If you use Windows Vista Enterprise or Ultimate, or any version of Windows Server 2008, you may have heard about a feature called BitLocker Drive Encryption (BDE). This awesome feature will enable you to encrypt the operating system volume. However, in Vista RTM, Microsoft doesn't make it very apparent how to encrypt additional volumes. In Vista SP-1 and Server 2008, you can encrypt data volumes through the UI.
Of course, if you're a fan of the command prompt, the %SystemRoot%\system32\manage-bde.wsf file gave you all the commands necessary to manage your BitLocker volumes.
Or, you could get your hot little hands on the BDE WMI object model and write your own UI in Visual Studio 2008. I went with this approach.
My first blog post talked about building this tool and my need to learn where BitLocker policy settings were stored in the Registry. Well, BDE in Windows 7 is GREATLY expanded.
Microsoft has introduced a bunch of new policy settings, with backwards compatibility to Vista/Server 2008. But there are a ton of new settings for "Windows 7 family."
They've pretty much broken these up into three groups: system (OS) volume, fixed data volumes and removable data volumes. So you can get really granular with how BitLocker behaves with various volumes, whether they're hard drives inside the computer or removable media, such as flash drives.
Windows 7 BDE includes something called BitLocker To Go, which gives great flexibility in the encryption of removable volumes, including policies on whether or not to allow read/write access to unencrypted media as well as read/write access to BDE-encrypted media from another organization (this piece made possible by two new policy settings: primary BitLocker identifier and secondary BitLocker identifier).
I think Microsoft scored big with BitLocker. Now I think they made it better and more flexibile.
Security is everyone's responsibility. If Microsoft really wants to make this a winner, they will include BitLocker with all versions of Windows 7, not just Enterprise/Ultimate.
~M
Friday, January 30, 2009
Does Windows 7 know how to complete a reboot?
I've found yet another intriguing "feature" in Windows 7, and that's its unwillingness to properly reboot. Or, maybe I should say, it's unwillingness to "complete" a reboot.
On many occasions, I reboot the system for whatever reason--software installation, for instance, and the "shutting down..." screen will just sit there. Apparently it's happy to sit there until Armageddon, but I don't want to wait that long. Looking at the disk activity light shows negligible disk activity.
Most of you probably know that if you shut down Windows in an unfriendly way, whether it's a hard power down or coredump (blue screen), the next time it starts you'll get the "Windows didn't shut down correctly the last time..." screen.
The interesting thing about this problem is that it seems that Windows is completing a graceful shutdown; it's just not completing the reboot portion of that shutdown. If I power the machine down, rather than waiting for that aforementioned Armageddon, and then power it back on, I do NOT get the "Windows didn't shut down correctly the last time..." That leads me to believe that Windows did shut down...it just didn't reboot.
That one's baffling. Not really that big of a deal; just kind of annoying, that's all.
~M
On many occasions, I reboot the system for whatever reason--software installation, for instance, and the "shutting down..." screen will just sit there. Apparently it's happy to sit there until Armageddon, but I don't want to wait that long. Looking at the disk activity light shows negligible disk activity.
Most of you probably know that if you shut down Windows in an unfriendly way, whether it's a hard power down or coredump (blue screen), the next time it starts you'll get the "Windows didn't shut down correctly the last time..." screen.
The interesting thing about this problem is that it seems that Windows is completing a graceful shutdown; it's just not completing the reboot portion of that shutdown. If I power the machine down, rather than waiting for that aforementioned Armageddon, and then power it back on, I do NOT get the "Windows didn't shut down correctly the last time..." That leads me to believe that Windows did shut down...it just didn't reboot.
That one's baffling. Not really that big of a deal; just kind of annoying, that's all.
~M
Processes: When I kill you, that means die
I think the most annoying bug I've found in Windows 7 Beta is that processes that go awry are unwilling to die.
In a previous blog post, I spoke of a problem with Windows Explorer, whereby Explorer tends to misbehave after some major file copies or moves. I ran across that one several times after I had reimaged my machine from Vista to Windows 7 because I was restoring all of my files from an external drive attached to another PC.
Explorer would start misbehaving in the sense that the UI was still somewhat responsive--you could click things, and you'd get feedback sounds, but you couldn't actually change folders. You'd just see the semitransparent green progress bar restart its trot across the address bar. Sometimes, however, Explorer would lock up completely.
