Computer Enterprise: August 2011

29 Aug 2011

Ten Things IT Professionals Should Know About Windows 7

Every year, we get hit with a long drumbeat of “top 10 lists”—whether it’s the 10 worst-dressed celebrities at the Academy Awards, the 10 best ways to get in shape before spring, the 10 best ways to annoy the person in the office next to you.

At the Springboard Series, we pretty much have a one-track mind—what is in store for IT professionals responsible for desktop administration. While we might be tempted to share a couple of those weight-loss tips, it’s probably best we stick to what we know best—the top 10 things you need to know about the Windows 7 operating system.

With the Release Candidate of Windows 7 now available, we encourage you to download a version to your lab machine and begin testing your applications and devices to get to know what’s in it for you. As you begin testing, we offer this guide to the key features and capabilities in this new desktop operating system.

Here are the top 10 things to know about Windows 7:

1 - Application compatibility

The Windows Vista operating system introduced architectural changes down to the kernel level that made the OS inherently more secure than Windows XP. However, this came at a cost; many applications needed modification to function properly in a Windows Vista environment. While at this point in the lifecycle of Windows Vista (post Service Pack 1) most applications are now compatible, deploying Windows Vista into the desktop environment early on required some “heavy lifting” and creative shimming—not to mention a few late nights.

Windows 7 is built on the same basic architecture as Windows Vista, so most applications will retain their compatibility between these operating systems. This alone will make adopting Windows 7 much less challenging than migrating from Windows XP to Windows Vista. If your organization is like many that are still standardized on Windows XP, you will need to transition to updated versions of your key applications, but the availability of Windows Vista–compatible versions and well-proven shims will make this task more manageable.

2 - Hardware compatibility and requirements

Much like the application compatibility issues, adopting Windows Vista early-on was a challenge because of the higher system requirements—such as RAM and graphics. On the flip side, Windows Vista provides manageability and security that just isn’t available on Windows XP, and with more capable hardware, Windows Vista is able to perform a number of useful functions that improve productivity (such as Windows Search 4 and the Windows Aero desktop experience) and increase PC responsiveness (the ReadyBoost technology launches applications more quickly by maintaining a portion of frequently used applications in memory).

Windows 7 was designed to perform well on the same hardware that runs Windows Vista well, while delivering additional performance and reliability improvements. The design team for Windows 7 had a specific focus on the fundamentals—as well as maintaining compatibility with existing applications and hardware. In operation, you will find that Windows 7 boots faster and has a smaller memory footprint than Windows Vista.

3 - Better Together with Windows Server 2008

One of the key benefits of the modern operating system is that Windows 7 and the Windows Server 2008 operating system share a common code base, and are maintained with a single servicing model. This servicing model means updates and security updates are shared across both client PCs and servers, simplifying the process of maintaining an up-to-date infrastructure.

In addition, environments with both Windows Server 2008 and Windows 7 unlock capabilities that extend functionality and help ensure a more secure environment. One example is DirectAccess, which allows management and updating of remote mobile PCs that are connected to the Internet, even when they are not connected to the corporate network. This capability helps ensure that remote users receive security patches on a timely basis, and allows IT to update configuration setting via Group Policy. For the end user, DirectAccess allows access to locations on the corporate network without using a virtual private network (VPN) connection. (In addition to Windows Server 2008 R2, DirectAccess requires IPSec and IPv6 implementation.)

4 - Extend data encryption to removable media

News reports are rife with stories about companies losing control over sensitive information. In some industries, this is an issue with grave legal implications, while in other situations the issue is inconvenience. Regardless, smart compliance policy dictates that sensitive information be safeguarded in the event of a lost or stolen laptop. Further, preventing sensitive information from being removed from corporate resources is a pillar of effective compliance management.

Windows 7 includes BitLocker technology, first implemented in Windows Vista, which now provides full encryption of all boot volumes on a PC; along with introducing BitLocker To Go that offers data protection on portable storage, such as USB flash drives. In addition, BitLocker Drive Encryption and BitLocker To Go can be managed via Group Policy, placing more control over sensitive information in the hands of the professionals.

5 - Control the application portfolio available to end users

Windows 7 features AppLocker, a new capability that allows IT administrators to specify which applications are permitted to run on a laptop or desktop PC. This capability helps you manage license compliance and control access to sensitive programs, but also importantly, it helps reduce the opportunity for malware to run on client PCs. AppLocker provides a powerful rule-based structure for specifying which applications can run, and includes “publisher rules” that keeps the rules intact though version updates.

To see how AppLocker is set up and managed, click here

for a screencast demonstration.

6 - Automate routine tasks with powerful scripting

To help IT administrators better maintain a consistent environment and improve personal productivity, Windows 7 includes an updated graphical scripting editor, Windows PowerShell 2.0—a powerful, complete scripting language that supports branching, looping, functions, debugging, exception handling, and internationalization.

PowerShell 2.0 has an intuitive, graphical user interface that helps make script generation easier, especially for administrators who are not comfortable in command-line environments.

PowerShell 2.0 supports two types of remoting—fan-out, which delivers management scripts on a one-to-many basis, and one-to-one interactive remoting to support troubleshooting of a specific machine. You can also use the PowerShell Restricted Shell to limit commands and command parameters to system administrators, and to restrict scripts to those who have been granted rights.

PowerShell 2.0, with the Group Policy Management Console (available as a separate download), allows IT professionals to use scripting to manage Group Policy Objects and to create or edit registry-based group policy settings in Windows 7. Similarly, you can use PowerShell to configure PCs more efficiently, using richer logon, logoff, startup, and shutdown scripts that are executed through Group Policy.

Click here to take a quick tour of PowerShell 2.0.

7 - Troubleshoot faster and more effectively

Windows 7 provides rich tools to identify and resolve technical issues, often by the end users themselves. If a help desk call is unavoidable, Windows 7 includes several features and troubleshooting tools to help speed resolution.

The Problem Steps Recorder allows end users to reproduce and record their experience with an application failure, with each step recorded as a screen shot along with accompanying logs and software configuration data. A compressed file is then created that can be forwarded to support staff to help troubleshoot the problem.

Windows 7 includes a suite of troubleshooting packs, collections of PowerShell scripts, and related information that can be executed remotely by IT professionals from the command line, and controlled on the enterprise basis through Group Policy Settings.

Windows 7 also includes Unified Tracing to help identify and resolve network connectivity issues in a single tool. Unified Tracing collects event logs and captures packets across all layers of the networking stack, providing an integrated view into what’s happening in the Windows 7 networking stack and aiding analysis and problem resolution.

8 - Create, deploy, and manage images more efficiently

Windows 7 includes several tools to streamline the creation and servicing of the deployment image, and to get users up and running as quickly as possible.

The Deployment Image Servicing and Management (DISM) tool in Windows 7 provides a central place to build and service Windows images offline. With DISM, you can perform many functions with one tool: mount and unmount system images; add, remove, and enumerate packages and drivers; enable or disable Windows features; configure international settings, and maintain an inventory of offline images that contain drivers, packages features, and software updates. Windows 7 also enables the same processes and tools to be used when managing virtual machine (VHD) and native file-based (WIM) image files.

Windows 7 also includes Dynamic Driver Provisioning, where device drivers are stored independent of the deployed image and can be injected dynamically based on the Plug and Play ID of the hardware, or as predetermined sets based on information contained in the basic input/output system (BIOS). Reducing the number of drivers on individual machines reduces the number of potential conflicts, ultimately minimizing setup time and improving the reliability of the PC.

When you are ready to deploy Windows 7, Multicast Multiple Stream Transfer enables servers to “broadcast” image data to multiple clients simultaneously, and to group clients with similar bandwidth capabilities into network streams to permit the fastest possible overall transfer rate while optimizing bandwidth utilization.

Watch a screen cast demonstration of the deployment tools for Windows 7 here.

