Category Archives: Windows 8

Battery Up: Windows 8.1 on the Surface Pro 2

IMG_0031I have already bragged about the Surface Pro 2, and I still love it and that has not changed.  It took a lot for it to supplant my Lenovo X1 Carbon as my primary device (my original Surface Pro was always simply a companion device).  The device rocks, simply put.

One thing that I don’t particularly care for (and this is an issue with Windows and not with the Surface) is that the battery life indicator is wonky.  For example, a few minutes ago it told me that I have 10% of my battery left, or 25 minutes.  By that simple math, the theory is that the battery is good for 250 minutes – or a little under five hours.

IMG_0088That means I’ve already gotten five hours out of it, and there’s a bit under 30 minutes to go.  By my math that’s 5.5 hours right there.  I also know that I used it last night for an hour and did not charge it since… that makes 6.5 hours, not to mention that I have also used it today to charge my smartphone as well as my Kobo book reader.

I did not list my X1 Carbon for sale on eBay because I don’t like it… I really do, it is a spectacular device.  (If you would like to buy it by all means the bidding is open! http://www.ebay.com/itm/201053760576?ssPageName=STRK:MESELX:IT&_trksid=p3984.m1555.l2649)  I am selling it because I do not need two nearly identical devices (as far as specs go).  The Lenovo has a 14″ multi-touch screen, and the keyboard does not detach.  I have the docking station for the Surface Pro, and when I am at my home office it automatically connects to two 21″ monitors.  When I am on the road (I am almost ALWAYS on the road) it is still a comfortable high-definition screen that will double as a tablet when I detach the keyboard.

My Lenovo came along with me wherever I went… along with it came whatever else I would pack into my Briggs and Riley rolling laptop bag… my ultrabook that weighs less than 4lbs ended up weighing in at 25-30lbs on a regular basis, just for what went with it.  My Surface, on the other hand, goes into a much smaller messenger bag, which in turn weighs less than 10lbs when completely filled… and carries everything that I need, rather than everything I think I might need.  Smaller bag, less weight, better on the back.

Add to that the battery life of over six hours, and that it runs Windows 8.1 with Hyper-V and all that entails, and I don’t see the need for another device… at least not now.  I am sticking with the Surface Pro, and hope to recuperate the entire price of the device when I sell off the Lenovo!

Surface Pro 2: Oh yeah!

It is not so hard to believe that it has been a year since I bought my Microsoft Surface Pro.  I liked it, but as I am not an average computer user, it did not take too long for me to realize that it was simply not powerful enough to be my primary laptop.  Don’t get me wrong, it was a great companion device, and I used it as such for the past year.  It was great for e-mail, web surfing, and e-book reading.  I watched a ton of movies and TV shows on it, but that was really the extent of what I used it for.  The long and the short of it is that once it was relegated to the secondary role, I could have settled for the less expensive (and even less powerful) Microsoft Surface with Windows RT.  What’s done is done though.

Following the launch of the Surface Pro 2 I noticed that the specs were identical in most (and superior in some) aspects as my primary laptop.  I decided to give it a try… the last week of January I stopped into the Microsoft Store in Yorkdale Mall (Toronto) and picked one up.  Of course money being a factor, I decided to settle for the 4/128 base model (4GB RAM, 128GB SSD).  For $999 it was not as powerful as I wanted, but to try it out…

surface-pro-2I spent precisely a week with it before I realized that if it was a little more powerful this could be my primary laptop.  I debated and debated… and then when I got a $50 gift card for the Microsoft Store I decided to bite the bullet… the store’s return policy is 14 days, so on Day 11 I went back… only to find out that they were completely out of stock.  However, they told me, the new Square One location had plenty in stock.  I hopped into my car and zoomed down there.  Yay, they had it!

One of the things I really appreciate about dealing with the Microsoft Store is that whether I have my receipt or not they can look up my past purchases by e-mail address.  They found my most recent transaction, and within a few minutes they exchange was done.

**FEATURE ALERT!**

Mitch-SurfaceWhen I started using the original Surface Pro last year I was worried that 128GB of storage would drain pretty quickly, so I also bought a 64GB Micro-SD card, and through the magic of Windows 8 I configured most of my profile (documents, pictures, videos, downloads, desktop) to redirect automatically onto that chip, which I left inserted permanently (See article).  While I never came close to my 128GB storage limit on the device, this strategy made migrating my data the simplest of operations… I took the Micro-SD card out of the old machine, inserted it into the new, and redirected the appropriate folders.  Done.  Between that and SkyDrive, I am loving Windows 8.1 more and more every day!

