object with New-object –comObject HNetCfg.Fwrule, you can then pass it to the add method of the Policy object’s rules collection.  If I ever find time to finish the script it will probably have new-firewallRule, but for now you need to write your own.

This post originally appeared on my technet blog.

Windows 7 : Photos, Gallery and AutoCollage.

When I first started using Windows Vista it was the better experience for photographers which really hooked me in. Most common image formats use the EXIF standard for embedding data about the picture (everything from the camera model and settings, to the title, keywords and so on. XP lets you look at this information in the file properties dialog, but vista introduced the the ability to set EXIF data from the main Windows explorer window, to search for picture titles from the start menu, and to sort, and build search folders based on Exif data (and it gives thumbnail previews – so you get the effect of a contact sheet). Storing data in EXIF is really important; photos get shared. If the data about a picture stays on the computer where it was edited and doesn’t follow the picture then someone who looks at it in years to come won’t get the “where and when” information. And if the data is stored in a database by a gallery package you’re locked into that package.

Vista also introduced “Windows Photo Gallery” , which added a little to what you could do from explorer. The Windows live team have adopted Photo Gallery, and it’s not pre-installed with Windows 7 (we have a link on the Getting started menu for Windows Live Essentials). As a 32bit app it actually works with the 32bit only RAW codec from Pentax so I can see what’s in those files. Photo Gallery does more than organize your photos: each version has introduced new bits under the heading of “fixing” photos:  PhotoShop it ain’t but it will crop pictures, straighten crooked ones ,reduce noise or sharpen soft images, fix red-eye; it’s got decent exposure correction features and will fix colour balance (if you haven’t seen the super cute demo* by 4 1/2 year on Kylie, the autofix combines these – as she says “I click – it’s better”)  and has even got the ability to do some black and white effects. It could do with a clone/heal brush, but otherwise its not bad. One annoyance is it has facial recognition – great – but it doesn’t seem to store the names of people found in the Exif data.
The other ambition for Photo Gallery is seems to be central point for “OK I’ve got my pictures … now what ? ” As Kylie shows, it has a hook into mail and there is the ability to upload pictures to web services – critically, the newest version supports plug-ins to support non-Microsoft sites (Facebook, flickr, smugmug and others).  You can start a new blog post in Live Writer with pictures in it too.
Then there’s also the ability to make a panorama – which has another cute kid demo, this time with 7 year old Alex. The panorama bits came from MS Research and they have a more sophisticated panorama tool “ICE” – the image composite editor. You can send images from Photo Gallery to ICE.  And this is the last of the extensions to the new version of Photo Gallery – the ability to send pictures to another program – so you can send them to Movie maker as well.

Now, in the 1.0 release of AutoCollage there didn’t seem to way to select photos other than giving it a whole folder to work with. This wasn’t too bad – I added a working folder to my send to menu and sent pictures to that before making my collage, but it was an extra step I could do without. The new 1.1 release (which doesn’t need a new key if you have bought 1.0)  hooks into Photo Gallery, so now I can select photos from where-ever and chuck them into a collage. If you take photos and haven’t tried AutoCollage yet you should get the trial version (And there is a flickr group to show what people are doing with it)

Does Windows 7 do much more than Vista for photographers ? Not really – in fact since Gallery has moved into Windows live you could say it does less. But there is one feature which I’m almost ashamed to admit I love. It’s the menu you can see at the top – you can have multiple background pictures … as a slide show – Click on the thumbnail on the left to see how this is setup.

There is one other thing about this which can makes your machine nicer , and that is the ability to get pictures for the slide show from an RSS feed. There is a good post which describes this here. I must try creating my own feed for this.

 

* foot note. The kylie Demo is on Youtube, and there’s a great comment “Phrases you never thought you’d hear: (1) oh that’s the trombone player’s porsche  and(2) that new microsoft TV spot actually kicks ass.”

This post originally appeared on my technet blog.

Two useful Hyper-V links

A short post by my standards

On the server core blog, Chuck has posted Top Issues for Microsoft Support for Windows Server 2008 Hyper-V , which makes an interesting read. If you do a lot of hyper-v you’ll probably stumble over one of these at some point.

