Jason Yoder, MCT

Yesterday I posted about a question that I received in a Windows 7 class here in Yokosuka, Japan.   It was how to add an update while servicing an image.   Well, because of the technology used, we used the DOS program called DISM.   PowerShell V3 running on Windows 8 and up has the DISM module.   So to bring things into the modern era, here is how to do the same thing with PowerShell. First we mount the image. PS E:\> Get-WindowsImage -ImagePath install.wim | Mount-WindowsImage -Path img -Index 1   The Get-WindowsImage cmdlet will get the Install.wim object.   We can then pipe that to Mount-WindowsImage .   We need to provide the –Path to the directory that will hold the mounted image and the index number of the image that we want to work with. Now we can add the package to the image: PS E:\> Add-WindowsPackage -Path Img -PackagePath Windows6.1-KB976264-v2-x86.msu   Now we can dismount the image and Commit the changes. PS E:\> ...

Today in my Windows 7 class here in Japan, I was asked if it is possible to apply an update to windows while servicing an image. That little voice in my mind said yes, but I had to look it up. So, I set up a VM with Windows 7 and downloaded KB976264 for Windows 7. This is a file with a .MSU file extension. Here you can see the Install.wim fir Windows 7 and the KB article. Next, I mount the image. I then add the update to the image. Next I commit the updates. In the image below, I used the Discard switch. If I wanted to keep the changes, I would have used the Commit switch.   Not to bad.  Tomorrow I will do the same process, but this time with PowerShell.

Let’s face it, no matter how hard you try, it is sometimes best if you just do it yourself. In the tech support world, we have to often remind ourselves that the talents of our users is not in IT and we need to do more than just talk someone through a problem. Remote Assistance in Windows allows you to both see and interact with the end users’ desktop while they are still logged in. The standard set up of Remote Assistance is for the user to request assistance. This can be an issue for many users as it adds to the stress of the situation. Configuring your environment to allow you help desk to offer remote assistance will increase the speed of the support while at the same time decreasing the stress of the problem. To turn on the ability to offer remote assistance, configure this GPO: Computer Configuration / Policies / Administrative Templates / System / Remote Assistance / Configure Offer Remote Assistance Set this policy to Enabled. Scope this GPO to apply to your domain. You may a...

Content advisor uses a rating system known as Recreational Software Advisory Council on the Internet ) RSACi to determine if the content in a web site is suitable to the user based on the users preferences.  Below shows the rating levels: Level Language Nudity Sex Violence 4 Explicit or crude language Provocative frontal nudity Explicit sexual activity Wanton and gratuitous violence 3 Obscene gestures Frontal nudity Non-explicit sexual touching Killing with blood and gore 2 Moderate expletives Partial nudity Clothed sexual touching Killing 1 Mild expletives Revealing attire Passionate kissing Fighting 0 Inoffensive slang No nudity No sexual acts No violence If content advisor is turned on and a website does not include a RSACi rating, that content is blocked.  To override this, open the Internet Explorer’s Properties. Click the Content tab. Click Settings In the Content Advisor window, click the General tab. Check Users can ...

In class, we used the OSCDIMG command to create a Windows PE image a question came about as to when the –b switch does. According to Microsoft , the – b option specifies the location of the El Torito boot sector file. From Wikipedia , the El Torito Bootable CD Specification is an extension to the ISO 9660 CD-ROM specification. It is designed to allow a computer to boot from a CD-ROM.  In short, this helps us create a bootable image.

It is possible that on some very advanced systems, the Windows 7 installer may not have the drivers for your hard drive.  Follow this simple set of instructions to load your drivers into Windows 7 during installation.   Boot from the Installation DVD.   Choose your language and click Next .   Click Install Now .   Check I accept the license agreement and click Next .   Click Custom .   Click Load Driver .   Browse to the media that contains your drivers.  Once loaded, you may need to click Refresh to see your hard drive.

