Support for Windows XP SP2,Windows 2000 and Windows Vista ends this year

Windows XP was first released on October 25, 2001 and over 400 million copies were in use in January 2006, according to an estimate in that month by an IDC analyst. It was succeeded by Windows Vista, which was released to volume license customers on November 8, 2006 and worldwide to the general public on January 30, 2007. Direct OEM and retail sales of Windows XP ceased on June 30, 2008. Microsoft continued to sell XP through their System Builders (smaller OEMs who sell assembled computers) program until January 31, 2009. Windows XP may continue to be available as these sources run through their inventory or by purchasing Windows Vista Ultimate or Business and then downgrading to Windows XP.

Updating your Windows 2000, Windows XP and Windows Vista based machine before the end of mainstream support dates will ensure that your machine stay supported and receive security updates. Migrating to Windows 7 provides the longest support lifecycle for your organization helping to ensure protection, support, and timely updates.

Support for Windows Vista RTM ends on April 13, 2010 . To help ensure your Windows Vista PCs stay secure and up to date, make sure they are running Windows Vista Service Pack 1 (SP1) or Service Pack 2 (SP2).
Support for Windows XP SP2 and Windows 2000 ends July 13, 2010. If you are running Windows XP, stay more secure by moving to Windows XP Service Pack 3 (SP3) or migrating to Windows 7.

Microsoft Continuously improve operating systems for their customer. Service Pack, hotfix and Support comes with every operating systems. We are close to finish a chapter. Each phase of technology pass by and leave its legacy. Those who still wants to stay on with Windows XP. Deploy Windows XP SP3 in your organisation to keep it safe and up-to-date. For more information, you may visit Windows Service Pack Road Map and Windows Road Map . That was past and to see the future visit Windows 7 Technical Library Roadmap .

Share this on

Step by Step: Volume Activation for Windows 7 and Windows Server 2008

What is Microsoft product activation? Activation is a method of verification that Microsoft Windows Product you have bought is genuine and comply with copyright laws i.e. it checks that you are not using a counterfeit product. Simply Microsoft wants to know did you pay right amount of $$ for the product you are using. Volume Activation is used for enterprise level users who want to deploy Microsoft products such as Windows 7 and Windows Server 2008 in large scale in an organisation or a company. There are two type of Volume Activation—Key Management Service (KMS) and Multiple Activation Key (MAK)—that allow Volume Licensing customers to activate Volume License editions of the Windows 7 and Windows Server 2008 R2. When planning to use Volume Activation, an organization must choose KMS, MAK, or any combination of the two. The activation methods chosen depend on the needs of the organization and the network infrastructure. You don’t need to be a local Administrator in Windows 7 and Windows Server 2008 R2 for activation. However, for volume activation you must be a domain admin because you need to access domain groups, computers and GPO. Windows eliminates the User Account Control (UAC) prompt during activation, enabling any user who has a standard user account to activate Windows on that computer. However, this change does not allow standard users to remove Windows from the activated state.

Typical Activation Warning:

Configure Firewall in Windows7 and Windows server 2008 for Volume Activation to pass through:

You have to configure the following firewall in Windows 7 and Windows Server 2008  master pc before you deploy large scale using windows deployment services. By default these firewall is blocked restraining  windows 7 and windows server 2008 to communicate with activation site.

Log on Windows 7 or Windows Sever 2008. Control Panel>Windows Firewall and Advanced Settings>Allow Program or feature pass through Windows Firewall>Select Windows Management Instrumentation (WMI)>check domain, public and private>Click Ok.

Go back to Windows Firewall and click on Advanced Settings>Click Filter by Group>Click WMI>Select WMI Async-In>Double Click on WMI Async-In>General Tab>Check Enable and Allow>Advanced Tab>Check Public,Private,Domain>Select allow edge traversal>Apply>ok.

 

Configure Windows Firewall using GPO:

Log on to domain controller as an domain admin. Open GPO management console from Admin Tools. Select Specific Windows 7 and Windows Sever 2008 organisational unit where you want to modify Windows Firewall. Right click on that organizational unit>click edit. Go to Computer Configuration>Administrative Templates> Network>Network Connections>Windows Firewall>Domain Profile & Standard Profile>Select and Modify Windows Firewall: Allow remote administration exception>Select Enable and Type “*” in the box.

 

Windows7 Volume Activation:

You must have MAK  license to do the following. Install windows AIK in Admin PC. Go to All Program>Microsoft Windows AIK>VAMT 1.2 >VAMT

 

Provide MAK Product Key and Validate. Click Add to add MAK.

