Category: Windows 7

Two events are coming up; Deployment Roadshow vNext featuring System Center Configuration Manager 2012 and Microsoft Deployment Toolkit 2012 and a Windows 8 loadfest.

Deployment Roadshow vNext will take place in Sweden’s four largest cities and it will be presented by myself and colleague Johan Arwidmark from Knowledge Factory, Wally Mead the SCCM guru from Microsoft Corp and Mikael Nyström from Truesec. More info about the event at http://www.deploymentevents.se.

The Windows 8 loadfest will take place in early December in Stockholm and it hosted by me, Johan Arwidmark, Lars Gustavsson and Tim Nilamaa. More info about the event at http://www.deploywindows8.se.

Bumped into a problem where the user account used to join machines to the domain was limited to joining the machines to a particular OU. That makes it hard to just join a machine using the good old way i.e. System Properties and then joining the domain. This will not let me specify the OU to join and will fail and probably this is the intention with this design at this particular customer.

But anyway thanks to a great builtin PowerShell cmdlet in Windows 7 I could get the job done in seconds. Keep in mind :)

Add-Computer -DomainName contoso.com -Credential contoso.com\joinDomainAccount -OUPath "OU=Company,DC=contoso,DC=com"

Reference: Microsoft TechNet

It seems a fairly common misconception is that to be able to use Windows 7 in a Windows or should I say Active Directory environment one need to have either Windows Server 2008 or Windows Server 2008 R2 domain controllers. There are also misconceptions about the need to raise the forest and domain functional levels to be able to use the full power of Windows 7. Neither of these are true.

You can get all the same features if you are using Windows Server 2003 domain controllers and that is also regardless of which forest or domain functional levels you are running with. The most common misconceptions are:

• Group Policy Preferences. Work very well in a 2003 domain. However you need to manage the group policies from a Windows 7 or Windows Server 2008 R2 machine using Group Policy Management Console found in the Remote Server Administration Tools.
• BitLocker. To store recovery keys in AD you need to extend the schema. If you have a domain controller that is running Windows Server 2008 or later you have what it takes, if you are running Windows Server 2003 on your domain controllers you simply extend the schema.

I must add that you get stronger encryption for Kerberos by using Windows Server 2008 domain functional level though but the bottom line is that the functionality of the Windows 7 client is the same regardless of forest or domain functional levels.

When testing application compatibility when moving to Windows 7 you can use ACT (Application Compatibility Toolkit) and the tools in there to test and fix applications. Another tool that you can use to learn about dependencies when compatibility testing your applications is a tool called Dependency Walker.

With this tool you basically open a system file, for instance a DLL or an OCX file, and it will list its dependencies to other files on the system. This can be good for finding what is causing registration of for instance DLL or OCX files to fail on Windows 7 while it works fine on Windows XP. There can be runtimes missing.

Today I visited a customer site where the customer had setup a central store, meaning all group policy defintion files and language files are placed in the SYSVOL share for better management of group policies. One benefit of that central store is that all administrators managing and editing group policies are using the same templates.

The problem in this case was that whenever they started editing a group policy they got tens and tens of warning about various admx files along with for example resource errors. I looked into PolicyDefinitions folder in the SYSVOL share and immediately noticed that there was admx and adml files missing and that there were mismatch between the version of the admx and adml files.

I took a Windows 7 with SP1 client and added/replaced all admx files from there. After that I took the en-us folder and replaced what was in the SYSVOL folder with that one, followed by doing the same for the sv-se, i.e. the Swedish language files. While at it I installed IE9 and put in the inetres.admx and respective adml files for each language to have the capabilities of editing Internet Explorer 9 policies as that is to be included in the Windows 7 image. Voila!

So the bottom line is; keep the central store consistent and make sure that when you create the store that you populate it with admx and adml files from the latest client OS with service pack when managing Windows 7, and that you do make sure that you have the same version of all admx and adml files or else you will get errors due to mismatching files.

When companies deploy Windows 7 most of them are looking at the 64-bit version of Windows 7. This architecture of Windows does not support running 16-bit applications, which unfortunately still is widely in use. If you do an inventory with ACT (Application Compatibility Toolkit) it will inventory all executables as well as CMD files and some other stuff and it will contain information about 16-bit applications lying around and being used by the users in your business.

The trick is that the GUI does not provide a way to view these applications so you have to turn to doing a SQL query using for instance the SQL Management Studio Express tools. Use the SQL Query below to get information on any none 32- or 64-bit executable. The query (thanks to Chris Jackson) will return for instance WOW (Windows on Windows) or DOS applications and that will/might indicate a 16-bit app which you should prioritize to test and handle as necessary.

USE ACTDATABASE
GO

SELECT DISTINCT Applications.appName, Static_App_Properties.fileName, fileModuleType

FROM Static_App_Properties
INNER JOIN Application_Instance_Files
ON Static_App_Properties.identity_hash = Application_Instance_Files.filePropertyID
INNER JOIN Applications
ON Application_Instance_Files.appID = Applications.identity_hash

WHERE fileModuleType<>'32BIT' AND fileModuleType<>'64BIT' AND propertyType='File'

ORDER BY appName
GO

Happy hunting for 16-bit applications! :)

I get many questions about the confusing problem with mapped network connections not being available when running for instance cmd.exe as an administrator even though the account is the same one being used when the cmd.exe is run with standard rights and everything works splendid.

The cause of this is UAC and the fact that you have multiple security tokens and that the mapped network drives are linked to the standard user token and not the administrator token. The solution is to enable “Linked Connections”, see the KB article 937624 for more information on how to set this value.

Also read the case of some other mysterious problems or behaviors when UAC is en effect.

Right smack in the middle of the deployment roadshow talking about deploying Windows 7. Tomorrow it is time for the fourth city (Linköping) and it will be our pleasure to announce that USMT 4.0 now finally migrates Office 2010 settings, as of a few hours ago. Download and install from http://support.microsoft.com/kb/2023591 and follow the instructions for updating the USMT components if you ar eusing LiteTouch or ZeroTouch deployments.

Looking at some stats for last year it seems that the most popular posts were actually from 2009. How to clean out the Windows\Installer folder along with the guide on how to install Nvidia drivers on laptops when all else fails were the most popular ones. The guide on how to troubleshoot blue screens of death is as always popular as well.

Some of my favorite posts are:

• Case of the mysterious issues caused by UAC in Windows 7 and Windows Server 2008 R2
• Standard users installing applications: Say welcome to the new reality
• How to list performance issues with your Vista or Windows 7 machine
• Beware of saved credentials
• Guide on how to replace WinRE with DaRT
• Case of the AppLocker default rules issue

In January and February next year me and Johan Arwidmark will go on a tour visiting eight cities all over Sweden, talking but foremost demoing and guiding you to a successful Windows 7 deployment and project. More information (in Swedish) can be found here!