A crash course in Windows 7 print queues

Initially sent as an email, but as I need to link to it to assist others it has been converted into a blog post.

I am going to attempt a single “crash course in Windows 7 print queues” post to assist in answering questions regarding the new print system that we migrate to along with the migration to Windows 7. Many of these elements have been discussed separately, but it doesn’t appear that I have linked all of the elements successfully in a single overarching description.

1.) PRINT SERVER
The first change with the move to Windows 7 is that we are moving to a 64 bit operating system. This change immediately breaks the Win32 style queues that we are currently using on is-print so a new 64 bit print server exists for those who have migrated to Windows 7.

FAQ#01: The new server is \\uom-print\ which should be used in FQDNS format \\uom-print.unimelb.edu.au\

2.) PRINTER DRIVERS
As previously mentioned the drivers are 64 bit versions, for both our Toshiba e-Studios and HP 4015x printers we have also migrated to the Universal printer drivers as this resolves many of the driver issues found on the old print server (incorrect drivers, obsolete drivers etc.) Drivers are managed at the print server and are deployed to the client when the queue is created.

FAQ#02: Slow printing? If a client is experiencing slow printing open the printer properties and check on the ‘Others’ tab to ensure that ‘SNMP Communication’ is not enabled. The SNMP setting on the printers is disabled and the driver will wait for an SNMP timeout before process the job; painful for everyone involved.

3.) ADDING A PRINTER
All staff who have been processed via the migration process should have their replacement printers re-mapped like for like. If new printers are required there has been a change in the naming process which needs to be understood.

FAQ#03: Printer queues now follow the format BuildingFloor.Room-description
Eg. 278L3.306-ToshibaEstudio3540c

If you know the building and floor use;
Sorting on Name – BuildingFloor.Room-description

Bld 199 = Arts Building (Visual Arts, Drama)
Bld 243 = 715 Swanston St (CSHE, LH Martin)
Bld 263 = 234 Queensberry St
Bld 269 = 170 Bouverie St (LH Martin)
Bld 276 = 100 Leicester St
Bld 326 = 109 Barry St (ICCR)

If you know the UOM asset number use;
Sorting on Comments – UOM##### Description

4.) DEPARTMENT PRINT CODES
Department print codes are still required and need to be added per printer/ per user profile. The Universal driver allows for the Department codes to be saved with custom printer profiles (fixed from the 32bit drivers). The code is entered from the printer properties, ‘Others’ tab.
( New Department print codes are requested via the ed-IT Help Desk x48736 )

5.) SPECIAL CASES
We do have a few special cases such as computers that are not on the domain/AD connecting to printer queues or direct IP based printer queues for Admins systems. These are outside of the scope of this post and will be dealt with on a case by case basis.

Outlook Profile Setup issue, Win7 MOE1.2

Under the new Win7 MOE image I am unable to run the setup.exe file generated by the Outlook Profile Setup function on my external mail server. The .exe file requires an Administrator login but needs to run in the context of the user for who the Outlook profile is being configured – creating a red-tape vortex.

The second option is to run with the PRF File;

PRF files can be imported via command outlook.exe /importprf \\server\share\profile.prf. After a successful profile installation or update, Outlook will start automatically. Outlook will then prompt you to enter your account password before you can download your e-mail.

We appear to have a 32-bit version of Outlook 2010 on a 64-bit version of Windows, giving us the path used below (other version will have a different path).

1. Save profile.prf into C:\SRC\outlook\

2. From a command prompt run the following
CD C:\Program Files (x86)\Microsoft Office\Office14

3. Then run Outlook to import the PRF with the following commend
outlook.exe /importprf C:\SRC\outlook\profile.prf

In the first test of this PRF method I had to authenticate to the external server multiple times, I am guessing we are clearing the preconfigured MOE settings during this process. It was slow but did eventually configure Outlook for the user.

