Game Over… Soon.

MSNMicrosoft announced this week that they are going to shut down the servers that support on-line games for Windows 7, XP, and ME.  These include:

  • Internet Backgammon (Windows XP, ME, 7)
  • Internet Checkers (Windows XP, ME, 7)
  • Internet Spades (Windows XP, ME, 7)
  • Internet Hearts (Windows XP, ME)
  • Internet Reversi (Windows XP, ME)
  • MSN Go (Windows 7)

I have read a number of articles on this pending closure (July 31, 2019 for Windows XP & Windows ME, January 22, 2020 for Windows 7) claim that this may not be sitting well with gamers who will lose their platforms.  To this I ask two questions:

  1. Is there anyone out there who cannot find a free Internet site on which to play these games; and
  2. Is this really a proper usage of the word ‘gamer’?

I understand that people who like having the game client on their system (as opposed to playing in a web browser) will be a bit put out… they may have to look slightly harder for an alternative.

Yes, I understand and hear your complaints… but to quote Q from Die Another Day (ably played by the amazing John Cleese): “Yes, but it’s called the future, so get used to it.”

I don’t know that I truly “mourned” the death of many of the applications that Microsoft has retired over the years… the closest was probably Live Writer (see article), which they actually released to the open-source community.  It has been years since I played Internet Backgammon (the only title listed that I was interested in).  I still play backgammon on-line occasionally, and have found many alternatives.  I suggest, if you are mourning this news, that you do the same.

Windows 7 End of Life and Extended Support

win7-logoWhen Microsoft released Windows 7 in October, 2009 the vast majority of users (both corporate and home) were still running Windows XP.  While they had released Windows Vista three years earlier, it was never widely accepted.  The improvements over the then six-year-old operating system were revolutionary, especially for the vast majority of users who eschewed Windows Vista.

Windows 8 came and went, and although Windows 8.1 was, to many, a great alternative to Windows 7, most people did not appreciate the changes that Microsoft made with the first modern operating system, and it too was not as widely adopted as some at Microsoft would have liked.  Windows 7 reigned supreme.

In 2015 Microsoft announced that Windows 10 would be the last desktop operating system they would release, adopting a Software as a Service (SaaS) model with minor improvements coming with the monthly patch cycle, and major improvements being released in a biannual release cycle, delivered via the same patch channels as the monthly updates.  This would be great for end-users, but corporations would still have to run the same application tests on these ‘milestone’ releases as they would have to do with any operating system update.  Let’s not fool ourselves… they may all be called Windows 10, but Microsoft is now effectively releasing a new operating system every six months.  Corporations understand this, and Windows 7 is still the operating system installed on at least forty percent of Windows endpoints.

It is easy for Microsoft to tell home and small-businesses that they will end support for Windows 7 on January 14, 2020 – they made that announcement years ago, and the date has not changed – but if a large number of those Windows 7 endpoints are corporate devices, they have to find a solution to keep the corporate customers happy.  Last week they announced what their solution will be.

Microsoft will now be releasing Windows 7 Extended Security Updates (ESU) for volume license customers only as a paid subscription effective January, 2020, and has committed to offering these for three years – through January, 2023.  These updates will be available for Windows Professional and Windows Enterprise, as a paid offering, increasing in price each year.  This is reminiscent of the model used with previous operating systems (such as Windows NT 4).  This ESU will be offered (and charged) per computer.  For customers who have invested large sums for Windows 7 solutions, this is important.  Despite the fact that Microsoft claims that 99% of Windows 7 applications are now compatible with Windows 10, that does not mean that companies are going to be ready to change over so fast.  Yes, they will, by the end of regular support, have had five years to upgrade; yes, by the time regular support ends Windows 7 will have been around for over a decade; neither of these facts change the reality that looking at the field today – some sixteen months before End Of Life (EOL) for Windows 7 – where forty percent of computers running Windows are still running that (by computer standards) ancient legacy OS.  You can say what you will about Microsoft, but they are a company that does not like to turn its back on its customers.

(By the way, Windows 8.1 Support will go through January, 2023)

Okay, so the corporate clients are covered, but what about home users?  Sorry to say it folks, but they are SOL – Something Out of Luck.  With the free upgrade offer a distance memory (officially… there are still ways to get it), Windows 7 Home users, as well as those using Windows 7 Pro without a volume license agreement, will no longer be supported.

What does that mean?  Unsupported operating systems may still run whatever software you need, but there will no longer be security updates.  It means that if (really when) a new vulnerability is discovered, unsupported operating systems will be vulnerable to hackers, along with everything that entails.  Simply put, your computer will not be safe.

In 2010 I started tweeting (nearly) every weekday how many days were left until #EndOfDaysXP.  I did it for nearly 1400 days.  Today I am launching a similar initiative, #EndOfDaysWin7.  The current count is 489 days.  That is how long you have to not only plan but also to implement your Windows 10 migration strategy.  If your company needs help, either with developing or evaluating your strategy, or to design and implement it, you should contact Cistel Technology Inc. to see how we can help.  Our Cistel Advanced Microsoft Team has the expertise and experience to help, and we will be glad to explain how.  Migration is not quick and easy, but we can help to make sure it is painless.  Reach out and ask us how!

Don’t be caught unsupported and unsecure.  Let Cistel help!

Deleting User Profiles

“How do I delete old users from a Windows 10 computer? I log in as an administrator, navigate to c:\Users\, and delete their tree.”

