"Save XP" Campaign: InfoWorld responds, and the facts about downgrade rights

Note to readers: I haven't had to keep a post on hold for as long as I"ve kept this one, contemplating whether I should post it or not. After much thought, I've decided to post this, because it is important to know the facts about downgrade rights, and to clarify my position on this debate.

InfoWorld responded to my previous post (read InfoWorld's campaign to "Save Windows XP").

In a blog post titled Exchangepedia Blog Author calls "Save XP Campaign" Childish!, InfoWorld columnist J. Peter Bruzzese writes:

However, in the overall scheme of things will it budge the folks at Redmond to reconsider its plans? Not if Bharat Suneja, an MVP for Exchange and tech guru who publishes the popular Exchangepedia Blog site has anything to say about it. He has done his own research on the matter and his opinion should be heard!

Thanks for the kind words Peter - much appreciated.

To put it on record, I am not for or against Microsoft extending the deadline for Windows XP OEM and retail sales. I called Peter the saner voice (of InfoWorld) - he gets the gist of what I wanted to convey in the post:

The point Bharat is trying to make: Windows XP is an operating system that has lived past its prime, and Microsoft isn't about to pull the plug on it any time soon. (Users can move to Vista on their own timeline).

In my post, I pointed out Microsoft's Product Lifecycle Policy for Windows XP, including the facts that Windows XP mainstream support won't end till April 2009, extended support will be available till April 2014, and Volume License customers can use their downgrade rights if Windows XP licenses are no longer available from retail or OEM channels. (As it turns out, downgrade rights are not restricted to Volume License customers.)

In fact, Microsoft will soon release a new service pack— Service Pack 3, for Windows XP. You can download Release Candidate 2 of the service pack here.

InfoWorld Editor Galen Gruman comments
InfoWorld Editor Galen Gruman left a comment on the post here. What she has to say (relevant portions highlighted and bolded for emphasis):

For the record, as the InfoWorld editor who's responsible for the "Save XP" story and related content, there's one big error in this well-reasoned post: XP will not be generally available after June 30 if you are *adding* computers or people. We never said this was an issue of support. It is true that if you have a site license to Vista, you have downgrade rights to XP. But most small businesses and no individual buyers have these rights. They cannot get XP after June 30. And unless they bought new of two specific types of Vista -- the full, not OEM, versions of Vista Business and Vista Ultimate -- they do not have downgrade rights. GIven that practically everyone who buys a computer has just an OEM copy of Windows, they do not in fact have downgrade rights to XP and cannot add new XP licenses to their mix of XP systems. This forces them to have a mix of XP and Vista, whether or not they are ready for Vista. It was this concern that we heard repeatedly in the last year and led to this story. And why we advocated that XP be available for sale indefinitely -- meaning not forever but until the market as a whole is much more ready to move.

Thanks for commenting Galen. Having read your follow-up article "The "Save XP" manifesto: Time to get past the distractions", I agree with some of the arguments presented (and greatly disagree with others), and the underlying reasons for the "Save XP" campaign. However, your basic premise that setting a date for end of availability of OEM and retail licenses for Windows XP is like Microsoft giving users an eviction notice is simply not true!

I understand that the main issue Galen has is not about existing Windows XP users or computers, but about availability of Windows XP for new computers or users. Carrying the analogy further, that's more like Microsoft saying we aren't accepting new lease applications for this old, run-down apartment that is scheduled to be torn down. You can, however, lease a unit in this brand new complex we built across the street.... It is far from an eviction notice for existing tenants.

The facts about downgrade rights
As far as the downgrade rights Galen referred to (highlighted) in the above comment and in her follow-up article are concerned— she deserves the benefit of the doubt. There's clearly some misunderstanding on her part, and it probably isn't her fault. (Update: Based on our email exchange, I know she has tried to get a definitive answer to this.) Navigating Microsoft's web of licensing options and agreements can be be challenging, even for MVPs. However, to be fair to Microsoft, I was able to get the answer by searching the web, and a single follow-up call to Microsoft Pre-Sales and Licensing. The response was clear and unambiguous.

