Category: Windows Desktop

Microsoft has released a beta document on using the Windows Automated Installation Kit for deploying Windows 7.

DirectAccess is a mechanism available to companies running Windows 7 Enterprise/Ultimate and Windows Server 2008 R2.  It allows roaming access to SMB and HTTP resources on internal network without using a VPN client.  It uses a new protocol called IP-HTTPS.  That allows a secure IP tunnel to be encapsulated in HTTPS.  Dropping the VPN client allows a roaming user to just access a resource without starting up some client that complicates their experience.  It also allows secure access to the internal resource while they still maintain open access to other Internet resources.

Microsoft has published a guide for designing a DA architecture. 

“This guide provides recommendations to help you plan a DirectAccess deployment using the Windows Server® 2008 R2 operating system. It is intended for use by infrastructure specialists or system architects who are planning a new DirectAccess deployment. This guide covers DirectAccess deployment goals and design considerations for Internet Protocol version 6 (IPv6) connectivity, access models, packet filtering, infrastructure requirements, and server placement, redundancy, and capacity planning”.

Note: Users who don’t use Enterprise/Ultimate editions of Windows 7 cannot use DirectAccess which is a shame.

If you’re reading this then you’re probably a geek.  And you probably downloaded Windows 7 from TechNet or MSDN last week.  You’ll have noticed that MS did not take advantage of WIM files (multiple images in one file thanks to single instance storage of the contained files).  Normally you boot up the DVD/ISO and choose and edition to install.  However, the ISO’s that MS shared last week are specific and at first glance, only contain 1 edition, e.g. Business, Ultimate, etc.

Wes Lazara posted this and something else over the weekend.  On inspection, the INSTALL.WIM file does contain the other images – as we would have expected originally.  It’s just MS placed a file called EI.CFG on the DVD to restrict what the installer would show.  Why?  I’ve no idea.  It seems dumb to me.  One of the great things about WIM is the ability to have more than one image.  Does Microsoft think we’re dumb and need help in this matter?  If you are that dumb should you really be installing an operating system?

I’m currently writing some content on advanced user management in Windows Server 2008 R2.  It was previously written using Windows Server 2008 and Windows 7 but some timing complexities stuffed the publication.  It was decided to update the content for Windows Server 2008 R2 and Windows 7.

Part of this chapter (my fourth in the book) is the creation of mandatory profiles.  I’d previously written it based on MS guidelines for Vista and Windows Server 2008.  It was pretty much the same in all versions of Windows I’d used going back to 1996.  You log into a sample PC as a user and configure the profile – shortcuts, desktop, registry, etc.  You log out and then log in as an administrator.  You go into “Control panel – System – User Profiles”.  You select the profile of the sample user and click on <Copy To> to copy the profile to a UNC path on a file server.  Part of the dialog re-permissions the profile for a group such as Authenticated Users.  That’s required to allow access to the registry hive contained in NTUSER.DAT.  It’s not an NTFS permission but an internal one.  Once the profile is copied you rename the NTUSER.DAT to NTUSER.MAN.  You then configure the user objects in AD to use that profile.

I went to test this on Windows 7 yesterday afternoon.  Up to then I was making great progress on my chapter which was already 2 days late.  It looked like I would finish today.  I set up my profile, logged out and logged in as admin.  I selected the profile in the user profiles dialog and went to click on the <Copy To> button.  It was greyed out.  OK, profile files sometimes get locked even after a log out.  I rebooted.  It was still the same.  I could select the Default profile but I wanted nothing to do with it.  Something has changed!

I googled and the first result was a thread on TechNet.  This was brought up earlier this May (2009) during pre-RTM testing.  Microsoft acknowledged this but misunderstood the request.  They believed people were trying to copy over the Default user profile.  Some were – but not all were, e.g. I’m trying to copy 1 user profile to another user profile.  The issue also exists on Windows Server 2008 R2.

My lab was an RC lab.  I rebuilt the Windows 7 VM with an RTM release.  It’s still got the same issue.

There appears to be a workaround.  It should work but I’m not assuming that it does.  I’ll be testing it out.  It’s messy and slow … it requires folder deletion and registry editing.  I’ll follow up this post a little later once my tests and writing are complete.

I’ve posted feedback on the Windows 7 newsgroups (microsoft.beta.win7.general) on Connect.  Feel free to do the same if you have a problem with this change by MS.

EDIT #1:

I’ve tested the workaround on Windows 7 RTM and it works.  It’s a bit more time consuming than clicking on <Copy To> but it does the same thing.  What you are doing is:

• Manually copying the profile folder to the file server.
• Renaming it, e.g. Mandatory.V2 (the V2 is required for Vista, Windows 7, Windows Server 2008/2008 R2
• Deleting AppDataLocal and AppDataLocalLow from the new profile on the file server.
• Launching REGEDIT on the file server and loading the hive from NTUSER.DAT in the profile.
• Changing the permissions on the loaded hive: delete the old user and add in a group, e.g. authenticated users = full control.
• Unloading the hive.
• Renaming NTUSER.DAT in the mandatory profile to NTUSER.MAN
• Changing the user object(s) to use a roaming profile, e.g. \fileserverprofiles$mandatory.  Note that .V2 is not specified here.  It’s silent.  Vista, etc know to add it.  XP, etc won’t use it.

Yes, much slower than clicking on <Copy To> and renaming a folder and a file.

MS Press has made available some chapters from soon-to-published materials.  They include chapters on:

• Installing and Configuring Windows 7
• Personalizing Windows 7
• Performing Routine Maintenance
• Support Users and Remote Assistance
• Deploying IPv6
• Explore Windows 7
• Navigate Windows and Folders
• Integrate with the Windows 7 Taskbar Part 1 (for developers)

The WAIK for Windows 7 and Windows Server 2008 R2 is released.  This tool helps you write your XML based unattended installation answer files for the “Panther” generation installers, e.g. Vista and later.  I’ve recently written about WAIK for W2008 R2 for a book.  The tool itself hasn’t really changed.  The component names of the WIM images have changed a little bit, but you’ll be able to figure the changes out pretty quickly.

Supported Operating Systems:

• Windows Server 2003 R2 SP3
• Windows Vista SP1
• Windows Server 2008 family
• Windows 7 family
• Windows Server 2008 R2 family

At just after 18:00 GMT, Microsoft made Windows 7 available to those of us with TechNet or MSDN subscriptions for test and development purposes (only).  What’s it all about?

Well, you can compare the editions here.

You can see what’s new here.

You can learn about deploying and managing Windows 7 here.

Right, I’m done blogging for the night unless something interesting happens.  I’ve got a download running and an install or two to do 🙂

It appeared over the last few minutes.  I’ve got a download of Ultimate running now.  The Windows Automated Installation Kit (WAIK) for Windows 7 and Windows Server 2008 R2 appears to be out as well.

In around 1 hour we’ll see Windows 7 appear on TechNet and MSDN.  I’d normally tweet this but Twitter is offline due to a DDOS attack.  I wonder if that’s a coincidence?!?!?

That’s when you can check MSDN and TechNet to get your hands on Windows 7.  I found out the time earlier this week under NDA but MS Ireland’s Enda Flynn just tweeted it.  That makes it public knowledge!

And Windows Server 2008 R2 will be out on the 14th.