On the Main Microsoft site we have Windows Server 2008 R2 & Microsoft Hyper-V Server 2008 R2 – Hyper-V Live Migration Overview & Architecture  which is exactly what it says.

This post originally appeared on my technet blog.

Support for Red Hat OSes on Microsoft Virtualization (and Vice Versa)

One of the questions which comes up on our internal distribution lists for Hyper-V is “when will such and such and OS be supported on Hyper-V” and the somewhat frustrating response is usually in the form “We’re talking to OS vendors, but we can’t talk about contract negotiations while they are going on. As soon as we can say something we’ll do it in public”. We have to negotiate certification , support and so on. Even saying we’re talking (or not talking) to vendor X my impact what we’re doing with vendor Y. The OS which comes up most often in this context is Red Hat Enterprise Linux, we’ve made some public announcements which are a  step in this direction

Here are key points from Red Hat’s Press Release

• Red Hat will validate Windows Server guests to be supported on Red Hat Enterprise virtualization technologies.
• Microsoft will validate Red Hat Enterprise Linux server guests to be supported on Windows Server Hyper-V and Microsoft Hyper-V Server.
• Once each company completes testing, customers with valid support agreements will receive coordinated technical support for running Windows Server operating system virtualized on Red Hat Enterprise virtualization, and for running Red Hat Enterprise Linux virtualized on Windows Server Hyper-V and Microsoft Hyper-V Server

The last one is important because the it means a customer with an issue can call on vendor and if the problem appears to lie with the other vendor’s product it’s managed as one streamlined incident.  Note that work hasn’t been completed – the above is written in the future tense. According to Mike Neil’s blog post “Microsoft and Red Hat Cooperative Technical Support” we will provide integration components for Red Hat on Hyper-V and Red Hat will provide properly certified drivers for Windows on their Virtualization stack

Microsoft people would prefer customers only used Microsoft products, and Red Hat people would prefer customers only used Red Hat products – we sure aren’t going to stop competing. But the reality is customers use both: and both companies want their customers to have an excellent experience of their respective technologies, which mean we have to cooperate as well . This is coopertiton in action.

This post originally appeared on my technet blog.

How to drive Twitter (or other web tools) with PowerShell

First of all since I’ve mentioned twitter a few times recently I should say I have this cartoon of Hugh’s in my head as a warning.

After a 10 days on Twitter I’m qualified to talk about it like an expert … There are some obvious points of interest.

(1) Twitter Provides a web interface, it’s not great but there is a an API which is reasonably easy to code to. Hence there are a plethora of clients out there. Not all the clients follow the API as well as they might….

(2) A major issue for me is clients which don’t include “In Reply to” information – I see only part of a conversation. It’s not surprising that clients don’t bother with it because, there’s no documented way to search for “messages in reply to this one”. Worse, since there is no “conversation ID” (as there has been in Mail clients since the 1980s) when the web server can reconstruct a conversation it is not efficient. Reto-fitting one would require the clients to be updated…

(3) A major part of the value for me is not in following people as such but in watching topics.  I’m mildly amazed that  (a) There’s no search box visible, no Open Search Discovery, and the search link is at the bottom of the page so you don’t even know its there (b) Twitter itself doesn’t save your searches (c) not all clients save searches.

And so on.

I decided to that I’d write a little PowerShell so I could download information, and after pushing it around for a bit I’m ready to share the results, which is the following set of functions:

Get-TinyUrl – Gets a tiny URL for the a long URL
Publish-Tweet  – Publishes a new tweet (and shame on me, doesn’t bother with in reply to fields)
Get-Tweet  – Gets a tweet byID

Get-TwitterTimeLine – Gets my recent posts and those of the people I’m following
Get-TwitterReply – Gets replies sent to me

Get-TwitterSearch – runs a search has a -DEEP option to search back 1500 messages.
Get-TwitterPublicTimeLine – Gets recent non-private postings
Get-TwitterUserTimeLine – Gets the postings of a particular user

