James O'Neill's Blog

February 25, 2010

Retirement Planning (for service packs)

Yesterday I wrote about end-of-life planning for OSes and so it makes sense to talk about the end of a service pack, as retirement – it is after all the word that is used on the product lifecycle pages. Of course we don’t mean retirement in go and live by the seaside sense…



Special police squads — BLADE RUNNER UNITS — had orders to shoot to kill, upon detection,any trespassing Replicants.


This was not called execution. It was called retirement


that sense. Service packs, like OSes (and replicants) get an end date set well in advance, having explained OSes I want to move on to service packs (and if you want to know about Replicants you’ll have to look elsewhere).


The rule for service packs is simple. Two years after the release of a Service Pack we stop supporting the previous version. So although Windows Vista will be in mainstream support until 2012, and extended support until 2017, that doesn’t mean you can run the initial release , or Service Pack 1 and be supported until then. Lets use Vista as a worked example – I explained yesterday


Windows Vista [had] a General Availability date [of] Jan 2007.For Vista, five years after GA will be later than 2 years after Windows 7, so Vista goes from mainstream to extended support in or shortly after January 2012. We’ve set the date, April 10th 2012. The end of extended support will depend on when the next version of Window ships, but it won’t be before April 11th 2017.


Service pack 1 for Vista became available in April 2008, and Service Pack 2 became available in April 2009.
So, the life of the original Release to Manufacturing of (RTM) version of Windows Vista ends on April 14 2010.
In the same way the life of SP1 of Vista should end in April 2011, actually because we don’t retire things on the exact anniversary, SP1 gets an extension until July 12 2011.


If you are on Vista you must have upgraded to SP1 or SP2 (or Windows 7) by April 14 if you want to continue being supported.


So here’s the summary for what is supported with Vista, and when


Jan ‘07 – April ‘08  Only RTM release available


April ‘08 – April ‘09 RTM and Service Pack 1 supported


April ‘09 – April ‘10 RTM , Service Pack 1 and Service Pack 2 supported


April ‘10  – July ‘11 Service pack 1 and Service Pack 2 Supported


July ‘11 – April ‘12 Service Pack 2 only supported


April ‘12 – April ‘17 Extended support phase on SP2 only.


To simplify things, that assumes there is no Service pack 3 for Windows Vista, and that the successor to Windows 7 ships before April 11 2015.



Vista SP1 coincided with the release of Server 2008, and  Windows XP service pack 3 came very shortly afterwards. The extra few days means the anniversary for XP SP2 falls after the cut off date for April retirement and the end of life for XP SP 2 is July 13th 2010 (the same as day Windows 2000 professional and server editions). Mainstream support for Windows XP (all service packs) has ended,  after July 13 XP is extended support ONLY on SP3 ONLY.


I should have included in yesterdays post that July 13th 2010 also marks the end of mainstream support for Server 2003 (and Server 2003 R2), the  RTM and SP1 versions are already retired. It would be very unusual to see a new service pack for something in extended support. If you still have 2003 servers, you need to decide what you will do about support / upgrades before Jul 13th


Server 2008 shipped as SP1 to sync up with Windows Vista  and SP2 for both came out on the same date, so there are no server service pack actions required until July 12 2011. I explained yesterday why I have sympathy with people who don’t plan, but if you are on Server 2008 SP1 don’t leave it till the last minute to choose between SP2 or upgrading to R2  and then implementing your choice.


Update – Fixed a few typos. 

This post originally appeared on my technet blog.

February 24, 2010

End of life planning.

Filed under: Windows 7,Windows Server,Windows Vista,Windows XP — jamesone111 @ 4:57 pm

Click for a full size version No. I’m not talking about sorting out the music for one’s funeral* …

I think every manager I have had in my 10 years at Microsoft has grumbled that I’m not great with planning – it’s a fair criticism and I try to work on it. When the subject comes up a quote from a book by William Gibson comes into my head.  “I try to plan in your sense of the word, but that isn’t my basic mode, really. I improvise. It’s my greatest talent. I prefer situations to plans, you see…. Really, I’ve had to deal with givens.”  the speaker is actually an artificial intelligence, but I think that is how a lot of IT people work: improvise, deal with the situation at hand, then deal with the next situation. It may be what we prefer – but be it training plans or plans for rolling out new software you’ve got to do it.

We do try to help on the software side, by being both transparent and predictable. The rule for core things (like desktop and server operating systems) is at least 10 years of support. (Embedded operating systems have a different support model which runs for longer).
Mainstream support runs for 5 years from release OR until 2 years after the successor product releases whichever is later. Extended support runs for 5 years, or 2 years after the second successor product releases. After that those who can’t move forwards, but have deep pockets have the option on custom support. In order to be supported you have to be running a supported level of service pack, and I’ll cover that in a later post.

So let’s take a worked example.

  *  Windows 2000 professional’s General availability date was March 2000.

  *  The “n+1” release is Windows XP, which had a General availability date of December 2001.

  *  Two years after Windows XP would be December 2003 , less than the 5 year minimum so mainstream support for Windows 2000 runs to March 2005 when extended support begins. (In practice it got a mainstream June – products only go off the support list on particular days and they live on to the next one after the anniversary)

  *  The “n+2” release is Windows Vista with a General Availability date was Jan 2007.

  *  Two years Vista would be Jan 2009, again less than the 5 year minimum, so extended support support runs to June 2010. Again there is a few days extension.

So the cut off date for Windows 2000 professional is July 13th 2010. After that there will be custom support only for 2000 and if you are still running it you should understand that means we stop the routine distribution of security updates for it. 

As it happens the cut off dates for Windows 2000 Server mainstream support was 2 years after the release of Server 2003 – putting it in May 2005  -  so  2000 professional and server sync’d up. The 2 year point after Server 2008 and the 5 years of extended support take it to the same time, June 2010. So the cut off date for Windows 2000 Server is July 13th 2010.

I like to think that no-one reading this blog would still be running Windows 2000, but I know a good many are still running Windows XP. So let’s carve the dates on XPs tombstone:

5 years after XP’s GA date would be December 2006, but Vista had not shipped by then. So Mainstream support for XP ends two years after the GA date of Vista which takes us to Jan 2009 (In practice it was April 2009). Unless you have taken out a contract for extended support, you have only been getting security updates for XP since then.

5 Years after that is April 2014. Windows 7 had a GA date of October 2009, so 2 years on from there would be sooner. Extended support for XP ends on the later of the two dates, so April 2014.

