Tag Archives: Windows 7

ODBC Drivers Missing from Windows 7 64-Bit

If you go in to the Windows 7 Administrative Tools and double-click on the “Data Sources (ODBC)” icon just as you always have, and then attempt to add a new User DSN or System DSN, you will notice that there are almost no ODBC drivers to choose from.  This is especially confusing for end users who are simply trying to set up a connection to an Access or SQL database.

The secret is that most of those drivers are 32-bit, so, in order to access them you must right click on the “Data Sources (ODBC)” icon and choose “Run as Administrator” in order to see them.  Doing so allows the 64-bit Control Panel applet to display them.

Alternatively, you can simply launch c:\windows\sysWOW64\odbcad32.exe, which launches the 32-bit version of the “Data Sources (ODBC)” applet.

Bonus Tip:  With Windows 7, most organizations are no longer giving end users administrative rights to their workstations.  One consideration in regards to ODBC connections is that in order to create a System DSN, you must be an administrator of the local workstation.

Creating System DSN’s has been the defacto standard of most installation instructions that require DSNs for years, so you will likely need to modify any documentation.  User DSN’s work just as well as System DSN’s, except they must be set up individually for every user on a workstation.

Resolution for Unexplained Failure of MDT 2010 Inject Drivers Task

I was recently asked to troubleshoot an issue for our OS build team at work.  They had recently switched from Altiris 6.9 Deployment Server to Microsoft Deployment Toolkit 2010 Update 1 and were having a devil of a time with getting the driver injection to work with Windows 7… even under the simplest of circumstances.  Nothing made sense as to why it wasn’t working.

After going through the entire environment top to bottom, and watching the deployment process over and over again, I finally happened upon the solution.  It turned out to be one of those seemingly insignificant things that caused the whole process to fail.

It turns out the solution was actually quite simple, though difficult to find.  If c:\drivers exists in the captured .wim file (as it did for us, and this is generally a hidden folder so it may not be readily apparent that it is there), the Inject Drivers task during the Preinstall phase of the Task Sequence will not copy any new files to it, so the drivers never get copied.

Instead, it drops them in c:\windows.old\drivers (hidden of course), and doesn’t do anything with them.

Since it’s the windows installation and not the MDT scripts doing that, it’s not a logged action in the deployment logs making it incredibly difficult to troubleshoot.

A couple of other useful tips we discovered along the way.  First, it may be necessary to disable the requirment of signed drivers in Windows 7 to support all drivers you wish to inject.  You can use the local group policy in order to do this, but if you want to integrate it into your build process you can run these two commands:

bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS 

bcdedit.exe -set TESTSIGNING ON

Restart your computer for the changes to take effect and you’ve just disabled digital driver signing in Windows 7!

Secondly, your folder names under Out-of-Box-Drivers must exactly match the make & model variables as reported by WMI (which is not always what you would expect/hope it would be).  This handy VBScript can be run on any computer and will display those two pieces of information.  We used it while we running DoubleDriver on our reference machine so that we could gather all of the required information/drivers at once.

Just copy this code into notepad and name it something like DisplayModelInfo.vbs.

strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_ComputerSystem")
For Each objItem In colItems
 WScript.Echo "In MDT Variable Make will be: " & objItem.Manufacturer
 WScript.Echo "In MDT Variable Model will be: " & objItem.Model

How to Install Vantive 8.x on Windows 7 SP1

Recently I was asked to figure out how to install Vantive 8.x in Windows 7 SP1. The core issue is that Vantive uses many unsigned components which Windows 7 SP1 really doesn’t like, so this procedure would likely work for any similar programs that use unsigned components or controls.

You’ll need to be logged in with administrative permissions to install the software, but once installed the user will not require administrative permissions to run it.

