Warning: BYOS-Bring your own Sh**! …and why Lenovo now was a Adware distributor. (Updated)

February 19th, 2015

Hi Folks,

can your users work with there own device (Laptop/PC/Tablet) in your company environment or have access  to your company environment from home?

Than you should look out for new Lenovo End-Consumer devices! Why?

Lenovo seams to have some fun to add a software called “Superfish” to there harddisk images, so why this is now a security concern?

First of all Superfish can be called a Adware, the software will add a component to Webbrowsers like the Firefox, Internet Explorer and Google Chrome. This by default is already a pain in the a*s but to make it even worser. Superfish will add an own thrusted root CA certificate to the certificate store and this means it’s possible to perform a man in the middle attack for all certificate based SSL communication; like Facebook, Online Banking, Remote Desktop Gateway access or your companies Netscaler incl. the related ICA traffic. This will affect the Google Chrome Browser and the Internet Explorer, Firefox comes with an own certificate store and doesn’t use the Windows Certificate Store. There is also a nice article describing how Superfish deals with certificates here (expand the pictures in the top post).

So i strongly recommend, if a user came up with a “new” Lenovo device that you should force him to allow a device review.. Uninstall Superfish (some Virus Scanners like Avira incl. the certificate or Malware Tools can do the job, just use google) and remove all thrusted CA Certificates which belongs to Superfish Inc or even better: Read out the Windows activation Key incl. Office and wipe the damm system (My prefered way… 🙂 ). Removing CA Certifcates can be tricky read also here, but this is the most important part.

Somewhere in January Lenovo has stopped to deploy Superfish but regarding what i read until now it’s only on-hold and not finally stopped, so this shi**y software can be delivered again. So customers should now “force” Lenovo to stop this in the future, don’t forget that there are also other vendors available.. Be also aware: Lenovo has stopped this in January and affected devices can still be sold in retail stores.

There is already a statement available from Lenovo (Source(Parts in German) ):

“Lenovo removed Superfish from the preloads of new consumer systems in January 2015. At the same time Superfish disabled existing Lenovo machines in market from activating Superfish. Superfish was preloaded onto a select number of consumer models only. Lenovo is thoroughly investigating all and any new concerns raised regarding Superfish.”

Background information on Superfish

Superfish was preloaded onto select models of Lenovo consumer products only and is a technology that helps users find and discover products visually. The technology instantly analyzes images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine.

The Superfish Visual Discovery engine analyzes an image 100% algorithmically, providing similar and near identical images in real time without the need for text tags or human intervention. When a user is interested in a product, Superfish will search instantly among more than 70,000 stores to find similar items and compare prices so the user can make the best decision on product and price.

Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. When using Superfish for the first time, the user is presented the Terms of User and Privacy Policy, and has option not to accept these terms, i.e., Superfish is then disabled.

The statement is one of the funniest i ever read… Superfish is a miracle software, it can help a user to find and discover products without monitoring the user = Pure Magic? ..or who should believe this? How do you call a real time image recognition and a software that can intercept and sneak into certificate trusts? A glorious present for all Hackers and intelligence agencies! Did anyone from Lenovo read the Superfish “Privacy Policy”?

Superfish will collect and store certain information that is automatically collected by WindowShopper or provided by its users, such as download date, status changes, usage logs, email address. Such information will be kept private by Superfish and is not for public distribution.
Superfish will also store bugs hunting information provided regarding the service. This information is for Superfish’s internal use only and will not be distributed under any circumstances.

Ok… So what do you call “It does not profile nor monitor user behavior”?

Lenovo is a strong canditate for our “That sucks!” Award now. Bloatware or other useless pre-installed crap like a lot of vendors do provide is one thing but a pre-installed Adware containing strong security issues/concerns is a new dimension how hardware vendors tread customers. Today and in the mixed environments it’s also not important if the device comes as “End consumer” or “Enterprise” device.

Update: I just got a new statement provided thru the Lenovo Website here. Most important is the part: We will not preload this software in the future. Lesson learned.. But please remember, there could be still affected devices available in stores and the time period Lenovo “provided” Superfish is estimated with ~3 months.

Cheers

Michael

Citrix Tool Highlight: Pimp my Storefront – Introducing the StoreFront Web Configuration GUI

February 19th, 2015

Hi Folks,

i just want to introduce you a small and mostly unknown tool to configure your Storefront Servers a little bit more than with the regular StoreFront Console.

First of all you can download the tool for free from here: Citrix StoreFront Web GUI Assistant

Download the archive and extract the .exe file to your Citrix StoreFront Server(s), the tool do require local Administrator permissions so make sure the User has full access to the system. Now execute the tool to get the console, if the tool is executed at your StoreFront Server you will the “Running on Storefront” in the upper left corner.