For Vista, five years after GA will be later than 2 years after Windows 7, so Vista goes from mainstream to extended support in or shortly after January 2012. We’ve set the date, April 10th 2012. The end of extended support will depend on when the next version of Window ships, but it won’t be before April 11th 2017. Both dates for Windows 7 depend on future versions of Windows but won’t be sooner than January 13th 2015, and January 14th 2020. Put them in your diary now, with a reminder a long time in advance 🙂

You can get all the dates from the Product lifecycle page


* Strange Angels by Laurie Anderson if you must know.

tweetmeme_style = ‘compact’;
tweetmeme_url = ‘http://blogs.technet.com/jamesone/archive/2010/02/24/end-of-life-planning.aspx’;

This post originally appeared on my technet blog.

December 8, 2009

Search stories … or “how do people manage on XP”

Filed under: Windows 7,Windows Vista,Windows XP — jamesone111 @ 9:56 pm

I know from experience that the people I meet in this job , and those who read this blog are more likely to be early adopters than the population at large so you, as a reader may well be on Windows 7 by now, and had a better chance than most of running Vista. But we know there is a lot of Windows XP still out there.  So here is something that I’m generally curious about: of those still on XP how many have added Microsoft’s (or a third party’s) search solution ?

This being Christmas time people are thinking about sending cards and in recent days two people have – unknowingly – each asked me for the others address.  Now I have some addresses and phone numbers in my contacts, but as it turns out neither of these two. Both addresses were buried in attachments in my e-mail and in both cases I had a fragment of the address. Tap that fragment into the search bar in outlook (which uses Windows search) and in less time than it took to type it I have the answer. I’ve had a chapter of problems with my car of late. We lease cars through different companies and we have a firm who coordinate everything – normally the extra layer would gets in the way, but throw this lot a problem and they make it a personal mission to get to a solution.  So have I put their number in my contacts ? er. no. Lease company? Yes. Garage? Sure. People who actually sort things out ? No. And the reason – it takes about 2 seconds to type their name into search and get an email with the number in the signature. (if I can persuade them to make that a clickable link things would be perfect).

If this saves me an hour a week [and that’s a low estimate] it would mean Microsoft gets a week of extra work out of me per year. (Actually it’s 6 days) If your organization is still on search-less XP think of that next time you can’t find something you know is on your PC or in your mailbox. And when you hear an excuse for staying on old software try asking “What percentage of the salary bill are we prepared to forego for this reason”. When you take public holidays, vacation allowance, sickness and training off the total there are a little less than 200 days to actually work in a year. So it’s easy – think of features in “days saved per year” , halve it and that’s the percentage of the salary bill. 

This post originally appeared on my technet blog.

October 16, 2009

Microsoft Security Essentials

Filed under: Security and Malware,Windows 7,Windows Vista,Windows XP — jamesone111 @ 4:02 pm

Somehow, in all the other activities of the last couple of weeks I missed the release of Microsoft Security Essentials which is our FREE* anti-virus / anti-malware product aimed at home users. (We have the more business oriented Forefront Client Security as well). My experience with it has been too limited to date to offer much commentary on it: however – since this blog is read mostly by people who work around computers the reason for writing about it is to say this: we all have a friend or family member who doesn’t protect their PC. The availability of  software from Microsoft which plugs the gap and is FREE* gives you a chance help them.

Over on the Malware protection center blog  Joe has posted an analysis of what it unearthed in its first live week. We’ve had 1.5million downloads, and found 4 million infections on 0.5 million computers. That’s right the average infected computer has eight different infections. I’ve seen numbers like that before and find it a bit unnerving , because there is a long tail effect: lots of machines are clean, some have one or two infections, the average for an infected machine is 8 and beyond that – there are some out there with dozens upon dozens.

Joe breaks down the reports by country: US has the most reports at 25%, then Brazil and China at 17% each the UK only has 2% of the reports. I don’t know if it is because we have fewer installations here or if our PCs are better protected. Unfortunately it is only infection reports which are broken down by country, not downloads or installations. But Joe does break installations down by OS. 44% is Windows 7, 23% Vista and 33% XP. We haven’t even launched 7 properly and it is 44% of the downloads. My guess is that people who are trying out a new OS are keener than the population at large to try new anti-malware from the same source. The final chart Joe has put up shows the ratio of infections per OS – when he says normalized, I’m assuming that means Vista numbers are scaled up and Windows 7 scaled down so they both represent infection rates on a equal number of computers. XP is more than 3 times more likely to have an infection than 7. This isn’t entirely because 7 is better – it will be a newer installation so XP will have had more chances to get infected. XP infections rates are 60% higher than Vista’s. But 7 is running at about half Vista’s rate. As time passes it will be interesting to see how close 7 and Vista end up and how far behind XP lags. I’ve got a hunch that the numbers will change as they move away from people installing the software because they think their PC might be infected and finding something on the first run.

 

*As it says on the web site Your PC must run genuine Windows to install Microsoft Security Essentials  or put another way, if you stole the OS, you’re going to have to figure out how to steal software to protect it.

This post originally appeared on my technet blog.

May 4, 2009

Windows 7 XP mode: helpful ? Sure. Panacea ? No.

Filed under: Beta Products,Virtualization,Windows 7,Windows XP — jamesone111 @ 3:31 pm

ComputerWorld have an interesting piece up about XP Mode for Windows 7. Saying that it “could create support nightmares, analysts said today”

They quote Michael Cherry, an analyst at Directions on Microsoft as saying “I think that this will help the uptake for Windows 7, because it removes one more ‘gotcha,’ and that’s never a bad thing to do”.Well indeed, as computerworld goes on to say: The idea of using virtualization to provide backward compatibility for older applications is neither novel nor surprising, Cherry continued. He called it a nice "safety net" for users concerned about abandoning XP who don’t have access to centrally managed MED-V”

If you have more than 5 machines you can get Software Assurance and add the Microsoft desktop optimization pack (MDOP): so you get Microsoft Enterprise Desktop Virtualization (MED-V).  I’m surprised that no one has yet portrayed XP Mode as a way of raising the profile of MED-V to sell more MDOP packages. XP mode is managed locally with users “owning” the VM; anything deployed to hundreds or thousands of desktops without central management can earn the label of “support nightmare”. MED-V provides that central management. Computerworld have a quote from a Gartner analyst, Michael Silver: “You’ll have to support two versions of Windows, each needs to be secured, antivirused, firewalled and patched. Businesses don’t want to support two instances of Windows on each machine. If a company has 10,000 PCs, that’s 20,000 instances of Windows”

I think he’s wrong on that point. You don’t have to support the whole of the legacy OS in this situation – for example you don’t need to provide all the drivers for it. You just have to support configuring the legacy app on it – which is what you have been doing for the life of that OS anyway. For many of these applications you can use the simplest firewall ever – disconnect the network. We won’t surf the internet from the VM, read mail on it or do most things that risk introducing malware: this smaller attack surface means a “compatibility VM” can get away with a lower level of security. When he says “If a company has 10,000 PCs” the rest of the sentence should be “they should be using MED-V”. In an organization of that size 10,000 user controlled / unaudited machines (physical or virtual) is not an option.

