James O'Neill's Blog

February 25, 2010

Retirement Planning (for service packs)

Yesterday I wrote about end-of-life planning for OSes and so it makes sense to talk about the end of a service pack, as retirement – it is after all the word that is used on the product lifecycle pages. Of course we don’t mean retirement in go and live by the seaside sense…

Special police squads — BLADE RUNNER UNITS — had orders to shoot to kill, upon detection,any trespassing Replicants.

This was not called execution. It was called retirement

that sense. Service packs, like OSes (and replicants) get an end date set well in advance, having explained OSes I want to move on to service packs (and if you want to know about Replicants you’ll have to look elsewhere).

The rule for service packs is simple. Two years after the release of a Service Pack we stop supporting the previous version. So although Windows Vista will be in mainstream support until 2012, and extended support until 2017, that doesn’t mean you can run the initial release , or Service Pack 1 and be supported until then. Lets use Vista as a worked example – I explained yesterday

Windows Vista [had] a General Availability date [of] Jan 2007.For Vista, five years after GA will be later than 2 years after Windows 7, so Vista goes from mainstream to extended support in or shortly after January 2012. We’ve set the date, April 10th 2012. The end of extended support will depend on when the next version of Window ships, but it won’t be before April 11th 2017.

Service pack 1 for Vista became available in April 2008, and Service Pack 2 became available in April 2009.
So, the life of the original Release to Manufacturing of (RTM) version of Windows Vista ends on April 14 2010.
In the same way the life of SP1 of Vista should end in April 2011, actually because we don’t retire things on the exact anniversary, SP1 gets an extension until July 12 2011.

If you are on Vista you must have upgraded to SP1 or SP2 (or Windows 7) by April 14 if you want to continue being supported.

So here’s the summary for what is supported with Vista, and when

Jan ‘07 – April ‘08  Only RTM release available

April ‘08 – April ‘09 RTM and Service Pack 1 supported

April ‘09 – April ‘10 RTM , Service Pack 1 and Service Pack 2 supported

April ‘10  – July ‘11 Service pack 1 and Service Pack 2 Supported

July ‘11 – April ‘12 Service Pack 2 only supported

April ‘12 – April ‘17 Extended support phase on SP2 only.

To simplify things, that assumes there is no Service pack 3 for Windows Vista, and that the successor to Windows 7 ships before April 11 2015.

Vista SP1 coincided with the release of Server 2008, and  Windows XP service pack 3 came very shortly afterwards. The extra few days means the anniversary for XP SP2 falls after the cut off date for April retirement and the end of life for XP SP 2 is July 13th 2010 (the same as day Windows 2000 professional and server editions). Mainstream support for Windows XP (all service packs) has ended,  after July 13 XP is extended support ONLY on SP3 ONLY.

I should have included in yesterdays post that July 13th 2010 also marks the end of mainstream support for Server 2003 (and Server 2003 R2), the  RTM and SP1 versions are already retired. It would be very unusual to see a new service pack for something in extended support. If you still have 2003 servers, you need to decide what you will do about support / upgrades before Jul 13th

Server 2008 shipped as SP1 to sync up with Windows Vista  and SP2 for both came out on the same date, so there are no server service pack actions required until July 12 2011. I explained yesterday why I have sympathy with people who don’t plan, but if you are on Server 2008 SP1 don’t leave it till the last minute to choose between SP2 or upgrading to R2  and then implementing your choice.

Update – Fixed a few typos. 

This post originally appeared on my technet blog.

February 24, 2010

End of life planning.

Filed under: Windows 7,Windows Server,Windows Vista,Windows XP — jamesone111 @ 4:57 pm

Click for a full size version No. I’m not talking about sorting out the music for one’s funeral* …

I think every manager I have had in my 10 years at Microsoft has grumbled that I’m not great with planning – it’s a fair criticism and I try to work on it. When the subject comes up a quote from a book by William Gibson comes into my head.  “I try to plan in your sense of the word, but that isn’t my basic mode, really. I improvise. It’s my greatest talent. I prefer situations to plans, you see…. Really, I’ve had to deal with givens.”  the speaker is actually an artificial intelligence, but I think that is how a lot of IT people work: improvise, deal with the situation at hand, then deal with the next situation. It may be what we prefer – but be it training plans or plans for rolling out new software you’ve got to do it.

We do try to help on the software side, by being both transparent and predictable. The rule for core things (like desktop and server operating systems) is at least 10 years of support. (Embedded operating systems have a different support model which runs for longer).
Mainstream support runs for 5 years from release OR until 2 years after the successor product releases whichever is later. Extended support runs for 5 years, or 2 years after the second successor product releases. After that those who can’t move forwards, but have deep pockets have the option on custom support. In order to be supported you have to be running a supported level of service pack, and I’ll cover that in a later post.

So let’s take a worked example.

  *  Windows 2000 professional’s General availability date was March 2000.

  *  The “n+1” release is Windows XP, which had a General availability date of December 2001.

  *  Two years after Windows XP would be December 2003 , less than the 5 year minimum so mainstream support for Windows 2000 runs to March 2005 when extended support begins. (In practice it got a mainstream June – products only go off the support list on particular days and they live on to the next one after the anniversary)

  *  The “n+2” release is Windows Vista with a General Availability date was Jan 2007.

  *  Two years Vista would be Jan 2009, again less than the 5 year minimum, so extended support support runs to June 2010. Again there is a few days extension.

So the cut off date for Windows 2000 professional is July 13th 2010. After that there will be custom support only for 2000 and if you are still running it you should understand that means we stop the routine distribution of security updates for it. 

As it happens the cut off dates for Windows 2000 Server mainstream support was 2 years after the release of Server 2003 – putting it in May 2005  -  so  2000 professional and server sync’d up. The 2 year point after Server 2008 and the 5 years of extended support take it to the same time, June 2010. So the cut off date for Windows 2000 Server is July 13th 2010.

I like to think that no-one reading this blog would still be running Windows 2000, but I know a good many are still running Windows XP. So let’s carve the dates on XPs tombstone:

5 years after XP’s GA date would be December 2006, but Vista had not shipped by then. So Mainstream support for XP ends two years after the GA date of Vista which takes us to Jan 2009 (In practice it was April 2009). Unless you have taken out a contract for extended support, you have only been getting security updates for XP since then.

5 Years after that is April 2014. Windows 7 had a GA date of October 2009, so 2 years on from there would be sooner. Extended support for XP ends on the later of the two dates, so April 2014.

For Vista, five years after GA will be later than 2 years after Windows 7, so Vista goes from mainstream to extended support in or shortly after January 2012. We’ve set the date, April 10th 2012. The end of extended support will depend on when the next version of Window ships, but it won’t be before April 11th 2017. Both dates for Windows 7 depend on future versions of Windows but won’t be sooner than January 13th 2015, and January 14th 2020. Put them in your diary now, with a reminder a long time in advance 🙂

You can get all the dates from the Product lifecycle page

* Strange Angels by Laurie Anderson if you must know.

tweetmeme_style = ‘compact’;
tweetmeme_url = ‘http://blogs.technet.com/jamesone/archive/2010/02/24/end-of-life-planning.aspx’;

This post originally appeared on my technet blog.

February 8, 2010

Installing Windows from a phone

Arthur : “You mean you can see into my mind ?”
Marvin: “Yes.”
Arthur: “And … ?”
Marvin: “It amazes me how you manage to live in anything that small”

Looking back down the recent posts you might notice that this is the 8th in a row about my new phone (so it’s obviously made something of an impression), this one brings the series to a close.

I’ve said already that I bought at 16GB memory card for the new phone which is a lot – I had 1GB before, so… what will I do with all that space? I’m not going to use it for video and 16GB is room for something like 250 hours of MP3s or 500 hours of WMAs: I own roughly 200 albums, so it’s a fair bet they’d fit. Photos – well maybe I’d keep a few hundred MB on the phone. In any event, I don’t want to fill the card completely. After a trip out with no card in the my camera I keep a SD-USB card adapter on my key-ring so I always have both a USB stick and a memory card : currently this uses my old micro-SD card in an full size SD adapter. If I need more than 1GB I can whip the card out of the phone, pop it in the adapter and keep shooting 

However the phone has a mass storage device mode so I thought to myself why not copy the Windows installation files to it, and see if I can boot a Machine off it and install Windows from the phone ? That way one could avoid carrying a lot of setup disks.
Here’s how I got on.

This post originally appeared on my technet blog.

December 8, 2009

Search stories … or “how do people manage on XP”

Filed under: Windows 7,Windows Vista,Windows XP — jamesone111 @ 9:56 pm

I know from experience that the people I meet in this job , and those who read this blog are more likely to be early adopters than the population at large so you, as a reader may well be on Windows 7 by now, and had a better chance than most of running Vista. But we know there is a lot of Windows XP still out there.  So here is something that I’m generally curious about: of those still on XP how many have added Microsoft’s (or a third party’s) search solution ?