SFCG1

Now you need to open the web.config file for the Web GUI you want to edit, in my sample the file is located in the folder C:\inetpub\wwwroot\Citrix\DEMOWeb. Please note: Only Web related web.config files can be edited with this tool!

SFCG2After you have opened the web.config file you can now edit and save the file thru the tool, i do also strongly recommend to make a backup before you overwrite an existing/production web.config file.

There are a bunch of useful configurations available, just a few samples (click on a picture to enlarge):

SFCG3

SFCG4

SFCG5

Of course you can also edit the web.config files in a manual way but this is only recommended for User with some experience, it’s also a good way to create documentation screenshots and to gain easy access to these configuration. Of course you can now ask.. Why are these settings not available in the regular StoreFront Management? This is a very good question! But at all this is a good (and mostly unknown) configuration tool for Administrators to maintain/configure new or existing StoreFront installations in an easy way.

Cheers

Michael

cloud-client.info Remote Desktop Services Configuration Tool Beta is now available for download

February 16th, 2015

Hello Folks,

if you are looking for a small tool to simple configure a bunch of Microsoft Remote Desktop Service settings for Windows 8 (.1) or Windows 2012 (R2) than you should try our latest Tool “Remote Desktop Services Configuration Tool” which is now available as public Beta.

Remote Desktop Services Configuration Tool 1.0 Beta

The tool can also import and export settings, as example to switch settings very fast between different system’s or to adopt a configuration from a production system to a trial system and so on.

As written RDSCT is currently a Beta Version and a bunch of settings will follow with upcoming releases (and depending on my time). The source is already more than 16k lines of code and i don’t have always the time to add new features as i want to do it. 🙂

The download is available here: Remote Desktop Services Configuration Tool

Have Fun

Michael

P.S.: Please report bugs or settings you want to see in later versions to us, see readme.txt for details.

Lync 2013 in a Box for SMB customers, introducing the UCBOX. (Updated)

February 13th, 2015

Hi Folks,

today i got my first hands on the UCBOX coming from the german Vendor Bressner.

What is the UCBOX? Last but a not least a small and handy Microsoft Lync 2013 Server Box/Appliance designed with a very simple setup and handling for SMB customers. The UCBOX is available in different versions, this one is a UCBOX Lync Express OS version coming with the following content:

  • BRESSNER UCBOX Lync-in-a-box
  • with Auto installer for
  • Microsoft® Lync ™ 2013 Standard,
  • Telephony-Addon FonComfort Server
  • incl. Windows SRV 2012 R2
  • Embedded System 2U, 9,5″ Width
  • External power supply 19V DC,
  • Prerequisite Active Directory,
  • Lync-Licenses,
  • can be combined with 2. System to 19″,
  • incl. 19″ rack mounting kit

Today i don’t have much time available to run some more test’s with the UCBOX but here are already some pictures (click to enlarge) showing the UCBOX and also to compare the size of the UCBOX with a Surface Pro Tablet and an IGEL UD5 Thin Client.

UCBOX Front View

UCBOX Front View

UCBOX Back View

UCBOX Back View

Comparing UCBOX size with the Microsoft Surface Pro and an IGEL UD5

Comparing UCBOX size with the Microsoft Surface Pro and an IGEL UD5

Currently the UCBOX is available in Germany thru the distribution company ADN and in Switzerland thru BCD-Sintrag, if you’re intrested to get more information’s you can also visit various road shows in Germany (Road shows in Germany). For simple product details and features you can also go to the Bressner website here: Lync related products.

At the moment the UCBOX looks very promising and I will provide you some test results during the next week.

Updated:

After the first tests, the UCBOX is not only a stupid hardware box. The main advantage is the software which is also sold seperatly and can be used with your own server hardware. The installer will take a lot of tasks away from the Engineer to focus on the main work and it’s also Skype for Business ready, so it can not be compared with other “more” or “less” efficient hardware appliances available.

ucboxsetup

 

More will follow soon after some more tests…

Cheers

Michael

Windows Update KB3013455 breaks Font Smoothing on Windows XP, Server 2003R2 and 2008

February 12th, 2015

Hello Folks,

if you are using Windows XP as VDI or have old Terminal Server’s (incl. Citrix solutions) running Microsoft Windows Server 2003R2 or 2008 (32-Bit) you should not deploy KB3013455 which was released during the last Microsoft Patch Day.

The Update will cause a general font smoothing issue with a bunch of fonts and the users will/can get a much lower user experience if working with a lot of text content.