  1. Copy the software installation folder to the local PC
  2. Right click on Setup.Exe (or similar file) and click on Properties.  Change to the Compatibility tab
  3. Set it to run in compatibility mode for XP Service Pack 2
  4. Hit OK
  5. Run Setup.EXE (or similar file) by right clicking on it and selecting “Run As Administrator”
  6. It should install normally choosing the defaults and setting the server.
  7. Open Internet Explorer
  8. Go to Tools – Internet Options
  9. Click on the Advanced Tab
  10. Scroll down to the Security section
  11. Check “Allow software to run or install even if the signature is invalid”
  12. Hit OK and close Internet Explorer
  13. Click on start, browse to the Vantive icon, right-click, and select Properties
  14. Change to the Compatibility tab
  15. Set it to run in compatibility mode for XP Service Pack 2
  16. Hit OK
  17. Click on start, browse to the Vantive icon, right-click and select “Run As Administrator” and login as normal
  18. You’ll get prompted a bunch as it downloads all of the unsigned controls, but they will install.

Logging in with a regular account without administrative permissions, I set Vantive to run in Compatibility mode for XP Service Pack 2 and launched as normal.

Virtualization: Microsoft Enterprise Desktop Virtualization (MED-V) A-Z Deployment

Microsoft Enterprise Desktop Virtualization, or MED-V, is Microsoft’s solution to resolving compatibility issues with Windows 7 in the enterprise environment.

MED-V extends enterprise-level control and configuration to the Windows Virtual PC (i.e. XP Mode) feature built-in to Windows 7. In short, administrators create an image, apply policies & applications to that image, and then publish the image to a MED-V server. Client PCs can then install the MED-V client, connect to that image, and download it to run legacy applications. The server therefore does little more than distribute the image to clients the first time and any time a change is made to the master image file.

The whole process is pretty slick from the end user’s perspective, as they are presented with a list of published legacy apps, not the actual Windows XP virtual PC. They can even pin the apps to their taskbar and run them as if they were any other application. For the end-user, it’s like running any other application.

Administratively though, it takes a bit to get to that point, which is the purpose of this article.

The Microsoft Library naturally has quite a few articles on designing, deploying, and configuring a MED-V environment, but as usual they are a bit convoluted and don’t do a very good job of illustrating the exact process and administrator needs to take. Still, I highly encourage any readers to thoroughly review the material available there. The MED-V Team Blog is another excellent resource for up-to-date information on MED-V and instructional videos.

Right up front you should know that MED-V is part of the Microsoft Desktop Optimization Pack, and that is only available if you have a Microsoft Software Assurance subscription (or its equivalent). Don’t bother looking for a DVD in your subscription pack either, you’ll have to download it from their Microsoft Volume Licensing Site (MVLS) (at least as of this writing).

Once you’ve obtained the ISO, you’ll want to launch the installer on your new MED-V deployment server. As with everything, I would highly recommend a dedicated server for this.

Streamlined Server Installation & Configuration

Microsoft’s documentation is littered with stuff, so this is a quick overview of what you need to set up and configure for a single server MED-V environment.

Assuming you want to stick with just one server, you’ll need to do the following. Note that these instructions are for Windows Server 2008 R2:

  1. Install the Background Intelligent Transfer Service (BITS) under Features in Server Manager.
  2. Install the Web Server under Roles in Server Manager. Make sure to check the boxes to include Basic Authentication, Windows Authentication, and Client Certificate Mapping Authentication
  3. Launch the MDOP CD, and then click on “Microsoft Enterprise Desktop Virtualization.”
  4. Now, under “Install the MED-V Server,” install either the 64-bit or 32-bit MED-V Server component. This will be the only component you install on the server.

At this point you have everything installed for the server to function, but you won’t be able to run reports until the SQL components are set up… more on that in a minute.

Reboot for good measure, and then launch the MED-V Server Configuration Manager, which will now be under your start menu.

It’s actually exceedingly easy to configure. There are four tabs; Connections, Images, Permissions, and Reports.

Your client PCs will connect to the server through either port 80 (the default) or port 443. Port 80 is enabled by default. I certainly recommend setting up an SSL connection and doing this securely, but as I have a philosophy of not overcomplicating things when you’re initially figuring them out, I’d keep it on port 80 for now and enable 443 once you have confirmed you have a working environment.

The VM’s directory is the directory on the server where the images will be stored. Make sure it is on a drive with plenty of space… especially if you intend on having multiple images/configurations. I use “DRIVE:\MED-V Server Images.”
The VM’s URL is how the client software will connect to the server (we’ll configure IIS in a bit). If they are just internal clients, you can use something simple like http://SERVERNAME/MEDVimages or whatever. Note that the client PCs won’t see this URL.

