aaron parker’s stealthpuppy

Use a PAC file to make proxy settings dynamic

2009-06-23T22:03:54Z

Are you deploying browser proxy settings by setting a proxy server and attempting to manage a proxy bypass list? There is a better way..

Fortunately Jason Curnow, who’s had many years experience working with PAC files, has a website where he’s documented his experiences and shows you how to create your own – The Proxy PAC File Guide.

Any proxy server or firewall (a firewall is going to understand the network topology better than a proxy server) worth it’s salt will do this type of work for you. I know my favourite firewall, ISA Server does – Automatic Detection Concepts in ISA Server 2006 (I’m sure other proxy servers or firewalls do too).

In complex environments you may not be able to rely on your proxy server to handle browser configurations completely, so you’ll need to roll up your sleeves and roll your own PAC file.

So why a PAC file? Here’s a couple of scenarios that demonstrate the awesomeness of a PAC file:

Laptop users don’t need to disable their proxy settings when they’re outside the corporate network (OK, the ISA Server firewall client can do this too); and
If you have internal web applications hosted across WAN links (e.g. your users are in London but SAP is hosted in Ireland), you can use a PAC file to direct specific URLs to proxy servers that handle that SAP traffic only, whilst every thing else goes via your Internet proxy.

So go and check it out, Jason has done some excellent work – The Proxy PAC File Guide.

This blog post was written by Aaron Parker for stealthpuppy.com. Except as noted otherwise, this work is ©2005-2009 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Use a PAC file to make proxy settings dynamic

Windows Server 2008 SP2: What’s in it for Terminal Servers?

2009-05-30T12:56:03Z

As you’re most likely aware, Microsoft has recently made available Windows Vista and Windows Server 2008 Service Pack 2. If you would like to know the details of every single fix and feature in the service pack, download this spreadsheet: Hotfix and Security Update List: Windows Server 2008 SP2 and Windows Vista SP2.

What’s always interesting to me is what is in the latest service packs that will directly benefit Terminal Servers. The table below lists all of the hotfixes in SP2 that directly relate to Terminal Services, and it’s quite the list. So it’s time to get testing and deploying:

KB	Title
951149	Stop error on a Windows Server 2008-based terminal server when the server is running under a heavy load: "0x0000000A"
957081	The query fails when you enter the terminal server farm name in the TS Web Access Administration window to query remote program information in Windows Server 2008
946068	Stop error message on a terminal server that is running Windows Server 2003 Service Pack 1 or Windows Server 2003 Service Pack 2: "Stop 0x000000AB (SESSION_HAS_VALID_POOL_ON_EXIT)"
950054	When you browse a Web page by using Internet Explorer 7 on a terminal server, the colors that are displayed in the MDI child forms of the Web page may be incorrect
950086	A memory leak may occur in the nonpaged pool memory on the Windows Server 2008-based terminal server when you log on to and log off from a Windows Server 2008-based terminal server through an RDP connection
951749	Stop error message on a terminal server that is running Windows Server 2003 SP1 or Windows Server 2003 SP2: "Stop 0x000000AB (SESSION_HAS_VALID_POOL_ON_EXIT)"
951954	Error message when you run an application on a terminal server that is running Windows Server 2008 or Windows Vista with Service Pack 1: "Stop 0x0000008E"
957877	Stop error on a Windows Server 2003-based terminal server that has hotfix 951749 installed: "0x0000008E"
966325	Some terminal sessions stop responding and users cannot complete the logon process when a Windows Server 2008 terminal server is under heavy stress
958656	Client-side rendering in Windows Server 2008 and in Windows Vista may decrease performance on Windows Server 2008-based terminal servers
952234	When you establish a Terminal Services session that requires smart card authentication to log on to a Windows Server 2008-based terminal server, the Terminal Services session stops responding
954910	Error message when you use smart card authentication to log on to a Windows Server 2008-based terminal server from a client computer that is running Windows Vista or Windows Server 2008: "0xC000040C"
949914	Citrix ICA clients may crash when they are connecting to a Windows Server 2008-based terminal server that has Citrix Presentation Server installed
950118	You cannot reuse a virtual channel handle after you disconnect and then reconnect a Terminal Services session that is established on a Windows Server 2008-based terminal server
951422	The WTSQuerySessionInformation function on a Windows Server 2008-based terminal server returns ambiguous IPv6 address data
951674	Terminal Services session limit values in Windows Server 2008 are interpreted incorrectly by Windows Server 2003 terminal servers
955365	The Windows Server 2008 Terminal Services Session Broker service incorrectly balances the load among terminal servers after it runs for a while
956438	A Windows Server 2003-based or Windows Server 2008-based terminal server stops accepting new connections, and existing connections stop responding
957068	Event 1004 is logged even though a user successfully logs on to a Windows Server 2008-based terminal licensing server that has "Per User" terminal licenses installed: "The terminal server cannot issue a client license"
958106	Some components of an application may not be displayed correctly in a Terminal Services session if you connect to a terminal server by using RDC 6.1 from a client computer that is running Windows XP SP3, Windows Vista SP1, or Windows Server 2008
958612	Citrix ICA clients are not disconnected from a Windows Server 2008 terminal server as expected when the grace period has expired and a terminal license server is not configured
958944	A Windows Server 2008-based server that is running the Terminal Server role reports a Stop error when you control a session remotely from inside a session that is already being controlled remotely: "0x00000050"
960470	The pointer position behaves incorrectly when you use RDC to connect to a terminal server from a Windows Vista-based or Windows Server 2008-based client computer, and you run an application that calls the "SetCursorPos" function
960742	Clients cannot log on to a Windows Server 2008-based terminal server through RDP connections if the terminal server is set to listen on only one of the network adapters
967609	The application compatibility scripts do not run on a terminal server that is running Windows Server 2008 when a user creates a terminal session for the first time

