Getting a poorly designed ClickOnce application to Run As Administrator

One of our vendors distributes a couple tools as ClickOnce applications, but these applications perform privileged tasks that do not work with UAC enabled.

Rant: UAC has been around since Windows Vista was released in 2006. As of this writing, that would be 6 years. Windows 7 has been out for 3 years. As much as some people might dislike the extra dialogs, UAC is a very good thing, and should not be disabled. There is no excuse for applications that do not handle UAC correctly. Adding the appropriate application manifest is not difficult, and when using ClickOnce it is practically trivial.

Add the Application Manifest to require elevation; or better yet modify your app to not require elevation at all, but do not just pretend it doesn’t exist. 6 years… come on!

Ok, now that my rant is out of the way, if you are in a similar situation – a ClickOnce app that needs elevation to run, but doesn’t request it is a real pain in the butt.

image

“Run as Administrator” is conspicuously missing from the context menu:
image

Continue reading

Fast way to get a Server 2008 R2 machine updated

Lately I’ve been building and dropping dev / test virtual machines at an alarming rate. I prefer not to use images for purity reasons, so I end up installing the OS from scratch then installing all the updates usually before I even join it to the domain.

The single most time consuming process is getting updates installed – both for the time it takes to complete, and the interaction required to see it through to completion. For example, Windows Update offers and enabled IE9 on first update. For some reason, they decided that the IE9 installer must be interactive. Windows update installs the first 80% of the updates, gets to IE9 and sits there waiting for you to click “OK”. Lame.

Another annoyance is that in order to enable Microsoft Update you must first select an update option, which kicks off an update search. Then when you enable MS update, it forces a rescan.

So, here is my procedure for getting a server up to date in as few step as I have found.

  1. After first boot: install your VM tools / drivers. Reboot.
  2. On second boot: Set your timezone, adjust network settings (i.e. disable ipv6 if so desired), enable remote desktop, disable IE ESC, adjust screen resolution. Then:
    1. Install the .NET Framework 3.5.1 under .NET Framework 3.5.1 Features in Server Manager (Note – not the whole feature – this installs IIS and such)
    2. Open IE and download the .NET Framework 4 full web installer (I just search for “.net framework 4 web full” – it is the first result) and run it
    3. Install IE9 (again, search for IE9; make sure you uncheck the box to include Bing)
      Note: these first three are installed first because you will probably need them, and it avoids unnecessary IE8 updates from being installed when you are about to replace it. It also lets you kick off the update and walk away for a while knowing that when you get back they will just be done (instead of waiting for your confirmation)
    4. Open windows update (type “update” in start box), click Change Settings, select Never install updates.
    5. Now you can click the link to enable Microsoft Update – it should go nice and quick and probably will kick off your first update scan
    6. Might as well make sure all the updates are selected (server 2008 r2 doesn’t include the Activation Hardening update that Windows 7 gets, and I usually hide)
    7. Install updates. Will take at least 20 minutes. Reboot
  3. On third boot: Don’t trust windows update, force an update check. It will find more, including some .NET 4 updates that take FOREVER to install. If the updates do not demand a reboot, run another update check, install. reboot as necessary, repeat until it finds no more updates.

It still takes way too long, but it shaves a few minutes / reboots off the update process.

 

Yes, I know this could be done once, the install sysprepped then imaged. Trouble is, I don’t have a decent disk imager other than Windows Server Backup, and you cannot sysprep before running WSB. Also, I don’t always use the same size drive.

Disable Java Update using Group Policy

The Java Updater is horrible.

  1. It throws up a UAC prompt without warning / explanation / asking first
  2. It doesn’t work half the time
  3. It installs the Ask toolbar if your aren’t careful to opt out

Even though Java needs to be kept up to date, we simply cannot have users being harassed by a utility that doesn’t work, then installs crapware when it does.

Turning off the Updater is as simple as setting a registry value – the catch is that most instructions online do not account for 64-bit windows.