This being Christmas time people are thinking about sending cards and in recent days two people have – unknowingly – each asked me for the others address.  Now I have some addresses and phone numbers in my contacts, but as it turns out neither of these two. Both addresses were buried in attachments in my e-mail and in both cases I had a fragment of the address. Tap that fragment into the search bar in outlook (which uses Windows search) and in less time than it took to type it I have the answer. I’ve had a chapter of problems with my car of late. We lease cars through different companies and we have a firm who coordinate everything – normally the extra layer would gets in the way, but throw this lot a problem and they make it a personal mission to get to a solution.  So have I put their number in my contacts ? er. no. Lease company? Yes. Garage? Sure. People who actually sort things out ? No. And the reason – it takes about 2 seconds to type their name into search and get an email with the number in the signature. (if I can persuade them to make that a clickable link things would be perfect).

If this saves me an hour a week [and that’s a low estimate] it would mean Microsoft gets a week of extra work out of me per year. (Actually it’s 6 days) If your organization is still on search-less XP think of that next time you can’t find something you know is on your PC or in your mailbox. And when you hear an excuse for staying on old software try asking “What percentage of the salary bill are we prepared to forego for this reason”. When you take public holidays, vacation allowance, sickness and training off the total there are a little less than 200 days to actually work in a year. So it’s easy – think of features in “days saved per year” , halve it and that’s the percentage of the salary bill. 

This post originally appeared on my technet blog.

November 30, 2009

Shouldn’t regular reboots be a thing of the past ?

Filed under: Windows 7,Windows Vista — jamesone111 @ 8:38 am

A few days ago I linked to a post of Viral’s which showed some of the holes in the hype around Google’s “Chromium OS” or more accurately just-enough-os-to-run-a-browser.   He had an interesting link showing the work from Phoenix to slash the POST time – and you can’t help but be impressed when Windows starts booting within 2 seconds of hitting the Power button, but has booted and loaded a local HTML file into IE in about 15 seconds. I suspect a lot of the speed improvement comes from loading the OS from a solid state disk. But I keep wondering who is it who keeps booting their machines over and over. I often say in my presentations that when I travel by train I notice people starting their laptops up from cold, and shutting them down cold, and under XP up to SP2 I had problems with a machine with loads of memory refusing to sleep, so I can understand that.  I’m a pretty heavy user of my PC, but I don’t reboot for weeks on end. I see it as  like retuning the TV, something you do every few hundred hours of use. When I do, I start outlook, communicator and IE and they remain open pretty much until an update needs me to reboot.

I got to thinking “How long have IE and so on been running”. I’d make excuses for Outlook as I’m running the Beta of 2010.  I put the following command into PowerShell

Get-Process| sort starttime  -ErrorAction silentlycontinue | format-table –auto -property name, starttime, @{name="CPU"; expression={("{0,10:n1}" -f $_.cpu)}}

and it came back with the following

Name                  StartTime                  CPU
----                  ---------                  ---
taskhost              16/11/2009 19:45:24       21.6
dwm                   16/11/2009 19:45:24   10,451.2
explorer              16/11/2009 19:45:25    3,404.1

iexplore              16/11/2009 19:46:25    1,012.0
iexplore              16/11/2009 19:46:33    4,644.0
iexplore              16/11/2009 19:47:44    7,187.0
FOXITR~1              16/11/2009 19:51:33        8.5
iexplore              16/11/2009 19:53:08    3,025.5
iexplore              16/11/2009 19:53:41    2,744.7
iexplore              16/11/2009 19:55:28    4,553.5
mobsync               17/11/2009 10:14:04        2.3
iexplore              17/11/2009 11:14:48    4,331.6
communicator          19/11/2009 11:26:43    2,313.3
OUTLOOK               20/11/2009 11:45:33    4,614.2
FOXITR~1              20/11/2009 13:33:01       32.8

powershell            29/11/2009 13:02:00       22.1

As you can see it’s about two weeks since I logged on, (although the machine has been an out of hibernate and sleep a few dozen times) and I started IE pretty much at once – one of the web pages was PDF which opened in Foxit reader and has remained open (IE 8 spawns multiple instances of itself). Outlook – beta status not withstanding – has been open for 9 days. Some days I wonder if the problem is in the naming of the functions – that we’re somehow conditioned to shutting things down. I should propose to the Windows team they change the labels “Shut-Down” and “Hibernate” and possibly “Sleep”, calling hibernate something like “Save Windows”, so they convey Power-off-and-start-from-nothing-next-time, Power-off-and-resume-next-time and so on.

So I’m curious to know how many people want to see faster boots and how many people see my way of working as one they use now / will use ?

This post originally appeared on my technet blog.

November 26, 2009

How to deploy Windows: Windows deployment services.

Filed under: Windows 7,Windows Server 2008,Windows Server 2008-R2,Windows Vista — jamesone111 @ 12:23 pm

I saw something recently – it must have been in the discussion about Google’s bootable browser new “operating system” which talked about it taking hours to install Windows. I didn’t know whether to get cross or to laugh.Kicking around on youtube is a video I made of putting Windows 7 on a Netbook from a USB key (The technical quality of the video is very poor for the first couple of minutes, the installation starts in the third minute) . It took me 25 minutes from powering on for the first time to getting my first web page up. It was quick because I installed from a USB flash device. It would be quicker still on a higher spec machine, especially one with a fast hard disk. 

Installing from USB is all very well if you are go the machine(s) to do the installation(s). But if you have many machines to install, or you want to have users or other team members install at will then Windows Deployment Services is a tool you really should get to know.  WDS was originally a separate download for server 2003, then it got rolled into the product so it is just and installable component in Server 2008 and 2008-R2. There are other add on which round out deployment capabilities but there are 3 scenarios where WDS alone is all you need.

  1. Deploying the “vanilla” Windows image to machines. This can be Windows Vista, Windows Server 2008, Server 2008-R2 or Windows 7. I haven’t checked on deploying hyper-V server, it may be a special case because the generic setup process may not create a line that’s needed in the boot configuration database.
  2. Deploying a Windows image, customized with an unattend.xml file – again the same version choices are available , but now if you want to install with particular options turned on or off you can do so (The Windows Automated Installation Kit helps with the creation of this file, among other things)
  3. Creating a “Gold Image” machine with applications pre-installed, and capturing that image and pushing it out to many different machines [There are a few applications which don’t like this, so sometime it is better to run something to install ].

One thing which many people don’t seem to realise is that since Vista arrived one 32 bit can cover all machines, and one 64 bit image can be used on all 64-bit machines. Those images not only handle differences in hardware but can also be multi-lingual.

By itself WDS doesn’t address installing combinations of applications and images, nor does it automate the process of moving users data off an old machine and onto a new machine. I’ll talk about some of these things in future posts: but if you thinking about the skills you’ll need to do a deployment of Windows 7 (for example) understanding WDS is a key first step; the next step is answering the question “What do I need that WDS doesn’t give me ?”

Because I have to deploy a lot of servers. I put together a video showing WDS being used to deploy Windows server (server core is also the smallest OS and so the quickest to install as a demo). Because my Servers are most virtualized I have another video in the pipeline showing System Virtual Machine manager doing deployments of built VMs.
You get an idea of the power of WDS, but the fact the video is only 6 minutes long also gives you an idea of its simplicity.

This post originally appeared on my technet blog.

November 6, 2009

The point of Windows 7 libraries and search

Filed under: How to,Windows 7,Windows Vista — jamesone111 @ 10:06 am

In my previous post I mentioned a correspondent – his name is Andy – who’d written asking the question “What the hell is the point of libraries and if you have the name of the person whose idea they were please post it for summary flaming” He made another comment which I think goes to the heart of it.

…  as with the advice to people to avoid Vista unless buying with a new machine and then only a powerful one which one then customises to remove things like pointless indexing, I am now launching the ‘destroy or develop libraries’ campaign!

I’d like to drill into that.  I just checked my home machine’s asset tag with Dell and it will be 6 years old next week. I wanted to replace it but I spent £30 on upgrading the memory to 2GB and although the graphics card can’t do glass effects,  it runs Vista well enough on its 2.2GHz Celeron (single core) processor that the replacement has been postponed indefinitely. It works as a media center and streams stuff to the TV via the Xbox. Memory is critical though: I’ve been saying since Windows 3.0 “don’t worry about CPU , throw memory at systems.”   a 256MB XP system isn’t going to make a happy upgrade, on that we can certainly agree.

