Category: Windows Vista

Windows client security lockdown with nifty tool from Microsoft

It’s been around for some time and if you did not already know about it Microsoft provide the free tool called Security Compliance Manager. You can use it to very easily manage and export a set of pre-configured (or settings that you configure on your own) settings that improve security. You can then export these settings to for instance a group policy and import it into your domain.

There are templates with pre-configured security lockdowns for Windows XP, Windows Vista and of course also Windows 7. The tool works great for creating a security baseline for your client machines but the only downside is that you cannot import nor in a convenient way compare the settings in the templates with what you currently have.

Killing the myths: Group Policy Preferences for everyone!

There is a very common misconception out there that Group Policy Preferences can only be created, managed and applied to your Windows machines if you are running your domain controllers with Windows Server 2008 or later. This is so NOT true.

What you have to do if you are stuck on domain controllers running Windows Server 2003 is to install the Remote Server Administration Tools on a Windows 7 (or Vista) client machine, add the feature Group Policy Management and then create a GPO in the domain and edit it, configuring the Group Policy Preferences of your choice. Voilà!

I do not know where this myth is coming from actually but the fact that GPO Preferences were introduced in Windows Server 2008 is the major reason I would assume.

Classic shimming tip for forcing apps to run without UAC prompting

If you during your way in testing app compatibility with Windows 7 encounter an application that require a UAC prompt to launch you can suppress this UAC prompt by creating a more or less classic shim “RunAsInvoker”. A few years ago Microsoft posted this as a KB article but not long after it vanished. Now the guide for creating this shim is available in Ask The Performance Team blog and I strongly suggest you put this shimming tip in mind because it might come in handy when you least expect it.

New Remote Desktop Client 7.0 for Windows XP and Vista

Windows 7 already contain RDC version 7.0 but now Microsoft has released the 7.0 client for Windows XP and Windows Vista. Some of the benefits of using the RDC 7.0 connecting from Windows XP or Windows Vista are:

  • Windows Media Player Redirection.  This feature lets you play even a HD file on the remote machine without any lag as the video and audio is processed on the local machine.
  • True multi monitor support!
  • Performance improvements. This is alone a good reason to use the latest RDC 7.0 client.
  • Many more new features and improvements, read more at RDS blog.

Note that the above features only work when you connect from Windows XP or Windows Vista with RDC 7.0 to a Windows 7 or Windows Server 2008 R2 machine.

 Download and more information at http://support.microsoft.com/kb/969084

Hotfix saves power on AMD CPU:s for Windows Vista, 7 and Server 2008 R2

Microsoft have just released a hotfix for Windows Vista, Windows 7 and Windows Server 2008 R2 that potentially can reduce CPU power consumption by ten percent for AMD processors, specifically ones supporting the power state C1E. This includes popular CPUs such as AMD Phenom and Athlon range of CPUs.

The hotfix can only be obtained by contacting PSS (Product Support Services) or by requesting it for instant download via the KB article below.

KB974090: An update is available that allows for a potential power saving in an AMD multicore processor that is running an x64-based version of Windows Vista SP2, of Windows Server 2008 SP2, of Windows 7, or of Windows Server 2008 R2

Manage the scheduled defrag job centrally

Starting with Windows Vista the defragmentation utility is scheduled to run on all drives once per week. The defrag is done in the middle of the night but if the machine is not on at that time, the defrag will start after next power on.

Anyway, you can disable, change the schedule or in other ways modify the task centrally by for instance deploying a script file by using GPO:s. The following command line disables the scheduled defrag task from running.

schtasks /change /tn "microsoft\windows\defrag\ScheduledDefrag" /disable

Solve inconsistencies in the servicing store

Microsoft introduced a totally new servicing mechanism in Windows Vista and Windows Server 2008 which is totally component based. Sometimes information in the servicing store becomes corrupt and inconsistent. This state can cause hotfixes, service packs, security updates and other types of updates to fail.

To solve this problem you can use the System Update Readiness Tool which just have been updated to work with Windows Vista SP2 and Windows Server 2008 Sp2 (it also works for previous service pack levels).

Continuous boot-loop issue with Vista and F-Secure

A serious problem exists with Windows Vista when using F-Secure product, a problem which a lot of users experience. The problem is that when specific versions of F-Secure products are installed Windows enters a continuous boot-loop when installing Windows Update. This issue appears as

Configuring updates stage 3 of 3. 0% complete

after which the computer reboots and reboots and reboots…

The last few weeks I have seen this issue being asked almost every day in the forums over at www.alltomxp.se/forum. Anyway, for the solution have a look at the F-Secure guide or take a look at the MS KB article.