Downgrade rights are not limited to large enterprises. This Microsoft Volume Licensing Brief [download] (dated January 2007) titled Microsoft Select License, Open License, Original Equipment Manufacturer (OEM) License, and Full Packaged Product (FPP) License Downgrade Rights says:

Can I downgrade my OEM version of Windows Vista Business to Windows XP Professional?
Yes. OEM downgrade rights for desktop PC operating systems apply to Windows Vista Business and Windows Vista Ultimate as stated in the License Terms. Please note, OEM downgrade versions of Windows Vista Business and Windows Vista Ultimate are limited to Windows XP Professional (including Windows XP Tablet PC Edition and Windows XP x64 Edition). End users can use the following media for their downgrade: Volume Licensing media (provided the end user has a Volume Licensing agreement), retail (FPP), or system builder hologram CD (provided the software is acquired in accordance with the Microsoft OEM System Builder License). Use of the downgraded operating system is governed by the Windows Vista Business License Terms, and the end user cannot use both the downgrade operating system and Windows Vista Business. There are no downgrade rights granted for Windows Vista Home Basic or Windows Vista Home Premium.

Translation: If you buy a computer and it ships with Windows Vista Business or Ultimate preinstalled by the manufacturer, also known as an OEM license, you can downgrade to Windows XP Professional. You do not need a Volume License of any kind to do that - end users, small businesses with or without an Open License, and larger businesses - again, with or without a Select or Enterprise License, can downgrade to Windows XP Professional, and use it for as long as they wish.

Microsoft confirms
A quick call to Microsoft Sales/Licensing confirmed that. You are welcome to do so yourself, by calling 800.426.9400. Select option 5, then option 3. In a follow-up call, Microsoft also explicitly and unambiguosly stated that users can use the OEM media (CD) or the one that came with a prior purchase of a FPP (retail) version to downgrade. Organizations with a volume license can also use their volume license media to downgrade. "The media is not important here, the license is", added the Microsoft rep.

If you're having trouble finding your Windows XP CD or need to order a replacement copy, you can do so by calling 800.360.7561 if you bought the retail (FPP) version. The cost is $23, or $29 with taxes and shipping. Volume License customers can order CDs by calling Volume License Fulfillment at 800.248.0655. When asked how long the replacement CDs will be available, and whether these will still be available after Windows XP is no longer sold, the rep responded: "They will be available for quite a while. No plans for discontinuing that yet."

Though well-intentioned, some of the arguments presented by Galen are not as valid. Once again, I am neither for or against Microsoft continuing to sell Windows XP, nor profess that users move to Vista whether they're ready or not. However, the implication that Microsoft is forcing users to move to Windows Vista, and terms like eviction notice used in such articles, do not present the issues in the right perspective.

Given the facts about Microsoft's product lifecycle, support policies and downgrade rights, is Microsoft's stance wrong here? Or does InfoWorld's Save XP campaign amount to unfairly criticizing Microsoft, as InfoWorld's own columnist J. Peter Bruzzese states in "Save XP? Why bother?"?

PS: Tom Sullivan's response, and comment about MVPs

I was equally annoyed and amused by InfoWorld Editor Tom Sullivan's response in "On the necessity of InfoWorld's 'Save XP' campaign". Tom says:

As Peter Bruzzese points out, the author of Exchangeapedia, Bharat Suneja, suggests that the campaign won't inspire Microsoft to change its plans and keep Windows XP alive beyond June 30.

Suneja, it's worth explaining, is a Microsoft MVP. A rare breed, indeed, these disciples are devout enough that, while attending an MVP Summit back in 2001, a pair of them even got married in Redmond, Wash. and read vows from their Pocket PCs.

That said, Bruzzese writes that Suneja "has done his own research on the matter and his opinion should be heard." I agree, and particularly when he explains that mainstream support will end on April 14th, 2009, and extended support will be available for five years from that date, till April 8th, 2014, both points IT shops should research. Suneja writes, in his post, "Windows XP doesn't seem like a product that's being retired prematurely."

That, obviously, is a matter of some debate. Contrarians can easily point to the reality that Vista sales are not exactly going like gangbusters.

