Subscribe: this.Pose() as Expert - Vista
http://chrison.net/SyndicationService.asmx/GetRssCategory?categoryName=Vista
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
application  code  component  elevated  elevation  managed code  managed  start  uac  user  vista  windows vista  windows 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: this.Pose() as Expert - Vista

this.Pose() as Expert - Vista





Last Build Date: Wed, 30 Jul 2008 14:55:11 GMT

Copyright: Christoph Wille
 



Mid-2008 and x64 is Still a Dead End

Wed, 30 Jul 2008 14:55:11 GMT

I am currently working on a Compact Framework project, and started development on a different machine - where I successfully used the Cellular Emulator of the Windows Mobile SDK. Today, on the other machine (the laptop), it didn't start but present me with the following error message:

(image)

After some searching (on the G-word search engine), I came across this post:

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=3538593&SiteID=1

Sure enough I am using Vista x64, heck, we are living in 2008 with multicore CPUs and 4GB+ of RAM!

And here is the Catch 22: when moving development to a Virtual PC image, you don't get USB ports which you need for connecting to a real device...

(image)



Unknown Device Installed & Ready to Use

Thu, 19 Jul 2007 09:33:56 GMT

(image)

This is the most ridiculous message I have received so far on Vista.

(image)



Sony Ericsson Must be Kidding Me

Thu, 28 Jun 2007 08:34:29 GMT

"The Sony Ericsson Update Service for Windows Vista™ will be available for download on www.sonyericsson.com/updateservice in September." You ain't serious, right? This is more than annoying simply because I don't have a single computer with XP any more - not that SE software ever worked on XP either.

(image)



MS Sample for Starting Elevated Processes (UAC)

Mon, 04 Jun 2007 08:34:52 GMT

Microsoft released a UAC demo. It is just basic process elevation (read: save the time by not downloading it), which I described in more detail (with more reuseability) in UAC Elevation in Managed Code: Starting Elevated Processes.

(image)



Telnet in Vista

Thu, 10 May 2007 08:46:01 GMT

Just tried to do the usual "telnet myserver port#" to see if a service is actually listening, but Vista came up with a search window. The command line told me that there is no such tool as telnet. Wtf? Solution: Vista Tip: Get Telnet Back

(image)

(image)



Windows Vista Application Development Requirements for User Account Control Compatibility

Wed, 21 Feb 2007 08:48:17 GMT

This is v2 of the Vista UAC development requirements document. From the TOC:

  • Why User Account Control?
  • How UAC Works
  • Will UAC Affect Your Application?
  • Designing Applications for Windows Vista
  • Deploying and Patching Applications for Standard Users
  • Troubleshooting Common Issues
  • References
(image)



What is Vista Trying to Tell Me?

Fri, 16 Feb 2007 18:51:04 GMT

(image) (image)



