Dual boot Windows 7 and Windows Vista

As part of the march onward towards Windows 7, I turned my Windows 7 RC box into a dual boot system with Vista as the other operating system. Normally you’d install Vista first and then 7, but I already had 7 on the box and didn’t want to reinstall it. So I installed Vista on a separate HDD and then ran EasyBCD in 7 to create another boot entry. Interestingly enough, though Vista is on D drive from 7’s POV, when Vista comes up its boot drive is C as far as it’s concerned. Overall converting this to a dual boot system was far less difficult than trying to make my other Vista box into dual boot Vista/XP which as we know was rather traumatic and time consuming. The plan overall is that where I currently have two physical machines at my desk, in future I will only have one.

One of the reasons for setting up Vista on this newer box was to try to get a more optimal setup for Premiere Elements – which I have persevered with this week to get my video edited – and which surprisingly enough I have managed to cope with all that time despite many, many crashes. When it came to burning the DVD though, no way it could burn one with a menu on. Another very glaring issue was that it simply could not cope with a different disk path from the original location it and the files were saved in. After struggling with the silly “Media offline” message I gave up and moved the files into a drive that I had mapped to the same drive letter as the original. Then it worked properly again. My overall impression has unfortunately not changed that much, especially after finding that others had similar experiences. Adobe claims this software won some sort of award. I just don’t understand how they can have any real credibility with such a flawed product, why don’t they make a bit more effort to get it to work properly. Anyway, enough of that.

Once the release version of 7 reaches us, I’ll be putting that onto this machine and rearranging its disks a bit. It currently has four disks totalling 1 TB, but three disks of around 750 GB should be enough, including the two boot disks of 160 GB each. I’ve also spent a bit of time putting together a backup desktop on a Hyper-V virtual machine. The idea is that when the PC is booted into Vista, I can log onto this Hyper-V desktop (running 32 bit Vista) and access all my email in Outlook seamlessly. I can also work on stuff that won’t run properly on 7, for example our SMS has ODBC drivers that are only 32 bit and won’t install on 7 x64. The backup desktop will be useful in a variety of situations and again it emphasises the versatility of virtualisation.

World’s most disappointing video editing software… Adobe Premiere Elements

Where do I start? I had prior experience of the full edition of Adobe Premiere, version 5.x. This impressed as a dependable, powerful software package on a PC, considering that Premiere was originally developed for the Mac. Premiere 5 was stable, and it did a lot of good things and it did them well. So I expected a lot from Premiere Elements 4 when we purchased it here at school, just one computer, my computer, so that I can author DVDs from footage shot of school events and occasionally a personal video as well. Unfortunately the experience with Premiere Elements 4 has proved to be extremely disappointing. I hate having to write a negative review of any product, but the cumulative problems add up to a lot of heartache. I expected that it would be possible with this package to put together a reasonable effort of a DVD based on previous experience using the basic DVD authoring package supplied with older versions of Nero. The experience of Premiere Elements has been so disappointing compared with previous experiences that I cannot recommend it to anyone. A large part of that is a perception that Adobe have invested inadequate resources into this package, in its design, and in supporting it.

Here is briefly a list of the major problems I experienced with Premiere Elements 4:

• XP install is almost complete when the install suddenly self cancels and rolls back
• When opening a project in XP it crashes with an error in <some file name.cpp>

So from these two errors, it’s a waste of time trying to make it work on Windows XP. If you can get it to install on XP you are doing very well indeed. The second issue is a glaring example of how not to write software. In programmers’ jargon, this is called an “unhandled exception”. Instead of getting a meaningful error message, you get a cryptic message about a line number in a file, which means nothing to most people.

• Message about “running low on system memory. Please save and proceed with caution”.

Like, what does this mean? I am using a 500 GB HDD with over 200 GB free. In fact the PC has three HDDs, the other two have 50 GB each free. The PC has 2 GB of RAM and doesn’t have any antivirus package, and no other software running. So this is another example of a meaningless, useless error message.

• Cannot change the menu structure

When creating a disc menu, I want my menu structure to have (I think) four menu items in the main menu, and no secondary menu. But this just can’t be done. The only menus you can use are the built in templates, which have a fixed structure that you can’t deviate from. If you try to insert too many main menu items, Premiere Elements completely ignores the fact that you obviously want them all to be on the main menu, and creates a Scenes submenu and puts your items onto that. I don’t want that at all, but the default behaviour can’t be overridden in any way.