**How does it feel?**

With zero exceptions, the only thing that is slightly less comfortable on the Surface Pro 2 (in comparison to my Lenovo Carbon X1) is the keyboard.  I still like a full sized keyboard, and that is lacking when I am on the road.  However the Surface 2 Type Keyboard (now backlit!) is great in almost every respect… I am just not a fan of the mouse pad, but as I almost always use an external mouse (and touch screen and stylus) it is really mostly irrelevant.  I still would not have cared for the touch keyboard, but the tactile ‘I can feel the keys when I type’ keyboard is great – I am a fast if not great typist, and I do not find myself making any more or fewer typing mistakes on this keyboard than I do on the laptop.

**How long does it last?**

That, of course, is the $64 question.  The simple answer is that I don’t know yet… I have not run the battery down.  However the 128GB model that I replaced with this one charged overnight Friday, and I used it for demos all day Saturday at the Microsoft Store… it wasn’t until midday Sunday that I needed to plug it in.  As for this model, I charged it overnight Tuesday, and will not plug it in again until the battery dies.  I will report back the results.  However remember again, this is the only device I am using this week, and I already have a couple of virtual machines running so while results may vary, I assume I will be on the lower end of expectations.

One thing I was told with regard to the battery life is that the firmware update (available from Microsoft Updates) greatly improves the battery life… I applied the update yesterday, so it shouldn’t adversely affect me.

**How are you managing it?**

Because I am no longer ‘with’ Microsoft, I don’t really want to join the Surface Pro to a domain.  No problem, I have a subscription to Windows Intune, and I simply installed the agent and poof… I can manage it, and aside from that (and patch management) the Windows Intune Endpoint Protection (WIEP) began protecting the computer right away.  For my money there isn’t a better product on the market for what it does.

**But can I do…**

Mitch-SurfaceI got a call this week from an old friend asking if his customer would be able to install his own software on the Surface Pro.  In fact, the Surface Pro is a complete Windows 8.1 machine with no exceptions or limitations.  It runs Windows 8.1 Pro (although that can be replaced with Windows 8.1 Enterprise for corporate users).  It has a kick-ass Sandy Bridge CPU, and as I said… it does everything that my Lenovo does.  In fact, when I travel I can leave the Lenovo at home and just take its port replicator/docking station, because with the USB 3.0 port on the Surface Pro 2 that is all I need to transform it into a multi-screen workstation with all of the desktop peripherals in my hotel room.

Now with that being said, I just bought a Surface dock on ebay.com (they seem to be impossible to find otherwise) and am really looking forward to it… the device sits seamlessly in, and I can take it with me to my hotel whether that be in Japan or wherever… and just take the device when I go to the office or to a client (or a café or an airport).

**Summary – What do you think, Mitch?**

As I look at the Surface Pro 2 (and not how it compares to the Surface 2) I have to smile… it is a fully functional computer that weighs in at just under 2lbs.  The power supply uses the same connector as the stylus so you can either charge it or connect the pen, but that is a minor issue.  The fact that the power supply has a USB port to charge devices rocks by the way.

The ports – Mini-DV for whatever video I need, Micro-SD slot (discussed earlier), USB 3.0 port, and audio jack are fine for when I am on the go, and the ability to plug in any external USB  3 docking station or port replicator means that when I am at home (or semi-permanent space) I can plug in as many external devices as I want, especially my dual 21” monitors in my home office. 

The keyboard is great compared to everything else in its class, but when I am docked I will still have an external keyboard and mouse – I have an abundance of those anyways.  However I like having the options.

What do I think?  I think that what you spend versus what you get the Surface Pro is the best deal in town.  There are other great fully-functional tablets on the market, but this one has and does everything I need, and the price is right.

Oh by the way… there has been a lot of discussion about the addition of a second position of the kick-stand.  I cannot begin to tell you how much I do not care about that – Maybe at some point I will use it, but for now every time I have flipped it down I tried it for ten seconds and decided that no, I prefer the original.  However I am sure that some people will like it… it’s just not for me; it neither appeals to me nor bothers me.

Thanks Microsoft, for coming up with a device for me.

Now if you will excuse me, I have to go do something in Hyper-V.  What, you ask?  Anything I want… the Surface Pro 2 supports it!