Windows Server 2008 SP2: What’s in it for Terminal Servers?

Windows 7 on a Dell Latitiude XT2

2009-05-17T13:13:29Z

I’ve been looking to get a tablet PC for some time now and I’ve just recently picked up a Dell Latitude XT2, which includes multi-touch support. It arrived the same day as the Windows 7 Release Candidate, so the default Windows Vista install, disappeared pretty quickly.

I must say though, it’s a little disappointing to see the amount of packaging the laptop was shipped in compared to what you’re actually left with. Here’s a couple of photos to give you an idea of the packaging – here’s what’s in the box, and here’s the wasted space inside the accessories box. Surely Dell could do better in the packaging department.

Hardware

My main aims for this machine is to go with something in an ultra-portable form-factor for good battery life and prability and the tablet PC screen for reading. Here’s the hardware:

Mobile Intel 45 Express Chipset with Intel vPro
ULV Intel Core 2 Duo U9400 (1.4Ghz, 800Mhz FSB, 3MB cache)
3GB DDR3 1067Mhz RAM
64GB Samsung RBX series SSD
6 cell battery
Intel 5300 WiFi card
Dell Wireless 365 Bluetooth module
Dell Wireless 5530 3G/HSDPA module
Broadcom fingerprint sensor
Broadcom TPM 1.2

Windows 7 (x86) installed from a USB memory stick in a little under 10 minutes and the laptop has a not too shabby performance rating – I’m pretty pleased that the hard disk gets a rating of 6.7:

Drivers & Software

Windows Update offered the following updates:

Driver for Mobile Intel 45 Express Chipset family (beta WDDM 1.1 display drivers)
Dell Tablet PC key buttons

There were a few drivers and updates that I’ve had to download. Keeping to the absolute minimum, I installed the following:

Broadcom USH CV w/ Fingerprint Swipe Sensor. This was marked as an unknown device named 5880 in Device Manager. Download the ControlPoint Security Manager driver for this device.

Dell Wireless 5530 HSPA Mobile Broadband Minicard Device. Dell Wireless 5530 broadband package is a part of the ControlPoint Connection Manager. I’ve avoided the Connection Manager itself and have installed just the driver package.

Windows 7 will enable touch input for the display by default; however the N-trig DuoSense Multi-Touch package for Windows 7 (information page here) beta drivers are required for multi-touch input. The beta driver package ran a firmware upgrade on my screen – oddly enough only after several installs (I’ve reinstalled Windows a few times while checking the drivers).

Until you install the beta drivers, an unknown device will be shown in Device Manager. Once installed, multi-touch is enabled:

After loading the driver for the screen, calibration is required to improve accuracy. Whilst pen input appears to be fairly accurate out of the box, touch input improves with calibration.

Two devices, listed as PCI Serial Port and PCI Simple Communications Controller, are the Intel AMT SOL and the Intel AMT HECI respectively.

The Dell ControlPoint System Manager is required for various functions including managing the screen orientation, the ambient light sensor, additional power settings, keyboard hot keys and

Dell ControlPoint

The ControlPoint software encompasses a number of modules – System Manager (control of the tablet and display & other devices), Security Manager (manages the TPM, fingerprint sensor and other security functions) and Connection Manager (controls wireless LAN and broadband functions). As is usual for most of this type of software, it contains many components that mimic functionality already built into Windows Vista and 7, making the software largley redundant.