Select Appropriate Columns to view computer info.

Click Action>Add Computer>Type Computer Group>Select domain>Check gather info>Click ok.

Now select all windows 7 computer>right click>MAK activate.

Good Luck and happy Australia Day

Microsoft References:

Licensing Centre

Troubleshooting VA

How to Choose the Right Volume License Key for Windows

Windows Firewall

Windows Deployment Services: How to create deployable bootable ISO using WDS and AIK

A bootable ISO is created from an existing WDS boot image and capture image that contains Windows PE and the WDS client can be stored on DVD or CD making it easier to deploy images to older systems or on heterogeneous networks that have PXE issues. To accomplish discover image process, you must have a working WDS in network and Windows 7 AIK installed in WDS server. Log on to WDS server using domain admin credential and follow the screen shots.

Create a folder in e:\DiscoverBootImage or whatever drive you have and provide FQDN of WDS

Now you have e:\DiscoverBootImage\WDSDiscover.WIM . Open Start menu>Microsoft Windows AIK>Deployment Tools Command Prompt>Type CopyPe x86 E:\DiscoverBootImage\Winpe and wait for completion

  

In the same command prompt type

Copy /y E:\DiscoverBootImage\WDSDiscover.WIM
E:\DiscoverBootImage\WinPE\ISO\Sources\Boot.wim

To write WIM file to ISO type following

oscdimg –n –bE:\DiscoverBootImage\Winpe\ISO\Boot\etfsboot.com
E:\DiscoverBootImage\Winpe\ISO E:\DiscoverBootImage\boot.ISO

Now you have created ISO boot image. Burn this ISO on a CD or DVD and boot client machine using this cd and deploy images.

 

Windows Deployment Services: How to configure Legacy or Mixed Mode or Native Mode for legacy image and Windows 7

Windows Deployment Services (WDS) running on Windows 2008 provides many of the same features and functions of RIS, Automated Deployment Services, and Windows Server 2003 SP2 combined.  Two of the distinct features of Windows 2008 Windows Deployment Services are that both server and desktop operating systems can be deployed and images can be deployed using multicast communications. With the release of Windows 7 AIK, MDT 2010, ACT and MAP, Microsoft deployment service and automations are more robust and powerful tools then its predecessor RIS. 

However, if you are in a situation that you don’t want to get rid of RIS image but you want to enjoy benefits of WDS. In this case, there are three different modes of WDS within Windows Server 2003: Legacy, Mixed, and Native. You have the option to choose both legacy image and Windows 7 WIM image in a mixed mode environment. If RIS had previously been deployed with existing images, the upgrade took the existing RIS (RIPREP and RISETUP) images and placed them in the Legacy Image folder within the WDS MMC snap-in and upon your initial launch of the WDS console, the administrators were prompted to choose whether the WDS system would run in Legacy or Mixed mode. After a few more simple configurations, existing RIS images would work successfully in the environment. The entire upgrade process can be done in existing RIS server or you can re-home RIS into a new server. In this article, I will write, how to run WDS and AIK in windows server 2003. Also, I will show upgrading Windows Server 2003 SP2 RIS server into Windows Server 2008. WDS, AIK and MDT are available in Microsoft download centre and free to obtain. 

Prerequisite: 

Windows Server 2003 SP1 

.NET Framework 2.0 

MSXML6 

Windows Server 2003 Service Pack 2 or Windows Deployment Services for Windows Server 2003 

Windows Server 2008 SP2 (for scenario#2) 

Warning: Backup DHCP, RIS images, RIS answer files to make sure you are safe. 

Scenario#1: Running WDS on Windows Server 2003 SP1 

   

You can use Windows Vista AIK to install WDS on Windows Server 2003 SP1. Alternatively, You can install Windows Server 2003 Service Pack 2 in RIS server that will automatically install WDS.   

  

 

Open WDS for the first time using Administrative tools>WDS or WDS legacy. you have the option to choose WDS mixed mode or legacy. Do NOT open WDS legacy because here your intension is to use mixed mode. so Choose Windows Deployment Services. 

        

Once you finished installing WDS on Windows Server 2003 SP1, follow my previous posting on “  How to deploy custom windows 7 using windows deployment services (WDS) 2008 ” . I have elaborately written how to install and configure WDS, capture custom Windows 7 and deploy image in that posting. It would be redundant to write again. 