UAC Elevation in Managed Code: Guidance for Implementing COM Elevation

Fri, 16 Feb 2007 07:02:29 GMT

In my last blog entry UAC Elevation in Managed Code: A .NET COM Component Elevated I showed how to get up and running with an all-managed code solution for UAC and COM elevation. Today I want close out my series on UAC with some information on how to properly organize the project plus present a library you can reuse to get up and running quickly - without many of the manual and tedious steps from the previous proof of concept example. Speaking of the previous sample: it is still the basis for this best practice, so the following directory layout will look familiar to you: Before diving into code, I want to start out with the SampleSetup directory, which contains the executables. As you can guess, the starting point is Step1Register. It contains register.bat, which you have to execute: Note that on machines without the .NET Framework SDK, there is no gacutil.exe. In that case, you have to drag & drop ManagedElevator.dll to c:\windows\assembly. And in case you have been wondering from this screenshot, yes, the application now also plays nicely on Windows XP: Of course, there is no consent UI popping up, nor is there a shield icon like there is on Windows Vista: The magic for this cross-platform functionality is hidden in the UACHelper project - which brings us to the source section of this blog post: All the necessary COM elevation magic is now moved to this neat little library - including the adapted UAC bits of VistaBridgeLibrary (no longer necessary). The names already give away the purpose of each class and where they are used: COMRegistration Used by the elevated component to automatically register the necessary registry keys. ShieldButton Used by the client to display a button with a shield icon (on Vista). For XP, no shield is rendered. COMElevation Starts the requested component with admin privileges. ElevatedProcess If you want to start a simple process elevated. Not used in this guidance. The first customer of this library is the elevated component, so we start discussing this guy next: At first glance, this is similar to the previous POC implementation. The main difference now is that I have broken down the functionality by feature area into namespaces: The "main" namespace The .Components namespace The .Guids namespace The .InterOp namespace Let's look at these one by one. The "main" namespace Here, we have one class only: class RegisterFunctions {   [ComRegisterFunction]   public static void CustomRegister(Type t)   {     COMRegistration.RegisterForElevation(Assembly.GetExecutingAssembly().Location,        SampleComponent.ClassToElevate,        Global.AppId,        100);     // add additional "for elevation" components here by duplicating the above   }   [ComUnregisterFunction]   public static void CustomUnregister(Type t)   {     COMRegistration.UnRegisterFromElevation(Assembly.GetExecutingAssembly().Location,         Global.AppId);   } } It is called when the assembly is regasm'ed, and it is here where you call into COMRegistration.RegisterForElevation to add all the necessary registry keys for elevation: public static void RegisterForElevation(string assemblyLocation,     string classToElevate,     string appId,     int localizedStringId) {  if (!UACHelperFunctions.IsUACEnabledOS()) return;  // [HKEY_CLASSES_ROOT\CLSID\{71E050A7-AF7F-42dd-BE00-BF955DDD13D4}]  // "AppID"="{75AB90B0-8B9C-45c9-AC55-C53A9D718E1A}"  // "LocalizedString"="@E:\\Daten\\Firma\\Konferenzen und Talks\\..."  RegistryKey classKey = Registry.ClassesRoot.OpenSubKey(@"CLSID\{" + cla[...]



UAC Elevation in Managed Code: A .NET COM Component Elevated

Mon, 05 Feb 2007 21:41:46 GMT

I admit it: UAC Elevation in Managed Code: "Talking" to an Elevated Process via WCF is a kludge. The reason why I dabbled with this approach at all is that I failed to implement COM elevation with managed code (not elevating a COM component, but the COM component itself). However, at long last, I succeeded in that respect too: I now present you the all-managed code solution to UAC elevation! Once again I built myself a small demo frontend application: As you can guess, the first button does plain vanilla COM InterOp without any UAC elevation. Thus its code is rather simple: private void simpleCallButton_Click(object sender, EventArgs e) {   Type t = Type.GetTypeFromCLSID(new Guid("71E050A7-AF7F-42dd-BE00-BF955DDD13D4"));   object o = Activator.CreateInstance(t);   t.InvokeMember("SayHello", BindingFlags.InvokeMethod, null, o, null); } Why this reflection magic? Well, the COM component I am calling here is implemented in .NET - and both VS as well as tlbimp balk at reimporting the exported type library. The COM component in question has been regasm'ed & gacutil'ed (ManagedElevator project in the download). Although the name implies that I am after elevation, it is pretty much a standard COM component written using C#: public class TheGuids {   public const string IHelloWorld = "B8CD5C09-9ACD-49b0-BF6F-C7B0F29795F9";   public const string ClassToElevate = "71E050A7-AF7F-42dd-BE00-BF955DDD13D4";   public const string AppId = "75AB90B0-8B9C-45c9-AC55-C53A9D718E1A"; } [Guid(TheGuids.IHelloWorld)] [InterfaceType(ComInterfaceType.InterfaceIsDual)] public interface IHelloWorld {   [ComVisible(true)]   void SayHello(); } [Guid(TheGuids.ClassToElevate)] [ClassInterface(ClassInterfaceType.None)] public class ClassToElevate : IHelloWorld {  public ClassToElevate()  {  }  [ComVisible(true)]  public void SayHello()  {   MessageBox.Show("Hello World");  } } So how do you go from "standard" "plain-vanilla" COM component to COM elevation? The part that stumped me for so long was the ClassInterface attribute - if you forget this guy, you'll end up with an InvalidCastException thrown by UACManager.LaunchElevatedCOMObject. But that's not quite all to get up and running with COM elevation: in addition, you need to modify the default registration for this component - specifically, you need to configure the DllSurrogate. This is where the AppId GUID comes into play: it isn't used in code (kept there for documentation purposes only), but in registryadditions.reg. It binds the various registry keys. And speaking of this .reg file, please take note of the LocalizedString value: it contains the text for the UAC prompt (also check out UACPrompts.rc, resource.h, compilerc.bat as well as the properties of the ManagedElevator project where the compiled .res file is referenced). Note Before importing the .reg file into the registry make sure to fix the file path contained in LocalizedString! And if you create your own elevated COM component DO NOT reuse any of my three GUIDs - use guidgen.exe to create your personal ones. From there, UAC elevation is smooth sailing. The Reflection version of COM elevation looks very similar to non-elevated calls: private void managedElevation_Click(object sender, EventArgs e) {   // CLSID   Guid classId = new Guid("71E050A7-AF7F-42dd-BE00-BF955DDD13D4");   // Interface ID   Guid interfaceId = new Guid("B8CD5C09-9ACD-49b0-BF6F-C7B0F29795F9");   object o = UACManager.LaunchElevatedCOMObject(classId, interfaceId);   Type t = o.GetType();   t.InvokeMember("SayHello", BindingFlags.InvokeMethod, null, o, null);   Marshal.ReleaseComObject(o); } Of course this is not really a good solution (late binding). So instead I manually imported t[...]