Get-TwitterFollower – Gets a list of who is following me (or someone else)
Get-TwitterFriend – Gets a list of my friends (or someone else)
Add-TwitterFriend – Adds someone to my friends list 

Here’s an example which shows just how easy the functions are to code  in PowerShell 

Function Get-TwitterReply { 
 param ($username, $password, $Page=1)
 if ($WebClient -eq $null) {$Global:WebClient=new-object System.Net.WebClient  }
 $WebClient.Credentials = (New-Object System.Net.NetworkCredential -argumentList $username, $password)
 ([xml]$webClient.DownloadString(“http://twitter.com/statuses/replies.xml?page=$Page”)  ).statuses.status 
}

– essentially 3 lines: (1) Get a new WebClient object (2) Set its credentials, and (3) Tell it to download a page of XML; force that from a text string to an XML document and get the /statuses/status XML elements. Each one looks like this (it’s not obvious but USER is a sub-element in XML). I can pretty up the output including displaying the name from the user XML element.

created_at              : Thu Feb 05 13:20:39 +0000 2009
id                      : 1179608029
text                    : @jamesoneill is on twitter too… Welcome!!!!
source                  : web
truncated               : false
in_reply_to_status_id   :
in_reply_to_user_id     : 20140468
favorited               : false
in_reply_to_screen_name : jamesoneill
user                    : user

Functions which POST to twitter need a bit more care, and I lifted Mike Ormond’s  code for this. If you are writing your own code note that twitter returns an error in response to POST commands “The remote server returned an error: (417) Expectation Failed.”, to avoid this there is a line in mike’s code

[System.Net.ServicePointManager]::Expect100Continue = $false 

Which tells the .net object not to send data in two stages with the server sending a “100 Continue” message between. Twitters server  doesn’t support that and responds with a 417 error. As far as I can tell the simpler WebClient object won’t work with this so I kept Mikes’s code for the WebRequest Object

My first use of this add the top ten posters about PowerShell to my friends list. With these functions I can do it 3 lines 

$f=Get-TwitterFriend $UserName $Password | ForEach-Object {$_.Screen_name}
$ps=Get-TwitterSearch “Powershell” -deep
$ps | group Author | sort count -desc | select @{name=”author”; expression={$_.name.split(“@”)[0]}}, count -first 10 | 
       ForEach-Object {if ($f -notcontains $_.author) {Add-twitterFreind -id $_.author -user $user -pass $password} } 

The first line gets my existing twitter friends and reduces the XML elements to an array of names.

The next line gets as many PowerShell posts as Twitter will allow – could export these to a CSV file and use them for something else; but here I group the posts by the author and sort them in descending order with most posts first.

The 3rd line is several commands piped together, and the most complicated piece is in the select:  the AUTHOR field, becomes the NAME in the output of the Group, operation  but it is the form UserName@twitter.com (Display Name). So select splits it at the @ sign, and names the result author, and returns the 10 ten. For each one if the Author isn’t already in my friends list, it calls add-twitter friend.

The next obvious thing was to Post to twitter from something on my blog, with $WebClient already set I can get the RssFeed for my blog, build the tweet text and Post it.

$x=[xml]($WebClient.DownloadString(“http://blogs.technet.com/jamesone/rss.xml”).replace(“item”,”rssItem”))
$tweet= $x.rss.channel.title+  ” : “+$x.rss.channel.rssitem[0].title + ” – ” + (Get-TinyURL $x.rss.channel.rssitem[0].link)
Publish-Tweet -TweetText $tweet -Username $user -Password $password

 

The whole lot is attached. As usual with these samples it is for illustration and is light on the error checking, and comes with absolutely no warranty whatsoever. (Check the site Terms and conditions)

This post originally appeared on my technet blog.

