Windows User State Virtualization – Mixed Environments

Designing a User State Virtualization strategy for a mixed environment poses a number of different challenges. By mixed environment I’m referring to a client computing infrastructure that has:

• Different versions of Microsoft Windows such as Windows 7, Windows Vista and Windows XP on different computers
• Different architecture versions of the same version of Windows such as Windows 7 x86 and Windows 7 x64 on different computers
• Different versions of applications such as Office 2010, Office 2007 and Office 2003 on different computers
• Different architecture versions of the same application such as Office 2010 x86 and Office 2010 x64 on different computers

This article examines the issues that can arise when planning USV solutions for mixed environments and describes some best practices for designing and implementing such solutions.

Planning USV for Mixed Windows Versions

As described in the first article of this series, Windows Vista introduced a new “v.2” user profile that has a flattened folder structure that separates user data and settings better than the Windows XP user profile did. As a result of this change, older Windows XP user profiles are not compatible with the newer v.2 profiles of Windows Vista. This means that you can’t use Roaming User Profiles (RUP) as a solution for roaming between computers running Windows Vista and Windows XP. If you try to implement RUP in a mixed XP/Vista environment, users who roam between the two OS versions will end up with two separate profiles on the RUP server, one profile for XP computers and the other for Vista computers.

No changes were made to user profiles in Windows 7 and the user profile structure in Windows 7 is identical to that in Windows Vista. This means you can use RUP to enable users to roam between computers running Windows 7 and Windows Vista provided there are no other architecture or application-specific issues as described in the sections below. It also means that you can’t use RUP to roam between Windows 7 and Windows XP computers.

If users do need to roam between computers running Windows XP and computers running later versions of Windows, you can use Folder Redirection (FR) with Offline Files (OF) enabled to redirect Documents and other folders where users store work-related data. This allows user data to be accessible from computers running any version of Windows. You cannot roam user settings however, since user settings resides in both the AppDataRoaming folder and in the Ntuser.dat file (the HKCU registry hive) in the root of the user’s profile. Since RUP cannot be used in this scenario, and since AppDataRoaming should never be redirected unless you also use RUP, this means only user data can be roamed in this scenario, not user settings. Table 1 summarizes a USV strategy for mixed environments running different versions of Windows on different computers.

OS versions	RUP	FR with OF
XP and Win7	No	Yes (data folders only)
XP and Vista	No	Yes (data folders only)
Vista and Win7	Yes	Yes

Table 1: USV strategy for mixed environment having different Windows versions on different computers

If you plan on implementing FR in a mixed XP and Win7 (or mixed XP and Vista) environment and you need to redirect the Pictures, Music or Videos folder, you will need to select the Follow The Documents Folder option on the Target tab of the redirection policy for these folders (see Figure 1). Doing this will cause these folders to be redirected as subfolders of the Documents folders (as in XP) instead of as peers of the Documents folder (as in Vista and later) and causes these folders to inherit their redirection settings from the Documents folder instead of having this configured on the folders themselves. Don’t do this however unless you have users who still need to access their redirected data folders from computers running Windows XP since choosing this option alters the structure of the user’s profile. If users only need to access redirected data from computers running Windows Vista or later then don’t select Follow The Documents Folder when redirecting the Pictures, Music or Videos folders. And in any case, you shouldn’t redirect these particular folders at all unless there is a business need for these folders to be redirected (such as centrally backing up internally developed training videos or in-house developed graphics).

Figure 1: Configuring redirection on Pictures to follow Documents

Alternatively, instead of selecting Follow The Documents Folder individually for the Pictures, Music and Videos folders, you can simply select Also Apply Redirection Policy To Windows 2000, Windows 2000 Server, Windows XP and Windows Server 2003 Operating Systems on the Settings tab as shown in Figure 2 as this has the effect of automatically configuring the Pictures, Music and Videos folders to Follow The Documents Folder.

Figure 2: Enabling this setting causes Pictures, Music and Videos to follow Documents.

Planning USV for Mixed Windows Architectures

Beginning with Windows Vista two hardware architectures have been available for Windows platforms: x86 (32-bit) and x64 (64-bit). An x64 version of Windows XP was also released but was never widely deployed, largely due to lack of device driver support, so we won’t be considering Windows XP x64 in this discussion.

While the underlying user profile folder structure of Windows 7 x86 (or Windows Vista x86) and Windows 7 x64 (or Windows Vista x64) are identical, there are differences in how the Windows registry is structured on x86 and x64 versions of Windows. Specifically, the registry on x64 Windows also contains the x86 registry structure, but the reverse isn’t true—the registry on x86 Windows does not contain any x64 registry structure. Another issue is that the location of some programs are stored in the registry using static paths such as C:Program Files or C:Program Files (x86), and this means when you try roaming between 32-bit and 64-bit machines these registry items will typically cause problems. The result of these differences is that you can’t use RUP to roam users between computers running Windows 7 x86 (or Windows Vista x86) and computers running Windows 7 x64 (or Windows Vista x64).

However, if users do need to roam between computers running x86 and x64 versions of Windows, you can use FR with OF to redirect Documents and other data folders to allow work-related data to be accessible to users from computers running both x86 and x64 versions of Windows. You cannot roam user settings however since user settings in HKCU on a computer running an x64 version of Windows are not compatible with user settings in HKCU on a computer running an x86 version of Windows. Table 2 summarizes a USV strategy for mixed environments running x86 versions of Windows one some computers and x64 versions of Windows on others.

OS architectures	RUP	FR with OF
Win7 x86 and Win7 x64	No	Yes (data folders only)
Vista x86 and Vista x64	No	Yes (data folders only)

Table 2: USV strategy for mixed environment having both x86 and x64 versions of Windows on different computers

Planning USV for Mixed Application Versions/Architectures

Issues involving applications in roaming environment are similar to those involving Windows versions. For example, say you have Windows Vista on some computers and Windows 7 on others. You also have version N of an application installed on the Vista machines, but have the newer version N+1 of the same app installed on the Windows 7 machines. If you implement RUP and/or FR/OF in such an environment, can you expect users to experience any problems when they work with this application?