Below is a screen shot of an IPConfig /all command: The question from class is “What is the DUID?”   According to section 9 of RFC3315 , DHCP servers use DUIDs to identify clients for the selection of configuration parameters and in the association of IAs with clients.  An IA (Identity Association) is a collection of addresses assigned to a client.  The DUID must be both unique in the environment and to be dynamically created.  This is because some devices cannot store this information.  For this reason, a DUID is generated in one of 3 ways.  The link above contains more detailed information. Link-layer Address Plus Time Vendor-assigned unique ID based on Enterprise Number Link-Layer address

Backing up your EFS key can help you recover files in the event you suffer a hard drive loss.  Obviously this will not help recover lost file on the crashed hard drive.  For those encrypted files on the crashed hard drive, hopefully you have good backups.  To back up the EFS certificate on your client, you first need to make sure you have encrypted at least one file or folder.    Open a command prompt and type Cipher /y     This displays your EFS certificate thumbprint.  Now that we have established that you have one, lets back it up.  Type Cipher /x . Click OK . Provide a name for the file you want to export to certificate to. Provide a password and confirm it to protect the key.   To recover the certificate, you need to use the certificate mmc. The end user who owns the certificate must log on to the destination computer. Open MMC by typing mmc in the Run dialog box. In the File menu, click Add/Remove Snap-in ....

To test this one out, I downloaded a copy of WinZip 15.5 and put it in a virtual machine.   First off, I created a few files and placed some data in them. I then selected all three and sent them to a compressed file.   The resulting compressed file had a 70% compression on it.  Not bad. I then installed WINZIP 15.5. I selected Legacy Compression during the WinZip installation.  This matched the file extension used by Windows. Using a Drag-Drop operation, I moved the Windows Compressed file into WinZip and it opened.   I then deleted the compressed file and used WinZip to compress the three files.  WinZip got me a 73% compression.  I then uninstalled WinZip to make sure it had no hand in Windows opening the file that I created with WinZip.  Windows was able to open the WinZip file.

As you travel around, you more than likely connect to many open wireless networks.  When you tell WIndows to Connect Automatically (see image below) you save that network’s profile on your client. If you are in an environment where you have set many of the networks to connect automatically that are all within range of each other, you may find yourself connected to the wrong network.  Here is how you set your order preference of wireless networks.   Click Start.   Type Network .   From the returned search items, click Network and Sharing Center .   Click Manage Wireless Networks .   Select the network that you want to be preferred and then click Move Up .   Move it above the other networks that you want to give it preference to.  That way you will connect to that network when multiple other networks are in range.

Windows 7 has the ability to support Previous Versions lust like Windows XP and Vista did on a share hosted on a 2003 or 2008 server.  The difference is that the shadow copy can now be a local drive.  Thanks to a little help from Thomas Lee and a posting on the Win32_ShadowCopy from MSDN, you can force a Windows 7 to create a shadow copy.  The actual lines of PowerShell code are below. # get static method $class = [ WMICLASS ] "root\cimv2:win32_shadowcopy" # create a new shadow copy "Creating a new shadow copy" $class . create ( "C:\" , "ClientAccessible" ) You can attempt to run this remotely by using PowerShell V2 remoting capability

Below is the official word from Microsoft . Security Essentials is antimalware software, which means that it's designed to detect and help protect your computer against a wide range of malicious software, including viruses, spyware, and other potentially unwanted software. Windows Defender, which is automatically installed with your Windows operating system, is software that detects and stops spyware. To learn more about Windows Defender, visit the Windows Defender Web site .

Recently, I instructed a Microsoft Class (6292: Installing and Configuring Windows 7 Client).  During a presentation about the effective permissions of a user when considering NTFS and Share permissions, one student sat up and said "I finally understand that concept.  Nobody has been able to explain that to me before." I decided to put a little bit of that presentation here for everyone's benefit. We use the security model of Microsoft NTFS format to determine what a user is able to do with a file or folder.  We have several different permissions to choose from: Full Control : Users can do anything to the resource. Modify : Users can modify the files and their properties.  Users cannot take ownership or change permissions. Read & Execute : Users can run executable files and scripts. List Folder Contents : Users can view a list of a folder’s contents. Write : Users can write to a file. Read : Users can view files and the files properties. Deny : Absolu...

Originally this question was “How to force all new wireless networks to be Public.”  I had very little luck with this one.  I started looking into a PowerShell option for this, but that code was turning into a complex process.  It then hit me, just make the two profiles the same in the firewall.   To do this, we are going to use the firewall on a Windows 7 client.    Open the Windows Firewall with Advanced Security . Right click Windows Firewall with Advanced Security and then click Export Policy .   Save the policy to a network location.   Open Group Policy Management on a Windows 2008 R2 server or a Windows 7 Client with RSAT installed.   Create a new GPO, or used one that is scoped to reach all of your clients.  I named my GPO Firewall .   Edit the GPO and expand Computer Configuration / Policies / Windows Settings / Security Settings / Windows Firewall with Advanced Security / Windows Firewall with ...