A Job or two saved for my “PowerShell configurator”

Somewhere in the queue of things to post is the remainder of my PowerShell configurator for Windows Server 2008 R2 Core and Hyper-VS Server R2. If you’re building a cluster the PowerShell CMDlets for clustering make that a breeze. Of course a cluster often calls for iSCSI and setting that up from the command line is tough, so I was going look at doing it in PowerShell. Quick tip of the hat to Ben, who’s blogged that the iSCSI Configuration UI is included in Hyper-V 2008 R2, just run iSCSIcpl.exe And there is an MPIOCPL.exe for setting up Multipath IO (when it is enabled.)

You can also run control.exe DateTime.cpl and control.exe intl.cpl to set time and international settings respectively. Then PowerShell V2 already has cmdlets for stop-computer and restart-computer, plus Add-Computer (to domain) and Rename-Computer, plus  Test-WsMan and Set-WSMANQuickConfig, so the number of things I need to implement is getting smaller…

This post originally appeared on my technet blog.

Accelerators in IE8

Internet Explorer 8 seems to be  guided by the same “many little improvements” philosophy that has driven Windows 7 – or put another way it’s not packed with radical new features , and in some cases I find it hard to be sure if something really wasn’t there before:  I think the “Privacy Policy” is new and it lets find out where pages are including something which violates my privacy or which produces a hyper-active advert (where these are scripts they go into IE’s distrusted sites list ! )

Here’s the kind of incremental improvement I’m talking about, look at the search box.

Image 1 on the left shows how things worked in IE 7, you needed to pull down the list on the right to select a different search provider.

Image 2 in the middle shows how things have changed with IE 8, the icons for the different providers show up under the search box, click the one you want to select and click off the search (3 clicks become one).

But what’s that on the right ? in image 3. Previously to search your history you needed to go to favorites tab, go to history, choose Search history, enter my search term and then click search. In 8, just type into the search box and the history gets searched as you type

One thing that is brand new in 7 is the idea of accelerators: when you highlight some text on the page you can take some actions with it. Highlight an address and you can go to a map, highlight a word and you can look it up in a dictionary. Use an a browser based tool for composing your blog entries (and I don’t) then jump to your blogging tool . The specification for the XMLfiles which describe accelerators is on MSDN. There were plenty of things I could have tried, but I decided to one one for Twitter… then found that David Sim has done that already, and here’s what the XML looks like

<?xml version="1.0" encoding="UTF-8" ?>
<os:openServiceDescription xmlns:os="http://www.microsoft.com/schemas/openservicedescription/1.0">
    <os:homepageUrl>http://www.twitter.com</os:homepageUrl>
    <os:display>
        <os:name>Send to Twitter</os:name>
        <os:icon>http://www.twitter.com/favicon.ico</os:icon>
        <os:description>Send text to Twitter</os:description>
    </os:display>
    <os:activity category="Send">
        <os:activityAction context="selection">
            <os:execute action="http://twitter.com/home?status={selection} {documentUrl}" />
       </os:activityAction>
    </os:activity>
</os:openServiceDescription>

So once this is installed if I run my mouse over some text I get this ….

All very fine and good … except why do I have to go to a submenu ? and Why is the top menu filled with stuff from Windows Live – some of which I’ll use but some I won’t ? The answer is it has to default to something, but you can change it by going to Manage Add-ons from IE’s tools menu and clicking accelerators (and there is a short cut on the “All Accelerators” Menu)

I’ve removed the Email with Live mail and Blog with live spaces (I don’t use them) and just to show the search isn’t fixed I changed the default search to “My blog”, which changes the “Search with” entry. Each accelerator has a category – this one is “Send”, and one item in each category can be flagged as “Default” to appear on the top menu, which is what I’ve done for the twitter entry. Now that’s more like the “few clicks for common tasks” ethos of 7.

This post originally appeared on my technet blog.

Windows 7 federated search.