The registry item on a 32-bit machine is a DWORD in the key HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy called EnableJavaUpdate. Set it to 0.
On a 64-bit machine, it could be in the previous location, and/or it could be in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy

 

The way I chose to do it was with Machine Group Policy Preferences – Registry items. I use Item-level targeting to make sure the values exist before updating them.

image
This is a screenshot of the Registry items – showing where to place the Item-level targeting, and what settings to use

(The main reason for the targeting is to prevent it from creating the Wow6432Node on 32-bit machines)

Adding / Modifying Choices in a SharePoint Choice Field programmatically using the Client Object Model

The SharePoint 2010 Client Object Model isn’t the best documented thing in the world, but it sure does make some tasks a lot easier (without requiring execution on the sharepoint server itself)

I needed to add an option to a dropdown list in a bunch of document libraries. Here’s how:

...
using sp = Microsoft.SharePoint.Client;
...
        private void AddChoicesToField()
        {
            using (sp.ClientContext cxt = new sp.ClientContext("http://sharepointserver"))
            {
                //Basic code to load the list
                sp.Web myWeb = cxt.Site.OpenWeb("http://sharepointserver/sitename");
                cxt.Load(myWeb);
                sp.List myList = myWeb.Lists.GetByTitle("MyListName");
                cxt.Load(myList);
                //The field must be cast to a FieldChoice using context.CastTo
                sp.FieldChoice myField = cxt.CastTo<sp.FieldChoice>(myList.Fields.GetByInternalNameOrTitle("My Field Name"));
                cxt.Load(myField);
                cxt.ExecuteQuery();
                //Copy the choices to a string list
                List<string> OptionList = new List<string>(myField.Choices);
                //Add whatever new values you want to the list
                OptionList.Add("New Value");
                //Convert the list to a string array and assign it to the Choices parameter
                myField.Choices = OptionList.ToArray();
                myField.Update();
                cxt.ExecuteQuery();
            }
        }

Make sure your project has a reference to Microsoft.SharePoint.Client and Microsoft.SharePoint.Client.Runtime.

System Center 2012 RC–And the verdict is

If you didn’t like System Center 2010, you won’t like System Center 2012 – simple as that.

The System Center suite of products seems to be designed for large organizations with very large data centers and very large numbers of users. Large enough to justify the steep hardware, license, and manpower requirements to run SC2012. (I should point out that this is nothing new – several people have told me that System Center requires a team to manage it)

System Center 2012 is indeed very powerful and flexible, but that comes at a cost – it is also very complex. While each component has a similar-looking “user friendly” interface, a quick browse through the documentation sets any illusions of simplicity aside.

 

Lets take System Center Service Manager as an example. This component provides helpdesk functionality, as well as the ability to automate / document / standardize IS processes. It sounds like exactly what we need. Now have a look at the documentation:

Service Manager

Here are the major sections of this massive document collection

  • Planning Guide
  • Deployment Guide
  • Administrator’s Guide
  • Operations Guide
  • Authoring Guide
  • Disaster Recovery Guide

So I just installed the thing and I want to get started. Where do I go? As far as I can tell, there is no “Getting Started.” The documentation is broken up so that the Installation team has a set of docs, the administrators have a set of docs, the Operators have a set of docs, etc, etc. This is not bad per se – it is just bad if you don’t have a lot of time, and you don’t have multiple teams (much less even one team) to manage the thing.

System Center 2012 RC–Install experience continued

Yesterday I began the process of evaluation System Center 2012 RC and gave up. Today I decided I was going to try anyway.
As I mentioned before, you need a grand total of 8 machines. I created 8 nearly identical domain joined VMs (in Vmware ESXi of course) – each with 2 CPUs and 4 gigs of ram (thank goodness for Vmware’s memory sharing) and a minimum of 40gigs of disk.
Note: if you attempt to install any of this on an existing server, or an OS instance with stuff on it already it will most certainly fail.