Windows 8

Windows 8 Developer Preview via Windows Dev Center

System Requirements
Windows Developer Preview works great on the same hardware that powers Windows Vista and Windows 7:
* 1 gigahertz (GHz) or faster 32-bit (x86) or 64-bit (x64) processor
* 1 gigabyte (GB) RAM (32-bit) or 2 GB RAM (64-bit)
* 16 GB available hard disk space (32-bit) or 20 GB (64-bit)
* DirectX 9 graphics device with WDDM 1.0 or higher driver
* Taking advantage of touch input requires a screen that supports multi-touch

HP Compaq nx6320 – Cold boot and log on…

LINKS:
[1] Windows Developer Preview guide (PDF) [MS]

Enable Telnet in Windows 7

I discovered whilst configuring a network thermometer that if you try to launch Telnet from a command window in Win7 you get the message;

‘telnet’ is not recognized as an internal or external command,operable program or batch file.

What is the story here? By default Windows 7 does not support telnet command, the service must be enabled via Windows Features.

1. Open “Control Panel”
2. Select “Programs and Features”
3. Select “Turn Windows features on or off”
4. Tick the box for “Telnet Client”

The telnet client will now be available.

User State Migration Tool (USMT)

User State Migration Tool (USMT)
The User State Migration Tool (USMT) captures desktop, and application settings, as well as user accounts and users’ files, and then migrates them to a new Windows installation. Using USMT can help you improve and simplify your migration process.

USMT v.3.0.1 can be downloaded from Microsoft

USMT works with the following systems
Source system: Microsoft Windows 2000, Microsoft Windows XP or Microsoft Windows Vista.
Destination system: Microsoft Windows XP or Microsoft Windows Vista.
Note: USMT does not support any version of Windows Server as either a source or destination system.

Using the USMT
Using the USMT with its default migration settings is not difficult; you run Scanstate.exe to save user documents and settings to a temporary location (removable drive, a network share) and then run Loadstate.exe to restore those documents and settings.

Microsoft® Windows® User State Migration Tool (USMT) version 3.0.1 migrates user files and settings during deployments of Microsoft Windows XP and Windows Vista. You can use USMT to perform unattended migrations and to migrate files and settings for computers with multiple users. Also, with USMT you have the ability to encrypt and compress the store. USMT 3.0.1 is intended for administrators who are performing automated deployments. [1]

OBJECTIVE:
Migrate user profiles (Domain only) from an old PC to a new PC during the computer upgrade process. Do not clobber upgraded config’s hence migrate rather than copy.

In these examples the temporary storage location is “E:” (removable drive, a network share) The drive needs to be NTFS or similar as these migration files can be quite large., and you’ll be quite upset when the migration falls over when the file hits 2GB on a FAT formatted drive

Create a folder structure so that there is a PROFILES directory in the root of E:.

Inside this directory use folders to identify your storage areas for each machine. In our testing we have found it useful to create a baseline profile set for each base image, to recover local admin settings in case of “oops!” occasions – this location is named “baseline-%imagename%“. When migrating from a machine create a folder based on the asset number ie. NNNNNw

E:\PROFILES\baseline-%imagename%\
E:\PROFILES\NNNNNw\

Also inside the PROFILES directory have a copy of the USMT301 installation;

E:\PROFILES\USMT301\

COPY:
scanstate E:\PROFILES\NNNNNw /i:MigUser.xml /i:MigApp.xml /o

RESTORE (Domain Users):
loadstate E:\PROFILES\NNNNNw /i:MigUser.xml /i:MigApp.xml

Other data?
Have the users move critical/sensitive/private/confidential data onto the server befoer the migration process.
What about the other data left by users that is not in the tool migrated locations? Perform a quick search across the HD and copy these files into
E:\PROFILES\NNNNNw\extra\
Then on the new machine restore these files to
C:\migrated\

LINKS:
[1] Windows User State Migration Tool (USMT) Version 3.0.1 (2007-Apr-20) [MS Download]
[2] User State Migration Tool 3.0 [MS Technet]
[3] Quick Start Guide to Windows Vista User Profile Migration [MS Technet]
[4] User Profile migration / relocation [Google Groups]
[5] The USMT team blog [MS Technet]
[6] What is the User State Migration Tool? | The USMT team blog [MS Technet]