9 - Easier migration of user data and profiles

Windows 7 includes enhancements to the User State Migration Tool (USMT), a command-line tool that you use to migrate operating system settings, files, and other user profile data from one PC to another. In Windows 7, USMT adds a hardlink migration feature for computer refresh scenarios, a capability that stores user data and settings in a common place on a drive, eliminating the need to “physically” move the files during a clean install.

10 - Improve user productivity in branch offices

Windows 7 introduces BranchCache, a technology that caches frequently accessed content from remote file and Web servers in the branch location, so users can access this information more quickly. The cache can be hosted centrally on a server in the branch location, or can be distributed across user PCs. One caveat: to take advantage of BranchCache, you will need to deploy Windows Server 2008 R2 on the related servers.

And, as a bonus:

Better support for client virtualization

Windows 7 delivers a richer experience when users are connected to a virtual desktop—much closer to the experience provides by a native Windows desktop. For example, Windows 7 provides multi-monitor support, bi-directional audio to enable Voice over Internet Protocol (VoIP) and speech recognition applications, and access to local devices, such as printers.

So there you have it—the top 10 things you need to know about Windows 7 (okay, we couldn’t stop until we hit “11”)—and if you have ideas for how to best annoy your office mates, it’s probably best to keep those to yourself!

Microsoft MCITP Important Tips for success

MCITP analysis actual is actual big, and aswell if one has to awning all the MCITP Certification(http://www.mcitp-70-680.com) depression and all of the MCITP convenance tests, afore he sits in the big exam, there accept to be a way to do things quickly. Reading things takes a lot of time, and the absorption amount of a being abundantly varies from being to person, about if one has absorption in the MCITP acceptance assay and the Microsoft MCITP online training advance again the audio exams can be of abundant help, in a way that you can consistently accept to them on the go, you will not alone use your time actual finer but as the audio exams are accessible in about all the above formats so you can calmly download them on your corpuscle buzz even.
All this accomplishment has been put in to accomplish abiding that you get the Microsoft MCITP ability in whatever way that is a lot of adequate for you, for us, our barter are the a lot of important affair and your affluence is the aboriginal thing.
The MCITP depression are a abundant way to apprentice about the Microsoft MCITP exam 70-680(http://www.mcitp-70-680.com) questions, and there are aswell questions that are accepted to appear in your examination, appropriately a absolute afterlight of the accomplished agreeable provided by the MCITP is absolutely important. One added affair that did abridgement in our affairs was the affairs labs and that is why, we accept added that too. It was one of the adventures that afore the applicants as had no absolute abecedary or a adviser in the anatomy of a person, they seemed to absence some of the things, or they were affirmation on a altered point, admitting the claim of the TestKing MCITP assay actual was a little altered and appropriately the affairs labs was the best solution. You get alternate MCITP simulations. And in the MCITP simulation there are abounding allowance credibility and aswell techniques to get to the acknowledgment quickly.
Again address in apperception all the latest Updated Microsoft MCITP certification we amend the alertness labs and it is absolutely a abundant ambiance for learning. And some humans in their testimonials accept mentioned that they begin this accession actual effective.MCITP abstraction can never be absolutely complete unless a being does not accept a able MCITP abstraction guide, as the abstraction adviser gives you all the important data and aswell gives you important tips. These tips are adequately important as they accord you an acumen of what an examiner ability accept been cerebration while he fabricated the catechism and appropriately you can acknowledgment in a bigger way.These MCTS(http://www.mcitp-70-680.com) tips are included in the dumps, the MCITP abstraction pack, and the MCITP classes.

15 Aug 2011

How to install Windows 7 on Mac

The article intends to help users install the latest Windows 7 operating system on their stylish Mac computers using simple methods. The methods described in this article are reliable and correct to the date. It is recommended to take the utmost care while following the instructions in order to ensure that Windows 7 successfully installs on the Mac computer.

Are you one of those Mac users who want to install Microsoft's Windows 7 on their computer but are going in circles in the lack of proper instructions? If yes, then you are in the right place. See the step by step instructions below to install Windows 7 on your stylish Mac computer.

Instructions:

First ensure that you have purchased a genuine Windows 7 copy, must have upgraded to Boot Camp 3.1, and have downloaded and installed all the firmware updates on your Mac. Besides, you would need to have the original Windows 7 installation disc, Snow LeopardOS X Leopard installation disc, and around 35GB (more would be better) of free space on the hard drive.

Let's begin with the installation. Close all the windows or programs that are currently opened on your Mac computer screen. Browse to Applications> click on Utilities> and then double click on Boot Camp Assistant. When the window comes up, click on the Continue button and ignore if you don't see Windows 7 among the possible OS installations.

It's time for allocating space to Windows 7 (better known as disc partitioning) for installation. It is better to allocate 25GB of space to Windows 7 in order to avoid frequent crashes or malfunctioning of programs. Use the small divider between the Mac OS X and Windows to change the disc space allocation and drag it to the left side (on the side of Windows to increase the disc space). After you are done with the desired space allocation, click on the Partition button. Wait until the process finishes. Be patient as it may take some time. When finished, you will notice that a new BOOTCAMP drive icon is showing up on your desktop. Now put the Windows 7 installation disc into the drive and click on the Start Installation button (when the installation wizard opens up) at the bottom right hand corner to initialize the process.

Wait while your Mac is starting and Windows 7 is booting up. When prompted, select the partition you want Windows 7 to be installed on. Click to select Disk 0 Partition 3 BOOTCAMP (always choose the disk with BOOTCAMP in the name. selecting some option other than this will cause serious issue in your Mac) and click on the Drive options (advanced) link. Click on the Format link with the Disk 0 Partition 3 BOOTCAMP still selected as the option. When the warning message occurs, click on the OK button. This will initialize the Windows 7 installation. Wait until the process finishes and tell you that Windows 7 has been successfully installed on your computer. This may take some time so be patient until your Mac has automatically rebooted. Remove the Windows 7 installation disk while Mac is rebooting. This will allow Mac to automatically reboot in Windows 7 operating system. When the computer loads up, you will be prompted to make a language selection or keyboard layout among other things.

Follow the instructions to complete the process. When finished, Mac will restart again and load Windows 7. When done with the loading, Windows 7 will begin downloading latest Windows updates. When finished downloading updates, your computer will prompt you to boot again, click on the Restart now button to let the changes saved. When the Windows 7 loads up after rebooting, you might not find no audio drivers are installed to play the sound.

To install the audio drivers, insert your Snow Leopard disk into the drive of your computer. When prompted with a window, click on Run setup.exe under Install or run program, follow the instructions like accepting the license agreement, and finish the process. When done, you will have audio drivers installed on your Mac to play the sound.

Who want to be a MCITP Certified

Administration field is getting advanced each year and now,with the help of administration concepts,it is possible to check as well as solve with all issues that are happening.Some of the important designations included in the CITP Certification(http://www.mcitp-70-680.com) are networking operating anaylyst,system administrating professional,technical support executive,networking technician and network anylyst etc.

Microsoft Certified Systems Administrator (MCITP) Help prove your expertise in systems administration on Windows Server 2003 and earlier operating systems by earning a Microsoft Certified Systems Administrator (MCITP) certification. For newer technologies, such as Microsoft Exchange Server 2010, Windows Server 2008, or Microsoft SQL Server 2008, the Microsoft Certified IT Professional (MCITP) is the appropriate certification to pursue.

Here are some of the key concepts in a MCITP Exams:

1. Managing and Maintaining a Microsoft Windows Server 2003 Environment. This exam will measure your ability to manage technical tasks like Managing and Maintaining a Microsoft Windows Server 2003 Environment that often includes monitoring server hardware and optimizing disk performance. Other technical task involves Managing Users, Computers, and Groups, Managing and Maintaining Access to Resources, Managing and Maintaining a Server Environment, and Managing and Implementing Disaster Recovery. Study guides for this concept are widely available. It is best that you read about them.

2. Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure. The focus of this concept is networking and the internet. For this concept, the examinee should read about managing and maintaining IP addresses, Implementing, Managing, and Maintaining Network Security, and Maintaining a Network Infrastructure. All these are important because a Systems Administrator should be adept in handling problems in relation to networking and internet.

3. Operating systems are also one of the key concepts in the MCITP exams(http://www.mcitp-70-680.com) . In order to pass this category the examinee should read and focus one of the following topics: Configuring Windows 7, Configuring Windows Vista Client, and Installing, Configuring and Administering Windows XP Professional. There is no need to study all the operating systems, the examinee only has to pick one OS and focus on that OS.

Earning a Microsoft Certification helps validate your proven experience and knowledge in using Microsoft products and solutions. Designed to be relevant in today's rapidly changing IT marketplace, Microsoft Certifications help you utilize evolving technologies, fine-tune your troubleshooting skills, and improve your job satisfaction.Whether you are new to technology, changing jobs, or a seasoned IT professional, becoming certified demonstrates to customers, peers, and employers that you are committed to advancing your skills and taking on greater challenges. In addition, certification provides you with access to exclusive Microsoft Certified Professional (MCP) resources and benefits, including opportunities to connect with a vast, global network of MCPs.If your preparing for career change and looking for MCITP Training the best online training provider that provide the all the and complete MCTS certification exams training in just one package, certkingdom self study training kits, save your money on bootcamps, training institutes, It's also save your traveling and time. if you planed to take CCNA or specialization in microsoft mcse(http://www.mcseking.com) all the process starts again; as for getting online training can be much beneficial and you don't need to take for fill any from to switch your training on any desire certification.

How to Access Yahoo Mail Account Using Microsoft Outlook

The article intends to describe the procedure of accessing Yahoo! mail account in Microsoft Outlook. The methods described in the article are simple and correct to the date. However, it is still recommended that users follow the instructions carefully to avoid facing any problem during Yahoo mail account setup in Microsoft Outlook.

We all know that Outlook is the most popular email client among Windows users for email, contacts, calendar entries, reminders, and journals among other personal information. If you have a Yahoo! mail account and want to use it in Microsoft Outlook to send/receive emails, then the article is dedicated to you. The below mentioned guide will help you setup your Yahoo! account without requiring you to contact an expert Microsoft tech support or Yahoo support services.

Instructions:

Since Yahoo! doesn't support POP3 server in a free account (it is only for the paid subscribers), you will have to choose any of the two methods mentioned below to access your Yahoo mail account in Outlook.

For a free Yahoo mail account:

Download YPOPs 0.9.7.1, the latest version of YPOPs, the automated tool designed for Yahoo! mail accounts. The tool acts as a POP, IMAP etc. interface between Yahoo! and Outlook.

Open Outlook, click on the Tools tab, and select Account Settings from the dropdown list. When the Account Settings window opens up, click on New under the E-mail tab. Ensure that Microsoft Exchange, POP3, IMAP, or HTTP option is selected under Choose E-mail Services and click on the Next button. Fill in your credentials like your name, email address, and password in the Auto Account Setup window. Retype the password if required, click to check the box next to Manually configure server settings or additional server types, and click on the Next button. Click to select the Internet E-mail option and click on Next. Enter your email account credentials in the Internet E-mail Settings window. Enter your name, email address, account type (it will be POP3), and incoming and outgoing server information etc. The incoming server will be 'pop.mail.yahoo.com' and the outgoing mail server will be 'smtp.mail.yahoo.com (without quotes and as is). Your username will be your email address and the password will the one you use to login to your Yahoo mail account. When done, click on the More Settings button and then click on Next. Click on the Advanced tab at the top (in next window), enter '995' (without quotes and as is) in box next to Incoming server (POP3) and place a checkmark in the box below saying 'This server requires an encrypted connection (SSL)' . Type '465' (as it is and without quotes) in box next to Outgoing server (SMTP) and select SSL from the dropdown box next to Use the following type of encrypted connection. Put a checkmark in the box next to Leave a copy of messages on the server. This will enable you to have access to your email messages online also. If you don't check this option, all of your mails will be downloaded to Outlook and you won't be able to see any of these mails if you are away from your desktop computer.

Now click on the Outgoing Server tab (on the same window), put a checkmark in the box next to My outgoing server (SMTP) requires authentication, and click to select the box below Use same settings as my incoming mail server. Click on the OK button and you will be back to the Internet E-mail Settings window. If you want to test the settings, click on the Test Account Settings button. If it returns a congratulating message, then click on the Close button to return to the same internet settings window. If it returns a failure message, then go back to the settings, and verify all the information you have entered. When done, click on the Next button on the Internet E-mail Settings window and then click on the Finish button to close the Account Settings window.

Upgrade to Yahoo! Mail Plus Service:

Yahoo! Mail Plus is a paid service from Yahoo! You will need to subscribe to the service in order to get access to full POP3 service. Once subscribed, you will be able to setup and use Yahoo account using POP3 in Outlook. Follow the same abovementioned instructions to setup and configure your Yahoo mail account in Outlook.

Additional Tips:

It has been observed that users often face issues related to mails, username, password etc. after installing YPOPs or similar other tools. The tool(s) may or may not perform effectively and as desired. Therefore, download the tool on your own risk. We strongly recommend that you upgrade to the Yahoo! Mail Plus service and then setup your Yahoo account in Outlook to start sending or receiving emails.

How to Backup Emails in Microsoft Outlook 2010

The article intends to explain the procedure of backing up email messages in Outlook 2010. The methods explained in the article are reliable and correct to the date. However, it is still recommended that you follow the instructions to successfully backup your email data without encountering common Microsoft Outlook problems.

Do you want to backup your important Outlook email messages in the fear of losing them some day or in the need of reformatting your computer or hard drive? Or are you one of those users who want to backup their important email data without desiring to contact the paid Microsoft tech support services? If yes, then the article is dedicated to you. We have brought you a step by step guide that will not only help you create a backup of your email data but also educate you through additional tips.

Instructions:

Open Outlook, click on the File menu, click on Open, and then click on Import. When the Import and Export Wizard window opens up, click to highlight Export to a file from the listed options and click on the Next button. Under Create a file of type heading, click Outlook Data File (.pst) and then click on the Next button. Click to choose the folder whose data you want to export for backup in the next window and also put a checkmark in the box next to Include Subfolders. Since you are backing up the email data, you can choose to click the Inbox folder or Sent Items, Drafts etc. as well (if you want). If you want to back up the entire Outlook data, then click to select your email account (your email address like johnsmith@hotmail.com) and also check the Include Subfolders box. When done, click on the Next button. In the next window under the Save exported file as, you will see the location of the exported file. If you want you can click on the Browse button to save the exported file to a desired location. Choose any of the three options viz. Replace duplicates with items exported, Allow duplicates to be created, and Do not export duplicate items and then click on the Finish button to close the window complete the backup procedure. You can let the default option Replace duplicates with items exported be selected. Your emails have been successfully backed up now. If you want, you can password protect your backup file in order to protect it from unauthorized access.

Additional Tidbits:

If you are using Outlook with Microsoft Exchange or other server, then your emails must have a periodic backup on server set by your network administrator. If you use Outlook without any exchange server, then all your data is stored in .pst files.

IP Addresses and Proxy Servers

Proxy servers are services made for the general purpose of anonymity. This means that online users using these kinds of services get the benefit of surfing invisibly on the Internet. Without much effort, they are able to surf faster and more stealthily, hidden behind the proxy server supporting them. The details needed to trace the web surfer in question are masked thanks to the service.

But what is the explanation behind this masking technology? It has been said that the proxy server acts as a "middleman" for users, meaning that it is the proxy's identity that is displayed publicly, rather than the actual machine browsing requested Internet content. While the proxy processes and passes on Internet content, the real user is concealed from the public. Therefore tracing users is harder with proxy server technology being used in place.