Regardless, I would try ending Explorer; in the latter case, I'd have to force it to close. I'd get the "Windows Explorer has stopped responding. Windows is searching for a solution..." And then it would restart. But a quick check in Task Manager would reveal that Windows Explorer was still running in that old process, usually with rather egregious, generous memory consumption. Hmm...memory leak perhaps?
But then I exited iTunes earlier today after syncing my iPhone 3G. iTunes closed but displayed a "iTunes is saving your library." After about 30 minutes of seeing that, I figured iTunes wasn't doing much. Actually, it was, holding 50% solid of my dual-core CPU. It was stuck. So I killed it, or so I thought. Ending the process in Task Mangler, ahem, Manager only ended its CPU consumption. The process lived on.
The same goes for those earlier mentioned explorer.exe processes. Whether I try to use End Process or End Process Tree, in "regular" or "elevated" mode, these processes just won't die! No matter how many times I try to kill them, they just won't die.
The problem with this is that the machine won't reboot, because you'll just get "shutting down..." perpetually displayed, probably because these processes won't terminate.
There are two options here...power down the machine, or if you're feeling bold, kill csrss.exe in (elevated) Task Manager. Doing that will cause an immediate blue screen and subsequent reboot, sparing you the hard power down.
Processes...when I kill you, that means die. Don't hang on to fight another day, darn it!
~M
In a previous blog post, I spoke of a problem with Windows Explorer, whereby Explorer tends to misbehave after some major file copies or moves. I ran across that one several times after I had reimaged my machine from Vista to Windows 7 because I was restoring all of my files from an external drive attached to another PC.
Explorer would start misbehaving in the sense that the UI was still somewhat responsive--you could click things, and you'd get feedback sounds, but you couldn't actually change folders. You'd just see the semitransparent green progress bar restart its trot across the address bar. Sometimes, however, Explorer would lock up completely.
Regardless, I would try ending Explorer; in the latter case, I'd have to force it to close. I'd get the "Windows Explorer has stopped responding. Windows is searching for a solution..." And then it would restart. But a quick check in Task Manager would reveal that Windows Explorer was still running in that old process, usually with rather egregious, generous memory consumption. Hmm...memory leak perhaps?
But then I exited iTunes earlier today after syncing my iPhone 3G. iTunes closed but displayed a "iTunes is saving your library." After about 30 minutes of seeing that, I figured iTunes wasn't doing much. Actually, it was, holding 50% solid of my dual-core CPU. It was stuck. So I killed it, or so I thought. Ending the process in Task Mangler, ahem, Manager only ended its CPU consumption. The process lived on.
The same goes for those earlier mentioned explorer.exe processes. Whether I try to use End Process or End Process Tree, in "regular" or "elevated" mode, these processes just won't die! No matter how many times I try to kill them, they just won't die.
The problem with this is that the machine won't reboot, because you'll just get "shutting down..." perpetually displayed, probably because these processes won't terminate.
There are two options here...power down the machine, or if you're feeling bold, kill csrss.exe in (elevated) Task Manager. Doing that will cause an immediate blue screen and subsequent reboot, sparing you the hard power down.
Processes...when I kill you, that means die. Don't hang on to fight another day, darn it!
~M
Monday, January 26, 2009
Liking the taskbar
Although I'm disappointed to see that Windows 7 doesn't include native Blu-ray playback support, I am feeling the taskbar is already growing on me.
I wasn't sure if I was going to like it. I liked to organize my XP and Vista taskbars by having the taskbar two tiers high...the top tier consisting of all of my QuickLaunch icons and the lower level having the taskbar buttons of running applications.
Windows 7 seems to have married the two together. When you launch an application, an icon for that application appears in the taskbar. When you close the application, the icon goes away. But you can also "pin" an application to the taskbar--essentially giving you QuickLaunch functionality. Pin an application to the taskbar, and its icon appears. Click the icon, and it launches.
In both cases, when you have an application running, a transparent outline forms around the icon. Thus you can quickly determine by looking at your taskbar icons which ones are actually running apps. Hover over running apps and you'll get the preview like you did in Vista (with Aero turned on). If you have multiple instances of an app open, like Explorer or Word, this transparent outline "stacks," up to three high, so you can see there's more than one instance.
