You know you love Windows 7, so upgrade from the RC.

I know I'm preaching to the choir here. You've probably already upgraded to a full version of Windows 7. But if you haven't or if you know someone who still hasn't decided how they feel about Windows 7 and are still running the Release Candidate version, it's time to act.

Starting tomorrow, March 1st, your Windows 7 RC operating system will begin shutting down every two hours. Your work will not be saved during the shutdown and the Windows 7 RC will fully expire on June 1, 2010.

After June 1st, your computer will continue shutting down every two hours and your files won’t be saved during shutdown. In addition, your wallpaper will change to a solid black background with a persistent message on your desktop. You’ll also get periodic notifications that Windows isn’t genuine. That means your PC will no longer be able to obtain optional updates or downloads requiring genuine Windows validation and you won't be able to use Microsoft Security Essentials.

Don't get caught doing this at the last minute and don't spend 2 months being annoyed by multiple shutdowns each day. Install a official release version of Windows 7, or if you must, go back to what you had before. In either case, you'll need to do a clean install to replace the RC. As with any clean installation, you'll need to back up your data then reinstall your applications and restore the data.

End of Support for Window 2000, Vista RTM and XP SP2: Where are your priorities?

There's been a lot of chatter about some of the upcoming Microsoft end of support dates that are coming due, specifically for Windows 2000 and Windows XP Service Pack 2 on July 13, 2010 and Windows Vista RTM on April 13, 2010. If you are running an OS version that has reached the end of the support life, you aren't eligible for any support updates or security patches after these dates.

Of course, the associated message is that the best way to stay supported is to upgrade to Windows 7. I'm all for that. I love using the latest and greatest operating systems, Windows 7 and Server 2008 (R2 or original) are no exception. But when it comes to these particular announcements, I only sort of care about them. I suspect that unless you haven't patched or upgraded a server or desktop in last 5 years, you probably only sort of care too. Here's why:

• Windows 2000 - This one is a pretty big deal. Windows 2000 is 10 years old and there will be no more support for the client or server versions, especially when it comes to security updates. Running Windows 2000 on your servers is like running NT 4.0 - you're on your own! And being that Windows 2000 can't run a version of Internet Explorer higher than 6, I'd limit the Internet access of any "2000" box you may need to keep in production this year.
  
  
• Windows XP Service Pack 2 - This is a Service Pack, not the actual OS. Windows XP is in extended support until 4/8/2014. It's true that you really shouldn't be using SP2 anymore (for the IE 6 concerns alone) and Service Pack 3 has been out since April of 2008. If you are running XP SP2 and you don't want to make any "big" moves to Windows 7 this half of 2010 then make a "little" move to SP3 for XP and buy yourself some more time.
  
  
• Windows Vista RTM - Let's take a closer look at the life-cycle here. The RTM version was released on 11/8/2006 and the generally available versions of Vista were released to customers on 1/30/2007. Vista, overall, is still in mainstream support until 4/10/2012. Plus, Vista Business and Enterprise versions have extended support until 4/11/2017. However, since SP1 has been out for Vista since April 2008, a version of the OS without any service pack is no longer supported. If your organization is planning on staying on Vista for the foreseeable future, you'll want to be using SP2 for Vista, as the support for Vista SP1 ends on 7/12/2011.

So it comes down to really thinking about where the needs of your organization are now and where they really need to be come the end of 2010. I'd love to see Windows 7 on every desktop I touch, because I'm already finding myself annoyed with some of the things that XP lacks. However, I do think replacing Windows 2000 on servers takes priority over any Windows XP client.

Terminal Services 2008: When its not your print job

I got wind of an interesting problem at work recently. I wasn’t involved in troubleshooting it at the time, but I still think it’s worth a post in case it ever comes up again for someone.

We’ve been rolling out the pilot of our Terminal Services 2008 remote access solution and are now doing the necessary tweaks and repairs that come from having people actually work the system. All our users (terminal services or otherwise) get an automatically mapped printer that emails the user a PDF of whatever they printed. Some users had reported they weren’t getting their PDFs delivered via email and others were getting PDFs that didn’t belong to them.

