Unlocking the secrets of Windows 7

This content is 16 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Whether or not it’s true, ask people if Windows Vista was ready when it originally shipped and the response is generally a resounding “no”. It seems that Microsoft is not taking any chances with Windows 7 as it has been reported that the new operating system is being constructed in a modular basis and will only include components as they pass through the appropriate quality gates.

Spoof Microsoft staff identity passThose who have a pre-beta build of Windows 7 may be interested to note that there are some extra features in the milestone 3 build (build 6801) that are only available to permanent Microsoft employees using computers that are members of certain Microsoft Active Directory domains.

To circumvent this, Rafael Rivera has written a tool for Windows 7 called Blue Badge (named after the employee passes that permanent ‘softies are issued with). Running this utility will grant access to incomplete features by patching the operating system.

If you do decide to try it (and why not?), bear in mind that there is a reason these features have not been released – they are not ready yet – so don’t be surprised if everything falls over in a heap.

Microsoft after hours: the sequel

This content is 16 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

A little over 18 months ago, I attended an event at Microsoft titled “Vista After Hours”. The idea was that, instead of showing us all the features of the Windows ecosystem that were relevant to daily life as an IT Professional, Microsoft would demonstrate some of the things that can be done in Windows apart from work – demonstrating that the world of Windows is not all about dull, corporate applications.

Earlier this week, I was back for more – as Viral Tarpara, Paul Foster and Jamie Burgess demonstrated some of Microsoft’s products aimed at consumers and hobbyists.

As is likely to become the norm around here for such events (so many blog posts, so little time), I won’t write it up in full but here are some of the highlights:

  • Gears of War 2 – the latest big game for the Xbox 360 and phenominally successful (but I’m not a games guy).
  • Viral took a look at Windows Live Services – Google, Yahoo! and Microsoft (MSN/Live) are all doing similar things (although each will claim that it has the best new features!) – taking a look at a few of Microsoft’s Windows Live Services:
    • A new look for live.com is on it’s way to the UK. Personally, I like it – and you can hover the mouse over certain positions on that day’s picture to see links to potentially interesting facts.
    • Windows Live Mail: with a new Outlook-like interface and the ability to connect to multiple mail services (and chose which send via); add own stationary (arghh!); and it will soon include photo e-mail capabilities (e.g. select 4 photos, all resized and embedded in e-mail – rather than as an attachment – then add a frame, or make it black and white, make contrast corrections, etc.).
    • Windows Live Photo Gallery provides a gallery view for resizing, viewing/adding metadata, tagging and editing photos (preserving the original) but publishing etc. is where the Live Services come in and pictures may be published to Flickr, Windows Live Spaces, etc. The end result is highly functional software on the desktop PC, plus services in the cloud.
    • Windows Live Writer is Microsoft’s blogging software and it: integrates with various platforms (WordPress, Blogger, etc. – even SharePoint); applies the site’s stylesheet to the posts as you write; allows insertion of pictures, videos (YouTube or Soapbox), etc.
    • Windows Live Maps: whilst many people use Google Maps – Microsoft claim that Live is superior for business requirements (I prefer the Google mapping view) and it now features: a 3D view using an Internet Explorer/Firefox browser plugin (and no more page refreshes – zoom in and out – very impressive, although it’s a lot smoother on Microsoft’s Internet connection than on mine); a bird’s eye view which uses a Photosynth-like effect to select high resolution images; a free API to use and expose in own applications; collections of public or private searches (e.g. a walk around 3D Manhattan) using public data to link to map (e.g. Times Square).
  • Paul demonstrated Photosynth, which works out how pictures relate to one another in a four dimensional space to build up a complete picture. Because synths only show the data that this appropriate at this moment in time it’s possible to jump around and explore the environment at a reasonable speed. Using the example of Stonehenge, even though the photos were all taken at eye level, the synther can work out where the stones stand so that it is possible to view from above (or even below!). More images helps it to work out more points of view and speech synthesis technologies such as mousegrid can be used to navigate and scroll around.
  • Even I (the non-gamer) was impressed by the new Xbox 360 experience that Jamie demonstrated (due for a worldwide release today for a phased deployment to all Internet-connected Xbox 360s):