Why manufactures continue to include second rate alternatives to the far more elegant tools in the OS, I can’t quite fathom. Perhaps they’re worried you’ll forget what brand of machine you’ve bought and want every possible opportunity to shove their logo in your face – user experience be damned..

Fingerprint Sensor

Setting up and configuring the fingerprint sensor appears to be a little convoluted. I’m not sure why Windows hasn’t enabled functionality on the logon screen with just the driver installed, maybe I’ve missed something. I am keen to stay away from the bloated Dell ControlPoint Security Manager, so I’ll have to do without the sensor for identification/authentication.

Bluetooth Module

To get the bluetooth module working, I’ve had to install the Widcomm bluetooth software – I was unable to load just the driver. This bluetooth stack includes some extras that I really don’t need such as Office integration and the ability to share files over bluetooth.

Windows Virtual PC

Windows Virtual PC works just as you would expect; however to get it up and running you will need to disable VT for Direct I/O and Trusted Execution (not to be confused with DEP) in the BIOS.

Usage

Windows 7 runs very well on this laptop. There’s not really much that you can say about performance – it’s quick (even with the low voltage CPU) and does exactly what I need it to do.

Switching from pen to touch input is very quick and responsive. The digitizer does have an issue that appears to be caused by the beta drivers – an intermittent phantom touch or pen input is received, usually on the right-hand side of the screen. This does go away eventually, but reappears regularly after resume or boot.

The pen is great for writing input (obviously), but also more pinpoint accuracy than you would get with a finger. Using touch input however, is great for scrolling through documents in Word or a web browser. Internet Explorer does a better job of being controlled by pen or touch than does Chrome or Firefox. You can use touch input to move the page up and down directly, whereas the other browsers can only be controlled with flicks (which will page up/page down).

FeedDemon works well with both touch and pen input; however it would be nice to be able to make the FeedDemon UI a little larger to better accommodate touch input. Thankfully I’ve got skinny fingers so it’s workable.

Being able to control the computer with touch input is very convenient, especially when you are reading documents or RSS feeds. Whether touch is just a bit of a gimmick or a valid method of input a little more usage will reveal, but it certaintly is convenient.

Windows 7 on a Dell Latitiude XT2

My Windows box has insomnia

2009-05-12T23:19:26Z

When Windows just won’t stay in sleep mode there’s a simple fix. First you need to identify which component keeps bringing Windows out of sleep mode.

To do that, open the System event log and find any events from source ‘Power-Troubleshooter’ that indicate that the system has returned from sleep mode – similar to this:

In my case, the network adapter was the problem. I think my router is sending some weird packets around the network. I can’t fix the source of the problem (it’s a pretty basic router), but I can configure the network adapter to prevent it from waking the computer.

Open the properties of the adapter in Device Manager and either untick ‘Allow the device to wake the computer’ or tick ‘Only allow a magic packet to wake the computer’ and the computer will stay in sleep mode.

MSI Live Update disables User Account Control

2009-05-12T06:58:25Z

I thought I’d seen just about every dumb thing that a developer could do, but this latest one from MSI is a whopper..

I have an MSI Wind netbook that’s having some shutdown and sleep issues when running Windows 7, so my first thought was to ensure I was running the latest BIOS version. For some reason, MSI still provides a DOS-based utility for updating your BIOS. Not having any USB floppy drives laying around, I went looking for a Windows-based tool instead.

MSI supplies a Live Update application, which will provide users with the latest BIOS and driver updates for their MSI product. It sounded like a good idea to me at the time, so I downloaded the installer and fired it up, but that’s when it just got a little too scary.

For some reason that I can’t quite fathom, it appears that MSI has decided that User Account Control needs to be disabled for their application to run. After installing MSI Live Update and running the main application, you are presented with this dialog box:

Clicking the only option available to you – the OK button, results in a UAC prompt:

Hmm.. DUAC.EXE, I wonder what that does. Let’s cancel that prompt and try the another tool included with Live Updater – Live Monitor. This one not only requires elevation to initially execute, but you just will not get anything useful out of it with UAC enabled.

Here’s a video of the application in action (on Windows Vista) – running LMONITOR.EXE will in turn run DUAC.EXE to disable UAC and then reboot the machine – with little warning:

Not only is this a sad indictment of MSI’s support tool, but this could potentially put many of their users at risk. It’s a real shame to see developers taking the easy way out instead of doing a little research and doing things the right way.