UAC Elevation in Managed Code: "Talking" to an Elevated Process via WCF

Sun, 04 Feb 2007 21:23:45 GMT

In the blog post UAC Elevation in Managed Code: Starting Elevated Processes I talked about how to start an elevated process. However, just starting a process might not cut the mustard, for example if you need to hand over data to the elevated process. You could achieve this by passing, let's say, some data as command line arguments to ProcessInfo before starting the elevated process. But that seriously limits communication. So how can you perform communication with an elevated process? My first idea was to use .NET Remoting. Once I thought through the multi-instance scenario, I quickly realized that this meant the server had to be running in the non-elevated application, because only it could properly choose a port. And because I am not a fan of Remoting anyways, I decided to give WCF (Windows Communication Foundation, a pillar of .NET 3.0) a try. It looked like smooth sailing at first, but then I realized that with WCF too I needed to implement the service inside the non-elevated application. This time, however, the reason was "How do I know when the elevated application has initialized before I can actually start communicating with it?". Back to the drawing board. The final solution now looks like this: the non-elevated application starts a service. The operations contract specifies a callback, which, once the elevated application has signalled its readiness, can be used by the non-elevated application to "talk" with the elevated application. I didn't intend to go duplex, but hey, if there's no other way I am willing to take plunge. Speaking of tricks of the trade: I am using imperative binding to a named pipe. Reason? Well, WS bindings won't work (see here and here), and the TCP channel would pop up a firewall warning. That's why. Let's look at the applications - first the non-elevated one: This time I forfeited eye candy (the shield button). Same (missing eye candy) goes for the elevated application as it is a console application only: Solution-wise, this simple two-application scenario is split into four projects: So where do we start? With the easy part inside ElevationContract: [ServiceContract(Namespace = "http://Christoph.Wille.Samples", CallbackContract = typeof(IElevatedProcess))] public interface IWaitForElevatedProcess {   [OperationContract(IsOneWay = false)]   void ElevatedProcessStarted(); } [ServiceContract(Namespace = "http://Christoph.Wille.Samples")] public interface IElevatedProcess {   [OperationContract(IsOneWay = false)]   void SayHello(string message); } The interface IWaitForElevatedProcess is implemented in StandardUserApp. It is the service endpoint that is initialized before the elevated process is started - and once the elevated application is up and running, it calls into ElevatedProcessStarted. And we are in business for using the IElevatedProcess callback that is implemented in the ElevatedProcess console application. So how is the service endpoint intialized - let's take a look inside: private const string theProcess = @"..\..\..\ElevatedProcess\bin\Debug\ElevatedProcess.exe"; private void tryitButton_Click(object sender, EventArgs e) {   string channelIdentifier = MiscHelpers.CreateRandomString(64);   MyUACServiceHost.StartService(channelIdentifier);   // starting it modal doesn't work (obviously - unless we have more threads, of course)   ElevatedProcess.Start(theProcess, channelIdentifier); } Interesting tidbit #1 is CreateRandomString: it creates a random string to use for the address. Why? Well, if multiple instances of our application are running and trying to elevate a process, we are in trouble. Which brings me to StartService: internal static void StartService(string pipeEndPoint) {   NetNamedPipeBinding binding = new NetNamedPipeBinding();   bindin[...]



