The Windows 7 Open Desktop

Hello,

Most folks are not as into computing technology as I am and tend to use the computer as a communications and entertainment device.  The specificity of what is installed for the operating system or programs.  Folks just want to use their computer.  A big hitch in using the PC as provided under Windows is the add-on costs of additional software and virus protection.  Many computer vendors install trial-ware on their products with the hope on ensnaring users into paying high retail costs for software that came with their computers.  I have spent a great deal of time in removing such trial-ware from newly purchased computers.  Sony was even bold enough to charge users $50.00 extra for NOT installing such software on consumer computers.

Enter Free/Open-Source ~ Many computer users do not know that they can have a complete and functional computer for no additional cost by using open-source software.  The great folks behind the many products, made freely available as open-source, are deserving of many thanks for their efforts in bringing these great products forward. Commercial software vendors have built an entire business model on selling and supporting software.  Unfortunately, these vendors often charge high prices for packages that may not be needed in their entirety by the consumer. A great example is Microsoft’s Office suite of applications (Word, Excel, Outlook, Powerpoint, Access, and Publisher), which can cost close to $500.00 per copy.

I am going to detail a way to get the same experience with commercial software without paying a penny. Though this software is free, I encourage folks to donate to the respective projects to help foster their development of future versions.  I tend to look at it in the manner of I can pay for the software after I am sure it works for me and I can name the price.  Microsoft, Adobe, Oracle don’t need my money, but the budding software project trying to get established in the industry might.

Software choices for products that do not come with Windows.  I am starting with a fresh install of Windows 7 Ultimate x64 Edition RC and will use the following software to do what a commercial application would normally do.

Web Browser: Mozilla Firefox/Google Chrome ~ Windows 7 ships with Internet Explorer 8, a great improvement in the line of Microsoft web browsers, I do not recommend uninstalling IE, supplementing it with The geek standard, Firefox, and the ultra-fast Google Chrome is also great idea.  Chrome is the fastest web browser available today, and elegantly simple to use.  Firefox offers a software ecosystem which offers the user endless customizing options and versatility. The latest version of Firefox at the time of this writing is 3.0.10 and version 1.0.154.65 for Google Chrome

E-Mail: Mozilla Thunderbird ~ Web-based e-mail is now the norm for reading e-mail outside of the corporate environment.  Microsoft’s Outlook program is a part of the Microsoft Office suite and the staple in the business world.  Along with e-mail, Outlook offers calendaring, journals and enhanced address book features.  Microsoft and the PC vendors will only install the Office suite as a trial with new computers.  Dell offers the ability to customize a computer order with the addition of Office to any computer.  If a standalone e-mail program, like Outlook is needed, then I recommend Mozilla Thunderbird.  If functionality with Microsoft’s Exchange Server is needed, Outlook is the only choice.  Thunderbird does not support connections to Microsoft Exchange Server.

Windows 7 does not ship with a built-in e-mail program like Windows Vista and Windows XP.  Instead, Microsoft makes available a download of Windows Live Mail to take the place of Windows Mail and Outlook Express. If your e-mail is provided through Windows Live or through Hotmail, Windows Live Mail is your best bet outside of the traditional web-mail interface.

Instant Message: Pidgin ~ Microsoft includes Windows Live Messenger as part of the Windows Live package which is freely available from Microsoft.  I like Pidgin because it supports all major instant message formats; AIM, Yahoo, Jabber, IRC, etc.  The interface is simple and the program does not monopolize system resources.

Productivity Suite (Office): OpenOffice ~ Sun Microsoystem’s classic, OpenOffice (OOo), has long been the stalwart of the open-source community.  Almost every desktop Linux distribution ships with OOo in one form or another. The ease of use, and built-in support for Microsoft Office format types is worth the price of admission alone.  Another great feature is the ability to save a document in PDF format.  OOo comes with applications that are direct analogues to their Microsoft Office counterparts: Writer (Word), Calc (Excel), Impress (Powerpoint), Base (Access), a drawing program, ‘Draw’, and a mathematical formula program, ‘Formula’. The latest version of OOo, 3.1, will install and run on Windows 7.  If I ran an office, OOo, would be the productivity suite my business would use, hands down.

Antivirus: Microsoft Security Essentials ~ Redmond’s latest piece of freeware should have shipped with Windows XP as a default option.  Nonetheless, Microsoft now offers a free anti-virus/anti-malware for Windows.  The early verdicts are positive.  Get it;

PDF Viewer: Adobe Reader ~ It seems that everyone, everywhere uses the ubiquitous PDF as their default file format.  There are many good reasons for doing so, including security, customizeability and accessibility.  Adobe Reader is freely available to anyone with a web connection, and often comes pre-installed on many new computers.  Not everyone outside of the corporate world or academia has easy access to Microsoft Office.  I personally use PDF’s for my document exchanges with other folks for the sheer reason of them not being able to change what I sent.