There is currently no work around for this issue, Windows Server 2008R2/2012(R2) and Windows 7/8(.1) do not show any issue once the update is applied.

The issue is already confirmed by Microsoft, read also here: MS15-010

The MS15-010 article currently doesn’t mention Windows XP (or Vista) but i was able to reproduce it also with a Windows XP 32-Bit VM.

Cheers
Michael

P.S.: Some Users also reporting issues with Windows Vista 32 Bit but i believe this is less important for VDI environments.

Next Thin Client/Zero Client Vendor NComputing on the way to be part of an other company? (Updated)

February 9th, 2015

Hi Folks,

in the last 10 years a couple of thin clients vendors are gone.. Mostly acquired by other companies.

Neoware (US) was bought by HP…
Wyse (US) was bought by Dell…
Pano Logic (US) was… I don’t know how this can be described.
Sun Microsystems (US) was bought by Oracle and discontinued the Thin/Zero Client business.
Liscon (Austria) moved/changed to Stratodesk…

Now the next larger Thin Client Vendor “NComputing” seams to struggle, as mentioned in the Silicon Valley Business Journal here: NComputing in Santa Clara put on the block after troubles and in the San Jose Mercury news here: Santa Clara’s NComputing is for sale and in deep financial trouble. So in the upcoming weeks we will see what will happen to NComputing.

Cheers
Michael

Tip: Business Card Scanners for Linux / MacOSX in virtual environments and without USB Redirection.

February 9th, 2015

Hi Folks,

from time to time customers are asking what type of Business Card Scanners can be used with the IGEL Linux or any other “none” Windows Client devices together with XenApp or Microsoft Remote Desktop Services. Typical these customers don’t want to deal with USB Redirection (XenApp 7.x or Microsoft Remote FX) or don’t have USB Redirection available (XenApp <=6.5 / Windows Terminal Server <= Windows 2008 R2)

If you run in a situation like this you should look out for solutions like IRIS Card Anywhere (Canon). Devices working in the same way don’t need a “special” driver installed, they come with an internal memory or SD-Card and can be used like an regular USB Memory and this means: It can be used with Windows, Linux, MacOSX or an Android Tablet providing a USB Port. Disadvantage: They are a little bit more expensive but if you calculate the work to get a driver installed or deployed in your environment than you will have a much cheaper TCO.

Cheers

Michael

P.S.: I used the IRIS Card as sample regarding my past experience, it’s not an advertisement. 🙂 In any way there are several solutions out there and you should test it in advance and before ordering a bunch of these devices. 😉

Tip: Flashplayer 16, Citrix HDX Flash redirection and Linux based Thin Clients

February 2nd, 2015

Hello Folks,

the Flashplayer 16 plugin  now comes in two plugin versions (NPAPI and PPAPI), one for Chrome and one for Firefox… Both Plugins will currently not work with HDX Flash Redirection for Linux based Thin Clients.

To get it working you need to perform the configuration settings from an older article here in the blog and you have now to install the following Flash Players to the VM / Terminal Server / Thin Client.

Follow these steps:

1) Install the Flash Player 15 Plugin (not the ActiveX Plugin!) to the VDI/Terminal Server (download can be found in the flash player archive)
2) Install the Flash Player 16 ActiveX Plugin to the VDI/Terminal Server
3) Disable Flash Player Updates in the system control
4) Perform the configurations to the registry mentioned here: HDX Flash Tweaks
5) Deploy the Flash Player for Linux to the IGEL LX/OS based devices and make sure HDX Flash Redirection is enabled in the Sessions->Citrix->ICA Global configuration!
6) Make sure the Citrix Policies for the Flash redirection are in place incl. the website compatibility Policy!!

That’s it!

Cheers

Michael

P.S.: I forgot… Install the Internet Explorer 11 or any other HTML 5 enabled browser if you want to watch youtube and kick out any Flash Player in your environment! This is the best multimedia support.. 🙂 🙂 🙂 Do you believe i hate flash? Yes, you’re right but iam sorry to say that we currently still have to live it. 🙁 🙁

P.S.2: Perform the steps in the order like shown! Tested with XenDesktop 7.5 and XenApp 6.5.

Windows Server vNext will not be available before 2016

January 31st, 2015

Hi Folks,

yesterday Microsoft released an update to the Windows Server roadmap. Reduced to the main information it announced a new Version for Windows Server in 2016 and not in 2015.

You can read the full article from Microsoft here: Windows Server and System Center roadmap update

Cheers

Michael

Solution: A big day for IT Administrators… Youtube now using HTML5 by default!