By default, the “Everyone” group has full access to the server. I highly recommend removing that and adding a more appropriate Active Directory security group. “Changes Allowed” simply means that the group specified can make configuration changes to the policies published to the server.

Assuming you have not yet installed the Microsoft SQL Server Management Objects collection, you will be presented with two links on this tab, one for SQL 2005 and the other for SQL 2008. Once these are installed, you’ll be able to configure the reporting options if desired.

Now you’re ready to configure IIS. This is actually pretty simple, and there really isn’t much too it.

  1. Create a Virtual Directory under the Default Web Site named “MEDVImages” (or whatever you used in your URL above). Point the physical path to “DRIVE:\MED-V Server Images” or whatever you used in the images section above.
  2. Click on your new Virtual Directory, and double-click on “BITS Uploads” (all the way at the bottom of the default “Features” view). Check the box to “Allow clients to upload files.”
  3. Now click on “Mime Types.” You’ll need to add two mime types, .ckm and .index, set both to: application/octet-stream
  4. Right-click on the Default Web Site and select “Edit Permissions.” Click on the Security tab and add the “Everyone” group, assigning them “List Folder Contents” and “Read” permissions. Note that you can use more specific security groups if you want. Do the same thing for the MEDVImages virtual directory.

Congratulations! Your server is ready to go… but that was the easy part ; )

Creating a new Virtual PC Image

I use Windows 7 exclusively, and when I read in Microsoft’s documentation that I would need to create my MED-V image with Virtual PC 2007, I assumed I would need to install XP or Vista. Not the case, even though it won’t run on Windows 7 if you download it from the web, it will if you install it from your MDOP DVD.

Caution: If you have enabled the Windows XP Mode feature under Windows 7, you will need to remove it or you risk causing yourself quite a few headaches. Personally, I recommend using a dedicated MED-V Management PC for the rest of these operations. Windows 7 works just fine, just no XP Mode.

Pop in your MDOP DVD, click on Microsoft Enterprise Desktop Virtualization again, and install the following:

  1. Virtual PC 2007 SP1
  2. Both Hotfixes for Virtual PC 2007 SP1

You are now ready to create yourself a new image. I won’t go into the specifics, but they can be found here.

In my environment, I created myself a new Windows XP box with a 20GB hard drive (the hard drive file will expand as space is consumed, so not all 20GB is taken up right away… my VHD file ended up at 4.7GB).

I did not join my XP box to the domain, I simply gave it a name and installed the software I needed (including our anti-virus solution). You can SysPrep it if you want, particularly if multiple MED-V images will be run on the same end users’ computer. Again, I did not, we were only using MED-V for a very small number of legacy apps. You should not use SysPrep to join it to the domain anyway in this scenario, that should be done under the MED-V join domain script (in the management console, we’ll get there).

Joining the VM to the domain is a matter of debate anyway. For me, it would just be one more AD object to manage, and we were only using them to run one application. The end user cannot get to the console (unless you want them to), so if the applications you are using do not require domain access, it may make sense to leave it as a bare bones box. I would suggest patching it up and installing anti-virus software though.

Once the box is ready, you’ll want to copy the MED-V_workspace_1.0.65.msi file off of the MDOP DVD and run it. Once installed, you’ll find the “VM Prerequisites Tool“ under Start – All Programs – MED-V. Run it, and follow the directions to set your image options.

Note that there are some options you cannot change. This is by design, think of it as Microsoft informing you what they are doing in advance (a rarity… be appreciative).

The options are discussed here, but for the most part the defaults are adequate.

You will also need to install the Microsoft Virtual Machine Additions. To install them, just go to Action – Install or Update Virtual Machine Additions on the VM’s console window.

If you want any other application to be available to your end users, now is the time to install them. Once that is done, shut down the Virtual PC.

You have now successfully created for Virtual PC base image! You still have a ton more to do though : )

Creating a MED-V Workspace

Remember that MDOP DVD, pop it in your MED-V management station again, time to install the management console.

