Creating Custom Troubleshooting Packs
The Windows 7 Software Development Kit SDK , a free download from http download.microsoft.com, includes the Windows Troubleshooting Pack Designer in the Bin TSPDesigner folder. You can use the Windows Troubleshooting Pack Designer to create your own troubleshooting packs to troubleshoot common problems not covered by the built-in troubleshooting packs. Troubleshooting packs are also a convenient way to maintain computers by scheduling them to run in an automated way, you can use troubleshooting...
Direct From The Source Tuf
The new Easy Connect feature simplifies Remote assistance by enabling a direct p2p transfer of the Remote assistance invitation using pNRp. When the User starts Remote assistance and selects Invite Someone You Trust To Help You and then Use Easy Connect, a Remote assistance invitation is created, encrypted, and published as a payload on a node in the pNRp cloud. This invitation will be retrieved by the Helper from the pNRp cloud and the information is used to establish a Remote assistance...
Configuring Incoming Connections
Windows 7 also supports incoming connections of both the dial-up and the VPN types In this scenario, Windows 7 is acting as a mini-VPN or RAS server to other client computers on the network Creating an incoming connection on a computer running Windows 7 requires administrator credentials on the computer and is supported only in workgroup environments To create a new incoming connection, follow these steps 1. Open the Network Connections folder 2. Press the Alt key to make the menu bar visible...
How KMS Works
KMS activation requires Transmission Control Protocol Internet Protocol TCP IP connectivity. By default, KMS hosts and clients use DNS to publish and find the KMS . The default settings can be used, which require little to no administrative action, or KMS hosts and clients can be configured manually based on network configuration and security requirements . KMS activations are valid for 180 days . This is called the activation validity interval. To remain activated, KMS clients must renew their...
How It Works Qej
Because of the massive number of memory chips that hardware manufacturers produce and the high standards customers have for reliability, memory testing is a highly refined science. Different memory tests are designed to detect specific types of common failures, including the following A bit may always return 1, even if set to 0. Similarly, a bit may always return 0, even if set to 1. This is known as a Stuck-At Fault SAF . The wrong bit is addressed when attempting to read or write a specific...
Understanding Device Installation
Deploying, managing, and troubleshooting devices and device drivers in Windows 7 requires knowledge of how device installation works, including the following concepts Driver staging vs. installation Tools for managing driver packages NOTE The 64-bit versions of Windows Vista or later versions do not support 32-bit device drivers or 16-bit applications. For more information, see Knowledge Base article 946765, A Description of the Differences Between 32-Bit Versions of Windows Vista and 64-Bit...
Info Ibf
FIGURE 13-1 The Get-Process cmdlet provides detailed process information. If you are interested in services, the Windows PowerShell cmdlet is Get-Service . When you run this command, you obtain information about the service name, status, and even the display name . The results are shown in Figure 13-2 . If you want to obtain the date, the command is Get-Date, and if you want to find the culture settings on the computer, you use Get-Culture . But you are not limited to just using Windows...
Info Ubn
a This is Text Text
Creating and Configuring a Deployment Share
Before you can use MDT 2010 to deploy Windows 7, you must create a deployment share . A deployment share is a repository for the operating system images, language packs, applications, device drivers, and other software that will be deployed to your target computers . Deployment shares are new in MDT 2010 and consolidate two separate features found in MDT 2008 Distribution share Contains operating system source files, application source files, packages, and out-of-box drivers . Deployment point...
BitLocker To Go
BitLocker To Go enables users to encrypt removable drives using a password or a smart card When a BitLocker To Go-protected drive is connected, Windows 7 prompts the user to enter the password. When the correct password is entered, the contents of the drive are available from Windows Explorer, and accessing the drive is completely transparent to the user. When a BitLocker To Go-protected drive is connected to an earlier version of Windows, the user can run the BitLocker To Go Reader...
Direct From The Source Ogp
Understanding Kernel Stack Overflows Microsoft Global Escalation Services Team Kernel stack overflows are a common error in many cases reported to us by customers. These are caused by drivers taking up too much space on the kernel stack. This results in a kernel stack overflow, which will then crash the system with one of the following bugchecks STOp 0x7F UNEXpECTED_KERNEL_MODE_TRAp with parameter 1 set to EXCEpTION_DOUBLE_FAULT, which is caused by running off the end of a kernel stack. STOp...