NO!  In fact, HELL NO!

There are several reasons why you might want to delete a user profile from a computer. ranging from termination of employment to reallocation of systems to… well, you get the picture.  There are a few of ways you can do it, but there are only a couple of ways of doing it right,

Recently I was working with a client who encountered a situation where a few of his domain users’ local profiles were corrupted on a corporate system.  I told him that the simplest way of fixing the issue was to delete the user profile, so that when the user next logged on, it would re-create the profile for them.  They called me back a few minutes later reporting that they were now receiving the following message when the affected users logged in:

We can’t sign in to your account.  This problem can often be fixed by signing out of your account then signing back in.  If you don’t sign out now, any files you create or changes you make will be lost.

Okay, that led me to believe they had simply deleted the c:\Users\%username% directory, and we had to clean up that mess in the registry (under “KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList”, delete any entries that have the .BAK extension).

Okay… now that we have learned how NOT to do it, here’s how you should do it:

1) Open Control Panel > System and Security > System in the affected machine.  The simplest way to do this in the more recent releases of Windows 10 is to click Run – sysdm.cpl.

3) In the Advanced tab of the System Properties window, in the User Profiles section, click Settings…


4) In the User Profiles window, click on the user you want to delete, and click Delete.


**NOTE: You will not be able to delete the account you are logged in as, nor the default Administrator account.

Of course, you will be asked if you are really really sure that you want to delete the account, and you can click Yes or No as you wish.

There are ways to do it in PowerShell… but they don’t seem to be very clear or very easy.  For this one time, I strongly suggest the GUI.

Offline File Cache Nightmares Resolved

Off-line files are a wonderful thing.  The fact that my users can synchronize the files from a central server (where they are backed up) to their laptop is great.  But what happens when things get out of hand?  In theory, users can save a lot more onto a file server than they can their local machine.  In practice, when the folder is set to synchronize in full to the local hard drive can cause headaches… like waking up one day and realizing that they have 0kb free on their C drive.

Okay, you go to the server and move the offending files to another location.  You log into the affected computer… and nothing doing, still zeroed out. 

The problem is that there is a folder called the Client Side Cache (or Offline Files Cache).  It is stored under the SystemRoot – i.e., it is (by default) c:\Windows\CSC.  Now, this folder can be moved, but it is not a simple process, and I will cover it in a later article.  The issue is that the CSC directory sits on the C Drive, and is completely secured against reasonable attempts to modify it manually… which is good, because trying to do so will cause some pretty serious issues.

So we have fixed the problem on the back-end, and now we have to fix it on the front-end, which means cleaning out the Client-Side Cache.  We can’t simply do this manually, we have to actually clean out the CSC database.  How do we do this:  Here you go:


The Windows Registry is not meant to be touched by anyone who does not have a very thorough understanding of how it works, and can cause serious and irrecoverable damage to your Windows installation if handled improperly.  I strongly recommend that you do not do this if you are not extremely comfortable with it.

1. Open the Registry Editor (regedit.msc)

2. Navigate to HKLM\System\CurrentControlSet\Services\Csc\Parameters

3. If there is no Parameters key under CSC then you have to create it. 

4. Under Parameters create a new DWord 32-bit value called FormatDatabase.


5. Set the value to FormatDatabase to 1.


6. Close the registry editor and reboot your computer.

Okay, that is the long way around, but it is also the ‘fewer chances for error’ way.  If you are not afraid of typos, you can do the following:

1. Open a command prompt with elevated privileges.

2. Type: reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Csc\Parameters /v FormatDatabase /t REG_DWORD /d 1 /f

(Where /v is the value, /t is the data type, /d is the data, and /f is force overwrite.)

3. Close the command prompt and reboot your computer.

Once your computer reboots you should be alright.  You shouldn’t even have to enter your Recycle Bin, the disk space should just be there Smile

Good luck, and remember to back it up before you hork it up!

Folder Redirection: Where’d these warnings come from?

Congratulations.  You have decided to implement a Folder Redirection policy on your domain.  There are real advantages to this, not the least of which is that all of your users’ profile folders will get backed up centrally… and that when they change computers their files and settings are just there.

You have created a Group Policy Object (GPO) in Active Directory that you have called Folder Redirection, and you have applied it to the Organizational Unit (OU) that your user account is in, and as is so often the case with Desktop Administrators, you have made yourself the guinea pig.  From Windows you run the command gpupdate /force, and are informed that in order for the Folder Redirection policy to be applied, you will have to log off and then log on again.  You do.

It must have worked!  Why do you I say that?  Because unlike most of the time, when logging on takes a few seconds, it took a full ten minutes this time.  As a seasoned Desktop Admin you understand that this is because all of the folders that you set to redirect – Documents, Pictures, Videos, Favorites, Downloads – are being copied to the server before you are actually allowed onto your desktop.  However a few minutes later, once you are logged on, you open Windows Explorer, and in the navigation pane you right-click on Documents, and see that the My Documents folder is no longer at c:\Users\Mitch, but at \\Sharename\Mitch.

Unfortunately there is one step that you are now saying to yourself ‘Mitch, you missed one thing!’ Because you know that when you clicked on Windows Explorer in the task bar, you got a warning message that looked like this:


As a seasoned IT Pro you know that security warnings are a way of life, and it wouldn’t bother you if you had to accept this every time… but you know your end users are going to go ape, so you need a solution.  No problem.