Probably. It’s likely that the new version of the app has more features than the old one, and new features will undoubtedly mean new per-user registry settings and possibly new user settings stored as files under the AppDataRoaming folder. What happens when registry settings or AppDataRoaming files used by the new version of the app are loaded by the old version of the app? Who knows! The only way you can be sure if this scenario will work is to test, test and test before you deploy your USV solution in your production environment. Otherwise, users may find that certain apps they use crash or hang unexpectedly, or behave in strange and unpredictable ways. Such a scenario could even cause users lose data or cause data to be corrupted. It’s best to play it safe and make sure that, regardless of which version of Windows is running on each computer, the same version of each app is installed. Be kind to your helpdesk personnel and don’t let them be inundated with complaints from angry users.

This is even more true with different architecture versions (x86 or x64) of applications. For example, say you have the x64 version of a particular application installed on Windows 7 x64 computers and the x86 version of the same application installed on Windows Vista x64 computers. The OS architectures are both x64 which supports a RUP scenario, but it’s likely that the x86 and x64 versions of the application store their settings in different parts of HKCU and maybe even different folders and files in the AppDataRoaming folder. This means the same kind of frustrating, unpredictable behavior may occur if users try to work on the same data file from one computer running the x86 version of the app and then later on a second computer running the x64 version of the app. Even worse, the data file being worked on might become corrupted. I’m not saying this will happen for sure, and the only way to know for sure is to test, test and test again. But it’s better to play it safe and simply standardize all your computers on either the x86 or x64 version of the app. This may not be a big issue today since 64-bit apps like the 64-bit version of Office 2010 are just now appearing, but in the future it’s likely to be a concern as more and more software vendors start releasing 64-bit versions of apps that had until now only been available in 32-bit form. Table 3 summarizes a USV strategy for mixed environments running different versions/architectures of applications on different computers.

App versions/architectures	RUP	FR with OF
Multiple different versions of the same app	Play it safe—don’t use RUP	Yes (data folders only)
Both x86 and x64 versions of the same app	Play it safe—don’t use RUP	Yes (data folders only)

Table 3: USV strategy for mixed environment having different application versions/architectures on different computers

If there is a clear business need to provide users with multiple versions of applications or even different architecture versions of applications, you should consider implementing one of the following application virtualization solutions from Microsoft (choose the one that meets your need in terms of functionality and manageability):

• Microsoft Application Virtualization which is part of MDOP
• Microsoft Enterprise Desktop Virtualization (MED-V) which is also part of MDOP.
• RemoteApp delivered using Remote Desktop Services
• Windows XP Mode using Windows Virtual PC on Windows 7
• For more information on Microsoft virtualization technologies like these, download my free ebook Understanding Understanding Microsoft Virtualization Solutions: From the Desktop to the Datacenter, Second Edition.

Conclusion

The bottom line in mixed environments (different versions/architectures of Windows/applications) is to keep things simple and play it safe. Your USV strategy should be to virtualize only user data folders like Documents (and possibly also Desktop, Pictures, etc.) and you should use FR together with OF to make user data available to users from any computer they log on to. Do not try to virtualize user settings using RUP or by redirecting the AppDataRoaming folder. If possible, try and standardize on a single version/architecture of each of your applications.

Easy 10 tips for effective Active Directory design

Active Directory design is a science, and it’s far too complex to cover all the nuances within the confines of one article. But I wanted to share with you 10 quick tips that will help make your AD design more efficient and easier to troubleshoot and manage.

1: Keep it simple

The first bit of advice is to keep things as simple as you can. Active Directory is designed to be flexible, and if offers numerous types of objects and components. But just because you can use something doesn’t mean you should. Keeping your Active Directory as simple as possible will help improve overall efficiency, and it will make the troubleshooting process easier whenever problems arise.

2: Use the appropriate site topology

Although there is definitely something to be said for simplicity, you shouldn’t shy away from creating more complex structures when it is appropriate. Larger networks will almost always require multiple Active Directory sites. The site topology should mirror your network topology. Portions of the network that are highly connected should fall within a single site. Site links should mirror WAN connections, with each physical facility that is separated by a WAN link encompassing a separate Active Directory site.

3: Use dedicated domain controllers

I have seen a lot of smaller organizations try to save a few bucks by configuring their domain controllers to pull double duty. For example, an organization might have a domain controller that also acts as a file server or as a mail server. Whenever possible, your domain controllers should run on dedicated servers (physical or virtual). Adding additional roles to a domain controller can affect the server’s performance, reduce security, and complicate the process of backing up or restoring the server.

4: Have at least two DNS servers

Another way that smaller organizations sometimes try to economize is by having only a single DNS server. The problem with this is that Active Directory is totally dependent upon the DNS services. If you have a single DNS server, and that DNS server fails, Active Directory will cease to function.

5: Avoid putting all your eggs in one basket (virtualization)

One of the main reasons organizations use multiple domain controllers is to provide a degree of fault tolerance in case one of the domain controllers fails. However, this redundancy is often circumvented by server virtualization. I often see organizations place all their virtualized domain controllers onto a single virtualization host server. So if that host server fails, all the domain controllers will go down with it. There is nothing wrong with virtualizing your domain controllers, but you should scatter the domain controllers across multiple host servers.

6: Don’t neglect the FSMO roles (backups)

Although Windows 2000 and every subsequent version of Windows Server have supported the multimaster domain controller model, some domain controllers are more important than others. Domain controllers that are hosting Flexible Single Master Operations (FSMO) roles are critical to Active Directory health. Active Directory is designed so that if a domain controller that is hosting FSMO roles fails, AD can continue to function — for a while. Eventually though, a FSMO domain controller failure can be very disruptive.
I have heard some IT pros say that you don’t have to back up every domain controller on the network because of the way Active Directory information is replicated between domain controllers. While there is some degree of truth in that statement, backing up FSMO role holders is critical.
I once had to assist with the recovery effort for an organization in which a domain controller had failed. Unfortunately, this domain controller held all of the FSMO roles and acted as the organization’s only global catalog server and as the only DNS server. To make matters worse, there was no backup of the domain controller. We ended up having to rebuild Active Directory from scratch. This is an extreme example, but it shows how important domain controller backups can be.

7: Plan your domain structure and stick to it

Most organizations start out with a carefully orchestrated Active Directory architecture. As time goes on, however, Active Directory can evolve in a rather haphazard manner. To avoid this, I recommend planning in advance for eventual Active Directory growth. You may not be able to predict exactly how Active Directory will grow, but you can at least put some governance in place to dictate the structure that will be used when it does.