[Error number: 0x80072F76]

A laptop that I manage had been running along ok with MS Office XP, but to allow for the use of “ink” enabled packages for use with an interactive whiteboard it was time to upgrade to MS Office 2003. (NOTE: We don’t run Office 2007). I un-installed Office XP, restarted and installed Office 2003 Pro. I had copies of SP1 and SP2 for Office 2003 with me but no SP3 so I jumped onto Microsoft Update to patch the system … this is where things didn’t look too good

[Error number: 0x80072F76]

WTF? Straight onto Google and I see that MS KB836941 deals with this;

CAUSE
These errors indicate that the Windows Update client did not receive a response from the Windows Update or Microsoft Update Web site. This may be caused by programs that are running on the client computer or by general network-related failures.

Not up there with the most useful KB’s ever published. The information available regarding this issue is quite poor but there are some gems that can be sifted from the chaff. After checking network connectivity and proxy-on/proxy-off configurations it was time to dig a little deeper. There appear to be two distinct options at play with this error;

1. Third party software (AntiVirus/Firewall/anti-Spyware/etc.) blocks the Update
2. The Microsoft update cache files, ActiveX controls, or other component has become corrupted.

As I did didn’t have anything unusual happening with the security software a quick replacement of the Windows Update software was in order.

THE FIX:

1. Control Panel > Automatic Updates > Turn Off Automatic Updates
2. Administrative Tools > Services > Automatic Updates : Stop Service
3. Rename %SystemRoot%\SoftwareDistribution to be %SystemRoot%\SoftwareDistributionOLD
4. Administrative Tools > Services > Automatic Updates : Start Service
5. Re-run Windows Update and let it rebuild all of the ActiveX controls and settings
6. Control Panel > Automatic Updates > Turn On Automatic Updates

A short time later things were off and running again.

Patch Tuesday Wednesday (MAY-2008)

Welcome to another Patch Tuesday. This month we have 3xCritical, 1xModerate patches for our entertainment, all of which are detected via Microsoft Baseline Security Analyzer (MS BSA 2.1). A restart will be required.

Bulletin	KB number	Description	Severity	Impact	Software
MS08-026	951207	Vulnerabilities in Microsoft Word Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Office (Word)
MS08-027	951208	Vulnerability in Microsoft Publisher Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Office (Publisher)
MS08-028	950749	Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS08-029	952044	Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service	Denial of Service	Moderate	Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, Microsoft Forefront Security

MS06-069 has been re-released listing XP SP3 as an affected version.

For this month:

This month Microsoft released four bulletins which repair a total of six vulnerabilities. One of these vulnerabilities ( MS08-028 ) has been seen within in-the-wild zero-day attacks dating back to March, although it had been publicly disclosed in March of 2005 … — eEye [5]

PATCH NOW:
MS08-028 is in the wild and being exploited, patch now.

LINKS:
[1.] May 2008 Monthly Release (2008-May-13) [MS]
[2.] May 2008 black tuesday overview (2008-May-13) [SANS]
[3.] Microsoft Security Bulletin Summary for May 2008 (2008-May-13) [MS]
[4.] Microsoft security updates for May 2008 (2008-May-13) [MS]
[5.] Microsoft Patch Disclosure – May 2008 (2008-May-13) [eEye]
[6.] May 2008 Advance Notification (2008-May-08.) [MS]

Windows XP SP3

Microsoft have finalised the code for Windows XP SP3 last week, to be made available for download this week.