I agree with him on a different point in the Computerworld article: “Companies need to heal their applications," Silver said. "They’ll be doing themselves a disservice if, because of XPM, they’re not making sure that all their apps support Windows 7." If these apps need to be “healed”  does that make them “sick” ?  Whatever label we use, there are organizations that depend on outdated applications which they didn’t write. For some reason a new version which supports Vista/Windows 7  can’t be deployed – not least because Software vendors go bust. Silver makes the point “What happens in 2014, when XP isn’t supported anymore ?”. XP is out of mainstream support now: customers can buy into extended support, but those running XP mode won’t. The applications are probably out of support too. But we have people running NT4 virtualized (but unsupported) in their data centres for some ancient-but-critical apps: the same will happen on the desktop. 

As well as the known “sick” apps, there are organizations who don’t have a complete list of applications deployed at user or departmental level: they can’t say “everything we have works on Vista/Windows 7” because they  can’t define “everything”: so XP mode is a useful safety net Michael Cherry put it ‘It removes one more “Gotcha”’.

I wouldn’t dream of arguing with the notion that “companies will be much better off if they make all their applications run on Windows 7.” as Silver put it. An application which was written properly in the 1990’s will run on 7 (I still like paintshop pro 5 and it has a copyright date of 1999): there isn’t a kind way to say it, but excluding drivers and utilities which need to get into the guts of the OS (anti-virus being the classic case) if an Application doesn’t work on an updated OS, it wasn’t written properly in the first place, so you have to ask what else is wrong with it. Sooner or later the cost of  keeping it going (whether that is lost productivity from staying on an old OS , or the cost of supporting it under virtualization) outweighs the cost of getting rid of it. Since developers have had access to Vista since early 2006 if there isn’t a fixed version now there probably never will be. It’s very easy to say that such applications should be thrown out and replaced, it’s just turns out to be hard to do in practice.

So the message should be clear

  1. Desktop virtualization is not a free excuse to avoid updating applications. It is a work around if you can’t update.
  2. Desktop virtualization needs work, both in deployment and maintenance – to restate point 1 – it you have the option to update, expect that to be less work to update the applications.
  3. As Scott Woodgate said in the first sentence we published anywhere about XP mode “Windows XP Mode is specifically designed to help small businesses move to Windows 7.” Home users and large organizations might benefit but they are not the target
    As I pointed out in my first post on the subject. MED-V is designed for larger organizations with a proper management infrastructure, and a need to deploy a centrally-managed virtual Windows XP environment  on either Windows Vista or Windows 7 desktops.

One final thought not all current Intel Processors have the VT technology that Windows Virtual PC needs. If you are thinking about buying a new PC or if advise small business buyers, make sure VT Support is checked for. Ed Bott has a good post with the details of the chips.

This post originally appeared on my technet blog.

May 3, 2009

Virtual Windows XP … picking myself up off the floor.

Filed under: Beta Products,Photography,Virtualization,Windows 7,Windows XP — jamesone111 @ 3:16 pm

Someone gave me a definition of insanity as “trying the same thing over and over again expecting different results”.  I guess trying something you expect to fail is somewhere between insanity and scientific thoroughness. Anyhow, that’s how I came to be trying the test you see below. I didn’t expect it to work, but it did.

image As I mentioned yesterday I wanted to try out the tethered shooting ability of my Digital SLR. In fact  I have two Pentax digital SLRs, a 2003 Vintage *ist-D and a 2006 K10D. Pentax have only ever done 32 bit versions of the Remote Assistant software the *ist-D works with V1 and the K10D needs V3, which demands the CD which came with the camera (even if the old software is installed or the Camera is plugged in). The cable to connect the *ist D was in the loft – along with the K10D’s disk. So I couldn’t try either last night: this morning I got out the ladder and retrieved both. 

I had installed the Remote Assistant 1.0 into the VM, mainly to see if version 3 would upgrade in place without the CD, and it showed up on my Windows 7 Start menu, so I figured I’d plug in *Ist-D. Windows 7 installed the drivers for it. I fired up the VM and pulled down the USB menu, the camera showed as shared, I clicked it and after a warning that the it would no longer be usable in the host OS it became“Attached” so the option changed to goes to “Release”. Attaching the device to the VM is just like plugging a USB device into a physical machine, so the Virtualized instance of XP installed the drivers for the camera. It’s a standard device and doesn’t need anything downloaded or provided from a disk, so it was all done in 3 clicks.

I fired up remote assistant. It gives a representation of what  you can see through the view finder (not a live preview, but the camera settings – under the picture on the left you can see it is telling me 1/80th of a second shutter speed, aperture of f/2.4.  It was getting data from the camera, so there was nothing for it at this stage but to press the shutter button, so I aimed the camera at my son and ….

Click for full size version

 

.. it worked! It only went and worked !! The picture on the left is the assistant running in the VM, and on the right it’s working as a remote application without the whole desktop. The old camera is a USB 1.1 device so the transfer speed is pretty poor: which is why I never got into tethered shooting with it; there’s a motivation to get the newer software working to use the other camera – I’ve never used it because by the time Pentax had the software out I was running 64 bit vista and wasn’t going to change for one program. [Update. Done that, identical process, much faster transfer] 

I found the whole VM bogged down terribly if I asked it to save the file it was acquiring from the camera the host computer. So I decided to cheat and add a shortcut on the start menu to link to the folder in the VM where it stores the files. (This also turns out to be a useful backdoor to launch anything which isn’t set up on the host’s start menu).

The only other fault I can find with the whole process is that you have to reconnect the USB device by starting the VM and only then can you launch the Virtual Application. I don’t know if the Virtual PC team plan to do anything about this by release.

As a Hyper-V person through and through I tend to think of  Virtual PC is a bit of an old dog – in the the best of all worlds this would be underpinned by Hyper-V technology – but here I am applauding VPCs new trick. There could be a whole new lease of life in this old dog yet.

This post originally appeared on my technet blog.

May 2, 2009

Exploring Windows XP mode for Windows 7

Filed under: Beta Products,Virtualization,Windows 7,Windows XP — jamesone111 @ 11:33 pm

image Windows Virtual PC is on Technet for people to download, the Windows Virtual PC  page says it will be available to everyone on May 5th, but the  evaluation guide is available already

I’ve installed it and started to play. I’ve only got one application which won’t work under 64 bit (Vista / Windows7 or XP) – which is the remote control application for my Pentax digital SLR camera, which seems to be a good way to test the USB integration: frankly I’ll be astonished if it works. Although the software is only useful if you own a Pentax camera, it still requires you to insert the CD which came with the camera before it will install. Grrr.
So I’ve been through the setup – I have a little video in the pipeline to show it but it’s described in the eval guide. There are two parts to install Virtual PC, which is packaged as a KB update file,and (unless you want to build your Virtual Machine) the pre-built XP VM, which is just a large installation file.  They can be installed in either order : and with a coupe of bits of user input the VM churns away to itself configuring all the necessary bits.