OK that is a short list but it sums up a lot. You will see numerous frustrations in this package, it will crash a lot without warning, I try to change to a different menu and it crashes, I try to get ready to burn a DVD and it crashes, or it crashes halfway through burning as it did once. When you go to Adobe support, there are some user forums and that’s about it. Nothing can really disguise the fact that this is one flaky piece of software. I will never recommend Premiere to anyone, ever again. At the moment on this project I am up to about the 12th attempt to get even the most simple option put together, just all the clips one after the other, no menus or anything fancy because you just can’t do it, as I say this is about the 12th attempt because every other attempt the program has crashed and lost all the work I have done so far in spite of pretending to save every few minutes.

You can add in a lot more issues, like that it won’t work with any source format except AVI, which means that if you have files in another format, they have to be converted to AVI first, which is hours more work if you have a lot of video files. When it works, it works well, but more often than not, I find Premiere Elements finicky and temperamental. I tried to save something to MPEG as it has a file output to that format the other day, and somewhat predictably, it didn’t output anything. It just sat there and pretended to do something.

At the times when Premiere Elements 4 was working properly, I found it easy and convenient to use. I have not attempted to use some of the more advanced features, of which there are a lot buried in different layers of the menuing. The ever-present threat of a crash, however, overshadowed my entire editing experience and created an unpleasant overtone that is difficult to disperse.

I find it hard to understand how Premiere Elements 4  got such good reviews when it was released and can still be considered a satisfactory product for this type of application. With my experience I have a definite hesitation in recommending this product to anyone in the future. But there are a lot of other packages in its price range from Ulead and others that are a lot less temperamental, and can handle different file formats with greater ease.

Back to XP at home

Back in March, seven months ago, I wrote that I was putting Vista onto my home PC. Today I reinstalled XP instead. The main reason for doing this is that there is no reasonable upgrade path to Windows 7 for these old Intel 915 boards, and that is because there is no Vista driver produced by Intel for them. The result is they can only use the built in display driver on Windows 7, and that one won’t work with DirectX. Now it is true I could put a new graphics card into this box and get Windows 7 drivers on it, but it is still going to be an old slow heap. So I decided it will have XP on it until I upgrade. XP went on today after the usual major prep work, made a lot easier by having three HDDs, and I’m already enjoying the superior speed and stability.

Windows 7 RC at work, incidentally, seems to have a major stability problem whenever I try to open the Documents folder (Library) into the old My Documents area, instead of all my files it just hangs. After you crash out of the app and try to open again, it works the second time. Roll on SP1.

Getting There: Remote Access with ISA 2006, EX2007 etc etc

Our remote access setup through ISA 2006 and EX 2007 is getting closer. There are many steps for the uninitiated that have to be completed to commission an ISA server and secure an Exchange server for web / remote access.

We determined first of all that, once ISA was more or less ready to go, that it could be put in parallel with the direct connection through the hardware firewall. (The ISA server is in a back-end configuration, meaning it is inside a hardware firewall) With a rule set up to give maximum access through the ISA firewall – for now – we started testing web proxy and installing the ISA Firewall Client. The most major issue found to date is a conflict with AB Tutor Control v6’s client application, which had to be uninstalled from a group of PCs that we had hoped to remote administer with this software. Maybe later on I will try testing it on a non-production machine. My Windows 7 box played up a bit the first time the FW client was installed as well, but a restart fixed this and so far there haven’t been further problems. As we have one Mac and the occasional non-domain Windows PC on the network, they will have to use the Web Proxy to authenticate when we force user authentication. When I first tried that I realised that people without the FW client installed would be locked out, so at that stage we programmed mass installation of FWcli through a GPO. DHCP was also set to provide the default WPAD URL, having previously been configured for a 4-hour lease time to effect the changeover as quickly as possible. User authentication is essential if you want to have usernames logged against every access, the main challenge being that Web Proxy can only work for the protocols that support proxying on the computer in question.