The traditional gripe with Adobe Reader is the ever-growing size and complexity the product has undergone in the last few years.  While I agree, wholly, the truth of the matter is the alternatives are not much better than the original.  The same security vulnerabilities persist and the speed is not that much greater.  One point to note, that the endless updates Adobe is providing for Reader are necessary and are to help, not hinder.  Still some alternatives to Adobe Reader are: Foxit PDF Reader and PDF-XCHANGE. It is helpful to note for Microsoft, that Mac OS X and GNU Linux offer this support built-into their operating systems.  What gives with Windows not having it?

The products listed above are a great start to getting productive with Windows 7 for nothing out of pocket.  While Windows 7 may not be free when it is released in it’s final form, the inclusion of free software to enhance the capability of operating system is pure value added.

Chrome OS

ChromeOS

Today Google announced plans to develop and release an open-source operating system for the cloud computing crowd. Tihs comes as no shock to me as I have seen Google slowly take ground from industry heavyweights like Microsoft and Yahoo.

God/Bad? Good

I feel this is good for the one reason that is the most nontechnical, competition. Microsoft’s dominance in the consumer market has gone unchecked for years and is starting to take a negative turns. A series of complete failed products has shown Redmond to have little care or clue for consumer needs. The folks that developed Windows Vista have never actually used it from a consumer’s point of view.

The great hope for Microsoft in 2009 is Windows 7. After what has to be the biggest and most open Beta program in the company’s history, Windows 7 has got rave reviews from many circles. What leaves a consumer, wanting a netbook, to do? Right now, the options are Windows XP, and aging platform long in the tooth, and Linux. (Disclaimer, I love Linux!). Linux is great, but not for everyone. If the consumer has an IT person, or a Linux aficionado in the family with a great deal of patience, then get Linux. Otherwise the user, who has never used Ubuntu or Moblin, is in for a shock when it doesn’t act like Windows. I use Ubuntu 9.04 on my Dell Mini 9…

Apple has long kept itself out of the netbook space. Steve Jobs once said he does not know how to build a $500.00 netbook, that one would want. Steve, if you slap an Apple logo on it, they’ll buy it. For Apple, the netbook space has to be dominated or left alone. Heck! provide bluetooth keyboard functionality to the iPhone/iPod Touch and you’re on to something.

Google’s Android mobile phone OS is considered a separate product, and will be developed as such. Some hackers have managed to install Android on some netbooks, but ‘why’ is my question. Maybe I do ont know enough about Android, but what about apps like OpenOffice and a PDF viewer? Sooner or later a netbook user is going to want to use either one before long.

ChromeOS has the capability to be engineered as something specifically for ultra-light and less-powerfult netbooks, a facet not shown by Vista. Microsoft still licenses Windows XP for this use and promises hope for Windows 7. Windows 7 is built from Windows Vista, so don’t expect too much from that idea. If I were in charge, I would have the developers re-work Windows Embedded or the XP kernel to run on such hardware, and optimize.

Change Them All!

Hello,

A quick tech tip here for admins with Windows Powershell.  As an IT professional that has worked in both centralized and decentralized environment, passwords remain one of the most challenging aspect of user support.  The fact that a user will forget his/her password for login or e-mail is a technical constant in the support universe, and those are the passwords that are used frequently.  Passwords that are not as frequent represent the best of lost causes.

A new feature added to Active Directory Domain Services (AD DS) in Windows Server 2008 is ‘fine-grained password policies’, the ability to define more than one set of password requirements per single Active Directory domain.  Fine-grained policies can be applied  to groups within Active Directory and not directly to OUs.  The tricky thing to remember about password policies, when used with group policy in Active Directory is that they are only applied when a user changes his or her password.    If the password policy is enabled or changed while the user is logged in, they will have to wait until their password is changed for the new settings to come into effect.

A nice way to streamline all of this is with a simple little powershell script that  forces all users in a domain to change their password, the next time they log into Windows.

Set objOU = GetObject(“LDAP://ou=OUName, dc=domain, dc=com”)
objOU.Filter = Array(“user”)
For Each objUser in objOU
objUser.pwdLastSet = 0
objuser.SetInfo
Next

Save and run the above script as an administrative user and each user in the specified OU will have to change their password, the next time they log in.

U.S. Army, a word?

Hello,

Recently, the U.S. Army made an announcement that they plan to upgrade all of their desktop computers to Microsoft’s Vista operating system. Some of the readers may remember the 1990 John Hughes film, Home Alone, and specifically, the scene where Macaulay Culkin rubs after-shave on his face and the resulting reaction.