The integration of Virtualized applications has a simplicity and elegance to it –add something to the start menu in the Virtual machine and it shows up on the start menu in the host. So I copied the IE shortcut and it appeared on the Windows 7 start menu.

I recently read a summary of a Forester report on the number of businesses still on IE6. As the author put it “While the tech press spends a lot of time talking about Web 2.0 and even 3.0 Corporate America is on Web 0.5.” That might sound a bit harsh but were but 3 years ago now I wrote here that “If IE6 were a vegetable it would be a plain boiled potato; ubiquitous, reliable, but not exactly exciting.”. It’s been around since 2000 and in the last 8 and a bit years there has been a lot of innovation in browsers (the better the competitors in the market the more innovations in the everyone’s products).

So here is  IE6  running as a Virtual Windows XP application, with a modern browser in the back ground

Click for a lerger version

You’ll need to open the full size version to see it but there are a few things to see in the screen shot.

(1) Virtualized apps use the “furniture” of the OS they running in – so no aero glass and Windows XP minimize/maximize/close Icons

(2) The Icon for a virtualized app (the rightmost one) is looks similar to the one for the remote desktop connection.

(3) Notice how “My Documents” on the Host computer is mapped through to “My Documents” in the virtual app.

 

What I like about most about this is the lack of fuss and bother… Now to find that Pentax CD.

This post originally appeared on my technet blog.

May 1, 2009

Easy transfer is not a sign of weakness

Filed under: Beta Products,Windows 7,Windows Vista,Windows XP — jamesone111 @ 4:20 pm

image

Someone from the office (no names, no pack drill) told me they had read my post from yesterday where I mentioned Windows Easy Transfer.  They felt that it might not be quite the done thing for a technical person to use it but since I was using it , then it was probably OK.  I’ve now switched over to Windows 7 Release candidate and I used easy transfer to move almost everything: I had a a huge block of RAW photos and decided I’d back them up to an additional drive and then use easy transfer for everything else, otherwise it wouldn’t all fit on one disk. I blasted the partitions off the hard disk and did the install from my NTFS formatted bootable USB stick (also in my post from yesterday). The whole thing worked like a charm ; actually better than quite a few charms I’ve seen. 30GB of stuff takes a while to move off to disk and back, but Mail signatures, recent files lists, my IE customizations, IE History… all of them popped back into place. The only thing which seemed not to was my Outlook offline store file, and that probably benefitted from being rebuilt. 

I love the fact that Easy transfer lets me see what I had installed before and it cross checks them against what installed NOW, notice the bit that says “to see this information later”, well now when I go back it shows Foxit’s PDF reader is installed.

Half a dozen things things I like so far about the release candidate

1. Tim Hueur’s PDF preview works again ! This is one of those “can’t do without” apps for me. Designed for Vista it broke in beta of 7 and is now working again. Result !

2 It’s faster. I didn’t bother to benchmark the beta, but I’m convinced this is just snappier. The beta was faster than vista – although my 4GB machine it was fine with Vista, the people with less memory saw bigger gains

3. The pictures. Sorry that is a bit lame, but the pictures are stunning, and I love the idea of having national pictures, the UK ones are superb.

4. IE8 is now the release version, so In Private Filtering works. [I must write about that]

5. Windows handles my habit of having 60 Windows Open in IE more gracefully.

6. Jump list items have been though through better – like this one for PowerShell

 image

This post originally appeared on my technet blog.

Clarifying: the new virtual PC, Windows XP mode for Windows 7, and MED-V

Filed under: Beta Products,Virtualization,Windows 7,Windows Vista,Windows XP — jamesone111 @ 11:49 am

There is an interview with Scott Woodgate,  published as  press release on press pass  entitled Helping Small Businesses With Windows 7 Professional and Windows XP Mode. After starting to speculate about this a little too soon, I want to clarify what the bits are. Because XP mode allows something which was previously only in MED-V, the term “Med-V Lite” has been used but this is an over simplification – perhaps misleadingly so. MED-V and Windows XP Mode service different audiences and solve different business problems:

Windows Virtual PC

  • is hosted virtualization (sometimes called a type II hypervisor); by comparison hyper-V in Server 2008 is a bare-metal virtualization (sometime called a type 1 hypervisor).
  • enables users to run multiple instances of Windows on a single device (although not all Windows versions are licence for additional instances in VMs).
  • will enable users to launch many older applications seamlessly in a virtual Windows XP environment from the Windows 7 start menu. Previously this was only available as part of MED-V; now this is done in Windows Virtual PC using a wizard.
  • includes support for USB devices and is based on a new core that includes multi-threading support
  • Provides Folder, clipboard and printer Integration with the the host OS
  • There’s a run down of the changes here note the requirement for a modern CPU.

Windows XP Mode

  • combines Windows Virtual PC and a pre-installed Windows XP SP3 VHD (Virtual Hard disk) file.
  • is designed for smaller business customers who need to run Windows XP applications on their windows 7 desktops where end users control the XP environment.
  • is available for pre-install from OEMs (which we think will give the best experience) and also for download for Windows 7 Professional and Windows 7 Ultimate customers.

MED-V

  • is the management layer for IT professionals on top of Virtual PC.
  • is designed for larger organizations with a proper management infrastructure, and a need to deploy a centrally-managed virtual Windows XP environment  on either Windows Vista or Windows 7 desktops.
  • The main management areas it helps in are:
    • Deployment – delivering virtual Windows images and customizing per user and device settings, (for instance: assigning the virtual PC a name that is derived from the physical device name or the username to simplify identification and management), adjusting virtual PC memory allocation based on available RAM on host etc.
    • Provisioning – defining which applications and websites are available to different users, assigning virtual PC images to users directly or based on group membership. defining which applications in the guest OS are available on the Host’s start menu, and which web sites are redirected to the guest’s browser.
    • Control – maginging usage permissions and Virtual PC settings, Control whether the Virtual PC connects using the hosts IP address with Network Address translation or gets an an address through DHCP, Authenticating user before granting access to the Virtual PC, setting an expiry date for the the Virtual PC
    • Maintanance and Support – updating images using TrimTransfer network image delivery – when a master image is changed the PCs using it receive the changes (not the whole VHD file) , aggregating events from all users in a central database
  • Runs on Windows 7 and Windows Vista, and will not require processor-based virtualization support

This post originally appeared on my technet blog.