I was a little surprised to find it was nearly 3 years ago that I first wrote about Open Search… So first off… 

Open search provides a specification for XML to describe search services. It’s easy to build this XML, and there’s a Microsoft Page which builds it for you, so here’s an example for IMDB, which I need to add to my Windows 7 installation:

<?xml version="1.0" encoding="UTF-8" ?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">
   <ShortName>IMDB</ShortName>
   <Description>IMDB provider</Description>
   <InputEncoding>UTF-8</InputEncoding>
   <Url type="text/html" template="http://www.imdb.com/find?s=all&q={searchTerms}" />
</OpenSearchDescription>
 

The XML tells something like IE 7 and 8 that there is a search, with a name and a description, and the URL to search it and return data as Text/html. IE can use a Link tag on a page that you are viewing to enable a context sensitive search here’s an example from OpenSearch’s own site.

<link rel="search" type="application/opensearchdescription+xml" 
     href="/opensearch_desc.php" title="OpenSearch (English)" /> 

That was as far as my interest went when I first heard of Open Search, but there is a use for these descriptions in Federated Search. Federated simply means taking the results of more than one search and merging them together. But if every site comes back with an HTML page that is no good for merging, so Open Search defines an XML schema, or to be more accurate it defines extensions to RSS and Atom. Now the Description file can contain another URL line which specifies a type of “application/rss+xml”, or “application/atom+xml”. Each item in the RSS feed becomes a search result, and any search services which can return RSS format can be included in a federated search.

We already use that in our Enterprise Search products. What’s new for Windows 7 is that we use an OSDx (Open Search Description XML file) to add Federated Search parts to Windows Explorer. As far as I can tell, plain Open Search files can be used for this, but there is extra information which can go in, and the best place to start is this post by Brandon. So a OSDx file for twitter looks like this.

<?xml version="1.0" encoding="UTF-8"?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">
  <ShortName>Twitter</ShortName>
  <Description>Search for a person @name, tag, #tag or anything  else</Description>
  <Language></Language>
  <Url type="application/rss+xml" template="http://search.twitter.com/search.rss?q={searchTerms}"/>
</OpenSearchDescription> 

and the results look like this (click for a bigger version).

The key thing is that this could be any site (internet, intranet you name it) which can return search results as RSS or Atom, and once the search is defined you put a shortcut to it anywhere you’d have a shortcut to a folder.

This post originally appeared on my technet blog.

On Accidents

I’ve lost one of my best jokes recently. I first heard it from the mouth of Jack Dee; “Those drawings of ‘planes landing on water they have on the safety cards … I want to see a photo: if it didn’t fly why should I believe it will float …” Of course the recent “Miracle on the Hudson” proves that it can be done, although we shouldn’t expect it that often, it needs calm water, some luck, and close to perfect flying. The thing I  found most remarkable was having pulled off a quite remarkable landing the pilot did a final check down the length of the cabin to make sure everyone had got out. That, rather than the feat of flying, justifies the use of terms like “hero”.

Since I took up scuba diving I’ve become  interested in how accidents happen. A dose of aviation in my past, combined with the good records which are available (and the death of a friend on Garuda 152) have made me more interested than perhaps I should be in air accidents.

There are three root causes of accidents: people, environment, and equipment.  In dangerous environments – whether it’s on snowy roads, under water or in the air, we have both processes and equipment to handle the danger. Where life depends on a piece of equipment either a process  or redundant equipment means a failure shouldn’t be fatal. So, where we recognise risk, accidents have a compound cause rather than an isolated one (If you think the Air France Concorde crashed only because a burst tyre, read this report on how, but for a set of other failures, it might have been saved)  My friend died because her plane was flying in limited visibility (environment) and air traffic control muddled up left and right in an instruction to the pilot (human error), but the courts found the crash would have been avoided if the Ground Proximity Warning System on the aircraft had worked advertised (equipment).