What exactly are the "details" being protected? One of these is your so-called "IP Address." Many websites and very advanced users are able to see IP addresses. Usually, websites track the IPs of their visitors and list them down for security purposes, so just in case someone shifty decides to do something undesirable to a website's condition, the website's staff team can take action as to who is responsible, by tracking down the IPs listed on their site's logs. That way, malicious users like hackers could be easily busted.

While the intention of websites tracking and listing IPs is reasonable enough, there are more despicable Internet predators like hackers who wish to track user IP addresses for their own evil schemes. These users will use tricky means to get a hold of innocent surfers and sensitive information about them, such as their IP, so as to perform their payload on them. That random Internet user could be anyone. It could even be you!

This is where proxy server services come in. With its help, you are safe from the dangers of publicly revealing your IP address. As explained earlier, what happens when you use a proxy server to browse the Internet (a public network, by the way) is that the proxy server acts as your representative to the World Wide Web. This means that its and only its information, including the IP address, is revealed to everyone else on this vast network, not yours.

So why settle on putting yourself in danger online? Use a proxy server and you don't need to worry about evil entities who wish to maliciously compromise your data, or worse, your machine.

11 Aug 2011

Evolution of Windows Firewall: Windows 7

Basic Functionality of the Windows 7 Firewall Service

The Windows 7 Firewall service performs many of the same functions as its Windows Vista predecessor with a few moderate changes.

When you open the Windows Firewall from Control Panel --> All Control Panel Items --> Windows Firewall you can see all of the base configuration settings that you can adjust on the system.

As you can see from the screen shot above, one of the added basic functionalites is the ability to configure the firewall service on a network by network basis as each network connection can be assigned its own firewall profile separate of other connections on the computer.

In prior versions of the Windows Firewall service, only one firewall profile could be active at a time. When a system was configured to use multiple networks (e.g. wireless and wired where one was set to DOMAIN and the other set to PUBLIC) the firewall profile that was used for both networks was the one with the most restrictive rule set.

When you need to make changes to the notification settings you can make this selection via Control Panel --> All Control Panel Items --> Windows Firewall --> Customize Settings as shown below.

As you can see from the image above you have the ability to make the individual changes separately to the Home or work (private) network location setting or to the Public network location setting.

If you need to change the settings for program so that it can communicate successfully through the firewall this can be done by going to Control Panel --> All Control Panel Items --> Windows Firewall --> Allowed Programs as shown below.

Once you are on this page you can select any of the programs in the list or choose the Allow another program option to Add a Program from the secondary list or by entering the path to the executable or browsing to it.

Once you have the application identified you can set the network location type by choosing that option on the page which will bring up the Choose Network Location Types window as shown below.

As you can see, you have the ability to select different network locations for the application from this view.

Windows 7 Firewall Advanced Security Basic Settings

One of the major advances in the Windows Firewall service on Windows 7 is the ability to configure advanced settings for your system through the Windows Firewall with Advanced Security MMC.

From the main results pane you can work from the overview section and see the current settings for each profile - Domain, Private and Public.

If you want to review the Windows Firewall Properties you can from this section by following the Windows Firewall Properties link which will open a new set of properties pages as shown below.

This property page breaks down on the individual tabs, each of the profiles separately if you wanted to make individual changes.

We will review the subsections of the Domain Profile next, understanding that these could be independently changed on the Private Profile and / or Public Profile tabs.

You can review in the STATE section of the property page whether the Firewall state is set to On (as recommended) or if it is turned off.

The default setting for inbound connections is Block (default) but you have the option to change this setting to BLOCK ALL CONNECTIONS or ALLOW.

The Outbound connection setting is listed as Allow (default) but if / as needed this could be changed to BLOCK.

By choosing the CUSTOMIZE option you can elect to choose which networks to apply these settings to if you have more than one available network connection. (e.g. two physical connections present or a physical and a wireless connection; you can apply the settings for each profile to one or the other or both as desired).

In the SETTINGS section you can customize the settings that control the behavior of the firewall service as shown below.

In the Firewall settings section of the Specify setting that control Windows Firewall with Advanced Security behavior dialog box you can set the behavior regarding the display of notifications that are presented to the end user when a application is blocked from receiving inbound connections.

The default setting is YES and the other option is NO.

The notification of a blocked inbound connection attempt will appear when YES is enabled and there is no separate existing block or allow rule for this application. If a block rule exists, then the application is blocked without displaying the notification to the user.

If the default behavior of Windows Firewall is to block a application, no notification will be displayed

When the notification is displayed to the end user they are given the option to unblock the application if they have network operator or administrator permissions. If the user chooses the action to unblock the application a new inbound rule is created for the application automatically.

From this same property page you have the option to allow unicast response to multicast or broadcast traffic (and the default setting is YES).

You'll want to allow this setting if you need to control whether the system receives unicast responses to its outgoing multicast or broadcast messages. When the system sends multicast or broadcast messages to other network devices, Windows Firewall with Advanced Security waits as long as 4 seconds for unicast responses from the other systems and then blocks all later responses.

If you change the default setting and disable this setting by selecting NO, Windows Firewall with Advanced Security blocks all unicast responses sent by other systems.

Back on the main Windows Firewall with Advanced Security on Local Computer properties page in the logging section you have the ability to specify the logging settings for each profile as shown below.

You have the ability to redirect where the log is stored (it is stored in %systemroot%\system32\LogFiles\Firewall by default with a file name of pfirewall.log)

The default size limit is 4,096 KB.

The default settings for logging dropped packets and successful connections is NO by default but you can enable these settings as needed.

Additional Changes to Windows Firewall in Windows 7

Windows 7 Firewall with Advanced Security offers additional changes from the prior iterations of Windows Firewall.

Some of these changes include:

Authorization exceptions - As a systems administrator you have the ability to create inbound firewall rules indicating users or computers that have access authorization to the Windows 7 system over the wire. At a more granular level, you can now specify exceptions to inbound firewall rules meaning that while all systems can connect, users or systems that fit the exception rule are denied network access.

Support for specifying port ranges for rules - Windows 7 firewall now has more flexibility when it comes to port rules as administrators can now specify ranges of port numbers rather than ports one at a time. When rules are created for applications that need access to a range of ports of the same protocol type, it can be set through one rule.

Additionally, these rules can be set to one, some or all profiles.

Scope settings for local and remote IP addresses - When you create new rules (inbound or outbound) you can set a specific local IP address or any of them.

As shown below you can also set which remote IP addresses the rule applies to - designated or all.

By choosing the Customize button on this page of the wizard you are able to choose the specific interface types that the connection rule applies (all or specific ones).

In this tutorial we reviewed the Basic Functionality of the Windows 7 Firewall Service as well as some of the basic Advanced Security settings. We wrapped up the tutorial with some of the additional changes to Windows Firewall service in Windows 7

Thanks for investing your time in my Evolution of the Windows Firewall series!

How to Mount VMware Virtual Disks Without VMware

VMware Workstation and Server uses virtual disk files as the disk drives for virtual machines. These files (ending in .vmdk) are just files on the host's hard drive. There are a number of scenarios where you would want to mount these virtual disks on the host operating system. Perhaps you want to transfer a file to or from the virtual disk or maybe the operating system is corrupt on the virtual disk and you want to make a registry change. No matter what the case, the VMware disk mount utility is available to serve this need.

What Does The VMware Disk Mount Utility Do?

The VMware disk mount utility allows you to mount a VMware virtual disk (.vmdk file) on a host Windows system. That disk is mounted as a drive letter (letter D: or greater) and you can then read, write, or modify that disk. You can only mount FAT or NTFS virtual disks. If you mount a virtual disk that has snapshots, any changes you make to the virtual disk will be lost if you revert to the snapshot. Also, you should know that you cannot mount a virtual disk from a virtual machine that is currently running or is suspended. Although VMware offers this utility for download, there is NO support offered for the VMware disk mount utility.

Where Do I Obtain The Disk Mount Utility?