January 24, 2008

Vista vulnerabilities – a comparison.

Filed under: Apple,Linux / Open Source,Security and Malware,Windows Vista,Windows XP — jamesone111 @ 10:32 pm

Perhaps it’s a bit strong to say “if complete and utter chaos was lightning, Jeff Jones would be the sort to stand on a hilltop in a thunderstorm wearing wet copper armour and shouting ‘All gods are bastards’ ” (as a favourite quote  has it)  but you must admit it’s a better opening than “Blimey, XP was better than we thought”, or “See, there was no need wait for Vista SP1“.

Jeff, you see, has posted on his blog an analysis of Vulnerabilities in the first year of life of Windows Vista, Windows XP, two popular linux distros and Apple’s Mac OS X 10.4. Here are the bare numbers (though you should read the whole thing)

Metric Windows Vista Windows XP Red Hat rhel4ws Reduced Ubuntu 6.06LTS Reduced Mac OS X 10.4
Release Date 30-Nov-06 25-Oct-01 15-Feb-05 01-Jun-06 29-Apr-05
Vulnerabilities Fixed 36 65 360 224 116
Security Updates 17 30 125 80 17
Patch Events 9 26 64 65 17
Weeks With at least 1 patch event 9 25 44 39 15

To explain the numbers a little, an update might fix more than one vulnerability, and more than one update might go out out in a patch event. Apple seem to roll all their fixes for a given event into a single update.

Vista is the newest of these operating systems and you could argue that the art of software engineering has advanced. But then Why did a 2001 Microsoft OS fare so much better 2005/6 products?

With all the claims of the Linux community like “With many eyes all bugs are shallow” – how did Red Hat have 360 vulnerabilities ? They released Patches 44 weeks out of 52, 20 of their patches came in weeks when there had already been a patch. Ubuntu didn’t fare much better on that score.

If security vulnerability counts are indicative of bugs in general then Vista shipped in a better state than XP; Vista will go longer to SP-1 than XP did, it seems that they’ll have roughly the same number of vulnerabilities fixed at SP-1.

So that’s all good – why the “Wet copper armour” quote – and Gizmodo agrees with me ? Well, to bend another favourite quote, “The Internet is more full of exciting trolls and excruciating fan boys and girls than a pomegranate is of pips”. Most times I mention Apple I get visited by one set or the other. Jeff just called their babies ugly. He’s happy to discuss it. His document explains how he got to the numbers and he encourages people to do their own analysis. And he faces down point that “Of course you think the Microsoft products are good because you work for Microsoft” by pointing out it’s the other way around, he works for Microsoft because he thinks the products are good. Like me. Like most of us.

This post originally appeared on my technet blog.

December 12, 2007

Window borders…

Filed under: How to,Windows Vista,Windows XP — jamesone111 @ 10:41 pm

My carbon footprint has got worse: after the travel of the Road-show, I popped up to Leeds last night to talk to BCS. A round trip of 400 miles.

While I was there Dave threw me one of those questions… the kind where you know the answer. You know that you know it. But the harder you think about it, the more the answer refuses to come to you. And not remembering bothers you: it bothered me most of the way home.
The question was simple. “One of my clients has poor sight and relies on Windows Magnifier. He managed to dock magnifier on the side of the screen and  resize it down to zero width. He couldn’t find the edge of magnifier to resize it.”

Darn it, I know you can change the border size, on a window, it’s useful if narrow borders don’t work with your eyes or hands.  And it makes it impossible to lose a window. But where’s the settings ?  

So today I dug the settings out in Vista, it’s Control Panel, Personalization, Window Color and Appearance  Classic Appearance properties, Advanced. In XP it’s Control Panel, Display, Appearance tab, advanced. Then you can click the window border and set it to any size you fancy.

And Magnifier does respect the size of the border so now if it suffers the same mishap it’s easy to sort out.
Phew. That’s one question off my mind, now to deal with all the other queries I got during the road-show.

This post originally appeared on my technet blog.

December 5, 2007

Product life cycles (and Virtual Server 2005)

It’s always nice when someone says James O’Neill, IT Pro Evangelist at Microsoft, reveals that Virtual Server 2005 support will end in 2014 – except that then people come and demand to know why you’re revealing product plans.


So, lets start with a basic question. “Where do I go to find out when support for [Product X] expires ? (or if it has already expired)”
Answer:  http://support.microsoft.com/gp/lifepolicy , It’s quite a long FAQ but two key pieces are:



Microsoft will offer a minimum of 10 years of support for Business and Developer products. Mainstream Support for Business and Developer products will be provided for 5 years or for 2 years after the successor product (N+1) is released, whichever is longer. Microsoft will also provide Extended Support for the 5 years following Mainstream support or for 2 years after the second successor product (N+2) is released, whichever is longer. Finally, most Business and Developer products will receive at least 10 years of online self-help support.


and



The Support Lifecycle policy went into effect October 15, 2002, with a major revision on June 1, 2004. This policy revision covers most products that were available through retail purchase or volume licensing as of June 1, 2004, and most future products versions. For information about end-of-support timelines and Extended Support options for all products, visit the Select a Product for Lifecycle Information site.


I commented recently on the life of Virtual Server 2005. Since it released in the last quarter of 2004, you can easily do the sums and work out that mainstream support runs to the end of 2009 and paid extended support runs to the end of 2014 – in fact because of the way we set the dates support ends early the following year. The dates are given here , 12th Jan 2010, and 13 Jan 2015.


What about the R2 versions ? It’s simple: Windows server 2003 and Windows Server 2003 R2 are treated as one product. Since the product is getting near to it’s 5th birthday, mainstream support will be covered by the “2 years after its successor” rule. Virtual Server 2005 R2 is listed as a separate product with its own expiry dates. Because it was launched in Q1 of 2006, mainstream support ends at the of Q1 2011, and extended support at the end of Q1 2016 (again the actual end date is a few days into the next quarter).


You may be thinking …What about applications which launch late in the life of an OS ? as the FAQ puts it



If the problem is specific to the program, Microsoft will provide support. If the problem is a result of the combination of the operating system and the program, that particular problem will not be supported.


The other question is What about Service packs ? from the FAQ again.


Microsoft will provide 12 months of support for a service pack after the successor service pack is released.


There’s a detailed break down here. So when Service Pack 1 comes out you have 12 months before we require that service pack in order to be supported.

However  if we need to support a product or service pack beyond these limits we will. For example, because we knew that Windows XP Service Pack 2 was a bigger change than most service packs we extended that one year deadline.

