Google Wave Nominations Available

29 11 2009

I became a Google Wave beta tester just recently. It is ‘by invite’ only.

I have several invites to give to friends.

For those of you I consider a friend or acquaintance, I am willing to nominate you to Google Wave if you want to try out the beta version of their new service.

Let me know by emailing me.



Knoppix 6.2 Released – Departure from Swiss Army Knife Moniker

26 11 2009

A breath of new life has come to an old but faithful Linux distribution, Knoppix. Version 5.1.1 was released in January 2007 and 2 years later no further activity convinced me that Knoppix was a dead project, maybe Klaus Knopper had other things to occupy his time.

Fast forward to 2009 and we have seen 3 releases of Knoppix since February 2009 alone. The latest version 6.2 was released on November 18th 2009. Knoppix popularized the idea of a ‘Live CD’ where one could boot a computer to the CD without having to install anything on the hard drive. You could literally try before you committed to using it, or only use it for troubleshooting. It came with a large collection of free software which justly earned it the title of  a ‘Swiss Army Knife’ for computer enthusiasts and technicians. Other Linux distributions such as Suse and Ubuntu have also utilized the ‘Live CD’ delivery mechanism. What set Knoppix apart from other Linux distributions was its ability to automatically detect and configure for a systems hardware on the fly during boot-up, and it often got all devices working on systems I used it on. Other Linux distributions have followed suit and offer the hardware detection capability as well.

New Desktop

With Knoppix 6.0.1 released in February 2009, the KDE desktop was replaced with LXDE, a lightweight desktop environment. Many software packages were also absent from this version. Version 6.2 released November 2009 has further reduced the number of software packages included in the standard release. The Knoppix release notes indicate this is to encourage folks to re-master Knoppix adding tools specific to a need or purpose, such as computer forensics or educational tools etc. The good news is that the DVD version does include a large number of software packages, but even with the DVD version Kstars (Virtual Planetarium) and K3B (CD/DVD burner) are absent. Alternatives for K3B are on both the CD and DVD versions of Knoppix.

Swiss Army Knife looses its blades/tools.

No longer can the CD version of Knoppix be thought of as a Swiss Army Knife or technicians toolkit, it’s been reduced to a single blade :-( It has evolved to become a base platform for hobbyists to extend. It’s a shame, I have utilized Knoppix for many years as a diagnostic tool kit. Its usefulness as such is now diminished and I have been using Ubuntu as a supplement since Ubuntu is on a regular release schedule. Now Knoppix is actually outpacing Ubuntu in releases and includes later versions of the Linux kernel and web browsers. I look forward to where Klaus Knopper takes this platform during 2010 and beyond.

Gains ability to install bootable image on flash drives and SD cards.

Knoppix since the 6.0.1 release has had a really nifty feature whereby a fully working and bootable copy of Knoppix can be installed onto a USB Flash Drive or SD Card using a  built-in utility. It just takes a few clicks to install, previously this feat was only for the most technical, now your grandmother could do it. The utility is very safe, not allowing you to install on a mounted device by accident (ie the HD you just booted from). This feature makes Knoppix truly portable and capable of saving configuration changes and locally stored files between sessions. I have found the ability to boot systems to Knoppix on an SD card to be especially useful, netbooks and other modern systems support booting from a memory card. SD cards are so much more compact versus a CD or USB flash drive. Carrying a bootable operating system in your camera bag is very feasible!!

Kick its Tires!!

Interested in kicking Knoppix’s tires? Visit their website and download from one of many mirrors.

Windows 7 Launch – Nashville TN

15 11 2009

Vista was a flop for Microsoft with its corporate customers. Microsoft have worked hard to correct this with Windows 7 bringing a slew of new features that will appeal to corporate users. To achieve this Windows 7 is tightly integrated with Server 2008 R2.

I attended the Windows 7 Launch in Nashville TN on Friday the 13th 2009. This event was presented at the Microsoft offices and sponsored by CoreBTS. The launch was primarily targeted at corporations and topics covered were appropriate to that audience.