[In the week that this post has been sitting in my drafts folder, investigators have more to do than usual, and the report has been published for Colin Mcrae’s fatal crash. It’s been widely report that his pilot’s licence had lapsed – but logic, rather than my lasting admiration for him – says you can’t extrapolate from that saying he flew irresponsibly. The report says McRae was flying fast and low and “placed his helicopter in a situation in which there was a greatly reduced margin for error, or opportunity to deal with an unexpected event.” That’s the first part of a “compound cause”, but the investigators could not indentify what finally caused the accident to happen, and don’t apportion blame. So nor will I. ]

Human error can be a failure to speak-up. Think of the charge of the light brigade, read the account of the engineer who knew that the “O” rings on the space shuttle challenger would fail in the cold and watched the decision to postpone the launch being changed (scroll down to the bit after “Figure 10” if you don’t want to read it all). Or consider the Tenerife air disaster – the worst ever – which was a combination of environment (fog) and human errors. A KLM 747 (with their most senior captain at the controls) attempted to take off, without the proper clearance when a Pan AM 747 was taxiing towards it on the main runway. The  crew could didn’t seem to feel able to tell the captain to stop: to quote from one of the official reports. 

The Pan Am aeroplane responded to the tower’s request that it should report leaving the runway with an “O.K., we’ll report when we’re clear.” On hearing this, the KLM flight engineer asked: “Is he not clear then?” The captain didn’t understand him and he repeated: “Is he not clear that Pan American?” The captain replied with an emphatic “Yes” and, perhaps influenced by his great prestige, making it difficult to imagine an error of this magnitude on the part of such an expert pilot, both the co—pilot and the flight engineer made no further objections. The impact took place about thirteen seconds later.

When disasters are avoided, as they are there seem to be two themes. First, as a scuba instructor told us on a safety course “keep thinking about the options”. At the trivial end of the scale, the organizer of the event I was at in Belfast was impressed having changed airports, I had a fallback plans for the ferry if that didn’t work. I could hear Ed Harris as Gene Kranz in Apollo 13 saying “Let’s work the problem people”. Of course Apollo 13 is the other end of the scale. In the movie script at least, flight director Kranz gets quotes like “What do we got on the spacecraft that’s good?” and “I don’t care about what anything was DESIGNED to do, I care about what it CAN do.”  Apparently the captain in the Hudson ditching is also a qualified glider pilot, but the A320 wasn’t designed to be a glider, with only 3000 feet to play with and a glide ratio not much better than 10 feet forward for 1 down, it can stay airborne for only couple of minutes (and cover about half a dozen miles)… the transcript  shows 2 minutes 15 from the first call of the bird strike to the controller saying radar contact has been lost. It also shows the pilot was thinking about the river as the only viable option after 40 seconds. Worst case that would have killed everyone on the plane. Worst case trying to get to a runway was too awful. The FAA site has an MP3 from the air traffic control tapes(things begin about 7:50 in the file), the calm of the captain has drawn a lot of attention, but that of the controller also deserves a mention. When told of the bird strike he comes back with a heading for the aircraft and then tells the La Guardia to hold all departures and what the situation is, he’s also helping with other possible runways, and continuing to handle routine traffic. As yet, the cockpit voice tapes have not been made public, but I’d bet there was both relative calm there too , AND evidence of the second factor in disaster avoidance; team work. It comes up again and again whether it’s  Apollo 13,or the Gimli Glider – in the latter case an aircraft ran out of fuel at 43,000 feet, and landed on an disused air force runway: the captain was also a glider pilot, and credited the co-pilot with cockpit management of “Everything but the actual flight controls” .
There are lessons for business in this. Good IT people  know about dealing with single points of failure, and know that reliability is the result of process more then underlying technology. One article I read talks about what business can learn and refers to something General Electric CEO Jack Welch said: that effective leaders exhibit a particular set of attributes in a crisis: “forthright, calm, fierce boldness”. The survival of the Apollo 13 astronauts was at least party because the leader on the ground – Gene Kranz showed those qualities. If I think about what’s happening in the economy at the moment and look for those qualities among political and business leaders they are disturbingly rare.

 

This post originally appeared on my technet blog.