But  “Pointless indexing ?” Indexing is a low priority task and only consumes resources when files change, so removing it saves very little and costs a lot. The big thing , the HUGE thing for me as a user in Vista is search, and clearly no index: no search. Anyone who has got into the Vista or Windows 7 way of working will understand that, just as internet search engines mean we don’t try to remember many complex URLs any more, so on Vista and 7 we don’t remember complex paths to find files.
When I first  first worked on Sharepoint (it was still called Tahoe at the time!) it became clear to me that file hierarchies work poorly.  Do you organize files by date, by subject, by type? If you write thousands of letters how do you name them so you can find all the letters for a given customer ? Or all the letters for customers interested in the WidgetMaster 2000 ? Bluntly, if you can’t find the stuff, is there any benefit in keeping it ? And it’s not just in office automation settings that this matters. I had over 30,000 photos on my PC at the last count. How do I quickly get to the Vulcan Collage I used in this post – did I put it in folder of “pictures for blogging” or did I make a folder for the vulcan shots and put the collage with the source pictures, or did I save the collage with other collages. To find it I just press the “Windows key” and start typing “vulcan” in the box on the start menu. Starting programs which are not on quick launch bar… life is too short to remember folder hierarchies on the start menu: I hit the same key and start typing the program name. Want to remove a program? Why bother to remember where that is in control panel? I hit the same key and start typing “remove” and the correct link to control panel appears. And Windows search is the search for Outlook. With my recent car problems I found I hadn’t got the number for the fleet management people in my contacts. So I typed “Fleet” in the search box and a second later there was a mail with the number I needed. I am totally dependent on search now.

image Indexing has a beneficial side-effect. You can create virtual folders based on metadata. I know a couple of people who flinch when I use the term meta-data but it is simply data about the data: its author, creation date, subject, tags and so on. Office Documents have “document properties”, MP3 and Windows Media files embed information about the song title, artist, composer, length and so on. JPEG and TIF images contain embedded EXIF data which contains camera information as well as artist, tags, title etc.  On the left you can see this being put to use in Windows 7. I’ve ringed the “arrange by” option; and here “tag” has been selected. In some places Tags are known as “keywords”, but as you can see in the screen shot (click for a full size version), a tag can contain multiple words. “Arrange by tag” tells windows “Select all the files in this folder and its subfolders, grouped by their tags" (a file can appear in multiple places if it carries more than one tag). Since each group is treated as a “search folder” I can search arrange results by metadata, so I can have “Infra Red-tagged Pictures also tagged Oxfordshire” Or “Pictures of Aircraft taken in July 2009” and so on.  I can drag the search folder to favorites or the desktop or my task/quick launch bar to call it up again.


But wait – there’s more ! In the second picture you can see I’ve typed something in the search box (ringed). Normally this would be something for a free text search over all the metadata fields. But I’ve typed FocalLength: so this will search in a specific metadata field. I haven’t specified an exact match but typed >280 so it only returns pictures where I was using my longest lens zoomed to the maximum length. Also notice on the menu bar that the search can be saved: that keeps a search folder to apply the same search criteria to my files in the future.

If you’ve opened up a the picture on the left you’ll have seen it contains some shots of the wild rabbits which come into my garden – and I seem to have gone down a bit of a rabbit hole here because the question was about libraries  – and I’m talking about Search folders. You can’t save files to a search folder – it isn’t a “place” – and a search narrows the selection to just some of the items in a branch of the file system…


Libraries use the index beneath the surface, but work in the opposite way to search folders. They bring together multiple file system branches. That’s it. I think Andy thought they were more sophisticated, but there’s only filtering if you do a search: the 4 default libraries which link together 4 of the “MY” folders with their “Public” counterparts. So now it doesn’t matter if something is in “My Music” or “Public Music”, I can find it in the “music” Library. And this isn’t limited to folders on my computer -  You can see on the left that my computer belongs to a Windows 7 HomeGroup and I’ve added the music folder from another member my Music library – this wasn’t the best staged demo because the netbook I’m connecting to only has the Windows sample music on it – which I’ve removed from my laptop, that’s the one non-blurred item .

Adding a folder to a library is a simple matter of going to the library’s properties, and clicking “include”. Any of the folders which comprise the library  can be set as the default location for saving. In effect, the Documents folder is “My Documents” with the extra ability to find public documents. You can change  the name of library so you could call it “All Documents” or even “My documents”. If you neither use the public folders anything there would be no harm in deleting the default libraries. Conversely if you’ve built up a complicated hierarchy of folders, so you might have “letters 2008”, “Letters 2007”, “Letters 2006”, “Invoices 2008”, “Invoices 2007” and so on, you could create new libraries for letters and Invoices.

Now, Andy’s complaint was essentially that he knew users for whom any change is bad. And my previous post I owned up to the fact that my first reaction to any change is “What did they do that for”  He says

unless totally new to computers, the addition and forcing users to default to libraries adds another level of confusion to non-tech savvy people. My mother… has been using PC’s since the 8086 days and had got to grips with DOS/File Manager/Explorer/My Computer/Computer for years before you introduced ‘My’ documents, pictures etc. I then had to spend time explaining the concept of a virtual pointer to a set of folders held elsewhere. We got there in the end although the desire to navigate to them via the C: drive remained for a while.

When we do make these changes we spend thousands of hours in usability labs to makes sure different categories of users can pick them up easily, and if we made everything exactly the same as it always has been it would be a brake on progress. Although Andy emphasised “forcing users to default to” when I did a quick check, everything I tried remembers the last folder things were opened from or saved to. I also have a vague memory that the pre-release versions of Windows 7 opened explorer at the libraries folder but the release version on machine opens at Computer – of course you can have shortcuts to open any folder you want. For some people’s’ machines “MY” in front of documents isn’t needed, you can rename the “MY” away. All the “My” folders are actually pointers so if you have always used C:\Documents, you can navigate via the Hierarchical path in the file system as before, if you can re-point the default location, any program which calls the Windows API to say “where is the default location for Documents will go to there and not keep trying to take you back to somewhere under users

Now, following that, some bright spark decided to demonstrate to logical human beings that had spent years learning how a hard disk could be navigated that logic and common sense is not required for using computers and in fact is detrimental to their use. I write of making the hard disk subordinate to the desktop in explorer when Vista was launched.

Andy’s point actually applied prior to Vista. On the Desktop you have a computer Icon, if you open computer it contains drives, if you open a drive and navigate to your user folder it contains the desktop. Where once we had a tree structure with the some root which contained all the drives, now we have a loop. I understand what he means though, having spent years with learning ways to impose a logic to cope strict hierarchies we’ve now said “you don’t need to force yourself into thinking that way any more”. No one forced to change how they organize their files: that’s important.  Personally I navigate to my documents via libraries, the “my documents” link in my home folder (which I have as a favorite) via the C: drive, and from Cmd and PowerShell prompts.

This post originally appeared on my technet blog.

October 16, 2009

Microsoft Security Essentials

Filed under: Security and Malware,Windows 7,Windows Vista,Windows XP — jamesone111 @ 4:02 pm

Somehow, in all the other activities of the last couple of weeks I missed the release of Microsoft Security Essentials which is our FREE* anti-virus / anti-malware product aimed at home users. (We have the more business oriented Forefront Client Security as well). My experience with it has been too limited to date to offer much commentary on it: however – since this blog is read mostly by people who work around computers the reason for writing about it is to say this: we all have a friend or family member who doesn’t protect their PC. The availability of  software from Microsoft which plugs the gap and is FREE* gives you a chance help them.

Over on the Malware protection center blog  Joe has posted an analysis of what it unearthed in its first live week. We’ve had 1.5million downloads, and found 4 million infections on 0.5 million computers. That’s right the average infected computer has eight different infections. I’ve seen numbers like that before and find it a bit unnerving , because there is a long tail effect: lots of machines are clean, some have one or two infections, the average for an infected machine is 8 and beyond that – there are some out there with dozens upon dozens.

Joe breaks down the reports by country: US has the most reports at 25%, then Brazil and China at 17% each the UK only has 2% of the reports. I don’t know if it is because we have fewer installations here or if our PCs are better protected. Unfortunately it is only infection reports which are broken down by country, not downloads or installations. But Joe does break installations down by OS. 44% is Windows 7, 23% Vista and 33% XP. We haven’t even launched 7 properly and it is 44% of the downloads. My guess is that people who are trying out a new OS are keener than the population at large to try new anti-malware from the same source. The final chart Joe has put up shows the ratio of infections per OS – when he says normalized, I’m assuming that means Vista numbers are scaled up and Windows 7 scaled down so they both represent infection rates on a equal number of computers. XP is more than 3 times more likely to have an infection than 7. This isn’t entirely because 7 is better – it will be a newer installation so XP will have had more chances to get infected. XP infections rates are 60% higher than Vista’s. But 7 is running at about half Vista’s rate. As time passes it will be interesting to see how close 7 and Vista end up and how far behind XP lags. I’ve got a hunch that the numbers will change as they move away from people installing the software because they think their PC might be infected and finding something on the first run.


*As it says on the web site Your PC must run genuine Windows to install Microsoft Security Essentials  or put another way, if you stole the OS, you’re going to have to figure out how to steal software to protect it.