Turns out there is a known issue with Vista and Server 2008 where “print jobs may have incorrect owners” when using a shared printer. As stated in the KB article, every print job that is sent from this print client has the same owner in all print queues. The owner is the first user who sends a print job from this client after the printer server is restarted. The problem occurs because the print job is sent in the wrong remote procedure call (RPC) context.

While this usually isn’t a big problem (outside of others potentially being able to manage another person's print job), but when it came to our PDF printing process the owner of the print job is used to determine the email address of the recipient. The knowledge base article includes a link to request the hotfix and applying it did solve the issue.

Tech Triple Play in San Francisco – March 2nd

Is your schedule empty on March 2nd? If so, you can fill your day with several technology events being held in downtown San Francisco.

Start your morning with a Microsoft TechNet Event (8am-Noon) for Windows Azure, Hyper-V and Windows 7 Deployment. Get an overview of Windows Azure, look at the tools and techniques available for building virtual environments in Hyper-V version 2.0, then learn how to simplify your Windows 7 deployments.

Then for the price of an Expo pass at RSA, spend the afternoon checking out the vendors in the Exposition hall. The Expo pass also gets you the afternoon keynotes on Wednesday, Thursday and Friday.

Finally, spend the evening hanging out with the Pacific IT Professionals at their monthly meeting, held at Microsoft’s downtown office at 6pm. Be sure to check out the site for meeting information and RSVP so there is enough snacks to go around.

See you there!

Looking at Microsoft’s Customer Experience Improvement Program

Microsoft has several ways of collecting data in order to improve the Windows experience. One of them is the Customer Experience Improvement Program. New installations of Windows 7 prompt you to opt in or out during the initial set up, but if you want to check or change your participation, you can find setting in the Control Panel.

This data mining tool sits in the background of your computer collecting usage and “trouble” data, periodically sending it off to Microsoft. While the idea of that sounds a bit “big brother”, there are some benefits to having a sibling watch over you. While you may or may not believe it, Microsoft uses data from these tools to fix bugs and improve the Windows operating system.

If you’ve checked “Yes” in the box above, your computer is identified by a unique GUID and your IP address is captured in the data submission process. The GUID is used to determine wide-spread issues compared repeated events from the same computer and is tracked, however your IP address isn’t ultimately stored with the data reports, so your computer can’t be identified specifically.

The CEIP data that is collected from your computer generally includes:

• Configuration – how many processors you have, your OS version, screen resolution, if you use Bluetooth or high-speed USB devices, etc.
• Performance and Reliability – how quickly a program responds to a button click, how many problems you have with a program or device and how fast your network connections work.
• Program Usage – what features you use most often, how often you launch programs, and how many folders you typically keep on your desktop.

If you want more details or to review the entire privacy policy regarding this program, visit the program webpage at Microsoft.

The MVP Summit ends, but the experience continues

I had a fantastic time at the MVP Summit this past week. I enjoyed two days of sessions on Microsoft’s campus, as well as keynotes and other side events in downtown Bellevue to complete the four day adventure.

Even though I’m a Windows Desktop Experience MVP, I hit sessions from some of my other interest areas too – particularly Exchange and Directory Services. It meant I spent a lot of time switching between shuttle buses and hoping I didn’t arrive too late to sessions, but it was well worth the effort. Some of the sessions brought to my attention current features that I need to spend more time looking at and others highlighted things that will just have to wait a bit, due to the MVP NDA.

In addition to all the learning opportunities, I’ve met some great people and have run into some familiar faces from attending TechEd and other tech conferences over last few years. Now I have new blogs to check out, new people to follow on Twitter and more ways share information about technology.

All in all, my first Summit has been a great experience and a stellar way to start my first year as an MVP. I’m looking forward to staying in contact with Microsoft staff and my fellow MVPs the rest of year through other online and live events. And I hope I’ll get to enjoy this all again next year!

RSA Conference 2010 - You gonna be there?

If you are looking for a reason to hang out in San Francisco’s Moscone Center in early March, look no further. It’s time for the annual RSA Conference on security. With meager a beginning in 1991 with 50 attendees at their first event in Redwood City, RSA has grown to attract over 10,000 attendees annually.

This will be the 4th RSA I’ve attended, though I’ve never attended the full conference. It always looks jam-packed and awesome, but security is only a small portion of my job, thus only gets a small portion of the training dollars I can lobby for myself. So I always opt for the Expo Plus Pass.