Scenario#2: Upgrading RIS server/WDS mixed mode server from Windows server 2003 to Windows server 2008 

Direct Upgrade from Windows Server 2003 RIS server or WDS legacy/mixed mode to Windows Server 2008 is NOT supported.  Consider that you have a working RIS/WDS mixed mode environment and have images that will need to be maintained, these images can be manually imported into a Windows 2008 WDS server using a capture image and a detailed process. 

1. Deploy the legacy images to master pc using the legacy RIS server or Mixed mode WDS Server. 

2. Prepare the newly deployed master pc using the Sysprep utility and, as required, the Setup Manager utility to prepare the system for imaging. 

3. Boot the master pc that will be captured, using PXE boot. 

4. Select the capture image when the list of available images is presented. 

5. Follow the capture imaging prompts to create the new custom install image. 

6. Redo step1 to step5 to capture all images 

Organise captured images into WDS server by setting up Image group and linking WDS unattended answer file. 

Using WDSUTIL Command  

To determine which operating mode the server is currently in, run the command 

WDSUTIL /get-server /show:config 

To change the server mode from Legacy to Mixed  Run the command

WDSUTIL /Initialize-Server /RemInst:E:\reminst (consider e:\reminst is the location of RIS folder)

To change the server mode from mixed mode to native run the command
WDSUTIL /SET-Server /ForceNative

To convert a RIPREP image to .wim format by using the WDSUTIL

WDSUTIL /convert-riprepimage /filepath:<path to RIPREP image .sif file> /destinationimage /filepath:<path and name of .wim image> 

you can use the following with above command:

To give the new .wim image a name in the metadata, use /Name:<name>.

To give the new .wim image a description in the metadata, use /Description:<description>.

To convert the original RIPREP image, rather than a copy, use /InPlace.

To determine behavior when the image file specified in /DestinationImage already exists, use /Overwrite:{Yes|No|Append}. Yes will overwrite the .wim file, No will cause an error, and Append will append the new image to the existing .wim file

To add WIM file to the server, type the following where <filepath> is the full path to the new .wim file

WDSUTIL /add-image /imagefile:<filepath> /imagetype:install

Once you convert WDS into Native mode then you are ready to upgrade Windows Server 2003 to Windows Server 2008. Make sure you got compatible hardware (Processor, RAM and disk space) to install Windows Server 2008. Follow the screen shot to upgrade windows. 

   

 

Further References: 

Microsoft WDS 

Move RIS from one server to another 

MDT 

WDS answer file

Understanding Windows Firewall for Windows Server 2008 and Windows 7

The best way to justify a local firewall in windows server 2008 and windows 7 is to put another layer of security in place and to make your computer happy to maintain communication with internet. In ordinary terms, windows firewall is in place to protect you from bad guys in internet and allow good stuff in your computer. Windows firewall is greatly improved for both home users and enterprise user even though home user will not be able customize windows firewall because this is a bit geeki stuff. However, default firewall will be in place and UAC will pop up asking consent whether you want to allow/disallow this or that to happen. Here, I am going to talk about enterprise users who will consider deploying windows firewall to protect themselves from malicious software, spyware and attacks from internet.

The new graphical interface is for managing the Windows Firewall locally and through Active Directory group policies. Another improvement, I would like to mention here is windows services control through Windows Firewall. I had nightmare with conficker virus that spread faster then rocket using port 135-139 and use windows services to run it continuously in windows SP SP2 and disable active directory account policy. In conficker virus situation, scvhost was compromised. Windows Service Hardening will help to reduce the impact in several ways: The firewall will block abnormal behaviour such as a service that does not need to access the network trying to send out HTTP traffic. Microsoft Windows Server 2008 and Windows 7 make intelligent use of outbound filtering by blocking system services from initiating network connections except for what they require to function properly. Inbound filtering is what will stop malicious network traffic such as Nimda, Slammer, Sasser, conficker, Blaster, or anything else that sends unwanted network traffic or suspicious traffic to windows server. New Windows firewall also integrates with Active Directory users, group and computers and support IPSec and tcp/ip version6. To manage the new Windows Firewall via Group Policy, simply open Group Policy management>select specific group policy object>right click>click edit then navigate to Computer Configuration>Windows Settings>Security Settings>Windows Firewall with Advanced Security in the Group Policy.