But it gets different here. In Vista, hovering over a taskbar button of a running app showed you a preview of what's in that window. But since they all "collapse" or group into a single taskbar icon, hovering over the icon yields a preview of all running instances of that application. So if you have three Windows Explorer windows open, you'll get three previews. Hover over the one you want and click it, and it'll come to the foreground. Hover over any preview long enough, and all other windows will temporarily "hide" so you can see just that window.
The trick is that if you have a running instance of the app, clicking the icon won't necessarily start a new instance. In the QuickLaunch days, clicking an icon would launch a new instance. In Windows 7, if you need a new instance, right-click the icon and choose the application's name from the list of options and you'll get a fresh running instance (separate running executable process).
A nice thing about the new taskbar is that the icons are bigger, and because you can have quite a lot of them there, you don't get the "squishing" effect of taskbar buttons from previous Windows versions, where the buttons would get smaller and smaller everytime you opened a new window.
I have a lot of icons pinned to the taskbar, and since I always had it two levels high, I have it two high in Windows 7 as well. Plenty of real estate...
~M
I wasn't sure if I was going to like it. I liked to organize my XP and Vista taskbars by having the taskbar two tiers high...the top tier consisting of all of my QuickLaunch icons and the lower level having the taskbar buttons of running applications.
Windows 7 seems to have married the two together. When you launch an application, an icon for that application appears in the taskbar. When you close the application, the icon goes away. But you can also "pin" an application to the taskbar--essentially giving you QuickLaunch functionality. Pin an application to the taskbar, and its icon appears. Click the icon, and it launches.
In both cases, when you have an application running, a transparent outline forms around the icon. Thus you can quickly determine by looking at your taskbar icons which ones are actually running apps. Hover over running apps and you'll get the preview like you did in Vista (with Aero turned on). If you have multiple instances of an app open, like Explorer or Word, this transparent outline "stacks," up to three high, so you can see there's more than one instance.
But it gets different here. In Vista, hovering over a taskbar button of a running app showed you a preview of what's in that window. But since they all "collapse" or group into a single taskbar icon, hovering over the icon yields a preview of all running instances of that application. So if you have three Windows Explorer windows open, you'll get three previews. Hover over the one you want and click it, and it'll come to the foreground. Hover over any preview long enough, and all other windows will temporarily "hide" so you can see just that window.
The trick is that if you have a running instance of the app, clicking the icon won't necessarily start a new instance. In the QuickLaunch days, clicking an icon would launch a new instance. In Windows 7, if you need a new instance, right-click the icon and choose the application's name from the list of options and you'll get a fresh running instance (separate running executable process).
A nice thing about the new taskbar is that the icons are bigger, and because you can have quite a lot of them there, you don't get the "squishing" effect of taskbar buttons from previous Windows versions, where the buttons would get smaller and smaller everytime you opened a new window.
I have a lot of icons pinned to the taskbar, and since I always had it two levels high, I have it two high in Windows 7 as well. Plenty of real estate...
~M
No Blu-ray? You're kidding, right?
Okay, a few days into playing with Windows 7, I fired up and configured Windows Media Center. I popped in a Blu-ray movie to watch. Immediately WMC tells me that I have to install an application that supports Blu-ray playback. You've got to be kidding me!
Blu-ray is not new here. It's been on the market for a couple of years now. Less than a year ago we watched Blu-ray crush HD-DVD out of existence.
So if I can play a DVD movie natively in WMC, without the need for any special codecs, why can't I watch a Blu-ray movie? Some may argue that Blu-ray codecs are patented and have to be licensed. Well, Blu-ray is an OPEN standard.
Point is, WMC comes in Windows Vista Ultimate (and XP Media Center Edition). Obviously, these are editions that Microsoft charges extra for. The Windows 7 beta gives you the Ultimate version to play with, complete with WMC. So when Windows 7 goes to market, if you buy Ultimate, you get WMC. If I have to pay more to get the higher end version of Windows, I don't think it's unreasonable to expect that Blu-ray playback will be supported natively, rather than me having to shell out more to get a codec that supports it.
