Archive for tools

DavidNudelman | November 9, 2011
No comments

Path to Windows 7 – Part III. Application Compatibility

compatible_with_windows_7

One of the main reasons why companies are delaying their migration from Windows XP to Windows 7 is the lack of compatibility with business critical applications, and sometime it can be a show stopper. There are a few tools and application delivery mechanism that can solve those issues.

Now that we have a complete inventory and rationalized our applications with MAP and Centrix WorkSpace iQ, we are left with a list of application that will be delivered to the Windows 7 users. The next step is to assess the compatibility of those applications on Windows 7 and on the platform that will deliver the application. There are a few different options here. The first decision to make is “32 or 64 bit” version of Windows 7, this decision will imply changes on the application compatibility results. The recommended platform is 64 bit, and it is recommended to companies without a complex application stack and even more important, no legacy applications.

The second decision is on how to deliver the applications. Will it be installed directly to the physical machine through a MSI? Will it be virtualized with App-V and delivered via streaming? Will it be installed on a Remote Desktop pool and the application will be delivered through presentation virtualization? This is also important, as standards for compatibility for App-V and Servers are different from the OS.

Some of the new security features introduced in Windows Vista and Windows 7 may cause the lack of compatibility. Common issues are Session Zero Isolation, 16 bit components, legacy drivers, hardcoded paths, and application that require to run as administrator. There are different ways to test for application compatibility. Microsoft has a very nice tool called ACT – Application Compatibility Toolkit that will help you run applications on a Standard User Mode (non-admin). It will flag all the issues that are preventing the application to run correctly to help you fix the issues. It will also provide a list of potential fixes and will work with Shims.

But the process with ACT can be very lengthy and painful as the amount of information provided is low the tasks are very manual. An alternative is to use AppTitude by App-DNA (now part of Citrix). App-Titude allows you to import applications and it will run code and behaviour analysis based on the application’s MSI. It will run compatibility analysis and give you results for Windows 7, 64 bit, App-V, XenApp, Server 2008, Server 2008 R2. It will also help you choosing the best option to deploy that application, physical, virtual or hosted on a server. All the results are displayed on a RAG status and in case it is amber or red it will give you remediation guidelines, suggest shims and even propose auto fixes with MSTs. App-Titude will also automate packaging for App-V to help you accelerate the deployment. The greatest advantage of this tool is that you can send all the application that come out as Green straight to UAT and focus your packaging team on the applications that require remediation. It will also tell you how complex it is to fix a specific app so you can easily manage your internal resources or take the decision to use an external packager for that.

Internet Explorer compatibility is also something worth looking at. Some websites where coded a long time ago and might have components that will not run on Internet Explorer 8 or 9. AppTitude can handle analysis of web applications. Another way to solve web application issues is Browsium, a nice piece of software that integrates legacy browser tabs on your current Internet Explorer version, so you can run web application in IE6 mode inside IE9.

There are other methods to solve compatibility issues. For very small companies or departments, you can use Med-V, but you will still need to manage the Windows XP running under Windows 7 and it will also be out of support soon.

Dealing with applications is the lengthiest process on the path to Windows 7 and that is the main reason why you should at it sooner rather than later on the migration journey. The next step is to consider how to deliver Windows 7 to the end user.

Resources:
ACT – Application Compatibility Toolkit

AppTitude by App-DNA

Browsium

Med-V

The Springboard Series

 

Category: client, how-to, internet explorer, tools | Tags: , , , , , , , , ,
DavidNudelman | November 6, 2011
One comment

Group Policy Management – Steve and Nick’s Tale

One of the main reasons why Windows is very well established as The Enterprise Operating System is the ease of centralized administration. Most of the credit goes to Group Policies. Group Policies are a set of rules that will be enforced on the workstations and on user profiles. Based on the rules, user experience will change. That means that a CEO will get a more flexible and open system than a call center user, which will get an OS restricted to the tools he needs to be able to perform his tasks.

Group Policy is extremely powerful, and as Uncle Ben told Peter Parker (a.k.a. Spiderman) – ‘With great power comes great responsibility’. The reason I am bringing that up is that is that IT departments overlook the importance of controlling access to Group Policy management. Group Policies are live, as soon as you edit a setting it is already in place. Giving control of group policy to people without the right skills can be very dangerous and can cost the company productivity and financial loss.

As a real life example, I had the opportunity to work with an Education company related to the military services. One of their IT helpdesk people, I will call him Steve, was trying to “open” the internet connection to one of the directors of the business. The Director who was on a resort for a week with his family, wanted to get some work done, and was struggling to connect to the internet. Steve who is a self-tough IT professional uses the tools he feels can address the issue quickly and helps the Director who seemed really happy over the phone. Feeling great because he was able to help a high profile person on the company, Steve goes away to his 2 days off, as planned in advance.

Next morning Steve’s boss Nick can’t access the internet and starts troubleshooting, but it seems that his proxy settings are not being correctly assign and it isn’t long until other users started calling helpdesk about not being able to access the internet. Nick talks to his team and no one knows what might have caused the issue. Steve was away. That is the point when I was called in.

