Thursday, February 8, 2007

VNC vs Vista

In the good old days of insecure computing, a wonderful tool emerged from AT&T labs: VNC (Virtual Network Computing). On the Windows platform, it provided remote control of the active console session.

The WinVNC server that has been a long-time friend of system admins is no longer usable in the "run as service" mode under Vista—at least, not until it's rewritten to take into account the new model for interactive sessions on Vista (It has been suggested that language in the XP and Vista EULAs restricting remote control of those operating systems to the Remote Desktop function will keep any updates from being done for Vista support).

It appears that Microsoft leveraged their experience with Terminal Services to help create the new separation between the so-called "Secure Desktop" and the interactive user sessions.

Under Vista, the secure desktop runs as "Session 0", while the first interactive user to logon will run under session 1. If a second user is logged-in using fast-user-switch (which is now possible even in a domain-attached system), he/she runs in Session 2. If yet another user logs in using fast-user-switch, he/she gets Session 3 (and so on.).

The problem with the "run as service" mode for VNC is that it attaches itself to Session 0. This creates problems for Vista, as Session 0 is reserved for the Secure Desktop, and no interactive users can do anything on that session (or so it seems).

The apparent work-around (although I've never used it) is to run VNC as a user-mode program (e.g., from the startup group) instead of as a service. I don't think it's much of a work-around, so I'm waiting for the folks who maintain VNC to come up with a solution.

The flip-side of the problem—using the VNC Viewer in "listen mode" to other people can initiate the remote control session from their end—seems to work fine; this will permit admins running Vista to use VNC to control non-Vista machines.

Monday, February 5, 2007

No joy with QuickTime

Although it seems to be working fine with file management and audio playback, iTunes (7.0.2.16) and QuickTime (7.1.3) can't handle live video in Vista. My suggestion: get the VLC Media Player. The helpful folks at Apple simply recommend that you wait to install iTunes until they have the "next version" available. Maybe, maybe not!

Saturday, February 3, 2007

Customizing the Start Menu

One of the first things I want available on a PC is my trusty copy of JP Software's 4NT. As a replacement for CMD.EXE, 4NT is a powerful and versatile console application that is one of the primary weapons in my administrative arsenal; although Windows (whatever version) is a nice GUI application, I get many tasks done faster and easier using 4NT. Although the folks over at JPSoft don't exactly approve of my installation method, it hasn't failed me, so I stick with it.

Basically, I have a copy of the application on the network, and I copy it to my local boot drive, then create a shortcut with a hotkey for it. I also like to replace the default 4NT icon with one that I created some time ago and update as new versions of 4NT are released.

Copying the folder from the network was no different than previous versions. I like to install 4NT off the root of the system drive in a "utility" folder, and UAC didn't give me any prompts as I created a new folder in root, nor when I copied the 4NT folder from the network. So far, so good.



The bigger problem came next. In Windows 2000 through XP, you have this concept of the "Documents and Settings" folder. This has been deprecated in Vista, although the folder exists there on the drive. That arrow-overlay on the image would mean that you're looking at a shortcut in an older version of Windows; with Vista, that means you're looking at an NTFS junction. Our friends at Microsoft have replaced "Documents and Settings" with the "Users" folder.

Well, this is also fine and dandy, but the "All Users" folder that's under C:\Users isn't really there; instead, it's a symbolic link (a la *nix) to yet another location: C:\ProgramData. There's another redirection hidden in here, too: the old C:\Documents and Settings\Default User folder has been retained, but as an NTFS junction to C:\Users\Default.

I bring this all up because I'm still trying to figure out how to put a shortcut into the Start Menu that will then be available to anyone using my machine.

Once you look in C:\ProgramData, you see that the Start Menu is really an NTFS junction to C:\ProgramData\Microsoft\Windows\Start Menu.



And the only way I was able to figure this out? Good luck trying to browse the contents with Windows Explorer!

I used 4NT, but CMD will work as well. Just make sure you do your directory listings with the /a: switch, which will force the listing to include hidden and system files. Both CMD and 4NT will indicate whether the directory is a DIR, JUNCTION or SYMLINKD and include the actual volume or folder to which the junction or link really represents.