Home Alone Canadian Release Poster

My thoughts exactly… The first thing I could think of was more stories of how government and DoD computers were hacked because of some poor security configuration.  I know the Army has their own talented staff of IT professionals, but I was in the Army and I know how things work in that environment.  Vista is not just a new version of Windows XP, nor is it any more secure out of the box than Windows XP.  I am a Microsoft-certified Vista professional, who has implemented Vista in a working environment.  I consider Vista much better than XP, but that takes a bit of work to get to that point.  Just upgrading XP problems to Vista problems is not the right idea.

Below is how I would advise the U.S. Army on how to proceed with Vista…

1. New hardware: Vista runs great on computers that are designed to run Vista.  If you want to see how bad Vista can be, install it on a computer that was meant for Windows XP.  Vista-Compatible (not Vista-Capable) is not a tall order.  2GB+ of RAM, a dual-core processor, 60GB+ hard disk drive depending on use, a decent GPU (non-integrated) and a DVD-ROM at the least.  Remember, the better the hardware, the better Vista will behave.

2. 64-bit where possible: The 64-bit version of Windows Vista is the most secure version of a Windows desktop OS, yet.  The prevention of direct memory access to the kernel by any process and the requirement of only signed drivers really does wonders for security.  Vista Ultimate 64-bit with 16GB of RAM is how I ride on Windows (if I have to). The ability to run 64-bit Vista on most hardware today is no stretch at all.  One would have a harder time finding a new PC that cannot run 64-bit Vista as opposed to one that can.

3. Don’t Disable UAC: Vista’s User Account Control has to be the most hated new feature of the operating system.  Besides the lack of capability with legacy applications, a screen-dimming prompt asking a user whether or not they want to perform the previously selected action can get old PDQ! I get it… I also get that UAC is a big part of Vista’s security tool-kit, turning it off brings you right back to Windows XP’s security posture (see below).

Don't Want!!!

4. Use Group Policy: I really hope this man’s Army is running some sort of Active Directory implementation on their LAN’s and not some antiquated Netware 5 setup.  Active Directory has a feature called ‘Group Policy’ that can make centralized management of numerous desktops easy and concise.  I use Group Policy at work and it is fantastic for making sure each desktop is configured the same way across the network.  Password policies, software deployments, IE security settings, and UAC controls can all be managed through Group Policy.  More information can be found here for securing Windows servers and desktops.  I would be more than happy to help or consult, free-of-charge…

5. Use WSUS: Windows admins know that one of the best ways to keep Windows running smooth, is through vigilant updating.  The second Tuesday of every month is Microsoft’s in-cycle patch day for regular releases.  One of the nicest pieces of software Microsoft has released in recent years is “Windows Software Update Services” (WSUS).  WSUS offers automatic downloading, installation and reporting for all Microsoft software installed on network clients.  Best of all, it’s free! Windows Server 2003/2008 is required for WSUS to run, but I am sure the Army has few of those handy…

5 tips to help get Vista out right and secure.  I would be more than happy to speak with anyone in the implementation process.  I have done a full-ought Vista deployment at my University…

The Open Desktop on Windows 7

Hello,

Most folks are not as into computing technology as I am and tend to use the computer as a communications and entertainment device.  The specificity of what is installed for the operating system or programs.  Folks just want to use their computer.  A big hitch in using the PC as provided under Windows is the add-on costs of additional software and virus protection.  Many computer vendors install trial-ware on their products with the hope on ensnaring users into paying high retail costs for software that came with their computers.  I have spent a great deal of time in removing such trial-ware from newly purchased computers.  Sony was even bold enough to charge users $50.00 extra for NOT installing such software on consumer computers.

Enter Free/Open-Source ~ Many computer users do not know that they can have a complete and functional computer for no additional cost by using open-source software.  The great folks behind the many products, made freely available as open-source, are deserving of many thanks for their efforts in bringing these great products forward. Commercial software vendors have built an entire business model on selling and supporting software.  Unfortunately, these vendors often charge high prices for packages that may not be needed in their entirety by the consumer. A great example is Microsoft’s Office suite of applications (Word, Excel, Outlook, Powerpoint, Access, and Publisher), which can cost close to $500.00 per copy.

I am going to detail a way to get the same experience with commercial software without paying a penny. Though this software is free, I encourage folks to donate to the respective projects to help foster their development of future versions.  I tend to look at it in the manner of I can pay for the software after I am sure it works for me and I can name the price.  Microsoft, Adobe, Oracle don’t need my money, but the budding software project trying to get established in the industry might.

