This is the second article in my series about the Vista v. Windows XP issue. In my last post I replied to an InfoWorld article by Randall C. Kennedy, who claimed that Vista did not really improve security. Today I will discuss Vista’s new capabilities regarding manageability. The text in italics summarizes Kennedy’s view.

Vista has a couple of features that improve its manageability, such as the ability to restrict access to external media devices, easy deployment of printer drivers and, most noteworthy, the image-based installation. However, myriad third-party tools also offer those features for Windows XP. That’s why moving to Vista provides little or no ROI from a systems management perspective.

(more…)

I have been asked to write an article about the Windows Vista vs. XP issue for the German magazine Computerwoche. They translated an InfoWorld article by Randall C. Kennedy which is one of the best Vista bashing articles I read so far. After reading it, I was attracted by the challenge to defend the Vista pro stance. I agree with some of Kennedy’s views, but quite a few of his claims distort the real picture, in my view.

His article addresses eight fields: Security, Manageability, Reliability, Usability, Performance, Hardware compatibility, Microsoft software compatibility, Third-party software compatibility, Developer tools support, and Future-proofing. Today I will only cover the security aspect. In future posts I will blog about the other fields. Not all of them deserve a single post though.

(more…)

Some days ago, I was rumbling against the confusion about the availability Service Pack 3 for Windows XP. After that, the confusion continued. One of our admins mailed me an article about Microsoft’s decision to pull SP3. He wanted to tell me that this service pack might not be ready for prime time and that we better wait some time before we start deploying it. What I found interesting is that he didn’t notice the reason why Microsoft stopped delivering XP SP3. There is an incompatibility with Microsoft Dynamics RMS. Well, we don’t use this software and that certainly also applies to 99.99% of all Windows XP customers.

I think my colleague was not the only one who perceived Microsoft’s back-and-forth behavior this way. It just makes an unprofessional impression if a company has to withdraw a new product because of technical issues. Some commentators wondered if Microsoft doesn’t test Windows service packs with their own products.

(more…)

The feature complete Beta of System Center Virtual Machine Manager (VMM 2008, sometimes you read SCVMM 2008) is available for some days now. Microsoft’s new management tool for centralized deployment and management for Virtual Server 2005, Server 2008 Hyper-V and VMware ESX can be downloaded via Microsoft Connect. Today I had a quick look at it. This post will also give you some tips on how you can test VMM 2008 if you already work with Virtual Machine Manager 2007.

Considering the fact that VMM 2007 was released in September 2007, VMM 2008 has quite a few interesting new features. Most prominently are certainly Hyper-V and VMware ESX support. I will probably blog about the new features in another post. Today, I am just sharing some experiences I had when I played a little with VMM 2008.

(more…)

Every new Microsoft server operating system brings Active Directory related enhancements. It seems to me that Windows Sever 2008 introduces even more of such new features than its predecessors. I have already covered Fine-grained password policies, Read Only Domain Controllers (1) (2) (3), Active Directory Auditing, Active Directory Domain Services (AD DS), Active Directory snapshots in detail. Some of these new features work with lower DFLs, i.e. Windows 2000 and Windows Server 2003. The four new features discussed in this post require upgrading to DFL Windows Server 2008.

(more…)

Active Directory Reporting Tool (ADRT) allows you to sort user objects depending on a couple of important attributes: disabled, locked, expires, never expires, expired, password expires, password never expires, password expired, and never logged in. You can get this information with Microsoft’s built-in Active Directory tools also. However, with ADRT, it costs you just a mouse click to find out which users in your domain have been disabled for instance.

(more…)

Rate this tool: (13 votes, average: 4.08 out of 5)

 Loading ...

Submit favorite free admin tool | Free tools ranking list | Descriptions of all tools

One of the features Vista’s UAC lacks is a way to temporary disable it without reboot. Under Linux you can just run the su command if you to have to accomplish several tasks that need root privileges. Vista and Windows Server 2008 don’t have such a feature. The only way to get rid of the UAC prompts temporarily is to logon with a domain administrator account. But sometimes this is very inconvenient. This is where a nice workaround, which I found in the Windows IT pro magazine (April 2008, p. 10) can be quite useful.

The trick is to elevate the desktop shell (explorer.exe), temporarily. Any tool that is launched from an elevated application will run with administrator rights. And best of all, UAC will not display its disturbing prompts from then on. The downside of this solution is that you have to kill the explorer process, first. You can just imagine the problems, it might cause. So I would recommend using this workaround with caution.

(more…)

AcessEnum from Microsoft’s Sysinternals tool collection enables you to list user accesses to a tree of directories or registry keys. With Windows Explorer or a registry editor you can only view access rights for a particular object, a certain folder, for example. If a directory has many subfolders it is difficult to figure out if access rights have been configured properly.

AccessEnum only lists the users and groups who have read or write access and where the deny attribute has been set. In most cases that should be enough though. What I like most about the tool is that it allows you to compare the current configuration with saved settings. This way you can easily find out if someone manipulated access permissions on a certain directory structure. If you right click on a column you can access the folder’s properties and you can also exclude a folder with its subfolders from the list.

(more…)

Rate this tool: (2 votes, average: 2.5 out of 5)

 Loading ...

Submit favorite free admin tool | Free tools ranking list | Descriptions of all tools

Okay, this is the last post in my series about the 32-bit or 64-bit question. I don’t expect this poll to be generally valid since 4sysops readers are probably more adventurous when it comes to adopting new technologies. IT pros are used to fighting with computer-related problems all day. So they are not that much frightened of theoretical troubles that a new operating might pose.

Usually, that also applies to me. I am still a bit hesitant to make the 64-bit move, though. I will buy a new laptop soon and I am considering of equipping it with 4GB because I want to run VMware Workstation on it. So I am curious to know your view. You might have read my posts on Vista x64 or have made up your mind already. Perhaps, you even have experiences of your own. Some of you already shared your opinion in my original post about that issue.

(more…)

This is the third post in my series about the Vista x64 vs. Vista x86 issue. In my first article, I claimed that CPU performance is not really a good reason to jump on the 64-bit bandwagon at the moment. In my last article, I wrote that software compatibility is only a theoretical problem now, and today, I want to discuss hardware compatibility.

Availability of 64-bit device drivers

The fundamental difference between software and hardware compatibility is that most 32-bit apps work flawlessly on Vista x64, whereas 32-bit device drivers are usually useless on a 64-bit Windows. Hence unlike software vendors, hardware vendors have no other choice than to offer 32-bit drivers and 64-bit drivers for their devices. Additionally, only drivers signed by Microsoft will work on Vista x64. This certainly improves security because kernel mode drivers are an attractive target for malware.

(more…)