January 30th, 2015

Hi Folks,

you are a Terminal Server/VDI Administrator and you hate Flash content in Websites? Unsecure.. Slow.. Resource intensive?

Than you should be happy, one of the most expensive none commercial website for companies (regarding the resource consumption in a Terminal Server/VDI backend) moved from Flash to HTML5 as standard: YouTube 🙂

Now you have only to get a HTML5 enabled browser in your Terminal Server/VDI VM’s like Internet Explorer 11, Chrome or a Firefox Beta supporting HTML5.

You can read the article also here: YouTube Blog

Cheers

Michael

Update: cloud-client.info App for Windows 8(.1) 64Bit,x86 and ARM

January 28th, 2015

Hi Folks,

you can now pick up the last Version of our App from the Windows Store.

cciapp

Update 1.1.1.3
– Fixed icon display issue
Update 1.1.0.1
– Added new IGEL UD5 and UD6 Hardware
– Added W7+ OS Software Information
– Fixed some smaller display issues
– Removed UMS4 Live

Download Link: Windows Store

Cheers

Michael

Info: cloud-client.info UMS Live Webserver will be offline since today

January 22nd, 2015

Hello Folks,

since today the cloud-client.info UMS Live Webserver will be offline and not available anymore, the project was designed as beta only and regarding the required resources to keep it running it doesn’t make sense for us to continue this service.

Please use our UMS Appliance for Microsoft Hyper-V for future tests/demonstrations.

Cheers

Michael

Release: IGEL Universal Desktop W7 3.09.200

January 20th, 2015

Hi Folks,

already 10 days ago IGEL has released a new WES Firmware 3.09.200 for W7 and W7+ devices.

There is only one change in the firmware:

- Fixed USB driver problem on UD9 (Device hangs on "Applying snapshot... Do not turn off!" while updating)

So this release is only important if you are using the UD9 Thin Client and want to update to the latest 3.09.x release.

Cheers

Michael

Video (Updated): Open the Archos Cesium 80 Tablet

January 16th, 2015

Hello Folks,

here is a new video that shows how to open the Archos Cesium 80 Windows 8.1 with Bing Tablet based on the Intel Atom Processor Z3735G.

I needed to open the tablet to fix an issue with the Audio Playback (noise during playback but no sound with Realtek I2S/Intel SST Audio Device) thru the speakers (headset did always work), after i tried several drivers (really a lot… 🙁 ) the only thing that helped me was to disconnect the battery from the mainboard. Of couse it could also be a driver issue but as written, other driver versions (older and newer) or the default drivers coming with the pre-installed Windows did never fix it for me.  Some forum articles recommend to change some BIOS settings to fix the issue but the Archos Cesium 80 BIOS is very limited and don’t offer any relevant configuration.

Maybe the same procedure will fix this “playback via speaker” issue also for other Tablets using the Intel/Realtek combo. There can be found a lot of user descriptions mentioning similar issues with other Tablet’s and Vendor’,s but i can’t guarentee that this solution will also work for these issues.

To watch the video click here.

It’s also sad that a bunch of tablet vendors incl. the chipset producer’s Intel and Realtek do not offer driver downloads incl. recovery images (Tablet Vendors only) related to these products. A Windows x86 or 64-Bit Tablet is not a Android Tablet where the user can not “wipe” a driver, how long will it take until a few vendors will notify this? Take a look on Acer or Asus, these vendors offer recovery ISO’s for there products by default (it’s maybe not easy to recover a UEFI based Tablet for the typical user but a recovery solution is still available at all).

Update: I just want to add that the power supply coming with the device is crap at the moment, as example you will get issues with the touch input if you try to use the tablet during the charge of the battery. So i strongly recommend to use any other power supply or a regular PC to charge the battery.

Cheers

Michael

P.S.: Of course this video comes without any warranty!

Microsoft strikes again… I should think about OneDrive and how Microsoft handles my data. (Updated)

January 14th, 2015

Hi,

are you using OneDrive by Microsoft? A new case in Germany demonstrates how secure OneDrive is…

I really like OneDrive and also Google Drive, maybe you are using it too to store photos and other data. For OneDrive i’ve now a very bad feeling and i hope Microsoft can clearify this.

What happens?

Microsoft seams to perform a scan for every file uploaded to your private OneDrive account, all these files seams to be verified with a hash database or/and something similar. So in the case that you’ve uploaded a file with the same hash like a child pornography picture you are in trouble? Regarding the reports US Law enforcement agencys will be informed about this and they will inform the law enforcement agencys in your country. A german OneDrive customer got a visit from the german police in this case.