I think the Expo Plus Pass is a great way to get a taste of the conference, attend all the keynote speeches and even pick one breakout session to attend. For just shy of $300, I think it’s a great value over the regular Expo Only Pass ($100).

RSA is being held March 1-5th and you can register here.

Happy 10th Anniversary to Active Directory

Time sure flies when you are busy keeping up with Active Directory, which has been around since it's release on February 17, 2000 with Windows Server 2000.

I remember the first time I was part of an upgrade from NT 4.0 to Windows 2000 Active Directory. I was the sole IT person in the branch office and was working on a project to upgrading my branch office to be a child domain in the headquarters' "new" Windows 2000 Active Directory forest.

The NT 4.0 PDC in my office had a DNS suffix defined in the network settings, and unknown to us at the time, caused my domain to end up with a disjointed namespace. Once we realized we had an issue, I got to be part of my first upgrade and my first rollback - all in the same evening.

Because I had taken my backup domain controller offline, it was pretty easy for me to bring NT 4.0 back to life. It was far more work for my colleagues at headquarters, who had to call support services for details on using NTDSUTIL to remove the remnants of the child domain controller out of AD forest so we could perform the upgrade again.

Several years, and several domain controller demotions later, I'm quite comfortable with the process I first saw happen back in that little closet of a server room. Active Directory, it's certainly been fun 10 years!

Microsoft Support - Look Again

I have to admit the first place I go to for answers to problems with Microsoft products is Google. Years ago, I learned that I was more likely to get my answer starting outside of the Microsoft Support web pages. In many cases, I'd even find knowledge base articles faster when searching the whole Internet vs. starting directly in the knowledge base portal itself. That fact alone has kept me from starting out at "support.microsoft.com" for a long time. Old habits die hard.

But I've been giving Microsoft Support a second look lately and it's improved over the years.

One of the areas you should check out when supporting home or office users is the Solution Centers which will tailor content to the OS or application you select. Depending on your selection, you might find options to access Microsoft Fix it, which can lead you to some automatic diagnostics and solutions. There are automated solutions for XP, Vista, Internet Explorer, Windows Media Player and others. Windows 7 has a lot of the automated diagnostic features built in and the Fix it web page provides alternate instructions for accessing those tools.

Another area to check out is the Microsoft Answers forum, which is geared toward more consumer level Q&A on desktop operating systems, Office products, Windows Live, Security Essentials.

Finally, if you seek more support information for enterprise applications and Windows Server, TechNet is the place to be. Check out Keith Comb's recent post about improvements in TechNet Search. Don't forget about the TechNet Forums and Community areas too - lots of great blogs and other resources are there, like the Fix it Blog that posts regular additions to the Fix it solutions, especially for more of the server products.

Happy Help-desking!

Looking forward to the MVP Summit

Next week, I’ll be heading to Bellevue and Redmond, WA to take part in the annual Microsoft MVP Summit. This is my first chance to attend the summit, so I’m hoping to make the most of it! I spent some time last week working on my conference schedule and it looks like it’s going to be a busy few days - full of interactions with members of the various Microsoft product teams and plenty of presentations and activities. I almost wish I could be in two places at once so I could attend sessions that share time slots.

I’m also looking forward to meeting other Windows Desktop Experience MVPs, as well as those in other technical areas I’m interested in, like Remote Desktop Services, Exchange, Active Directory and SharePoint. Events like this always get me jazzed about ongoing or upcoming projects I can work on - I'm sure next week will not disappoint!

Adventures with Gmail

Last week, I had a bit of a Gmail scare. I arrived at the office and did my usual routine of logging onto the computers at my desk, including logging into my Gmail account. I always have it open in the background, because let’s face it, I’m addicted to “the grid.” All was good for most of the morning. Then at about 11am, I turn around to do something on that computer and my browser window has a big warning message:

Account Lockdown: Unusual Activity Detected

The page also listed several possible reasons for this and indicated I’d be in the penalty box for up to 24 hours. (24 hours?!?)

According to Google, unusual activity includes, but is not limited to:

1. Receiving, deleting, or downloading large amounts of mail via POP or IMAP in a short period of time.
2. Sending a large number of undeliverable messages (messages that bounce back).
3. Using file-sharing or file-storage software, browser extensions, or third party software that automatically signs in to Gmail.
4. Leaving multiple instances of Gmail open.
5. Browser-related issues.