Windows® XP Service Pack 3 (SP3) includes all previously released updates for the operating system, in addition to a small number of new functionalities that will not significantly change customers’ experience with the operating system. This white paper summarizes what is new in Windows XP SP3, and how to deploy the service pack.
– Windows XP Service Pack 3 Overview [PDF]

Release schedule:
April 14, 2008: Support is available for the release version of Service Pack 3 for Windows XP
April 21, 2008: Released to OEM and Technet/MSDN subscribers
April 29, 2008: Manual Update (Microsoft Update, Windows Update, Download Center), but was quickly removed when compatibility issues arose.
May 06, 2008: Re-released via manual update
June 10, 2008: Automatic Update (Windows Update)

Windows XP Service Pack 3 (SP3) build 5512 was released to manufacturing on April 21, 2008, and Microsoft planned to make it available to the general public on April 29, 2008 via Windows Update and the Microsoft Download Center. However, due to a compatibility issue with Microsoft Dynamics Retail Management System, the release of Windows XP Service Pack 3 was delayed.
– [Wikipedia]

The delay is because there is a “compatibility issue” between the XP SP3 and Microsoft Dynamics Retail Management System, a retail chain management program. Microsoft has now also removed the automatic distribution of Vista SP1 because of the same RMS bug issue.

Windows Service Pack Blocker Tool Kit [1]
A blocking tool is available for organizations that would like to temporarily prevent installation of Service Pack updates through Windows Update. This tool can be used with:
* Windows Server 2003 Service Pack 2 ( valid through March, 2008 )
* Windows XP Service Pack 3 ( valid for 12 months following general availability )
* Windows Vista Service Pack 1 ( valid for 12 months following general availability )

As we need to perform a large amount of testing against our standard operating environment, we may find that some packages are incompatible with SP3. In this case we may need to block the distribution of SP3 via Windows Update.

The Windows Service Pack Blocker Tool Kit is used to set or clear a specific registry key that is used to detect and block download of Service Packs from Windows Update.

Even if some sites are recommending that users should upgrade to SP3, use caution even for home systems as there may be gotcha’s lurking in the deployment that we are not yet aware of.

“Windows XP Pro SP3″ has now been added to our equipment register as a valid OS, but is official not supported by our unit or by our central IS area. Let the testing begin

[1] Windows Service Pack Blocker Tool Kit [MS]
[2] Windows XP Service Pack 3 FAQ [Paul Thurrott]
[3] Windows XP Service Pack 3 Resources for IT Professionals [MS Technet]
[4] Microsoft releases the long-anticipated Windows XP SP3 (updated) (2008-Apr-29) [ARS Technica]

GHOST boot disks for HP dc7800

The HP dc7800 replaces the dc7700 as our SOE desktop for this year. The dc7800 uses the Integrated Intel 82566DM Gigabit Network Connection, and we need to update to the Intel® 8256x v12.3 drivers to make sure that our boot tools work well with this model. This driver is also backwards compatible to our other machines will also boot from this boot disk.

Although I had discussed this change with many people via the dc7700 boot disk pages we had not proved the drivers for ourself as our initial evaluation machine was a pre-production model, our first delivery of production machines has arrived and we were able to put the theory into practice We are still using Ghost v8.3 and this driver has tested well for all of our boot tools (Floppy, USB, CD, Server/Console)

If you already have a working dc7700 boot set you can grab the drivers for the Intel® 8256x Ethernet Controllers via the Intel website. Grab the DOS drivers and update the e1000.DOS file.

The Ghost boot disk wizard builds a 2 disk set, I have set this set up with IBMDOS (PC DOS) and to useDHCP for IP allocation. (To make the machines statically mapped for IP’s create a populated A:\GHOST\WATTCP.CFG file)

To make it possible to distribute these disk images, I have stripped the ghost.exe file (a:\ghost\ghost.exe) from disk 2. You will need to add your licensed ghost.exe onto this disk after you create the disk from the image.

As I have mentioned before, I keep sets of my boot disks stored as IMG files created with RawWrite for Windows, this makes it a lot easier when it comes to modifying and distributing boot sets. You will need to use RawWrite for Windows, or a similar tool to unpack the images.