Software choices for products that do not come with Windows.  I am starting with a fresh install of Windows 7 Ultimate x64 Edition RC and will use the following software to do what a commercial application would normally do.

Web Browser: Mozilla Firefox/Google Chrome ~ Windows 7 ships with Internet Explorer 8, a great improvement in the line of Microsoft web browsers, I do not recommend uninstalling IE, supplementing it with The geek standard, Firefox, and the ultra-fast Google Chrome is also great idea.  Chrome is the fastest web browser available today, and elegantly simple to use.  Firefox offers a software ecosystem which offers the user endless customizing options and versatility. The latest version of Firefox at the time of this writing is 3.0.10 and version 1.0.154.65 for Google Chrome

E-Mail: Mozilla Thunderbird ~ Web-based e-mail is now the norm for reading e-mail outside of the corporate environment.  Microsoft’s Outlook program is a part of the Microsoft Office suite and the staple in the business world.  Along with e-mail, Outlook offers calendaring, journals and enhanced address book features.  Microsoft and the PC vendors will only install the Office suite as a trial with new computers.  Dell offers the ability to customize a computer order with the addition of Office to any computer.  If a standalone e-mail program, like Outlook is needed, then I recommend Mozilla Thunderbird.  If functionality with Microsoft’s Exchange Server is needed, Outlook is the only choice.  Thunderbird does not support connections to Microsoft Exchange Server.

Windows 7 does not ship with a built-in e-mail program like Windows Vista and Windows XP.  Instead, Microsoft makes available a download of Windows Live Mail to take the place of Windows Mail and Outlook Express. If your e-mail is provided through Windows Live or through Hotmail, Windows Live Mail is your best bet outside of the traditional web-mail interface.

Instant Message: Pidgin ~ Microsoft includes Windows Live Messenger as part of the Windows Live package which is freely available from Microsoft.  I like Pidgin because it supports all major instant message formats; AIM, Yahoo, Jabber, IRC, etc.  The interface is simple and the program does not monopolize system resources.

Productivity Suite (Office): OpenOffice ~ Sun Microsoystem’s classic, OpenOffice (OOo), has long been the stalwart of the open-source community.  Almost every desktop Linux distribution ships with OOo in one form or another. The ease of use, and built-in support for Microsoft Office format types is worth the price of admission alone.  Another great feature is the ability to save a document in PDF format.  OOo comes with applications that are direct analogues to their Microsoft Office counterparts: Writer (Word), Calc (Excel), Impress (Powerpoint), Base (Access), a drawing program, ‘Draw’, and a mathematical formula program, ‘Formula’. The latest version of OOo, 3.1, will install and run on Windows 7.  If I ran an office, OOo, would be the productivity suite my business would use, hands down.

Antivirus: Kaspersky 8 Technical Preview ~ Windows 7 is still a version of Windows, the most insecure family of operating systems ever released.  Though great strides have been made toward improving the security posture of Windows as a whole, there is still much to do.  One would be taking an unnecessary risk t orun Windows on the public Internet without antivirus protection.  The theme of this post has been toward open-source and free alternatives to commercial software. The one place where I would go against this grain is with the selection of an antivirus product.  The free products like Grisoft’s AVG and Avast are good in their own respects, but do not currently offer versions for Windows 7.  I am also unwilling to buy a product which will be installed on an OS that will expire before my virus definition subscription expires.  Kaspersky Antivirus offers a free technical preview to the public of their forth-coming product for Windows 7.  While the suite is flly-featured, I opted for just the antivirus part of the program, which offers updates until 11/24/2009, six months in my case.  Professional antivirus support from a qualified vendor for free. I’ll take it…

PDF Viewer: Adobe Reader ~ It seems that everyone, everywhere uses the ubiquitous PDF as their default file format.  There are many good reasons for doing so, including security, customizeability and accessibility.  Adobe Reader is freely available to anyone with a web connection, and often comes pre-installed on many new computers.  Not everyone outside of the corporate world or academia has easy access to Microsoft Office.  I personally use PDF’s for my document exchanges with other folks for the sheer reason of them not being able to change what I sent.

The traditional gripe with Adobe Reader is the ever-growing size and complexity the product has undergone in the last few years.  While I agree, wholly, the truth of the matter is the alternatives are not much better than the original.  The same security vulnerabilities persist and the speed is not that much greater.  One point to note, that the endless updates Adobe is providing for Reader are necessary and are to help, not hinder.  Still some alternatives to Adobe Reader are: Foxit PDF Reader and PDF-XCHANGE. It is helpful to note for Microsoft, that Mac OS X and GNU Linux offer this support built-into their operating systems.  What gives with Windows not having it?