To obtain the VMware disk mount utility, go to the VMware disk mount download website and accept the end user license agreement. After saying "Accept" to the EULA, you will be asked if you want to save the file. Save the .exe file to your hard drive. The name of the program is VMware-mount-5.0.0-13124.exe Now, execute this program.

Installing VMware Disk Mount

Once you run it, the installation is very simple. The process goes like this:

Click Next on the Installation Wizard.
Accept the license agreement and click Next.
Take the default installation directory and click Next.
Click Install to begin installation.
After the installation is completed, click Finish.

How Do I Use The VMware Disk Mount Utility?

Once installed, to use the program, you must do everything from the command line. This is strictly a command line utility. To begin using it, go to Start -> Run. Type in cmd and click OK. Type:

cd "\Program Files\VMware\VMware DiskMount Utility"

Type: vmware-mount /?

This will show you the command options for the disk mount utility.

You can type vmware-mount without any options to show currently mounted volumes. Now, let's mount a disk. You must first know the exact location of the VM disk that you wish to mount. Based on the location of the virtual disk you wish to mount, you will type something like this:

vmware-mount j: "C:\Documents and Settings\David Davis\My Documents\My Virtual Machines\Windows XP Professional\Windows XP Professional.vmdk"

and press Enter

In my case, the disk that I chose to mount had snapshots. I was told that this was the case and had to answer whether or not I wanted to proceed, even though any changes I made would be lost if I revert to the snapshot. I said yes and was returned to my prompt. The virtual disk is now mounted as drive J. To access the disk, just access it like any other mounted drive. Since we mounted this drive as drive J:, just type J: and press Enter. Now type dir to see what is on the disk.

You should also be able to see this disk in Windows Explorer as a local disk, like this:

As you can see, we have successfully accessed this VMware virtual disk. For more information on this utility, see the VMware disk mount utility online manual. For information on how to do this on Linux, take a look at Accessing Virtual Hard Disks Outside of VMware Workstation for

Making Money from Your Website with Google AdSense

Google AdSense is the Google program where you can host pay-per-click ads on your Website. When someone clicks an ad, you earn money. Simple as that.

Is it really as easy to make money with Google AdSense as many would lead you to believe? Now that I've become heavily involved with managing Google AdSense programs for my clients, I can see it's not all play and no work.

Unfortunately, a lot of people bought into the idea that there was a lot of easy money to be made and they are now finding out they aren't making nearly as much as they thought they would. Additionally, Google has a lot of prohibited practices when it comes to AdSense, and too many Webmasters are finding out they violated Google's policies after the fact - often because they never bothered to read the AdSense policies in the first place.

Webmasters must not only comply with AdSense policies, but their Websites must also comply with Google's webmaster policies.

Prerequisites for Making Money with AdSense

To make money with Google AdSense you need plenty of traffic coming in to your site or there won't be anyone to click the ads. Website promotion techniques, especially search engine optimization and article marketing will bring more traffic to your site. You also need to have content that will attract the ads with the highest Pay Per Click (PPC) rate that are relevant to that content. Then, you need to lay out your web pages so the ads blend in with your site. Studies have revealed that people who visit sites that contain ads that use colors that are not in harmony with the actual Web site tend to develop "ad blindness". Meaning no matter how much traffic comes into your site, chances are no one will click the ads because they'll be ignoring them. If no one clicks, you make nothing.

Dealing with Competitors' Advertisements

If you offer products or services on your Website, the first thing you'll notice when you begin hosting PPC ads is that many of the ads are coming from your competitors. Therefore, you'll want to put ads on pages that aren't earning you any money, or do like I did and not put ads on your site until you're so busy anyway you'd rather make a few dollars off of your competitors than to continue turning business away with nothing to show for it.

Google AdSense allows you to specify up to 200 URLs for sites you want to bar from placing ads on your pages. The problem is that most times you won't know the competitors are out there until their ads appear.

Google Money Making Ad Options

Google offers three ways to make money from them:

Google AdSense for Content - A variety of size and shape ads for placing in your content are available. These can be text or image ads or both - you specify what you'll allow. Ad units are full ads. Link units are simply a strip of text links that your visitors might want to click. Google allows you to put up to 3 Ad Units and 1 Link unit on each page of your Web site, provided you follow its policies - both for AdSense and for Webmasters.
Google AdSense for Search - This places a search box on your Web site. When a user enters a term and conducts a search, a search results page opens, that hosts more pay-per-click ads. You can customize the color scheme of the search results page to harmonize with your web site.
Google Referrals - Here you make money by referring visitors to use a Google product, like AdSense, AdWords, the Google Toolbar and other Google software. Just like Google AdSense for Content and AdSense for Search, Google generates the code that you paste into the desired location on your web page. You can choose from a wide variety of buttons and text links of different colors. As an example of how Google Referrals works, if someone goes to your site and clicks the link and signs up for an AdSense account, when that person earns a $100 from Google AdSense and receives a payout from Google, you'll also receive $100 for referring them. This is a great idea to me, because you can be the world's worst Google AdSense advertiser, but if an ad dynamo happens to visit your site and uses your referral link, you can make money anyway!

Google AdSense Payments

Google will not issue an AdSense payment until your earnings exceed $100. Unfortunately, there are loads of Google AdSense Forum entries about website operators who accumulated $90 or more in click through earnings only to get banned from Google and not get paid anything at all before they ever reached $100. This may be because Google doesn't take a close look to see if you're complying with their guidelines until it comes time to pay you. So yes, there's a lot more to the story than meets the eye.

Other Programs Besides AdSense

Yahoo and MSN have similar programs, although those programs aren't as well-developed as Google AdSense and there aren't as many available advertisers to display ads on your site. The fundamentals for making money are the same: You still need plenty of traffic, you still need high-paying ads, and you still need to design your site to harmonize with the ads to get people to click.

10 Aug 2011

Windows 7 Simple TCP/IP Services - What and How?

What are Simple TCP/IP Services?

Simple TCP/IP Services are really a collection of command line utilities. This collection includes the "quote of the day" protocol, the daytime protocol, character generator (chargen), echo protocol, and discard protocol.

Really, these are just ports that are opened up on your Windows computer to perform specific testing or diagnostic functions. These aren't going to be used by any program that I have ever seen nor are they something that you are going to use every day.

Let's run down each one of these protocols / services and explain what each one does (according to Microsoft TechNet):

Quote of the Day (QOTD) - based on RFC 865 - uses port 17 - Returns a quotation as one or more lines of text in a message. Quotations are taken at random from the following file: systemroot\System32\Drivers\Etc\Quotes. A sample quote file is installed with the Simple TCP/IP Services. If this file is missing, the quote service fails.

Here is what I get when I do a-

telnet localhost 17

Figure 1

Daytime - based on RFC 867 - uses port 13 - Returns messages containing the day of the week, month, day, year, current time (in hh:mm:ss format), and time-zone information. Some programs can use the output from this service for debugging or monitoring variations in system clock time or on a different host.

The results of telnet localhost 13 are-

Figure 2

Character Generator (chargen) - based on RFC 864 - uses port 19 - Sends data made up of the set of 95 printable ASCII characters. Useful as a debugging tool for testing or troubleshooting line printers.

If you type telnet localhost 19 you will get-

Figure 3

And, you will have to press CTRL-], then type quit to get the manic scrolling of characters to stop (or kill your command line).

Echo - based on RFC 862 - uses port 7 - Echoes back data from any messages it receives on this server port. Echo can be useful as a network debugging and monitoring tool.

Typing telnet localhost 7 will get you-

Figure 4

Really, this is just echoing anything that you type back to you.

Discard - based on RFC 863 - uses port 9 - Discards all messages received on this port without response or acknowledgment. Can serve as a null port for receiving and routing TCP/IP test messages during network setup and configuration or, in some cases, can be used by programs as a message discard function.

Telnetting to the discard port (port 9) will give you NO response as this is a NULL port and everything sent there is discarded.