I should mention that while these steps will work for all versions of Windows since Windows Vista, the way you access the screens may be a little different.

1) Open Control Panel. Don’t be alarmed, you are going to get the same security warning when opening the CP.

2) In the Search window type Internet Options.  When it comes up, click on it.

3) In the Internet Properties window select the Security tab.

4) On the Security tab click on Local Intranet.  Then click on Sites.  Note that the Sites button will be greyed out until you select Local Intranet.

6) In the Local Intranet window click the Advanced button.

5) In the Local Intranet (Advanced) window type the location of your folder redirection share into the box marked Add this website to the zone:  Uncheck the box marked Require server verification (https://) for all sites in this zone.  Click Add.  Then click Close.

6) Close the Internet Properties window.

Now try opening Windows Explorer again.  It should open without the security warning.

If You’re Gonna Do IT Then Do IT Right…

Okay, so you know how to configure this setting for your individual desktop… but you don’t really want to have to go to every desktop/laptop/tablet in the organization and do this, do you?  Of course not, that is what Group Policy is for!

We are going to make one change to your Folder Redirection policy.

1) Open Group Policy Management Console.

2) Right-click on your Folder Redirection policy and click Edit…

3) Navigate to: User Configuration – Policies – Administrative Templates – Windows Components – Internet Explorer – Internet Control Panel – Security Page.

4) Right-click on Site to Zone Assignment List.

5) Enable the policy.

6) In the Options box click on Show…

7) In the Value name cell enter the UNC path of your file share.

8) In the Value cell next to the UNC path you just entered enter the value 1(Where 1=Intranet/Local Zone, 2=Trusted Sites, 3=Internet/Public Zone, and 4=Restricted Sites). Click OK then click OK in the Site to Zone Assignment List dialogue box.

9) Close Group Policy Management Editor.

That should be it… remember you will have to re-run your gpupdate /force on your machine, but even if you don’t it will apply in the next few logoffs, right?

**Thanks to Joseph Moody for the list of settings for the Zone Value list!

The Kobayashi Maru of Desktop Deployment

A couple of years ago I was asked to write an article on desktop deployment.  Back then Windows 7 was reasonably new, and there was a lot of chatter about the fact that you could not upgrade from a Windows XP machine directly to Windows 7.

Recently a lot of people have asked me about desktop deployment, what with Windows 8 becoming more widely accepted, and the end of support for Windows XP (#EndOfDaysXP) less than eight months away.  Although I am not doing a lot of deployment work these days, I reread this article that I wrote for the Springboard Series and decided it was still relevant.  I hope you like it!

The Kobayshi Maru of Desktop Deployment

Actual Reality: Desktop Virtualization Solutions from Microsoft

In July I presented my first webcast with BrightTalk.  They were putting together a series on virtualization, and asked if I would be able to speak about VDI and Desktop Virtualization strategies.  It was my pleasure!

The webcast is now available on-line.  I encourage you to download it, and let me know what you think!

Download the webcast here!

A Great Response Regarding OEM/Upgrade Media

Earlier this week I wrote a piece called “For when you want to let go… but can’t completely.’  I got a few interesting responses to it, but one really well thought out one from H. Mertens.  Here is his comment, and my responses to him. -M

A clarification over the OEM/Upgrade media issue:

A OEM installed OS (typical in most laptop purchases) by license can’t be installed on different hardware (some exceptions with regards to repairs). You will be required to change the Product Key for the VM instance away from the OEM SKU to for a product SKU that you (in addition) legally own. A MSDN or TechNet subscription can definitely come in handy in these circumstances, but note that these offerings also set restrictions regarding usage/purpose of the OS installation.

All of these are really good points.  In my article I neglected to address licensing at all.  If your OS license is OEM then you are not allowed to virtualize it… or rather, you can do it, but you have to make sure that you have a legitimate license to attach to the VM, and yes you will have to re-activate the installation.

Your reference to "Upgrade" media has similar considerations with regards to licensing, since it is permanently tied to the OS license/SKU/Product Key that it was used to upgrade(and it typically that is an OEM SKU).

When I refer to Upgrade Media you are right, it is permanently tied to the OS license that it was used to upgrade, but I do not agree with your statement that it would necessarily or even probably be OEM.

I confess, it has been a decade since I delved into these issues, but back then (which is on target because of our discussion of Windows XP) you were able to install Windows XP on top of Windows XP, and it would fix a lot of issues but your applications would still work.  The reason I referred to OEM media is because with OEM you could still install on top of, but it would clean you out – no applications, no user profile.  It wouldn’t delete them, it would just put them into a directory called Windows.old.

Notwithstanding these licensing caveats, OEM and vendor specific Upgrade media, as you mention, is, generally, very hardware specific and usually will not install successfully on "foreign" hardware.

Not only will most OEM and vendor-specific OEM software not install on most ‘foreign’ systems, it is a violation of the EULA to try to do it.  OEM software is married to the motherboard of the system with which it was purchased, and there is no acceptable ‘repurposing’ of that license… for any reason.  If the motherboard dies, when you replace it you must also buy another OEM license.

Off-the-shelf, "Full-Package-Product" (FPP), which can be use as "upgrade" media, is a SKU which can be moved (not copied) from device to device.

*** So the question arises: if you are migrating an image of OEM licensed OS away from failing hardware and onto, say, a virtualized system, would that be seen as an acceptable reuse of the OEM license? ***

OEM software may not be virtualized.  In the event of Windows Server and Hyper-V, there are exceptions to this.  However on the client-side there are no “acceptable reuse” scenarios.