Windows 7 SKUs

We’ve announced what the “SKUs” will be for Windows 7 – I hate this term “Stock Keeping Unit” means anything with with a part number… But first a first a history lesson:
XP had 5 SKUs

• Home
• Professional
• Tablet
• Media Center
• 64 bit

Bad luck if you want a 64 bit Tablet or a laptop which is Domain joined for the office and with Media functions for the road.
Vista stuck with 5 SKUs but arranged them more sensibly (at least to me)

• Home Basic
• Home Premium
• Business
• Enterprise
• Ultimate

For each of these there was a 32 bit build and a 64 bit build, and the licence covered either. (Even if people had problems getting the installation media). Tablet and media functionality went across SKUs  There was a 6th SKU – starter edition – which wasn’t available in much of the world . And of course each of these was doubled up with the “No-media-by-order-of-the-EU-Office-for-Competitors” edition, normally shortened to “N”

It seems these are to stay with 7, with the changes being that Starter will be available world wide, and business will become “professional”. Small businesses have complained long and loud about the lack of bit-locker in Vista business, and they will now complain about the lack of bit locker in Window 7 “professional”. That is the about the only thing I wish we’d change in the SKUs. People can argue about whether there should be a SKU for organizations on volume licences. Since “Volume” begins at 5 there are very few organizations who can’t have the enterprise edition if they want it. There are many small business who don’t know that (which is our fault, and I hope we’ll do something about it).

I think there is clear case for separate home and business SKUs – and for an all in one SKU (ultimate). I’m hoping that we make it clear that “Home Basic” is a poor filleted  thing “Windows for a cheap PC” if you like. The feed back from netbook users has been that the beta of 7 (which is the “Ultimate” SKU) works great, so I hope never to walk into a store an see starter on a computer.

This post originally appeared on my technet blog.

Virtualization road show

Earlier in the week we took the virtualization tour over the Irish Sea. Tuesday was Belfast – and with the snow, getting there was quite a challenge. I felt ill all day and didn’t think I’d delivered the content as well as I should have, but the feedback forms were really positive, better than I thought I deserved. Then it was south to Cork: I hadn’t been there before – though I want to go diving nearby – and was quite impressed with an airport which would grace a far bigger place, and with the hotel (free wifi,and a receptionist who takes a lost booking in her stride are both guaranteed to impress). I did a better job , and again we had a really good audience, I don’t think I’ve ever had so many people from the audience thank me for the session on their way out.  My Irish surname comes from many generations back, so I don’t have much of a connection with the island, but I’ve come away feeling positive from every trip I’ve made there, North or South, and I’ve volunteered to do events in either place again.

We’re getting to the end of the virtualization tour, we have dates in Scotland for March, which will probably be the last. Before that there are seats available in Northampton on 24th Feb. Northampton isn’t somewhere  we’ve held events before but it’s easy to get to.We keep sneaking new bits into each session and I’m now including demos of the live migration in Server 2008 R2. Just follow the link to book your place

This post originally appeared on my technet blog.

Can I get published if I say that rain is wet or snow is cold ?

I saw an article on ITPro “removing-admin-mitigates-most-windows-flaws” earlier today.

“The vast majority of all critical Microsoft vulnerabilities, some 92 per cent, could have been mitigated by removing the administrator rights of Windows users, a new report has revealed.”

Strike out the numbers and the product specifics “Most vulnerabilities can mitigated by removing administrator rights”. Stone the crows , we never knew that if you run everything as admin you were exposed to more risks… OK sarcasm aside, anyone who works with IT knew this, but did we realise the figure was as high as 92% ? And having written about UAC this morning, I feel the need to point out that being a local administrator and running a problematic program elevated if you need to (the Vista way) mitigates risk 11 times out of 12, and running everything elevated because of one program (the XP way) doesn’t.

This post originally appeared on my technet blog.

This post originally appeared on my technet blog.

Windows 7 and UAC

From the start I thought User Account Control was a big step forward for Vista I tended to brush off any complaints about UAC, for 3 reasons

1. Most of the appearances of UAC appear during the initial setup of the machine. If this is onerous, then you can re-enable the built-in Administrator account because by default this is doesn’t see the prompts.
2. Normal users doing normal things just don’t see the prompt.
3. If you’re a Power Users and you seeing the message multiple times a day you can switch the message off. (If you’re seeing it too often, and routinely OKing it then it loses its value). Though this is like taking the battery out of your smoke alarm because you keep burning the toast.