C'mon Microsoft. Don't drop the ball on this one.
~M
Blu-ray is not new here. It's been on the market for a couple of years now. Less than a year ago we watched Blu-ray crush HD-DVD out of existence.
So if I can play a DVD movie natively in WMC, without the need for any special codecs, why can't I watch a Blu-ray movie? Some may argue that Blu-ray codecs are patented and have to be licensed. Well, Blu-ray is an OPEN standard.
Point is, WMC comes in Windows Vista Ultimate (and XP Media Center Edition). Obviously, these are editions that Microsoft charges extra for. The Windows 7 beta gives you the Ultimate version to play with, complete with WMC. So when Windows 7 goes to market, if you buy Ultimate, you get WMC. If I have to pay more to get the higher end version of Windows, I don't think it's unreasonable to expect that Blu-ray playback will be supported natively, rather than me having to shell out more to get a codec that supports it.
C'mon Microsoft. Don't drop the ball on this one.
~M
Sunday, January 25, 2009
First Impressions of Windows 7 Beta
I installed the Windows 7 beta (build 6.1.7000) x64 edition on my Dell XPS 710 late last week. I've been known as a "computer geek" for over 20 years; why should I change now? I'm always itching to try the latest and greatest, and after attending an MSDN developer conference on Thursday--and seeing what seemed to be a pretty stable-looking OS--decided to give it a whirl.
The Good
Overall, I've been quite pleased. The installation was surprisingly smooth--and fast. I decided to go with a clean install, as opposed to an upgrade. Upgrade installations always upgrade past problems. Whether it's Windows 95 to 98, 2000 to XP or XP to Vista, a clean install is just the way to go.
Windows 7 detected every single piece of hardware my XPS had. Looking in Device Manager, I didn't have any question marks or exclamation points decrying unknown hardware. I've never hard that happen before. The whole installation took maybe 40-45 minutes, if even that long. So I was able to start playing right away.
Obviously when you upgrade to a new OS, especially a beta, you never know what's going to work and what's not. I had a whole host of applications I used in Vista, an OS I'm pretty happy with. If only Vista was faster...
Speaking of faster, Windows 7 boots up and logs in a LOT faster than Vista. Whether it's as fast as XP may be debateable, but if it's not, it's close. In terms of speed, it blows Vista away. I also noticed the speed improvement in Windows Update. Updates install super fast, even faster than they do in XP. (Updates seem to install at about the same speed in Vista and XP, I've found.)
Now for the applications...Office 2007, Adobe Web Premium CS4 suite, iTunes x64, Zune and Diskeeper. I was able to install them all without any trouble, except for Diskeeper. I was using DK 2008 Professional; the installer said I was using an incompatible OS. I went out to DK's site and downloaded 2009 Professional for a 30-day trial. That installed and seems to be running fine (I checked a few blogs to see if this worked because DK doesn't officially support it).
I've been running Outlook 2007 a lot and haven't had any issues, so I'm pretty confident the whole Office suite (updated via Windows Update) will be just fine. I fired up a few of the Adobe applications, and they all seem to be just fine as well. I haven't tried out Roxio yet, but it installed, so that's a good sign.
Visual Studio 2008...that's a monster to install, but it installed faster than I've ever seen it install. VS 2008 Service Pack 1 -- one of the most painfully slow installations I've ever seen. This installed in less than an hour.
User Account Control (UAC)...they give you the flexibility to specify how much prompting you get about privileged operations. You get 4 levels of prompting. The default is to prompt for stuff like installing applications or programs making system changes. But you don't get prompted for trying to change Windows settings yourself, like launching Computer Management or copying a file into the Program Files directory. The result: a LOT less UAC prompts!
The Bad
Okay, so it's not all kudos. Now for the complaints...
Windows Explorer...I've found that if I do some major file operations, such as large copies or moves, Windows Explorer may lock up. It'll seem responsive; you can click around, but you'll just get the green progress bar moving perpetually across the top of the address bar. If you click another folder, you'll reset this progress bar but the folder won't actually change. But that's not the real problem--the real problem is an "unkillable" explorer.exe process. You can't shut down the machine, nor can you kill the process (you can try, but it'll remain in Task Manager). Long story short, you have to power cycle the machine.