Click on Microsoft Enterprise Desktop Virtualization (yet again), and do the following:

  1. Scroll down to Install the MED-V 1.0 SP1 Client and Management Console
  2. Click on “New install on Windows 7, …”

Make sure that you check the option to install the MED-V Management Console. During the installation routine, it will ask you to specify a server and port for your MED-V server. Type in the hostname (or IP) of the server you installed the MED-V Server component on (Microsoft pre-populates it with “MEDVServer”), specify the port (probably still 80), and click to continue.
Once installed, you’ll find a MED-V Management icon under the MED-V folder in your Start menu. Launch it, and we’re ready to create a policy by doing the following:

Click on the “Images” button at the top

  1. Under “Local Test Images” click new and specify the location of the base image file you created in Virtual PC 2007 and give the image a friendly name, such as WindowsXP.
  2. Click OK

Now click on the “Policy” button at the top.

  1. On the first tab, General, give your new “Workspace” a name, such as LegacyApps or IE6.
  2. Click on the Virtual Machine tab and click the “Refresh” button, then select your image from the “Assigned Image” drop down box.
  3. The Deployment tab is where you set all of your User/Group permissions. Notice that the settings under General, Data Transfer, and Device Control are all per user/group… so you can have individual settings for each one. Activating the clipboard and printing are popular options here.
  4. Under the “Applications” tab, you are going to specify the apps the users will have access to. Assuming you want to publish Internet Explorer 6, you would type “Internet Explorer 6” in the Display Name and Description fields, and then type “c:\program files\Internet Explorer\iexplore.exe” in the Command Line field (with quotes since there are spaces).
  5. The “Published Menus” area underneath allows you to publish an entire menu, such as Microsoft Office 2003, instead of typing out each and every application.
  6. Set the “Start-menu Shortcuts folder to whatever you want to name it. It’s a very end-user unfriendly name of MED-V Applications by default. I use “Windows XP Applications.”
  7. Click on the “Web” tab. This allows you to control web browsing behavior. Click on the “Browse the list of URL’s defined in the following table” check box, and then make sure “In the Workspace” is selected. Now, you can specify domains (such as Microsoft.com) that will always be browsed in the workspace. If someone types in the specified domain in IE8 under Windows 7, they will automatically be redirected to IE6 under Windows XP. Cool stuff.
  8. Now, under “Browse all other URLs” you can select “In the host.” This allows you to force all other web sites to be opened under the much more secure IE8 under Windows 7. Even if a user directly types a URL into the legacy IE6, they will be directed to IE8. You can also set it to direct “mailto” links to the host, so that their default email application will be activated. Cool stuff!

Don’t forget to click the “Commit” policy button (right under the big Policy button or underneath the Policy menu).

Certainly there are a lot of other policy settings you can choose. I recommend looking through each and deciding what works best for you.

Finally, it’s time to pack your new image. Click on the “Images” button again and do the following:

  1. Under “Local Packed Images,” click “New”
  2. Select your base image file again and give the image a name, just as you did in the Test Image screen.
  3. Click OK. The packing process will now be kicked off, combining the policy you just created with the image file. This takes a few minutes.

Now that we have the image all packed and ready to go, we have to get it up to the server for distribution. Highlight your new packed image, and click “Upload.” Depending on your network speed, this can take a very, very long time.

Once uploaded, launch MED-V on your PC and log in. It will prompt you to either “Use Test Image” or “Use Deployed Image.” You get this choice because you created the image on your PC. Choose “Use Deployed Image” and you’ll get the exact experience your end users can expect… which is basically waiting a very long time while the multi-gigabyte image downloads to their PC.

When it finally finishes downloading, you’ll notice that nothing happens… no XP screen. This is by design, as XP is just running in the background. If you look under your Start menu, you’ll notice the new shortcut folder you created earlier (Mine is named Windows XP Applications). Under there you will see the applications and menus you specified when creating your policy. Click on one, and it will launch the application as expected, surrounded by a red box to show clearly that it is running in the legacy XP mode.

MED-V is an exceptional solution to move your organization forward with Windows 7 while maintaining compatibility with legacy applications. While it takes some time to set up and configure, it is well worth the effort.