Spare a thought for the people in Redmond who have to test software on different OS/Service pack combinations. If we are have service packs coming out frequently (as was the case with NT4) then they might have to test on as many as 4 different service pack levels. Testing becomes so long and so complex that another service pack is out before you’ve finished testing your product. If the service packs are widely spaced, you might be lucky enough to have only one supported version of a given OS. When new service packs or Operating Systems come along they have to test their product against those. Generally it is acceptable to say a product will not work against a whole new OS (e.g. Exchange 2000 didn’t work on Windows Server 2003), but we don’t like to say that something only works with an out of date service pack – that tends to bring a patch for the application.  [And please note these are generalizations].

This post originally appeared on my technet blog.

September 14, 2007

"Perfidious Microsoft"

Filed under: General musings,Windows 2003 Server,Windows Vista,Windows XP — jamesone111 @ 10:34 am

I don’t know whether to be angry or frustrated, and whether the target should be journalists who make mountains out of molehills, or the people in Redmond who give them the molehill to start with.

Here’s the story. The Windows update software changes sometimes. If Windows update keeps itself in a working state if is in use; that is to say outside well run IT shops which use WSUS, SMS or some other in house way of pushing out updates, and outside those people who turn the service off altogether.  Windows update logs changes to itself in the event log. However if the user has selected “Check for updates but let me choose whether to download or install them” updates to the update service don’t check with the user first.

One or two readers will go scouring everything I’ve ever said to find a contradiction for what I’m about to say. I don’t think people should automatically trust Microsoft. I don’t think they should automatically distrust us either. We need to earn trust, and sensible people will keep re-evaluating “In this case should I or shouldn’t I”. There are plenty of people out in the world who think no-one should ever trust us, a great many of them post on line to discussions and blogs, some write for magazines. Giving these people ammunition is stupid. And any manager in Redmond who does should be made to write out “I should never do anything which undermines public trust in my employer” 10,000 times. Preferably while sitting in a set of stocks (I’d locate these under the campus flag poles outside Building 10)

To me, the whole premise of this argument is stupid. First off when I went to grab the screen shot I’ve modified here it says at the bottomWU
  “Note: Windows Update might require an update before you can update Windows”
Granted I had to read that twice, as obviously WU can’t update the OS if there are no updates, the word “Itself” should be in there. But I’ve been imagining a conversation with some of the people who are making this fuss, (who seem to want to the WU dialog to appear like this version)

Me: You selected a radio button which said check for updates, so do you want it to stop checking if we change something at the server ?
Them: No… but… WU shouldn’t change a single byte on my computer without my permission !
Me: Not one ?
Them: Not one.
Me: So how does it maintain a list of available updates to offer you ?
Them: Err… Well that doesn’t count, it shouldn’t change Executables
Me: So you told it to just get the list of updates
Them: … yes
Me: and to take the steps that are needed to get the list ?
Them: … obviously, yes.  
Me:
Even if that means updating the software that gets the list …

Scott Dunn, got some key facts wrong when he started the story. He opens with
 Microsoft has begun patching files on Windows XP and Vista without users’ knowledge, even when the users have turned off auto-updates.

  • “Has begun patching” ? Sounds like the latest shady activity by Redmond ? Windows update has always done it.
  • “Even when the users have turned off auto-updates” Sounds like your PC “phones home” even when you select the ‘Never check for updates”  box. He means “even if you have updates set to manual”

Having a commitment to his story which can’t be inconvenienced by facts (or lack of them) Dunn turns to invention
“Many companies require testing of patches before they are widely installed,” [true] “and businesses in this situation are objecting to the stealth patching.”

Un-named, businesses object.  No. Because companies which test patches before letting be widely installed don’t use Windows update. That would rely on users seeing the “New Updates are available” message and only processing the items IT told them to, when they were told. Not a system you’d rely on is it ? Over on  Microsoft watch at least Joe Wilcox got that aspect right (and did get a quote), but he downgraded it from “Stealth” (Dunns term) “sneaky”, and included screen shots which reveal – shock horror – if you tell the Windows update service to look for updates, then it does start up and it records in the event log that Windows update has updated “Windows Update”. Stealth ? Sneaky ? Records it’s actions in the event log ? Reminds me of this story

Meanwhile over  ZD Net Adrian Kingsley-Hughes was positively screaming “If Microsoft (or other companies) start updating systems without consent, this will lead to all sorts of trouble. On top of that, it paves the way for companies to make silent updates to technologies such as DRM and anti-piracy features.” seems to me to be equivalent to saying “If Microsoft make sure users can find about new updates, that means they could smash up your system if the don’t like you”  

Kingsley-Hughes like Dunn and Wilcox (and Andrew Garcia who checked the facts for him) conveniently ignore the “Windows Update might require an update before you can update Windows” message.

Over on the Windows Update team’s blog Nate Clinton, explains what’s going on. Sorry Nate, despite feeling the reporting has been pretty shabby, if it were left to me you’d be in the stocks for giving them the ammo.  

 

Technorati tags:

This post originally appeared on my technet blog.

July 10, 2007

Vista’s desktop index and PowerShell.

Filed under: Photography,Powershell,Windows Vista,Windows XP — jamesone111 @ 11:38 pm

Vista’s desktop index has changed the way I work. I’ve stopped worrying about folders, any more than I worry about URLs for Internet content.  It’s either obvious or I find it with search.


So… since I have all of my stuff indexed. I should be able to tap into it … shouldn’t I ?


Time to fire up powershell and Live search and have a poke around. There’s quite a good article here which explains Windows Desktop search and the same the database connection strings and SQL syntax work with both the downloadable Windows XP version and the Vista Version.


It’s not rocket science. The first bit is the connection string. “Provider=Search.CollatorDSO;Extended Properties=’Application=Windows’;” . Then it’s the usual SQL stuff. SELECT fields FROM source WHERE conditions


The source bit is always the same: FROM SYSTEMINDEX. Most of the examples I’ve found aren’t very expansive when it comes to the fields.  For example:
SELECT System.filename FROM SYSTEMINDEX where system.fileExtension = “.wma”.


The list of fields is huge, and the best place to start is with the shell properties on MSDN, there’s a core set, a set for documents, a set for mail messages, one for music, one for recorded TV, and the list goes on. So there are are a few useful core ones.








System.Author
System.Title
System.Keywords
System.DateCreated
System.DateModified
System.Size
System.FileExtension
System.FileName
System.ItemFolderPathDisplay
System.Kind

System.kind is particularly useful for narrowing a search down – it groups file extensions into Music, Pictures, documents, etc so you can narrow a search down to Pictures or Documents or Calendar items, e.g.
SELECT system.filename, system.title FROM SYSTEMINDEX WHERE system.kind=”picture”
You can see how the extensions map onto the Kinds in the registry at HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Kindmap .