A lot of questions… You have a daughter or a son and using OneDrive with the automatic Photo sync feature.. Bad luck if you sync a beach picture in your private picture folder? You upload a image that fit’s to forbidden content in the US to your private OneDrive area? Bad luck? Your childs using an own mobile and sync content to a account related to your Office365 account.. Bad luck? Some one hacked your account and upload “Bomb plans” to your private folder? Bad luck, you’re now in a US terrorist database by accident?

Microsoft is fighting for User rights but it seams that Microsoft ignore these rights at the same time… Crazy? What about foreign law? Microsoft can you please make this a little bit more transparent for customers incl. company customers please.. What happens if the OneDrive User is related to company?

All reports related to this are currently in german but you can translate it with Google translate or similar.

Report 1 Report 2 Report 3 and if you search for it you will find a lot of more.

Update: Here is the link to the original blog by the german lawyer Udo Vetter

If Microsoft believes that this will create any trust for customers in Europe they are wrong, companies and also private customers (like myself) really don’t like someone who scan files “in general” and just report this to any foreign law enforcement agency or who ever. It’s also not important if the file was child pornography (or what someone i don’t know at Microsoft/any unknown US Guy defines to be “forbidden” or to be a content of “interest”).. The fact that private files will be scanned by default and without any suspect of a crime is the issue.

I really hope for Microsoft that they will provide a very detailed statement for the general file handling with OneDrive.

…and don’t misunterstood me, i don’t want to protect any crime but how would you like if someone from a foreign Company came into your house without any reason or point of suspect and verify every private item in your house and you don’t know what they’re doing with it. People can sale the biggest “piece of sh*t” as long they tell you it’s for law enforment or to fight terrorism. Huh… “We only will watch the bad guys but not you..”, do you really believe it? Do you feel better if you thing “Heh.. They will watch only the bad guys!”, did you ask “Who is the guy that got unlimited access to my files?” and do you know what they’re doing with it at the end of the day? The truth is, the only things they sale is fear, hate and doubt.

Update: And if you believe you do nothing wrong and you have nothing to fear… In the year 2013 150 Million Adobe accounts were hacked and this is only one figure. Also there is a clear difference between public available content and private content, for example DropBox is known to scan files for copyright protected material but.. If i offer a copyright protected file as public content and the file will be scanned it’s fine but if iam a legel owner of this file and i put it into my “private” file area, is this file now also scanned or will someone else be imformed that i do a “license” violation? Why? Where do file hosters inform users in details what they’re doing with the data or not.. To be honest.. I’ve no clue and trust looks different.

If you are a European company and you want to host files in the cloud than place it in your own datacenter/your private cloud or a hosting company located in your area where you know the law and how this law protects your data incl. the people working for this company. Do the same for any Servers hosting confidential data; this is currently the only advice i can provide to a customer. News like this are really a killer for any “public” cloud offering like OneDrive, Office365 and Azure.

Cheers

Michael

P.S.: This might also work for Google Drive or any other cloud storage provider in the US, but for OneDrive we’ve now a concrete case. The article is also written in a rainbow press style related to the content… How to tell someone that the way how it works is wrong in a more polite way?

Tip: Running out of storage? Slim down Windows 8.x and Windows Server 2012 R2 HDD use Part 2

January 14th, 2015

Hi Folks,

this is the second part of our “Slim down Windows 8.x and Windows Server 2012 R2 HDD use” series, the first part can be found here: Slim down Windows 8.x and Windows Server 2012 R2 HDD use Part 1

In this part we will get a closer look on Windows Server 2012 R2 incl. virtual Windows OS’s runinng on Hyper-V which is also available with Windows 8.1 Pro and Enterprise.

 

1) Compress VHD(x) files (in the right way)

You are using virtual Windows Systems together with the Hyper-V role or VHD boot to have multiple Windows systems available on a PC/Server?
VHD’s are available in different types, one is the dynamic mode and this is very common to use. Why? If you create a VHD with an size of 80GB in dynamic mode the VHD file size will be only a few MB. The VHD will increase the size everytime you add data to it and will max. grow to the defined size (in this case 80GB). But what will happen to the VHD if you remove content from it? Will the VHD size decrease? No… You need to run a compression to perform this task and most Users or Administrators are using the compression offered in the Hyper-V console. Is this a problem? For my point of view yes… In the Hyper-V console you can only run the compression for 1 VHD per Time and you have to repeats this for other VHD’s, boring right? Do you know that they are different compression types available? No? Of cause most people don’t know this because the Hyper-V console doesn’t offer any compression type selection and the “default” compression is not the most efficient one.