    • The user interface has been redesigned and blades have been replaced with a dashboard.
    • Music can be streamed from another PC to the Xbox and played over the top of games or anything else; effectively the Xbox becomes the presentation layer in the living room.
    • Avatars are a huge new feature – with more and more options coming online all the time.
    • Games may be stored on the hard drive.
    • Xbox messaging capabilities integrates with non-Xbox users of Windows Live Messenger (e.g. on PCs).
    • The interface is much more graphical/visual than previously and therefore become much more immersive.
  • Paul showed how Community Games allow anyone (or at least anyone who can write code) to create and publish their own games to Xbox Live (10 million people) including charging Microsoft points and sharing the revenue with Microsoft (the approval process does require accurate rating of the game’s suitability). XNA Game Studio is used with the Express Edition development tools and the resulting games will run on Windows, XBox, or Zune. For more information, check out the XNA UK user group, which aims to provide “a helping hand for bedroom coders throughout the land”.
  • Moving on to home automation systems, Jamie spoke about how he had run co-axial and CAT5 cabling around his parents’ house to stream content from two Sky Plus boxes to almost any room, using IR receivers in the ceiling to control everything from a single remote control. Further information on this type of setup (with Windows Media Center) can be found at The Digital Lifestyle and The Green Button. Much more tangible was Paul’s demonstration of his home automation with everything from recording and playing media content in Windows Media Center to using the mControl digital home software to remotely access CCTV feeds, set the temperature in a room and even water the plants in the garden. B&QBased on a system of scheduling and triggers, Paul demonstrated a HomeEasy system (available from B&Q) with an RF controller and xPL software to control lights (a blog post has been promised…). More Home Automation products are available from Let’s Automate.
  • Viral took a look a some more of the Windows Live services and admitted that the current version of the Windows Live Homepage is not as engaging as other Web 2.0 technologies (the good thing about Viral is that he may be a ‘softie but he also admits to using alternative solutions “because that’s how real people work”) before commenting that a new version will have tighter integration with various other services (e.g. Flickr, Twitter, etc.).
  • Viral also showed off some of the new features in the latest Windows Live Messenger beta – things like assigning your own entrance sound to play on your friends’ messenger client (uh huh… that will be annoying); what’s new (see what friends are up to – a bit like a Facebook status); activities – games, calendar swap, etc.; and photosharing where you can send a series of thumbnails by messenger and recipient can browse for more detail.
  • Ethernet over powerline is a technologies I considered until I replaced my wireless access point with something decent and Jamie briefly mentioned the success he’s had with a NetGear 200Mbps solution in his modern apartment (where the building construction makes Wi-Fi difficult.
  • Jamie then went on to talk about modifying his Mazda MX5 with a 7 inch touchsreen, connected to a mini-ITX PC in the boot, running a Centrafuse front end for GPS (USB attached), Radio, Phone via Bluetooth, Playlist, Music and videos (using a USB dongle Wi-Fi synchronisation between the car and his home whilst in the garage), OBDII diagnostic data, camera, weather, etc. Apparently, you can even have Live Mesh working on this solution too. It sounds like a neat in car entertainment solution but it also sounds like the classic case of a rich kid putting more electronics inside his car than the car is worth… but if this sounds like something of interest then check out MP3car.com.
  • So, moving on to Live Mesh, Viral demonstrated it as a combination of social networking and synchronisation so that files in Mesh-enabled folders on each connected device are synchronised so that data is accessible wherever (based on synchronisation policies to control which contacts can see which data). Using the “Synchronising Life” video I embedded in my recent post on Windows Live FolderShare, he spoke of the potential for Mesh-enabled picture frame and gave a real-world example of how he (in the UK) and his girlfriend (in the USA) share pictures and other information via Live Mesh as the different timezones and work schedules mean that they may not be online at the same time.
  • Paul spoke of how he has Windows XP Pro trimmed down to 384MB and running on a USB key with a mini-ITX PC. It’s possible to do this using the evaluation tools for Windows XP Embedded/CE to strip down although the operating system image does expire. Pico-ITX PCs are even smaller yet still offer USB support, VGA output and SATA II drives. Find out more at mini-itx.com.
  • A Microsoft Surface table is a $10,000 device based on a technology called Frustrated Total Internal Reflection (FTIR). Paul demonstrated build a DIY multitouch device using nothing more than a cardboard box, a webcam, a sheet of perspex and a sheet of paper, together with software from the Natural User Interface group). Basically, he fed the webcam through a hole in the bottom of the box (camera facing up) and used the perspex as surface (with paper on top to block out ambient light). The NUI software will handle the view, inverting the image, removing the background, etc. but some additional coding will be required in order to build multi-touch applications. I have to say that it was pretty amazing!
  • Next up – robotics. Those who were at the Windows Server 2008 launch in Birmingham earlier this year may remember Paul’s A1-DW robot (A1 = top stuff, DW = a bit of a dimwit – he needs to be told what to do) but Paul showed a video of the robot working its way around his house. A1-DW is controlled with software developed using the Microsoft Robotics Developer Studio (MRDS) which is free for non-commercial use and provides a combination of a visual programming language and physics-enabled based simulation. In Paul’s demonstration he used a simple programme to join the SetDrivePower control on a GenericDifferentialDrive to the TriggersChanged event from XInputController (a Wireless Xbox controller) and drove it around the room – the idea being that services scattered across a home network (one big grid computer) can be used to control less powerful robot.
  • The next demonstration was of Windows Home Server, showing how this product has a very simple user interface, designed to make it easy for consumers to set up a server in their home and manage users, shared folders, storage and websites (e.g. for sharing a photo album with friends and family). Plugins are available (e.g. mControl for home server) whilst the network status is indicated with a simple red, amber, green system which advises of any action to be taken (e.g. update anti-virus definitions, perform a backup). There is also a simple interface for setting up backups, password policies, remote access (reverse DNS is established via the Windows Live ID authentication process – upon sign in, the IP address of the server is recorded in the homeserver.com DNS zone), port forwarding (via uPnP), etc. Windows Home Server is available to system builders as an OEM product, or a fully-configured system costs around £500 (e.g. the HP EX400 MediaSmart server at £499). For more information on Windows Home Server and the digital home, see We Got Served.
  • Looking at some of the developments in Microsoft hardware, Viral demonstrated: Microsoft’s new mice with a blue LED light which can track smoothly regardless of the surface; new LifeCam devices with HD picture quality and messenger integration; and an arcmouse where the end folds in for travel without the usual restrictions of a mobile mouse (i.e. its small size).
  • Finally, Paul showed off Windows 7 Ultimate Edition running on a netbook. The model he used was an Acer Aspire One with a 1.6GHz Intel Atom CPU, 1GB RAM, 120GB Hard drive (not SSD) and I was very impresed at the performance and the graphics (e.g. very smooth Flip-3D effects). For those who were confused by the apparant doublespeak in my recent post about installing Windows 7 on an old PC, it’s worth considering that this machine cost him £228 including shipping (for a Linux version) and has a Windows Experience index of 2.3 (2.9 for the CPU, 3.3 for RAM, 2.3 for graphics, 3.0 for gaming graphics and 5.0 for disk). Having seen this, I’m almost certainly going to be buying a Dell Inspiron Mini 9 for Windows 7.