8: Have a management plan in place before you start setting up servers

Just as you need to plan your Active Directory structure up front, you also need to have a good management plan in place. Who will administrator Active Directory? Will one person or team take care of the entire thing or will management responsibilities be divided according to domain or organizational unit? These types of management decisions must be made before you actually begin setting up domain controllers.

9: Try to avoid making major logistical changes

Active Directory is designed to be extremely flexible, and it is possible to perform a major restructuring of it without downtime or data loss. Even so, I would recommend that you avoid restructuring your Active Directory if possible. I have seen more than one situation in which the restructuring process resulted in some Active Directory objects being corrupted, especially when moving objects between domain controllers running differing versions of Windows Server.

10: Place at least one global catalog server in each site

Finally, if you are operating an Active Directory consisting of multiple sites, make sure that each one has its own global catalog server. Otherwise, Active Directory clients will have to traverse WAN links to look up information from a global catalog.

Windows User State Virtualization – Technologies and Issues

Introduction

Virtualization means different things to different people. In a general sense, virtualization refers to the process of using various technologies to decouple one computing resource from other resources in order to achieve business benefits such as lower TCO, increased availability, improved business agility, easier manageability, and so on. Here are some descriptions of different types of virtualization taken from my free e-book titled Understanding Microsoft Virtualization Solutions, From the Desktop to the Datacenter, 2nd Edition (PDF file, 10 MB) (Microsoft Press, 2010):

• Server virtualization refers to the ability to virtualize server workloads, which can save businesses money and simplify management overhead by allowing them to reduce the number of physical servers they need through server consolidation.
• Desktop virtualization refers to any type of technology that creates an additional virtualized operating system environment (the guest operating system installed in a virtual machine) on a physical desktop computer (the host). In local desktop virtualization, the virtual environment is running on the user’s computer (the host), while in remote desktop virtualization the virtual environment runs on a server.
• Cloud computing refers to any solution where virtualized computing resources running “in the cloud” can be provisioned and delivered as services to those who need them. These computing resources can include servers, storage, and networking resources running in virtualized environments using Microsoft Hyper-V, and the virtualized environment itself resides in a datacenter that can be either privately or publicly owned.

Other types of virtualization can include application virtualization, storage virtualization, network virtualization, and so on. What then does the term “user state virtualization” refer to?

Understanding User State Virtualization

User state virtualization or USV refers to the process of virtualizing (decoupling) user state information from the user’s computer and storing this information elsewhere, usually on a server in the datacenter. User state information is anything stored on the computer that pertains to the user, such as:

• User data such as documents, pictures, music files, video files, spreadsheets, PowerPoint presentations, and other types of files that belong to the user.
• User settings such as operating system settings (e.g. wallpapers, screensavers, keyboard layouts etc.) and application settings (e.g. toolbar selections, custom dictionaries, autosave settings, default page layout etc.) that can be customized on a per-user basis.

Figure 1: Windows user state information comprises user data and user settings

The goals of USV are essentially the same as those of any other type of virtualization: lower TCO, increased availability, improved business agility, and easier manageability.

Windows USV refers to a collection of features and technologies that can be used to implement a USV solution for client computers running some version of Microsoft Windows. The key features and technologies of Windows USV are these:

• User profiles which are file system structures (folders and files) that contain the user state information for each user on a Windows-based computer. Some folders and files in a user profile are normally hidden from view to keep users from messing with their contents.
• Folder Redirection which is a Windows technology that lets administrators redirect certain folders within user profiles to shared folders on the network so that when users save files they are working on these files are saved onto the network instead of on their own machines.
• Offline Files which is a Windows technology that lets users work with local copies of files stored in shared folders on the network even when the network itself is unavailable.
• Roaming User Profiles which is a technology that lets you store user profiles in shared folders on the network. When the user logs on to his computer, his profile is downloaded from the network and loaded to display his desktop. When the user logs off, his profile is uploaded back to the network.

Figure 2: Windows USV technologies

As a WindowsNetworking.com reader, you are probably already familiar to some degree with these different technologies, but let’s review them really fast anyways. And while the focus of this series of articles will be on virtualizing user state information on Windows 7 computers, we’ll also examine how USV technologies have changed from Windows XP to Windows Vista to Windows 7 since understanding these changes is important when implementing USV strategies in mixed environments.

User Profiles

There are a bunch of different types of user profiles you need to know about:

• Local profiles which are user profiles stored on the user’s computer. Even when RUP is used to virtualize (decouple) a user’s data and settings from the user’s computer, there is still a locally stored copy of the user’s profile on the user’s computer.
• Roaming profiles which are user profiles stored on the network. Note that Roaming User Profiles (capitalized) or RUP refers to the procedures and technologies involved while roaming profiles (Iowercase) refers to the actual profiles themselves.
• Mandatory profiles which are roaming profiles that are ACL’d as read-only. Mandatory profiles are frequently used in Remote Desktop Services (a.k.a. Terminal Services) environments when you don’t want your users to be able to make any changes to the configuration of their session-based desktops or RemoteApp programs.
• Temporary profiles which are used when the user’s local profile can’t be loaded and there is no roaming profile to download. A typical scenario where you might find yourself logged on with a temporary profile would be when your antivirus software locks files during the logon process thus preventing your local profile from loading. The result is that all your personal files suddenly seem to have vanished—My Documents is empty!! Fortunately, logging off and then on again usually causes your profile to load and your documents to be restored—whew!
• Default profile refers to a special user profile that is used as a template for creating a user’s local profile the first time he logs on to his computer. By customizing the default profile prior to deploying Windows, you can ensure a customized, uniform experience for your users. For example, you could prepopulate desktops with shortcuts to network shares, ensure that a corporate wallpaper is being used, and so on. Group Policy can be used to do some of these things as well.