Tom, All I can say is, I wish you had read my original post before commenting. Perhaps that's just one of those good old journalistic niceties that we simply don't have time for any more. :)

If you did read my original post, please accept my apologies.

MVPs are also some of Microsoft's sharpest critics. An excerpt from the article in Computerworld:

Paul DeGroot, an analyst at Directions on Microsoft, a research firm in Kirkland, Wash., agreed that MVPs are both "in Microsoft's camp" and its "best critics" at the same time.

"They criticize from a position of deep knowledge about the products and how customers use them," DeGroot said. "So when they say something, they know what they're talking about, and they're not inclined to take cheap shots. They'd rather fix things than lay blame."

MVP or not, my opinion and criticism of InfoWorld in this matter wouldn't have changed. It is sad to note that what is otherwise a well-regarded tech journal is increasingly sounding like the MAD magazine of tech journalism on this topic.

'Crapware'-free: Longhorn Server does not include useless desktop apps

We've been hearing a lot about 'crapware' apps installed by hardware vendors on desktops and laptops - apps like AOL (or other ISP) software, myriad browser add-ins and toolbars, trial versions of anti-virus, firewall, and security software that you may never use - perhaps because your organization has standardized on some more manageable enterprise versions of such apps, or the apps installed are either not the the ones you would choose, or they're completely useless. Annoying as it is to get these apps installed by default, what's even more annoying is the fact that most vendors generally give you no choice to get a computer with a "clean"/base operating system installed.

Given the razor-thin margins in the PC industry, vendors cannot resist augmenting their bottom line through such deals with application vendors.

However, little attention has been paid to the crapware that comes with the operating system itself. For instance, why does a server OS need Windows Media Player installed by default? Cursors of different shapes and sizes? Themes and wallpapers? NetMeeting? It's a long list.

It's a common practice in many organizations, where servers are deployed/redeployed on a regular basis, to build a secure server image sans all these apps and services that are of no use on a server (further locked down using the organization's secure server build procedures).

Luckily, that's not the case with Longhorn server. None of the crapware or desktop-like apps get installed by default. Should you want to, features like "Desktop Experience" can be installed.


Click here for a complete screenshot

Additionally, Server Core - a barebones install of the OS sans the Windows Explorer GUI interface (can be managed locally from the commandline or remotely from a workstation with management tools installed), and purposing a server based on server roles - 17 of them available in Beta3, ensures Longhorn servers are leaner, with a reduced attack surface.

It's important to realize that the Windows management experience is going to change from the everything-turned-on-by-default model of previous versions of Windows (server and client OSes), where you disabled or removed the components you did not need, to one where you get a basic install that makes the OS functional, requiring other components to be added/enabled/configured later, as required.

One component that does get installed by default is Internet Explorer. It would be great to get rid of this as well - though a web browser may be seen as an essential component of the OS by many, particularly - as the argument goes - for the ability to download patches/updates/drivers, etc., do you really want to browse web sites from the server? Using IE?

Computerworld: The deal on the Windows DNS bug

The still unpatched Windows DNS Server bug has been the topic of many a security discussions during the past few days. If you're running your DNS on a Windows Server (using DNS Server service), this affects you. Computerworld's Gregg Keizer has a nice write-up about this issue that I just stumbled upon, thanks to Sunbelt Software's WServer News newsletter.

According to Computerworld, there are at least 5 exploits in proof-of-concept form floating out there. Chris Budd from the Microsoft Security Response Center says Microsoft has "teams around the world working twenty-four hours a day". An update/hotfix is expected around May 8th, in time for next month's Patch Tuesday.

Update on Vista's Auto-tuning: problem limited to hotels

Ran into Steve Riley (Steve is Microsoft's senior security strategist in the Security technology unit, and a "hypnotic" speaker with a great sense of humor. His sessions at technical conferences like Microsoft's TechEd are popular and frequently standing room only... ) at Exchange Connections earlier today. I complained about Vista's auto-tuning feature and my experience with it [read previous post "Windows Vista won't get newsgroup list from news.microsoft.com"].

