Alexander’s Blog

Microsoft offers several tools that can be useful in deploying Windows 7 images to your workstations. Here are a few of them in alphabetical order.

Answer File:

The answer file for Windows Setup  is the unattend.xml file. You can create (or modify an existing file) by using Windows System Image Manager (Windows SIM). There is another answer file called oobe.xml that is used to customize Windows Welcome, which starts after Windows Setup and during the first system startup.

Catalog:

This is a binary file that contains the state of the settings and packages in a Windows image.

Deployment Image Servicing and Management (DISM):

Use this tool to servicing and managing Windows images.

Diskpart:

This is a command-line tool for configuring the hard disk partitions.

SysPrep:

This tool removes the computer-specific information from a Windows image (i.e. makes it more generic) before you capture the image and deploy it to all the computers on your network.

Windows Automated Installation Kit (WAIK):

WAIK includes several tools and documents to assist you in the deployment of operating systems. Here are some of the tools.

ImageX: A command-line tool to capture, modify, and apply installation image for deployment.

User State Migration Tool (USMT): You can use this tool to migrate a user’s system settings from an older version of Windows to Windows 7.

Windows Pre-installation Environment (Windows PE): This too is useful for installing and deploying Windows operating systems. It’s a minimal operating system with limited services that is based on Windows 7 kernel.

Windows System Image Manager (Windows SIM): Allows you to create unattended installation answer files and distribution shares. You can also modify existing configurations.

Windows Deployment Images (WDS):

This is a server-based deployment solution that allows administrators to add new workstations to the domain without physically visiting the client workstations.

Virtual Hard Disk:

This is a virtualization solution that uses a Microsoft Virtual Hard Disk (VHD) file format. A .vhd is a single file that contains the entire disk image of a computer.

When working with the Search feature in Microsoft Office SharePoint Server (MOSS) 2007 you may have encountered the following error:

Access is denied. Check that the Default Content Access Account has access to this account, or add a crawl rule to crawl this content.

I have experienced this error on Windows Server 2008 R2 (and SQL Server 2008) as well as Windows Server 2003 R2 (and SQL Server 2005). In both cases I was running MOSS 2007.

SOLUTION 1 -  Specify the Content Access Account & Password

To resolve this error, the most obvious thing to try is to add the Content Access account to the crawl rule as described below. However, this may not solve your problem. In any case, try this method first before you try solution 2.

1. Go to Central Administration and click on the Shared Services Provider (SSP) where you want to configure search.

2. From the home page of the Shared Services Administration, under Search click Search settings.

3. In the left navigation bar, under Crawling section click Default content access account.

4. Enter the Content Access account in the form DomainName\AccountName. For example, SeattlePro\Content. Alternatively, you can also enter it in the User Principal Name (UPN) format, such as AccountName@DomainName.com.

NOTE: Some people have reported that they have fixed the above error simply by changing the format from DomainName\AccountName to AccountName@DomainName.com. However, that solution didn’t work for me.

SOLUTION 2 – Disable the Loopback Check

Another solution is to disable the loopback check by setting the DisableLoopbackCheck registry key. The loopback check security feature is designed to help prevent reflection attacks on your computer. Therefore, disabling it has its consequences. Microsoft describes the disabling of loopback check  in more detail in KB896861. Here’s how.

Follow these steps to set the DisableLoopbackCheck registry key:

1. Set the DisableStrictNameChecking registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
   281308 (http://support.microsoft.com/kb/281308/ ) Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
   NOTE: I was able to fix my problem without making the registry change mentioned in this step 1. I only made the change described below.
2. Click Start, click Run, type regedit, and then click OK.
3. In Registry Editor, locate and then click the following registry key:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
4. Right-click Lsa, point to New, and then click DWORD Value.
5. Type DisableLoopbackCheck, and then press ENTER.
6. Right-click DisableLoopbackCheck, and then click Modify.
7. In the Value data box, type 1, and then click OK.
8. Although Microsoft suggests that you need to restart your computer, I have been able to make the above change and fix the problem without restarting the server.