User profiles changed significantly from Windows XP to Windows Vista (or Windows 7) as you can see by comparing Figures 1 and 2 below. Some of the important changes include the following:

• Windows XP stores local profiles in the C:Documents and Settings folder; Windows Vista and Windows 7 store them in the C:Users folder.
• In Windows XP the root folder of your user profile can be accessed using Windows Explorer. In Windows Vista and Windows 7 however, you can access your root profile folder directly from the Start menu and this is not necessarily a good thing since it means you can create additional folders in your user profile and these folders can’t be redirected (though they can be roamed).
• Windows Vista and Windows 7 profiles have more subfolders (and some different subfolders) than Windows XP profiles have.
• In Windows XP the folders My Pictures, My Music and My Videos were subfolders of My Documents; in Windows Vista and Windows 7 the user profile structure was flattened so that all of these folders are now peers.

The bottom line here is that the changes in the user profile structure starting with Windows Vista are so significant that these new profiles are called “v.2” profiles to distinguish them from the earlier Windows XP profile structure. This has significance, particular when trying to implement Roaming User Profiles in an environment (more about that in another article of this series).

We’ll dig deeper into certain portions of user profiles later in this series, but meanwhile if you’re interested in more detailed information concerning user profile changes in Windows Vista and Windows 7 you should read Chapter 15 of the Windows 7 Resource Kit (Microsoft Press, 2010). You can also find good information in the Managing Roaming User Data Deployment Guide (for Vista) here and What’s New in Folder Redirection and User Profiles (for Windows 7) here.

Figure 3: User profile structure in Windows XP. Other profile folders may be present depending on Windows features enabled and applications installed

Figure 4: The new “v.2” user profile structure in Windows 7 (and Windows Vista). Other profile folders may be present depending on Windows features enabled and applications installed

Roaming User Profiles

Roaming User Profiles (RUP) was actually developed way back in the Windows NT 4.0 timeframe and was intended to allow users to change seats and access their personalized desktop from any Windows computer on the network. In other words, RUP provides the ability for users to roam between computers. RUP as it was initially implemented had some problems however:

• RUP roams the entire user profile including settings for applications that aren’t specifically intended to be roamed (in other words, RUP has no granularity in what you can roam—it just roams everything in the profile). This isn’t a problem however for applications that are “well-designed” that is for apps that store their settings in the proper places—we’ll talk more about this later in this series.
• RUP syncs the local copy of the profile on the user’s computer with the copy stored on the server only at logoff. This is still the default behavior in Windows 7 though you can now choose to sync periodically in the background if you desire—more on this as well in a later article.
• RUP doesn’t work well in scenarios where users need to log on to multiple computers at the same time. The least that can happen might be data loss or settings that don’t apply the way you expect them to; the worst can be profile corruption, which necessitates rebuilding the user’s profile from scratch and losing all the data and settings that were previously present. And generally speaking in Active Directory environments there’s no easy way to prevent users from logging on to multiple computers concurrently except by educating them not to do this.
• RUP doesn’t work well if you have a mixed environment of Windows XP and Windows 7 (or Windows Vista) computers. RUP also doesn’t work well if your environment has a mix of computers running x86 and x64 versions of Windows. We’ll talk more about mixed environments later in this series.
• Because the profiles RUP creates (roaming user profiles) contain all of the user’s data and settings, they can grow very large, especially if the user has lots of pictures, music and videos on their computer. The result is that RUP as it was originally designed could result in terribly long logon/logoff times for users as their profile was downloaded to or uploaded from their computer.

That last issue led Microsoft to introduce a second USV technology to complement RUP and that’s what we’ll look at next. But meanwhile if you’re interested in learning more about RUP you can check out the chapter of the Windows 7 Resource Kit mentioned earlier in this article.

Folder Redirection

Folder Redirection (FR) was introduced in Windows 2000 as a way of mitigating the slow logon/logoff issue associated with large roaming profiles in NT. The idea is that FR lets you redirect certain profile folders such as My Documents out of the user’s profile and store the contents of these folders on a separate network share than the one where the user’s profile is stored. Then when the user’s computer downloads (or uploads) the user’s roaming profile from the network, the contents of My Documents and other redirected folders won’t need to be downloaded, making logon (and logoff) times faster.

FR was also introduced for several other reasons:

• So that users could roam between computers and access their data from the network even when RUP has not been implemented in the organization’s environment. FR in this case can be seen as a kind of “poor man’s RUP” that roams only user data but not user settings, but we’ll see below that you can also use FR to roam user settings (sort of).
• So that administrators could more easily back up user data by having such data stored on the network (in the redirected My Documents folders located on a file server) instead of on client computers (in each user’s local My Documents folder).
• So that any application settings (specifically, files associated with applications and certain Windows features) stored in the Application Data subfolder could also be redirected and hence roamed. More on this in a moment.
• So that RUP could work more effectively in a Terminal Services environment. More on this too in a moment.

FR was updated a bit in Windows XP and Windows Server 2003 and let you redirect the following profile folders:

• My Documents – This is usually the biggest profile folder by far, so redirecting this folder is always a best practice whenever you implement RUP. And since My Pictures, My Music and My Videos are subfolders of My Documents, the contents of these folders also get redirected to the network. Finally, as mentioned above redirecting My Documents lets administrators back up your data more easily so you don’t lose your work if your machine crashes.
• Desktop – Some (if not most) users tend to store important documents on their desktop so they can access them easily, and if you store a lot of files on your desktop then you may experience logon/logoff delays if RUP has been implemented in your environment. Redirecting the Desktop folder also ensures that anything you save to your desktop also gets backed up.
• Application Data – This profile folder stores configuration settings for Windows features and installed applications. In other words, by redirecting the Application Data folder you can roam user settings (in addition to roaming user data by redirecting My Documents and Desktop). The trouble is, redirecting the Application Data folder redirects all settings stored in this folder, even for applications that weren’t designed to be roamed. In fact, it turns out that roaming per-user settings applications is a thorny problem, so we’ll devote an entire article in this series to discussing it later.
• Start Menu – Redirection of this folder was intended mainly for Terminal Services environments where everyone is supposed to get the same Start Menu and be able to run a common set of applications. Because of this, redirection of Start Menu is a specialized topic that we’ll look at later in this series.

Anyways, in Windows XP and Windows Server 2003 you can use Group Policy to implement FR as shown in Figure 5 below. Beginning with Windows Vista however, you now have the option of redirecting additional profile folders (up to 13 folders in total) and Figure 6 illustrates this new situation. There are a few other improvements to FR in Windows Vista and Windows 7 that we’ll talk about later in this series.