At this time we will leave ISA running as is for a week while some other steps are completed. After purchasing the certificate from GoDaddy.com, I had to install it, which fortunately they provide instructions for. After I changed the IIS server’s https binding to use my new certificate, Outlook 2007 kept popping up a security warning saying “The name of the security certificate is invalid or does not match the name of the site”. I found a solution here, which involves configuring Exchange to recognise the new certificate. After that, all of the warnings have gone away. The next step is to put rules into ISA for the main services/ports that are needed – such as IMAP, IMAPS, SMTPS, POP3S etc. Then a proper rule for web browsing (HTTP/HTTPS) will be put in. The main timing issue is simply waiting to see what problems show up after each step. You may ask why we need two firewalls, the front firewall (hardware) is free and facilitates our web filtering service. The ISA firewall facilitates easy configuration and publication of Microsoft services such as TSGS and OWA / OA. It also gives us full logging of internet access and the option to add internet quota management software at a later date. And finally it is two layers of defence against the outside world. I am a bit paranoid about this, but I think this pays off, because in a smaller school with limited support resources, we need strong defences to cover for the fact that our primary focus isn’t security. Locking this thing down to the max is a better defence strategy and it also gives us monitoring capabilities that simple hardware firewalls can’t do (although the front firewall has Netflow, which we are monitoring with a free application, it can’t authenticate the users like ISA can).

So in a way I am glad we missed our planned deployment deadline… because it was unrealistic.

The Mess of Managing Printers through Group Policy

This is a subject I have written about numerous times before. Here are the previous articles:

• http://nzschooltech.blogspot.com/2009/01/mapping-printers-and-drives-through.html
• http://nzschooltech.blogspot.com/2008/08/pushing-printer-settings-to-client-pcs.html
• http://nzschooltech.blogspot.com/2008/02/using-loopback-policy-to-set-per.html

Here is a brief history of managed printer deployment options in Windows:

• Prior to Windows Server 2003 R2, administrators mass deployed printers to workstations using logon scripts (VBScript etc).
• WS2003 R2 introduced Print Management via Group Policy (PMCSnap). Using the Deploy Printers extensions to GP, and a client executable called PushPrinterConnections.exe (PPC), printers can now be specified in Group Policy and pushed out to XP and later Windows clients. This is supposed to work for both per-user and per-computer printers identically. In practice we have only made per-computer work reliably and find that the old printer connections are not always removed when the GPO is removed from the OU.
• WS2008/Vista introduced printer management via Group Policy Preference extensions. This works a little differently from Deploy Printers. Network shared printers can only be specified per-user (rather than per-computer) and on Vista and later clients, printer drivers are not automatically installed as they are on XP. Both XP and Vista require a Client Side Extension to be installed (distributed as a KB update) to process GPP settings. One nice little feature of GPP is to set a default printer. I am somewhat of the opinion that a mixture of PMCSnap and GPP might overcome the various issues, where a default printer absolutely must be settable.

So… we started using PMCSnap when we got our first 2003 R2 server. Then we started using GPP when we got our first Vista workstation. Now we have gone back to PMCSnap for post-XP clients so that their drivers are installed. We were only able to make PMCSnap work for per-computer and GPP is only really practical for per-user in its current form. To add further to this mish-mash, I decided to switch a select group of staff PCs running XP back to PMCSnap. Here I ran into yet another problem, different versions of PPC (PushPrinterConnections.exe). This is a client executable you deploy via startup or login script to process the Deploy Printer GPO settings. It is only required on XP or below. First time I tried it, I was using a Windows Server 2008 box to run GPMC. No problem, I thought, grab PPC from C:\Windows\System32 just like the documentation says. Version 6.0.something. But it didn’t work.  Printers weren’t pushed. Try -the log parameter. GPResult tells me the policy was applied, but no log file so PPC hasn’t been run. Strange. After a lot of testing I decided to grab the WS2003 version of PPC from the R2 server that we still have (C:\Windows\PMCSnap). Version 5.2.something. Well to cut a long story short, it works. Just like that.  (!@#$%^&#)

SMS Integris (Omnis) Compatibility on Windows Vista and Windows 7

My previous articles on this subject are published here and here. Our site experienced considerable difficulties in making School Management Systems’ Integris 6.90.xx function successfully on Windows Vista even though the vendor does not have a history of problems. The majority of difficulties to date are on 32 bit Vista systems. We do not have a 64 bit edition of Vista for testing. The Integris software is widely used in the UK and Australia by primary and secondary schools, as well as in New Zealand.