One of my favorite tools was Magic Disc, a freeware application that allows you to mount ISO images as a virtual CD/DVD drive. This worked flawlessly in Windows Vista and Server 2008, so I had hopes for Windows 7. It installed just fine, despite the unsigned driver warning (this appears in Vista/2008 as well), and I could mount an image. But as soon as I tried to use that virtual drive, the OS would become horribly unstable. It wouldn't blue screen, but just became progressively and generally unusable. Explorer would crash, and eventually other applications would become unresponsive or crash themselves. I rebooted in safe mode, and rolled back using System Restore. I don't trust uninstallers to uninstall completely, and since this one made the OS unstable, I wanted it removed completely. System Restore plucked it without a problem. Peace and harmony was restored. I found an alternate program, called PowerISO, and it works just fine.
Diskeeper 2008...wouldn't install. Had to upgrade. Version 2009 goes in just fine. I downloaded a 30-day trial version. That'll give me enough time to decide whether or not I like this.
Logitech...if you have a Logitech camera (I have a Communicate Deluxe model), and you download the driver from Logitech, it won't install. It says your OS is unsupported. Hmm...this could be a problem. So I plugged in the camera. Windows gulped down a driver (version 11.8) from Windows Update, and the camera was usable. Sweet! Immediately this caused Logitech Update to run, which then said my OS was unsupported when it downloaded the new version. No biggie...version 11.8 works and it works with Yahoo Messenger. Good enough. So if you have a Logitech camera, just plug it in. Looks like the driver will come from Windows Update.
Kaspersky AV...this was one of the antivirus recommendations from Microsoft. I tried this one. It worked, but it made a lot of system operations slow, slow, slow! And it was popping up alerts about all kinds of things, like password protected files, despite the fact I chose the "recommended" option which was supposed to be less obtrusive. Since it was the last change I hade made, I used System Restore to rip it out. I went with the Norton 360 option instead. This works better.
The Undecided
The new taskbar...they did away with QuickLaunch and merged it with Jump Lists. By default, when you run apps, they don't appear with their names in the taskbar, just as their icons, although you can enable the labels. According to a Wikipedia article, the taskbar has seen its most major modification since Windows 95. I'm not quite sure I like it. I probably will; it'll just take some getting used to.
Windows Media Center...allegedly this has received quite an upgrade. I haven't tried it out yet. I have a Blu-ray drive in my computer so it would be nice to see native Blu-ray support.
I guess that's about all for now. As I said earlier, overall I've been pretty pleased. This is a beta, so it's bound to have problems. Hopefully Microsoft and driver vendors won't drop the ball like they did with Vista. Driver support in Vista was a fiasco, and hopefully the parties have learned their lessons.
~M
This blog was composed in Internet Explorer 8 running on Windows 7 Beta x64.
The Good
Overall, I've been quite pleased. The installation was surprisingly smooth--and fast. I decided to go with a clean install, as opposed to an upgrade. Upgrade installations always upgrade past problems. Whether it's Windows 95 to 98, 2000 to XP or XP to Vista, a clean install is just the way to go.
Windows 7 detected every single piece of hardware my XPS had. Looking in Device Manager, I didn't have any question marks or exclamation points decrying unknown hardware. I've never hard that happen before. The whole installation took maybe 40-45 minutes, if even that long. So I was able to start playing right away.
Obviously when you upgrade to a new OS, especially a beta, you never know what's going to work and what's not. I had a whole host of applications I used in Vista, an OS I'm pretty happy with. If only Vista was faster...
Speaking of faster, Windows 7 boots up and logs in a LOT faster than Vista. Whether it's as fast as XP may be debateable, but if it's not, it's close. In terms of speed, it blows Vista away. I also noticed the speed improvement in Windows Update. Updates install super fast, even faster than they do in XP. (Updates seem to install at about the same speed in Vista and XP, I've found.)
Now for the applications...Office 2007, Adobe Web Premium CS4 suite, iTunes x64, Zune and Diskeeper. I was able to install them all without any trouble, except for Diskeeper. I was using DK 2008 Professional; the installer said I was using an incompatible OS. I went out to DK's site and downloaded 2009 Professional for a 30-day trial. That installed and seems to be running fine (I checked a few blogs to see if this worked because DK doesn't officially support it).