For someone who mostly concentrates on Microsoft’s business-focused products, it was interesting to spend an evening on the consumer side of the fence. In summary: an evening of geeky goodness.

Take a view: Landscape Photographer of the Year 2008

This content is 16 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Earlier this evening, I dropped by London’s National Theatre to take a look at the free exhibition of images from this year’s Landscape Photographer of the Year competition. Promoted by renowned landscape photographer Charlie Waite, this exhibition features images of the highest standards that highlight the very best of our varied country. With everything from London skylines made up of 15 images stitched together (and almost a year of effort to capture them) to the Glastonbury Festival captured on a mobile phone (demonstrating that excelling at photography is about far more than just the equipment), I was captivated by the vistas, seascapes and iconic structures featured in the exhibition. I had to laugh too when I read the photographers’ captions and my long-suffering wife should draw some comfort that she is not alone in being deserted for a photo opportunity – Adam Burton tells of how he searched for the ultimate picture of Bambrough Castle on a trip to celebrate their first wedding anniversary and Ian Cameron told of how he “begged his wife for a few minutes to photograph [hoar-frosted fields at dusk]” and “returned to the car, an hour and ten rolls of film later, grinning from ear to ear”.

Landscape Photographer of the Year - Collection 2 (book cover)There’s also an accompanying book (Landscape Photographer of the Year: Collection 2), published by the AA (available from the National Theatre bookshop for £25).