Here are the highlights of the presentation.

  • VDI capabilities are built diretly into Windows 7. Extra features include the ability to have multiple monitors on a virtual desktop, support for VoIP allowing for microphones/headsets and improved local printing capabilities.
  • Search can be configured to extend beyond the desktop to the intranet and internet directly from the operating system without the need to open a browser.
  • Direct Access provides a capability similar to GoToMyPC such that VPN software is no longer required to access computers at work while one is out of the office. The access is controlled by group policy with control, visibility and tracking for the administrator. The gotcha with this solution is that it addresses the PC’s using IPV6, so if you don’t have IPV6 implemented on your LAN, then a IPV6 to IPV4 conversion device at the gateway will be required. Server 2008 R2 is also reqired to provide the gateway access to the corporate LAN via direct access.
  • Branch Cache allows an network admin to cache internet traffic on a server on the LAN. Therefore only one copy of a file is downloaded from outside the LAN and all subsequent requests for those files are serviced across the LAN. This can significantly reduce traffic on the WAN. The cache solution can implemented in one of two ways. Either hosted on a 2008 R2 server or on a peer-to-peer basis with each client on the LAN taking on some of the cache requests and storage. Peer-to-peer is best used on fixed desktops that won’t be taken off the local LAN frequently.
  • UAC is something Vista users loved to hate. With Windows 7 four configurable levels of protection can be selected. Ranging from full (just like Vista) down to none (Like XP). The default is one notch below full protection and can be configured through group policy.
  • Applocker is a network tool that allows the administrator to control what applications can and cannot run on the LAN clients. The administrator can chosse between a white list approach, where only listed applications can run or a blacklist approach where al apps except those listed can run. The ability to prevent appilcations from being installed at all is also configurable via group policy.
  • Better VHD support.  The ability to create and maintain VHD images has been enhanced. For example a previosuly configured system can be imaged to a VHD and later security and update patches applied to the VHD without the need to run the VHD on a system. This vastly simplifies updating machine images. A computer can boot to a VHD image rather than use a local OS. Booting via PXE is also supported.
  • Terminal Services has now been renamed Remote Desktop Services. Remote Desktop Services scales up to about 500 desktops. For larger networks Direct Access is a better choice.
  • PowerShell 2.0 is built into the client OS and is much less verbose to code than VB Script.
  • Optimized Desktop is a architectural feature of Windows 7, whereby the Data, Apps, Operating system and hardware are abstracted into separate layers. Each layer can be managed and configured independently of each other. To manage these layers one needs to aquire Microsoft Desktop Optimization pack. The optimization pack includes :-
    1. Asset inventory hardware and software of network client computers.
    2. Application Virtulization (see below for explanation).
    3. Centralized Diagnostics
    4. Enterprise Desktop Virtulization (New to Windows 7)
    5. Error monitoring. Event logs from each client are consolidated centraly for admin review and action.
    6. Advanced Group Policy. Group policy is now workflow based so that group policy changes are isolated and go through review and approval prior to being applied to the live network.
  • Application Virtulization. Applications are not installed locally during system setup but instead are delivered across the LAN, such that a user can login at any compter on the LAN and get the same applications they have been granted no matter where they login. One advantage of this approach is that client computers only need to have a  basic operating system image without applications. Should a system fail any number of backup computers can be substituted and the user is back up and running immediately. Application compatibility can also be enforced, so if two applications are know to conflict, then they can be configured to never run simultaneously on the same desktop. A local copy of the applications is stored so that mobile users can still run their apps when disconnected from the network.
  • MED-V is a specialized type of virtual machine. It executes dynamically whenever it needs to do so, for example if an application does not perform well on Windows 7 an XP virtual machine can be executed to run the application to ensure that it performs well. So if a corporation has some websites that require IE6 then the virtual machine executes whenever IE6 is needed, but IE8 can run alongside on the host Windows 7 client. Note therefore the trigger for the MED-V virtual machine can be based on the application or a specific URL.
  • Client computers that appear on the network can be quarantined if they are not recognized *or* if the computer has out-of-date AV signatures or OS patches. Once the machine meets the specified criteria, it is granted access to the local LAN. Rouge laptops plugged in by visitors no longer need to be a threat to the LAN.
  • Rights Management Services provides the admin with the ability to control documents stored on the network. A document can be prevented from being copied or saved and only be viewable if the corporations so wishes. At last Microsoft have something equivalent to rights management features found on Novell Networks decades ago.
  • EFS encrypts individual files or folders. Should the document be moved/copied, credentials are required to access it. Credentials can be passwords or the implementation of hardware security fobs. This protects data against accidental loss or intentional theft of the corporations intellectual property.
  • Bitlocker has been enhanced to provide Bitlocker-to-go capabilities. USB drives can be encrypted by the user or enforced via group policy. Therefore corporate data stored on USB draves is safe against unauthorized access or theft/loss of the USB drive. This can apply to any USB device such as external hard drives.