PowerShell 1.0 for Windows Vista

Sun, 04 Feb 2007 10:43:49 GMT

Download here

(image)



UAC Elevation in Managed Code: Starting Elevated COM Components

Tue, 30 Jan 2007 09:14:50 GMT

The previous installment UAC Elevation in Managed Code: Starting Elevated Processes dealt with starting executables with the "real" administrative token. In this blog post, we deal with starting a COM component with elevated privileges. For in-depth background information, please consult Kenny Kerr's absolutely excellent post on Windows Vista for Developers – Part 4 – User Account Control. To start with, we need a COM component. Instead of writing an ATL C++ COM component from scratch, I took the MyElevateCom sample from CoCreateInstanceAsAdmin or CreateElevatedComObject sample from the Vista Compatibility Team Blog. Note that for building it, check out my post Visual Studio on Vista: Not so Fast! Assuming that you built and successfully registered the COM component (it is built to the instuctions from Kenny's post), you can go about and write the managed caller. First, we need a reference to the component: Then comes the tricky part - actually instantiating the COM component. When you take a look at the C++ example, you see that quite some "moniker magic" is involved that cannot be replicated by simply newing up the component. So how to mimic this behavior in managed code? The Microsoft® Windows® Software Development Kit for Windows Vista™ and .NET Framework 3.0 Runtime Components comes to the rescue: inside, you find C:\Program Files\Microsoft SDKs\Windows\v6.0\Samples\CrossTechnologySamples.zip, which contains the VistaBridge sample. From that, I took the VistaBridgeLibary, and modified the static UACManager.LaunchElevatedCOMObject method a bit: [return: MarshalAs(UnmanagedType.Interface)] public static object LaunchElevatedCOMObject(Guid Clsid, Guid InterfaceID) {   string CLSID = Clsid.ToString("B");   string monikerName = "Elevation:Administrator!new:" + CLSID;   NativeMethods.BIND_OPTS3 bo = new NativeMethods.BIND_OPTS3();   bo.cbStruct = (uint)Marshal.SizeOf(bo);   bo.hwnd = IntPtr.Zero;   bo.dwClassContext = (int)NativeMethods.CLSCTX.CLSCTX_LOCAL_SERVER;   object retVal = UnsafeNativeMethods.CoGetObject(monikerName, ref bo, InterfaceID);   return (retVal); } Modifications: the method is now public instead of internal, and CLSCTX changed to local server (otherwise it wouldn't work). Next, we need a UI: This button is the CommandLinkWinForms control from VistaBridgeLibary, with the ShieldIcon property set to true. Let's hook up the event code: private void tryItButton_Click(object sender, EventArgs e) {  Guid IID_ITheElevated =   new Guid(0x5EFC3EFB, 0xC7D3, 0x4D00, 0xB7, 0x2E, 0x2F, 0x86, 0x4A, 0x1E, 0xAD, 0x06);  Guid CLSID_TheElevated =   new Guid(0x253E7696, 0xA524, 0x4E49, 0x9E, 0x50, 0xBF, 0xCC, 0x29, 0x91, 0x31, 0x23);  object o = UACManager.LaunchElevatedCOMObject(CLSID_TheElevated, IID_ITheElevated);  ITheElevated iface = (ITheElevated)o;  // Call the method on the interface just like in the C++ example  iface.ShowMe();  // Release the object  Marshal.ReleaseComObject(o); } The interface ID as well as class ID guids come directly from the C++ project (it is always a good idea to "speak" more than one language), but you could obtain those from the type library or registry as well if you don't have the source code of the component handy. Object creation is handled via LaunchElevatedCOMObject, and the resultant object is cast to the interface from the imported type library. Noteable (and important) is the last line: because the object wasn't created by the runtime, we have to take care of its destruction (the created interface doesn't have a Release() method, so we use Marshal.ReleaseComObject). That's it - your managed code is now instantiating an elevated COM o[...]



