There are a number of patch management solutions out there that check in with Microsoft to determine any applicable updates that may be available. Microsoft’s own WSUS (Windows Software Update Services) provides this free, but the same information is leveraged by a host of other third-party solutions that can provide more robust features. This is because Microsoft shares this information in a format designed for implementation by such products.
You can be notified of updates yourself via email by taking advantage of Microsoft’s security bulletin email notification service. You can register for this and other Microsoft newsletters at http://www.microsoft.com/technet/security/secnews/default.mspx.

Microsoft isn’t the only organization to send out security bulletins. Another good source for this sort of information is from the SANS Institute. You can subscribe to SANS newsletters at www.sans.org/newsletters. OVAL is yet another provider of security information that is used by many sites and management applications. In their own words, “OVAL is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services”. Read more at http://oval.mitre.org.

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Bob Kelly | Permalink | |

WMI (Windows Management Instrumentation) offers a ton of data about a Windows computer. It is a open database of information that Microsoft and others populate with virtually all details regarding your system. While management software can (and often does) take advantage of this data collection, it is also very easy to get at this information from scripts.

There are a number of WMI script generators out there including Microsoft’s Script-O-Matic and other copycat tools. One worth mentioning is provided as the “WMI Wizard” in the “Admin Script Editor” (www.adminscripteditor.com) tool. A couple of unique things it does includes generating script code in PowerShell, VBScript, KiXtart or AutoIt scripting languages and showing sample values for selected properties. The latter is important because while you may see something that looks like just what you want when browsing about, all too often the value is either unpopulated or unfriendly (unreadable that is). The feature is fully functional in the 45 day trial available for download.

You can control WMI from the WMI Control snap-in in the MMC.

1) Hit the “Start” button, type MMC and hit enter
2) If you have UAC enabled, you’ll have to answer the prompt that this is okay to run
3) Under file click “Add/Remove Snapin…” and then choose the WMI Control snapin at the bottom of the list provided.
4) You’ll be given the option to manage this on your local system or a remote one (I choose local)
5) Unlike many MMC snapins this is actually a separate dialog so all you get in the tree is a single node with no child nodes. Right click it and choose “Properties” to get at its settings.

The general tab shows you some basic information pulled from WMI regarding your system. Probably nothing you didn’t know here. The Backup/Restore tab lets you do as you’d expect. With the Security tab we finally get to something interesting. Here you can specify security on any level similar to how you would on most other items such as files and folders. Finally, there is an “Advanced” tab which has but one setting and that is to allow for you to specify the default namespace for purposes of scripting. This is set to root\cimv2 by default and is not something you would normally change as this is where most of the classes exist that pertains to your system. With this set, you need not specify the full path to the namespace when referencing a class as in the example below.

 
Continue reading WMI Control in Vista...

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Bob Kelly | Permalink | |

A few people have written trying to find their application event log. While it is a little buried beneath other more dynamic log viewing options, the old application, system and security logs you have grown familiar with over the years are indeed still there—they are just not displayed by default when you fire up the event viewer.

Start > Control Panel > System and Maintenance > Administrative Tools > Event Viewer

Where you used to be able to kick off the event viewer as a regular user (with the restriction of not being able to view the system log) you will now need to tell User Account Control it is okay to launch. Once launched, you can view everything as you are already running privileged).
By default, it is the Overview and Summary view which is displayed. This shows you are collapsed tree view broken down by event type so you can quickly find the errors that matter. To see the log entries they way you did previously, expand the “Windows Logs” node of the tree (the second item by default). You may also wish to hide the “Action Pane” either by clicking the rightmost toolbar icon or from the View menu (select View > Customize and deselect the “Action pane” item from the MMC list). Of course the preview pane can also be turned off, but even if you dislike the dynamic new features of the Event Viewer, I’m betting you’ll appreciate the fact that you don’t have to double-click each event log entry to open it in a new dialog!

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Bob Kelly | Permalink | |

Perhaps you don’t consciously use Task Scheduler, but the applications you use just may. As you know, the Task Scheduler lets you specify a schedule for the automated execution of commands. Not just at specified times either, there are several “triggers” besides a specified date/time schedule that may be leveraged here. Based on your preferences, applications (and even the Vista itself) may well have generated scheduled events on your system. To have a look…

Start > Control Panel > System and Maintenance > Administrative Tools > Task Scheduler

See current tasks by selecting a grouping in the tree view at the left of the screen: Task Scheduler (Local) > Task Scheduler Library > Microsoft

Here under Microsoft you should see a handful of items. Click on any of them to see if they have any triggers configured. You can either view or configure its properties from the many tabs displayed when it is selected, or if there is an existing item listed, you can double-click it to access its properties in a separate dialog.

 
Continue reading Vista Task Scheduler...

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Bob Kelly | Permalink | |

Start > Control Panel > System and Maintained > Administrative Tools > System Configuration

This area lets you control Windows behavior on startup. The options presented are as follows:

Normal Startup – Load all device drivers and services (normal behavior)
Diagnostic startup – Load basic devices and services only
Selective startup – Load any specified group of items: system services, startup items as well as an option to use original boot configuration

The Normal Startup option exists for you to set things back to normal again after choosing either diagnostic or selective startup options. The diagnostic startup option starts only basic services and drivers and is intended to help rule out basic Windows files as the source of a problem you may be investigating. Naturally, selective startup lets you be a bit more granular in your decision to disable how Vista starts up.