The products listed above are a great start to getting productive with Windows 7 for nothing out of pocket.  While Windows 7 may not be free when it is released in it’s final form, the inclusion of free software to enhance the capability of operating system is pure value added.

Installing the Windows 7 Release Candidate…

Hello,

Microsoft has released the latest test version of it’s forthcoming OS, Windows 7.  Back in January, I detailed how to install the beta version of Windows 7.  Fortunately not much has changed in the install process since then.  The open evaluation program makes the release candidate (RC) version of for one year, until June 2010.  Anyone is free to visit Microsoft’s web-site and download a product key along with the .iso image for Windows 7.

The hardware requirements for this version of Windows 7 are the same as they were for the Beta.  I will show an example of an install using VMWare’s “Fusion” virtualization software.

1. The first step is to boot to the Windows 7 DVD (yes, DVD. M$FT stopped shipping Windows on CD with Vista).  A nice thing about virtualization is that often the software will use an .iso image file as a virtual CD/DVD drive, which is what I did.  If all is correct the install will start and the screen will resemble the screen-shot below.

Starting the install

2. Next a welcome screen is presented listing the language format, time and currency format, and the keyboard input method Windows will use.  If you are not sure what the proper answers are, just leave the settings alone at their defaults, then click “Next”.

Click "Next"

3. After clicking “Next” from the step above, the choice is pretty obvious, “Install Now”.

Take all of the time you need...

4. It may seem a little too obvious how the status messages are being presented, but I have to give Microsoft kudos for being verbose in the manner of those who may not be as savvy as others.  Illustrated below.

Setup is starting

Of course, we have to accept the End User License Agreement (EULA) before proceeding.

EULA, Accept It

5. Upgrade or Custom?  At this point you can elect to upgrade an existing Windows Vista, or Windows XP installation.  For the purposes of the RC version here, it is best to perform a “Custom” installation, which is a clean install.  Be sure to backup and important data from the hard drive before completing this step, as it will be gone after it is finished.

We're doing a Custom install here

6. Going with the “Custom” install, the next step is to partition and format the hard drive, after which, setup will copy the install files to the newly created partition.  Windows 7 setup will use all of the space on the first hard drive it finds for a single partition, formatted with the NTFS file system.  If that type of arrangement is not desired, create the partitions manually at this time.  The install partition for Windows setup cannot be re-sized after the install has completed.

Partiton, then format.

7. After partitioning and formatting setup proceeds to actually install Windows to the hard drive.  Depending on how fast your computer is given the amount of RAM, and CPU type, this part can be as quick as a twenty minutes or last up to an hour.  Just chill for now…

R-E-L-A-X

8. A reboot will come after setup finishes “Installing Windows…” to the hard drive. This is the first reboot of two, presenting you with a screen like the one below.

It is actually creating the registry for the first time.

9. Almost done!  Setup is completing. See? v-v-v

Almost done

10. Setup will test the hardware and search for/load the best drivers it finds for the match.  Video performance will be tested and will result in the screen flickering while Windows 7 works out the best settings.  See below…

Come on, video!

11. Second reboot, and the last during the install procedure. Next we have to start providing the user-specific information needed to use Windows.  Starting with, a user name and computer name.

Computer/User Name

12.  Windows 7, like Windows Vista, focuses on security and insists on creating a password for the newly-created user account.

Create a nice long, complex, easy-to-remember password, then repeat.

13.  Once a mandatory step, now optional, the Windows product key can be entered here.  Not entering a product key will result in Windows 7 being a time-limited trial for thirty days.  Another item to note is product activation.  Whether or not you choose to provide the product key, you should hold-off on activating Windows until it has been running as desired.

Obviously, I suck at Photoshop...

14. One of the main keys to a happy, healthy Windows computer is up-to-date patching, courtesy of Microsoft. I would recommend the default settings be accepted here, unless you have a piece of hardware in your computer you know does not work with Windows 7 and could render your computer defunct if Windows were to install a driver for it.

Go forth and update.

15. Although it may seem a trivial point, the date and time set in Windows is extremely important.  An example of the date and time being off, causing a problem for Windows is the Microsoft Update web-site not being able to patch Windows properly. Set the proper date and time for your locale and continue.

This data has to be correct.

16. Windows 7, like Windows Vista analyzes the network, to which it is connected and tries to determine the best security settings from one of three templates; Home (relaxed), Work (business-appropriate), Public (locked-down).  These settings will activate a set of pre-defined firewall rules that Windows 7’s firewall will use.  If the install will participate in a Windows Active Directory environment, choose “Work”. Choose your setting, or if you don’t know, choose “Public”.

Choose and continue.