UAC Elevation in Managed Code: Starting Elevated Processes

Tue, 30 Jan 2007 07:14:31 GMT

When you are working with Windows Vista, you know that even the administrative users are stripped ("filtered") of their privileges for normal operations, and that when you have to perform tasks requiring administrative privileges, you are presented with an UAC elevation prompt. The idea of this blog post series is to provide you with working samples on how to work with elevation from inside managed applications (you might also want to read Windows Vista Application Development Requirements for User Account Control Compatibility). I want to side-step the really easy part - providing a manifest to start the entire application elevated (a good idea if the application makes no sense at all unless it has administrative rights, like regedit.exe). You can find information on those topics in Adding a UAC Manifest to Managed Code and Vista: User Account Control. Now back to the topic of this post: App A needs to start App B with administrative rights (because App B e.g. needs to write to HKLM or Program Files). Therefore, we somehow must run App B as an administrative user (or with the non-filtered token of the current user). So how do we go about it? First, some eye candy. You definitely already saw those nice shield icons before: Those shield icons are stock on Windows Vista and indicate to the user that the action that hides behind the button requires elevation. I didn't create a button control myself - instead, I reused one that is readily available on the Web: Add a UAC Shield to your Winforms buttons in C#. All I had to do myself was to start the Process ("App B"): private void startProcess_Click(object sender, EventArgs e) {   ProcessStartInfo psi = new ProcessStartInfo();   psi.FileName = theProcess;   psi.Verb = "runas";   Process.Start(psi); } The ticket (so to speak) for the elevation prompt is setting the Verb to "runas" in the ProcessStartInfo instance - this will pop up the elevation prompt if necessary when Process.Start is called. This simplistic approach has a problem though - once App B is started, users can switch back to App A, because it App B isn't "modal" for App A. To solve this problem, I incorporated the approach from Daniel Moth outlined in his post Launch elevated and modal too: private void launchModal_Click(object sender, EventArgs e) {   ProcessStartInfo psi = new ProcessStartInfo();   psi.FileName = theProcess;   psi.Verb = "runas";   psi.ErrorDialog = true;   psi.ErrorDialogParentHandle = this.Handle;   try   {     Process p = Process.Start(psi);     p.WaitForExit();   }   catch (Exception ex)   {     MessageBox.Show(ex.ToString());   } } And that's it - App B is now modal. Once App B quits, control is relinquished to App A (which still doesn't run with administrative rights). ElevateProcessSample.zip (21.1 KB) [...]



Visual Studio on Vista: Not so Fast!

Mon, 29 Jan 2007 16:46:24 GMT

If you want to do this (Register Output, C++)

(image)

and don't want to get this error message

(image)

then start Visual Studio with Run as Administrator. I have SP1 and no Vista supplements installed, so maybe there will be (or already is) an elevation prompt for registering output.

(image)



Crashing Vista With WPF Applications

Mon, 29 Jan 2007 09:20:11 GMT

From the "What could possibly go wrong?" department: starting a WPF application (verified offenders are MsbuildG and VistaBridge from the Windows Vista SDK) crashes Vista. Or the graphics driver to be more precise. The result is nonetheless a perfectly reproducible BSOD on my IBM X31 laptop. The funny part? This ATI Mobility driver (6.14.10.6546) came from the Windows Vista Update Service and is MS HW Compat signed!

(image)



Security for Applications in Windows Vista Forum

Thu, 25 Jan 2007 09:38:07 GMT

Got a developer question on how Windows Vista security affects your application? Then the MSDN Forum Security for Applications in Windows Vista is the right place to go.