Hint: Typically I upgrade my laptop’s OS with a MSDN/TechNet version since the OEM versions typically are "Home", limited feature set, SKU’s. To aid installing a new OS, I do usually copy over the "%windir%\System32\DriverStore\" of the active OEM installation onto a USB stick so as to resolve "unknown" device issues (use the scan folder option in updating these under device manager). Subsequent Windows Update may upgrade these, but it usually goes over easier once they are "known" devices requiring, perhaps, an upgrade.

Here is where your in-depth understanding of licenses falters my friend; MSDN/TechNet licenses are not to be used on production machines… period.  They are for test/dev only.  As such I am reasonably sure that by installing the OS from that source onto your laptop you are violating the EULA.  It is a very common misunderstanding that many people make, but in short MSDN and TechNet are not meant to be ways of getting all of your production software cheap, they are meant for you to use exclusively for testing purposes.

If you are a Microsoft Partner, then there are acceptable alternatives.  Certain MPN Partners (I don’t know which) are given a number of licenses of most Microsoft software that they can use in production.  If you are not at that level then you can invest in the Microsoft Action Pack Subscription, which entitles you to use the same licenses on (I think) ten computers… in production.

With regard to the DriverStore directory I confess that I generally follow the advice of an old acquaintance… The drivers installed at the source are likely already out of date, and it is usually just as easy to download the latest version from the manufacturer’s website.  Fortunately for me, Microsoft IT has an image for my laptop including the drivers, so it’s not a concern.  However you might want to take a few minutes to download them… and yes, making sure you have the networking drivers is a good idea before you wipe and re-load!

For when you want to let go, but can’t completely.

Mitch, I have been using my Windows 7 laptop for nearly three years.  It has all of my applications on it, and because of the custom dev work that I do a lot of what I have in there simply cannot be recreated – anywhere, let alone on another OS.  I want to upgrade my primary laptop to Windows 8, but cannot afford to lose my customizations and my environment.  What can I do?

I got this question from a peer last week and feel his pain; so many people have customized their desktop environment in ways that (they feel) is a stop-wall to upgrading – either in-place or on new hardware.  Fortunately Microsoft has some great tools that will help you out.

Hyper-V is now included in the Windows 8 desktop client.  You can capture your Windows 7 desktop image to a Virtual Hard Drive (VHD) and then create a new VM on your Windows 8 client and attach it.  But how can you capture that image?


Microsoft has a free set of tools called the Sysinternals Suite.  One of those tools is called Disk2vhd.  Download it to your Windows 7 machine and run it – it will transfer your entire hard drive (or drives) to VHD files.  It is agentless and does not require an install – just run it and you can immediately convert every attached volume.

This method will actually work with any supported version of Windows.  That is not to say that it will not work with Windows NT 3.51, but it is not supported and I certainly have not tested it.  So if you want to keep your Windows XP installation as a crutch (you have 307 days left remember!) you can use the same methodology with that OS too.

Of course, when you boot to the VM you may have some issues because the hardware set is completely different.  In newer operating systems you may have to download some of the drivers for it to work properly; for legacy (Windows XP and earlier) OSes you may have to do a full install-in-place; do this carefully because depending on your media your apps may or may not continue to work (do NOT try to use OEM or Upgrade media for this!).

For bonus points, if you have a full Windows Server 2012 system up and running you can create the VM as a VM on that host, and let your Windows 8 use all of its RAM.  However with the amount of RAM in computers these days, coupled with the incredible memory management and compression with Hyper-V, you should be okay.

Questions?  Feel free to ask… and have a great day!

The Benefits of Windows Intune

Last month I had the opportunity to sit down with Robert Crane, the host of the Need to Know Podcast, about Windows Intune.  These podcasts are great for keeping IT professionals up to date on technologies that they may not know a great deal about, and Windows Intune is certainly one of those.  Dubbed by some as System Center in the Cloud, it is a cloud-based management tool for client devices from desktops and laptops to tablets and phones. 

Listen in to hear all about Windows Intune, and how it can help you to make money for your business!


Converting an SD Card to Permanent Storage in Windows Devices

So as you know I was all excited to buy the very first Microsoft Surface Pro.  I bought the 128 GB model because I knew that despite the fact that I have all sorts of external hard drives I was even likely to ax out 128 GB pretty quick.  Fortunately between Cloud-based storage (SkyDrive for my personal stuff, SkyDrive Pro for my business files) and the ability to add a micro-SD card I would be fine.

I arrived at my hotel in Redmond and the package from my seller was there; I excitedly ripped it open and inserted the 64 GB card into the Surface Pro, reformatted it with NTFS, and installed the SkyDrive Desktop Client on Windows 8 (which allows me to synchronize my SkyDrive files onto my device’s hard drive or, in this case, its SD card.

imageWow… ‘Your SkyDrive folder cannot be created in the location you selected.’ This was really disappointing, because that was exactly what I wanted to use my SD Card for… along with my Document, Picture, and Music Libraries.  I will be honest, it never occurred to me that I could not map these to external drives, although it does make sense.  However I was planning on making this SD Card a permanent drive in my Surface Pro, so I needed to find a way to do it.

\I did a little research and discovered that indeed there was a way… or rather a workaround that would work perfectly.  Here’s what I did:

1) I created a directory on my C Drive called c:\SD Card.