Group Policy in Windows Vista and Windows Server
To address the limitations described previously, Windows Vista and Windows Server 2008 introduced the following new features and enhancements for Group Policy ADMX templates Windows Vista uses Extensible Markup Language XML -based Administrative Template ADMX files that use standard XML syntax instead of the proprietary syntax used in ADM template files in previous versions of Windows . Language-specific resources are stored in separate Architecture Description Markup Language ADML files so...
Resource
Copyright 2010 by Mitch Tulloch, Tony Northrup, and Jerry Honeycutt All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher. Library of Congress Control Number 2009935674 Printed and bound in the United States of America.
Remote assistance and Ip ports Used
The ports used by a Remote Assistance session depend on which version of Windows is running on the two computers involved in the session . Specifically Windows 7 to Windows 7, Windows 7 to Windows Vista, or Windows Vista to Windows Vista Dynamic ports allocated by the system in the range TCP UDP 49152-65535 Windows 7 to Windows XP or Windows Vista to Windows XP Port 3389 TCP local remote In addition, the Offer RA via DCOM scenario uses port 135 TCP . NOTE If you are concerned about opening the...
Configuring Security Settings for a VpN Connection
For administrators familiar with configuring connections in Windows Vista, there have been several changes to how this is done in Windows 7. Most obviously, the option for selecting the tunneling protocol s the connection will use has been moved from the Networking tab to the Security tab . In addition, the settings for configuring data encryption and authentication have been reorganized to make them easier to configure. Finally, the settings available to configure on this tab now depend upon...
Direct From The Source Rmp
Managing Print Queues and Servers with the Print Management Console Frank Olivier, User Experience program Manager With Windows 7 client computers and the Windows 7 print Management console, printer administrators can easily provide users with high printer availability. This can be achieved by moving users from the print queues on one server to identical print queues for the same physical printers on another server when the first server is unavailable. First, use the print Management console to...
Managing Driver Installation Behavior
Policy settings for controlling driver installation behavior, including driver signing and driver search, are found under Computer Configuration Policies Administrative Templates System Driver Installation or User Configuration Policies Administrative Templates System Driver Installation, or both. However, the only driver installation policy setting that still applies in Windows 7 is the one that can be used to manage the driver installation behavior for standard users, specifically the...
Direct From The Source Pqw
Darren Baker, Rrogram Manager, and Max Georgiev, Software Development Engineer Windows Experience Find amp Organize Team Backoff logic was implemented in the Windows Search service to reduce the impact of the indexing process on user activities and other applications running on the same computer. To provide users with an optimal searching and browsing experience while keeping the index up to date, the indexer is designed to process incoming document change notifications as soon as possible...
additional Improvements to Windows Firewall in Windows
Beginning with Windows 7, Windows Firewall with Advanced Security has been further improved with the addition of the following new and enhanced features Multiple Active Firewall Profiles In Windows Vista, only one firewall profile could be active at any one time . This means that if the computer is simultaneously connected to multiple networks, the firewall profile that has the most restrictive rules is applied to all the network connections. Beginning with Windows 7, however, each network...
Multiple Active Firewall Profiles at Work
n Windows 7, more than one firewall profile can be active at any given time, with the firewall rules applicable to that profile enforced appropriately on the network interfaces that are classified under that profile. The following example illustrates Multiple Active Firewall Profiles at work I connect to my home network that I previously classified as Private, and I then fire up my VPN client and connect to my corporate network. The VPN connection gets classified as a domain network, and...
Configuring and Using RemoteApp and Desktop Connection
RemoteApp and Desktop Connection requires configuration on both the server and client side On the server side, you need a Windows Server 2008 R2 server that has the Remote Desktop Services role installed together with the following role services Remote Desktop Session Host Remote Desktop Connection Broker In addition, if you want users on client computers to also be able to connect to virtual machines using RemoteApp and Desktop Connection, you must install the Remote Desktop Virtualization...