In addition to the free exhibition at the National Theatre, Charlie Waite will be giving talks on Seeing Landscapes at the theatre on four dates (11:30 on 8/9 December 2008 and 5/6 January 2009). I’ve heard Charlie speak before and found him inspirational so I’ll be there to hear him speak again – tickets are £5 from the National Theatre box office.

Using Wireshark for basic packet capture and analysis

This content is 16 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

As I’m trying to get my head around the notes I made from last week’s Wireshark webcast by Mike Pennacchi of Network Protocol Specialists, I thought I’d post the highlights here – these are just my notes with very little interpretation or linking out to other sites, so check out the video for more detail:

  • Analyser placement is critical to successful network troubleshooting – switched networks provide direct traffic so you can’t just plug in and view everything right away.
  • Three common methods for monitoring a switched network are:
    • Spanning/port mirroring – copying ingress and egress traffic between switch ports to form a single data stream – even for an entire VLAN (although it’s likely that would exceed the capabilities of the destination port).
      • Advantages include: configuration requires no interruption to traffic flow; multiple ports can be sent to a single port; remote spanning is possible between switches; some switches can filter packets as part of the spanning.
      • Disadvantages include: configuration requires access to the switch; not all switches fully support spanning; has been known to cause problems.
    • Tap – for monitoring full duplex traffic, including physical errors, passing traffic between devices in a fault tolerant manner.
      • Taps may be fibre or copper-based.
        • Fibre taps require no power and will split the signal using a ratio intended to provide the greatest signal level to the destination and a usable signal for analysis.
        • Most copper taps regenerate the signal (and will pass the signal on directly in the event of power failure).
      • Port aggregation taps can internally combine data streams, allowing a single port to capture full duplex traffic and also to buffer traffic when the combined data rate exceeds the egress data rate for the port. They can be:
        • Passive – dropping inbound packets from the analyser.
        • Allow reset packets – allowing packet injection, e.g. for an intrusion detection system to kill a TCP connection.
      • Advantages include: taps are independent of the switch infrastructure and work out of band.
      • Disadvantages include: the link needs to be broken to insert the tap and, for full duplex taps, the analyser needs to be able to accept two streams and merge them into a single trace file.
    • Hub – an inexpensive solution to copy all traffic to all other ports, including physical errors.
      • Hubs are effectively repeaters.
      • Beware that some hubs are really switches, labelled as hubs.
      • Dual-speed hubs are actually switched between the 10 and 100Mbps networks – so the analysis device will need to operate at the same speed as the devices being monitored otherwise only broadcasts will be detected from devices running at a different speed.
      • Advantages include: low cost, easy to install and readily availble; traffic can be sent to multiple monitoring ports.
      • Disadvantages include: only half duplex; not fault tolerant and require breaking the link for installation.
  • Wireshark analysis method (D.I.S.C.A.R.D.):
    • Download Wireshark (free).
    • Install – two components: the Wireshark application and the packet capture driver (for Windows that’s Winpcap).
    • Setup – select the interface (from the Capture menu) and click Prepare. Where present, a generic dialup adapter can be used to capture VPN packets prior to encryption. Ensure that promiscous mode is used to capture all frames seen by the interface (not just those addressed to the analyser). Set capture filters if required (but it may be better to filter post-capture). Tweak the display options to improve performance – turn off real-time packet listing and automatic scrolling.
    • Capture – click start to run a capture. In practice, the maximum capture rate using a built-in NIC before packets begin to drop will be around 230Mbps although cards are available for full duplex 1Gbps network captures (e.g. the Cace TurboCap).
    • Analyse – view frames using the display filter against the packet list, then view the packet detail and, if necessary, the packet bytes. Setting the time display format (on the View menu) as seconds since previous displayed packet will help to identify gaps. Even encrypted traffic will show the deltas. The filter input box turns green when a valid filter is applied – alternatively the Expression option provides a GUI to assist. Some filters are case-sensitive and beware when using booleans with multiple filters (i.e. use or not and to avoid attempting to filter on two protocols at the same time!). Follow TCP Stream can be useful to quickly create a filter based on an IP address pair and particular port numbers.
    • Resolve – after thorough analysis, resolve the issues.
    • Document the solution.
  • Pilot is a companion tool for Wireshark (chargable) and offers deep packet analysis.
  • Example captures are available at Packetlife.net

Free Wireshark training – and the 10 truths of network analysis

This content is 16 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Last week, I was working my way through my RSS backlog when I spotted Thomas Lee’s post highlighting some free Wireshark (formerly Ethereal) webcasts by Network Protocol Specialists.