2) I opened Disk Manager in Windows – you can either do that by right-clicking on the bottom-left corner of your screen and selecting Disk Management. If you are on a tablet and have no mouse, you could alternately pull up that menu by clicking Winkey-X.

3) Right-click on your SD Card and click Change Drive Letter and Paths…

4) Click Add…

5) In the Add a new drive letter or path for X: (Where X is the drive letter represented by your SD Card) select the radio Mount in the following empty NTFS folder:

6) Click Browse…and navigate to the directory that you created.  Click OK.

You should now be ready to proceed.  To be sure, right-click on your SD card again and click Change Drive Letter and Paths… Your window should look like this:


The SD Card has both a drive letter and the mount point on the C drive.  If this is what you see then you are ready to proceed.  Cancel out of this window and close the Disk Management console.

I started the SkyDrive desktop app again and instead of mapping my SkyDrive folder to D: I mapped it to C:\SD Card\.


That looked a lot better.  I was able to proceed and my SkyDrive files are now synchronizing properly.

imageNow that my SkyDrive was done I decided to go the next step and map some of my Libraries to the SD Card as well.  This was easy at this point… I simply opened the File Explorer and created a new directory on the SD Card called d:\Pictures. I then right-clicked on the Pictures library that I wanted to redirect (in the Navigation Pane) and clicked Properties.  I clicked Add… and in the Browse window I selected the new directory (c:\SD Card) and clicked Include.  Back in the Properties box I clicked Set save location.  I also dragged it to the top of the list.  So now my Properties window looks like this:

Notice that the Pictures (C:\SD Card) is at the top of the list, and has a check mark next to it.  That means that when I start saving pictures (or decide to import them from another profile) they will go onto the SD card and not onto the internal drive.

All of these steps will work for tablets but also for hybrids, laptops, and even desktops.  It is a simple mechanism to convert external storage to internal storage.  The mount point on the C drive is used as a hard link to the SD card, and nothing stored in that directory is actually on the C drive… it just looks that way to ‘fool’ Windows into doing what you want to do.

Good luck!

What’s this new Cert? MCSA: Windows 7!

This post was originally written for the Canadian IT Pro Connection blog, and can be seen there at

In April of this year Microsoft Learning announced its new generation of certifications.  Many of us who had previously earned certain MCITP (Microsoft Certified IT Professional) credentials were automatically ported into a new certification category, the MCSA (Microsoft Certified Solutions Associate).  Depending on the MCITP you had earned, you would get a different MCSA.

There are two senior certifications for the Windows 7 desktop:

  • MCITP: Enterprise Desktop Administrator
  • MCITP: Enterprise Desktop Support Technician

If you have earned either of these certifications then you already have received (or will shortly) an e-mail from Microsoft Learning informing you that you will soon be awarded the new MCSA: Windows 7.  Congratulations!

Now, the benefit to this is that when it comes time to earning your MCSA: Windows 8 you will only have to take a single upgrade exam (70-689).

If you would like to learn more about the MCSA: Windows 7 and MCSA: Windows 8 certifications, visit the Microsoft Learning page here.

I have long been a huge advocate of certifications; I have worked on many of the exams and courses, and have worked hard to earn the ones that I hold – not because I need them in order to teach the associated classes (although that was once a consideration), but because I strongly believe that certifications are proof that you have the respect for your profession to not only learn the right way to do things, but to sit down and prove it.

In 2012 Microsoft Canada held a series of virtual study groups for Hyper-V.  Across the country dozens of people studied together in groups, and dozens of them took (and passed) exam 70-659, earning them the MCTS: Windows Server 2008, Server Virtualization credential.  With the launch of the new products and certifications I hope that we will bring these study groups back… as a benefit to the user groups, and as a way to get more people certified.  Watch this space for more information, and if you are interested in a particular cert let us know and we’ll see what we can do to help you out!

Managing Your SMB-IT Without Server

A set of clouds

You have a small business.  You have been running Windows Small Business Server 2003 for six years, and you know that it is time to retire it.  The question is, what should replace it?

Before you make any definitive decisions, why not review what you need your server to do:

  • File Server
  • Mail Server
  • Internet Portal
  • Centralized Management

For the past several years you have paid a consultant to manage the server and your client PCs, and have primarily called him in for break-fix issues.  Maybe you were industrious and decided to learn the basics of IT so you could do a lot of the maintenance yourself.  You might even be a small-business IT consultant who has been managing and maintaining SBS environments for your clients.

You have heard so much about the cloud that you are in a bit of a fog… you know that people are talking about cloud-services, but haven’t quite figured out how they can work for you… to save you money, to earn you money.

Replacing the Server

For most small businesses I still recommend a centralized server; Active Directory is still the best mechanism you will find for centralized user management, and Group Policy allows you to lock down your environment.

With that being said, many of the functionalities offered in Microsoft Small Business Server are now available as part of two cloud-services offerings from Microsoft.  Microsoft Office 365 offers all of the functionality listed above (File Server, Mail Server, Internet Portal) and much more.  It is actually all of the following products in the cloud:

Office 365 allows you to have the functionality of all of these tools… without having to purchase or maintain them.  It also means that you will always have the latest versions of all of these… without having to upgrade.  ‘Your servers’ will be maintained by the Microsoft IT team, without your having to pay them hundreds of dollars per hour.  If any of your services go down (and admittedly they do occasionally) you can rest assured that before you even discover the outage the people who know the products best will already be well on their way to fixing the issues.