So what do we want to do… A simple command or script to compress all VHD or VHDX files in a folder with the best possible compression to gain the most possible free disk space. Here it is…

Attention: If using VHD(x) Boot do not use it for the used boot VHD, it will also not work for running VM’s and the current used VHD(x) files.

Command (Powershell, 1st line for VHDX and 2nd for VHD files):

Get-VHD *.vhdx | where {$_.VhdType -eq "Dynamic"} | Optimize-VHD -mode full

Get-VHD *.vhd | where {$_.VhdType -eq "Dynamic"} | Optimize-VHD -mode full

Supported by Microsoft: Yes
Require Administrator Permission: Yes
Produced space on HDD: Depends on VHD(x) use
Can be used with WIM boot installation: Yes
Disadvantage: Installed Hyper-V role is required to run the command, it will not work for VHD(x) files used by runinng VM’s. Do never use it for a VHD(x) with existing snapshots or VHD(x) files that work as parent disk for one or more differencing disks (See 2,).

 

2) If running multiple VM’s on Hyper-V use differencing disks

You want to run several VM’s with the Hyper-V role? You copy always your Master VHD(x) for each VM? So one 80GB Master Disk is required for 5 VM’s and you have now 480GB used on the HDD? This can be done much lower storage demand by using differencing disks. To explain this a little bit more in details.. A differencing disk (aka as fast clone/linked clone for other Hypervisors) is some sort of a snapshot, so it will take the data from the Master Disk and will add modified or added content to the differencing disk. This means if you use Windows in this way all Windows files will come from the Master Disk, if you now install office to a VM that is using a differencing disk Office will be installed in the differencing disk but the Windows OS files are still coming from the Master Disk. For my sample it means.. If i create a 80GB Master Disk and based on this Master Disk i created 5 VM’s based on a differencing disk, the differencing disk size per VM is only 4MByte at the beginning. So i don’t use 480GB like shown in the sample, i use only 80GB + 5x4MB for the VM’s, you can reduce this even more if the VHD(x) Master Disk is a dynamic expanding disk (see also 1.).

Command (Hyper-V console, no commands available to complete the full task):
– Prepare a Master Disk by installing and configure a VM (don’t forget to run a sysprep in the VM if a Windows OS is installed)
– Delete the VM but not the VHD(x) file used by the VM to prevent changes to the Master Disk in the future.
– In the Hyper-V console (right site) click on “New”->”Harddisk” and follow the assistant, important for the VHD(x) selection.. The differencing disk must be the same type as the Master Disk.
– Select “Differencing” in the Harddisk Type selection and click on next.
– Select the Path where the differencing disk should be created and type in the differencing disk name and click on next.
– Select the Master Disk and click on next and confirm the task to create the disk.
– Now create a new VM and assign the fresh created differencing disk to the VM.
– Create more differencing disks/VM’s if required.

Supported by Microsoft: Yes
Require Administrator Permission: Yes
Produced space on HDD: “Size of Master Disk” x “amount of VM’s”, applying Windows Updates to VM’s will decrease the saving by time.
Can be used with WIM boot installation: Yes
Disadvantage: Not recommended for production use by Microsoft! Do not change or delete the Master Disk or all related differencing disks will fail! I do use this only for VM’s that don’t require Windows Update (like Test environments), as more Windows Updates are installed to the VM’s based on a differencing disk as more space will be required for the differencing disks and as lower is the saving. Do never ever use this for Domain Controllers incl. CA’s / Exchange / SQL / Lync / Dynamics / Windows Storage / Sharepoint Servers, this is my personal opinion; it’s great to setup fast Test Systems / Web / Print or Terminal Server and to perform development/security audits to check/verify Software incl. load tests. Each differencing disk will highly increase the IOPS for the Master Disk, the Master Disk should be always placed on a very fast storage (SSD’s or similar).

 

3) Remove not used or required Windows components

We already got a closer look on the winsxs folder in Part 1 of this series, we already removed superseded files/updates but why not removing files that are not required? If you prepare a couple of Terminal Server, why should you keep files related to the IIS or the Active Directory Domain controller role in the Master Image? You’re right.. There is no reason to do this but still most Administrators are doing it.

Removing the components also reduce the Windows Update footprint because the removed components will not updated anymore.