How to Configure Disk Quotas by Using Group policy Settings
To configure disk quotas in an enterprise, use the AD DS Group Policy settings located at Computer Configuration Administrative Templates System Disk Quotas. The following settings are available Default Quota Limit And Warning Level Log Event When Quota Limit Exceeded Log Event When Quota Warning Level Exceeded Apply Policy To Removable Media Each of these settings relates directly to a local computer setting described earlier except for Apply Policy To Removable Media. If you enable this...
How Federated Search Works
Federated Search uses search connectors, which are XML files that store information on how to connect to a remote data source . Search connectors are installed using OpenSearch Description OSDX files, which are XML files that have the . osdx file extension. When opened, these files create a . searchConnector-ms file in the UserProfile Searches folder on the computer and a shortcut to this file in the Favorites area of the navigation pane of Windows Explorer. For example, the XML for a search...
Resolving the problem Yab
The following suggestions are specific to Stop 0x7A errors . For additional troubleshooting suggestions that apply to all Stop errors, see the section titled Stop Message Checklist later in this chapter. Stop 0x7A can be caused by bad sectors in the virtual memory paging file, disk controller error, virus infection, or memory hardware problems. In extremely rare cases, depleted nonpaged pool resources can cause this error. If the first and third parameters are zero, the stack signature in the...
Logon Phase
The Windows subsystem starts Winlogon. exe, a system service that enables you to log on and log off. Winlogon. exe then does the following Starts the Services subsystem Services . exe , also known as the SCM. The SCM initializes services that the registry entry Start designates as Autoload in the registry subkey Starts the Local Security Authority LSA process Lsass . exe . Parses the Ctrl Alt Delete key combination at the Begin Logon prompt if the computer is part of an AD DS domain . The logon...
Direct From The Source Nxz
Enhancements to PrintBRM in Windows 7 and Windows Server 2008 R2 CSS Global Technical Readiness GTR Team PrintBRM has been enhanced in Windows 7 and Windows Server 2008 R2 in the following ways Better error handling and reporting The ability to perform a partial restore of print objects from a backup The option to not restore security settings for print queues during a restore Driver isolation settings are migrated The sections that follow describe these improvements. Better Error Handling and...
Server Message Block SMB
Server Message Block SMB , also known as the Common Internet File System CIFS , is the file sharing protocol used by default on Windows-based computers. Windows includes an SMB client the Client For Microsoft Windows feature installed through the properties of a network connection and an SMB server the File And Printer Sharing For Microsoft Windows feature installed through the properties of a network connection . SMB in versions of Windows prior to Windows Server 2008 and Windows Vista, known...
Boot Configuration Data
The BCD registry file replaces the Boot ini files used in Windows XP and earlier versions of Windows to track operating system locations, and it allows for a variety of new Windows Vista and Windows 7 features, including the Startup Repair tool and the Multi-User Install shortcuts . The BCD is stored in a data file that uses the same format as the registry and is located on either the Extensible Firmware Interface EFI system partition for computers that support EFI or on the system volume. On...
appLocker Rule Types
You can create three types of AppLocker rules Hash rules Similar to the hash rules in Software Restriction Policies, this rule type creates a hash that uniquely identifies an executable. Before running an executable, Windows 7 calculates the hash of the file and compares it to the hash in each hash rule to determine whether the rule applies. The weakness of this rule type is that hash rules must be updated every time an executable file is updated. Therefore, every different version and every...
Stop xC or BADPOOLCALLER
The Stop 0xC2 message indicates that a kernel-mode process or driver incorrectly attempted to perform memory operations in the following ways By allocating a memory pool size of zero bytes By allocating a memory pool that does not exist By attempting to free a memory pool that is already free By allocating or freeing a memory pool at an IRQL that was too high This Stop message is typically the result of a faulty driver or software.
Related Information 1
Windows 7 Security Enhancements in the Windows Client TechCenter on Microsoft TechNet at An Introduction to Security in Windows 7 in TechNet Magazine at Windows 7 The Security Story on-demand webcast at http msevents.microsoft.com n Download the latest version of the Windows Vista Security Guide at It provides detailed information about how to best configure Windows Vista security for your organization n Windows l Security Compliance Management Toolkit at http go.microsoft.com fwlink LinkId...