Managing the Desktop

Between the operating system and the applications, there is a lot of work that goes into the proper maintenance of your PCs.  That includes anti-malware, patch management, policies, and more.  Additionally being able to generate and view reports is a huge benefit – as I always say If you cannot measure it, you cannot manage it!

So Before we get into application side of things,  let’s discuss the benefits of the second cloud-services offering, Windows InTune.  InTune installs as a simple agent on your Windows PC, and the list of benefits is amazing:

  • Upgrade rights to Windows 7 Enterprise
  • Windows InTune Endpoint Protection (centralized anti-malware solution)
  • Centralized Patch Management
  • Policy Deployment
  • Application Deployment
  • Device Reporting
  • Alerts
  • License Management

When you subscribe to Windows InTune (per-PC subscription) you get the right to upgrade your legacy Windows client (Professional/Business/Enterprise SKUs) to Windows 7 Enterprise.  Right there you have the basis for the common operating system required to simplify management.

Windows 7 Enterprise Edition includes two features that Business Edition does not:

  1. Multiple language support; and
  2. BitLocker drive encryption technology

With the preponderance of mobile computing these days, as well as organizations doing business around the world, there is no question that Windows 7 Enterprise is an easier feature-by-feature sell than the lower-priced options, but that lower price seems to be a deciding factor so often.  With the Use Rights in Windows InTune you don’t have to settle.

Once the Windows InTune agent is deployed on a PC it will start populating the individual computer’s information to the InTune system, and you will be able to get a better idea of what you have.  On the Devices screen you will be able to see:

Computer Name Total Disk Space CPU Speed
Chassis Type Used Disk Space Last User to Log On
Manufacturer & Model Free Disk Space Serial Number
Operating System Physical Memory Last Hardware Status

imageIncluded in the Windows InTune installation is the Windows Intune Endpoint Protection engine, which will protect your PCs from malware.  It uses the built-in patch management system to keep the definitions up to date, and offers real-time protection, as well as centralized reporting and e-mail alerts to the Help Desk / Support Team / IT Guy when a computer is infected.

InTune 2.0 added the ability to centrally deploy applications to client PCs.  InTune 3.0 adds an extra to this – the ability for end-users to install published applications on-demand.  The new Company Portal allows users to help themselves on-line, before eventually ‘escalating the call’ to you.

Users can also deploy their own client from the portal, assuming they have the proper credentials.  This allows them to download a client using their corporate credentials, rather than you having to send them the file (along with the ACCOUNTCERT file) which would allow anyone (in theory) to install on any device that would automatically be managed by… you.

By far the most common application suite found on desktops in the workplace is Microsoft Office.  The most common complaint I hear about Office is the cost (followed by the difficult to understand SKUs).  Of course, with Office in the name it is no wonder that it is part of Office 365.

Of course there are several different SKUs to Office 365, and each one has different offerings.  The small business SKU (P1) costs $6/month, and does not include the installable suite.  However it does include Office Web Apps, which means you can create and edit Word documents, Excel spreadsheets, PowerPoint presentations, and of course use OneNote… all within your web browser.  This is great if you work on multiple systems, or if you are ever remote and need to work on a document.  The convenience loses its thrill when you realize you cannot work if you don’t have an Internet connection.

The E1, E2, and E3 SKUs do come with the client software, so if that is a requirement then those SKUs (which cost quite a bit more) are probably better for you.

Why you should consider maintaining a server on-site

Our mail server is gone… so are our SharePoint and File Servers.  Why then would I still recommend a small server in a small business environment? There are several reasons.

  1. Active Directory.  As I mentioned earlier in the article, AD is a great way to centralize security and credentials.  Additionally there are plenty of hooks from Active Directory into Office 365 (which can be covered in a later article).
  2. Deployment Server.  Microsoft Deployment Toolkit 2012 is the perfect companion to your new Windows 7 Enterprise licenses.  In under an hour you can create a deployment point that will deploy Windows and all of your applications (including the Lync Client and the Windows InTune agent) in fifteen minutes (or less).  It is by far the easiest way to deploy Windows to your desktops, laptops, and even tablets!
  3. Hyper-V.  Although many of our applications will be installed directly onto the laptop, many companies still have server-based applications that require an application server.  Hyper-V is the best way to create those servers on-site, for a plethora of reasons that have been outlined ad nauseum previously at, and countless other sites.  Of course, your virtualized application servers can run any version of the Windows Server operating system, but they can also run any supported client OS, as well as several iterations of Linux (supported and enlightened) and any other x86-based OS (neither supported nor enlightened).
  4. Group Policy.  Although Windows InTune v3 has much better policy support than its predecessors, there is no denying that Group Policy is the best way to granularly control, configure, and secure your client and server environments.  Whether you want to enforce secure passwords, BitLocker, or simply set a centralized screen saver and desktop wallpaper, the best way to do it is by creating a GPO in Active Directory.

As you see the combination of cloud-based services from Microsoft and an on-line Windows Server are the best way to manage your entire SMB IT infrastructure, but even if you are not going to maintain an on-premise server the cloud-based services can manage most of the needs of most SMBs.

By the way, there is one more advantage to these solutions… you will always have the latest and greatest.  Right now the Windows InTune subscription comes with use rights for Windows 7 Enterprise.  When Windows 8 is released, you will automatically have access to that platform.  Office 365 comes with Office 2010… but when the next version is released you will have that version right away too!