(image)



TweakUAC

Thu, 25 Jan 2007 09:32:21 GMT

I don't recommend turning off UAC (User Account Control) on Windows Vista, but there might be valid reasons to shut it off once in a while for testing purposes (like in a VM). That is where TweakUAC comes in handy:

(image)

(image)



Shift Expectations

Wed, 24 Jan 2007 09:23:10 GMT

The Shift key can be very useful on Windows Vista. For example, type in the name of the application in the Search box and press Ctrl+Shift+Enter:

(image)

This will start the application as Administrator. Next is Windows Explorer, where Shift + right-clicking on a file will yield a different context menu:

(image)

The new feature is "Copy as Path" - allowing you to copy the full file path to the clipboard. I need that quite often, so this is a welcome addition indeed.

Speaking of Shift +  right-clicking: when you do that without a file selected on the right-hand pane in Explorer, you get another option, namely "Open Command Windows Here":

(image)

That is most useful!

(image)



eXPired

Tue, 02 Jan 2007 13:07:12 GMT

Now I can claim my office to be XP-free too (via eXPired Poster Available!) - the last victim of migration was my IBM X31.

(image)

(image)



Passing the News: Online Security Sessions from TechEd IT Forum Available

Fri, 22 Dec 2006 15:46:01 GMT

Michael Howard has all the links in this blog entry Online Security Sessions from TechEd IT Forum Available. Topics include: malware cleaning, UAC internals, social engineering, Vista kernel changes, Vista firewall and IPSec enhancements. Which reminds me that the post-conference DVDs should tip up in my mailbox rsn.

(image)



CLI Essentials: Robocopy Part of Vista

Tue, 12 Dec 2006 20:01:27 GMT

The most useful utility for deployment (or name your task, like directory comparison) is most decidedly Robocopy, which previously shipped only as part of the OS resource kits. Now with Windows Vista, however, Robocopy comes in the box.

(image)

To get up and running quickly, I recommend that you get Robocopy GUI:

(image)

It makes getting started with Robocopy a tad easier.

(image)



Vista Firewall

Tue, 12 Dec 2006 19:46:50 GMT

This is the firewall settings dialog - much the same as we know it from Windows XP already:

(image)

However, once you fire up the management console (mmc.exe), you can add snapins for advanced firewall configuration (ok, IPSec is one of my personal favorites and not necessary to configure the firewall per se...):

(image)

Once you have done this, you can now configure the firewall like, well, an administrator would expect - rule based:

(image)

(image)



Windows Vista Feature Matrix

Wed, 29 Nov 2006 15:01:30 GMT

Because I simply cannot remember which feature is in which edition of Windows Vista, I searched the Web to come up with a couple of useful feature comparison matrixes to back up my memory:

Update And of course the Windows Vista Product Guide.

(image)



Virtualization

Mon, 20 Nov 2006 07:03:43 GMT

I already talked about the virtualization features of Windows Vista in a previous blog post entitled UAC Redirection 4 Fun & Profit. Today, I want to tackle the file redirection that happens when UAC virtualizes your application and you try to write to a location it monitors - like the Program Files directory:

(image)

This command prompt was started with Run as Administrator (the window title hints at that). I was UAC-prompted, and then could go about my business. Not so if I would be running it unelevated:

(image)

It tells me that I don't have access. Right, not a big surprise, but why didn't virtualization kick in for cmd.exe? Because it is off by default for the command line. How can I turn it on? Well, easy. Go to Windows Task Manager

(image)

Add the Virtualization column

(image)

After a bit drag & drop magic I made it the second column and I can see which application is virtualized or not. And sure enough, cmd.exe isn't. Right-clicking allows you to change that:

(image)

You will be warned that this will possibly affect the running application, but go ahead. And then try again to write to the Program Files location:

(image)

This time I can write to Program Files - wait a second, really? No, it of course went to the virtual store for this user account:

(image)

As you can see, it lives next to files from a heck a lot of applications that wanted to write to somewhere (like system32) where they didn't have access to - but virtualization (on by default for applications except those opting out explicitly) took care of the disk operations and redirected them to the virtual store. Note that a well-written application (ie one that doesn't require administrative rights) wouldn't show up here...