This post originally appeared on my technet blog.

September 23, 2009

On Scanners, Cameras and their USB modes, and lifting the lid on how they can be scripted.

Filed under: Photography,Windows 7,Windows Vista — jamesone111 @ 11:46 am

Long title, and I’m afraid I’ve been on a bit of a voyage of discovery about some of the things Windows 7 (and Vista) can do with photos and first thing I wanted to cover here was something I’ve been trying to ignore: Cameras have two USB modes.

In “Mass Storage Class” (MSC) mode, the computer sees the storage card with its blocks and filesystem and so forth like any other disk. Since the computer can write to the disk all kinds of problems could break out if the camera tried to access the disk, so when  connected the camera functions need to turn themselves off. In MSC mode the camera is becomes a USB card reader and acts like any other USB disk. (That’s the point of MSC devices)

In “Picture  Transfer Protocol” (PTP) mode – and its superset, the media transfer protocol (MTP) – the camera acts as a server – the computer requests a list of files, properties of files, contents of files, but it has no access to the underlying file system so the camera can continue to take pictures and write to the disk. This offers the chance to shoot and have the PC interact with the camera at the same time,  provided that the camera maker doesn’t shut all the functions down when connected in PTP mode. Sadly Pentax do; I put my wife’s Panasonic compact in PTP mode and it was the same. On my the little Canon I take on diving trips there is no “PTP mode”, but it does have Pictbridge support. PTP is the transport protocol for PictBridge and enabling pictbridge got it to work like the Panasonic and Pentax – i.e. all the controls are locked out. From what I’ve read Olympus are the same. Of course I haven’t got the information for every camera made by every manufacturer! I’ll come back to this towards the end of the post, but it changes the way your camera appears…

Click for a full size image  Click for a full size image  Click for a full size image    Click for a full size image

From left to right with my Pentax K7 in PTP mode the camera doesn’t show up as a drive, but as a portable device in Explorer. (I could have used the Canon or Panasonic here).  When you look in the devices and printers part of control panel of Windows 7 you see the camera. If you click through the K7 here gave options to browse, import or configure options. Something which seems different to the other cameras is the option is to automatically import photos when it the camera is plugged in (The K7 does not disappear when unplugged which all the other cameras did.). Not every imaging device which shows up in control panel is a WIA device. In the screen shot below you can see I’ve unplugged my K7 – the icon is greyed out – and plugged in my Web cam; which doesn’t show up in WIA.  The reverse is also true – there is a WIA driver for Windows Mobile devices, but my phone doesn’t show up in devices and printers (at least not as a phone or a camera, only as a potential networking device) but it does show up, with a phone icon, under Portable Devices in Explorer where it has access to the same photo import wizard that the cameras have.

Click for a full size image

Linked in with this there is a Windows Image Acquisition (WIA) driver for PTP enabled cameras – so you can fetch pictures from the camera in a program which understands scanners. Generally, programs that were written for WIA will talk about “Scanner or Camera” – as in the screenshot from Windows 7’s version of Paint below, although WIA allows a program to restrict its choice to scanners only or cameras only. (Windows Fax and Scan won’t accept camera input, for example).  WIA also provides a translation layer to support programs which were written to the older TWAIN interface: these usually talk about acquiring an image from a scanner. When a device appears through the translation layer its name in the TWAIN world is prefixed with “WIA”. Some scanners include both WIA and TWAIN drivers – though the TWAIN ones are redundant on Windows Vista and 7 – and in which case the scanner gets two entries in the TWAIN dialogs (one with WIA in front of the name and one without).  I’ve got a bad track record choosing scanners and the latest piece of junk I’ve bought has a WIA driver which does not work and a TWAIN driver (which does). Hunting down the 64 bit drivers was an undertaking in itself, and for reasons only known to the scanner driver writer it appears in some dialogs when it is not plugged in. [I could go off an huge rant here, at least my ancient HP scanner has a driver on Windows update, although it doesn’t support “Transparent Materials Adapter”, so I bought this one to scan film. How hard is it to produce a driver which works properly and supports full functionality of the scanner? Why are scanners, and cameras bundled with so much useless application software to provide things like “browsing pictures” less well than the OS does it when the vendor can’t get the basics right ? OK enough ranting….] So here in Paint my new film scanner appears alongside the K7. Any attempt to use that driver will fail…grrr… but my old scanner (in page scanning mode only) or the cameras or smartphone will transfer images straight into the application.  

Click for a full size image Click for a full size image

Click for a full size image

The oldest piece of software I still use is Paintshop pro 5 (dated 1999) and it uses TWAIN. In the left picture you can see that it sees the translated K7 WIA driver and the TWAIN driver for the scanner (which isn’t plugged in). Unplug the K7 and plugging in the scanner and the dialog presents the options on the right – with WIA translated and Native TWAIN drivers – only the latter works.

Click for a full size image Click for a full size image


It’s possible access scanners and cameras from a scripting environment. I’m not going to advocate that everyone transfers pictures via PowerShell but it can be useful for diagnostics purposes. You can pop up a PowerShell prompt and enter the following

  PS > $WIAdialog = New-Object -ComObject “WIA.CommonDialog”  
  PS > $Device    = $WIAdialog.ShowSelectDevice()

If I do this with no camera or scanner connected I get this error :

  Exception calling “ShowSelectDevice” with “0” argument(s): “No WIA device of the selected type is available.”

But if I do it with the rotten scanner connected I get this:

  Exception calling “ShowSelectDevice” with “0” argument(s): “The WIA device is not online.”

Assuming the commands is successful one can dig a bit deeper into the properties of a scanner or camera – I’ve cut the list down a little to save space.

PS > $device.Properties | sort name | format-table –autosize propertyID,name,value,type,isreadonly                                                                                             

PropertyID Name                   Value                Type IsReadOnly
———- —-                   —–                —- ———- 
         4 Description            K-7                    16       True
      1028 Device Time            System.__ComObject    104       True
        15 Driver Version         6.1.7600.16385         16       True 
      1026 Firmware Version       1.01                   16       True 
         3 Manufacturer           PENTAX                 16       True
         7 Name                   K-7                    16       True
      2050 Pictures Taken         419                     5       True 

As well as the properties collection, the device has an Items collection, which contains the pictures currently in the camera. Here’s the view of one item.

PS > $device.items.item(1).properties | sort name | format-table propertyID,name,value,type,isreadonly –autosize

PropertyID Name                             Value Type IsReadOnly
———- —-                             —– —- ———- 
      5125 Audio Available                      0    5       True
      5127 Audio Data          System.__ComObject  102       True 
      4110 Bits Per Channel                     8    5       True
      4104 Bits Per Pixel                      24    5      False 
      4109 Channels Per Pixel                   3    5       True 
      4123 Filename extension                 JPG   16       True 
      4099 Full Item Name               o506400A5   16       True 
      4098 Item Name                     IMG40165   16       True
      4116 Item Size                      6663701    5       True 
      4114 Number of Lines                   3104    5       True
      4112 Pixels Per Line                   4672    5       True

As well as having methods to work with the item, there are two useful wizards. The first one pops up a scanning wizard – if a plug in my other scanner, and it will automatically save pictures in a folder under My Pictures – the folder is created with the current date.


And the second will work with scanners or cameras and returns the image as an object which can be manipulated before being saved


The last things about the device object which I wanted to mention were the Events and Commands, properties. The Pentax and Canon both have events which a script can watch for to respond to changes in the files stored on the camera. This is would be useful on cameras which didn’t lock out all the controls while connected – because that means the files can only be changed from the computer end. Similarly on all three of my cameras the list of commands is disappointingly small. 

PS > $device.commands

CommandID                                Name            Description       
———                                —-            ———– 
{9B26B7B2-ACAD-11D2-A093-00C04F72DC3C}   Synchronize     Synchronize


But on some cameras there are more commands , including one named Take Picture, which has an ID of {AF933CAC-ACAD-11D2-A093-00C04F72DC3C}
I can’t test this myself (one blog I found seems to be looking for cameras which do support it, among other things) it seems NOT having the controls locked out is a pre-requisite for this. If it shows up on your camera (and it seems to be mostly Nikons which support it) you should be able to take a picture and acquire it with

$I = $device.ExecuteCommand(“{AF933CAC-ACAD-11D2-A093-00C04F72DC3C}”)

and save it as in the previous example.  [Anyone who wants to post a comment about cameras where this works (or not) would be most welcome]

I’ll come back to WIA and some of the related technology in a future post, but that’s quite enough for now.

This post originally appeared on my technet blog.

September 14, 2009

How to view RAW image files on Windows 7 (and Windows Vista).