Interested in hearing more?  Drop me a line and we’ll talk… or you can check out and to download 30-day trials of each!

Mac vs. PC… Does my sister have a point?

Image representing Apple as depicted in CrunchBase
Image via CrunchBase

It was the end of the week, my class was winding down, and my friend Peter Wolchak was baiting me into another ‘PC versus Mac’ debate on Facebook.  All in all, nothing all that unusual about it… until one of the most unexpected things happened.  My sister chimed in on the Mac side.

Oh brother of mine, who I do love dearly, Mitch Garvis, shall I remind you that I can get an extra 2-3 years out of my macs for every PC I replace for Ron or work or Mom? More expensive? I don’t think so…

Jennifer has been a Mac person for as long as I can remember… and while she and I do not subscribe to the same school of thought I do respect her right to that opinion.  However to hear her chime in on the side of ‘Macs are less expensive than PCs’ surprised me… I thought she was smarter than that!

Of course, she does make an interesting point.  Mac users do seem to keep their Macs longer than PC users keep their PCs.  I started to think about some of the reasons for that.

Here is a list I came up with.  I would love to hear your thoughts on this but remember: ‘Because they are better’ is not a legitimate argument.  I want to know why you think they are better!

  1. First and foremost let’s be honest: Apple makes a great machine.  I would be lying if I said otherwise.  Is their hardware better than all PCs? No.  Is it better than the vast majority? Yes! PC makers have to step up to the plate if they are going to compete, and models like the HP Envy and the Samsung Slate 7 are incredible, but they are a small minority in the field.
  2. Apply OS X requires less maintenance than Windows does, but with the majority of PCs (or close to them) still running Windows XP and Windows Vista, there is no doubt that OS X is easier.  Windows 8 will be even easier than Windows 7, but the legacy OSes… yeah, they were tougher.
  3. Apple wants people to fall in love with their macs (and iPads, and iPods, and iPhones…).  Microsoft and PC makers want you to use theirs.
  4. Apple controls the gamut, from the OS to the hardware and, in the case of iDevices, the applications as well.  There are fewer cooks in the kitchen as it were – fewer sets of hardware enabling drivers to worry about.  Microsoft (until the Surface devices come out) work on a different model, and anyone can make a compatible device, then program the drivers badly.  Hence they are quicker to crash, no doubt.  Does this mean that Macs don’t crash? HELL NO.  They just, as the great video by Hunter Cressall (sp?) states, they just Crash Different.
  5. You get what you pay for, even in the PC world.  You can buy a cheap, consumer-grade PC laptop for $399 (or less).  They will probably not last as long as the higher-end consumer or corporate ones.  My mother’s HP Pavillion is very nice, but it is indeed her third PC in five years (For the record her previous laptops worked just fine, she just wanted new PCs).  While I do go through a new higher-end laptops every few months, I also have many of the older ones – dating back to the Dell XPS M1530 which I got in 2007, and despite some physical issues (cracked case, etc…) that are easily fixed is still going strong.  Frankly I wish I still had my Acer Ferrari laptop which I got in 2005, and I am sure would still be working perfectly today!  All of this to say that if you buy a Mac for $1300 versus a PC for $500 you can replace the PC halfway through the life of the Mac, and still get a better ROI.  When you buy a pricier laptop (my HP Envy (base model without all of the fancy upgrades) would have cost the same as the Mac, and would last just as long.

I have gotten off track a little, but I do not want to sound defensive.  I am glad though that PC makers are starting to make ‘sexier’ machines.  The two that stand out in my mind are the Samsung Series 7 (I got to play with the newest model in Redmond last month and it was SWEET… slimmer than a MacBook Air and less expensive) and the Dell XPS 13 (which I have seen but not played with).  I have it on good authority that PC makers will be releasing a truly new line of laptops when Windows 8 releases, unlike the unimpressive refresh from the Windows 7 launch.

Also Microsoft has put the PC makers on notice with the announcement of the Microsoft Surface Tablets.  As a lot of writers and bloggers have pointed out, Microsoft is telling OEMs ‘Hey, if you want us to compete with Apple then you have to wow them… and THIS is how you do it!’  These next-generation tablets will have something going for them that the iPad and MacBook do not: they will run the same operating system and same applications on the tablet as they do on the desktop and laptop.  Hopefully the PC makers like HP, Dell, Lenovo, and the rest will take their cue and step up to the plate, just like Samsung did recently with the Slate Series 9.

I want to hear your thoughts though… do you prefer Mac or PC, and why? Let me know in the comments section, and I will give out prizes for insightful answers.  Yes, I will even try to dig up a couple of Mac prizes!

Creating a Multi-OS Environment with Boot from VHD

Computers that contain this sticker met the re...

I spend a lot of time demonstrating different technologies for different audiences.  Because of that I often need to use different operating systems and rather than take along several machines (which I often have to do anyways, but for other reasons) I have taken to configuring my laptop (currently an HP EliteBook 2740p) in a multi-book configuration.  When I boot up I get a menu asking me which OS instance I want to boot, and I am off to the races!

Of course, this is easier said then done when some of the operating systems that I use and present change as often as they do – either because of things that I do (domain join, virtualization demos) or new versions (as is the case with the current Windows 8 and Windows Server 2012).  This problem is easily solved using the Boot from VHD (virtual hard disk) functionality in Windows 7 (and later).