He directed me to his blog post, where he talks about this feature, and the fact that this problem with auto-tuning is generally seen only when connecting from hotels. Come to think of it, I didn't see the problems mentioned in the above post until this week in Orlando, toting a laptop running Windows Vista as my primary laptop. (However, it doesn't explain the problems I've had copying large files, as mentioned in the post - but I'll have to test some more once I get home to come to a conclusion.)

Read more in this post titled "Windows Vista v/s Hotels" on Steve's blog.

Windows Vista won't get newsgroup list from news.microsoft.com

Unsettling as the loss of a laptop is - with plenty of other data, I also lost my "database" of over 7000 posts to Microsoft Exchange public newsgroups :( - it is even more unsettling to use a temporary laptop that's running a new operating system - Windows Vista.

Don't get me wrong - I love Vista, I love the new UI, and no matter what the detractors say I would move for the new UI and the Aero Glass interface. I've been using it on a second/standby laptop in the past, but not as my primary one. Now I have no options but to use Vista as it shipped on this laptop.

I fired up Windows Mail client to get to the Microsoft newsgroups, and Vista would keep timing out after about 60 seconds, showing me Exchange newsgroups for every other language but English! After Googling it for a little bit, the conclusion was Vista's auto-network tuning feature was the culprit.

I turned it off using the following command:
netsh interface tcp set global autotuning=disabled

Voilà - the problem's gone, I instantly got the entire list of newsgroups!

Another issue that this auto-tuning feature was clearly responsible for - I could not RDP to my servers at home - it created the connection, I can see the server's screen but it's blank - no login GUI (GINA) from those servers. When I VPNed into work and tried to access the servers using RDP from a Windows Server 2003 box, it worked like a charm.

The above fix took care of that as well, and I could RDP directly from Vista. Yes, that's weird - I've used Vista before on the other laptop and it never had these issues...

Nevertheless, I'm happy I got both of the above fixed, and in the process realized the issues stuff like auto-tuning might be creating for users. I've stopped claiming any kind of expertise on client operating systems for a while now, so I'm not sure under what scenarios the auto-tuning feature may actually be useful. For what it's worth, these are the performance enhancements from the "next generation TCP/IP stack".

On a second thought, this probably explains the inability to copy an 18 Gig virtual machine image (VHD file) on another laptop running Vista - it would get stuck at 5% and not move beyond that. Windows XP copied the same file in a few minutes!

What is the *real* maximum password length?

I've for long been an advocate of using long passwords, using entire phrases/sentences instead of a single more complex but short password.

Some Windows Server 2003 documentation states the maximum password length is 28 characters (e.g. Enforcing Strong Password Usage Throughout Your Organization says "Although Windows 2000, Windows XP, and Windows Server 2003 support passwords up to 28 characters, ... "). The Change Password dialog box that users normally use (the one that shows up when you choose Change Password after hitting CTRL-ALT-DEL) lets you enter only 26 characters. Using AD Users & Computers, you can reset it to 32 characters.



Adding to the confusion, the help text for the Reset Password dialog box states that it provides space to type a password up to 127 characters (which it doesn't, as we've seen in the above screenshot - it's limited to 32 characters).



What's the real maximum?

The Answer: The ResetPassword dialog box does provide a space for up to 127 characters. However, the way the edit box controls work (in the above Reset Password dialog box), when you continue to enter characters past the 32-character width of the control, it does not scroll characters to the left, but continues to accept the longer password. This can be observed when you delete the long password - it deletes the 32 visible characters (though it doesn't visibly display the scrolling effect, it has indeed scrolled), then scrolls to the left to display the remaining characters in the 32-character window. Here's a Flash demo that shows that. :)

In the above demo, when the password being entered reaches the visible limit of the edit box, you feel it's not taking the rest of the password. Wait a few seconds till the password is being deleted.

The Change Password dialog box behaves similarly.

Windows Vista RoI: BitLocker drive encryption enough to justify upgrades?

According to analyst Jon Oltsik of Enterprise Strategy Group, Windows Vista's BitLocker drive encryption system provides enough RoI to justify the upgrade for enterprise customers. PC encryption tools have now become a "must-have" and most enterprises are considering deploying such tools.

Standalone drive encryption utilities cost $100-$200 per system in acquisition cost alone. Add to that installation, configuration and ongoing support costs, and the upgrade to Windows Vista - which includes drive encryption (and other security and management features) - begins to look quite attractive.

