Category: Windows 7

TechDays is a two-day Swedish conference hosted yearly by Microsoft and partners. I will be there to speak about AppLocker in Windows 7. I will specifically talk about what makes it so great but I will focus on how to implement it and what to think about while doing so. There will be a bunch of other very interesting sessions on the latest Microsoft products so I hope I’ll see you at TechDays in March!

Just wanted to post a quick reminder that if you turn off UAC (User Account Control) in Windows Vista or Windows 7 you also turn off “Protected mode” in Internet Explorer. Turning off UAC is not recommended but if you do, make sure that you run with a standard user account.

If you or someone in your organization still are running the release candidate of Windows 7 now is the time to go to RTM. In one month from now all Windows 7 RC machines will start rebooting themselves every second hour. Remember that in-place upgrades from Windows 7 RC to RTM are not supported nor recommended.

In Windows Vista and Windows 7 there is one feature that many does not know about that lists performance issues with your system. It can show you for instance if a driver of any kind is making “sleep mode” take longer than expected or software the make your computer start or turn off slow.

You find this more or less hidden feature by starting “Performance Information and Tools”. Then click “Advanced tools” in the left menu and then look under the first section “Performance issues” for possible causes of system performance issue.

Mikael Nyström, MVP on Windows Setup and Deployment, has written a rather short but very useful guide on how to easily deploy Windows 7 to end users. Read his blog post!

Just a quick follow-up on the post on solving printing problems via RDP as I for some not so obvious reason totally forgot about it in the last post. It is very easy to find out which driver a redirected printer actually uses by choosing Properties on the printer and noting what it says under “Model”.

It will state either “Remote Desktop Easy Print” (Terminal Services Easy Print) if you are indeed using the Easy Print printer driver or it will show the real driver name for the printer if it has been mapped with the real driver.

RDS Easy Print (previously TS Easy Print) in all its glory but sometimes you may look at problems printing when using the RDS Easy Print driver. Starting with Windows Vista and specifically RDP 6.0 it is possible to connect to remote machines via RDP and automatically get the locally installed printers available in the RDP/TS/RDS session. Previously one had to match the printers drivers with being the exact same on both the local and remote machine. This is done with something called a RDS/TS Easy Print printer driver.

In a few cases I have seen that printing does not work as expected when using the RDS Easy Print printer driver making the printer for example pause, print, pause, print and so on when printing a multiple page document.

The sweet thing here is that with Windows 7 and Windows Server 2008 R2 comes a new group policy setting that allows us to first try to match the local print driver with a remote (the old fashioned way) before using the RDS Easy Print driver. The setting to activate this is named Use Remote Desktop Easy Print printer driver first and is found in Computer configuration – Administrative templates – Windows Components – Remote Desktop Services – Remote Desktop Session Host – Printer Redirection. Set it to disabled to make use of the “real” print driver first.

… that it is there by default in Windows 7 (in the start menu)! Lately there has been spreading what is called a “God mode” trick that simply what it does is to create a shortcut to all settings available for each control panel item. The trick is a nice one but to be honest I see very little use for this trick as all settings that are listed on this page is searchable in the Start menu.

A much better trick in my opinion would be to use the search box in the start menu and always search for a keyword related to what you want to do. There are shortcuts in Windows 7 to take if you just learn to use the start menu search. Let’s take an example on which I often ask students when I teach Windows 7 classes how they would process on how to install/uninstall Windows components and the answer is “I would go to Add/remove programs (Programs and features) and then click Windows components (Turn Windows features on or off)”.

Well, in Windows 7 you don’t have to do this, you can just go ahead and type “features” in the start menu search box and it will list the option “Turn Windows features on or off” and you can save mouse clicks and time!

If you still want “God mode”, create a folder and name it “GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}” and you will get the list of all options available for each control panel item.

The basic exam Windows 7 Configuring (70-680) has been a plain old usual test with questions and answers, at least until now. Microsoft have announced that this is the second exam that will become a virtual lab exam (Windows 7 Configuring 70-683), the first exam being Windows Server 2008 Configuring. I think it is a great move!

If you for instance is using AppLocker in Windows 7 you know that it requires the service “Application identity” to be started for it to enforce the AppLocker rules. This could pose a problem if a user start a machine in safe mode and login there, even a standard user that is. What happens then is that the Application idendity service is not started and the user can then run anything on the machine.

Microsoft has releases a fix for this which allows us to block standard users from logging in into safe mode on our machines. You need both the patch and to add a registry value to make this change but once there your standard users will not be able to bypass AppLocker or any other security features that is not started when starting the machine in safe mode.

Download: A hotfix is available to block standard users from logging on to a Window 7-based or Windows Server 2008 R2-based computer in safe mode