An Epic Advantage to Windows 8 & the Cloud

The vast majority of computer users will never care about this.  That is because the vast majority of computer users use a single computer for years on end.  They use them at home, and then maybe (assuming it is a laptop) they take it to Internet cafes, possibly school or work, and likely on the road to hotels.  Most of these places will not have complex passwords for their wireless Internet.

WiFi1I do not fit into this category of computer user.

I have the following laptops that I use, either regularly or not, that all ‘belong to’ me in one semi-permanent way or another:

Lenovo Carbon X1 (my own)
Lenovo Carbon X1 (my Japanese corporate laptop)
Microsoft Surface Pro 2
2x HP EliteBook ‘server farm’ laptops

To make matters just slightly more complicated, I use most of them is all manner of places with complex passwords, ranging from companies that I visit to different hotels (many of which actually do have passwords for wireless) to cafes and restaurants and, of course, when I am somewhere without free WiFi I will tether any or all of these to my phone.

Now just to make things more interesting, let’s add the extra complications that a) I very often re-image these machines for any number of reasons, and b) many of them have virtual machines on them that also require access to the Internet.

Now, imagine I visit ten companies or people who have WiFi passwords like this: 2DE5A4210CBEE4.  Using the old way of doing things, every time I brought a different computer with me, or the same computer but re-imaged, I would need to re-enter the password.  What a pain.

So here’s the deal: I have not been to my parents’ flat in Montreal since July, when I was here with the entire family.  It was, as I recall, my first or second visit.  At the time I was not really using my Surface Pro (for my own reasons) so I was here with my Lenovo.  I must have connected to the network here at the time with the Lenovo.

In September when Microsoft released Windows 8.1 I re-imaged the Lenovo immediately.  I remember when I came back from Japan in November I thought it was acting wonky, so I re-imaged it at that point as well.  When I left Microsoft Canada in December I did not want to be out of license compliance by using their corporate image, so I re-imaged it again.  As for my Surface Pro, I re-imaged it in September as well, but then traded it in for a new Surface Pro 2 128 in January, and subsequently traded that one in for a Surface Pro 256 in February.

All of this to say that there is absolutely no way there was something left on a machine from my previous visit.

Last night when I was sitting in bed (in Oakville) organizing the newest Surface Pro the way I like it I noticed that I had not entered the WiFi password and it worked.  However there are all sorts of phenomena that could have explained that.  However when I got to my parents’ place in Montreal and I did not need a password for their WiFi I was thrilled… it is actually stored in your Microsoft Account profile.

WiFi2In other words, if you visit a friend today, get a new computer tomorrow, then visit them next week your new computer will automatically connect to the network for you.  Cool.

I was discussing the other day with a colleague how far we have come in the past thirty years with regard to computers.  They have certainly gotten easier to use and more convenient… to the point that sometimes we do not notice some of the improvements… at least, until someone writes about them. 

We are always so quick to point out the flaws in the technologies we use… the problems with new security features or features that were taken out.  When Microsoft releases a new operating system they usually put so many new features in that even their marketing and evangelism teams have to pick and choose the ones to really tout.  I suppose because (as I said in the opening lines) this improvement will only be very exciting for a select few, it didn’t make the list.  I will tell you though that had I known about it earlier I would have shouted it from the rooftops… because MY audience will care.

There are, of course, myriad benefits to using Windows 8.x with a Microsoft Account (SkyDrive, Windows Store, etc…) but this one is now officially on my list.  Is it on yours?  Let me know… and if not, what IS on your list?  I may not be an evangelist anymore, but I’d still like to know!

1-2-3-4-5 BitLocker 9-8-7-6-5

BitLocker Drive Encryption

BitLocker Drive Encryption (Photo credit: Wikipedia)

I was sitting in a planning meeting with a client recently in which we were discussing ways of protecting end-user machines, especially laptops that were in and out of the office.  The previous convention relied on BIOS locks that were proprietary to the hardware manufacturer, and required the end user to either enter two passwords or swipe their fingerprint on a sensor.  As the company planned to migrate away from the dedicated hardware provider and toward a CYOD (Choose Your Own Device) type of environment this would no longer be a viable solution.

As the discussion started about what they were planning to use to provide a second layer of protection from unauthorized access to systems, I asked if the company was still intending to use BitLocker to encrypt the hard drives for these machines.  When it was confirmed that they would, I presented the hardware agnostic solution: adding a PIN (Personal Identification Number) to BitLocker.