Filed under: Photography,Windows Server,Windows Vista — jamesone111 @ 4:09 pm

My photography posts appear to be a bit like busses. I don’t make one for a while then two together …

Some while back I wrote a tale of two Codecs bemoaning the patchy support for RAW files.  Basically we (Microsoft) don’t provide codecs for anything other JPG, TIF, PNG and our Windows Media formats. Everything else is down to whoever is responsible for the format showing a bit of leadership. Pentax fell a bit short with the codec for their PEF format – no 64 bit support. Still, a 32 bit codec works in 32 bit apps –like live Windows Live Photo Gallery, and if one of those previews the image and creates the Thumbnail it then shows up in explorer. At least Pentax’s Codec will install: they support Adobe’s DNG format as an alternative and Adobe’s rather old beta codec won’t install on 64 bit Windows 7. I discovered Ardfry’s Codec for DNG, which is pretty good, though not free.

Putting QuickTime player onto my rebuilt PC I find that it has partial codec support for WIndows – i.e. some Mov files can be played in Windows Media Player and show a thumbnail in Explorer , and some can’t (it appears the “can” use H264 video and “the can’t” are CinePak or Sorenson). Before I had a chance to get the latest build from Ardfry, someone sent me a link to this page of Codecs from Axel Rietschin Software Developments.  I’ve only installed and tested the 64 bit ones PEF and DNG ones but the initial impression is very good indeed. The only gripe is that there doesn’t seem to be a way for the Codec to return the meta data information from the picture but tell Windows “For this format the meta data is read only” – with both Axel’s and Ardfry’s codecs you can enter new data only to get an error when Windows tries to save it.

The full list of supported formats is as follows.

Adobe Digital Negative (*.dng  )
Canon Raw Image  (*.cr2, *.crw )
Fuji Raw Image (*.raf)
Hasselblad Raw Image (*.3pr, *.fff)
Kodak Raw Image (*.dcr, *.kdc )
Leica Raw Image (*.raw, *.rwl)
Minolta Raw Image (*.mrw)
Nikon Raw Image (*.nef, *.nrw )
Olympus Raw Image (*.orf)
Panasonic Raw Image (*.rw2)
Pentax Raw Image (*.pef)
Sony Raw Image (*.arw, *.sr2, *.srf)

A nice bonus is that these were created to support Fast Image Viewer, which I hadn’t come across before: this supports tethered shooting on Cameras with PTP support (like my new Pentax K7). I’m going to give this a try and I’ll hand over the small pile of pennies required if it works. Update there are different levels of PTP support, and the K7 doesn’t do what I need it to. Sigh.

This post originally appeared on my technet blog.

July 24, 2009

A tale of two codecs. Or how not to be a standard.

Filed under: General musings,Photography,Windows 7,Windows Vista — jamesone111 @ 12:16 pm

I’ve just bought a new digital SLR camera. Being a dyed in the wool Pentax person, I’ve upgraded to their new K7.

Being fairly serious about (some of) my photography I shoot quite a lot in RAW format.(In case you didn’t know higher end digital cameras can save the data as it comes off their sensor without converting it to JPEG format). There are only a small number of ways of expressing RAW data but every camera maker embeds one of those methods into their own file format: then each new camera introduces a new sub-version of the format. This is, frankly, a right pain.

Adobe came up with an answer to this, Digital Negative format, DNG. It has been adopted, but not Widely.  Pentax were first to support it in parallel with their own PEF format; Heavyweights like Hassleblad and Leica support it, so do some models from Casio, Ricoh and Samsung. But Canon and Nikon who account for somewhere round 3/4 of all DSLR sales have stuck with their own formats. Adobe maintain a converter which take proprietary files and convert them to DNG, so if you have an application which supports DNG but not your specific camera, Adobe’s tool will bridge the gap. So the take-up in photo processing software has been quite good. My chosen RAW software Capture One needs an update to work with the latest PEF, but will take DNG files straight from the camera. And I’d switch the camera over from PEF to DNG format if it weren’t for the vexing matter of Codecs. 

Before Windows Vista shipped we introduced “Windows Imaging components” WIC, which provide  RAW file using imaging CoDecs (COmpressor DECompressor). Windows 7 and Vista include WIC, and it’s WIC which provides image preview in the explorer: the net effect is that if you have a suitable Codec you get image preview. But, only a very basic set of codecs ships with the OS, partly because of the maintenance headache and partly because some RAW processing requires a bit of reverse engineering and we try to avoid doing that. Camera vendors provide Codecs and Pentax had a new PEF Codec on-line when I got my K7 home. But this is 32 bit only – other camera makers also lack 64 bit support. I could take this as inspiration for a huge rant  but let’s just say I’d make it a requirement for 32 AND 64 bit Windows to be able to preview a camera’s files before it was granted the “certified for Vista” logo – which the K7 sports on its packaging. Perhaps it’s good for our partnerships that I don’t decide such things.

I was on 64 bit Vista and I’m now on 64 bit Windows 7, so you might think the 32 bit codec would be totally useless … but no. A 32 bit codec won’t work with 64 bit software, like Windows explorer. But it will work with a 32 bit program like Windows Live Photo Gallery. (Photo Gallery from Vista has been moved over to Windows Live). Since WLPG shares a thumbnail cache with explorer, anything which you have seen in the Gallery will get a thumbnail in Explorer.  Now, granted, this is a Kludge but there are worse ones out in the world – so I can see my PEFs. But using PEF format means I need to use the (less than great) bundled RAW software until Capture one support the revised PEF. If I want to use Capture one today, I need to use DNG. So  do Adobe have a DNG codec ? They do, but their web site has (unanswered) complaints about the lack of 64 bit support going back to May of last year. Unlike the Pentax codec the Adobe one catches that I am on 64 bit Windows 7 and tells me it only installs on 32 bit Vista. [Users with the Windows Imaging Components installed on XP are out of luck too].

It’s a pretty poor show on Adobe’s part, but it’s easy to see how this comes about. None of the Camera vendors see it as their job to write a Codec for DNG – especially as Adobe have started the process. Microsoft don’t write Codecs except for major standards like JPG, PNG and TIFF and our own formats like Windows Media photo:  DNG doesn’t have enough of a foothold to be classed as a major standard. Adobe – I suspect – must feel that too many people are and not pulling their weight – expecting them to do all the work. It’s perhaps unfair to draw a parallel our support for Linux in the virtualization world (which I have only just written about) – after all it is in our interest to get our virtualization platform adopted, Adobe aren’t disadvantaged if people don’t choose to adopt DNG. But it needs a bit more commitment to get something adopted than Adobe are showing. If you were a product planner at Canon or Nikon would you write DNG support into the spec for future models ? Or would you decide that the support for DNG was half baked and you’d leave it as “something to keep an eye on” for now ?

In researching this I had a look at the Microsoft’s pro photo web site. Which is worth a visit just for the “Icons of imaging” page if you haven’t been there before. The downloads page does feature a 3rd party codec for DNG , which I must investigate. Sadly it’s not free: it’s not that I begrudge the money, but if I have to pay even a token amount to get something which bundled with something I have bought and is supposed to be a standard, to working in the all the places I’d expect it work then how much of a standard is it. I could level the same charge at Adobe over PDF iFilters and preview – but as I’ve written before, Foxit software plugs the gaps and is free – reinforcing the idea that PDF is a standard which is bigger than the company which devised it. I’d love to think DNG would do for RAW formats what PDF has done for documents, but sadly it doesn’t look like it will go that way.

This post originally appeared on my technet blog.

July 22, 2009

How to activate Windows from a script (even remotely).

I have been working on some PowerShell recently to handle the initial setup of a new machine, and I wanted to add the activation. If you do this from a command line it usually using the Software Licence manager script (slMgr.vbs) but this is just a wrapper around a couple of WMI objects which are documented on MSDN so I thought I would have a try at calling them from PowerShell. Before you make use of the code below, please understand it has had only token testing and comes with absolutely no warranty whatsoever, you may find it a useful worked example but you assume all responsibility for any damage that results to your system. If you’re happy with that, read on.  

So first, here is a function which could be written as  one line to get the status of Windows licensing. This relies on the SoftwareLicensingProduct WMI object : the Windows OS will have something set in the Partial Product Key field and the ApplicationID is a known guid. Having fetched the right object(s) it outputs the name and the status for each – translating the status ID to text using a hash table.

$licenseStatus=@{0=”Unlicensed”; 1=”Licensed”; 2=”OOBGrace”; 3=”OOTGrace”;
4=”NonGenuineGrace”; 5=”Notification”; 6=”ExtendedGrace”}
Function Get-Registration

{ Param ($server=”.” )
get-wmiObject -query  “SELECT * FROM SoftwareLicensingProduct WHERE PartialProductKey <> null
AND ApplicationId=’55c92734-d682-4d71-983e-d6ec3f16059f’
AND LicenseIsAddon=False” -Computername $server |
foreach {“Product: {0} — Licence status: {1}” -f $_.name , $licenseStatus[[int]$_.LicenseStatus] }


On my Windows 7 machine this comes back with Product: Windows(R) 7, Ultimate edition — Licence status: Licensed

One of my server machines the OS was in the “Notification” state meaning it keeps popping up the notice that I might be the victim of counterfeiting  (all Microsoft shareholders are … but that’s not what it means. We found a large proportion of counterfeit windows had be sold to people as genuine.)  So the next step was to write something to register the computer. To add a licence key it is 3 lines – get a wmi object, call its “Install Product Key” method, and then call its “Refresh License Status method”.  (Note for speakers of British English, it is License with an S, even though we keep that for the verb and Licence with a C for the noun).  To Activate we get a different object (technically there might be multiple objects), and call its activate method. Refreshing the licensing status system wide and then checking the “license Status”  property for the object indicates what has happened. Easy stuff, so here’s the function.