17. Finally!  After applying the network template and configuring the firewall, Windows will automatically log in and present the desktop (with the Betta fish).  Pretty, but sure to be annoying after awhile, like Windows XP.

The Desktop (with a fish)

Things to do after installing include; updating Windows, installing any necessary drivers and an antivirus software.

More to come…

An Interesting Position…

Hello,

I am an IT professional.  I am not the best at what I do, but am far from the worst I have seen.  Unlike many of my digital brothers and sisters in corporate America, I work in Academia, a little alcove of distributed systems and ideologies.  I do not work in an all Microsoft shop, clung to every piece of software Redmond sends down the pike.  My current work environment is the most diverse I have ever come across.  There are Windows clients and Mac clients, Unix servers, a couple of Mac servers, the odd Linux cluster and even FreeBSD.  Such diversity would make for a support nightmare if one wasn’t careful, however the opportunities for learning are great.  I came from a straight Microsoft shop, everything and everything was “Microsoft Windows {insert version} Professional/Server”.  There, Macs were thought of a toys and no one was allowed to say the L-word, ( the OS who cannot be named…)

The point I am moving toward is the comparison between Windows desktops and their Apple counterparts.  Both Mac and Windows computers are “PCs” now, both running on the Intel x86 platform.  In an environment where Windows and Mac do the same tasks every day, there is no better place to measure the performance and reliability of each.  Like in corporate America, Academic departments have budgets, meaning we don’t run the latest and greatest machines the industry can produce.  Any attempt at even trying to do so would not return the benefit gained from the act of staying on the bleeding edge.  My desktop environment consists of a 50/50 mix, roughly, of Macs and Windows desktops.  The majority of the Windows desktops run Windows XP on Dell hardware and the Mac staple is OS X 10.4 on the Intel platform.  I do have some Vista clients in the labs and some of the newer Macs which run OS X 10.5 ‘Leopard’, but not enough to draw a real comparative sample.

I don’t want this post to be another knock-down, drag-out contest between Windows and Mac OS X.  There are plenty of posts on the web that cover that topic.  What I plan to do here is to catalog how supporting each platform around a set of identical usage scenarios.

The first item I can point out is that Apple hardware lasts longer. I also believe that the Apple products are just built better than their Dell counterparts.  I am not trying to short Dell by any measure.  Some of their older Optiplex boxes will run for years and years, despite poor design inside and out.  One certain Optiplex GX240 runs FreeBSD at home for web-caching and wiki duties. I have users that still rely on PowerBook G4 and PowerBook Titanium laptops, which are over six years old.  The batteries in these devices need to be replaced, but the OS and everything else runs fine.  Some of the PowerBook road warriors actually have their screens warped from the constant open/close action, which keeps them from latching to the body of the laptop and fastening securely.  The Dell equivalents don’t come close to lasting that long, mainly because of the Windows operating system and track pad issues.

Windows XP is not meant to live on a hard disk for longer than a year without a drastic reduction in OS performance.  The act of working on a four year old Windows XP computer with 512MB of RAM is tedious at best.  The school uses a four year replacement cycle for desktops/laptops, so these types of Windows installs are common.  Windows 2000 performed much better after the same amount of time, than Windows XP.  I was one of the first in my group to deploy Windows Vista to some of my lab computers in May of 2007.  These same machines, with normal maintenance, run just a well as they did when I set them up, initially.  If reinstalling Windows XP once a year were practical, then the users would have a much better experience with their computer.  A reinstall of Windows XP along with the rest of the programs the users needs and the updates, then restoring user data is often not practical.

The virus thing ~ Most IT professionals know the reason why Apple is not as susceptable to mal-ware is the small market-share Apple currently enjoys.  Anyone should know that if you want to keep a target off of yourself, you don’t run around the battlefield proclaiming “they are not shooting at me” ().  If Apple does get to a point in the market where it starts becoming profitable for mal-ware authors to start coding for the platform, then they will.  Exploits already exist for Mac OS X and it’s web browser, “Safari”.  Windows is the largest most profitable target out there right now, and the Microsoft developers initially did not help matters by shirking security for usability.  The school requires that everyone run antivirus software on all of our computers, Macs too.  That rule is more perfunctory than it is mandatory for Apple users.  My beloved MacBook Pro has a copy of Symantec Antivirus installed, eating CPU cycles and squatting in RAM for no reason whatsoever.  One needs to have their head examined to run Windows on the public Internet without any type of antivirus software installed.  After years of using Windows both personally and professionally, I have yet to get a virus from every day use.  Behavior is what brings mal-ware to a Windows PC.  The act of keeping up to date with patches and staying away from seedy web-sites will do wonders for Windows.

More on this later, as it is a topic that constantly involves…

Thanks!