More on CNET News.com - "Windows Vista and the secret of full disk encryption".

Installing Windows Server 2003 Admin Tools on Windows Vista

Like many IT folks, if you're ahead of the pack and now have Windows Vista RTM running on your laptop or workstation, you're probably wondering about or may already have tried running Windows Server 2003 admin tools (adminpak.msi) and Exchange System Manager on Vista.

These admin tools are not officially supported on Vista yet. MVP Daniel Petri has a workaround for installing adminpak on Vista. We'll probably have to wait a little longer for Exchange System Manager.

Short complex passwords easier to crack than simple long ones

Infoworld columnist Roger Grimes provides some interesting information in his Security Adviser column about (short) complex passwords being easier to crack than longer "non-complex" ones. I've always encouraged users to use phrases or short sentences as passwords rather than sticking to the short password lengths imposed by I.T. departments, and Grimes confirms that.

Some interesting tidbits:
-Conventional wisdom says that because end-users have 94 characters to choose from on a 101-key keyboard, breaking an eight-character, complex password -- out of 94^8 = 6,095,689,385,410,816 different possible passwords -- is not a trivial task.

- .....if you require an eight-character-minimum password, most users will choose an eight-character password.
- If you require a capital letter, they will put it at the beginning because we are trained in writing class to do that.
- If you require a number, most users will put the number at the end, and the number will be 1 or 2.

-Even though users have 94 characters to choose from on the keyboard, 80 percent of passwords will contain the same 32 characters and symbols -- as mentioned in my previous columns. Most passwords by English authors contain a root English word, many of which can be found in a password-cracking dictionary containing just 30,000 words.

Grimes actually ran a contest to have password hashes cracked, with interesting results. Read the entire column on infoworld.com.

And when it's time to implement a new password policy, think about raising the minimum character length, and going lighter on the complexity bit.... because the complexity part is what forces users to do crazy stuff like write passwords on sticky notes and paste them on monitors! :)

Chat with your Windows MediaCenter!

As reported by Engadget.com, you'll love this concept and way geeky app to remotely tell Windows MediaCenter to record a tv show - just chat with it over MSN Messenger!

Stuck in a car with no way to record a tv show? You can now do it over a Windows Mobile phone (signed in to MSN/Live Messenger of course!). The idea of having an interactive dialog with a bot that can give you your tv guide listings and walk you through recording a particular show never occurred to me, but as the author suggests this is the next best thing to actually being able to call your Windows MediaCenter PC on the phone and simply talking to it.

As a sidenote, having worked at Nuance - the leading speech (recoginition is one part of it... ) company - not very long ago, I feel strongly about speech apps, and I'm super-excited about Exchange Server 2007's Unified Messaging (Outlook Voice Access, AutoAttendant, et al) capabilities.

Talking to your MediaCenter PC can't be too far away, given reports of Windows Vista's built-in speech interfaces (no, I have't had a chance to test any of that yet.... ). However, till such an app comes into existence, you can go to brains-n-brawn.com to find out how the /mobileRecord bot for Windows MediaCenter works.

Add/Remove Windows Components and other time-saving shortcuts

Keyboard/command-line short-cuts that get you to a particular control panel applet or Windows dialog box are usually such great time-savers if you use them enough and (therefore) can remember them. Here's a list of some great time-saving short-cuts - (some will impress even your IT Pro colleagues... ):

The number one time-saver for me is the command to:

1. Open Add/Remove Windows Components dialog box - usually accessed from Add/Remove Programs, 4 mouse-clicks that really slow you down if you do this on a frequent basis. (The Add/Remove Programs applet itself takes a while to open before you can press the Windows Components short-cut):
control appwiz.cpl,,2

2. Add/Remove Programs - if you haven't already guessed it:appwiz.cpl

3. Network Connections applet: ncpa.cpl
What would be really cool along with this: being able to get to TCP/IP Properties of a network interface... has anyone figured that out yet?