Figure 5: Folder Redirection policy in Windows XP and Windows Server 2003

Figure 6: Folder Redirection policy in Windows Vista, Windows 7 and Windows Server 2008

Offline Files

When FR was introduced in Windows 2000 there was another feature introduced alongside it called Offline Files (OF) that was intended to complement FR. The reason is because if FR redirects user data (and possibly user settings) to a network server but the network (or the server) suddenly becomes unavailable, the user won’t be able to access their data files (and some application customization files) resulting in confusion, frustration and lost productivity. Offline Files is designed to mitigate this problem by synchronizing folders and files on the user’s machine with their copies on the network. OF thus goes hand-in-hand with FR and OF is almost always implemented when FR is implemented. We’ll dig deeper into OF later on in this series, but for now you can think of OF as a given whenever FR is being used.

Issues to Consider

What then are the major issues you need to consider when designing and planning a USV strategy for your organization? Here is a list of some key issues we’ll be looking at in this series of articles:

• What business scenarios can benefit from USV?
• What issues can arise when trying to virtualize application state?
• What considerations are there for mixed environments, for example when some of your users have Windows 7 running on their computers while others still have Windows XP?
• What do you need to be aware of when planning migration of a Windows XP environment that has FR/OF/RUP to Windows 7?
• Are there any security considerations for implementing FR/OF/RUP?
• Are there any other limitations you should be aware of concerning what one can do with FR/OF/RUP?
• And finally, how should you actually go about implementing a USV solution? What steps do you need to take in what order?

How to completely remove Windows security centre 2009?

How to completely remove Windows security centre 2009?

Are you facing the problem to completelyremove Windows security centre 2009? If you don’t know how to fully remove it and its components or got error message during uninstalling process, please follow the instructions below to safely remove Windows security centre 2009 including their folders and associated entries from your computer.

Remove it through the Add/Remove Programs Control Panel.

In many cases, you can remove Windows security centre 2009 simply through Add/Remove Programs.

1) Click on Start, Click on Control Panel.

2) Double-click on Add or Remove Programs.

3) Find the Windows security centre 2009 listed and click on it.

4) Click on Change/Remove.

5) The removal process will start automatically showing each program being removed, then it will ask to restart the computer. You should go ahead and reboot after the removal process is finished.

6) After rebooting Windows security centre 2009 should be removed from your system.

If for some reason, the normal uninstall does not remove it, I recommend following the automatic uninstall instructions below to remove Windows security centre 2009.

Remove Windows security centre 2009 automatically.

The best way to remove Windows security centre 2009 is to run a professional uninstaller. The uninstaller tool deletes all traces of Windows security centre 2009 in Windows 2000 Pro, Windows XP Home and Professional, Windows Vista and Windows 7.

1.Click to download the best uninstaller tool.

2. Click Save and save the file to your desktop

3. Double click on the exe file to install the uninstaller on your PC.

4. Close all Windows security centre 2009 application windows you may have open.

5.Run the uninstaller and then click on the “Force Uninstall” tab.

5. Find the folder of Windows security centre 2009 and click “Next” to begin the removal.

6. Follow the steps on the uninstall wizard to finish the removal.

By following the simple steps above, Windows security centre 2009 will be quickly removed from your computer. If you have difficulty in uninstalling other programs, you can refer to more how to completely force uninstall programs tutorials on my site.

Pass Mcse 70-290 Exam Easily

Pass Mcse 70-290 Exam Easily

MCSE 2003 70-290 Certification

Get Certified in Days

According to our survey, over 85% of the candidates acknowledge that they have spent needless time and money before finding the most suitable solution to pass the 70-290 exams. It doesn’t matter if you are just starting out and looking for the most suitable way to get certified, or a skilled technician looking for the most efficient way to get certified, we have the right solution for you.

We provide the following to help you get certified in the most convenient way

24/7, around the clock, consulting service that will assist you, guide you and help you, until you get certified. This price also includes; exam vouchers and all other related expenses. There is no further cost to attain your certification.

Our Guarantee

We will refund any payment that you make, should you for any reason fail to get certified. The refund is an unconditional total refund of any moneys paid.

Why MCSE 2003

MCSE 2003 70-290 Certifications are among the most specialized certifications available today. The MCSE 2003 70-290 Certification give you industry recognition for your expertise for business solutions based on the Microsoft Windows? 2003 platform and Microsoft 2003 server software. Implementation responsibilities include installing, configuring, and troubleshooting network systems. The MCSE 2003 credential is one of the most widely recognized technical certifications in the industry, a credential in high demand. By earning the premier MCSE credential, individuals are demonstrating that they have the skills necessary to lead organizations in the successful design, implementation, and administration of the most advanced Microsoft Windows platform and Microsoft server products.

MCSE 2003 Certification Requirement:

1. Core exams (six exams required)

• Four networking system exams: (four exams required)

Exam 70-290: Managing and Maintaining a Windows Server 2003 Environment.

Exam 70-291: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure.

Exam 70-293: Planning and Maintaining a Windows Server 2003 Network Infrastructure.

Exam 70-294: Planning, Implementing, and Maintaining a Windows Server 2003 Active Directory Infrastructure.

• One client operating system exam: (one exam required)

Exam 70-620: TS: Microsoft Windows Vista, Configuring.

Exam 70-270: Installing, Configuring, and Administering Microsoft Windows XP Professional.

Exam 70-210: Installing, Configuring, and Administering Microsoft Windows 2000 Professional.

• One design exam:

Exam 70-297: Designing a Windows Server 2003 Active Directory and Network Infrastructure.

Exam 70-298: Designing Security for a Windows Server 2003 Network.

2. Elective exams (one exam required)

Exam 70-089: Designing, Implementing, and Managing a Microsoft Systems Management Server 2003 Infrastructure.

Exam 70-227: Installing, Configuring, and Administering Microsoft Internet Security and Acceleration (ISA) Server 2000, Enterprise Edition.

Exam 70-228: Installing, Configuring, and Administering Microsoft SQL Server 2000 Enterprise Edition.

Exam 70-229: Designing and Implementing Databases with Microsoft SQL Server 2000 Enterprise Edition.

Exam 70-235: TS: Developing Business Process and Integration Solutions Using BizTalk Server.