How to Verify Connectivity to a DNS Server
Although DNS traffic can use either TCP port 53 or UDP port 53, UDP is almost always used because it is more efficient for short communications . Because Telnet always uses TCP, it is not useful for testing UDP DNS connectivity. Instead, you can install and use the PortQry tool, as described earlier in this chapter To test for connectivity to DNS traffic, install PortQry, and then run the following command. portqry -n DNS_server_name_or_IP_address -p UDP -e 53 If PortQry can connect to the...
Local Storage of ADMX Template Files
ADMX template files are stored locally on Windows 7 computers in the following locations ADMX language-neutral .admx files Found under the SystemRoot PolicyDefinitions folder. ADML language-specific .adml files Found under the SystemRoot PolicyDefi nitions MUI_culture folders, where MUI_culture is the name of the installed language and culture . For example, .adml files for U.S . English are found under the SystemRoot PolicyDefinitions en-US folder.
Efficient Networking
I received piece 1. Please send piece 2. FIGURE 25-9 TCP requires data transfers to be confirmed. I received piece 1. Please send piece 2. How much of the file can be transferred before waiting for confirmation TCP receive window size The smaller the TCP receive window size, the more frequently the sending computers might have to wait for confirmation. Therefore, smaller TCP receive window sizes can cause slower network performance because the sender has to wait for confirmations to be...
Adding Custom Migration Files
MDT 2010 will use only the MigApp .xml and MigDocs.xml files unless you indicate the path to your custom .xml files . As with other properties in MDT 2010, you can configure them in each deployment point's CustomSettings .ini file or add them to the MDT 2010 database. Set the property USMTMigFiles to the name of each custom migration .xml file. If you don't configure this property, MDT 2010 uses the default migration files MigApp .xml and MigDocs .xml. If you do configure this option, MDT 2010...
Configuring the Add printer Wizard
You can find the following two policies that control how the Add Printer Wizard works on client computers under Computer Configuration Policies Administrative Templates Printers Add Printer Wizard - Network Scan Page Managed Network This policy sets the maximum number of printers of each type that the Add Printer Wizard will display on a computer on a managed network when the computer is able to reach a domain controller, such as a domain-joined laptop on a corporate network . If this setting...
Resolving the Problem Jfd
A Stop 0xBE message might occur after you install a faulty device driver, system service, or firmware . If a Stop message lists a driver by name, disable, remove, or roll back that driver to correct the problem . If disabling or removing drivers resolves the issues, contact the manufacturer about a possible update. Using updated software is especially important for multimedia applications, antivirus scanners, DVD playback, and CD mastering tools. MORE INFO For more information about Stop 0xBE...
Configuring Indexing of Text in TIFF Image Documents Using Group policy
You can use Group Policy to configure how indexing text in TIFF image documents takes place . The applicable policy settings are found under Computer Configuration Policies Administrative Templates Windows Components Search The policy settings for configuring the indexing of text in TIFF image documents are as follows Force TIFF IFilter To Perform OCR For Every Page In A TIFF Document Lets users turn off the performance optimization so that the TIFF IFilter performs OCR for every page in a TIFF...
Troubleshooting Folder Redirection
A common issue with Folder Redirection occurs when administrators precreate target folders instead of allowing Folder Redirection policies to create these folders automatically. Typically, the problems that arise result from one of three causes The target folder does not exist . The target folder has incorrect NTFS permissions. The user is not the owner of the target folder. The Folder Redirection extension Fdeploy. dll logs events in the Application log, so be sure to check this log if you...
Using Pnputilexe
PnPutil. exe can be used for online staging of driver packages on Windows 7 systems . This procedure is known as online servicing of Windows. PnPutil. exe supersedes the DevCon . exe tool for managing device drivers on earlier versions of Windows . You can run PnPutil. exe to add, remove, and enumerate PnP drivers from a Command Prompt window, or you can script it for batch operations The following examples use PnPutil exe to perform various actions against the driver store For the full syntax...