Dual-Boot: Vista and Windows Server 2008

Hello,

I hate the idea of placing two OS’s on any single machine.  The advancements in virtualization technology on both the hardware and the software ends have rendered dual-boots a thing of the past.  Well, almost…

Taking a cheap route to address my technology needs, I have turned to Microsoft’s Virtual PC to test out and run the various flavors of Redmond’s crappy OS.  A bump in that road has come up regarding the use 64-bit versions of Windows Server.  Virtual PC does not support 64-bit OS’s as ‘guest’ operating systems, though it can run on a 64-bit version of Windows.  I want to test the new public beta for Exchange 2010, which happens to be 64-bit only, and requires the complementary version of Windows Server to boot (pun intended…)

Vista Ultimate 64-bit edition is working just fine for me along with all of the programs I have installed upon it.  Most importantly, Vista is activated along with MS Office 2007 and Visual Studio 2008.  I do not wish to reinstall all of this stuff again and give the Microsoft Activation folks in Canada a call to re-activate my copy of Windows, should they be so kind.  I do have back-ups made with Vista’s ‘Back-up and Restore Center’, Windows Home Server, and with Windows PE 2.0, so I am covered there, but restoring is a flaming pain in the ass from a consistency standpoint.  The idea is to have Windows Server run on a separate hard drive away from Vista all together.

A single 500GB hard disk contains Vista and everything else across two partitions.  I added a second 250GB drive (I love Serial ATA!!!) and formatted it from within Windows Vista. Windows Server 2008 64-bit will be installed on this disk.  The boot process has been entirely changed in Windows Vista.  The traditional boot.ini file and it’s settings have been replaced with bcd and the bcdedit utility.  A look into similar experiences out on the web showed that the install went fine, but neither Windows Server or Vista were able to boot after the fact.  There is also a chance that the Windows Server installer will not recognize the fact that a “C:\” drive already exists on the computer and will try to use it’s install partiton as such.  There can only be one “C:\” on a Windows PC, no matter how many versions of Windows are installed.

The Server 2008 install went off without a hitch and completed successfully.  I had to load drivers for the things Linux would have picked up like LAN and SVGA video (Come on, Microsoft???).  Windows Vista came up when selected from the boot menu, which modified automatically without the need to use bcdedit.  Making a backup of the server with Microsoft’s tools is possible after adding the “Windows Server Backup Features”.  Curiously, the “C:\”drive was select as a requirement for backing up the server’s operating system files.  Windows Server is using “C:\”for something, the question is what?  Other than that, the dual boot worked just fine…

Retort: Microsoft’s “Find a PC” Commercials

Hello,

You may have seen the new crop of Microsoft commercials where they pay an actor to find the computer of their liking within a certain price range. If the actor can, Microsoft will buy it for them…

In case you haven’t…

Here is what the buyers and Microsoft are not telling you…

When these lovely folks get home they will open up their new laptops and power it on.  Windows Vista will run through the little OEM Setup routine and eventually show the user their computer’s new desktop. On this desktop will be icons for all sorts of trial-ware and various other crap, software vendors paid the manufacturer of the laptop to include.  Whether the user needs them or not, those items will be there.  Among those usually are:

Trial subscription for an anti-virus program, the Google desktop, a Microsoft Office trial, and perhaps a manufacturer link to some online service.  The A/V software may be complimentary in it’s subscription for a few months.  This will give the user ample time to get comfy in their new system before having to pony up the money to renew sed subscription, or get a virus.  Truth is compromise due to virus or other type of mal-ware can happen with or without suitable A/V protection.  That is what happens when one runs the most insecure operating system available on the market.  Folks, I have take mal-ware off of the even inpregnable Windows Vista 64-bit Edition.

Gimapaolo and Lauren will now have to start removing all of the trial-ware they may not want or need.  They can leave it on the computer, but it is software which may need to be patched.  Unpatched software is often a vector for compromise.  If they are smart, they would have purchased another anti-virus software product or have the sense to activate the trial software which may be currently installed.  Almost everyone I know, who uses a PC, needs Microsoft Word at the very least to do what they need to do with their new computer.  Few people actually “need” the full-fledged MS Office suite, just Word, Outlook and maybe Powerpoint.  Microsoft Office is not cheap any way one tries to buy it.  I hope Lauren and Giampaolo are either students or teachers, that way they could buy the “Student and Teacher Edition” of Microsoft Office.  Either way, no OEM vendor ships a complete version of Office with their laptops.  It would make too much sense for Microsoft to give a similar discount to OEMs in the same manner they do for Windows.  Besides, don’t forget, Microsoft is a monolpoly. The two will most-likely get a copy from their friend, or bit torrent.