How do you turn on or off the Simple TCP/IP Services?

To turn off (enable) simple TCP/IP services, you just need to go into Control Panel, to Programs, then to Turn Windows Features on or off. You do not need to install any applications.

From here, click on the checkbox for the Simple TCP/IP Services, as you see in the graphic below.

Figure 5

It will take just a few seconds to install these services.

Figure 6

Once installed, you will just be brought back to the Programs window. There is no indication that they were successfully installed. Once the simple TCP/IP services are installed you cannot enable or disable individual services. In other words - "it's all or nothing".

If you want to start using these services right away, you will have to go into your Services MMC / console and Start the service.

The service is labeled as automatic so it will start upon your next reboot but you must start them manually if you aren't going to reboot (a reboot is not required).

Figure 7

How do you disable the services? Simple, just do the opposite of what I just did. You should Stop the service, then go in and uncheck the checkbox in the Windows Features list. This will disable and uninstall the Simple TCP/IP Services.

How can the Simple TCP/IP Services help you?

Today, the simple TCP/IP services have limited use. Here are a couple ideas that I came up with:

Learning - these services have their roots in Linux / Unix and have been around for a long time. Perhaps you are taking a Windows test where you feel you need to know all the networking features. Perhaps you are just curious and want to gain experience in all the possible TCP/IP networking features & protocols. Either way, it only takes a second to learn about the simple TCP/IP services and try them out for yourself.
Testing - Perhaps you want to enable this on a machine that is, say, inside a firewall then test opening ports to that machine.

No matter your use in enabling these services, honestly, I would recommend that you disable when you are done as any open ports could become security risks.

Network Diagnostics and Tracing in Windows 7

Microsoft has made significant changes to the network interfaces and underlying functionality in each of the last few Windows releases. You still have all the usual tools (ipconfig, ping, nslookup, etc), but Windows 7 and Windows Server 2008 R2 adds additional troubleshooting features and tools for both the end-users and administrators.

Starting with Windows Vista, Microsoft includes the Network Diagnostics Framework (NDF). It provides for more advanced troubleshooting functionality than in previous versions of Windows. It includes tools that automate the troubleshooting and fixing of some of the common network connectivity issues. It also provides additional troubleshooting tools to end-users and more access to third-party applications.

In Windows 7 and Windows Server 2008 R2, Microsoft better integrated NDF into Windows. There's quick access via the notification area and prompts after an issue has been detected. There's also a new Troubleshooting area in the Control Panel and network tracing via Event Tracing for Windows (ETW).

General Network Troubleshooting

If Windows doesn't automatically detect an issue, you can manually access the general troubleshooting wizard by either:

Right-clicking the network icon in the notification area and selecting Troubleshoot problems, such as seen in Figure 1.

Figure 1: Accessing the general troubleshooting wizard via the system tray.

Clicking the Diagnose Connection Problems button (see Figure 2) in Internet Explorer, which is displayed due to Internet connectivity issues.

Figure 2: Accessing the general troubleshooting wizard via Internet Explorer.

Either way will start the Windows Network Diagnostics wizard, which will run a couple tests to see if it can detect the problem. It checks things such as web connectivity, name resolution, gateway configuration, remote host, and network adapter. It will try to automatically fix it or give you recommendations.

If it doesn't detect anything specific, you'll see something similar to Figure 3, saying it couldn't identify the problem.

Figure 3: When the troubleshooting wizard can't pinpoint the issue.

You should always click the View detailed information link for additional info and to obtain the Event Tracing Log (ETL) file that can be given to an administrator for further troubleshooting. Figure 4 shows an example of what is shown when a user is successfully connected to the local network but the Internet can't be reached—I unplugged the router from the modem.

Figure 4: Example of the troubleshooting report details.

In this situation, it lets you know there's a connection issue between your access point, router, or modem. This should then prompt you to check the physical connections and Internet connection status. Also as suggested, you may try restarting the modem.

Clicking Next takes you back to the previous window, where you can click Explore additional options for a list of shortcuts, as shown in Figure 5, which may lead to some help.

Figure 5: Example of additional information options after troubleshooting.

Troubleshooting Specific Issues

Windows also provides troubleshooting wizards designed for specific issues:

Internet Connections: Tests against microsoft.com or a site of your choice.
Shared Folders: Tests connection to a specific network share.
HomeGroup: Helps you create, join, and share in a HomeGroup.
Network Adapter: Helps detect network adapter issues.
Incoming Connections: Troubleshoots issues with the Firewall and incoming connections.

You can access these wizards by:

Clicking the Troubleshoot problems link (see Figure 6) in the Network and Sharing Center.

Figure 6: Accessing the troubleshooting center via the Network and Sharing Center.

Clicking Start > Control Panel > Find and fix problems (see Figure7) > Network and Internet.

Figure 7: Accessing the troubleshooting center via the Control Panel.

These wizards require some type of input, such as specifying a site, shared folder, etc. Once completed, you'll see similar results as with the general wizard: the issues might be automatically fixed, you may receive additional recommendations, or nothing may be detected and you can view the detailed information and access Event Tracing Log (ETL) file.

Viewing Troubleshooting History

Each troubleshooting session is recorded and saved by the wizard. To see the troubleshooting history, click Start > Control Panel > Find and fix problems, and then click the View history link on the left of the main Troubleshooting window.

You'll see an entry for each troubleshooting session, such as shown in Figure 8.

Figure 8: Viewing the troubleshooting history.

Opening a session will display the same info given when clicking the View detailed information link after you ran the wizard. Plus the Event Tracing Log (ETL) file can be accessed and then forwarded to the IT department.

Exporting the Event Tracing Log (ETL) and Troubleshooting Details

You can view and analyze the ETL files with Network Monitor. You can also view the files with Event Viewer and the Tracerpt.exe tool. Plus you can convert them to XML or text files with the netsh trace convert command.

You can also extract the details and ETL files of troubleshooting sessions to CAB files by right-clicking the session in the Troubleshooting History window and then selecting Save As. Then it can be sent to the IT department for analysis.

Performing Network Tracing and Diagnostics

Windows 7 and Windows Server 2008 R2 includes new Netsh commands to perform network tracing and diagnostics. You can use the tracing feature to collect and create a report on the network component details and network traffic at the same time. You can use the diagnostic feature to see if Windows can detect and fix the issue, or give you additional info that can help.

Tracing can be executed using different trace providers (such as Winsock, TCP/IP, wireless LAN services, or NDIS) to capture and show information for each different component. Alternatively, you can choose a scenario (such as File Sharing, DirectAccess, or Network Connections) which you are trying to troubleshoot and it will use a predefined set of providers, conveniently giving you the information you need.

To get started, bring up a Command Prompt, and then to see a list of all providers:

netsh trace show providers

To see a list of available network-related scenarios:

netsh trace show scenarios

To see the details of a scenario, including the list of providers used and the attributes used for the diagnose command:

netsh trace show scenario scenario_name

Here's how to start tracing for a particular scenario:

netsh trace start scenario= scenario_name

Here's an example of how to perform tracing on multiple scenarios:

netsh trace start scenario= scenario_name scenario= scenario_name scenario= scenario_name

Here are parameters you may want to also define when starting a trace:

capture = { yes | no }: When set to "no", or not defined, network packets aren't included with the trace info. To capture the network packets too, put capture = yes.
Report = { yes | no }: Specifies if a report should be complied along with the trace info.
persistent = { yes | no }: When set to "no", or not defined, tracing stops after the PC is restarted, or the stop trace command is issues. To keep the tracing session active after restarts and until manually stopped, put persistent = yes.
Overwrite = { yes | no }: Specifies if any previous trace file should be overwritten. Since it by default overwrites previous files, you may want to put overwrite=no in case. Then if it says the file exists, you can specify a different location using the next parameter.
traceFile = "path\NetTrace.etl": Specfies where to save output files to. By default its C:\Users\username\AppData\Local\Temp\NetTraces.

