This is the archive for older Windows 7, 8, Server 2012, 2008, 2003, R2 information that was previously on TechNet.
Happy New Year … Not!
With the New Year comes a new class of malicious attack that can impact IT systems. This time, the attack is hardware based, affecting mostly Intel based systems, and to some extent, AMD systems as well.
Here is a list of resources that highlight what it is all about and how to mitigate against this new threat. In the words of Microsoft, “Don’t panic.”
- What is Meltdown and Spectre? https://meltdownattack.com/
- Summary paper and Mitigation Steps for Organisations
- Updated AntiVirus vendor compatibility chart
- Summary of Microsoft information in one place
- GRC InSpectre. Test and enable protection against Spectre and Meltdown. https://www.grc.com/inspectre.htm
Today, MIcrosoft announced the availability of a single update rollup package for Windows 7 SP1 and Windows Server 2008 R2. Some details for the rollup are as follows:
- All security and non-security fixes since the release up to April 2016.
- One installation package.
- Optional install – not offered via Windows Update.
- Monthly rollups after April 2016.
- Security bulletins will continue to link to a direct update.
- For Windows 8.1, Windows Server 2012, and WIndows Server 2012 R2, there will be monthly rollup updates.
Thanks, Microsoft, for listening!
To get the rollups, you need Internet Explorer 6 or higher (not Edge – since this is not an update package for Windows 10). Get the updates here – http://catalog.update.microsoft.com/v7/site/Search.aspx?q=3125574
At this stage, other browsers are not supported, although Microsoft have hinted that the site will be updated in the next few months.
The Essentials Server team have just published a blog post which gives you an at-a-glance look at what features are supported and not supported with the six current (and recently past) SBS and Essentials SKUs.
Read the blog post here – http://blogs.technet.com/b/sbs/archive/2015/07/23/client-connector-availability-with-windows-home-server-small-business-server-and-windows-server-essentials-for-supported-client-os.aspx
If you have DVD media or and ISO of your Operating System, you can quickly and easily create a sysprepped VHD or VHDX image. With this Virtual Hard Disk file, you can set up a Virtual Machine and boot it directly to the Out of Box Experience, thus saving about half an hour to an hour of installation time.
The process for doing this and PowerShell script called Convert-WindowsImage.ps1 is documented in the Technet Script Repository here – http://gallery.technet.microsoft.com/scriptcenter/Convert-WindowsImageps1-0fe23a8f
Note: This latest release (v6.3) now supports the creation on Generation 2 VMs.
Every few months, this situation comes up somewhere amongst the plethora of Windows 7 workstations that are managed by my helpdesk. The standard fix is normally to remove the workstation from the domain, and rejoin it again.
I came across a blog post here – http://www.implbits.com/about/blog/tabid/78/post/don-t-rejoin-to-fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/default.aspx – which suggested that this problem was caused by a machine password being corrupted or lost.
A suggested fix for this was to use NETDOM.EXE to reset the machine password. You will need to install the Remote Server Administration Tools from http://go.microsoft.com/fwlink/?LinkID=153874. Once it has been installed, turn the following feature on (from the Turn Windows features on or off applet in the control panel. (you might find some other useful server administrative tools there too!)
From an administrative command prompt, type the following command.
NETDOM resetpwd /s:[domain controller] /ud:[domain admin] /pd:*
[domain controller] = a domain controller in the joined domain
[domain admin] = a domain administrator with administrative rights to the machine
You will be prompted to enter in the password for the domain admin account specified.
Once the command is completed, restart the computer to log in.
NOTE: I did notice that some other settings on the workstation appeared to be corrupted or reset after the reboot. One of these itemms was the Outlook profile, which had to be reset and resynchronized.
Jakub at www.klaslo.com has posted a blog on how to optimise Windows 7 when installed on SSD drives. He lists 9 tweaks that should be done to ensure maximum performance when using SSD drives here – http://www.klaslo.com/installing-windows-7-on-ssd-tips-and-tweeks/
- Enable TRIM (Should be enabled by default)
- Disable Prefetch
- Disable Superfetch
- Disable Indexing
- Disable Write Caching
- Disable System restore
- Disable Hibernate
- Disable Page file (only if you have a lot of RAM)
- Disable De-fragmentation
It appears that Microsoft are now moving towards a new way of deploying service packs. KB 2775511 is a hotfix rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1. This hotfix rollup contains 90 hotfixes that were released since service pack 1 and are noted to greatly improve performance and system reliability.
The main areas of improvement are in the Remote File System and Networking components, namely Offline Files, Folder Redirection, SMB and TCP Protocol services.
The hotfix rollup is described here – http://support.microsoft.com/kb/2775511/en-us and can be downloaded from the Microsoft Update Catalog here – http://catalog.update.microsoft.com/v7/site/Search.aspx?q=2775511
The documentation also lists two Registry fixes that must be manually applied after the hotfix is installed.
- To enable update 2581608, configure a REG_DWORD Value named RunLogonScriptsNormally under the following path, and set the value to a decimal value of 1:
- To enable update 2752259, configure a REG_DWORD Value named BrmDisableOpc under the following path, and set the value to a decimal value of 0:
Windows 8 was released today on MSDN and Technet. It will soon be released publically. With that comes the many GBs of downloads for the ISOs. Many may have newer Ultrabooks, which do not feature DVD drives anymore. Rather than burning the ISO to a DVD disc, why not put it on a bootable USB stick? There are many ways to do this, and I have found that the best way to do this is to use a command tool called DISKPART. The commands are fairly easy.
- Open an elevated Command Prompt and type DISKPART. You will open up the Diskpart tool, as evidenced by the DISKPART> prompt.
- DISKPART>LIST DISK <- This will give you a listing of the disks on your system. It is very important to identify the USB disk, as you really do not want to format your system drive.
- DISKPART>SELECT DISK n <- this will make select the USB disk n, as identified in step 2
- DISKPART>CLEAN <- This effectively does a quick format/wipe of the USB disk
- DISKPART>CREATE PARTITION PRIMARY <- This will create a primary partition on the disk
- DISKPART>SELECT PARTITION 1 <- Since there is only one partition, this will select it.
- DISKPART>ACTIVE <- This makes the partition active
- DISKPART>FORMAT FS=FAT32 <- This formats the disk and sets it up as a FAT32 formatted drive. This will take a while to complete
- DISKPART>ASSIGN <- This assigns the next drive letter to the drive
- DISKPART>EXIT <- To exit the utility
Once the USB drive has been prepared, you can now use a utility like 7-Zip to extract the ISO directly to the drive.
BTW. This process will also work when creating bootable USB disks of other Windows ISOs – Windows Server 2012, Windows Small Business Server 2011, Windows Server 2008 R2, Windows 7, and even Vista.
I have been seeing quite a number of systems coming up with this error message when attempting to install the Client Connector Software for SBS 2011 Essentials.
“Error: Cannot connect the computer to the server because either another software installation is in progress, or, the computer has a restart pending. Either complete the installation process, or, restart the computer and try to connect again.”
The first thing to do is obvious – Reboot the computer. But then again, there would not be anything to blog if it were that easy. Obviously, that has been attempted and the error remains. Apparently, this is often caused by programs not cleaning up their installation settings.
The fix is fairly simple, if you can remember where the registry setting is.
Open up Regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager. Rename the key named PendingFileRenameOperation to something else.
That should resolve the issue.