I have put some zipped copies of the IMG files up on MediaFire [Tags: ghost dc7800 visibleprocrastinations]. Unpack the zip files to get access to the IMG file.
dc7800-dhcp-both.zip (190 KB) (@MediaFire)

cheers

Previously:
GHOST boot disks for HP dc7700
GHOST boot disks for HP dc7700 (II)
GHOST boot disks for HP dc7700 (III)

Getting a closer look

So that we can do a quick risk assessment before making software available for deployment, we need a few simple tools to look at the changes made to a machine by adding new software, to give a quick pathway and testing procedure to add software to our “approved software list”. Digging back through our Windows XP tool kit we have a few options;

1.) XP Change Analysis Diagnostic Tool

Earlier today I came across a new tool that might be useful to InfoSec professionals. Though it is not a “security” tool, it can be used by support people to help better understand the modifications that may have occurred to a particular system. Once installed the tool will scan the computer looking for specific types of changes to the computer … [1]

After you have installed the diagnostic tool, click Start, click Run, type statechangediag.exe, and then click OK.

Modes of operation
You can run the diagnostic tool in wizard mode or in command line mode.

Wizard mode
By default, the Change Analysis Diagnostic tool runs in wizard mode. In wizard mode, the tool installs itself and starts when the user connects to the download location. The wizard asks the user some basic questions and then gathers the requested data. When the wizard finishes, the tools displays information about what has changed on the computer. Then, the user can send the .xml file to the support professional for more analysis. The user can find the file by using the path that is provided when the wizard finishes. Typically, this location is the Drive:\Documents and Settings\User folder.

Command line mode
In command line mode, the Change Analysis Diagnostic tool provides the same functionality. However, this mode lets support professionals run the tool by using scripts and by using batch processing.

The command line mode supports the following options:
• The -nogui option changes to a console application instead of a GUI-based application.
• The -verbose option changes the output log to verbose.
• The -history option lets you specify a different number of days to start the scan. By default, this is 7 days.

Limitations
The Change Analysis Diagnostic tool is intended only to help determine recent changes that may affect the user experience. The tool is a read-only program that can display information about changes to a computer that is running Windows XP. Therefore, consider the following points:
• The Change Analysis Diagnostic tool is not a security tool. For example, it cannot help remove malicious software.
• You cannot use the Change Analysis Diagnostic tool to automatically reverse system settings, to uninstall applications, or to remove any other software.
• The Change Analysis Diagnostic tool does not determine all changes to computers. The tool also does not correct all changes to computers.
• The Change Analysis Diagnostic tool does not recover any system components. The tool also does not modify any system components.
• The Change Analysis Diagnostic tool will not function in Safe Mode.
The Change Analysis Diagnostic tool requires Microsoft Windows XP Service Pack 2 (SP2). The tool also requires that restore points are created on the computer. The diagnostic tool cannot detect changes if system restore points are not present.

… [2]

2.) Software Explorer

Software Explorer in Windows Defender allows you to view detailed information about software that is currently running on your computer that can affect your privacy or the security of your computer. You can see, for example, which programs run automatically when you start Windows and information about how these programs interact with important Windows programs and services. … [3]

3.) SysInternals tool kit
From Microsoft SysInternals [4];
• Process Explorer for Windows v10.21
• Process Monitor v1.12
• AutoRuns for Windows v8.61
• PsTools v2.43
• ShareEnum v1.6

4.) Ghost AI Snapshot
Start AI Snapshot; Set to watch setup.exe for the Application in question.
Ghost builds an AIC file listing the differences between before the installation and after the installation as part of the snapshot. This AIC file documents a heap of information that is useful (and not so useful).

Issues:
Browser Helper Objects (BHO’s), servers, services, new ports opened, certificate changes, interactions with XP security centre, install problems. P2P, traffic generation, java version rollback

Procedure:
The next trick is to create a workflow where the testing procedure can be performed quickly, the documentation created and filed correctly, and only items that raise a ‘risk flag’ are passed on for further evaluation. This will be the more difficult step.

[1] Microsoft XP Change Analysis Diagnostic Tool (2007-Mar-28) [SANS]
[2] The Change Analysis Diagnostic tool for Windows XP is available (2007-May-29) [MS]
[3] How to use the Windows Defender Software Explorer (13-Feb-2006) [MS]
[4] Microsoft Sysinternals [MS Technet]