Step 1: Preparing your host system

Although this is not strictly necessary, I like to partition my physical hard drive and place the VHDs on a separate partition from the operating system that is installed on the physical disk.  This is partially a legacy practice from when I would install all of my operating systems for the multi-boot scenario on the disk itself.  My current configuration has three partitions, one whose sole purpose is storing the OS VHDs.  However thinking about it logically, there is no good reason I can think of why you can’t simply store the VHDs on the C drive.

You need to have the source media for the operating system you plan to install, as well as the imagex.exe file, which is a component of the Windows Automated Installation Kit.  You can download this from, but make sure you download the version appropriate for the operating system and architecture on which you are installing it.

Because I often work with multiple images, I create a directory on my system called d:\VHDs, and in that folder I create a sub-folder for each image file.  So I may have the following directories:

  • d:\VHDs\Windows8RP
  • d:\VHDs\Windows2K8R2
  • d:\VHDs\Windows2012RC
      I prepare the media by copying the


      program into the


      folder, and then from the media of each OS I copy the


      file from the


      directory into the appropriate subdirectory.  The


    files are the actual image files of the operating system, and have been standardized since Server 2008 (and Vista).

Step 2: Creating a VHD

There are a couple of ways you can create VHD files within Windows.  I prefer to use the Disk Partition Tool (diskpart.exe) but if you want you can also use the Disk Management Tool within the GUI.

  1. In the Start Menu type cmd.exe and press <Enter>.
  2. In the command prompt window type diskpart.exe.  You should be prompted with a User Account Control window asking for confirmation. (If you are not an administrator you will be asked for credentials)  Click Yes.
  3. (Determine where you will store your virtual disk, and what you will name it.  for this example I will call it d:\VHDs\Svr2K8r2.vhd) Type create vdisk file=”d:\VHDs\Svr2K8r2.vhd” maximum=20480.  This will create a 20GB VHD file.
  4. Type select vdisk file=”d:\VHDs\Svr2K8r2.vhd”
  5. Type attach vdisk
  6. Type list disk.  You should now see a new 20GB disk (the line should have an asterix at the beginning).
  7. Type exit to quit the Disk Partition Tool.


    I created a 20GB VHD file, but you can size this to your needs.  Remember, you may also be installing applications, data, and other tools into your VHD file.  However size it to your needs and storage limitations.  The minimum should be no less than 9 for Windows 7, 10 for Windows Server 2008 R2.

Step 3: Apply the image to the VHD file

Now that our VHD file is attached to the computer, it is visible in Disk Manager.  Load that up (right-click on Computer, click Manage, and in the navigation pane click Disk Management) and initialize the disk, and then create a simple volume.  Take note of the drive letter that is assigned to it.  For the sake of the later step, let’s say the letter F: was assigned.

We can now apply the image using the ImageX tool.

  1. In the command prompt navigate to the d:\VHDs folder.
  2. Because .wim files can contain multiple builds of an OS (such as Windows 7 Ultimate, Professional, and Home Premium) we have to determine which one we will deploy by specifying the index that corresponds to the proper edition.  Use the following command to check the Index value of the operating system you want to build: imagex /info d:\vhds\Windows2k8R2\install.wim.  This will display all of the editions within the .wim file.  If you have a .wim file containing several builds you may want to add the switch |more onto the end so that it will allow you to scroll.
  3. In this case I want to build a VHD with Windows Server 2008 R2 Datacenter Edition (Full install), which might be Index 4.  I will type the following command: imagex /apply d:\VHDs\Windows2k8r2\install.wim 4 F:\ (Here the source media file is d:\vhds\Windows2k8r2\install.wim, and the drive letter assigned to the VHD is F:).

Step 3 will take a few minutes, but when it is done you can list the files and see that it resembles a bootable Windows 2008 R2 hard drive.  The problem is that most hardware will not recognize a VHD file as a boot device, so we need to edit the boot configuration data file, or BCD. 

Step 4: Editing your Boot Configuration Devices (BCD) file

Although this can be done from the command line (using bcdedit.exe) it is a bit of a pain.  there is a free (for personal use only) GUI tool called EasyBCD 2.1.2 which can do it for you. 

  1. Download BCDEdit 2.1.2 from  Install the program and run it.
  2. Accept the EULA.  Please note that if you are using this for your work then you must buy the paid version.
  3. From the menu on the left select Add New Entry
  4. In the lower half of the window there is the option to add a Portable/External Media entry to the BCD list.  Ensure that Microsoft VHD is selected in the Type box.
  5. In the name box type the name that you want to appear in the boot menu (such as Microsoft Windows Server 2008 R2 Datacenter Edition (VHD).
  6. In the path box browse to the location of your VHD file (d:\VHDs\Svr2k8r2.vhd).
  7. Click Add Entry.

You are done!  All ready to go.

For Bonus Points!

  • Within EasyBCD you can click on the Edit Boot Menu option on the left, and choose which OS you want to be your default, and your timeout delay… but you have done it!  You are ready to restart into either operating system!
  • If you want to be able to revert your VHD configuration to this moment all you have to do is copy the VHD file to an alternate location.  If you ever hork things up all you have to do is copy over the original and poof, you are clean!
  • If you want to get fancy you can add several bootable VHDs to this menu… just follow the same steps!

That’s it.  The multi-boot option gets fancier in Windows 8, and I will cover that in a later article.  For now, as you know I always look forward to your comments and thoughts, and who knows… I might even give away the occasional prize for a good comment!