Fortunately though, the online version of Live Update (which is really just an ActiveX implementation of the installed version) does not attempt to disable UAC. If you own an MSI product, my recommendation would be to steer well clear of their Live Update utility and download drivers and other updates manually instead.

MSI Live Update disables User Account Control

Some More Windows Virtual PC Screens

2009-04-30T21:04:05Z

Of course, Windows Virtual PC has been covered in detail already, but I got a chance to play with the product and there’s some neat UI experiences that I hadn’t seen covered yet. Here’s a quick overview of interacting with Windows Virtual PC.

Windows Virtual PC gets a spanking new icon:

Once installed, Virtual PC actually creates a new top level user folder, a nice touch too I think:

You can move this folder just like you can with other user folders:

Virtual machines are managed directly within Windows Explorer – the old management/admin application window from older versions of Virtual PC is no more:

You can open the virtual machine settings from within Explorer too:

Creating a new virtual machine is just as you would expect, except very simplified. Give the machine a name and location (by default virtual machines are stored in C:\Users\<username>\AppData\Local\Microsoft\Windows Virtual PC\Virtual Machines):

Configure memory and networking (I have two network cards in this machine and VPC keep choosing the disconnected card – yay..)

Finally you get options for creating the VHD:

This revision looks pretty good for some basic virtualisation tasks (in now way is it taking aim at VMware Workstations and others). Now where’s the 64-bit guest support?

If you’re having issues seeing the screenshots, you might have more luck by going directly to my SkyDrive folder:

Some More Windows Virtual PC Screens

Did you know that App-V 4.5 CU1 is not beta?

2009-03-24T18:05:06Z

I’m a little slow off the mark here (I’ve got my head buried in something unrelated), but I’ve just found out today that the App-V 4.5 Cumulative Update 1, although only available on Connect, is not actually a beta, it is the final code that you can start deploying.

The MDOP blog covered this release last month, but I think I heard “Windows 7 support” and didn’t hear much after that. My bad, I need to pay more attention.

So what is new in CU1 (4.5.1.15580)?

Support for Windows 7 Beta and Windows Server 2008 R2 Beta
Improved support for sequencing the Microsoft .NET Framework
Customer feedback and hotfix rollup (includes hotfix rollup 3 plus some other fixes)
Instant access or removal of applications assigned to end users

Get it from Connect today or wait until next month when it will be generally available to all (including the TS client which is not available on Connect).

Did you know that App-V 4.5 CU1 is not beta?

Pismo File Mount for using ISOs in Windows 7

2009-03-18T19:48:34Z

My old favourite Daemon Tools just hasn’t been working in Windows 7, so I’ve been on the look out for another tool for mounting ISOs. I haven’t really liked other tools like CloneDrive or PowerISO, but I’ve come across Psimo File Mount (via My Digital Life, I think) which so far has been working a treat.

File Mount has a pretty impressive feature set, but its’ simple approach to handling ISOs is what I’m really enjoying. There’s pleny of options to suit (hopefully) everyone when mounting an image:

If you don’t need to mount an ISO to a drive letter, File Mount will convert the ISO to a folder which you can then view directly in Explorer:

Works well for in-place upgrades to newer Windows 7 builds..

Pismo File Mount for using ISOs in Windows 7

Start Menu in Windows 7 7057

2009-03-13T21:04:59Z

In addition to the new Start Menu customisation options available in build 7048, build 7057 introduces a very subtle change when using the Windows 7 Basic theme. The links on the right-hand side of the Start Menu gain a faux glass look, which gives the Start Menu a little more consistency across the Basic and Aero themes.

Here’s a side-by-side comparison:

Start Menu in Windows 7 7057

Remote Desktop Connection in Windows 7 7048

2009-03-11T17:01:07Z

The Remote Desktop Connection client gets a facelift in build 7048 as well as Jump List integration, which is has been making life much simpler indeed:

Based on a comment by a ’softie, I believe that the new icon is about branding the Remote Desktop Services in Windows Server 2008 R2:

Remote Desktop Connection in Windows 7 7048

Command Prompt in Windows 7 7048

2009-03-10T22:23:19Z

I like the Command Prompt, it’s a little like those old worn out pair of shoes that you just don’t want to get rid of. I’m also a fan of the Consolas font, so when I can mix it with Command Prompt, those old shoes get a new lease on life.