(image)



Stiffware

Thu, 16 Nov 2006 11:07:18 GMT

In today's pre-lunch session at IT Forum the speaker used a term I had never heard before: stiffware. And I have to agree - stiffware does pose a serious problem when you cannot 'call' (other means of 'communication' might be unreliable to say the least ) the guy who wrote that piece of software so you can properly configure or even install it.

Speaking of the session itself, Microsoft SoftGrid is a really cool technology. The client - which contains more than the SoftGrid client - called the Desktop Optimization Pack, is equally interesting.

(image)



Windows Vista Security Guide

Thu, 09 Nov 2006 07:28:41 GMT

The Windows Vista Security Guide provides recommendations and tools to further harden Windows Vista. Well, go get it.

(image)



Gotta Be Kidding Me

Mon, 18 Sep 2006 17:29:44 GMT

(image)

That's not very funny when all you try to do is watch a Live Meeting on another Vista feature on your Vista box (last time, I was saved this problem by LM on Vista not being able to connect to the audio stream). And I thought the last time I saw a system swap itself to death was on Windows 3.0...

In other Vista news - try this: right-click on a .zip archive of your choice, select the Open With... option from the context menu. In the dialog that pops up expand Other and choose Internet Explorer. Fun ensues. 

(image)



MWconn News

Mon, 18 Sep 2006 09:00:26 GMT

MWconn got a new homepage which is also available in English (here). What is MWconn anyways? Take a look at my short MWconn setup guide / introduction plus if you use a Merlin UMTS card on Windows Vista, my installation instructions for the U630.

(image)



EasyBCD

Tue, 22 Aug 2006 18:22:46 GMT

EasyBCD is a must-have tool for Windows Vista to manage the new bootloader:

(image) (image)



MWConn Available in English

Tue, 18 Jul 2006 12:50:29 GMT

Aside from just reporting the fact, I decided to write a short guided tour to get you started - and tested it with the most recent version of Windows Vista 5472.

  1. Download from http://mwconn.tribal-sunrise.com/ - the site is still German-only, but simply click the link "Version 1.0".
  2. Copy to folder UMTS
    (image)
  3. Right-click and Run as Administrator
  4. You are asked for your preferred language - click No for English
    (image)
  5. MWConn asks to create connection-type specific program copies - choose Yes:
    (image)
  6. MWConn needs a connection to dial - it can create one itself, so choose Yes:
    (image)
  7. You will be presented a message box that informs you about connection creation success / failure. You are almost done, and your UMTS folder now looks like this:
    (image)
  8. Run UMTSGPRS (as Administrator). If asked again for the language, choose No to retain English. It will exit with a note that you should edit MWConn.ini.
  9. Edit MWConn.ini - you only need to edit a few entries:

    08 COM=
    09 PIN=
    10 NET=
    11 APN=
  10. Once done, start UMTSGPRS again, and you will be logged into your network:
    (image)

For details on configuring the settings in #9, see the Comments section of my previous blog post Merlin - Yes, Magic IS Required.

(image)



Merlin - Yes, Magic IS Required

Wed, 28 Jun 2006 11:08:33 GMT

My post Novatel Wireless Merlin U630 on Windows Vista generated quite some feedback like "How did you install the drivers?". So I decided to take the latest and greatest build 5456 and see if I would get it up and running there too. Here is the list of things you need to do:

Obviously, the first thing to do is to insert the card. You will be prompted for driver installation, and it will try to do just that. However, it will only succeed in installing a "Generic Multifunction PC-Card". The two ports (later identified as multifunction device) will fail because it cannot detect the drivers.

Now we have to rectify this problem. Let's go to Device Manager (via Control Panel / Hardware), and right-click on the "Generic Multifunction PC-Card".  Choose "Update Driver":

(image)

This will magically turn it into the Novatel Wireless UMTS Modem Parent. And this in turn will allow auto-detection of the two ports:

(image)

Please note that the secondary port will show up under COM ports, not Modems:

(image)

And here things get hairy - as I pointed out, I am using MWConn. The current 0.9 version (as a reminder: at this time, German-only) assumes that the secondary port is above the primary (ie COM4 for primary, COM5 for secondary). However, on one of my laptops (Samsung X20) - the screenshot above - it is exactly the other way around and MWConn cannot cope with that at the moment. The IBM X31 orders the ports nicely right - and as such, UMTS works like a charm!