Commands (commandline):
This command will show all available Windows components and the current use state, the command will create a feature.txt file in the folder where the commandline is executed. Why? It’s more easier to read a txt file with all these components than a simple commandline output:
DISM /online /get-features /format:table > features.txt

This command will remove a not used (active) component from the hard disk (open the features.txt file created with the first command to get the current state), in the sample i will remove DirectPlay from a Windows 8.x:
DISM /online /disable-feature /featurename:DirectPlay /remove

Commands (powershell):
If you want to remove all not active used components you can do this also with a simple powershell command, this is the hardcore way:
Get-WindowsFeature | where-object{$_.Installed -eq 0 -and $_.InstallState -eq 'Available'} | uninstall-windowsfeature -remove

Supported by Microsoft: Yes
Require Administrator Permission: Yes
Produced space on HDD: Depends on amount of removed features
Can be used with WIM boot installation: Yes but mostly useless. Installing a component again will increase used space for drive c:
Disadvantage: Removed roles and features can not be installed without an external winsxs folder source once the files are removed/the above commands are executed. Execute the powershell command to remove all not used components only when you are really sure that you have finished the component setup for this system.

4) The simple way… Use the Microsoft Disk Cleanup Tool

In Part 1 i forgot to mention the “basic” tool, the default disk cleanup tool coming with Windows.

Commands (commandline):
cleanmgr.exe

Supported by Microsoft: Yes
Require Administrator Permission: Yes
Produced space on HDD: Depends on current data hold in Windows
Can be used with WIM boot installation: Yes
Disadvantage: Removed log files/data is not available anymore and maybe need to be recreated or can not be used for future troubleshooting as example.

This is the end of Part 2, maybe there will be a Part 3 (dealing with low-end tablet/low storage mobile cloud clients) but this depends on the available time and future ideas how to slim down a Windows.

Cheers

Michael

P.S.: No warranty at all, if you have no idea what iam talking about don’t use any of these solutions. Don’t blame me if you crash your system.. Dealing with Windows and the components can be always tricky.

Video: How to open the new IGEL Technology IZ3/UD3/UD5/UD6 case

January 13th, 2015

Hi Folks,

you want to open the new case used by IGEL for the IZ3/UD3 (M330C) or the new UD5/UD6 (H830C) case?

Just check out our new video here: How to open the new IGEL Technology IZ3/UD3/UD5/UD6 Thin-/ Zero Client case

The Video demonstrates the task with an UD3 but it will work similar for the UD5/UD6 case because it uses the same concept/case design.

Cheers

Michael

 

New IGEL UD5 / UD6 photo series

January 13th, 2015

Hi Folks,

here are some more pictures for the new IGEL UD5 / UD6, click on the foto to enlarge.

New IGEL UD5/UD6 Front

New IGEL UD5/UD6 Front

New IGEL UD5/UD6 foot and connection bar plug

New IGEL UD5/UD6 foot and connection bar plug

UD5/UD6 Connection Bar

UD5/UD6 Connection Bar

Old UD5 (left) beside the new UD5 / UD6 (right)

Old UD5 (left) beside the new UD5 / UD6 (right)

Is it a new UD5 or UD6, how to find out...

Is it a new UD5 or UD6, how to find out…

UD5/UD6 Mainboard

UD5/UD6 Mainboard

Productsheet: UD6 Productsheet

Hardware Platform Name: H830C

Cheers

Michael

P.S.: Deeper review will follow once i received my test device. I will not review the different IGEL OS coming with the device, they’re similar to the old UD5.

 

Tip: Fix Windows Server 2012 R2 Update issues after moving to core mode

January 13th, 2015

Hi Folks,

this issue happens sometimes for me, Windows Server 2012 R2 is a cool product and a couple of Administrator are using it in core mode. This is quite easy because you can switch between core and GUI mode quite simple now.

The pain starts if you have installed some Apps in GUI Mode, as example Microsoft Silverlight and than you switch to the core mode. Why? Windows can not use Silverlight in core mode and related roles/applications are not available in the core mode. When it now comes to Windows Updates it still download Silverlight related updates but this will cause in error during the update installation (the related Applications are not available…).

This is caused thru the winsxs folder and the available packages/components hold in this folder, so we need to repair it.

Just try to run the following command:

Dism /Online /Cleanup-Image /RestoreHealth

Once the command is finished the issue should be gone and Windows Update should run fine now.

Cheers

Michael

P.S.: If the issue is not gone check in c:\Windows\Logs\DISM\dism.log if you receive any other information related to the issue.

Tip (Updated): Running out of storage? Slim down Windows 8.x and Windows Server 2012 R2 HDD use Part 1

January 12th, 2015

Hi Folks,

you run several Windows 2012R2 Servers or Windows 8.x VDI’s? You have Windows devices with small HDD’s/SSD’s? You run out of storage or you want to reduce the Windows Footprint in general?