Wireshark is an open source packet capture and analysis tool (a bit like Microsoft Network Monitor – but available for a variety of platforms as well as in portable application and U3 form). I’ve struggled with deep packet-level networking since my days at Uni’ but a little knowledge in this area can really help when troubleshooting connectivity, so I registered for the first session and found it both worthwhile and interesting as Mike Pennacchi explained:

  • Analyzer placement.
  • Starting up Wireshark.
  • Selecting an interface.
  • Basic capture filters.
  • Capturing packets.
  • Displaying and decoding packets.
  • Saving the trace.

The next two sessions will look at:

  • Using display filters effectively.
  • Long term captures.


  • Separating the good traffic from the bad traffic.

If you want to know more, check out the video from session 1 – or register for the next two sessions on the Network Protocol Specialists website.

In the meantime, I’ll round up this post with Mike’s 10 truths of network analysis:

  1. The wire does not lie. It is not out to prove a point, nor is it politically motivated. Interpreting traffic on the wire can help to solve problems.
  2. Packets cannot hang around at a device for more than a few milliseconds. Routers and switches do not have large enough buffers for packets to “hang around” – they may get dropped and retransmitted – or an application may be holding on to them. Network analysis can help to identify where the delay is.
  3. The total response time is the sum of the various deltas. Long response times may be the result of many packets with small gaps or fewer packets with long gaps.
  4. Every application program can be diagnosed. Solving them is a different issue.
  5. Focus on eliminating components that are not part of the problem. Figure out which layer of the OSI model is causing the problem, then implicate or exonerate.
  6. Don’t guess. Only state the facts after thorough analysis.
  7. Don’t believe anything that anyone tells you. Carry out your own troubleshooting and analysis. Be thorough.
  8. Explain the problem and diagnosis in a way that can be understood by all. Avoid misinterpretation and misunderstanding.
  9. Understand how to use the analysis tools before problems occur. And practice!
  10. Look for differences between working and non-working examples. If the normal situation is captured then it’s like a digital photo for comparison.

And finally, if this sort of thing is what interests you, Network Protocol Specialists have created a LinkedIn group for protocol analysis and troubleshooting to provide tips, tricks and valuable information to network professionals, application developers and anyone tasked solving computer network problems.

Defining custom presence states for Office Communicator

This content is 16 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Custom presence states in Office CommunicatorLast night, Garry Martin pinged me on Office Communicator and was very excited about something… as it happened, that something turned out to be the new features in Office Communications Server 2007 R2. He was also keen to show of the new custom presence tags he’d created and even I (the great instant messaging cynic) have to admit that they are pretty cool (I may find IM a distraction but presence awareness is a valuable tool).

Why bother? Well, if you have to ask that question then this mod is probably not for you but I do find that there are different levels of busy in life and sometimes the default states are just not enough.

I decided to implement this on my PC too and it’s quite simple. First up you need an XML file:

Coffee Anyone?

Yes, I really am busy…

Customer Presentation

In my case, this is called presence.xml and I’ve saved it in my Documents folder.

Then you need a registry key to access it:

Windows Registry Editor Version 5.00


Restart Office Communicator and the new states are there for selection.

I can’t claim any credit for this – the original details came to me from Tom Laciano (aka LCS Kid)’s blog post on OC Custom Presence States and Brett Johnson’s post which highlights the availability of an HTML application to do the hard work for you, via Garry. Tom’s blog post also mentions a couple of limitations in that you can’t have yellow (away) custom presence (why not?!) and that you have to sign in with one of the default states before selecting a custom one.

At the moment I just have the three custom states that are in the example XML above but, after the day I’ve just had, I feel like adding another one – “Trying to process my Inbox to zero”…

TechEd EMEA 2008: a round up of some of the Windows Server content

This content is 16 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Imagine the situation (purely hypothetical of course) – you work for a large company where the overseas travel approval process requires signoff at such a senior level that, even with a really good business case for conference attendance, it’s just too difficult to get approval…

Well, I didn’t make it to TechEd EMEA IT Pro this year (or any year recently – although that’s normally down to family commitments and this year the conference was a week earlier) – and that’s why there has been precious little TechEd content on this blog. I did spend a good chunk of this week catching up on my RSS subscriptions though and I came across some write-ups on some of the sessions that would have been of interest to me – sadly there are many more that I have missed.