Check out Command Prompt sporting the Consolas font:

Command Prompt in Windows 7 7048

Start Menu in Windows 7 7048

2009-03-10T22:01:00Z

For those looking to fit just about every link possible on their Start Menu, Windows 7 build 7048 and above are aiming to please. In addition to the options seen in earlier builds, 7048 adds Downloads, Homegroup and the ability to edit the number of recent items in Jump Lists:

Start Menu in Windows 7 7048

What’s removable in Windows 7 7048

2009-03-05T00:04:19Z

A little more than just Internet Explorer 8 is removable in Windows 7 build 7048. This build allow you to remove Internet Explorer 8, Windows DVD Maker, Windows Media Center, Windows Media Player (no more N editions, I presume) and even Windows Search:

Given that Windows 7 Enterprise edition will be a superset of Home and Professional, being able to remove these components will be especially welcome for organisations deploying Enterprise edition .

AeroXperience has more on removing Internet Explorer 8 which apparently only removes the IEXPLORE executable; however completely removing Internet Explorer would break compatibility with many applications, so I think calls for being able to remove all traces of IE are just un-realistic.

What’s removable in Windows 7 7048

ACDC vs. SoftBar – Fight!

2009-03-03T23:59:00Z

Two great tools for managing App-V applications have appeared in the last few weeks – SoftBar and the App-V 4.5 Client Diagnostic and Configuration tool (ACDC). Thanks to the efforts of Greg Brownstein and Ment van der Plas, we have some excellent choices for improving the way we can manage and troubleshoot virtual applications on the client.

Both tools are aimed at anyone virtualising applications with App-V and make it a snap to get into those applications for testing and troubleshooting as well as managing the App-V client. Here’s SoftBar and ACDC in action:

I thought it might be interesting to give you an idea of their feature sets and how each tool compares to the other. So this table is the result of my completely un-scientific (and probably flawed) comparison:

	SoftBar	ACDC
Cool name*		[]
Completely free	[]	[]
View extended application information	[]	[]
Add applications via OSD	[]	[]
Launch apps from custom server	[]
Run external applications in bubble	[]	[]
Add external applications to a list	[]	[] (ability to launch custom command at runtime as well)
Run Windows Explorer in bubble	[]
Edit client and cache settings		[]
Manage client service		[]
View cache stats		[]
Clear the cache	[]	[]
Edit client permissions		[]
View and manage the log file		[]
Use virtual applications in scripts	[]

*OK, completely pointless for comparison, but ACDC only gets a point here because the name is similar to these these guys. (I’m hoping it was deliberate..)

I’ve only scratched the surface with what I think I can get out of each tool and so far my favourite is ACDC, but if you’re virtualising applications with App-V, either of these tools should be in your bag of tricks:

SoftBar, for support go here
App-V 4.5 Client Diagnostic and Configuration tool, for support go here

ACDC vs. SoftBar – Fight!

Microsoft issues update to fix disabling Autorun

2009-03-04T00:01:36Z

Microsoft has issued an security advisory for a non-security update (I know, sounds odd, but bear with me) - Microsoft Security Advisory (967940), Update for Windows Autorun. Specifically this update fixes an issue that prevents the NoDriveTypeAutoRun registry key from functioning as expected.

IT World has covered the update and US-CERT actually issued a security alert about the issue last month – Microsoft Windows Does Not Disable AutoRun Properly. The US-CERT article has guidance on disabling AUTORUN.INF completely via the IniFileMapping feature – something that Nick Brown covered back in 2007.

There are actually two knowlegebase articles that cover the issue and the update: How to correct “disable Autorun registry key” enforcement in Windows (967715) and How to correct “disable Autorun registry key” enforcement in Windows (953252). You’ll only need to read the first.

On Windows XP/2003 the update does two things – updates SHELL32.DLL and creates the registry value: HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer HonorAutorunSetting. You can download the updates here:

For Windows Vista and Windows Server 2008, this issue was addressed in Microsoft Security Bulletin MS08-038, released July last year. You’ve deployed that update right?

So the question is then, does Autorun have a place in corporate environments? I think the answer is no – a little tradeoff in usability for a big gain in security. Here’s a few interesting articles by Steve Riley and Jesper Johasson on the subject:

If we only learn two things from Conficker, they should be patch early and disable Autorun. If you’re not on top of this, you could potentially leave yourself open for a world of hurt.