Function Register-Computer
{  [CmdletBinding(SupportsShouldProcess=$True)]
param ([parameter()][ValidateScript({ $_ -match “^\S{5}-\S{5}-\S{5}-\S{5}-\S{5}$”})][String]$Productkey ,
[String] $Server=”.” )


$objService = get-wmiObject -query “select * from SoftwareLicensingService” -computername $server
if ($ProductKey) { If ($psCmdlet.shouldProcess($Server , $lStr_RegistrationSetKey)) {
                           $objService.InstallProductKey($ProductKey) | out-null 
                           $objService.RefreshLicenseStatus() | out-null }

    }   get-wmiObject -query  “SELECT * FROM SoftwareLicensingProduct WHERE PartialProductKey <> null
                                                                   AND ApplicationId=’55c92734-d682-4d71-983e-d6ec3f16059f’
                                                                   AND LicenseIsAddon=False” -Computername $server |

      foreach-object { If ($psCmdlet.shouldProcess($_.name , “Activate product” ))

{ $_.Activate() | out-null

$objService.RefreshLicenseStatus() | out-null

If     ($_.LicenseStatus -eq 1) {write-verbose “Product activated successfully.”}
Else   {write-error (“Activation failed, and the license state is ‘{0}'” `
-f $licenseStatus[[int]$_.LicenseStatus] ) }
                            If     (-not $_.LicenseIsAddon) { return }

else { write-Host ($lStr_RegistrationState -f $lStr_licenseStatus[[int]$_.LicenseStatus]) }

Things to note

  • I’ve taken advantage of PowerShell V2’s ability to include validation code as a part of the declaration of a parameter.
  • I as mentioned before, it’s really good to use the SHOULD PROCESS feature of V2 , so I’ve done that too.
  • Finally, since this is WMI it can be remoted to any computer. So the function takes a Server parameter to allow machines to be remotely activated.

A few minutes later windows detected the change and here is the result.



This post originally appeared on my technet blog.

May 1, 2009

Easy transfer is not a sign of weakness

Filed under: Beta Products,Windows 7,Windows Vista,Windows XP — jamesone111 @ 4:20 pm


Someone from the office (no names, no pack drill) told me they had read my post from yesterday where I mentioned Windows Easy Transfer.  They felt that it might not be quite the done thing for a technical person to use it but since I was using it , then it was probably OK.  I’ve now switched over to Windows 7 Release candidate and I used easy transfer to move almost everything: I had a a huge block of RAW photos and decided I’d back them up to an additional drive and then use easy transfer for everything else, otherwise it wouldn’t all fit on one disk. I blasted the partitions off the hard disk and did the install from my NTFS formatted bootable USB stick (also in my post from yesterday). The whole thing worked like a charm ; actually better than quite a few charms I’ve seen. 30GB of stuff takes a while to move off to disk and back, but Mail signatures, recent files lists, my IE customizations, IE History… all of them popped back into place. The only thing which seemed not to was my Outlook offline store file, and that probably benefitted from being rebuilt. 

I love the fact that Easy transfer lets me see what I had installed before and it cross checks them against what installed NOW, notice the bit that says “to see this information later”, well now when I go back it shows Foxit’s PDF reader is installed.

Half a dozen things things I like so far about the release candidate

1. Tim Hueur’s PDF preview works again ! This is one of those “can’t do without” apps for me. Designed for Vista it broke in beta of 7 and is now working again. Result !

2 It’s faster. I didn’t bother to benchmark the beta, but I’m convinced this is just snappier. The beta was faster than vista – although my 4GB machine it was fine with Vista, the people with less memory saw bigger gains

3. The pictures. Sorry that is a bit lame, but the pictures are stunning, and I love the idea of having national pictures, the UK ones are superb.

4. IE8 is now the release version, so In Private Filtering works. [I must write about that]

5. Windows handles my habit of having 60 Windows Open in IE more gracefully.

6. Jump list items have been though through better – like this one for PowerShell


This post originally appeared on my technet blog.

Clarifying: the new virtual PC, Windows XP mode for Windows 7, and MED-V

Filed under: Beta Products,Virtualization,Windows 7,Windows Vista,Windows XP — jamesone111 @ 11:49 am

There is an interview with Scott Woodgate,  published as  press release on press pass  entitled Helping Small Businesses With Windows 7 Professional and Windows XP Mode. After starting to speculate about this a little too soon, I want to clarify what the bits are. Because XP mode allows something which was previously only in MED-V, the term “Med-V Lite” has been used but this is an over simplification – perhaps misleadingly so. MED-V and Windows XP Mode service different audiences and solve different business problems:

Windows Virtual PC

  • is hosted virtualization (sometimes called a type II hypervisor); by comparison hyper-V in Server 2008 is a bare-metal virtualization (sometime called a type 1 hypervisor).
  • enables users to run multiple instances of Windows on a single device (although not all Windows versions are licence for additional instances in VMs).
  • will enable users to launch many older applications seamlessly in a virtual Windows XP environment from the Windows 7 start menu. Previously this was only available as part of MED-V; now this is done in Windows Virtual PC using a wizard.
  • includes support for USB devices and is based on a new core that includes multi-threading support
  • Provides Folder, clipboard and printer Integration with the the host OS
  • There’s a run down of the changes here note the requirement for a modern CPU.

Windows XP Mode

  • combines Windows Virtual PC and a pre-installed Windows XP SP3 VHD (Virtual Hard disk) file.
  • is designed for smaller business customers who need to run Windows XP applications on their windows 7 desktops where end users control the XP environment.
  • is available for pre-install from OEMs (which we think will give the best experience) and also for download for Windows 7 Professional and Windows 7 Ultimate customers.


  • is the management layer for IT professionals on top of Virtual PC.
  • is designed for larger organizations with a proper management infrastructure, and a need to deploy a centrally-managed virtual Windows XP environment  on either Windows Vista or Windows 7 desktops.
  • The main management areas it helps in are:
    • Deployment – delivering virtual Windows images and customizing per user and device settings, (for instance: assigning the virtual PC a name that is derived from the physical device name or the username to simplify identification and management), adjusting virtual PC memory allocation based on available RAM on host etc.
    • Provisioning – defining which applications and websites are available to different users, assigning virtual PC images to users directly or based on group membership. defining which applications in the guest OS are available on the Host’s start menu, and which web sites are redirected to the guest’s browser.
    • Control – maginging usage permissions and Virtual PC settings, Control whether the Virtual PC connects using the hosts IP address with Network Address translation or gets an an address through DHCP, Authenticating user before granting access to the Virtual PC, setting an expiry date for the the Virtual PC
    • Maintanance and Support – updating images using TrimTransfer network image delivery – when a master image is changed the PCs using it receive the changes (not the whole VHD file) , aggregating events from all users in a central database
  • Runs on Windows 7 and Windows Vista, and will not require processor-based virtualization support

This post originally appeared on my technet blog.

March 16, 2009

A day out with Divers

Filed under: Events,Photography,Windows 7,Windows Vista — jamesone111 @ 11:38 am

I spent yesterday at the DIVERSE – the South Eastern area conference for BSAC (the British Sub Aqua Club) : officially I was there to speak about why Windows Vista (and 7) are so good at handling pictures. Unofficially as a diver (though not a BSAC member) any valid excuse to hang out with diving folk is welcome. “Club” suggests “amateur”, but I’ve been to plenty of IT industry events which were less professionally run. It was well attended too, and it’s quite some time since I’ve seen an audience so obviously enjoying what was being presented to them (even a potentially dull session on accident statistics was lightened with the some of the funny things people right when reporting accidents).

I’ve uploaded the slides I used. The main thrust of my session was that

  1. Putting data about your pictures in the pictures themselves (using EXIF data) is much more valuable than putting them in a separate database
    (One gentleman asked me if there was anything he could do about editors which drop all the data – I use EXIFCOPY from EXIFUTILS to copy it back from the original photo)

  2. Once tagged Search means you can find, sort, search and group the pictures. Search is available for XP, but  because is integrated everywhere in Windows Vista and 7 the experience is better: heir version of Windows explorer also makes it easy to tag pictures

  3. Some free software – Windows Live Photo Gallery (which also works on XP) makes it easier to work with  photos and do basic corrections (although it lacks a clone brush and the levels adjustment isn’t that sophisticated)

  4. There are interesting things you can do with the photos afterwards (e.g. building a collage with AutoCollage – which is running a 20% off promotion until the end of March. At £14.40 it’s a real bargain).