Exam 70-236: TS: Microsoft Exchange Server 2007, Configuring.

Exam 70-262: TS: Microsoft Office Live Communications Server 2005 – Implementing, Managing, and Troubleshooting.

Exam 70-281: Planning, Deploying, and Managing an Enterprise Project Management Solution.

Exam 70-282: Designing, Deploying, and Managing a Network Solution for a Small- and Medium-Sized Business.

Exam 70-284: Implementing and Managing Microsoft Exchange Server 2003.

Exam 70-285: Designing a Microsoft Exchange Server 2003 Organization.

Exam 70-297: Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure.

Exam 70-298: Designing Security for a Microsoft Windows Server 2003 Network.

Exam 70-299: Implementing and Administering Security in a Microsoft Windows Server 2003 Network.

Exam 70–301: Managing, Organizing, and Delivering IT Projects by Using Microsoft Solutions Framework 3.0.

Exam 70–350: Implementing Microsoft Internet Security and Acceleration (ISA) Server 2004.

Exam 70–431: TS: Microsoft SQL Server 2005 – Implementation and Maintenance.

Exam 70-445: Microsoft SQL Server 2005 Business Intelligence – Implementation and Maintenance.

Exam 70-500: TS: Microsoft Windows Mobile Designing, Implementing, and Managing.

Exam 70-501: TS: Microsoft Windows Server 2003 Hosted Environments, Configuring, and Managing.

Exam 70-620: TS: Microsoft Windows Vista, Configuring.

Exam 70-624: TS: Deploying and Maintaining Windows Vista Client and 2007 Microsoft Office System Desktops.

Exam 70-630: TS: Microsoft Office SharePoint Server 2007, Configuring.

Exam 70-631: TS: Configuring Microsoft Windows SharePoint Services 3.0.

With rich experience in writing, often in the major websites, newspapers published articles and welcomed by a large number of readers,and articles written by others with a large number of quote.

Microsoft Refused to Patch Office XP

Microsoft Refused to Patch Office XP

 

Microsoft said it would not patch a vulnerability in Office XP because creating a fix was “infeasible.”

The omission makes users running Office XP vulnerable to attack unless they take additional steps on their own.

Office XP, which debuted in March 2001, remains on Microsoft’s list of supported suites — users will continue to receive security updates through mid-July 2011. But on Tuesday, Microsoft said a COM (component object model) validation vulnerability in the aged suite couldn’t be patched.

The decision was explained in one of the 10 updates Microsoft issued yesterday that patched a record-tying 34 vulnerabilities.

“The architecture to properly support the fixes to correct validation does not exist on Microsoft Office XP, making it infeasible to build the fixes for Microsoft Office XP products to eliminate the vulnerability,” said Microsoft in the MS10-036 security bulletin. “To do so would require rearchitecting a very significant amount of the Microsoft Office XP products, not just the affected components.”

Even if it managed to rework Office XP, Microsoft said the effort would “sufficiently introduce an incompatibility with other applications that there would be no assurance that these Microsoft Office products would continue to operate as designed.”

“This is another example of old software showing its age,” said Amol Sarwate, the manager of Qualys’ vulnerabilities research lab. “The interdependencies of those [.dll files] is almost impossible to patch without upgrading the whole platform.”

Instead of an actual patch, Microsoft urged Office XP users to download and run an automated tool from its “Fit it” Library. The tool, said Microsoft, “provides similar protections against the vulnerability” as the patch offered to people running Office 2003 and Office 2007.

“Microsoft built a shim to protect Office XP,” said Richie Lai, Qualys’ director of vulnerability research. “It’s a workaround, but Microsoft’s not fixing the vulnerable code.

The Fix it shim can be downloaded from Microsoft’s support site.

This was the second time since September 2009 that Microsoft has passed on providing a patch. Then, Microsoft declined to patch two bugs in the implementation of TCP/IP in Windows 2000 and Windows XP. TCP/IP is the Web’s default suite of connection protocols. Microsoft used the same rationale last September as it did Tuesday to explain why it isn’t patching.

“No, I wouldn’t call this a trend,” said Sarwate when asked whether the two incidents indicate a decision by Microsoft to refuse to patch older products.

Additionally, users running Office 2003 or Office 2007 must upgrade those suites before applying Tuesday’s patch, Microsoft added. Office 2003 must be at Service Pack 3 (SP3), the latest major update from Microsoft, while Office 2007 must be at SP1 or SP2.

Microsoft also said that it piggybacked other changes onto the MS10-036 updates for Office 2003 and Office 2007 that address problems that resulted when a Microsoft engineer added a single extraneous “&” character to a critical code development library.

The company patched Active Template Library (ATL), a code library used by both Microsoft and third-party developers to build software, in an emergency July 2009 update.

“This update includes a defense-in-depth change … that helps prevent components and controls built using vulnerable versions of ATL from being exploited in the Microsoft Office products,” said Microsoft.

Although Microsoft didn’t tell Office XP users to upgrade, Qualys’ researchers did.

“Older software has the highest number of vulnerabilities,” noted Lai. “Of the 14 vulnerabilities in Excel patched [Tuesday in MS10-038] 11 of them applied just to Office XP, but only three to the newer versions.”

Want to share Windows 7 information with every reader, welcome to http://www.newton360.com to get more information, including Windows 7 news, tips, wallpapers and softwares…

Sysprep in Windows Vista and Windows Server 2008

I thought I’d document how to setup the new Sysprep process equivalent on Windows 2008 since the old setupmgr tool for making sysprep.inf’s doesn’t exist anymore (and neither does the sysprep.inf file itself).

The first step is acquiring the Windows Automated Installation Kit (WAIK) from somewhere. You can get this package in ISO file format from Microsoft’s website at http://www.microsoft.com/downloads/details.aspx?FamilyID=94bb6e34-d890-4932-81a5-5b50c657de08&DisplayLang=en. The download is about an 800MB install on a Windows Server 2003 SP2 x86 machine.

The tool of choice for building your Sysprep configuration is the Windows System Image Manager (WSIM). When you start it you’ll get a blank screen like this:

The first step is to catalog the image file. You can do this from Tools>Create Catalog, selecting your install.wim and then what image(s) to catalog. I’m setting up Windows Server 2008 Enterprise so I selected the appropriate option. The final three choices are the server core variants:

Note: You’ll also need to copy the install.wim from your installation media DVD sources folder to the hard drive as the tool won’t work with it if it doesn’t have write access to the WIM file.