By the way, use MWConn with administrative rights because it does create network connections:

(image)

I will report back on the inverted port problem, the author of MWConn promised to send me an updated version that can deal with this issue. So stay tuned!

Update I got the new version - and I am modifying this blog entry under Windows Vista 5456 using the Merlin U630 in UMTS mode, on the Samsung X20. Now both laptops work! Proof:

(image)

(image)






When You Thought They Couldn't Make UAC Any More Annoying...

Mon, 26 Jun 2006 10:12:41 GMT

The Beta 2 UAC experience was somewhat annoying, but the current interim's experience was able to actually top the user aggravation c'mere (my definition of UAC):

(image)

UAC prompts appear as minimized dialog boxes! Guys, get your act together.

(image)



Windows Media Player Cannot Play The File

Sun, 04 Jun 2006 09:21:50 GMT

I had seen this error message on another Vista box previously, but at that time it definitely was related to a wrongly installed HDA driver for the onboard sound. This time sound was working, and some videos did actually play, so I was peeved when I got this error message while trying to watch recorded Web casts:

(image)

Yesterday, my solution was to boot XP - but leaving Vista just for watching Web casts, well, that is ridiculous. So I set out for a search on what other media players are capable of viewing WMV files. In the end (the third one I tried) I settled for the free DivX Player which nicely views all the recordings Windows Media Player 11 balked at.

Other casualties to report: the Sony Ericsson tools PC Suite as well as Update Service crash and burn on installation (the first one with MDAC, the other one with an already well-hated Java Exception, this time however on x86 and a different index).

(image)



Previous Versions

Fri, 02 Jun 2006 19:15:42 GMT

Now, UAC is painful at times like installation (but getting better according to Reducing Elevation Prompts in RC1), however, there are loads of cool features hidden behind all the glitz of Aero that are really cool. Like Previous Versions:

(image)

It uses the Volume Shadow Copy technology already in use on Windows Server 2003, and it "hides" itself as part of System Protection / automatic restore points:

(image)

This is definitely one of those features that "sell" a product.

(image)



Vista On My Machine

Thu, 01 Jun 2006 18:28:57 GMT

I decided to take the plunge and try running Vista on a daily basis. Thus far the following casualties must be reported:

  • Matrox P650 PCIe. No drivers, thus no dual head. Sorry Matrox. In more than ten years this is now the first time that my machine has no Matrox graphics card inside.
  • PDFCreator. For some reason the setup msi dies during installation, as well as during the subsequent uninstallation. Too bad.
  • Daemon Tools. On the first try, it didn't work. Maybe I'll give it another shot.

Given my previous experiences on my two laptops, it really turns out that the graphics drivers (or lack of) are the #1 issue for getting productive with Vista.

Let's see how long it takes until I hit a snag that makes me return to XP. Copying Application Data stuff to Vista was already quite "interesting" because Firefox and Thunderbird store their settings in Roaming and not Local.

(image)



Vista Is a Descendant Of NT Alright...

Wed, 31 May 2006 13:56:20 GMT

But Adobe thinks I am too stupid to choose my baseline OS on my own, and presents me with a rather limited choice:

(image)

Also note that IE 7+ doesn't render the page correctly (menu). Time to fix your Web page, Adobe.

(image)



UAC Prompts & Security

Wed, 31 May 2006 12:46:05 GMT

When you run an application that needs administrative rights (in this specific case via a manifest file), you are prompted with an UAC dialog to allow this operation:

(image)

This is the dialog you get for the "default" user, the one you create during setup that is a member of the Administrators group. Contrast that to the dialog a standard user is presented with:

(image)

Now, I am fine with prompting the user to enter administrative credentials. However, I am not fine with providing the user with the name of the administrative user(s) on that machine. In my opinion, this is giving away security-related information without need.

Update Of course you can always use net localgroup Administrators to get a list of the members of the Administrators group (Markus pinged me on that one). This feature has been available for ages, true. However, I am not convinced that the UAC convenience of providing the administrative accounts on a silver platter is really necessary.

(image)