4. Display Properties: desk.cpl

5. To set resolution, et al from the Display properties, Settings tab:control desk.cpl,,3

6. System properties: sysdm.cpl
System properties | Computer name: control sysdm.cpl,,1
System properties | Remote: control sysdm.cpl,,6
List of all values for System properties
General(0), Computer Name(1), Hardware(2), Advanced(3), System Restore(4), Automatic Updates(5), Remote (6)

7. Active Directory Users & Computes: dsa.msc
8. Active Directory Domains & Trusts: domain.msc
9. Active Directory Sites & Services: dssite.msc
10. DNS Management Console: dnsmgmt.msc
11. Computer Management Console: compmgmt.msc
12. Disk Management: diskmgmt.msc
13. Show Desktop (minimizes all programs): Windows key + D
14. Hibernate (great for a short-cut that you can than place in the quick launch bar in the Task Bar: %windir%\system32\rundll32.exe powrprof.dll,SetSuspendState Hibernate
15. Event Viewer (an old NT favorite): eventvwr

Using Consolas as the Windows console font

If you don't like the font choices (or lack thereof) in Windows console, or want Consolas (a new font available by installing IE7 or Windows Vista) as your console font, you can add it as an option by going to HKLM\Software\Microsoft\WindowsNT\ CurrentVersion\TrueTypeFont.

Scott Hanselman shows you how in this blog post.

Question for the Windows Vista folks - why not make it available as a choice by default? As the name suggests, it's an ideal fit for the console/text-based apps.

Calibri - a new font from Windows Vista

I recently saw a new font installed on my "production" laptop (running Windows XP SP2) - Calibri. It's a beautiful typeface, and one I started using immediately as the default in Word documents and email. My earlier attempts at using another font that seems to have been installed with Vista (no, I don’t have Windows Vista beta/CTP installed on my production laptop yet… but more about that in a moment) became quite unpopular around here – Cambria it was, iirc.

I’m trying to figure out if it was the IE 7 beta that installed these fonts on my laptop, or perhaps Office “12” beta.

Either way, as someone who’s very interested in typography and graphic design, I do love Calibri enough that I’m using it for this blog. You may (or may not… ) have noticed the change when you view these pages in your browser. If you don’t have the font, it will get substituted for some other sans serif font on your computer.

If you’re curious enough to find out what Calibri looks like, here’s a blog that displays it as a graphic. If you search the web, you may be able to find links to download the font.

I would love to find out what you think about Calibri – leave a comment here if you feel strongly about this font (and the others included with Windows Vista / IE 7 / Office “12”).

Useful Utility: SysInternals Process Explorer

A trusted friend of most experienced Windows folks, Process Explorer is one of Sysinterals' bag of free utilities that provide welcome relief from some of Windows' quirks and inadequacies.

I have found Process Explorer extremely useful and a great substitute for Windows Task Manager. On the topic of Task Manager, have you seen it change a lot since NT 4.0 days? There have been some improvements, but it's time Microsoft replaced it with something more extensive and powerful.

Process Explorer provides a lot of info about processes. In particular, it shows you all services running in the svchost processes. It also shows all files open/locked by a particular process. Ever tried to delete/replace a file and kept getting "file in use" errors with no clue as to which process was holding the particular file hostage? You can use PE to detect the process and kill it.

Besides, it can show DLLs being used, and has search capability to search for a file handle or dll.

You can download Process Explorer from Sysinternals web site: http://www.sysinternals.com/Utilities/ProcessExplorer.html

Q. How do I see memory consumption of each process in Process Explorer?
A. View | Select Columns | Process Performance | select Working Set Size.

SID error on cloned Virtual Server / VPC / VMWare OSes

If you simply copy an existing Windows OS image to create multiple virtual servers/workstations, and try to log on to a domain controller, you may get the following error:

The system or security ID (SID) of the domain specified is inconsistent with the trust information for that domain.

This happens because the SID of the computer was not changed when you made a copy of the virtual hard disk containing the OS. A good way to use a base drive image would be to Sysprep it first.

Nevertheless, if you haven't done that, log in to the computer locally. Use the PsGetSID and NewSid utilities from Sysinternals web site (www.sysinternals.com). Use PsGetSID (command-line - type PsGetSID to get the SID of local computer, copy to notepad, type PsGetSID \\DomainController -u username -p password to get the SID of the domain controller, and compare the two. If they're the same, now you know the reason why.