BitLocker is a disk encryption tool that was introduced with Windows Vista, and has been greatly improved upon since.  It ties in to the TPM (Trusted Platform Module) in your computer (included mostly in Enterprise-class systems) and prevents protected hard drives from being hacked.  Most people configure it and leave it there… which means that it is ‘married’ to the physical computer with the TPM chip.  However there are a few additions you can add.

Authentication has not changed much in the last few thousand years.  It is usually based on a combination of something you have and something you know.  Beyond that is it just levels of complexity and degrees of encryption.  So our TPM chip is something we have… but assuming the hard drive is in the computer, they go together.  So we need another way of protecting our data.  Smart cards and tokens are great, but they can be stolen or lost… and you have to have to implement the infrastructure with a cost (although with AuthAnvil from ScorpionSoft the cost is low and it is relatively easy to do).

Passwords work great… as long as you make them complex enough that they are difficult to hack, and ensure people change them often enough to stymie hackers… and don’t write them down, and so on.  However even with all of that, operating system passwords are still going to be reasonably easy to crack – to the knowledgeable and determined.  Hardware level passwords, on the other hand, are a different beast altogether.  The advent of TPM technology (and its inclusion in most enterprise-grade computer hardware) means that an encryption tied to the TPM will be more secure… and by adding a PIN to it makes it even more so.  Even though the default setting in Windows is to not allow passwords or PINs on local drives, it is easy enough to enable.

untitled1. Open the Group Policy Editor (gpedit.msc).

2. Expand Computer Configuration – Administrative Templates– Windows Components – BitLocker Drive Encryption – Operating System Drives

3. Right-click the policy called Require additional authentication at startup and click Edit.

4. Select the Enabled radio button.

5. Select the drop-down Configure TPM startup PIN: and click Require startup PIN with TPM.

At this point, when you enable BitLocker, you (or your user) will be prompted to enter a PIN when enabling BitLocker.

**NOTE: This policy will apply when enabling drives for the first time.  A drive that is already encrypted will not fall into scope of this policy.

By the way, while I am demonstrating this on a local computer, it would be the same steps to apply to an Active Directory GPO.  That is what my client will end up doing for their organization, thereby adding an extra layer of security to their mobile devices.

Windows To Go: Disk Behaviour

BitLocker Drive Encryption

BitLocker Drive Encryption (Photo credit: Wikipedia)

Recently I was explaining Windows To Go at a client site.  We had a few interesting discussions about the power as well as the limitations of the security features.

One attendee asked a couple of good questions:

1) Is there any way to block the ‘on-lining’ of your Windows To Go key in other installations of Windows?

2) Is there a way to block users from bringing local disks on-line from within Windows To Go?

While I did not have the answers off the top of my head, after some consideration they are actually quite simple.

1) Windows To Go is the equivalent of any hard drive.  Because the machines that you are meant to use them on will be unmanaged, it is impossible to prevent this.  However Microsoft does provide several different levels of protection:

  • The WTG drive is off-line by default;
  • When building the WTG key you can enable BitLocker
  • Although BitLocker on the WTG key cannot be tied to a TPM chip, it will have a password associated.

In other words, in order to compromise the key from another installation of Windows, you would have to bring the WTG key on-line, unlock it, and provide a password.  In other words, if you trust the person to whom you gave the key.  If you don’t, he probably should not be on your systems in the first place.

The second answer is probably a happier one.  Because Windows to Go is (or can be) a managed environment (including domain membership, Group Policy, and even System Center management) the key can be locked down as you see fit.  How you would do it depends on which of the tools you have at your disposal… but yes, this can be done.

I hope this helps you to make your environment more secure using Windows To Go!

What Have You Got?

With Windows 8.1 less than three weeks from GA, and Windows XP less than 200 days from end of support (#EndOfDaysXP on Twitter), I thought it would be a good time to write about the Microsoft Assessment and Planning Toolkit again, but only in the context of Windows 8 Readiness and maintaining a software and hardware inventory of the machines within your organization.

I used to work for a man who said that if you cannot measure it, you cannot manage it.  These are words I have lived by ever since.

The problem is it gets difficult to keep track of what you have in your IT environment, especially in environments where users are allowed to install their own software.  Don’t forget that software extends far beyond the major packages like Microsoft Office, it also includes things like readers and players.  Many driver packages will also install their own software, whether you realize it or not.