How Indexing Works
To illustrate the indexing process, consider what happens when a new document is added to an indexed location a location that is configured for being indexed on an NTFS volume. The following high-level description explains the steps that take place during the indexing of new file system content 1. The NTFS change journal detects a change to the file system and notifies the main indexer process SearchIndexer. exe . To view the state of this flag for a file, open the file's properties in Windows...
UAC Heuristics
If you run an application setup file, UAC will prompt you for administrator credentials . This makes sense because most installation routines require elevated privileges . However, installers created before Windows Vista do not include a manifest, so Windows Vista and Windows 7 have to detect heuristically which executables are setup files . By contrast, 64-bit executables always have a requested execution manifest. To do this, Windows examines 32-bit executables without a requested execution...
Items Defined By This Node
Make And A group of computers using the Make And Model properties of the target Model computers You can associate property settings, applications, packages, roles, and administrative-level accounts with target computers that are of the same make and model For more information on configuring this node, see the MDT 2010 documentation. NOTE Create the items in the Roles node before you create the other items beneath other nodes Computers, Locations, and Make And Model , because the other nodes can...
AppLocker 1
Some IT departments choose to control which applications users can run Sometimes, administrators simply block specific applications that are known to be problematic However, client security benefits more when administrators block all applications that IT has not approved The benefits of restricting users from running applications that are not approved can be immense. First, the risk of malware is significantly reduced, because Windows would prevent users from running the malware application...
How to Manage BitLocker from the Command Line
To manage BitLocker from an elevated command prompt or from a remote computer, use the Manage-bde. exe tool. The following example demonstrates how to view the status. BitLocker Drive Encryption Configuration Tool Copyright C Microsoft Corporation. All rights reserved. Disk volumes that can be protected with
How It Works Ycb
The printer export file has a .printerExport file extension and is essentially a compressed cabinet .cab file that contains XML definition files for the drivers, ports, forms, and printers on a computer. It also contains all of the driver files for each printer. The following files are part of the printer export file BrmDrivers.xml printer driver description file. This file contains a list of every driver installed on the computer and the driver files for each driver. BrmForms.xml Forms...
W 1
Wake on Wireless LAN WoWLAN A new feature of Windows 7 that can reduce electricity consumption by enabling users and IT professionals to wake computers connected to wireless networks from Sleep mode remotely Because users can wake computers to access them across the network, IT professionals can configure them to enter the low-power Sleep mode when not in use WAU See Windows Anytime Upgrade WAU Web Services for Devices WSD A new type of network connectivity supported by Windows Vista and later...
Direct From The Source Cdu
CSS Global Technical Readiness GTR Team The Pfirewall.log shows what packets were dropped by the firewall and or what connection attempts were allowed. This is useful to check if the firewall is involved in a connection problem. The following snippet from a Pfirewall.log file shows that the log contains all necessary information to determine whether a packet was dropped by the firewall such as IP addresses, ports, TCP flags, ICMP types and codes, and the direction. 2009-03-29 12 40 52 ALLOW UDP...
Info Lsl
FIGURE 14-5 Editing Local Computer Policy, Administrators Local Group Policy, and Non-Administrators Local Group Policy, all from a single MMC console FIGURE 14-5 Editing Local Computer Policy, Administrators Local Group Policy, and Non-Administrators Local Group Policy, all from a single MMC console MLGPOs do not exist until you actually configure their settings using the Local Group Policy Editor. You can delete MLGPOs that you no longer need by following these steps 1. Log on to an...
Understanding At and Task Scheduler v Compatibility Modes
Task Scheduler provides two backward-compatibility modes AT Compatibility Mode Tasks registered through AT exe are visible and can be modified by the Task Scheduler v1. 0 GUI and the Task Scheduler command-line utility SchTasks .exe . Task Scheduler v1.0 Compatibility Mode Tasks created or modified in the Task Scheduler v1. 0 user interface and the Task Scheduler command-line utility SchTasks. exe are not accessible or visible through AT. exe . The Task Scheduler parser will determine at...