When was the last time you got that not too friendly message stating that your password has expired and asking you to change it? Probably only a few weeks ago, and just as sure as day follows night, it is going to appear again only too soon. At least that is the typical user’s point of view. Security conscious administrators see this differently: they seem to think that passwords become weaker over time, like human beings growing old, and therefore force a rejuvenation process every couple of weeks. But is that really necessary? I do not think so.

Even with the most meticulous design, the day will come when your farm’s capacity is not sufficient any more. User numbers increase, applications become more resource-hungry and the amount of data to be handled increases steadily. So what do you do? Simply more of the same, i.e. buy more servers and add them to the farm? That is one way of increasing capacity, but it is not the only one and therefore may not be the best.

Jim Moyle recently started a blog on desktop and application delivery. While reading his first two posts I thought “yes, that’s so right”. Regretfully, people like him, who disregard the current hype and cut through the marketing BS, are scarce. More of the same, please!

Do you like what you read in this blog but have questions I did not answer (yet)? Or do you prefer listening and talking to live human beings instead of sitting alone in front of your screen? Well, come hear me speak and tell me what you think! This summer I will be speaking at the following conferences (all in Germany and in German, I am afraid):

[A German translation of this article is available at faq-o-matic.net.] The subtle differences between 32-bit and 64-bit Windows present so many intricacies and pitfalls that even Microsoft employees seem to have trouble getting it right. I just stumbled upon a KB article that describes how to reset the hosts file to its original state. The topic alone is funny enough - it is not as if the default hosts file contained great amounts of data. An entry for localhost (IPv4 and IPv6) is all you need, and on Windows 7 / Server 2008 R2 not even that. But anyhow, there seem to be enough people asking MS support for this or they would not have troubled with creating a package (ResetHOSTSFileBackToDefaults.MSI) that basically empties the hosts file.

This is a collection of new knowledge base articles related to Windows user profiles. As you can see, the last two months were pretty quiet. So quiet, that you may have missed the release of the first update to Citrix User Profile Manager (UPM). The new version comes as an MSI file that either installs or upgrades to UPM 2.0.1. You can get it from here.

Windows user profiles prior to Vista / Server 2008 contain localized folder names. End users expect that, of course, but admins tend to hate it because automated management becomes much more difficult. How can this dilemma be resolved? End users only see the local copy of the profile, while admins mostly have to deal with the central copy on a file server. Wouldn’t it be cool to have a “translator” component that makes sure local folders are localized while central folders are in one language only?

I just had the “pleasure” of having to copy the contents of a terabyte USB disk to another similar USB drive. At first, I did not give this simple task much thought. I plugged the USB cables in and made my faithful Total Commander do the work. It did not take me long, though, to notice a strange phenomenon: the copy speed would oscillate between 8 and 24 MB/s.

Commenter Lee asked how ACLs are evaluated when an object has multiple hard links. I replied with comments of my own, which turned out to be wrong after I did some experiments. Here is what I found out about hard link permissions and believe to be true.

In case you have (un?)wittingly been juggling around with multiple EFS certificates like me, you may feel a strong urge to clean up the mess. Which mess? It can happen quite easily that different files are encrypted with different keys. In addition to that, directories that are marked for encryption have EFS certificates associated with them, and there is no UI to manipulate that. In order to straighten this out, once the proper certificate is in place each file and directory needs to be “touched” in order to update their encryption keys.

How can you mess up a simple OS upgrade by using encryption? Simple. Here is what happened to me when I upgraded my Windows 7 beta system to the RC version.

Executable files can (and should be!) digitally signed. Without a digital signature you can never be sure the files on your hard disk have not been tampered with. There is really no exception to this rule, except maybe smaller open source projects that lack the budget to buy the digital certificate required for signing. Digitally signing executable files is so important that Microsoft made it a requirement in the Windows 7 Logo Program. One might think that such a simple yet important thing as signed executables can be taken for granted by now. Well, let’s have a look!

My last post on VMware VMotion urged several readers to protest, maybe because of its provocative title. What I did was to compare VMware clustering with Microsoft failover clustering. I got to the conclusion that both significantly add to the complexity of the environment. Interestingly, most commenters said, yes, Microsoft clustering is complex, but no, VMware clustering is not, yet failed to explain exactly why.

I will be attending the combined Citrix events iForum, Synergy and Summit 2009 in Las Vegas, which start in just a few days. As always, I hope to meet great people and have interesting conversations there. In case you want to talk to me, you need to locate me first. That should not be too difficult, though, given that I will be wearing these shirts most of the time:

Some time ago I attended a presentation by a former VMware, now Microsoft employee who claimed that Hyper-V’s lack of Live Migration aka VMotion is not relevant at all. According to him, the only people vigorously demanding such a feature are consultants, never customers. At the time I thought: “What a silly marketing number this is. Microsoft does not have it, so they tell everyone that it is not really needed until they have it.”

This is an attempt at demystification. In the Windows world, links in the file system are often regarded as obscure, except for the infamous .LNK files, of course. But file system links are neither freaky UNIX/Linux command line stuff, nor are they new: Microsoft’s OS offers two types of links since Windows 2000 and a third type since Vista/Server 2008. And boy, can they come in handy!

This article is part of Helge’s Profile Toolkit, a set of posts explaining the knowledge and tools required to tame Windows user profiles. The easiest way to assign user profile and home directories is via group policy. But that can only be done per computer. There is no (simple) way to point different users’ directories to different file servers. So what? No problem at all, until the number of users is too large for a single file server to handle. This article discusses what can be done to spread the user load.

If you are not tired of print spooler crashes then this article is not for you. If you are, you may find a new feature of the upcoming next version of Windows interesting: printer driver isolation.

Among the more annoying deficiencies of roaming user profiles in terminal server farms is what came to be known as “last writer wins”. It looks like Microsoft is trying to address the issue in the upcoming next version of its operating systems. Although this is a step in the right direction, I have doubts about the effectiveness of the cure.

This is a collection of new MS KB articles related to Windows user profiles. Roaming user profiles are ignored if the network connection to the remote server that stores the roaming user profile is slow

In the previous article of this mini-series I described how to install Windows 7 x64 beta 1 into a virtual hard disk (VHD) file. In this post I will share some thoughts on what using Windows 7 x64 actually feels like.

In the first article of this mini-series I described how I prepared my work laptop for the installation of Windows 7 x64 beta 1 into a virtual hard disk (VHD) file. This post covers the installation itself.

After reading a lot about the speed and stability of Windows 7 (beta 1), I decided it was time for me not only to use it for real work, but also to move from 32-bit Windows to a 64-bit installation. This mini-series serves as a documentation of the steps I took and the lessons I learned.

My colleague Thorsten Christoffers has started blogging, mainly on topics related to Microsoft System Center. If you can read German, check out his first article on the Key Management Service (KMS) for Windows.