Tips and Tricks

  • Pressing ‘Windows’ plus ‘+’ zooms in on the desktop, good for the visually impaired. The corresponding ‘-‘ zooms back out. The zooming is achieved through the magnifier application built into Windows 7.
  • Pressing ‘Windows’ plus right or left arrows docks the current selected application to the left or right margin of the desktop and is adjusted to fit exactly half of the screen. This a neat way to put two applications side by side with very few keystrokes or mouse clicks.
  • Dragging and ‘Bumping’ an application into the top of the screen causes it to be maximized.
  • Hovering over applications docked into the tool bar provides a small preview of all current windows for that application. Clicking on the preview restores the application window.
  • Hovering over the tiny ‘show desktop’ icon at the extreme bottom right of the screen temporarily minimizes all applications. When you mouse off the icon al windows are restored. If you click on the show desktop icon, then all active windows are minimized.

Clean Install of Windows 7 using upgrade media

2 11 2009

I purchased a Windows 7 Professional upgrade. I have a legitimate copy of Vista Ultimate so am legally OK with buying the upgrade. What I wanted to do however was install the Windows 7 upgrade onto a new hard drive I just purchased for the same laptop and not do an in place upgrade.

The install went great (did a custom install) until it came to the product key. It would NOT accept the product key that came in the package. The Error code was 0xC004F061, License not for clean installations. I did overcome this issue by speaking to Microsoft for over an hour on the phone. The guy at MS I spoke with was from Bangalore India, and he spoke jolly good English!!

Here is the full procedure from an empty hard drive to activated Win7.

1. Install using custom option to partition and install windows 7 as you see fit.
2. At the product key prompt do not enter anything and un-check the auto activate check box.
3. Windows 7 now operates great, except it is not activated. You have 30 days.
4. Run regedit and visit the following key
and change the value of MediaBootInstall from one to zero.

Update 2009:12-02 Follow the registry mod with the following at a command prompt
slmgr /rearm

The product should activate now. If not continue with step 5 below.

5. Put the Windows 7 upgrade DVD in the drive and perform another Windows 7 installation. (You may have to reboot prior to the install starting successfully).
6. Be sure to not update the install automatically and be very sure to select ‘Upgrade‘.
7. After the install finishes enter the product key. It should be accepted and you can activate from windows once it logs in again.

Prior to calling Microsoft I tried everything from having the original Vista install CD in the drive during activation, to attaching my old HD via an external HD enclosure. The activation process does not recognize the old Vista either as install CD or the old installed version.

Making a drive image now that it is activated using Acronis True Image is the way to avoid this again should something go awry with my HD or OS.

Update 2009-11-20:  For more options for performing a clean install using upgrade media, visit Paul Thurrrott’s supersite for windows. It appears that the Microsoft support technician left out an important step during the registry hack which necessitated the double install. The second install could have been avoided.