Microsoft issues update to fix disabling Autorun

Apple Safari 4 is Google Chrome

2009-04-28T11:17:57Z

OK, I’m not one for conspiracy theories (well there is the whole JFK thing), but compare the new Apple Safari 4 beta against Google Chrome. Here Chrome in all it’s glory:

And here’s the new Safari 4 beta:

Notice the similar window style and button layout? Apple knows Google is onto a good thing. Still not convinced? - take a look at the Web Inspector for each browser. First up – Chrome:

And now Safari’s Web Inspector:

Almost pixel perfect. Hmm.. Well they do use the same render engine so perhaps I won’t need my tin foil hat this time, but can Apple really claim it’s the ‘world’s fastest web browser’?

Safari 4 looks pretty nice and because it looks like and acts like a Windows application and renders fonts corerctly, I think I’m hooked. Go check it out here – Safari 4. Here’s hoping the next versions of QuickTime and iTunes get a similar make over.

Update: Timothy Hatcher explains it all, great stuff.

Apple Safari 4 is Google Chrome

You need this – App-V Client Client Diag and Config tool

2009-02-23T15:01:27Z

Ment van der Plas, of Login Consultants, has gone and created the most awesome App-V client tool – the App-V 4.5 Client Diagnostic and Configuration tool:

ACDC makes it possible for administrators or users to troubleshoot virtual applications and the environment they run in:

Launch predefined and custom commands within the virtual environment of each application.

See the impact of the App-V Client and the available virtual applications on your system by calculating package size, cache size, user delta file size, log file size etc.

Diagnose problems with App-V applications by parsing the App-V Client log file (in real time) and search any message online.

Configure settings that are not visible in the App-V Client GUI, such as “Predictive Streaming”, “Allow Stream from File”, “Max Package Age” and many more.

Give an overview of application and package information by merging important WMI, registry and OSD information in one single window.

ACDC can be run both as an Administrator and as a Limited User. Running as a limited user will limit the functionality of the tool due to the fact that it has less permission on the system.

I’ve not had time yet to go through the tool in detail, but I’m definitely adding this one to my toolkit. Thanks Ment!

You need this – App-V Client Client Diag and Config tool

Sunday Link Love

2009-02-22T23:52:35Z

Here’s a few articles that I’ve been reading recently and I thought it might be worthwhile sharing them:

Kevin Reeuwijk has an article on integrating App-V 4.5 with SCCM 2007 R2, but shows us how to get the best of both worlds - How to integrate App-V with SCCM without losing the features you care about.

Mark Wilson takes aim at those who didn’t patch and were hit by Conficker (hopefully that wasn’t you) - It’s time to take patch management seriously. However, I’m certain history will repeat itself in a few years.

One of my favourite sites, Ars Technica, is always able to take a level-headed approach when others stoop to senstionalism. This first article, Paradigms lost: The Windows 7 Taskbar versus the OS X Dock, shoots the Microsoft copies Apple argument in the foot. Whilst this article, Oh, the humanity: Windows 7’s draconian DRM?, shows why Slashdot is a waste of time.

Were I German, I would want to be working for sepago. These two articles are great - Mandatory Profiles – The Good, the Bad and the Ugly and Preserving Windows Explorer Folder Views in Roaming Profiles.

And finally there’s this article by Mr. LUA – Aaron Magosis: FAQ: Why can’t I bypass the UAC prompt?.

Sunday Link Love

Flex Profiles 6 is available

2009-02-19T22:50:22Z

A press release from Immidio landed in by inbox today – Flex Profiles, formerly by Login Consultants, has been updated to version 6. It comes as a free Express version and from what I can tell, you can pay for support.

Immidio announces the launch of Immidio Flex Profiles 6.0, the successor of the popular Login Consultants freeware tool. Immidio Flex Profiles gives administrators full control over Windows user profiles on workstations, remote desktops and virtualized applications. Immidio Response provides tailored product support programs based on the size and complexity of the IT environment.

I must admit that I haven’t looked at version 6, but I have used earlier versions quite extensively in the past in Terminal Server environments, and it was always a great way to manage user profiles.

Flex Profiles 6 is available

Google Chrome on Windows 7 x64

2009-03-22T11:35:51Z

The latest beta of Chrome (2.0.169.1) now works unmodified on Windows 7 x64

I’ve had some issues with Google Chrome (1.0.154.48) running on Windows 7 x64, but thanks to these two links, it’s now working great.