Okay, so now I'm on my way to finding the "All Users" start menu so I can create my shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools. No problem launching a copy of Explorer from 4NT or CMD (explorer .), but try as you might, there's no way that Explorer is letting you create a shortcut in that location: the right-click popup only includes "Folder" in the New option, and trying to do a copy/paste shortcut ends up with an error:


This seems stupid, but then it hits me: I must be dealing with UAC, and I need to run Explorer (or 4NT, which I used to launch Explorer) "as Administrator." Rather than document the details, I'll just tell you directly: it doesn't work. I must've spent 30 minutes trying to figure this out when I gave up and used 4NT to create its own shortcut in that folder, which is permitted (I also discovered that you can move a pre-existing shortcut into that folder).

Footnote:
When trying to handle the per-user Start Menu, that's also hidden away in the C:\Users folder behind a symbolic link: C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu

Missing Drive Letters

UAC has another interesting side effect. It's not a simple elevation of priviledges or tokens that's happening; you actually have some separation between the limited and admin user programs while UAC is active.

This is readily demonstrated in the following fashion
  1. Map a drive letter to a network share from the limited user account; it can be done several ways, including using logon scripts.
  2. Open CMD (or your preferred shell; mine is JPSoft's 4NT) as a limited user.
  3. Enter "net use" at the prompt.
  4. Open CMD (or your preferred shell) as an admin user.
  5. Enter "net use" at the prompt.
Note that you get drive letters in one console, but not in the other.

I've been able to get around this problem by using 4NT; it can handle using a UNC path as the current working directory. Want even more fun, however? Try the same test using Windows Explorer instead of CMD. More on that later...

Friday, February 2, 2007

Initial setup

First things first: get the new Vista install on the domain.

I run a Windows Active Directory domain at home, including an Exchange server. This works nicely when you host your own domain, and also comes in really handy for learning things that you'd never be able to "play with" at work due to time or other constraints (like Vista!).

Unfortunately, this was my first stumbling block. Adding a machine to the domain under XP and earlier is pretty straightforward, but it's pretty easy to get distracted by all the "eye candy" in the OS, not to mention the frequent popups as Vista discovered updates to components in my system (this will become a frequent issue as I have discovered...).

Vista Install

Given that I struggled with beta2 and RC1 of the 64-bit versions, eventually giving up after the Vista install trashed the partition table of my array, forcing me to recover everything from backups, the first thing I did was take a backup of all my partitions using Drive Snapshot (for those who care, I used a USB 2.0 external drive that I built from a new drive and an external case that I got "on the cheap" from woot). After verifying the snapshots, I restarted the machine and went into the BIOS setup to rearrange the boot order of my devices.

Finally, with my system looking to boot first from the IDE CD-ROM (dvd, actually), I crossed my fingers and restarted...

Nothing uneventful or even remotely interesting happened through the install, I'm happy to report. The drivers for the nVidia SATA RAID were included in the RTM release, and it immediately "saw" the virtual drive and the pre-existing partitions.

Given the size of the Vista install, I ended up wiping out three primary partitions (0: DOS/System Commander; 1: Windows XP (32GB); 2: Windows XP 64-bit (32GB)) in order to have 64GB to offer Vista.

After a couple of reboots, I was ready to start playing!

Getting started...

This post will simply stand as a reference for the hardware that I'm running.
  • Gigabyte GA-K8NF-9 (nForce4 for AMD, no SLI)
  • AMD Athlon64 X2 4400+ (Toledo)
  • 2GB DDR-400 SDRAM
  • Intel PRO/1000 PT server adapter (finally! a use for that 1x PCIe socket!)
  • Plextor PX-716AL DVD+/-RW
  • Plextor PX-708A
  • Gigabyte GV-NX66T128D GeForce 6600GT (128MB)
  • 4x 320GB Western Digital WD3200SD "RAID Edition" SATA drives in RAID1/0 (0/1?) using onboard nVidia raid.
  • Dell 2407FP widescreen LCD