Nonetheless one of the persistent gripes about Vista was UAC. So in Window 7 we changed things

It’s no just on or off, but we now have “Notify me when Programs install software or make changes to my computer or I make changes to Windows settings” , “Notify me when Programs install software or make changes to my computer”  “Notify me when Programs install software or make changes to my computer but don’t dim my desktop” and “Lay out the welcome mat for all kinds of Malware”.

The middle ones are interesting because parts of the OS are signed as being trustworthy. The Management console is, regedit is not. Net result: no practical reduction in security, but a reduction in the number of prompts… at least that was the theory. I mentioned that  Long Zheng picked up that setting UAC levels was a trusted operation. If you can get the user to run something which (say) sent keystrokes to it, you could turn UAC off and then let rip with any kind of nasty you fancy.  We have now explained how this is going to change , and a good thing too. It appears it was planned to change before the beta, and the change moved back to Release Candidate. What has surprised me in all of this that I have not read a single comment which says “Oh for  pity’s sake Microsoft just get rid of UAC it’s too much of a pain”. Every comment has been that UAC should be there, should be enabled, and should be robust.

It amused me to see a comment to the write up on computer world

“About the only time I see the prompt [for elevation] is:
Installing software
Changing a system setting
Starting Wireshark (promiscious mode requires [it]”

The amusing part was the writer could be describing Vista, but he was actually talking about the prompt for root access on Linux, and he asks “Why do MS insist on making UAC so difficult to use ?”

Technorati Tags: Windows 7

This post originally appeared on my technet blog.

Shutting down a lot of machines with Powershell.

A lot of my free time last year went into a book and one of the chapters in the book is about working with Active Directory from PowerShell. Version 1 leaves you with some work to do, and although we’re plugging this gap with Server 2008 R2 and PowerShell V2 you’ll need both, so I think some of my scripts will have a decent life. One of them is Get-DirectoryEntry

Function Get-ADEntry

{param($Root=”” , [String]$Scope=”Subtree”, [String]$Filter)

 $Searcher = New-Object system.directoryServices.DirectorySearcher([adsi]$Root)

 $Searcher.SearchScope = $Scope

 If ($filter) {$Searcher.Filter = $Filter}

 $Searcher.findAll() | foreach-object {$_.GetDirectoryEntry()}
}

 

I can use this to get all the computers in the current domain

get-adentry -filter "(objectclass=computer)" 

Or just the ones in a specific container

get-adentry -root LDAP://CN=Computers,DC=Roadshow,DC=com

 

At the Bett show Liam asked me if there was a way he could script shutting down all the workstations on his network. Well, assuming you can shut down all the machines in an OU, then you can pipe the output Get-ADEntry into something that calls shutdown.exe (or if you have V2 of PowerShell, the Stop-computer cmdlet) this takes quite a while to time out if the machine is off line,  so its best to ping the machines irst (V2, has a test-connection command, but I’d written Ping-Host already)

Filter Ping-host 
{Param ($target, $server=“.” , [switch]$formatted )
 If ($target –eq $null) {$target=$_}
 If ($target –is [Array] ){$target | forEach-Object {ping-Host –target $target –formatted:$formatted}}
 If ($target –is [string] ){$pingResult= Get-WmiObject -query `
           "Select * from Win32_PingStatus where Address='$target' and ResolveAddressNames = True and recordRoute=1"
 If ($formatted) {$pingResult | Format-table –autosize –property Address, 
           ProtocolAddressResolved , ResponseTime , ResponseTimeToLive , StatusCode}
 Else                 {$pingResult}}
}

So I ended up with a final command like this

get-adentry -root LDAP://CN=Computers,DC=Roadshow,DC=com |

   forEach {if ((ping-host ($_.name[0])).StatusCode -eq 0) {shutdown.exe "/m" "\\$($_.name)" "/t" "300" "/s"}}

Pop the two functions in a PS1 file followed by as many instances of that as you have OUs to shutdown and your machines can be powered off in the evening or at any other time that takes your fancy. Just be careful where you point it !

This post originally appeared on my technet blog.