Of course the major use of search is for free text searches and there are two predicates, CONTAINS and FREETEXT. FREETEXT is a blunt instrument it give it the word “Swimming” and it will all find all it’s forms “SWIMS, SWIMMING, SWAM” give it swimming pool and it will find anything with either of those words or any of their forms (put quotes round to search for a phrase). Sometimes you can’t see the wood for the trees with FREETEXT it’s a bit of a chainsaw. CONTAINS is like keyhole surgery. You can ask it for FORMSOF(“SWIM”) NEAR (“POOL” or “BATHS”) AND “LESSONS”. With CONTAINS the risk is you don’t get the document you want.


So Lets put a query together in powershell; I’m going to look for photos of the racing driver Nigel Mansell on my PC, and I want the camera details at the same time – this isn’t as daft as it sounds. It lets me sort my scanned film photos from my shot-on-digital ones. Here’s the query and the IndexProvider (a smarter man than me might have that permanently in a variable)  


$IndexProvider  = “Provider=Search.CollatorDSO;Extended Properties=’Application=Windows’;”
$SQL=(“SELECT System.FileName , System.Photo.fnumber , System.Photo.exposureTime, system.photo.focallength, system.photo.isoSpeed, System.photo.dateTaken, system.photo.cameramodel, system.author, system.title, system.keywords,system.size,System.ItemFolderPathDisplay
FROM SYSTEMINDEX WHERE Contains(* ,’Mansell’) “)



Contains (*, ‘Mansell’) looks in all the fields – important if I’m searching for Pictures. I’ve found that when you’re working with Powershell objects, the Object browser from Visual Studio (I’m using the FREE Express edition) and I’ve found the parameters that you can pass to the NEW method of an object can save a a few lines of code – I don’t need to create connection and command objects as I did in this earlier example.


$adapter= new-object system.data.oledb.oleDBDataadapter -argumentlist $sql,  $IndexProvider
$ds = new-object system.data.dataset
$adapter.Fill($ds)



$ds.tables[0] shows me results like this (notice the blank fields on the first one giving away it’s a film scan).

SYSTEM.FILENAME              : GP91-23.jpg
SYSTEM.PHOTO.FNUMBER         :
SYSTEM.PHOTO.EXPOSURETIME    :
SYSTEM.PHOTO.FOCALLENGTH     :
SYSTEM.PHOTO.ISOSPEED        :
SYSTEM.PHOTO.DATETAKEN       : 14/07/1991 18:48:35
SYSTEM.PHOTO.CAMERAMODEL     :
SYSTEM.AUTHOR                : {© James O’Neill}
SYSTEM.TITLE                 : Nigel Mansell Williams Renault FW14, Ayrton Senna, British GrandPrix, Silverstone
SYSTEM.KEYWORDS              : {Portfolio}
SYSTEM.SIZE                  : 2992373
SYSTEM.ITEMFOLDERPATHDISPLAY : C:\Users\Jamesone\Pictures\Motor Racing

SYSTEM.FILENAME              : GPM15834+.JPG
SYSTEM.PHOTO.FNUMBER         : 13
SYSTEM.PHOTO.EXPOSURETIME    : 0.008
SYSTEM.PHOTO.FOCALLENGTH     : 100
SYSTEM.PHOTO.ISOSPEED        : 200
SYSTEM.PHOTO.DATETAKEN       : 13/08/2006 11:31:26
SYSTEM.PHOTO.CAMERAMODEL     : PENTAX *ist D
SYSTEM.AUTHOR                : {© James O’Neill 2006}
SYSTEM.TITLE                 : Nigel Mansell, GrandPrix Masters, Silverstone
SYSTEM.KEYWORDS              : {Portfolio}
SYSTEM.SIZE                  : 2797880
SYSTEM.ITEMFOLDERPATHDISPLAY : C:\Users\Jamesone\Pictures\Motor Racing


 


This post originally appeared on my technet blog.

May 27, 2007

Getting a better PDF experience

Filed under: How to,Windows Vista,Windows XP — jamesone111 @ 3:46 pm

Lets get prejudice out up front. I pendulum between liking Adobe products (e.g. Lightroom), admiring the technology but hating the way it’s used (Hugh has it right when it comes to flash use), and getting thoroughly ticked off with PDF. e.g.



  1. Microsoft’s travel agent sending me itineraries in Protected PDF format – plain text would be helpful

  2. Adobe reader.  Functionally it offers me no more than 10 years ago, but is more cumbersome to use – thanks to pointless tinkering with the UI. It’s slow to load and doesn’t unload after use.  

  3. Search. Adobe do have an iFilter which integrates with Microsoft search products. But can I find a 64 bit one ? Can I heck !

  4. Preview. What preview ? Adobe don’t provide preview functionality for Outlook 2007 or Vista’s Explorer.

  5. The “Sure it’s a Standard” but “We’ll sue you if you support it in-the-box with Office 2007” attitude of Adobe. (Compared with their DNG format for pictures. “It isn’t a ratified standard, but we promise not to sue you for implementing it).

Now I’ve mentioned Foxit Software before. Arthur put be onto Tim Heuer who had used their tools to implement the missing preview functions. I called it a “must have”.  Only later did I find Tim actually works for Microsoft. DOH ! Now I knew that Foxit had a 32 bit iFilter and was going to drop Tim a note to say “Hey if you know these guys … lean on them to a 64 bit version”. Well it’s out (I’m not sure when it was released but files are dated 30th April). It installed and I left the machine alone for a little while to see if I really need to rebuild vista’s Index and popped in a search for a known PDF file. Bingo! And with the preview pane working … FANTASTIC. By the way the ifilter is Free for clients, but chargeable for servers.



(Opps. Forgot the picture originally) So… I thought “Time to try out their reader“. And so far I like it. Although I’d like to see properties appear in the pane at the bottom of explorer. Maybe between Tim and the Foxit guys they could sort out getting PDFs to display inside internet explorer rather than spawning a separate program – there’s a KB article on doing this for office apps but I don’t see corresponding registry settings for PDF. Adobe needed an extension for IE to do this – and circumstantial evidence pointed to it being responsible for some IE crashes.


 


Technorati tags: , , , ,

This post originally appeared on my technet blog.

April 22, 2007

NTBackup – restore for Vista

Filed under: How to,Windows Vista,Windows XP — jamesone111 @ 9:13 pm

I’m not quite sure when it appeared, but this evening I noticed a link on the restore dialog box in Vista “Learn how to restore from backups created on Older versions of Windows“, there are 32 and 64Bit versions. I considered using a Virtual Machine on Vista to read .BKF files made under Windows XP … no need any more.

 

Technorati tags: , , , ,

This post originally appeared on my technet blog.