WARNING! There’s one thing that you ought to know about disabling the loopback.  It’s okay to disable it in a test/development environment but not in a production environment. Microsoft SharePoint MVP Spencer Harbar has written a blog post about the consequences of disabling loopback in the production environment that is a must read.

According to reports, some Microsoft Windows computers are experiencing a “Black Screen of Death.” The phrase Black Screen of Death came out of the famous “Blue Screen of Death”, which caused system crash on earlier Windows operating systems. According to MSNBC:

The problem may be tied to security updates recently released by the software maker. “Microsoft is investigating reports that its latest release of security updates is resulting in system issues for some customers,” the company said in a statement. “Once we complete our investigation, we will provide detailed guidance on how to prevent or address these issues.”

British security firm Prevx writes about the problem on its blog, and suggests following this procedure:

1. Restart your PC
2. Log on and wait for the black screen to appear
3. Make sure your PC should be able to connect to the Internet (black screen does not appear to affect this)
4. Press the CTRL, ALT and DEL keys simultaneously
5. When prompted, Click Start Task Manager
6. In Task Manager Click on the Application Tab
7. Next Click New Task
8. Now enter the command:
“C:\Program Files\Internet Explorer\iexplore.exe” “http://info.prevx.com/download.asp?GRAB=BLACKSCREENFIX”
9.  Click OK and your (Web) browser should start up and begin the download process
10.  When prompted for the download Click run, the black screen fix program will download and run to automatically fix the issue.
11.  Now restart your PC and the black screen problem will hopefully be gone.

“There appears to be many causes of the black screen issue,” wrote Dave Kennerley of Prevx Support on the company’s blog. “The symptoms are very distinctive and troublesome. After starting your Windows 7, Vista, XP, NT, W2K, W2K3 or W2K8 PC or server the system appears normal.

“However, after logging on there is no desktop, task bar, system tray or side bar. Instead you are left with a totally black screen and a single My Computer Explorer window. Even this window might be minimized making it hard to see.”

If you accidentally drag the Show Desktop icon from your Quick Launch bar in Windows XP and then try to drag it back , it only creates a shortcut to the Show Desktop icon. Which means that you can’t delete the icon that you dragged on your desktop otherwise the Show Desktop icon won’t work because it’s only a shortcut. Here’s what you can do to quickly restore the Show Desktop icon.

1. Copy the following code in Notepad.

[Shell]

Command=2

IconFile=explorer.exe,3

[Taskbar]

Command=ToggleDesktop

2. Save the file as Show Desktop.scf in the folder C:\Documents and Settings\Username\Application Data\Microsoft\Internet Explorer\Quick Launch, where Username is the account name that you are logged in as. For example, if you are logged in as Matt, the path to the folder will be “C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch.” You should now see the Show Desktop icon in the Quick Launch bar.

Make sure that when you save the file in Notepad you change the Save as Type to “All files”, otherwise it will add the .txt extension to the file.

This Guide was designed to help IT professionals better understand and use Microsoft security release information, processes, communications, and tools. The goal is to help IT professionals manage organizational risk and develop a repeatable, effective deployment mechanism for security updates. In this Guide, you will find a glossary of terms, an overview of the Microsoft Security Bulletin process, and a stage-by-stage review of Microsoft Security Updates. The Guide is organized according to the following stages of the security update process:

Stage 1: Receive Microsoft Security Release Communications

Stage 2: Evaluate Risk

Stage 3: Evaluate Mitigation

Stage 4: Standard or Urgent Update Deployment Timeline

Stage 5: Monitor Systems

Ongoing Stage: Watch

Each section outlines the purpose and objective for that stage, as well as the expected target outcomes upon that stage’s completion.

The supported operating systems include Windows Server 2008, Windows Vista and Windows XP. The download file is available either as a PDF or an XPS. Click here to download the guide.