Windows Firewall Screenshots:

 

Understanding User Account Control (UAC) in Windows Server 2008 and Windows 7

User Account Control (UAC) helps prevent unauthorized changes/access to a computer by asking privileged password. When a user designated with elevated privilege logs on to Windows 7 and Windows Server 2008, two access tokens are issued: a full access token and a filtered standard user access token. The filtering process removes the administrative privileges and disables the Administrative group Security Identifiers (SIDs), resulting in a filtered standard user access token. The standard user token is then used to start the Windows desktop (explorer.exe) and all subsequent child processes. Consequently, all applications run with the standard user token by default and only when an administrator with granted privileged permission can run specific application with a full access token. These internal processes happens in an Windows 7 and Windows 2008 operating systems to provide you with extra security so that you can make sure what you doing before it applied into operating systems.

When you log on to a computer, it verifies with Microsoft Active Directory RID master about your roles/privileges/authority in an Active Directory infrastructure and provide you with necessary pre-defined attributes assigned in Microsoft Active Directory and Group Policy Object. For Example: Domain Admins, Schema Admins, Enterprise Admins, Account Operator, Administrator, Power Users, Domain users, users, Cert Publisher and many more. If you log on to a standalone computer, Windows 7 and Windows server 2008 still verify with local account policies whether you are a power user, administrator or user.

The Credential Prompt (asking username and password)  and consent prompt (allow/disallow user to perform a task) are two components of UAC. Even though if you are a member of domain admins or administrator you will ask your consent to perform task like changing date/time, modify registry, running application, modifying any OS related tasks. A standard user can perform installation task in windows 7 and windows server 2008 unless user is part of Admin group.

Running registry in elevated command prompt

Start menu>run> type runas /user:domain\username cmd.exe.

Provide Password

In the new Command Prompt window that opens up, type regedit.exe.

Respond to the UAC elevation prompt.

UAC Group Policy Settings

Microsoft GPO support management of UAC through group policy object. GPO settings are available in Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.

Benefits of UAC

Stop malware add schedule task

Stop Spam sites and spyware to run installer

Stop malware to run command, script

Create a local windows firewall to protect windows systems despite having top level firewall like ISA or squid

Prevent running inappropriate application as a standard user

Prevent modification of registry key

If you still don’t like UAC then you can disable UAC completely from Control Panel>User Account>UAC>uncheck UAC>OK>restart

To Disable from Registry

go to Start menu>run>type regedit.exe

Go to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system

create a DWORD named LocalAccountTokenFilterPolicy with a value of 1 and reboot computer.

Screenshots

   Keyword: User Account Control, Windows 7 and Windows Server 2008, GPO

      

Windows 7: run Windows 7 in Windows XP mode

Windows 7 Professional, Enterprise and Ultimate licenses enable users to install and use Windows XP Mode inside windows 7. It’s a free download from Microsoft download centre that provides an updated version of standalone Virtual PC and a executable virtual hard disk (VHD) inbuilt with Windows XP SP3.

Systems Requirement:

Hardware-Assisted Virtualization (HAV) enabled Intel, AMD or VIA Processor

Enabled HAV in computer bios

2GB for windows 7 32 bit or 3 GB for Windows 7 64 bit

20MB for Microsoft VPC and additional 15GB for XP VHD

Microsoft Virtual PC and Windows XP Mode

Windows XP Mode

Windows 7

AIK and Microsoft Enterprise Desktop Virtualization (MED-V) for enterprise deployment

Windows XP Service Pack 3 Deployment Tools

Installation of Windows XP Mode (WindowsXPMode_en-us.exe) in Windows 7

  

Installation of standalone vPC update (Windows6.1-KB958559-x86.msu) in Windows 7

Preparing a custom VM for Deployment

Create Master vPC using XP SP3

Customize with applications, patches, Antivirus, etc

Create Sysprep.inf

Run Sysprep.exe

Sysprep will prepare the VHD for distribution, and shut down the VM

Deploying a custom VM for Deployment

Install Windows Virtual PC on each computer

Remove the Virtual Windows XP shortcut from the Start menu using GPO

Copy the Windows XP VHD to each computer in %LOCALAPPDATA%\Microsoft\Windows Virtual PC\Virtual Machines location

Create a VM configuration file using Run cscript CreateVirtualMachine.wsf -p:<vhd_path> -vn:<virtual machine name> at Command Prompt using Admin Account

Attach Custom VHD

Setup VHD permissions

Navigate to the folder where the VHD is present, right-click on the VHD name>click Properties>Security tab.

To assign ownership to the VHD, click Advanced>Owner tab>Edit> Other Users and groups>Everyone>OK>close

Now right click the VHD name>Properties>Edit under the Security tab. Ensure that the Administrators and Everyone have Full control on the VHD.

Click OK>General tab>clear the Read Only check box>OK