To get Chome working you’ll need to add switches to your Chrome shortcut. Most people look to be getting good results by adding the ‘–in-process-plugins’ switch but my experience has been mixed. I’ve found that adding ‘–no-sandbox’ as well as worked. So your shortcut should look something like this:

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe --no-sandbox --in-process-plugins

Google Chrome on Windows 7 x64

Go Deep with AppVirt

2009-02-10T18:59:19Z

Here’s an interesting video on the Channel 9 site about the architecture of Microsoft Application Virtualization:

John Sheehan, Architect of Microsoft’s AppVirt (SoftGrid) technology, spends some time with me digging (deeply) into the architecture and engineering of the application virtualization technology he and team create. A few months ago John joined us for a Going Deep on application virtualization and you asked for more (and you asked for us to go deeper – John only scratchd the surface last time we spoke). Well, here you go, Niners. Deep AppVirt. This is whiteboard-heavy and John’s mic’d so the sound quality is exceptional.

View the video here: John Sheehan: Architecture and Engineering of Microsoft Application Virtualization (AppVirt)

Go Deep with AppVirt

User Based and Machine Based App-V deployment in SCCM 2007 R2

2009-02-08T17:00:31Z

Ment van der Plas has a great article on virtual application deployment in SCCM 2007 R2

The App-V 4.5 Full Infrastructure scenario (with App-V Management / Streaming server) only supports User Based application deployment. If you are using the Configuration Manager 2007 R2 integration of App-V 4.5 you can do both User and Machine based deployment.

Since I often receive questions about user based and machine based deployment with App-V 4.5, I thought I would be nice to explain the two scenarios using Configuration Manager 2007 R2.

First let’s get the terms straight: User Based deployment means that you target a user (usually via a group) to deliver a piece a software. Machine Based deployment is when you target a specific machine to deliver a piece of software to.

The difference in Configuration Manager lies in the creation of the collections

To read the full post go here: How To: User Based and Machine Based App-V deployment in SCCM 2007 R2

User Based and Machine Based App-V deployment in SCCM 2007 R2

Microsoft Virtualisation User Group UK

2009-01-26T18:22:17Z

This Thursday I’ll be presenting at the Microsoft Virtualisation User Group here in London. If you are in town and would like to come along (and we’d love to see you there), you can register at the MVUG web site and here are details of the event:

Location:
Microsoft London (Cardinal Place)
http://download.microsoft.com/documents/uk/about/downloads/victoria_map.pdf

Date & Time:
Thursday 29th January 2009
18:00 – 21:30

Agenda:
18:00 – 18:15: Arrivals

18:15 – 18:45: Simon Cleland (Unisys) & Colin Power (Slough Borough Council); Case study: Hyper-V RDP deployment at Slough Borough Council

18:45 – 19:30: Aaron Parker (stealthpuppy); Application virtualisation – what is App-V?; A look inside an enterprise implementation

19:30 – 20:00: Food

20:00 – 21:15: Justin Zarb (Microsoft); Application virtualisation – in-depth look at App-V architecture

21:15 – 21:30: Q/A and wrap up

Microsoft Virtualisation User Group UK

I am a Twit

2009-01-22T16:48:23Z

Yes it’s true, and I’ll freely admit it. In addition to that, Ravi has convinced me to give Twitter a go. So I have and you can follow me (because I know you want to) at http://twitter.com/stealthpuppy. I promise to keep it on topic – mostly.

I am a Twit

“Fixing” Windows Briefcase

2009-03-13T17:21:32Z

For the 10 people who use Windows Briefcase, this one is not for you. If you’re like me and can’t stand the rough edges in Windows that have yet to be cleaned up, the Windows Briefcase icon is a bit of an eye sore because it still uses a Windows XP style icon:

In most cases I will just remove this menu item completely. To do that, the quick and dirty method is just to delete HKEY_CLASSES_ROOT\Briefcase from the registry. However, if you are one of those 10 people here’s how to make it pretty.

First up, I have a Windows Vista style icon for the Briefcase. I can’t remember where I originally got it from but you can download it here:

Extract this icon to a local folder – I usually place custom icons in C:\Windows\Media. Then change the following three registry values to “%SystemRoot%\Media\Briefcase.ico” (without the quotes):

Key	Value	Type
HKEY_CLASSES_ROOT\Briefcase\DefaultIcon	(Default)	REG_EXPAND_SZ
HKEY_CLASSES_ROOT\Briefcase\ShellNew	IconPath	REG_EXPAND_SZ
HKEY_CLASSES_ROOT\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\DefaultIcon	(Default)	REG_EXPAND_SZ

Once you have updated the registry (you may have to logoff and back on to see the changes), Briefcase will look much smarter:

If you want to script this change, here are the command lines to do it:

REG ADD HKCR\Briefcase\DefaultIcon /ve /d ^%SystemRoot^%\Media\Briefcase.ico /t REG_EXPAND_SZ /f

REG ADD HKCR\Briefcase\ShellNew /v IconPath /d ^%SystemRoot^%\Media\Briefcase.ico /t REG_EXPAND_SZ /f

REG ADD HKCR\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\DefaultIcon /ve /d ^%SystemRoot^%\Media\Briefcase.ico /t REG_EXPAND_SZ /f

“Fixing” Windows Briefcase

Eliminate the Windows Start Navigation sound

2009-01-22T12:39:05Z

What’s the most annoying sound in Windows? For me it’s got to be the Start Navigation sound – that click that Windows plays whenever you navigate your way around Windows Explorer or Internet Explorer.