 

Server Preparation – All Servers

Each server is Windows Server 2008 R2 with all the latest updates, IE9; I installed .NET Framework 3.5.1, and .NET Framework 4.0. I generally disable IPv6.
Even though it is not the most secure thing in the world, you might as well just disable the firewall on all of them as well. The documentation is missing the required firewall settings for the target servers (not disabling said firewalls will cause the Unified Installer to be unable to connect)

 

Here are the eight lovely virtual machines all running at once. You will need some serious hardware for this to approach usable – our VM server has two quad core 3ghz Xeons and 32-gigs of ram – so it manages…

image

Continue reading

Google’s privacy policy changes are no big deal

The internets are in a tizzy – Google recently announced major changes to their privacy policy that allows for the sharing of data between Google owned services. People are claiming this paves the way for the privacy apocalypse. Pretty soon it will start raining targeted ads, as humanity drowns in a giant lake of fire…

Don’t believe me? Here’s some headlines:

Google announces privacy changes across products; users can’t opt out

Google Privacy Policy Update Challenged by Lawmakers

Google privacy policy unleashes criticism from regulators

How to close your Google Account

Not to mention the fear inducing coverage by major media outlets – Fox News and NPR alike.

 

There are a couple problems with this hype.

  1. Google has gone to great lengths to be sure people are aware of the changes, and to make them understandable.

    Every couple months, Apple surreptitiously updates their terms of service and privacy policies – requires you to agree to the changes, and expect you to sift through pages of legalese to see what changed . Quite often these changes are indeed far reaching, like banning access to competing technologies so Apple can take a totally unneeded 30% cut, or Apple essentially owning your iBooks content. But where is the outrage? It’s Apple. Evil is in their nature.

    Instead Google does it right – I personally read about the changes from Google before hearing about it on the news. They have a notice on the search page, a popup in Gmail, in Youtube…
    Some examples:
    image
    image 
    And the page itself is written for human consumption, not lawyers:
    image

  2. If Google wasn’t sharing your data between services, they were the only ones.

    The other day, I was searching for some IT Helpdesk software. One of the products I looked at was HEAT. Ever since then, I have been seeing ads for Heat HelpDesk almost everywhere I go on the web. The other day I was looking for deals at Disney World, and wouldn’t you know it, I start seeing ads to that effect… everywhere I go. Yeah it’s creepy. What’s even creepier is that I don’t know who has this information or where they got it, and I sure don’t know anything about their privacy policy. Which leads to 3
  3. Google Dashboard lets you take control of the data stored about you

    Google dashboard is a single destination to review your information from all Google services. The Web History is a big one – perhaps the biggest. Surprise surprise, Google keeps a record of everything you search for while logged in, and sometimes even site visits. If you searched for something you would rather there be no record of (that rash on your leg, for example), you can delete individual entries, or you can clean it out altogether. You can also turn it off.

  4. Integration requires data sharing

    In order for Google to improve the integration between services – such as enabling unified messaging between Google Voice and Gmail – they must freely share data between the two services. Obviously a major motivation for such sharing would be targeting advertisements, but as I mentioned in #2 that has become the standard everywhere else.

 

Google has been doing things lately that I would argue border on evil (contrary to the “Don’t be evil” motto) – closing services that aren’t a huge success but that people still rely on, not releasing Android source code as promised, muscling out competing social networks in search results…

This policy change is not evil, it nothing to be “outraged” about, and they are doing it right. The sky is not falling; the world is not coming to an end.

Windows Live Writer

Windows Live Writer is an oft-overlooked component of the Windows Live Essentials application bundle (also including such gems as Live Photo Gallery, Live Movie Maker, and Live Mesh). If you have a blog (in my case running on WordPress), I highly recommend it for one really important reason: it makes adding images to posts 100% easier.

Think of it like a trimmed down version of Microsoft Word (more like Wordpad really) that can be used to compose blog posts. You can format text according to styles, add hyperlinks effortlessly, perform spell checking – but most importantly – paste images right into your post. Like this one:

image

 

You can the resize, crop, etc.

The contents of the Insert tab alone are worth your time:

image

 

I could be the only person left who primarily posted using the HTML editor, but if there are any other curmudgeons out there who have been skipping the visual aids because of all the extra steps… well give Windows Live Writer a try!

Trying out System Center 2012 RC… or not

I have evaluated several versions of System Center Essentials over the years, and after getting past the initial “ooh, shiny MMCs” reaction (the the terrible installation experience), I generally have found them to be lackluster.