It’s really hard not to want to panic in this situation, but what can you do? 24 hours seems like a really long time when it comes to email access and I didn’t just want to sit and wait. Ultimately, my access was restored in a few hours, and I learned a few things about the big “G” in the cloud.

My first concern was that my account might have been compromised, so I wanted to change my password. If my account had been compromised changing the password would likely stop any potential abuse (activity #2). I happen to use several Google services, which made it possible to change my password without having access to the email service. Since the “unusual activity” was limited to email, my account itself wasn’t locked, only it’s connection to mail. I could still access Google Reader, etc – any of those services have a portal to the account management. Using that I changed my password, which made me feel a lot better. (I might not have had access to my mail, but I was sure no one else did now either!)

The only devices connecting to my email at the time where the one work computer and my BlackBerry. Perhaps the BlackBerry BIS service was making too many calls to my account? I logged onto the website for that and disconnected that service. I believe BIS uses IMAP to connect (activity #1), so I figured that couldn’t hurt.

I cleared my IE cache, deleted all my cookies and ran a virus scan on my computer (activity #5). I even cleared the cookies and cache on the other machines on my desk even though I don’t usually use them for Gmail access. At this point I was pretty sure I didn’t have any other machines attempting to connect (activity #4). My home computers were off, my office computers were not connected and my BlackBerry service was removed.

I’ve been told the most common cause of this problem is a “cookie gone bad” or the potential false positive on Google’s side, which clear up in a few hours. I would have liked to have access to the Recent Activity page that you can get to from the bottom of your Gmail Inbox. You can use that to close any other sessions (from home computers, for example) and see the IP addresses from your most recent connection points. Turns out that URL doesn’t change, so bookmark it and it will load if you are logged onto any other Google service.

I don’t think I’ll ever know if I was unintentionally abusing the system, but I can’t help but to feel the punishment was punitive, even for a free service. Google is excellent at collecting data - I’m sure they could tell that my account was not newly created, I was a daily user of the service and I had no prior history of excessive usage patterns. Since I do have an alternate email address in the system, a warning notice or a post-lockdown follow-up message giving me some actions to take would have been helpful. I would have happily performed some remediation checks and then clicked a link to have my account rechecked within a hour. The suspension system is automated, so automating a recheck after the user responds to a message shouldn’t be so difficult.

If I was truly a spammer or if I was someone who wasn’t a daily user of Gmail, I may not even care that the service was suspended for 24 hours, but for those of use the service regularly, a little tech support love can go a long way.

Today is Safer Internet Day

Organized by Insafe (a European network of Awareness Centres), Safer Internet Day is held annually on February 9th to promote safe and responsible use of the Internet, especially by children and teens. The topic for 2010 is "Think B4 U Post!"

Speaking of online safety for teens, check out this PSA video by CyberTipline. And for more information about staying safe on the 'web, check out Microsoft's safety website or follow them on Twitter @Safer_Online.

Secrets of the Ease of Access Center

If you are a Windows user without any physical handicaps, chances are you’ve never even looked at the “Ease of Access Center” in the Window 7 control panel. However, there are some interesting things in there!

I find Mouse Keys to be handy from time to time, especially if I’ve been doing a lot of mousing and my hand needs a break. (This isn’t recommended on a laptop with an embedded number pad.) You can find those settings under the Make the mouse easier to use options. There are also different mouse style options than you’d find under the regular mouse settings – good for when you are doing presentations and want to make the mouse easier for others to follow.

Under Use this computer without a display, you’ll find the setting to adjust how long notification boxes stay open. This is adjustable up to 5 minutes. You can also change the thickness of the blinking cursor in the Make this computer easier to see section.

Under Make the keyboard easier to use there is the a couple hidden gems. First, “underline keyboard shortcuts and access keys” can make it easier for you to perform some tasks without reaching for the mouse.

Finally, if you aren’t impressed with the new Aero “Snap” features for docking your windows to the sides and top of the screen, you can turn them of by selecting “Prevent windows from being automatically arranged when moved to the edge of the screen.” For those of you who like shoving windows to the side to take advantage of screen real estate, this gives you that power back.