It seems the graphics card in my laptop has been on the blink for a couple of weeks – I’ve been getting loads of errors from my screen driver and some other odd behaviour – it finally gave up the ghost while I was on stage and when I try to boot the machine now I get some very interesting screen corruption. So I didn’t get to show the final collage. Here is what AutoCollage built with the pictures I showed (click for a bigger version)


Click for a bigger version


I showed my PowerShell scripts for tagging photos from the Suunto dive management software I use (Suunto were sponsoring the event, which was nice – I’ve got a very high opinion of Suunto, as much for their customer service as for their products and it would have been awkward if another make of dive computers was sponsoring things) . I talked about how this worked in an earlier post, and I’ve added  the latest versions of the files to this post for anyone who wants to try it. Here are some quick instructions:

  1. Try to remember to take a photo of the display on your dive computer at some point. This will allow you to calculate the error between the time on the camera and the time on the computer.

  2. Unzip the attached files

  3. Export the CSV files from the Suunto software  (in the 1.6 version I use* the command File/Export/ASCII in CSV format)

  4. Assuming you already have PowerShell installed, start PowerShell and enter the following command Run the following powershell command
    [reflection.assembly]::loadfile(“C:\<path To Where You Unzipped it >\OneImage.dll”)

  5. Then enter the following PowerShell command
    filter get-picture {param ($Path) new-object oneImage.exifimage $path}

  6. If you have a photo with of your computer use this powershell Command to find when it was taken
    (Get-picture “fullPathToYourPicutre“).dateTimeTaken
    You can work out the number of seconds difference between the time on the computer when the picture was taken and the time on the camera. If the Computer is ahead of the camera you want a positive number, and if it is behind you want a negative number.

  7. Next process the Suunto data with this command in powerShell
    <path to where you unzipped it>\prep-Divedata
    Note that if you are in the folder where you unzipped it, you need to enter the path as .\prep-divedata. This command takes about a minute to run on my system. If it looks like it has hung give it plenty of time.

  8. Read the warning in the right hand column of this blog – “This stuff is provided as is, with no warranty and confers no rights.” My code isn’t very extensively tested and there is a small chance it could screw up your photos. Make sure you have a backup before proceeding. Seriously.

  9. Now run the following command in powershell
    DIR <your file Selection> | foreach-object { <path to where you unzipped it>\tag-photo $_.fullName timeOffset}
    your file selection might be *.jpg, it might be c:\photo-Dump\dive40*.jpg, or whatever. As before if you are in the folder that holds the script you need to run it as .\tag-photo
    The timeOffset you worked out in step 6. If you don’t enter one everything will work on the assumption that computer and camera are in sync.


Officially there is no support for this (but officially I’m on leave and not posting here this week)


* Yes there is a newer version of dive manager, but I like to point out that 1.6 was designed to interface with the serial port, pre-dates Vista , never mind 7, and wasn’t intended for a 64 bit platform, yet here it is on Windows 7 , 64 bit downloading my data very nicely thank you. Which shows what happens if you write the software properly in the first place.

This post originally appeared on my technet blog.

February 18, 2009

How to manage the Windows firewall settings with PowerShell

I mentioned recently that I’m writing a PowerShell configuration tool for the R2 edition of Hyper-V server and Windows server core.   One of the key parts of that is managing the firewall settings…. Now… I don’t want to plug my book too much (especially as I only wrote the PowerShell part) but I had a mail from the publisher today saying copies ship from the warehouse this week and this code appears in the book (ISBN  9780470386804 , orderable through any good bookseller)

The process is pretty simple. Everything firewall-related in Server 2008/Vista / Server R2/ Windows 7, is managed through the HNetCfg.FwPolicy2 COM object, so. First I define some hash tables to convert codes to meaningful text, and I define a function to translate network profiles to names. So on my home network

$fw=New-object –comObject HNetCfg.FwPolicy2  ;  Convert-fwprofileType $fw.CurrentProfileTypes  

returns “Private”

$FWprofileTypes= @{1GB=”All”;1=”Domain”; 2=”Private” ; 4=”Public”}
$FwAction      =@{1=”Allow”; 0=”Block”}
$FwProtocols   =@{1=”ICMPv4”;2=”IGMP”;6=”TCP”;17=”UDP”;41=”IPv6”;43=”IPv6Route”; 44=”IPv6Frag”;
                  47=”GRE”; 58=”ICMPv6”;59=”IPv6NoNxt”;60=”IPv6Opts”;112=”VRRP”; 113=”PGM”;115=”L2TP”;
                  ”ICMPv6”=48;”IPv6NoNxt”=59;”IPv6Opts”=60;”VRRP”=112; ”PGM”=113;”L2TP”=115}
$FWDirection   =@{1=”Inbound”; 2=”outbound”; ”Inbound”=1;”outbound”=2}


Function Convert-FWProfileType
{Param ($ProfileCode)
$FWprofileTypes.keys | foreach –begin {[String[]]$descriptions= @()} `
                                -process {if ($profileCode -bAND $_) {$descriptions += $FWProfileTypes[$_]} } `
                                –end {$descriptions}

The next step is to get the general configuration of the firewall; I think my Windows 7 machine is still on the defaults, and the result looks like this

Active Profiles(s) :Private 

Network Type Firewall Enabled Block All Inbound Default In Default Out
------------ ---------------- ----------------- ---------- -----------
Domain                   True             False Block      Allow     
Private                  True             False Block      Allow     
Public                   True             False Block      Allow     

The Code looks like this 

Function Get-FirewallConfig {
$fw=New-object –comObject HNetCfg.FwPolicy2
"Active Profiles(s) :" + (Convert-fwprofileType $fw.CurrentProfileTypes)
@(1,2,4) | select @{Name=“Network Type”     ;expression={$fwProfileTypes[$_]}},
                   @{Name=“Firewall Enabled” ;expression={$fw.FireWallEnabled($_)}},
                   @{Name=“Block All Inbound”;expression={$fw.BlockAllInboundTraffic($_)}},
                   @{name=“Default In”       ;expression={$FwAction[$fw.DefaultInboundAction($_)]}},
                   @{Name=“Default Out”      ;expression={$FwAction[$fw.DefaultOutboundAction($_)]}}|
            Format-Table -auto

Finally comes the code to get the firewall rules. One slight pain here is that the text is often returned as pointer to a resource in a DLL, so it takes a little trial and error to find grouping information.
The other thing to note is that a change to a rule takes effect immediately, so you can enable a group of rules as easily as :

Get-FireWallRule -grouping "@FirewallAPI.dll,-29752" | foreach-object {$_.enabled = $true}


Function Get-FireWallRule
{Param ($Name, $Direction, $Enabled, $Protocol, $profile, $action, $grouping)
$Rules=(New-object –comObject HNetCfg.FwPolicy2).rules
If ($name)      {$rules= $rules | where-object {$_.name     –like $name}}
If ($direction) {$rules= $rules | where-object {$_.direction  –eq $direction}}
If ($Enabled)   {$rules= $rules | where-object {$_.Enabled    –eq $Enabled}}
If ($protocol)  {$rules= $rules | where-object {$_.protocol  -eq $protocol}}
If ($profile)   {$rules= $rules | where-object {$_.Profiles -bAND $profile}}
If ($Action)    {$rules= $rules | where-object {$_.Action     -eq $Action}}
If ($Grouping)  {$rules= $rules | where-object {$_.Grouping -Like $Grouping}}

Since this the rules aren’t the easiest thing to read I usually pipe the output into format table for example

Get-firewallRule -enabled $true | sort direction,applicationName,name | 
            format-table -wrap -autosize -property Name, @{Label=”Action”; expression={$Fwaction[$_.action]}},
            @{label="Direction";expression={ $fwdirection[$_.direction]}},
@{Label=”Protocol”; expression={$FwProtocols[$_.protocol]}} , localPorts,applicationname


Last, but not least if you want to create a rule from scratch you want to create a rule object with New-object –comObject HNetCfg.Fwrule, you can then pass it to the add method of the Policy object’s rules collection.  If I ever find time to finish the script it will probably have new-firewallRule, but for now you need to write your own.

This post originally appeared on my technet blog.

February 12, 2009

Accelerators in IE8

Filed under: Beta Products,Internet Explorer,Windows 7,Windows Vista — jamesone111 @ 4:40 pm

Internet Explorer 8 seems to be  guided by the same “many little improvements” philosophy that has driven Windows 7 – or put another way it’s not packed with radical new features , and in some cases I find it hard to be sure if something really wasn’t there before:  I think the “Privacy Policy” is new and it lets find out where pages are including something which violates my privacy or which produces a hyper-active advert (where these are scripts they go into IE’s distrusted sites list ! )

image Here’s the kind of incremental improvement I’m talking about, look at the search box.