So how do you keep track?  The simple solution is to use a tool like the Microsoft Assessment and Planning Toolkit.  The MAP Toolkit is a Microsoft Solution Accelerator that will take an inventory of all of your machines.  Of course it does a lot more than that, like planning for virtualization and private/public clouds, but if you simply want to know what software you have installed, run the toolkit.

Downloading and Installing

The MAP Toolkit is a free tool from Microsoft, and can be downloaded from www.microsoft.com/solutionaccelerators.  The current iteration is MAP 8.5, and it is a 74 MB download.

Before you install it, you will need to have the .NET Framework 4.0, plus the 4.0.2 update.  If you are installing on Windows 8.1 it is there, but if you are on Windows 7 then you will need to download them.  The links are on the MAP Toolkit download page under System Requirements.

The installation is a PhD (Press here, Dummy!) installer… just keep pressing next.  Oh, you either opt in or out of the CEIP, and you do have to agree to the license terms.

The installer will install Microsoft SQL Server Express LocalDB if you do not have SQL Server installed (most of us do not have it on our laptops).

Getting Started

Before you begin you have to either create an inventory database, or use an existing one.  Let’s assume you don’t have one already, and name your database.  I usually name it after the company where I am consulting, as you can run the tool for multiple companies on the same machine.

In the MAP Toolkit 8.5 there are eight scenarios you can choose from:

MAP Toolkit 1

For the sake of this article we are going to stick with the second (Desktop) option, although you can experiment with the others as you wish.  In the navigation bar select the third tab (Desktop).

In order to do anything we need to collect the inventory.  In the Desktop screen at the top click Collect inventory data.

Because Microsoft realizes that there are a few non-Windows based computers out there, you can select both Windows computers and Linux/UNIX computers in the Inventory Scenarios window and click next.  (Note: If you are only doing Windows it will use WMI; if you are doing Linux as well it uses SSH.)

In the Discovery Methods window you have to determine which method you will use to discover computers.  The default is to use Active Directory.  You can also use other Windows networking protocols, SCCM, Scan an IP range, Manually enter computer names and credentials, or import computer names from a file.  Select your option then click Next.

On the next screen you have to enter the domain name, plus credentials.  This is the first of two places where you will be asked; for this time it is only to scan the Active Directory for the next step.  If you are not a domain admin then this is where you have to go ask someone who is for their assistance.  Once the information is entered click Next.

On the Active Directory Options screen you can determine whether you want to scan the entire domain (including sub-domains), or only a segment.  In a large organization the second option is probably smarter.  Once done click Next.

On the All Computer Credentials screen you need to create accounts that will actually be able to scan the computers themselves.  You may want to create multiple users (one for Active Directory, one for Linux, for example) for different types of systems.  Also if there are systems in different OUs and Domain Admin does not have access, you can create multiple accounts.

In the Credentials Order screen you can select which credentials to try first.  If you have thousands of AD computers and only a few Linux machines it makes sense that WMI is first; once a credential authenticates the tool will not try to use others.

On the Connection Properties screen you can change the TCP port that SSH uses to authenticate; by default it is Port 22.

On the Summary screen you can review your choices, then click Finish!  Your inventory is ready to run.

MAP Toolkit 2

The Inventory and Assessment window will begin detecting machines on the network.  Depending on the number of machines it can take quite some time, so be patient.  These numbers will continue counting up (Machines Inventoried) and down (Collections Remaining) until they are all counted.

Getting to and using the data

Once the data is all collected you will get a screen with five different scenarios pertaining to the desktop:

  • Windows 8 Readiness
  • Windows 7 Readiness
  • Office 2010 Readiness
  • Office 2013 Readiness
  • Internet Explorer Discovery

These boxes should display what percentage (and how many) of your devices are ready for each.  However you can drill down and get more information, which is where the inventory component comes into play.  Simply click on the Windows 8 Readiness box and the screen will display the Details page.  It will also (in the upper right corner) allow you to Generate Windows 8 Readiness Report & Proposal.  Click on that button and the MAP Toolkit will create two files for you: A Word document that you can customize with your logo and name to give to the client or to your boss, and an Excel spreadsheet with a detailed inventory of all of your hardware and software.  These files will be located in the %username%\My Documents\MAP\CustomerName directory.