Proceed with the NewSID utility to generate a random SID for the computer. This takes a little while as NewSID replaces the old SID with the new one in the registry, amongst other things. Once done, the computer will reboot automatically (there's a checkmark to reboot... leave it unchecked if you don't want to reboot.)

You can now log in to the domain without getting the SID error.

The 24-hour Linux phenomenon

Interesting observation by InfoWorld columnist Neil McAllister. He quotes Jim Allchin (Group VP of Platforms at Microsoft).

Excerpts from the Open Enterprise column (emphasis mine). Standard disclaimers (including "take this with a pinch of salt") etc. apply... I do think there's some element of truth in this - having heard from or of people who've bought cheap desktops with unheard of OSes and installed Windows.... or taken Apple's "Switched" campaign too seriously and then returned to Windows... few hundred (or thousand) dollars poorer.. :

Microsoft gave up pretending that Linux isn't a threat to its Windows server business a long time ago. But when the soft-spoken Allchin first brought up the server market during our conversation that afternoon, he dropped the L-word with such candor that I was frankly shocked.

"Linux is the expected winner," Allchin says, "with its lineage from Unix. But we're happy, because we're winning market share." Got that? Not only is Linux a formidable competitor in the server market, but now Microsoft actually paints itself as the underdog.

Allchin was far less charitable (about Linux on the desktop) ..... attributing Linux's reported growth in the desktop market to something he called the 24-hour Linux phenomenon."

According to Allchin, most customers who buy a new computer outfitted with Linux instead of Windows are doing it solely as a cost-cutting measure. They avoid the Windows license fee at the cash register when they ask for systems with Linux preinstalled. Once they get the hardware home, however, that Linux OS is quickly erased and replaced with a pirated copy of Windows -- often within 24 hours.

Allchin calls the practice of replacing the default OS with Windows "flipping," and he says it's particularly prevalent in Asian markets, where software piracy is rampant. In China, he says, shipments of desktop Linux are actually declining. The reason? Vendors who once shipped systems with Linux preinstalled are now switching to free or low-cost versions of DOS. That's because it's a lot easier for a customer to flip a system loaded with that bare-bones OS than it is to flip a comparatively more Byzantine Linux system.

Read it on Infoworld.com - http://www.infoworld.com/article/05/04/25/17OPopenent_1.html

Long string error viewing/editing Group Policy in GPO editor

If you try to view/edit a GPO in the Group Policy Object Editor on Windows Server 2003, Windows 2000 Server or Windows XP SP1, you get an error [screenshot]:
The following entry in the [strings] section is too long and has been truncated.

Why does this happen? Older version of GPO Editor cannot interpret some string types with more than 255 characters. You will typically see it when you edit the GPO from a workstation and later try to view/edit the GPO from the domain controller (or another workstation/server). KB842933 explains this in detail and has hotfixes.

Windows 2000 (SP3/SP4): Windows2000-KB842933-x86-ENU.EXE

Windows XP: WindowsXP-KB842933-v3-x86-enu.exe
NOTE: Not an issue with Windows XP SP1.

Windows Server 2003: WindowsServer2003-KB842933-x86-enu.EXE

Reinstall XP without activation

Ever needed to reinstall the OS on the same system and wondered if it'll still activate?

This lets you reinstall Windows XP without having to activate it again:
1. Copy the file %systemroot%\system32\wpa.dbl (to removable media like floppy/CD if you plan to reformat the drive and do not have any other partitions/drives in your system)
2. Reinstall Windows XP
3. Copy the file back to %systemroot%\system32

This only works if you are reinstalling XP on the same hardware - it's not a mechanism to use the same copy of XP on another system and bypass activation.

Alternatively, (if setting up from a network source or creating a bootable CD) copy WPA.DBL to $$\OME$\$$\system32.

Activating during unattended installation
To activate Windows XP during an unattended installation, insert the following line in the [Unattend] section of your answer file (unattend.txt or winnt.sif):
AutoActivate = YES

Note: %systemroot% is a system variable that points to your Windows installation directory, usually C:\Windows.