While in class, a student noticed the Render Print Jobs on Client Computers while we were discussing shared printers.     On legacy versions of Windows, it was assumed that the print server would have more processing capability than the clients. For this reason, print jobs were processed on the print server. Now that we have faster, multi-core processors, clients are just as powerful as most print servers. This option is the default setting on Vista and Windows 7.   Some other advantages are CSR (Client Side Rendering) such as the elimination of driver mismatches and better support for Offline Printing. Since the same computer that spooled the print job also rendered the EMF-format data, there are no inconsistences between the client and server print drivers. Also, the print out can be spooled even if there is not a connection to the computer that is hosting the printer. The print job is automatically transmitted when a connection is established.

The Internet Assigned Numbers Authority (IANA) have reserved the following IPv4 ranges for internal, private use.   IP Address Range Subnet Number of addresses 10.0.0.0-10.255.255.255 255.255.255.0 16,777,216 172.16.0.0 – 172.31.255.255 255.240.0.0 1,048,476 192.168.0.0 – 192.168.255.255 255.255.0.0 65,536   The IPv6 equivalent has an address block of fc00::/7

Even though we appear to be in the twilight years of IPv4, you may still be faced with the question of super netting. In the IPv4 world, we use a subnet mask to separate the network and host portion of an IP address.  With the IP address divided into 4 groups representing 8 bits, the normal subnets look like this: 255.0.0.0 255.255.0.0 255.255.255.0 The 255 is the decimal representation of 8 bits, all set to ‘1’.  The 0’s are the decimal representation of 8 bits, all set to ‘0’.  This makes subnetting easy.  Let’s say you need a subnet that can handle 4000 hosts?  Standard subnets will not work.  Here is how you figure out the subnet ID Convert the 4000 to binary.  User the programmer mode on the Windows calculator Just type in 4000 in DEC mode, and then switch to BIN mode. The binary for this is 11111010000 If we add some leading zeros to make this an even 16 bit number, we get 0000111110100000 Now, place them into octets. ...

This question came up during a 6292 class.  To test this out I created a Windows 7 Virtual machine and added a 5 GB hard drive to it. I then brought the hard drive online as an MBR disk and began creating simple volumes of 8 MB in size.  Instead of drive letter, I selected Do not assign a drive letter or drive path . Once I created the fourth partition, the limit of an MBR disk, Disk Manager created an extended partition. I could continue to add partitions within the extended partition. I then converted Disk 1 to a GPT disk. That allowed me to continue adding partitions. I also tried deleting all the volumes and then using the Diskpart tool to create the partitions: Just for the fun of it, I converted the drive to a GPT disk and was able to successfully create 127 partitions.

In the Windows 7 Backup software, if you choosetdo pick what is backed up, the default has a setting called Back up data for newly created users .    The question from class is does Windows Backup automatically pick up new user profiles?   I went ahead and created the backup job and set it to run, and again automatically in a few minutes as a daily scheduled task.  I then imported two user accounts from the domain, Alan, and Bart. I logged in as Alan, but did not log in as Bart prior to the backup procedure.   When I attempted a restore and browsed the files, Alan’s profile was backed up.  Bart, who did not log in, did not have any data to back up.  With the Back up data for newly created users , all new users who log into this client will get their data backup up.

There is nothing like getting ready to leave on a warm, sunny Friday afternoon.  You are ready to head out and start the weekend.  You click shutdown on your PC and now you are waiting for the next hour for an update to install. Here is how to use Group Policy to fix this problem. Create a GPO that is properly scoped to reach the clients that you want to remove this feature on. Edit the Group Policy. Expand Computer Configuration \ Policies \ Administrative Templates \ Windows Components \ Windows Update Double click Do not display “Install Updates and Shut Down” option in Shut Down Windows dialog box . Select Enable and click OK . Close the GPO editor. At the next policy refresh, you should be able to shut down your client without installing updates. I recommend keeping this option on.  It is normally a convenient time to install updates.  For Network Administrators who generally keep their clients up to date, this is OK.  I would not enable ...