If you are going to use these files for upgrade readiness, then you will appreciate that the 3rd tab along the bottom of the spreadsheet has three very helpful columns: Reasons Not Meeting, After Hardware Upgrades, and Reasons Not Upgradeable.  You won’t be left wondering what is wrong with your systems, you will know why they can’t be upgraded (and what must be done to mitigate that).  I found this very helpful when I was deploying Windows 7 to my son’s school several years ago; rather than replacing 25 computers I replaced 25 video cards and memory chips, and the deployment went smoothly after that.

The complete list of information provided by this spreadsheet is as follows:

Summary

  • Windows 8 Readiness
  • Before Hardware Upgrades
  • After Hardware Upgrades
    Assessment Values
  • Settings
  • CPU (GHz)
  • Memory (MB)
  • Free Disk (GB)
  • Flag Not Ready Video

Client Assessment

  • Computer Name
  • Current Windows 8 Category
  • Reasons Not Meeting
  • After Hardware Upgrades
  • Reasons Not Upgradeable
  • Notes
  • WMI Status
  • IP Address
  • Subnet Mask
  • Current Operating System
  • Service Pack Level

After Upgrades

  • Computer Name
  • IP Address
  • CPU
  • Memory
  • Hard Disk Free Space
  • Video Controller

Device Summary

  • Device Model
  • Manufacturer
  • Number of Computer with

Device Details

  • Computer Name
  • Device Model
  • Manufacturer

Discovered Applications

  • Application
  • Software Version
  • Number of Installed Copies
    The Word Document will also be a tremendous help… not because it contains more data than the spreadsheet, but because it explains it in terms than any CxO will understand, with charts and graphs and summaries, without having to review all of the raw data.  The document is written well enough to present proudly, and can be modified with your corporate logo and your name on it easily.

Conclusion

    The MAP Toolkit is a useful tool for collecting inventory data, as well as for analyzing upgrade readiness, without needing any costly management tools (although it works very well in conjunction with System Center 2012 R2).  Aside from saving you tremendous amounts of time in the collection of data, it also provides handy spreadsheets and documents so that you can use the data most efficiently.  I have long said that it is one of the best free products on the market, and I stand by that assessment.
    In this article we covered only a fraction of what the tool can do.  See what you can do with it for Server virtualization and more!

Windows 8.1 Bits (RTM)!

This is cut and pasted directly from the TechNet blog:

Based on the feedback from you and our partners, we’re pleased to announce that we will be making available our current Windows 8.1 and Windows 8.1 Pro RTM builds (as well as Windows Server 2012 R2 RTM builds) to the developer and IT professional communities via MSDN and TechNet subscriptions. The current Windows 8.1 Enterprise RTM build will be available through MSDN and TechNet for businesses later this month. For developers, we are also making available the Visual Studio 2013 Release Candidate, which you can download here. For more on building and testing apps for Windows 8.1, head on over to today’s blog post from Steve Guggenheimer.

BitLocker Recovery

Like all of you I never expect a day that starts with a call to IT Helpdesk to go well.  Fortunately this story has a happy ending.

This morning I got to my desk and discovered that my laptop corrupted somehow last night.  No problem – Windows 8 has some great self-healing tools built in, and it booted immediately to the Recovery procedure.

Problem. Microsoft IT has a policy that it will automatically enable BitLocker and encrypt all of the volumes on your corporate laptop.

of course I am a huge fan of BitLocker, and would have encrypted it myself given the chance.  Of course, had I done that it would have given me my recovery key, which I would have simply entered into the appropriate box and we would have been on our way.  I didn’t have that key.

Fortunately a call to the IT Help Desk (I had to look up the number – I fix the vast majority of my issues on my own!) connected me with Robert, who reassured me that the recovery key was stored in Active Directory.  He asked me a series of security questions to determine that I am indeed who I said I am (he did NOT ask me my mother’s maiden name or the name of my first pet thank you very much!) and then asked me one more question…

“I see that you have a Windows 8 Smartphone…I assume you can still access your email?”

Aha… one extra layer of security!  I love it.  He waited on the line as the email came through.  I entered the key (FAR too long for comfort, but again, great security) and after a few minutes Windows had healed itself.  I thanked Robert and rang off.

I always profess the value of a secure, well-managed IT infrastructure, and this experience reminded me that Microsoft does indeed ‘eat its own dog food.’  The security is built in, and the fact that help desk was able to help me so efficiently proved that it is well managed.