Image 1 on the left shows how things worked in IE 7, you needed to pull down the list on the right to select a different search provider.

Image 2 in the middle shows how things have changed with IE 8, the icons for the different providers show up under the search box, click the one you want to select and click off the search (3 clicks become one).

But what’s that on the right ? in image 3. Previously to search your history you needed to go to favorites tab, go to history, choose Search history, enter my search term and then click search. In 8, just type into the search box and the history gets searched as you type

One thing that is brand new in 7 is the idea of accelerators: when you highlight some text on the page you can take some actions with it. Highlight an address and you can go to a map, highlight a word and you can look it up in a dictionary. Use an a browser based tool for composing your blog entries (and I don’t) then jump to your blogging tool . The specification for the XMLfiles which describe accelerators is on MSDN. There were plenty of things I could have tried, but I decided to one one for Twitter… then found that David Sim has done that already, and here’s what the XML looks like

<?xml version="1.0" encoding="UTF-8" ?>

<os:openServiceDescription xmlns:os="http://www.microsoft.com/schemas/openservicedescription/1.0">



<os:name>Send to Twitter</os:name>


<os:description>Send text to Twitter</os:description>


<os:activity category="Send">

<os:activityAction context="selection">

<os:execute action="http://twitter.com/home?status={selection} {documentUrl}" />




So once this is installed if I run my mouse over some text I get this ….


All very fine and good … except why do I have to go to a submenu ? and Why is the top menu filled with stuff from Windows Live – some of which I’ll use but some I won’t ? The answer is it has to default to something, but you can change it by going to Manage Add-ons from IE’s tools menu and clicking accelerators (and there is a short cut on the “All Accelerators” Menu)


I’ve removed the Email with Live mail and Blog with live spaces (I don’t use them) and just to show the search isn’t fixed I changed the default search to “My blog”, which changes the “Search with” entry. Each accelerator has a category – this one is “Send”, and one item in each category can be flagged as “Default” to appear on the top menu, which is what I’ve done for the twitter entry. Now that’s more like the “few clicks for common tasks” ethos of 7.

This post originally appeared on my technet blog.

February 6, 2009

Windows 7 and UAC

Filed under: Beta Products,Security and Malware,Windows 7,Windows Vista — jamesone111 @ 1:42 pm

From the start I thought User Account Control was a big step forward for Vista I tended to brush off any complaints about UAC, for 3 reasons

  1. Most of the appearances of UAC appear during the initial setup of the machine. If this is onerous, then you can re-enable the built-in Administrator account because by default this is doesn’t see the prompts.
  2. Normal users doing normal things just don’t see the prompt.
  3. If you’re a Power Users and you seeing the message multiple times a day you can switch the message off. (If you’re seeing it too often, and routinely OKing it then it loses its value). Though this is like taking the battery out of your smoke alarm because you keep burning the toast.

Nonetheless one of the persistent gripes about Vista was UAC. So in Window 7 we changed things


It’s no just on or off, but we now have “Notify me when Programs install software or make changes to my computer or I make changes to Windows settings” , “Notify me when Programs install software or make changes to my computer”  “Notify me when Programs install software or make changes to my computer but don’t dim my desktop” and “Lay out the welcome mat for all kinds of Malware”.

The middle ones are interesting because parts of the OS are signed as being trustworthy. The Management console is, regedit is not. Net result: no practical reduction in security, but a reduction in the number of prompts… at least that was the theory. I mentioned that  Long Zheng picked up that setting UAC levels was a trusted operation. If you can get the user to run something which (say) sent keystrokes to it, you could turn UAC off and then let rip with any kind of nasty you fancy.  We have now explained how this is going to change , and a good thing too. It appears it was planned to change before the beta, and the change moved back to Release Candidate. What has surprised me in all of this that I have not read a single comment which says “Oh for  pity’s sake Microsoft just get rid of UAC it’s too much of a pain”. Every comment has been that UAC should be there, should be enabled, and should be robust.

It amused me to see a comment to the write up on computer world

“About the only time I see the prompt [for elevation] is:
Installing software
Changing a system setting
Starting Wireshark (promiscious mode requires [it]”

The amusing part was the writer could be describing Vista, but he was actually talking about the prompt for root access on Linux, and he asks “Why do MS insist on making UAC so difficult to use ?”

Technorati Tags:

This post originally appeared on my technet blog.

January 8, 2009

Windows Server 2008 R2 and Windows 7 client Betas on Technet

Filed under: Beta Products,Windows Server 2008,Windows Vista — jamesone111 @ 3:33 am

I’m not exactly delighted to be be blogging at 3:13 in the morning, but I’m watching the keynote from CES. In the last 45 minutes we’ve published a press release about Windows 7. Steve Ballmer said that “Technet and MSDN subscribers can download it now”. I was watching site propagate and the downloads are there. now. What do you mean you’re not a technet subscriber ? Well you’ll be able to get it in a few days.

I picked up from Mary Jo’s blog that there was a live friend feed for those watching. Mary Jo picked up that everything says “the beta” not Beta 1 or some such. Someone else who was thinking in the lines I outlined in the my previous post and suggested that shipping 7 or July 7th (7/7) was too good to miss. Touch in Windows 7 is going to get a lot of attention. I can see quite a few “lightweight surface” type apps being built with that.

Bonus info: Halo Wars will be out in February and a new Halo 3 game (Halo 3 ODST) will be out before the end of the year.

This post originally appeared on my technet blog.

Windows 7 – not a very well kept secret

Filed under: Beta Products,Windows Vista — jamesone111 @ 1:55 am

We’ve got a projector in the office which gathers various streams of news and shows them on the wall, and today it keeps talking about Windows 7. It seems SteveB is making a speech tonight and everyone expects it to announce the beta of Windows 7. (Mary Jo has some more ideas what he might say)

So in preparation for its arrival here are a handful of thoughts about beta testing , and the next version of Windows.

1. Remember what a beta is for. It’s a two way thing; you discover what might have problems, what’s new and great and what’s new that you just don’t like. You test thoroughly. Try those crappy old apps and old bits of hardware (I’m told that some things which need coaxing to work on Vista are more likely to work on 7 out of the box. If it can’t be made to work on Vista with the app compat toolkit,  it probably can’t be made to work on 7 either). It might also be your first tilt at IE 8.  But it is a two way process: if you find something which doesn’t work we want you to report it. That was our reason for  letting you have it.

2. Products ship when they are ready part 1. I’ve seen all kinds of rumours about when Windows 7 client and Server 2008 R2 will ship. One intriguing one is that PCs shipped after July 1 will get a free upgrade. Free upgrades from RTM onwards used to be the rule. With Vista we had upgrades 24th October 2006, and RTM was in November. If this rumour is turns out to be true that says a release will not be much after July 1. I’ve always reckoned on 3-4 months for a beta and a month for a release candidate as a good rule of thumb. There isn’t time to do usual two betas and two or three release candidates by July, which makes another rumour – of only one beta the only way that will work. I don’t have any inside scoop on this.  We said the new client OS be 3 years after Vista. Exactly 3 years means RTM in November and launch parties in 2010 – nice fit for my timescales for 2 betas and 3 RCs .  Unless something is said in the Ballmer speech remember my old saying, those who really know don’t talk and those who talk don’t really know. Some great things are already being said about 7, but

3. Products ship when they are ready, part 2. A beta, by definition is not ready. Life will not be free of all disruption I’d be surprised if anything in the a beta OS trashes my data. But staring at a dead file system with nothing to do but mutter “that was a surprise” * isn’t something I’m going to let happen. So I’m going to try to get a fresh hard-disk and copy my data to it and leave the old one alone. And I’m going to be sure to test the backup and restore system :-) 

4. A lot will be written about the OS, much will be junk . Jason Perlow at ZDNET gives a great example. “There’s no run menu”. Press the [Window] key instead of [Window] & [R] or click start (rather than click start, click run) and type what you would have typed in the Run box. It works the same, and its quicker. And it finds things before you’ve typed the whole name. The mentality of saying “I must have my run box in floating window named run and it can’t be merged with search” is just… well, Jason’s colleague  Ed Bott just stops short of calling him a luddite. There are other good points in Ed’s post too. I’ve long held that he knows what he’s talking about.




* Back in my days in Microsoft consulting services , we would be asked to review designs and tell the customer that they good be guaranteed to work. I’d always explain that such guarantees are impossible but we can say we’ve reviewed it and if competently implemented nothing about it leads us to expect a problem. Of course if a problem arises we will say “COR ! That was unexpected”. That always raised a laugh, but the serious point was we




Technorati Tags:

This post originally appeared on my technet blog.

Next Page »

Blog at WordPress.com.