Windows Beats Linux in Live Security Contest

Interesting... I've since long held Windows as a more easily "securable" (provided you know how) OS.

This just came in - from WinInfo Daily Update (Paul Thurrott, creator of SuperSite for Windows, part of the Windows IT Pro mag network).
-----------------------------------------------------

Windows Beats Linux in Live Security Contest

During a live duel of sorts between backers of Windows 2003 and Red Hat Enterprise Linux during the RSA Conference 2005 this week in San Francisco, a surprising victor emerged.

Based on the previously agreed upon rules, Windows 2003 came out ahead, emerging as the more secure OS.

How could this happen, you ask? After agreeing to terms, backers of both OSs evaluated the security-oriented performance of Windows 2003 and Red Hat Enterprise Linux during the past year, looking at such key criteria as number of reported security vulnerabilities and the amount of time that elapsed between the public disclosure of a security flaw and the release of a fix. But doesn't the open-source model practically guarantee that fixes are released more quickly than they are with proprietary OSs? I guess not.

Results of the competition will be released next month, but here's the gist: Windows 2003 won every part of the competition. It had fewer flaws overall. The average time between Windows 2003 flaw reports and fixes was less than half that of Red Hat Enterprise Linux. Less than half.

Does this mean that Windows is more secure than Linux on the server? Not necessarily. But it certainly provides an interesting real-world example of why assumptions about Linux security are completely bogus, as I've often noted.

Track Hotfix/Patch Installation

What's the best way to track when and which hotfixes/patches were applied? It's an endless debate amongst IT pros. Some would like to do it through dedicated patch management software. Some store this info in databases, even spreadsheets.

Here are a few handy ways to track this info - I've used a combination of these to track stuff.
i) On Dell servers installed using Dell's Server Assistant CD, there's a installsummary.htm file in the root (C:\). Every time I apply a bunch of hotfixes/patches, I simply open this html file and add the info at the very bottom of the list. If you do this from Windows Update, all you need to do is copy the list of hotfixes from the Windows Update web page (AFTER it finishes installing, but before you hit OK to reboot if a reboot's required). Just add a line break tag at the end of each line.
Additionaly, I also copy this html file to a web server every time I do this, adding the server name to the end of the filename.

ii) For all recent hotfix installations, just filter the System event log for Event ID: 4377, source: NtServicePack. This event lists the hotfix applied, date, time and the username.

Got Win2003 Adminpak on XP and don't see the Dial-In tab..

Adminpak installed on XP Pro does not reveal the Dial-In tab on user's properties.

Here's how to make it show up :
Registry Entries - copy the following text in notepad and save as dialin.REG (don't forget to change file type drop-down to All):

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\RasDialin.UserAdminExt]
@=""

[HKEY_CLASSES_ROOT\RasDialin.UserAdminExt\CLSID]
@="{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}"

[HKEY_CLASSES_ROOT\RasDialin.UserAdminExt.1]
@=""

[HKEY_CLASSES_ROOT\RasDialin.UserAdminExt.1\CLSID]
@="{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\NodeTypes\{19195a5b-6da0-11d0-afd3-00c04fd930c9}\Extensions\NameSpace]
"{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}"="RAS Dialin - User Node Extension"

Then double-click the file or on command prompt type :
Regedit /s dialin.reg

Type the following commands - replace ServerName with a Windows Server 2003 domain controller:
cd /d %SystemRoot%\System32
copy \\ServerName\Admin$\System32\mprsnap.dll *.*
copy \\ServerName\Admin$\System32\rasuser.dll *.*
copy \\ServerName\Admin$\System32\rtrfiltr.dll *.*
regsvr32 rasuser.dll

Now open AD Users & Computers console and check a user's properties. The Dial-In tab should be there.

[From John Saviill's FAQ in Windows & .NET mag.]

Calling Control Panel applets from shell

A list of command line options for calling control panel apps. Particular pain points - adding/removing programs and Windows components takes too many mouse clicks, and so does getting into a network adapter's TCP/IP properties.

You can call the Add/Remove Programs wizard by typing appwiz.cpl, and to get into Add/Remove Programs | Windows Components - type: rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,2