So how about yours?  You have all of the tools to implement these tools, so go do it :)

A Thumbs-Up for Windows 8

James Kendrick writes for ZDNet, and has been a tablet-fanatic for years.  So when I read his article lauding Windows 8 on the right hardware platform I was happy… I happen to like my Surface Pro, but it took the Lenovo ThinkPad Tablet 2 for James to truly see the value of Windows 8 on a tablet.  Check out his article here:

http://www.zdnet.com/epiphany-windows-8-is-a-very-good-tablet-os-7000019601/?s_cid=e539&ttag=e539

The Kobayashi Maru of Desktop Deployment

A couple of years ago I was asked to write an article on desktop deployment.  Back then Windows 7 was reasonably new, and there was a lot of chatter about the fact that you could not upgrade from a Windows XP machine directly to Windows 7.

Recently a lot of people have asked me about desktop deployment, what with Windows 8 becoming more widely accepted, and the end of support for Windows XP (#EndOfDaysXP) less than eight months away.  Although I am not doing a lot of deployment work these days, I reread this article that I wrote for the Springboard Series and decided it was still relevant.  I hope you like it!

The Kobayshi Maru of Desktop Deployment

Actual Reality: Desktop Virtualization Solutions from Microsoft

In July I presented my first webcast with BrightTalk.  They were putting together a series on virtualization, and asked if I would be able to speak about VDI and Desktop Virtualization strategies.  It was my pleasure!

The webcast is now available on-line.  I encourage you to download it, and let me know what you think!

Download the webcast here!

Vancouver Helping Calgary

The news is ablaze with stories of the terrible flooding in Calgary.  As I wrote in an article yesterday (Leaving Calgary…) I got out before the worst of it, but only barely.  The rivers are overflowing, entire neighborhoods are under water, and the news is not getting better.  At least two dead, and people are discovering that many of their insurance policies will not cover the damage.

On Saturday I spent the day with the Vancouver Technology Users Group (VANTug).  We spent the morning talking Windows 8 and Office 365, and then in the afternoon we discussed System Center 2012 and Microsoft’s Private Cloud solutions.  We had a great time at the Burnaby campus of BCIT.  I always love coming out to Vancouver, and today was no different.

And yet I couldn’t get Calgary out of my mind.  I know that a lot of people are scared, cold, wet, and hungry… and will have a very tough time rebuilding.  I am sure that when the IT Pros of Southern Alberta do get back into their offices they will have discussions around disaster recovery, business continuity, and minimizing loss.  Today, and through the middle of the week I expect most of them are with their families worrying about things much more important… their homes, their memories.

I showed up at BCIT with a Big Box o’ Swag full of prizes, and as is always the case at Install Fests I was asked early on if they were going to get licenses of Windows 8.  They were not… but as luck would have it I had one license in my laptop case that I had received at an event a few weeks ago that I did not really need, so I told them I would raffle off that license at the end of the day.

When the raffle time came some fifteen people won mice, keyboards, and Xbox controllers.  I then put all of the winning tickets back into the hat and was about to draw for the Windows 8 Pro license when I had a thought…

I had a one year subscription to Microsoft Office 365 Home Premium in my bag that I was supposed to give to a friend last week, but didn’t see them.  As I stood at the front of the room I asked the group leader (Peter) if they support charities, and he said that they did.  Normally they support the local children’s hospital, but for this I asked him to agree to support the Red Cross Alberta Floods Fund.  I told the group that I would draw for a winner of the Windows 8 license, and if the winner was willing to donate $50 to the fund (through VanTug) then he or she would also receive the subscription for Office 365.

The winner agreed and is now the proud owner of two great products… but should be even prouder to be helping a very important cause that is near and dear to my heart, and one that should be important for all Canadians.

I received a comment on my blog that same morning in response to an article I wrote about the relationship between Quebec and the rest of Canada.  He said that we have nothing in common across this great land (obviously not his words).  I disagree.  I think we share a heart and a love of our fellow man that transcends the political views of one side or another of any political debate, most of which seem petty in the face of disasters that befall regions and peoples from time to time.  I will respond to that comment in an article later this week, but in the meantime I hope my Quebec reader takes some food for thought from this one, and says a prayer or even donates a little to the people of Alberta… so distant, but so close to all of us.

Hey Vancouver, Eight is NOT Enough!

eightcastshotAre you coming to the Windows 8 Install Fest in Vancouver this week-end?  It was recently brought to my attention that a mailing went out letting people know that I will be discussing and demonstrating Windows To GO (WTG).  If you want to follow along, bring along an 8GB USB key.

I do not know where that came from, but at no point was I asked about this.  Windows To Go will not install on an 8GB key… nor will it install on any non-supported standard USB key.