Figure 9: Example of starting a tracing session to troubleshoot wireless LAN issues, with packet capturing and reporting on, outputting to my desktop.

To stop tracing, simply enter:

netsh trace stop

To add an extra provider to a scenario:

netsh trace start scenario= scenario_name provider= provider_name

To see all of the options and filters available you can type:

netsh trace start /?

Here's the command and parameters to run diagnostics:

netsh trace diagnose

scenario = ScenarioName (Required)
namedAttribute = AttributeValue (Required)
saveSessionTrace = { yes | no }
report = { yes | no }
capture = { yes | no }

Figure 10: Example of running a FileSharing diagnosis to see why the LAPTOP computer isn't accessible.

Troubleshooting Windows Server 2008 R2 Service Startup Issues (Part 2)

First article in this series talked about some really basic techniques for troubleshooting problems with services that refuse to start. In this article, I want to conclude the series by talking about five more things that you can do to get a stubborn service to start.

Check the Dependency Services

Sometimes a service may fail to start due to a problem with a dependency. Services can sometimes form a hierarchical architecture in which other services must be running in order for a service to start. Granted, not all services have dependencies associated with them, but dependency services are common enough that they certainly warrant a look if you are having trouble starting a service.

In the old days it was really tough to track down problems with dependency services, but most of the newer versions of Windows make it easy. To check service dependencies, open the Service Control Manager, right click on the service that you are having trouble starting, and select the Properties command from the resulting shortcut menu. When you do, Windows will display the service's properties sheet.

As you can see in Figure A, this properties sheet contains a Dependencies tab. The Dependencies tab is divided into two sections. The top portion lists the services that must be running in order for the service that you have selected to start. The bottom portion of the tab lists services that cannot be started until the selected service is running. In this particular screen capture you can see that the Windows Firewall service cannot start unless the Base Filtering Engine and the Windows Firewall Authorization Driver have started. You can also see that there are no services that directly depend on the Windows Firewall service.

Figure A: Sometimes the failure of a dependency service may prevent a service from starting.

One thing that is important to keep in mind as you troubleshoot service dependencies is that sometimes the dependencies can form a multilevel hierarchy. If you look back at the figure above, you will notice that there is a plus sign to the left of the listings for the Base Filtering Engine service and the Windows Firewall Authorization Driver service. If you click on these icons then Windows will list any other dependencies that exist within the service hierarchy. As you can see in Figure B, there are multiple dependencies for the Base Filtering Engine service, but no additional dependencies for the Windows Firewall Authorization Driver service.

Figure B: Services can have several levels of dependencies.

Check for Authentication Failures

Services can also fail to start as a result of authentication failures. Most services do not run under the context of the user that is currently logged in. If they did then services would be unable to run in the background while no one is logged in. Likewise, services often require special permissions that are beyond those assigned to standard user accounts. As such, every service is linked to an account that provides the necessary permissions for the service to run.

You can see which account is linked to a service by opening the Service Control Manager, right clicking on the service that you are having trouble with, and choosing the Properties command from the resulting shortcut menu. When you do, Windows will display the properties sheet for the service. You can see which account is in use by going to the Log On tab, shown in Figure C.

Figure C: The Log On tab allows you to specify the account used by the service.

As you can see in the figure, Windows gives you the option of running the service using the Local System account or a specific account. In this particular case, an account called Local Service is being used. In case you are wondering, the Local System account is a very high level account that is used only when the service in question needs to act as a part of the operating system. In contrast, the Local Service account has rights that are more similar to those of a standard user. On occasion you might also see a service configured to use the Network Service account. The Network Service account uses the credentials associated with the machine's computer account.

Normally if a service is configured to use the Local System, Local Service, or Network Service account then you won't have to worry about managing the credentials for that service. Windows takes care of this automatically on your behalf (assuming that nothing is broken within the operating system). What can be a problem however, is that some services run under the context of either a local user account or a domain user account. When such service accounts are used, passwords can and sometimes do expire.

When a service account password expires, the problem might not be noticed immediately. However, the next time that the machine is rebooted the service which has been assigned an expired password will fail to start. You can fix the problem by going to the service's Log On tab and manually specifying the new password.

Keep in mind that a service can fail to authenticate even if the password is correct if the machine in question is unable to communicate with the domain controller on which the service account resides.

Malware Infestation

Certain types of malware infestations can cause system services to fail to start. For example, some antivirus products run as system services. If a virus wants to avoid detection then it may check for the existence of such a service, shut the service down, and then damage the system in a way that prevents the service from being started in the future.

Although antivirus related services are by far the most common target, they are certainly not the only type of service that can be attacked by a virus. Viruses can attack virtually any system service. For example, I once saw a virus that attacked the Windows Firewall Service.

Disk corruption

If you are having trouble getting a service to start then another thing that I recommend doing is checking the system for hard disk corruption. I once ran into a situation in which a system seemed to be perfectly healthy aside from the inability of one particular service to start. No matter what I tried I just could not get this service running. Out of desperation I ran the CHKDSK. Upon doing so, I discovered that the system volume was corrupt and that several operating system files had been damaged.

Unfortunately, CHKDSK was unable to fix the problem. I was however able to make a list of the files that have been damaged and then copy those files from another system that was running the same version of Windows (and the same set of patches).

Time Sync Issues

If all else fails, check the system clock and make sure that the time matches the time that is displayed on your domain controllers. If a service uses the Kerberos protocol for authentication then the authentication process can fail if the computer's clock falls out of sync with the clocks on your domain controllers. In order for Kerberos to function properly, clocks cannot be out of sync by more than five minutes.

Troubleshooting Windows Server 2008 R2 Service Startup Issues (Part 1)

Even though it sounds silly, the very first thing that you should do when you see an error message sighting a service failure is to verify that the error is accurate. I have seen several real world examples of buggy application of the report service failures when the services is actually running. Likewise, it is very common to see an error message when Windows is booted indicating that one or more services have failed to start. This message is often erroneous.

To verify a service failure, you need to open the Service Control Manager by selecting the Services command from the Administrative Tools menu. The Service Control Manager lists every service that is installed on the machine, as well as the services current state. You can see with the Service Control Manager looks like in Figure A.

Figure A: The Services console displays all of the system services.

If the error message that you have received relates to a specific service then you can simply locate the service within the Service Control Manager (services are arranged alphabetically) and check to see whether or not the service is started. If on the other hand you have received a generic error message stating that one or more services failed to start then you need to look to find out whether or not the services that should be running really are.

As you look at the figure above, you might notice that not all of the services are running. This is normal and has to do with the service's startup type. Windows offers four different startup types for services (some of the older versions of Windows only use three startup types). These include:

Automatic – Services with a startup type of Automatic should start automatically when Windows is booted.

Automatic (Delayed Start) - Automatic services that are configured with the delayed start wait until all of the other automatic services have started before they begin initializing. Even at that, automatic services that use a delayed start use a low priority thread to ensure that the server remains responsive while the services are starting.

Manual - Services that are configured to start manually do not start unless they are instructed to do so either by you, by the operating system, or by an application.

Disabled - If a service is disabled it will not start even if you attempt to manually start the service. Some services are disabled for security reasons, but there are also documented instances of malware disabling system services in order to prevent them from running. If you need to start a disabled service, you can do so by changing the startup type to either Manual or Automatic (or Automatic Delayed Start) and then starting the service.

If you are trying to determine whether or not the necessary services are running, then simply scroll through the list of services and make sure that every service that has a startup type of Automatic or Automatic Delayed Start is running. If a service is configured to run automatically, but is not started the mess services likely the cause of the error.

Manually Start the Service

If you notice that a service that should be running is not running, then the first thing that you should do is to attempt to manually start the service. To do so, just right click on the service and choose the Start command from the resulting shortcut menu. Often times, the service will start without any problems.