March 18, 2007

On Time-zones…

Filed under: How to,Windows 2003 Server,Windows Vista,Windows XP — jamesone111 @ 10:26 pm

Spring is here, Spring is here … I think the loveliest time of the year is the spring, yes I do, don’t you ? course you do.

Actually when I look at the weather it’s doesn’t look like spring. But unlike Tom Lehrer, the one thing that makes spring complete for me is the changing of the clocks. All of Europe changes it’s clocks on the last Sunday of March and October. The UK keeps pondering if we should move onto the same time as most of Europe who are an hour ahead of us – the argument for being that the 30 million people who live in the Southern half of England would save Energy and reduce their risk of accidents. The argument against being 5 million Scots would have to go to work in the dark.

I got thrown a question which I didn’t know the answer to –  At what time does Windows  change its time forward an hour on the 25th March 2007 in the UK.

“2AM” I thought… but then does that mean jumping from 1 to 2 or from 2 to 3 ? And going back does it jump from  2 to 1 or from 3 to 2 ? Rather than give the direct answer (the former in both cases) here’s how you check.

The Time Zone information is stored in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones (which you can export and re-import if needed) . However the critical bits are stored as block of Hex, and it’s not immediately clear how to decode it, instead there is a downloadable tool called TzEdit which lets you view the settings and check for yourself.

 

 

Technorati tags: , ,

This post originally appeared on my technet blog.

January 28, 2007

The mouse James Bond would have.

Filed under: Windows Vista,Windows XP — jamesone111 @ 11:03 pm

A week or so ago I wrote about daft voices, and I feel like this should be in the voice of Sean Connery. (Which ish eashy to do. You jusht shubstitute mosht of the esshh shoundsh ….) I was given a new Wireless Presenter mouse 8000 – and it seems like one of the Gadgets Q branch come up with in the bond films. We’ve got some of these to give away as prizes at the roadshow. I didn’t know until I talked to Andrew who is responsible for these things that we have 24 different Mice and sell over a million in the UK alone in a year.  What’s so special about this one. Well here’s how Q would explain it to 007.

Now pay attention. This looks like a perfectly ordinary mouse …
But there are no Wiresh !

If you’d let me finish was coming to that. It uses Bluetooth, using this little dongle  which will connect other devices as well.
Fashcinating.

On top a normal mouse with two dimensional scroll will and extra buttons for a magnified, but turn it over …
Extra buttonsh.  

You can use it to move slides forward or back and as a volume control. Concealed in the body is
A lasher beam.

A Laser pointer, so don’t try cutting with it. And the whole thing goes in this neat little case so there is no excuse not to bring it back in the condition which you were issued with it.

I’m quite taken with it. You can read more information here. I don’t know which Bluetooth profiles it is meant to support but I had it working with my GPS puck in no time.

Bluetooth and GPS would have been science fiction to Connery’s Bond. But laser beams weren’t.

Do you expect me to talk ?
No Mister Bond, I expect you to Present

 

Technorati tags: , ,

This post originally appeared on my technet blog.

January 18, 2007

Ooops. I gave out some duff information about limiting logons

As Eileen has already said our team spent last week at the BETT show. My first “proper” IT job after leaving university was working for RM who are the biggest supplier of IT to education and I did a couple of BETT shows when I worked for them; it’s the main UK IT-in-education show and it’s huge – 30,000 visitors over 4 days. I never thought I’d be doing another one.


I find stand duty at shows tiring – I need a bit of a push to do it, Eileen volunteered the team … Once I’m there it’s interesting to meet a different set of customers to those who come to our events, doubly so when the customers are a market segment like education that I don’t deal with much day-to-day. My days at RM taught me that IT managers in education have a unique set of challenges – not least of which is the IT is managed by people who are teachers first and IT people second. In business we’re used to the user-per-PC model; in schools PCs are shared. So a couple of people asked me a question which I got wrong.


“Can we limit the number of workstations where a user is logged on”. Now here’s the problem. Windows logs users onto a machine.  It logs users onto file shares, web servers, RPC and terminal sessions. Domains allow a central pool of accounts to be used for those logons and granting permissions. And this hasn’t really changed since OS/2 LAN Manager; we use Kerberos to do the job these days, but the idea remains the same. The service which authenticates you, and the service which you are using are different. So. You logon to your computer and it gets domain controller A to validate you; then you connect to a terminal server it it gets Domain controller B to validate you. The two Domain controllers don’t share information, and they don’t know when your session has ended. You can create a system which sets a central flag when someone logs on and clears it at log off, but this isn’t helpful in a school – switching the machine off without logging out will prevent the next logon. You hear the cries of “Miss I can’t log on” … ah yes, something else for business IT managers to note. Your daft users break the system accidentally. In schools the smart users break it for sport.


So I had the bright idea. The SHUTDOWN command line utility has a “logout” option….  so why not write a batch file at logon …  so the logon script has 2 lines


Call logoff%username%.bat
Echo   SHUTDOWN /m \\%computername% /L > logOff%username%.bat


Unfortunately the /L command won’t log off a user on a remote machine. I don’t think anything we provide [In the box] will solve this problem but I’m hoping someone will correct me.
Update 1: Thanks to Richard who pointed out in a comment below that we do have a resource kit tool to do this. I can’t say how sessions which are not ended gracefully are handled (yet).


Update 2: Thanks to Steve for his comment. The sysinternals command should do the job as I first conceived it … now someone needs to test it to see if a non-admin user can log themselves off a remote machine. It will fail to log off anyone else.

This post originally appeared on my technet blog.

January 6, 2007

Microsoft at CES

Filed under: Events,General musings,Music and Media,Webcasts,Windows Vista,Windows XP — jamesone111 @ 5:44 pm

The Consumer electronics show starts in Las Vegas on Monday. The internal rumor mill has been going crazy and we’ve been told not to blog about …. well I can’t tell you what obviously.

Bill Gates is delivering a keynote speech on Sunday night – 6:30PM Redmond time, by which point most people working in Europe will have gone to bed. On Monday you’ll be able to view it via  http://microsoftatces.com/ 

They’ve already got some videos on the site. One is for the “Wireless Desktop 8000” . Lousy name, very cool product. When we look at Apple we see fantastic industrial design, which I don’t see in my original X box, or the older Microsoft mice (look out for the very first MS mouse in the video – about 4:40-4:50). These days I have a Philippe Starke mouse at home, and design of the Xbox 360 is pretty good. This is the first time I’ve seen a keyboard that would inspire envyI saw these before Christmas: they’re not cheap but I have a plan to get my hands on one. As and when I do I’ll blog about it.

 

Technorati tags: , ,

This post originally appeared on my technet blog.

Next Page »

Blog at WordPress.com.