I've been running Outlook 2007 a lot and haven't had any issues, so I'm pretty confident the whole Office suite (updated via Windows Update) will be just fine. I fired up a few of the Adobe applications, and they all seem to be just fine as well. I haven't tried out Roxio yet, but it installed, so that's a good sign.
Visual Studio 2008...that's a monster to install, but it installed faster than I've ever seen it install. VS 2008 Service Pack 1 -- one of the most painfully slow installations I've ever seen. This installed in less than an hour.
User Account Control (UAC)...they give you the flexibility to specify how much prompting you get about privileged operations. You get 4 levels of prompting. The default is to prompt for stuff like installing applications or programs making system changes. But you don't get prompted for trying to change Windows settings yourself, like launching Computer Management or copying a file into the Program Files directory. The result: a LOT less UAC prompts!
The Bad
Okay, so it's not all kudos. Now for the complaints...
Windows Explorer...I've found that if I do some major file operations, such as large copies or moves, Windows Explorer may lock up. It'll seem responsive; you can click around, but you'll just get the green progress bar moving perpetually across the top of the address bar. If you click another folder, you'll reset this progress bar but the folder won't actually change. But that's not the real problem--the real problem is an "unkillable" explorer.exe process. You can't shut down the machine, nor can you kill the process (you can try, but it'll remain in Task Manager). Long story short, you have to power cycle the machine.
One of my favorite tools was Magic Disc, a freeware application that allows you to mount ISO images as a virtual CD/DVD drive. This worked flawlessly in Windows Vista and Server 2008, so I had hopes for Windows 7. It installed just fine, despite the unsigned driver warning (this appears in Vista/2008 as well), and I could mount an image. But as soon as I tried to use that virtual drive, the OS would become horribly unstable. It wouldn't blue screen, but just became progressively and generally unusable. Explorer would crash, and eventually other applications would become unresponsive or crash themselves. I rebooted in safe mode, and rolled back using System Restore. I don't trust uninstallers to uninstall completely, and since this one made the OS unstable, I wanted it removed completely. System Restore plucked it without a problem. Peace and harmony was restored. I found an alternate program, called PowerISO, and it works just fine.
Diskeeper 2008...wouldn't install. Had to upgrade. Version 2009 goes in just fine. I downloaded a 30-day trial version. That'll give me enough time to decide whether or not I like this.
Logitech...if you have a Logitech camera (I have a Communicate Deluxe model), and you download the driver from Logitech, it won't install. It says your OS is unsupported. Hmm...this could be a problem. So I plugged in the camera. Windows gulped down a driver (version 11.8) from Windows Update, and the camera was usable. Sweet! Immediately this caused Logitech Update to run, which then said my OS was unsupported when it downloaded the new version. No biggie...version 11.8 works and it works with Yahoo Messenger. Good enough. So if you have a Logitech camera, just plug it in. Looks like the driver will come from Windows Update.
Kaspersky AV...this was one of the antivirus recommendations from Microsoft. I tried this one. It worked, but it made a lot of system operations slow, slow, slow! And it was popping up alerts about all kinds of things, like password protected files, despite the fact I chose the "recommended" option which was supposed to be less obtrusive. Since it was the last change I hade made, I used System Restore to rip it out. I went with the Norton 360 option instead. This works better.
The Undecided
The new taskbar...they did away with QuickLaunch and merged it with Jump Lists. By default, when you run apps, they don't appear with their names in the taskbar, just as their icons, although you can enable the labels. According to a Wikipedia article, the taskbar has seen its most major modification since Windows 95. I'm not quite sure I like it. I probably will; it'll just take some getting used to.
Windows Media Center...allegedly this has received quite an upgrade. I haven't tried it out yet. I have a Blu-ray drive in my computer so it would be nice to see native Blu-ray support.
I guess that's about all for now. As I said earlier, overall I've been pretty pleased. This is a beta, so it's bound to have problems. Hopefully Microsoft and driver vendors won't drop the ball like they did with Vista. Driver support in Vista was a fiasco, and hopefully the parties have learned their lessons.
~M
This blog was composed in Internet Explorer 8 running on Windows 7 Beta x64.
Subscribe to:
Posts (Atom)