Here are some supported and unsupported steps you can do… “Can be used with WIM boot installation” points to the new Install Option for OEM Vendors, mostly used for Windows 8.1 with Bing and low SSD devices. For a WIM boot description get a look here: WIM boot explained

1) Disable Hibernation

Hibernation could be usefull but I see mostly that Users are using the sleep/standby mode. The difference between the sleep/standby Mode is quite simple to explain. In standby mode the computer hold the current RAM state in the RAM and consume still some power, in hibernate Mode the RAM content will be placed on the HDD/SDD and the computer really shutdown. The disadvantage in this case is quite simple, it always consumes 75% of the total ram size with a file called “hiberfil.sys” on drive C:. So if you don’t need the hibernate mode, disable it…

Command (command line):

powercfg -h off

Supported by Microsoft: Yes
Require Administrator Permission: Yes
Produced space on HDD: 75% of the total RAM Size
Can be used with WIM boot installation: Yes
Disadvantage: Hibernation mode is not available

2) Remove superseded Updates/Windows files

Windows by design increase the used amount of HDD Space.. By default all installed Windows updates and also the old original files will be hold to roll back the updates. So if you have an old Windows System and you run Windows Update all the time, all this files will be hold and consume a lot of HDD space. You can remove this old stuff quite simple, this should be done everytime you create a golden image or after you run Windows Update…

Update: I’ve been asked if this is similar to the Windows Update clean up provided by the Windows disk clean up tool. No it’s not similar and will provide more free space as extension to the disk clean up tool

Command (command line):

dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase

Supported by Microsoft: Yes
Require Administrator Permission: Yes
Produced space on HDD: 0->4GB depending on how much Windows Updates applied
Can be used with WIM boot installation: Yes but smaller effect.
Disadvantage: Windows Updates can’t be rolled back in case of issues, test the Windows before you roll-out it.

3) Compress the “winsxs” and some other Windows folders (UNSUPPORTED!)

Windows comes with a sub directory called “winsxs”, this is one of the most important Windows folders because this folder holds all Windows Installation Files and a lot of active used Windows Files are pointed to the files in the “winsxs” folder. This folder requires a lot of space and it could make sense to compress it if possible. By design this task is not simple to do and we need a more complex script to do it. You can also compress some other folders like the Fonts directory without any issue in the same step.

I use this script since a long time (> 12 Months) now and with a couple of test / low storage system’s like my Surface Pro, until now i never got an issue but i don’t recommend to use this in any Windows Server production environment.

Commands (command line, save as wincompress.bat):

echo Compress Windows folders
compact /s:"%WINDIR%\Fonts" /c /a /i *
compact /s:"%WINDIR%\Temp" /c /a /i *
compact /s:"%WINDIR%\Web" /c /a /i *
compact /s:"%WINDIR%\assembly" /c /a /i *
compact /s:"%WINDIR%\debug" /c /a /i *
compact /s:"%WINDIR%\LastGood" /c /a /i *
compact /s:"%WINDIR%\ShellNew" /c /a /i *
echo Compress winsxs folder
icacls "%WINDIR%\WinSxS" /save "%WINDIR%\WinSxS.acl" /t
takeown /f "%WINDIR%\WinSxS" /r
icacls "%WINDIR%\WinSxS" /grant "%USERDOMAIN%\%USERNAME%":(F) /t
compact /s:"%WINDIR%\WinSxS" /c /a /i *
icacls "%WINDIR%\WinSxS" /setowner "NT SERVICE\TrustedInstaller" /t
icacls "%WINDIR%" /restore "%WINDIR%\WinSxS.acl"

Supported by Microsoft: No, support is lost! (You use the script on your own risk!)
Require Administrator Permission: Yes
Produced space on HDD: ~3GB-5GB
Can be used with WIM boot installation: No, never use it with a WIM installation! Why? The files in the winsxs folder in a WIM boot installation are mapped from the recovery partition. If you compress now the files the files will be shifted/written into the Windows partition and this will highly blow up the used space.
Disadvantage: System requires some CPU resources to handle the compressed files, system is now without any support from Microsoft. Do never abort the script once running, run it only with a 100% stable system! Script needs some time to run… If running on a physical hardware create a recovery partition on a USB Memory in advance: How to create a recovery partition on a USB memory or create a snapshot if used with a VM. Once the script is finished you will receive always a message that the script execution failed for one file, this is by design and no issue at all.
This is Part 1 of this article, Part 2 can be found here: Slim down Windows 8.x and Windows Server 2012 R2 HDD use Part 2

 

Cheers

Michael

P.S.: Figures shown as produced savings are max. savings, on a fresh installed windows the savings will be lower.