On Windows 7, 32 bit and 64 bit Hyper-V virtual machines as well as physical 64-bit installations have been used for testing. So far all problems were experienced only in virtual machines. Difficulties have not been found to date in the physical computers running the Windows 7 Release Candidate, all 64-bit. Our 64-bit VM has Windows 2000 compatibility mode set, but no compat settings have been needed on any physical x64 PCs. It is not necessary to set this application to be run as an administrator on physical x64 PCs, although it is recommended on Vista from our experience. After the compat settings were removed on the x64 VM, no problems have been experienced. Likewise there were no problems initially setting up Vista on a physical x86 computer, which was my own workstation. It was later x86 computers that had problems on Vista. The inconsistencies in problem occurrences on different machines cause me to consider that an update or service pack, or a particular application that a hardware vendor may be supplying, has caused the problems. The Hyper-V server has just been updated to WS2008 Service Pack 2.

The vendor has highlighted that the Omnis runtime 3.3.3.x is not certified by Tiger Logic for Windows 7. It would be therefore inadvisable for any school sysadmin to roll out Integris on Windows 7 site wide until RM-SMS have updated the runtime to a Windows 7 certified edition. There are two possible workarounds for sites that wish to push ahead with Windows 7 rollout:

• Using Windows XP Mode to run Integris. This has to be set up on each client machine, and it requires that the CPU supports Intel VT.
• Using a Terminal Server to run the Integris application for end users. This does not require individual configuration of clients, nor does it require clients to support Intel VT. We will be using this option at our site to allow for remote access to Integris with the secondary benefit of resolving the compatibility issues. We are assuming the 3.3.3.x runtime is Windows Server 2008 compatible as this is the environment that hosts our terminal server.

In the main, while XP Mode is a nice idea, the virtual machine has to be set up for each computer that it runs on. Moreover this requires a compatible CPU as the Windows 7 version of Virtual PC requires hardware virtualisation support. While AMD support VT on all of their non-Opteron CPUs, lower end Intel Pentiums typically omit it. I have the galling situation that all of our recent desktop purchases do not support VT because we did not know about this feature and its significance for future desktop OSs. I think that changing CPUs to get VT support is not worth the hassle for most of the PCs at our site which do not have it, compared to the TS option even though this requires CALs at additional cost. Those CALs have a dual function for enabling remote access and thus the cost is not wasted on physical machine resources that are irrelevant to remote access.

Ministry of Education renews Microsoft Schools Agreement for 2010-2012

The NZ Ministry of Education has renewed the Microsoft Schools Agreement for New Zealand schools for 2010-2012. Whilst I have yet to see the agreement, it continues the trend of these agreements and will provide welcome continuity for school administrators and IT staff. The new agreement provides effective transitions for most existing software packages whilst it also adds Windows 7 Enterprise Edition as a new operating system choice. As Windows XP support is phased out, schools will need to look hard at moving their Windows OS platform to Windows 7, preferably skipping over Vista due to the latter’s many problems which are experienced in domain type environments. Our site is a Windows site for the most part. This leverages the high cost benefit of Windows Server operating systems for managing Windows desktop OSs, the latter being effectively free under these deals except for the modest cost of lower end desktop OEM licenses on new PCs. Microsoft continues as a market leader in new emerging technologies such as virtualisation, in which the developments are likely to benefit education significantly.

I expect as Windows 7 becomes available it will start to be deployed to our staff computers next year and that the Ministry’s leased laptops will start to be delivered with it preinstalled, if not we will install our own house image, building on experience already gained with Vista. That has been a bit of a watershed, and I am still disappointed that Microsoft is not resolving the significant problems that Vista has had in terms of its speed and reliability. I will still have a PC running Windows Vista at my desk for some considerable time, years even, along with XP, because there are still some things out there that won’t run on 7 or have not yet been ported. Although, it is fair to say, with a Hyper-V server, I can run some of those things on an XP virtual machine (for example, the Remote Desktops MMC snap-in) to similar effect without the physical machine. Virtualisation continues to offer new opportunities, and schools such as ours could well extend the use of older PCs using Remote Desktop Services the way that it has traditionally been used in other institutions for years.