Trying to gather information on symptoms, we identified that the issue was only affecting manages and directors, therefore, very likely to be a proxy setting issue. Trying to get more information I went to the proxy settings on Internet Explorer on Nick’s computer and found that the settings were blank. Nick was surprised that I could even get to the proxy settings as this was a protected menu on IE. This information was enough to find the cause of the issue. Someone, at some point, change a group policy containing a few settings. Looking at the recent changes I could identify which policy was changed the previous day, but not who did it and which settings where affected. The policy name didn’t help much as it was named “Directors and Managers”.

I focused on restoring internet connectivity by specifying the proxy settings, which took over 40 minutes for Nick to find out what is was due to the lack of documentation. I also restricted access to the connections tab on IE.

With the problem resolved and people back to work just after lunch, I had a meeting with Nick. The first question was “What happened?” The answer was easy; someone changed the group policy settings that affect the managers and director. I restored internet connectivity and secured the menu, but can’t guarantee that other settings are on the state that they should be. Than Nick asked, “What can be done to prevent that from happening again?” An my answer was; don’t give more rights to user than they really need, and more specific for this case, make sure that only people who know what they are doing have permissions to manage group policy. You can also use Microsoft Advanced Group Policy Management, part of MDOP, one of the benefits you have because you have Software Assurance on your Windows Licences.

Two days later I get a call from Nick telling me that Steve did it to help a director and he had no clue what he was doing, but then again, he was never trained by the company to do his job properly.

In short, be careful when assigning permissions for IT admin staff, helpdesk, etc. Always give them the minimum rights they need to be able to perform the tasks they are supposed to do. Many companies give “Domain Admin” rights to a lot of people just because it is easier, and that can cause a lot of issues.

Keep it classy IT pros.

Resources:
2008 Group Policy Planning and Deployment Guide
Advanced Group Policy Management Overview

Category: how-to, server, tools | Tags: , , ,
DavidNudelman | November 2, 2011
No comments

Fixing IPv6 issues caused by applications

ipv6_logo

A good friend of mine from Colombia is a great IT Enthusiast. Like me, he loves trying out all all different kinds of technologies and sometimes things go wrong.

In this case he was using the Checkpoint SecureClient and it damaged the IPv6 configuration of his machine.

Instead of fixing it and leaving the problem behind he did the right thing, created a tool that integrates with the windows troubleshooting engine to fix the problem and shared it on codeplex.

His name is Ricardo Polo and he deserves al the credit!

Download the IPv6 reset tool on codeplex.

Category: tools, windows | Tags: , ,
DavidNudelman | October 31, 2011
No comments

IEAK – Internet Explorer Administration Kit

ie9-ieak_feature

Internet Explorer Administration Kit, IEAK, provides administrators with powerful, easy-to-use options designed to save you time and money in deploying and managing Web solutions.

IEAK allows you to:

  • Establish version control across your organization.
  • Centrally distribute and manage browser installations.
  • Configure automatic connection profiles for users’ machines.
  • Customize virtually any aspect of Internet Explorer, including features, security, communications settings, and other important elements.

IEAK 9, and all you need to know about it can be found here

Category: internet explorer, tools | Tags: , , , ,
DavidNudelman | October 31, 2011
No comments

Microsoft Assessment and Planning – MAP Toolkit v6.5

The Microsoft Assessment and Planning Toolkit (MAP) is an agentless,
automated, multi-product planning and assessment tool for quicker and easier
desktop and server migrations. MAP provides detailed readiness assessment
reports and executive proposals with extensive hardware and software
information, and actionable recommendations to help organizations accelerate
their IT infrastructure planning process, and gather more detail on assets that
reside within their current environment. MAP also provides server utilization
data for Hyper-V server virtualization planning; identifying server placements,
and performing virtualization candidate assessments, including ROI analysis for
server consolidation with Hyper-V.

MAP helps make the following IT planning projects faster and easier:

  • Migration to Windows 7, Windows Server 2008 R2, and Microsoft Office 2010
  • Migration to Windows 7 compatible versions of Internet Explorer
  • Migration to cloud-based services
  • Server virtualization with Hyper-V
  • SQL Server consolidation and migration to SQL Server 2008 R2
  • Assessment of current software usage and client access history for
    simplified software asset management
  • PC security assessment and migration to Microsoft Forefront Client Security

The beta of the MAP Toolkit v6.5 is now available for download at the link below:

https://connect.microsoft.com/site297/Downloads/DownloadDetails.aspx?DownloadID=23188

Download the MAP Toolkit v6.5 Beta now and find out about the new features:
Enhancements to the MAP user experience which streamline tasks and improve overall usability

- Server virtualization and consolidation feature enhancements including:
- The ability to customize Microsoft Hyper-V Cloud Fast Track Configurations
- The ability to set utilization thresholds for virtualization hosts and infrastructure
- Enhanced UI controls that allows users to quickly find, filter, and select the list of machines targeted for virtualization
- Additional in-depth migration analysis of applications to the Windows Azure Platform
- Software Usage Tracking for Forefront Endpoint Protection servers
- Discovery and reporting of “active devices” running the Windows Operating System
- Discovery and reporting of SQL Server “Denali”
- Discovery and reporting of Oracle Instances on HP-UX-based Itanium servers

 

Category: news, tools | Tags: , , , ,