For a list of supported (certified) keys, check out the article my colleague Anthony Bartolo wrote  in February by clicking here.

I hope to see you tomorrow morning!  If you are not registered yet, please do so here!

A Great Response Regarding OEM/Upgrade Media

Earlier this week I wrote a piece called “For when you want to let go… but can’t completely.’  I got a few interesting responses to it, but one really well thought out one from H. Mertens.  Here is his comment, and my responses to him. -M

A clarification over the OEM/Upgrade media issue:

A OEM installed OS (typical in most laptop purchases) by license can’t be installed on different hardware (some exceptions with regards to repairs). You will be required to change the Product Key for the VM instance away from the OEM SKU to for a product SKU that you (in addition) legally own. A MSDN or TechNet subscription can definitely come in handy in these circumstances, but note that these offerings also set restrictions regarding usage/purpose of the OS installation.

All of these are really good points.  In my article I neglected to address licensing at all.  If your OS license is OEM then you are not allowed to virtualize it… or rather, you can do it, but you have to make sure that you have a legitimate license to attach to the VM, and yes you will have to re-activate the installation.

Your reference to "Upgrade" media has similar considerations with regards to licensing, since it is permanently tied to the OS license/SKU/Product Key that it was used to upgrade(and it typically that is an OEM SKU).

When I refer to Upgrade Media you are right, it is permanently tied to the OS license that it was used to upgrade, but I do not agree with your statement that it would necessarily or even probably be OEM.

I confess, it has been a decade since I delved into these issues, but back then (which is on target because of our discussion of Windows XP) you were able to install Windows XP on top of Windows XP, and it would fix a lot of issues but your applications would still work.  The reason I referred to OEM media is because with OEM you could still install on top of, but it would clean you out – no applications, no user profile.  It wouldn’t delete them, it would just put them into a directory called Windows.old.

Notwithstanding these licensing caveats, OEM and vendor specific Upgrade media, as you mention, is, generally, very hardware specific and usually will not install successfully on "foreign" hardware.

Not only will most OEM and vendor-specific OEM software not install on most ‘foreign’ systems, it is a violation of the EULA to try to do it.  OEM software is married to the motherboard of the system with which it was purchased, and there is no acceptable ‘repurposing’ of that license… for any reason.  If the motherboard dies, when you replace it you must also buy another OEM license.

Off-the-shelf, "Full-Package-Product" (FPP), which can be use as "upgrade" media, is a SKU which can be moved (not copied) from device to device.

*** So the question arises: if you are migrating an image of OEM licensed OS away from failing hardware and onto, say, a virtualized system, would that be seen as an acceptable reuse of the OEM license? ***

OEM software may not be virtualized.  In the event of Windows Server and Hyper-V, there are exceptions to this.  However on the client-side there are no “acceptable reuse” scenarios.

Hint: Typically I upgrade my laptop’s OS with a MSDN/TechNet version since the OEM versions typically are "Home", limited feature set, SKU’s. To aid installing a new OS, I do usually copy over the "%windir%\System32\DriverStore\" of the active OEM installation onto a USB stick so as to resolve "unknown" device issues (use the scan folder option in updating these under device manager). Subsequent Windows Update may upgrade these, but it usually goes over easier once they are "known" devices requiring, perhaps, an upgrade.

Here is where your in-depth understanding of licenses falters my friend; MSDN/TechNet licenses are not to be used on production machines… period.  They are for test/dev only.  As such I am reasonably sure that by installing the OS from that source onto your laptop you are violating the EULA.  It is a very common misunderstanding that many people make, but in short MSDN and TechNet are not meant to be ways of getting all of your production software cheap, they are meant for you to use exclusively for testing purposes.

If you are a Microsoft Partner, then there are acceptable alternatives.  Certain MPN Partners (I don’t know which) are given a number of licenses of most Microsoft software that they can use in production.  If you are not at that level then you can invest in the Microsoft Action Pack Subscription, which entitles you to use the same licenses on (I think) ten computers… in production.

With regard to the DriverStore directory I confess that I generally follow the advice of an old acquaintance… The drivers installed at the source are likely already out of date, and it is usually just as easy to download the latest version from the manufacturer’s website.  Fortunately for me, Microsoft IT has an image for my laptop including the drivers, so it’s not a concern.  However you might want to take a few minutes to download them… and yes, making sure you have the networking drivers is a good idea before you wipe and re-load!