Usually you can prevent Windows from playing this sound by setting the Start Navigation event to None; however in Windows 7 it comes back whenever you change themes.

If you want to remove the sound completely, you’ll need to delete the wav file. To do that, run the following commands from an elevated command prompt:

TAKEOWN /f "%SystemRoot%\Media\Windows Navigation Start.wav" /a

CACLS "%SystemRoot%\Media\Windows Navigation Start.wav" /E /G Administrators:F

DEL /Q "%SystemRoot%\Media\Windows Navigation Start.wav"

These commands will work on Windows Vista and Windows 7.

Eliminate the Windows Start Navigation sound

Hiding the vmware_user account in Windows 7

2009-01-14T19:07:32Z

Installing VMware Server or Workstation on Windows 7 will leave the __vmware_user__ account showing on the logon screen, which does not happen in earlier versions of Windows.

If you want to hide this account, it’s a simple registry value addition:

Open Registry Editor and navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
If it does not already exist, create a key named SpecialAccounts
Below the SpecialAccounts key create another key named UserList
Create a new DWORD value (DWORD32 on x64) inside UserList named __vmware_user__ (the name of the account we want to hide) and ensure the value is 0
Close Registry Editor and you are done – no need to reboot or logoff

To add this value a little quicker, paste the following command into an elevated command prompt and it will add the value for you

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v __vmware_user__ /d 0 /t REG_DWORD /f

This link has some detail on what the __vmware_user__ account is used for.

Hiding the vmware_user account in Windows 7

No App-V on Windows 7 (for now)

2009-04-30T07:43:12Z

I was testing this myself yesterday without luck, but it looks like App-V does not currently run on Windows 7.

App-V 4.5 is not currently supported or functional on Win7. Info on Win7 support will be published soon.

App-V 4.5 will install successfully on Windows 7 x86 and you can load an application into the cache; however you will run into some issues when launching virtual applications. Interestingly, VMware ThinApp also has issues on Windows 7. I would expect all of the application virtualisation vendors to have support for Windows 7 in time for the release.

My recommendation would be to test your applications running natively on Windows 7 before attempting to run them virtually on the new platform – application virtualisation is not a compatibility layer.

No App-V on Windows 7 (for now)

Santa Claus is watching you

2008-12-22T08:00:00Z

It’s been a busy December, so it’s been a bit quiet around here and by the time you read this I’ll be on the slopes somewhere around Arinsal, so here’s my final post for the year. Merry Christmas, Happy Hanukkah, Saturnalia or Yule or whatever it is you do or don’t celebrate at this time of year.

I’m going to leave you with this little gem from Garfield minus Garfield, it made me chuckle…

Santa Claus is watching you

App-V Sequencer fails to install

2008-12-10T14:20:43Z

Attempting to install the App-V Sequencer may not be successful and result the message “The wizard was interrupted before Microsoft Application Virtualization Sequencer could be completely installed”. Of course the message in the dialog isn’t particularly helpful, so what’s going on?

Taking a deeper look at the issue by enabling a log file, reveals the problem – if Setup detects that the App-V client installed, it will abort. Here’s what you’ll see in the log:

SoftGrid Action: SWGetProductVersion Details: Checking registry root = Software\Microsoft\SoftGrid\4.5\Client\Configuration

SoftGrid Action: SWGetProductVersion Details: Version = 4.5.0.1485

SoftGrid Action: SWGetProductVersion Details: Action ended

SoftGrid Action: SWISequencerLaunchConditions Details: Client is installed, rejecting sequencer install

MSI (c) (A8!00) [11:39:16:780]: PROPERTY CHANGE: Adding SWIClientInstalled property. Its value is '1'.

Of course I shouldn’t have been attempting to you shouldn’t install the Sequencer and Client on the same machine. The best way to fix this is to start with a clean Windows install and then install the Sequencer.

App-V Sequencer fails to install