All of the settings you will want to setup in your unattend.xml file are in the tree under Windows Image. The documentation for all the settings can be found at http://technet2.microsoft.com/WindowsVista/en/library/69eee519-55a6-440d-ab94-56330ef57e291033.mspx. This link shows a mapping table between the sysprep.inf file and the new unattend.xml format.

All of the various settings can be applied during different passes of the setup process which sysprep will trigger. You can read about these passes here. I built a simple unattend file just for sysprep’ing my base image which includes settings in the generalize, specialize, and oobeSystem passes. All of the settings I chose are outlined below.

My answer file tree:

Disabling the initial configuration dialog:

Disabling auto-starting the server manager application:

Setting my product key, timezone settings, and my name:

Configuring the screen resolution and color depth – 1280×960 is what works in VMWare full screen mode with the tabs across the top:

Configuring setup not to show me the EULA again:

Configuring setup to install a default local administrator account password:

One of the things I discovered doing this is that unlike Sysprep from Windows 2000 – 2003, the unattend.xml file isn’t deleted at the conclusion of the Sysprep process. When down-level Sysprep completes, it deletes the c:sysprep folder. In order to replicate this functionality, you can put a command in to delete the unattend.xml file in the SetupComplete.cmd batch file (which must be located in c:windowssetupscripts) which gets called at the end of Sysprep. Reference this link for more info.

I put a simple one line command in my SetupComplete.cmd file:

del /Q /F c:windowssystem32sysprepunattend.xml

In order to run Sysprep you’ll need to use a new command. The old Sysprep user interface that was there in Windows 2000 – Windows Server 2003 doesn’t really exist anymore. All of the Sysprep command line switches are documented at http://technet2.microsoft.com/WindowsVista/en/library/72cc64e2-a0f3-4516-84fc-097577127fc91033.mspx.

sysprep /generalize /oobe /shutdown /unattend:sysprep.xml

So far this process is working fine for me with Windows Server 2008 Enterprise x86 full installs. I haven’t tried it with server core yet, but if it’s different I’ll post something about that.

Sysprep in Windows Server 2008 R2 and Windows 7

Note: This post discusses Sysprep as it pertains to Windows 7 and Windows Server 2008 R2. If you’re working with a different version of Windows, check out these posts:

• Windows Vista and Windows Server 2008

The first step is acquiring the Windows Automated Installation Kit (WAIK) and installing it on a machine. It will run fine on a Windows Vista or Windows Server 2008 machine. You can get it from Microsoft’s website at http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=696dd665-9f76-4177-a811-39c26d3b3b34.

The tool of choice is the Windows System Image Manager (WSIM). When you start it you’ll get a blank screen like this:

The first step is to open the image file for the Windows SKU you want to build a sysprep file for by going to File>Select Windows Image:

Note: You may need to first create a catalog file before completing the preceding step. In order to do this, you’ll first need to copy the install.wim from your installation media DVD sources folder to the hard drive as the tool won’t work with it if it doesn’t have write access to the WIM file. You can then go to Tools>Create Catalog and create the catalog file.

All of the settings you will want to setup in your unattend.xml file are in the tree under Windows Image. The documentation for all the settings can be found in the Unattended Windows Setup Reference CHM file which ships with the WAIK. This link http://technet.microsoft.com/en-us/library/cc749272(WS.10).aspx shows a mapping table between the sysprep.inf file and the new unattend.xml format. This link is for Windows Vista but it still applies.

All of the various settings can be applied during different passes of the setup process which sysprep will trigger. You can read about these passes here. I built a simple unattend file just for sysprep’ing my base image which includes settings in the generalize, specialize, and oobeSystem passes. All of the settings I chose are outlined below.

My answer file tree:

Disabling the initial configuration dialog:

Disabling Server Manager from loading at first run:

Setting the Internet Explorer homepage to “about:blank”, turning off the IE8 Accelerators, and disabling the first run wizard:

Setting Google as my default Search Provider in Internet Explorer:

Note: To do this, you should right click on SearchScopes and Insert New Scope.

There are two versions of Internet Explorer on a 64-bit machine – the 64-bit IE and the 32-bit one. You’ll need to set the settings for them independently. Duplicate the above IE configuration in the wow64_Microsoft-Windows-IE-InternetExplorer_neutral component:

Setting my product key, timezone settings, and my name:

Configuring localization settings – if you want something other than US English, look under Input Locales in the index of the Unattended Windows Setup Reference CHM file referenced earlier:

Configuring the screen resolution and color depth – 1280×960 is what works for me in VMWare full screen mode with the tabs across the top:

Configuring setup not to show me the EULA again:

Configuring setup to install a default local administrator account password:

One of the things that’s unlike Sysprep from Windows 2000 – Windows Server 2003 is that the unattend.xml file isn’t deleted at the conclusion of the Sysprep process. The down level Sysprep deletes the c:sysprep folder when it finishes. In order to replicate this functionality, you can put a command in to delete the unattend.xml file in the SetupComplete.cmd batch file (which must be located in c:windowssetupscripts) which gets called at the end of Sysprep.

I put a simple one line command in my SetupComplete.cmd file:

del /Q /F c:windowssystem32sysprepunattend.xml

In order to run Sysprep you’ll need a new command. The old Sysprep UI that was there in Windows 2000 – 2003 doesn’t really exist anymore. All of the Sysprep command line switches are documented at http://technet.microsoft.com/en-us/library/dd744330(WS.10).aspx.

sysprep /generalize /oobe /shutdown /unattend:unattend.xml

Tips for Safe Computing ? Microsoft Small Business Centre

Tips for Safe Computing ? Microsoft Small Business Centre

Ensure you have the latest updates. Install updates and security patches on all servers, desktop and laptop PCs.

To get the latest updates for your Windows operating system, software and hardware, go to Microsoft Update (U.S.). It scans your computer to determine which updates you need and then you can download any or all of them.

To improve the security and stability of your Microsoft Office software, go to Office Update (U.S.) and follow the Check for Updates link.

If you use Windows XP Professional, there is an even easier way to get updates. Simply activate the Automatic Updates feature, which allows your PC to automatically notify you of important updates once they are made available.