Maybe I’ll make it to TechEd EMEA in Berlin next year but, in the meantime, videos from TechEd EMEA and the other TechEd events help around the world may be found at TechEd Online.

Installing Windows from a USB drive

This content is 16 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Last week I downloaded the milestone 3 build of Windows 7 and installed it in a virtual machine. Then I heard how Windows 7 has been tuned (compared with Vista) to run on lower-specification hardware so I decided to install it on my aging Compaq D510SFF, which is not going to give me blinding performance (particularly for graphics) but does at least have a 2.4GHz Pentium 4 CPU, 2GB of RAM and a 320GB hard disk so it shouldn’t be too bad either.

I downloaded the 32-bit version (previously I’d used 64-bit), burned a DVD, popped it in the drive and booted:

  • Problem #1 – this PC has a CD-R drive and I have a DVD ISO.

The only DVD drives I had available were in my server (which I don’t want to take down right now) and in my work laptop (a slimline drive – with a strange connector on the back) so I went shopping for hardware:

  • MaplinProblem #2 – my local branch of Maplin had sold out of DVD drives and PC World didn’t have any brown box ones (just the overpriced ones in a pretty box).
  • (Problem #2a – markwilson.it has been spending too much on hardware recently and the bank balance is not looking too good. Spending money on components for an aging PC does not make too much sense.)

Back to the drawing board. I could PXE boot to a Windows Deployment Services server but I didn’t really want to go to the effort of setting all that up so, after checking I hadn’t missed anything obvious with my trusted colleagues Dave and Garry, I turned my attentions to USB booting the PC.

  • Problem #3 – the largest USB drive I have is 1GB – and a DVD .ISO is much bigger than that.

I decided to see if I could use a USB hard disk and it turns out I can – this is how it works. The advice is based on Vista but it works for later releases of Windows too:

  1. Make some space on a hard disk for a new partition. I shrank the existing volume in Disk Management to give me 32MB of free space but I could have just wiped the drive too.
  2. Dive into the command line and fire up diskpart.exe, issuing the following commands:
    • list disk (to see the available disks and see which one I had just created 32MB of free space on)
    • select disk number
    • clean (skip this if you do not want to wipe the disk clean – i.e. if you want to keep data on other partitions)
    • create partition primary
    • select partition number
    • active
    • format fs=fat32 (I later read that NTFS would work too but FAT32 worked for me on a relatively small partition like this)
    • assign
    • exit
  3. Copy the contents of the Windows installation DVD to the new partition with xcopy dvddrive:\*.* /s /e /f harddrive:\
  4. According to the blog post from Kurt Shintaku that I used for reference, that should be enough but that doesn’t actually create a boot sector. Dave Glover’s post on the subject alerted me to the presence of the bootsect.exe utility from the \boot folder on the installation DVD and bootsect /nt60 harddrive: successfully updated the bootcode on my USB hard drive.
  5. Boot the PC from USB and install Windows.

And so does Windows 7 run well on that old PC? I wish I could tell you but, unlike everyone who got their copy from PDC, those of us signed up via Microsoft Connect are under NDA… grrr. What I can say is that, if you’re not bothered about high-end graphics, then even Vista will run on a PC like this… and based on what’s already been said by Microsoft I wouldn’t expect 7 to be any worse and it may even be slightly better.

Identity and security developments at Microsoft

This content is 16 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

In amongst all the exciting new product announcements for new Windows releases and cloud computing platforms it’s all too easy to miss out on some of the core infrastructure enhancements that Microsoft is making. Last week I got the chance to catch up with Joel Sider from Microsoft’s Identity and Security group – a new organisation at Microsoft formed to address the issues of identity and security (which are really two sides of the same coin) and which, until recently have been treated as individual point solutions.

Joel explained to me that, with a single business group and a single engineering group, Microsoft is able to focus on the complete product stack, from System Center and Identity Lifecycle Manager (ILM – formerly MIIS), through Forefront security to the Windows platform, including Active Directory, Rights Management Services (RMS) and Network Access Protection (NAP).