 

System Center 2012 comes around and even makes the news: Microsoft is of course “all-in” to the cloud, so SC2012 is hyped to help create and manage your “Private Cloud”. Additionally, Microsoft has streamlined the licensing process so that instead of Several different products (Configuration Manager, Operations Manager, Data Protection Manager, Virtual Machine Manager, Service Manager) there is just one product (well… two, but they only differ in virtualization instance counts) including all the technologies, and the price is fairly reasonable. The product now contains the following components:

  1. App Controller – (new) “Cloud”-style application management (App-V, server configuration templates), application performance monitoring (J2EE & .NET – Visual Studio Integration)
  2. Configuration Manager – Software deployment, update management, configuration compliance / enforcement, administration
  3. Data Protection Manager – Backup (server, workstation, bare metal)
  4. Endpoint Protection – Anti-Malware, firewall configuration
  5. Operations Manager – Performance / availability monitoring
  6. Orchestrator – (formerly Opalis) Data Center workflow management (?)
  7. Service Manager – Helpdesk, trouble tickets, process compliance
  8. Virtual Machine Manager – Self explanatory

I realize I’m probably demonstrating my naïveté here, but there does seem to be some overlap – Configuration Manager, Orchestrator and Service Manager all list process / configuration automation in the feature list. Considering these used to be separate SKUs I understand why this might be, but it makes for a very unpolished appearing product. If I want to deploy an application to users machines, do I use the “App Controller”? Or Configuration Manager”? Or do I  “Orchestrate” it?

Sounds like the answer is “sure.”

 

Getting Started

The download for System Center 2012 is available here: http://technet.microsoft.com/en-us/evalcenter/hh505660.aspx?ocidotc-f-corp-jtc-DPR&wt.mc_id;TEC_103_1_33

Out the gate, things are not looking good. Despite touting the new “System Center 2012 Unified Installer,” the download includes 8 files of various names and extensions, none of which are instructions.
image

Also of note: the creepy total size: 6.66 GB…

image

There should be some documentation hidden here: Microsoft Private Cloud Evaluation Resources

So I have my VM ready to go, but no idea how to proceed. Checking the Unified Installer user guide – which is really poorly written – I discover than you need a separate server for each component, except for Service Manager, which requires two. So I hope you have a powerful virtualization server… or a bunch of extra workstations lying around, because that is a whopping 8 servers to perform a complete install.

That’s right – System Center 2012 requires it’s own private cloud just to run. (Our data center only has about 8 servers to be managed!) That is 8 windows licenses. That might even be enough to cause a TechNet static activation key to stop working. One could virtualize, but the Standard license only allows you to manage two virtual machines… this thing isn’t even licensed to manage itself.

 

 

Conclusion

At this point, even after spending the time setting up VMs for it, I am tempted to scrap the whole thing. Too many servers, too many manual steps, poor documentation, and a high likelihood of fatal-non-resumable-installer-errors-after-hours-of-non-reversible-changes (see SCE 2010) all sums up to a poor allocation of resources.

I can do 90% of what System Center 2012 does with Group Policy (free with Windows Server), WSUS (free), Microsoft Security Essentials (Free) and Zabbix or Quest FogLight (free or free to a point).

 

 

Update – To Be Continued…

Three more virtual machines later, and I have all the necessary servers. I went through with the installation successfully and will post the steps soon.

Sysprep Windows Server 2008 R2 and use Windows Server Backup

Windows Server 2008 R2 comes with sysprep pre-installed – it is at c:\windows\system32\sysprep\sysprep.exe – best to run it from an elevated command line.

If you are looking to create a sysprepped image using the built in Windows Server Backup, you will be sorely disappointed – WSB does not run after running sysprep (if you choose the Exit option) – in fact very little will run.

The workaround is simple but non-intuitive (backup first; sysprep second):
1: Run the backup first.
2: Load the backup on a different machine (or virtual machine).
3: On first boot, ensure the network is disconnected!!
4. Run sysprep (be sure to select generalize) and have it reboot.
5. Repeat as needed.