If either of the new Windows users have never used Vista before, they will discover a feature called the User Account Control (UAC).  Chances are, they will not like it all that much. I also hope that the peripheal devices like scanners, printers and cameras have drivers that will work with Vista.  Just because it worked XP does not mean it will work with Vista…

Congrats you two, enjoy!  

Beating the Adobe Reader Vulnerability, 2/2009

Hello,

A recent exploit for Adobe Reader has been found in the wild.  Like many exploits, this one will allow remote code execution on the end user’s system.  This code can do many bad things at the whim of the malicious programmer.  This is primarily a Windows exploit, but the Mac and Linux are far from safe.

First thing to do is get the latest version of Adobe Reader.  If you are an Acrobat user, get the latest updates or upgrade your version of Acrobat (funds permitting).

Disable Javascript in Adobe Reader/Acrobat.

Go to: Edit\Preferences\Javascript\ Un-check “Enable Acrobat Javascript”.

Restart the Adobe software for the changes to take effect.

Next, we have to tell Windows not to automatically open PDF files with IE.  Doing this will require an edit to the registry.  Make sure a recent backup of the registry is made just before performing this operation.  For whatever reason, if you don’t want to go into the registry, ask an IT friend or don’t use IE to surf the web…

Run regedit or regedt32 and navigate to the HKEY_CLASSES_ROOT section of the registry “tree” (it will be the first section or “hive”).

Scroll-down and locate the “AcroExch.Document.7“ key.  If it is not found, look again, and if it is still not found Adobe reader/Acrobat may not be installed on the system.

Modify the “EditFlags” entry to indicate 00 00 00 00 from the current 00 00 01 00

Reboot the computer for the changes to take effect.

Finally, disable PDF documents from being displayed in the web browser.

Open Adobe Reader, and go to the Edit menu and choose “Preferences“.

Select the “Internet“ section and un-check “Display PDF in browser“ check box.

As a general practice do not access PDF documents from untrusted sources.  Do not open unfamiliar or unexpected PDF documents, particularly those hosted on web sites or delivered as email attachments. Mac and Linux users do not NEED Adobe Reader to view PDF files, though Adobe Reader can be installed.  Mac OS X has “Preview” which works very well for most PDF’s, while Linux offers many PDF reader, of the most common is “xPDF”.  Windows users do not really need Adobe Reader to view PDF’s either, “Foxit PDF Viewer” will perform the same tasks as Adobe Reader for free.

Windows Admins, a custom .adm file can be imported into Active Directory to disable PDF processing by Windows across the domain.  Save the following into a text editor as “filename.adm”

===========================================

CLASS USER 

CATEGORY "Adobe Acrobat/Reader 6.x - 8.x" 

POLICY "JavaScript Reader 8.x"
KEYNAME "Software\Adobe\Acrobat Reader\8.0\JSPrefs"
EXPLAIN "Enable or Disable JavaScript in Acrobat Reader 8.x"
VALUENAME "bEnableJS"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY 

POLICY "JavaScript Acrobat 8.x"
KEYNAME "Software\Adobe\Adobe Acrobat\8.0\JSPrefs"
EXPLAIN "Enable or Disable JavaScript in Acrobat 8.x"
VALUENAME "bEnableJS"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY 

POLICY "JavaScript Reader 7.x"
KEYNAME "Software\Adobe\Acrobat Reader\7.0\JSPrefs"
EXPLAIN "Enable or Disable JavaScript in Acrobat Reader 7.x"
VALUENAME "bEnableJS"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY 

POLICY "JavaScript Acrobat 7.x"
KEYNAME "Software\Adobe\Adobe Acrobat\7.0\JSPrefs"
EXPLAIN "Enable or Disable JavaScript in Acrobat 7.x"
VALUENAME "bEnableJS"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY 

POLICY "JavaScript Reader 6.x"
KEYNAME "Software\Adobe\Acrobat Reader\6.0\JSPrefs"
EXPLAIN "Enable or Disable JavaScript in Acrobat Reader 6.x"
VALUENAME "bEnableJS"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY 

POLICY "JavaScript Acrobat 6.x"
KEYNAME "Software\Adobe\Adobe Acrobat\6.0\JSPrefs"
EXPLAIN "Enable or Disable JavaScript in Acrobat 6.x"
VALUENAME "bEnableJS"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY 

END CATEGORY
====================================================

Save it to \\<DC>\SYSVOL\<DOMAIN>\Policies\<Policy Class ID>\Adm Run a GPUpdate on the DCs and let them converge.

References:
* Adobe Security Bulletin apsa09-01
* Securing Your Web Browser
* Vulnerability Note VU#905281