Check the Event Log

So what you do if you attempt to manually start a system service, but it does not start? The first thing that I recommend doing in such situations is to check the Event Viewer. In most cases when a service fails to start, one or more event log entries will be created. These log entries can be invaluable in helping you to determine the root cause of the problem.

The location in which the event log entry is created really depends on the type of service that you are having trouble with. There are three main event logs that could potentially contain information about the service that you're having trouble with. These include:

The System Log space – The System Log contains events related to the Windows operating system. If you are having trouble starting a service related to the Windows Operating System then the System Log is the best place to look for information.
The Applications and Services Logs space – Newer versions of Windows include a set of logs known as the Application and Services Logs. These logs are application specific. In other words, if you are looking for log entries related to a certain application, then this is the first place that you should look. The Applications and Services Logs container contains dedicated logs for things like Internet Explorer, Microsoft Office, and Windows PowerShell.
The Application Log space – most applications do not create a dedicated logs beneath the Applications and Services Logs container. Instead, application related logging information is usually written to the Application log.

Even though the event logs can be a valuable resource for troubleshooting a service that fails to start, it can sometimes be tough to find the information that you are looking for. After all, there are typically thousands of event log entries scattered across a dozen or more logs. If you have trouble locating information related to the service that you are having trouble with, then I recommend using the Event Viewer's Find feature (which is located in the Actions pane). The Find feature works like a search engine and allows you to search for text related to the problem that you are having, as shown in Figure B.

Figure B: You can search the event logs for specific text.

When you find a log entry related to your problem, just double-click on the entry to view it. Sometimes the log entry will tell you exactly what the problem is. For example, the log entry shown in Figure C indicates that the service was disabled. This problem is easy enough to fix by re-enabling the service. Sometimes however, the solution is not quite so clear-cut. In these situations it is sometimes useful to make note of the event ID number so that you can look it up on the Internet if necessary. Often times, Microsoft provides TechNet articles with comprehensive solutions for specific event IDs.

Figure C: Sometimes event log entries will tell you exactly why a service failed to start.

2 Aug 2011

Importing Hyper-V VMs into vSphere

Hyper-V virtual machines to VMware vSphere. As a robust platform for cloud-based infrastructure, featuring high levels of availability and responsiveness, VMware vSphere offers a great solution for business continuity and disaster recovery.

If you're an IT administrator in the process of migrating your entire organization's cloud solution from Hyper-V to vSphere, or just parts of it, this article can serve as a practical step-by-step guide for importing Hyper-V virtual machines.

What You Need to Prepare

The process of migrating a VM from Hyper-V to vSphere isn't hard, but before you can proceed with importing any Hyper-V virtual machine, you'll need to have the following:

vSphere 4.1 (at least one ESXi or ESX Server)
vCenter 4.1
vCenter Converter 4.2 installer

As of this writing, those are the latest versions of vSphere, vCenter, and vCenter Converter respectively. As mentioned, the ability to import Hyper-V virtual machines is a new feature that comes with vSphere version 4.1.

Since vCenter Converter (which you'll need in the importation process) is an optional module for VMware vCenter Server, we're assuming you don't have it on your vCenter Server yet. That's why we've opted to include a very brief vCenter Converter installation section below. Let's start with that.

Installing vCenter Converter on Your vCenter Server

Go to your vCenter Server and insert or mount the vCenter Converter 4.2 installation media. This is actually the same media you used to install vCenter Server to begin with. Launch the installation program and, in the screen that first appears, select vCenter Converter.

After you choose an appropriate language, the installation will immediately begin. Follow the instructions in the installation wizard. At some point, you will need to enter your vCenter Server name (e.g. vcenter.yourdomain.com) and your vCenter credentials (usually your Windows username and password). Enter those and proceed with the rest of the installation process until the Converter installation is completed.

Adding the vCenter Converter Plug-In to the vSphere Client

The previous activity will only install vCenter Converter on the server side. You still have to add the vCenter Converter plugin to your vSphere Client. In this case, you need to move to your vSphere Client, which is assumed to be connected to your vCenter Server.

From the menus at the top of your vSphere Client user interface, select Plug-ins > Manage Plug-ins.

Once inside the Plug-in Manager, scroll down until you get to the section labeled Available Plug-ins. You should find vCenter Converter 4.2 among the items there. To the right of that item, click the corresponding Download and Install link. Everything from this point up to the end of the installation is pretty straightforward, so just proceed until you reach the Installation Completed notification.

After clicking the Finish button, navigate back to the Plug-in Manager where you'll find the vCenter Converter Plug-in already marked Enabled. Close the Plug-in Manager and the vSphere Client.

Selecting the Hyper-V Source

Reopen the vSphere client to use the newly added vCenter Converter application. In this section you'll be selecting the source of your Hyper-V VM. Note that all succeeding objects can only be seen after adding the vCenter Converter plug-in. To start, right click either a cluster or an ESX server and, in the corresponding pop-up menu, click Import Machine.

When the Import Machine window appears, click the Select source type drop-down list and select Hyper-V Server. Note that this option is only available in vSphere 4.1.

The subsequent fields will change accordingly, depending on the source type you select. For instance, selecting Hyper-V Server will only bring forward the Server, User name and Password fields.

Enter the name of your Hyper-V Server in the Server field (e.g. yourhyperv.yourdomain.com) and the corresponding admin login details in the username and password fields. Click the Next button to proceed.

A dialog box will then pop-up to inform you that VMware vCenter Converter agent needs to be temporarily installed on the remote source machine you specified just recently. It will also ask you whether you want to:

Have the system uninstall the Converter agent files automatically if the import succeeds, or
Uninstall the files later.

You might want to select the first option (automatic uninstallation) while you're still getting familiar with the entire process.

After selecting an option, click the Yes button to deploy the agent on the Hyper-V server. While the agent is being deployed, navigate to your Hyper-V server to shut down the machine you'll be importing.

Note: Some people believe it is alright to import a Hyper-V virtual machine even without shutting it down. However, our experience with other VMs tells us that it is always safer to shut it down first, so that's what we're going to do.

Shutting Down the Hyper-V VM

Navigate to your Hyper-V Server's Hyper-V Manager and find the VM that you want to import. We are assuming its current State is Running. Now, right-click on the VM and, in the pop-up menu, select Shut Down.

You'll then be asked to confirm the action. Do so. The State of the VM will then shift from Running to Stopping and finally to Off.

Now that the Hyper-V virtual machine has been shut down, you can then head back to the VCenter Server to proceed with the import.

Configuring the Destination Information for vSphere

If the vCenter agent deployment process was successful, you'll then find the VM that you shut down earlier with its Power state labeled as Powered Off.

Select that VM and click the Next button. You can now specify the destination in your vSphere infrastructure on which you will be importing the VM.

Perform the following tasks as shown in the screenshot below:

Select the destination.
Assign a name to the virtual machine.
Select where you will want to store the imported data. Take note of the Total source disks size and choose a Datastore that has enough Free space to accommodate it.
When you're done, click the Next button.

Finalizing the Import Process

As a final step, you'll be asked to set up parameters relevant to the conversion process. Change whatever needs changing. Otherwise, just click Next.

You'll then be given a chance to review all settings and if everything's ok, you may simply click the Finish button.

The actual importation task will then commence. At this point, you can already see the virtual machine in question among the items under the cluster that you right-clicked earlier (see the first screenshot under the section Selecting the Hyper-V Source).

You can also monitor the progress of the importation task in the Recent Tasks panel, which you can bring forward by clicking the Tasks button located near the lower-left corner of the vSphere Client window.

Once completed, the Status of that task will state accordingly.

Testing the Newly Imported Virtual Machine

Before you can test the newly imported VM, you'll need to power it on. Go to the newly imported virtual machine (the one labeled "imported virtual machine" in the previous screenshot) and right-click it. In the pop-up menu, select Power > Power On.

To test, just click on that same item and, in the Commands panel, select Open Console.

Barring any unforeseen events, your newly imported VM should run as it was previously running in Hyper-V.