Reduce the risk of viruses. There are numerous things you can do to protect your computer and your network against viruses. Using anti-virus software and keeping it current is the first step, but there are other things you can do:

Use the default security settings in Office 2003, which is the most secure version of Office released to date

Visit the Office Update (U.S.) site for the latest updates and patches

Never open suspicious e-mail messages or file attachments; take advantage of the state-of-the-art junk mail filter in Outlook 2003 to send suspicious messages directly to your Junk E-mail Folder

Use Windows Security Centre to manage your settings. Get a clear picture of the security settings on your PC using the single, unified view provided in the Windows Security Centre. Adjust them as necessary to the level of protection you are comfortable with. The settings that guard your PC are automatically applied to files and content delivered via the internet, helping safeguard confidential business data.

Encrypt sensitive information on your laptop. If you travel on business and use a laptop that runs Windows 2000 Professional or Windows XP Professional, guard against data theft. Use the Encrypted File System (EFS) to encrypt sensitive files and folders. If the laptop is stolen, your files and folders are protected because only those with a special decryption key can access the encrypted files.

Download internet files from trusted sources only. If you’re unsure if the files you want to download are safe, consider downloading them to a disk separate from your hard drive, such as a CD or floppy. Then you can scan the files with your virus scanner.

Use password encryption to protect Office files. Improved encryption technology has strengthened password security in Word 2003 and Excel 2003 and extends password encryption to PowerPoint 2003. Look under the Tools menu in each of these three programs to activate password protection. This is an effective way to restrict access to confidential business information.

Clean your hard drive before you discard a PC. If you’re getting a new PC or notebook and your old one is being discarded, be sure to remove any sensitive business or personal information before you let it go. This doesn’t mean simply deleting files and emptying your Recycle Bin. Your options include reformatting the hard drive or acquiring software that wipes it clean.

Use a firewall. If your company uses always-on broadband to connect to the internet, install a firewall as a basic line of defence against outside intruders. There are two basic types: 1) a software firewall such as the Microsoft Internet Connection Firewall that’s included in Windows XP Professional protects the machine it runs on, and 2) a hardware firewall that blocks all traffic between the internet and your entire network except for traffic from senders who are specifically trusted.

Never surf the web from a server. As the command centre for your entire network, a server typically stores critical business information. If your server is compromised, it puts all of that data as well as your entire network at risk.

Be smart about passwords. Always use strong passwords that are at least eight characters long and a combination of lower and upper case letters, numbers and symbols. Don’t use the same password repeatedly and make it a point to change your passwords frequently. If you have trouble remembering passwords, consider using a pass-phrase, which you can do in Windows 2000 and Windows XP. A pass-phrase might be something like “I had pizza for lunch Tuesday.”

For more tips on safe computing visit Microsoft SMB guide for pc workplace users .

GT Kimberly is an ardent follower of IT Software News. He is a regular reader of news happenings of Big Companies like , etc..

How to migrate your existing Active Directory to Windows Server 2008

This is a brief How To guide (the first of many) on how to migrate your existing Active Directory to Windows Server 2008.

Please note that I cannot be held responsible for any issues that you encounter when following this guide, my upgrade was done in a lab environment on a single Domain Controller running Exchange 2003.

If you do follow this and do it on a live system please, please, please run a full back up of your domain controllers and verify that the backup was successful. Even though this is a straight forward upgrade if anything goes wrong during the upgrade, you could potentially be left with a domain that NO users can logon to.

Before you start upgrading

verify that your domain controllers meet these requirements:

• The hardware meets or exceeds the requirements for Windows Server 2008.
• All hardware and software is compatible with Windows Server 2008, including antivirus software and drivers.
• You have ample disk space to perform the install.
• The current domain functional level is Windows 2000 Native or Windows Server 2003. You cannot upgrade directly from Windows NT 4.0, Windows 2000 Mixed or Windows Server 2003 Interim domain functional levels.
• All Windows 2000 Server domain controllers have Service Pack 4 installed.

Test your domain

Active Directory domains are very resilient and can continue to function even when a there are various problems e. Even if your Active Directory seems to be working properly, you might have logon delays, replication failures or Group Policy settings that aren’t being applied. These conditions can cause problems during an upgrade, so it’s crucial to resolve them now.

These tools will help you identify and diagnose any problems:

• Dcdiag.exe. Run this tool to analyse your Active Directory for common problems; it’s included with Windows Server 2003 and Windows Server 2008.
• Repadmin.exe. Use Repadmin.exe to identify Active Directory replication problems; it’s included with Windows Server 2003 and Windows Server 2008.
• Gpotool.exe. Use this tool to verify that Group Policy is consistent among domain controllers, it’s included with the Windows Server 2003 Resource Kit tools, available at http://go.microsoft.com/fwlink/?linkid=27766.
• Event Viewer. Review the Directory Services log file for errors that might indicate problems.

Prepare Your Schema

If you upgraded from Windows 2000 to Windows Server 2003 you will be familiar with the Adprep.exe tool that was located on the Windows Server 2003 CD to prepare your Forest and Domain Schema. To prepare the Schema for Windows Server 2008 you will need to run the adprep tool from the Server 2008 DVD. This is located in the SoucesADprep Folder on the CD.

Run the following Command to prepare your domain for 2008:

Adprep /forestprep
Adprep /domainpre

Adprep /domainprep /gpprep

Adprep /rodcprep

If you get an error during the Adprep /domainprep about the domain not being in native mode you need to raise the level of your domain and then re-run domainprep. To raise the level of your domain go into Active Directory Domains and Trusts. Right click on the domain and select Raise Domain Function Level… 

Once you have finished running the Adprep on you domain controller, join your new Windows Server 2008 Server to your domain make sure that you have a static IP assigned to the server I am using IPv4 as to be honest know nothing about IPv6 just now, so when running dcpromo click yes to the prompt about the Static IP assignment.

Then once that has done you will have a functioning Windows Server 2008 Active Directory Server.

The ScreenCast video content presented here requires JavaScript to be enabled and the latest version of the Macromedia Flash Player. If you are you using a browser with JavaScript disabled please enable it now. Otherwise, please update your version of the free Flash Player by downloading here.

// < ![CDATA[
//