Two of the products under the umbrella of the identity and security group have been in the news recently:

  • A release candidate of Identity Lifecycle Manager “2” is available now. Due for final release in the first half of 2009, ILM “2” provides self-service for employees, enhanced administration and automation for IT professionals, and extensibility for developers. In developing this product, Microsoft’s focus was in allowing IT departments to set policies for access, empowering end users and knowledge workers to perform actions and tasks (e.g. reset passwords, manage group membership, etc.). Until the release of this product, such actions would have required the use of third party products (e.g. Quest Active Roles Server and unlike MIIS, which was powerful but had a limited user interface, the focus with ILM is on providing an intuitive management interface and self service capabilities whilst still allowing extensibility (e.g. for audit and compliance purposes). ILM uses a concept of sets to group objects (e.g. “All people”) and then a workflow (authentication, authorisation, or action) may be applied to complete a number of steps (e.g. in a password reset scenario to answer a number of security questions; or approving membership of a group and sending out a notification in a group membership scenario).
  • Intelligent Application Gateway (IAG) service pack 2 is also due for release shortly. Originally available only in hardware appliance form, the former Whale Communications product can now be run as a Hyper-V virtual machine to reduce costs and increase flexibility in the infrastructure. In addition, IAG supports access from non-Microsoft browsers (e.g. Firefox) and platforms (i.e. users running Linux and Mac OS X) and has additional optimisers for recently released applications. (For those who are unaware of IAG’s capabilities, it provides granular access to specific applications via an SSL VPN with support for almost any application but optimisations for those which it has an awareness of – that’s the “intelligent” part of IAG).

Other significant developments taking place within the identity and security group include: the Windows Azure .NET Identity Framework (codenamed Geneva) which provides a Microsoft.NET identity access control service; Windows Cardspace; and the Forefront integrated security product (codenamed Stirling) which will combine the various disparate Forefront components.

From my perspective, I’m really encouraged to see Microsoft working to provide a more focused approach. As I’ve written before, many of Microsoft’s identity and security products are the result of acquisitions and, whilst it’s important not to lose the features and functionality that made these products successful in the first place, they also need to be tightly integrated to avoid the inevitable confusion caused by feature overlap and conflicting goals. It seems to me that Microsoft is working towards providing a sensible and logical identity and security portfolio for customers and partners.

Why using an iPhone with multiple mail accounts is not as simple as it should be

This content is 16 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Whilst balancing childcare duties with work commitments last week, I was working some pretty irregular hours but wanted to keep tabs on my e-mail – so I connected my iPhone to the Exchange Server at work.

Nothing unremarkable there – iPhone v2.0 software includes Microsoft ActiveSync support and it worked – as it should. Unfortunately it still leaves a lot to be desired – not on the Exchange Server side but with Apple’s mail client implementation. For a company which is so focused on user experience, they don’t appear to have thought too much about this one…

You see, I have two mail accounts – one for home/small business (using Google Apps Email) – and one for work (using Microsoft Exchange Server 2007). The iPhone lets me configure multiple accounts and both work well – especially Exchange Server which has excellent push e-mail support (I often hear a message arrive on the phone before I see the notification on my Windows PC), remote wipe (according the the iPhone and iPod Touch Enterprise Deployment guide – I’ve not tested wiping my device from Exchange just yet but I can see the option there!) and more.

Mobile device view in Exchange Server 2007 web access - showing an iPhone

My problem is that, even though the mail client supports multiple accounts, switching from one Inbox to the other involves navigating five screens (out of one Inbox and up to the account level, then back to the Accounts screen, into another account, and finally into the other Inbox).

That’s not all – Apple seem to think that the reason for having multiple accounts is to bring all of my e-mail into one place – but surely if that’s what I wanted I would forward one mailbox to the other and access a single Inbox? Instead, I deliberately keep my work and private life separate (albeit on one device). The iPhone updates the new message indicator on the home screen to include the sum of all accounts (fair enough) but it only seems to allow me to set one signature for all accounts – and I want to use different contact details (e-mail address, phone number, job titles, etc.) for different accounts.

You see that’s the trouble with Apple products: they look great; they’re really simple to use (mostly) but sometimes you can oversimplify things and impact on flexibility.