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Bob Kelly | Permalink | |

If you should run an application that is incompatible with the Windows Aero color scheme, it may be automatically turned off during execution of the application. The visual elements disabled in Aero should be automatically enabled again when the program exits, but if it does not. Here is how you can manually choose Windows Aero as you scheme:

Start > Control Panel > Appearance and Personalization > Windows Color and Appearance (you may have to click "Open classic appearance properties" if the Appearance Settings dialog is not displayed). Select "Windows Aero" from the "Color scheme" list and then click the "OK" button.

Note that if Vista is disabling Windows Aero due to execution of an application that cannot support it, you should be notified with a dialog like the one below.

Text: "The color scheme has been changed. The following program has performed an action that requires Windows to temporally change the color scheme to Windows Vista Basic."

In this example, I really cannot tell what application is the problem so you may have to pay attention to what you are doing. In this case, I was remote controlling a machine with GoToMyPC. When doing so, the target system to be controlled displays this message (at least until the client is eventually updated to support it).

Note that some applications may have a work-around so check out the application vendors site. Sometimes video settings offered within the application can provide a way past the problem such as with the Zoom Player where a workaround is possible by opening "Options / Setup" and in Basic Mode: Audio/Video where you can set "Video Renderer" to "VMR7" or "VMR9" (instead of "overlay mode").

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Bob Kelly | Permalink | |

Folder redirection refers to the redirection of user folders such as Documents, Pictures, Start Menu and Desktop. While in Windows XP, only five folders could be redirected, Vista allows ten folders. Folder redirection is intended to replace the older concept of having a "home folder" for users. The problem with this (and most of us Admins still face this with users) is that there are too many applications that do not allow you to specify a default path for storing data files and users simply accept the default ending up with some files on the network, some in their [potentially roaming] profile and some on the local system.

Folder redirection supports two modes: Basic and Advanced. Basic redirection sends everyone’s folders to the same location and creates special subfolders for each user while advanced lets you to set folder redirection paths for specific groups.

You're probably aware this can be controlled via Group Policy in a corporate environment, but it is actually very easy to use at home as well. Backups are much easier when your data is separated from the local machine. If you don't have a server or network attached storage device at home, you could also redirect folders to a second (removable/USB) drive. It is actually as simple as moving the desired folder from where it is to where you want it to be! All references by the system will dynamically be updated to reference the new location.

Move or Cut and paste any of the following folders to take advantage of this feature for your computer at home.

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Bob Kelly | Permalink | Comments (1) |

Windows Vista offers a new security capability in its ability to configure removable device controls through the use of Group Policy. It lets you control which devices can be installed on a system. In particular, there are many rightfully concerned that someone could plug in a removable disk drive and walking away with sensitive data.

To make use of this new capability, you create an approved list of devices on your network and include it in your GPO. It may be okay for users to install USB mice and keyboards, but not flash memory devices or external disk drives. MP3 players, PDAs and cell phones can also function as drives that can be used to store potentially large amounts of data. You must control their use through a properly-designed GPO.

The best documentation I've seen on this is:

Step-By-Step Guide to Controlling Device Installation and Usage with Group Policy

It offers specific instrucitons on how to...

 
Continue reading Device Security via Group Policy...

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Bob Kelly | Permalink | |

System Restore provides a quick and easy way for you to restore your computer to an earlier state without losing data. This can be a lifesaver if your computer is acting up due to a configuration change, viruses or other unwanted software. System Restore lets you choose an earlier point in time (before your computer started exhibiting problems) to which you can roll back your system.

This is not a backup restoral-- for that you'll have to create actual backups with a tool like "Complete PC Backup" - http://www.realtime-vista.com/administration/2007/05/complete_pc_backup.htm

This is just designed to get your system operational again by essentially undoing changes to your system that may have caused the problem to begin with. However, Microsoft documents that any applications that have been installed since the restore point will be removed. Hmm, there are also several places where it says only the registry and system files are affected. Most applications do not affect system files these days, so which is it?

Is the system really cleaned up to where it was before, or is it just the system files and registry so that any installed applications may appear to have been removed. One good way to check would be to install a program and then do a restore to before that installation. If the program file directory for the application is gone, that would be a very good sign that the system was really cleaned up and not just the critical references to the application. So that is what I did.

What I found was that the shortcuts to the application were gone, but some files remained in the program files directory. While the application had been essentially removed from the system, there were indeed still traces of it as we expect (this is not a restore from Complete PC Backup). Further, documents are not affected by the restoral.

This really makes System Restore an excellent troubleshooting tool, but should not lull you into a false sense of security where you decide it is not necessary to perform backups. Perform your backups! If you run into system problems, System Restore is a safe and affective tool.

One of the great things about System Restore is that you don't need to worry about taking snapshots. You can of course do so manually, but it happens automatically and each is labeled in a friendly way so you can jump back in time pretty reliably if a problem should arise. When? A restore point is established every time you install software, a driver, or apply an update. Additionally, a System Scheduled checkpoint will also be generated if no changes are made to trigger one.

Ready to check it out? As usual there are a couple of ways to get there...

 
Continue reading Vista System Restore...

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Bob Kelly | Permalink | |

Had a question from the community here on how to determine the installation date for installed hotfixes. The information is where you'd expect it, but it may not be immediately visible:

1) Launch Programs and Features
Control Panel > Programs > Programs and Features

2) On the top of the left margin, you'll see "View installed updates". Give it a click.

3) By default, this list shows: Name, Program, Publisher, and Installed On. Yep, there it is the problem is that the default size of the window probably requires that you make it larger or scroll over to the right some in order to see it.

Like most file list views such as this one, there is even more that you "could" see if you wanted. File version information and other meta data can be added as a column by right clicking on the existing columns and choosing "More...". Of course, the ones that make sense are there by default. You can however choose more here (keeping in mind that not all information will be available depending upon the file in question).

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Bob Kelly | Permalink | |