Not only can you find some interesting options for occasional use, it’s helpful to familiarize yourself with what Windows can do for someone who may need some adjustments in order to use their computer to the best of their abilities.

Terminal Services RemoteApp – Bumps in the Road

This month I’ve been trying to nudge the project of moving to Windows Server 2008 Terminal Services RemoteApp forward at the office. The goal is to get away from using a version of Citrix Presentation Server to access applications over the Internet. The needs of our office have changed and the new features with Terminal Services in Server 2008 make this something we want to adopt instead.

However, nothing is without an occasional bump in the road. Here a couple of ours:

Bump #1 - No way to filter which applications users see on the RemoteApp webpage.

I know this feature was added in Server 2008 R2. Unfortunately, we have to stick with the Server 2008 “classic” due to an important 32-bit application that does not install or run properly under WoW. We debated the importance of filtering the application list and decided it wasn’t a deal breaker. Or we can look at some third-party workarounds.

Bump #2 – Users with passwords set to “enforce change at next logon” can’t get past the TS Gateway.

We have to remember to handle first time password changes for users who only be using RemoteApp by NOT checking the enforcement box and instructing them on how to change there password after they launch an application. (CNTL + ALT + END does the trick from any launched application.)

Bump #3 – No support for Macs with the Mac version of the RDC client.

Ouch. We only have a few employees that use a Mac at home and we’ll have to continue offering GoToMyPC to meet their needs. Not what I’d like to do, but hopefully support for the Mac will come along soon.

Bump #4 – Limitations with multi-monitor support.

Microsoft KB925876 gives some of the details of what type of multi-monitor support is available with Server 2008 Terminal Services and should automatically support spanning if your monitors meeting the configuration requirements. Those rules are: the total resolution on all monitors must be under 4096 x 2048 pixels; the monitors must have the same resolution; the monitors must be aligned side-by-side; and the far left screen has to be the primary one.

This is pretty limiting, especially if you have a laptop connected to an external monitor and want to take advantage of both screens. Or have monitors set up in configuration where one is turned vertically. Or any other number of possible configurations. Windows 2008 R2 improves on this as well, but as noted in #1, we just can't quite use that yet.

So yes, we've got a few bumps, but nothing that would keep us moving forward with the project at this point. Our remote access isn't supposed to be used by someone as a long-term way to work, nor is used with a frequency that demands extra capital expenditures to overcome a few relatively minor issues.

PacITPros February Meeting

Yesterday evening, I gave a short presentation at the monthly Pacific IT Professionals meeting on Windows Server 2008 Terminal Services. Highlights included some of the changes, feature improvements and cavats between Server 2003, Server 2008 and Server 2008 R2. If you attended and would like a copy of my slide deck, click here. Also look for a post tomorrow that covers some of the highlights of the presentation.

There were two other great presentations at the meeting. Ed Horley presented on Network Filtering and Joanie Rhine from Microsoft presented on the most recent Security Intelligence Report. Their presentations will be available on the PacITPros website.

MSI Installer Error: What Advertised Application?

I ran into an interesting error message while reinstalling a custom piece of software on my Windows XP machine recently. The software processes small text files with a custom file extension and uses them to locate a particular document in our document management application. Users can also use the software to generate these custom files to share with others via email, etc.

The program is deployed using a Group Policy software assignment. My computer was handling the files properly from my desktop, but was not working as expected when accessing the same file if it was stored in SharePoint. I had tested the SharePoint functionality previously on another computer and it worked as expected. The MSI Installer includes the option to repair the application, so I attempted to run it again in order to see if that solved my problem. Instead of a successful run, I got the following error message:

"This advertised application will not be installed because it might be unsafe. Contact your administrator to change the installation user interface option of the package to basic."

First, the application is “assigned” not “advertised” with the GPO. Second, I’m a local administrator on my machine, so I thought it was strange I was unable to run it. I pulled our DBA over (who wrote the program) and he confirmed that I should be seeing a “repair” option when the software is run after being installed once before.

A little searching brought us to this post, which recommending running the MSI installer from the command line using the /qb switch. We didn’t bother looking for the “product state value” as Soumitra Mondal suggests in his post, but it appears my PC was a bit confused about the install state of the application and reinstalling with that switch did the trick.