Summary of Mark Russinovich’s Inside Windows 7 Redux

This Channel 9 “going deep” interview with Mark Russinovich dives very deep in to kernel changes in Windows 7 and Windows Server 2008 R2. I’ll do my best to summarise. It’s excellent stuff, illuminating:

More on routine loss of external network connectivity on Hyper-V hosts (not guests)

Further to my post from a few months ago on the this topic (dating back to the RC build), I’ve seen this same problem a few more times on the RTM build of Windows Server 2008 R2. My suggested approach still fixes the problem and it doesn’t recur, but I’ve still not been able to pin down a cause and I can find no documentation on host machine MAC assignments anywhere. Continue reading “More on routine loss of external network connectivity on Hyper-V hosts (not guests)”

Windows 7 and Windows Server 2008 R2 Federated Search

Federated Search is one of the most useful and interesting additions to MOSS 2007 since it was launched. It’s now been announced for Windows 7 and Windows Server 2008 R2.

Federated Search was integrated into MOSS 2007 with the post-SP1 Infrastructure Update, which effectively brought the Search Server 2008 product to the MOSS 2007 platform. Federated Search will pass a query from a single interface to multiple OpenSearch-compatible indices. It will then render matching results from these indices asynchronously as they return. In MOSS 2007 a federated search web part is added to a search results page and each web part renders only if results are found through that Search Connector. This works brilliantly, as local results will typically return first, then remote sources will render in due course.

This functionality has now been added to Windows Search. I think this is a fantastic move, as these choices will often be very preferential. I may want Wikipedia while you will want Britannica. I may roam among three branch offices and need to query each of the regional SharePoint portals. It’s very powerful stuff – especially when it moves to the client and can be configured to individual needs.

Find more Search Connectors on the Enterprise Search site. Read the Windows 7 Federated Search Provider Implementer’s Guide.

Custom STSADM command for BackConnectionHostNames

Gary Lapointe recently released a custom STSADM command for setting the BackConnectionHostNames registry key. The relevant Microsoft KB article recommends specifying each host header with the  BackConnectionHostNames key rather than disabling the loopback check, as this check is a valuable security fix. As Gary Lapointe mentions, Spencer Harbar put together some thorough background information on the roots of the fix. Without this command, setup and maintenance can be a bit of a hassle if you have lots of SharePoint applications or lots of Alternate Access Mappings (or if any of this information changes with any regularity). These registry changes need to be made on each web server for any sites with host headers. This includes Central Administration if it’s not configured on <servername:port>. So this could get quite laborious if the farm is fairly large. The UpdateFarm parameter may be particularly helpful in this regard.

Disabling IPv6 on Server Core and Hyper-V Server

Note: this original KB article from which this guidance was taken has now been removed. Please see the comments below for more information.

I recently posted about the Conflicting Microsoft guidance on IPv6. While you can remove IPv6 from a NIC on a full installation of Windows Server 2008 by un-ticking the IPv6 box in the NIC properties (satisfying the Hyper-V performance guidance), you may have noticed that there’s no obvious way to disable IPv6 in server core or Hyper-V Server. If you looked in to it in a bit more detail you may have noticed a registry “fix” for this. Personally I’m always a bit skeptical of registry fixes until I see Microsoft recommending them, but now Tonyso has posted a link to a Microsoft KB article that endorses this approach (when necessary):

To completely disable IPv6 on a Windows Server 2008-based computer yourself, follow these steps:

  1. Open Registry Editor.
  2. Locate the following registry subkey:
  3. In the details pane, click New, and then click DWORD (32-bit) Value.
  4. Type DisabledComponents, and then press ENTER.
  5. Double-click DisabledComponents, and then type 0xffffffff in Hexadecimal or 4294967295 in Decimal.Note The 0xffffffff value or the 4294967295 value disables all IPv6 components except for the IPv6 loopback interface.

A reboot is required before the change will take effect.

Hyper-V graphics performance is on the way… if you need a new laptop

Dell announced today that they are releasing Alienware and Studio laptops with Intel Core i7 processors. Why is this worth regurgitating? The Core i7 processors feature the Nehalem processor microarchitecture, which means that Hyper-V V2 (in Windows Server 2008 R2) can take advantage of SLAT (Second Level Address Translation). SLAT is implemented as EPT (Extended Paging Tables) in Intel technology and NPT (Nested Paging Tables) for AMD. Here’s Microsoft’s summary of the new Hyper-V support for SLAT: Continue reading “Hyper-V graphics performance is on the way… if you need a new laptop”

Hardening Windows 7 services

I’m in the process of hardening and optimising a Windows 7 build at present. Did you know it has 150+ services now? Windows is officially big.

If you’re interested in this undertaking, I can recommend the Black Viper resource. There are a considerable number of services that can be disabled for most users. That said, you should not take the advice in this or other hardening links at face value. If the recommendations or documentation on the service is insufficient to make your decision, either leave it be or research it further (or both). This is the best opportunity you’ll get to fill any gaps in your knowledge.

Once you think you’ve got it licked, always test, pilot and refine an image. It’s also worth creating a log of your decisions for each service from the start, both as a knowledge base and for tracking changes and differences from default builds. The process of documenting your choice will force you to think it through and will give the question the gravity it deserves. There’s no question this is a laborious undertaking, but it’s a valuable exercise and should yield a build that you’ll be happy with for some time.

Building virtual Windows Deployment Services images

While I’ve been ripping off Virtual PC Guy I may as well stay at it. He has a great tip in his geeking out with WDS post suggesting that custom installation images can be built up in a virtual machine and captured from virtual rather than capturing the physical build. This allows for ongoing maintenance of the build without worrying about capturing the same image multiple times by taking a snapshot before SysPrep. It’s a great suggestion.

I’d actually geared myself up for this approach with the release of Windows Server 2008 R2 RTM, since Windows Deployment Services supports deployment of VHDs now, but I deflated myself a bit when I realised this was only a means of deploying for native boot from VHD rather than deploying a VHD to hardware as though it was a captured WIM. When I figured this out I went back to capturing physical images, and blindly overlooked this option. Nice one!

Monitor stroke and Ctrl+click in jump lists

I was just looking at the Virtual PC Guy blog about the combined on/offline VDI in a forthcoming VMWare release when I noticed that he says he has six monitors on his desk at work. Six!!! I remember having three (when I also had three computers) on my desk in 2001-2002, and I’ve definitely had that many again while working on crazy builds, but I’m finding it hard to fathom how cool it would be to have six (let alone enough desk space to accommodate them).

Then it occurred to me that this must require a fairly massive amount of added power, especially when you account for the monitor envy this would induce in his colleagues. In fact, I think Virtual PC Guy’s monitors probably account for an ice shelf or two singlehandedly. 😉

I’d struggle to justify it myself, especially with that new Windows 7 (and Server 2008 R2) taskbar. I’m particularly enamoured with Ctrl+click in the jump list. The jump list itself has been much discussed, and I reckon it may justify the upgrade to Windows 7 in its own right. This added functionality seals the deal though.

The length of the title of a document (or perhaps just a rubbish name for a document, or multiple versions of a document) sometimes makes it hard to identify a target in the jump list. If you click the taskbar icon for the application (Word, Notepad, Outlook, browser, etc) while holding down Ctrl it will cycle through the instances of that application, bringing each to the fore in turn for a peek. Think of it as ALT+TAB within a jump list. It’s an excellent way to unveil what’s hidden without introducing a requirement for seventeen screens.