Back in the old days, when 64-bit computing was still a novel concept and RISC vs. CISC wars were still fought, HP and Intel joined forces to develop the next-generation CPU. It would be 64-bit only and it would have a new type of architecture called EPIC. That was in 1994.

All the hype around Apple must have something to do with the quality of their products, it cannot be clever marketing and cool design alone. Example: Power Consumption This weekend I saw some interesting figures in the computer magazine. The new Mac Mini consumes only 11.7 Watts when idle. That is extraordinary! I did not know Desktop computers could be so energy-efficient.

Updated: 2021-06-22 Every object that can have a security descriptor (SD) is a securable object that may be protected by permissions. All named and several unnamed Windows objects are securable and can have SDs, although this is not widely known. There does not even exist a GUI for manipulating the SDs of many object types! Have you ever tried to kill a system process in Task Manager and got the message “Access denied”? This is due to the fact that this process’ SD does not allow even administrators to kill the process. But it is, of course, possible, as an administrator, to obtain the necessary permissions, provided a GUI or some other tool is available.

Although the architecture of Windows x64 is still relatively young, Microsoft already changes it in Windows 7 by removing registry reflection. Just in case you wonder what I might be talking about: read up on 64-bit Windows in my detailed 7-part series whose last article explains registry reflection.

Fighting Another Legacy of the NT Era Hiding network shares by appending a dollar sign is a common practice among administrators. While by itself that is neither good nor bad, it is a perfect example of how customs establish themselves in the IT industry in exactly the same way they do in other subcultures. Putting it differently, another fine specimen of an IT legend.

The documentation of Citrix User Profile Manager (UPM, for short) recommends excluding the following registry keys from processing: HKEY_CURRENT_USER\Software\Policies HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies The net effect of this is that the Citrix profiles managed by UPM do not contain any policy settings. The reasoning behind this being: Policies are reapplied anyway during the next logon, so there is no reason to waste CPU cycles on synchronizing such “redundant” information.

Like most people, I have been accumulating personal data over the decades. While some of it is not too important, other pieces are priceless, especially my pictures and videos. Losing those files would be a nightmare. That kept me searching for the ideal backup mechanism for several years. Although I would not dare say I have found the perfect solution, I have learned a lot in the process and can give solid recommendations. Hence this article.

My familiy and me generate data all the time, mostly pictures and videos. I store it all on a PC in my small home network. That PC acts as a file server and, as all servers, needs to be backed up. The mere thought of losing all that information gives me the creeps. After initially copying all data to an external USB drive using an advanced rsync algorithm I switched to a more secure method - at least, that was my plan. Storing data offsite on the internet provides the benefit of not losing priceless photographs and videos when desaster strikes your home. Reading about the online backup service mozy.com, which offers unlimited storage capacity for a mere $ 4.95 per month, I signed up immediately and underwent the painful procedure of uploading roughly 180 GB during several months to mozy. That went relatively well, the client software had only small problems now and then. When all my files were uploaded, I was content. Until I decided to upgrade the hard drive of my home “server” hosting all my data.

This article is part of Helge’s Profile Toolkit, a set of posts explaining the knowledge and tools required to tame Windows user profiles. A mandatory profile is a special type of roaming profile. As with a roaming profile, a mandatory profile is copied from its network location to the local machine during logon. But during logoff, changes are not copied back. Instead, the local copy of the mandatory profile is reset to its initial state at the next logon. In essence, mandatory profiles are read-only roaming profiles. This has advantages, but also severe drawbacks.

Citrix User Profile Manager, co-developed by sepago and Citrix, has been released. This is the first in a loose series of articles about UPM I intend to write. I will start by giving recommendations on how to set up the central profile storage called “user store”.

This article is part of Helge’s Profile Toolkit, a set of posts explaining the knowledge and tools required to tame Windows user profiles. This article tries list the dos and don’ts that need to be considered when creating a user profile design. It focuses on functionality built into Windows. Third-party solutions that replace or complement the operating system’s capabilities will be the topic of future articles.

My simple yet effective batch file-based solution for converting digital videos in Quicktime MOV format from Panasonic Lumix and other cameras to MPEG-2, MEncode.cmd, now supports wildcards, too. Now you can run the following command to create MPEG-2 versions of all MOV files copied over from your camera:

On file servers in corporate environments one typically does not want users to change permissions, even on their own files. It might seem that it would be sufficient to simply grant change permissions instead of full control, but unfortunately that is not the case. The problem is that whenever a new file gets created, the user creating the file will be its owner. And owners can always change permissions, regardless of the contents of the DACL.

Ever wondered what lies beneath the covers of Protected Mode Internet Explorer? Short answer, long explanation: mandatory integrity control (MIC). Recap: Mandatory Integrity Control During the development of Vista the developers at Microsoft felt that the traditional ACL-based mechanism to control access to system resources was not enough. The ACL model grants all processes run by a user specific permissions on system resources like files and registry keys. While this is a powerful thing and well-suited for “normal” applications, programs like Internet Explorer are under much heavier attack by malware than, say, your average text editor. Once an IE process has been corrupted by exploiting a security hole, the attacking software can write to any location on the system the currently logged on user has access to. Not good.

Enter ProfileNurse - Your Skilled Profile Care ProfessionalUser profiles can be bitchy. A single misbehaving profile is bad enough, but what if you have hundreds or thousands of them? Most admins have a boatload of profiles strewn across file servers, and no way of knowing anything about them because they are lacking the management tools. That’s where ProfileNurse comes in, a free tool for offline profile management. It can not only manipulate arbitrary settings stored in profiles but also gather different kinds of information about each profile on a file server.

Commenter Steven asked in response to my article on how not to delete local user profiles for the correct way to script the deletion of user profiles. Here is how. For completeness sake I start with the manual method.

This article is part of Helge’s Profile Toolkit, a set of posts explaining the knowledge and tools required to tame Windows user profiles. Roaming user profiles tend to grow over time, which is sometimes referred to as profile bloat. In and by itself, profile growth is not a problem. Users of desktop PCs who log on the the same machine every day will not even notice that they have huge profiles ready to follow them around the network. Their locally cached copy of the roaming profile is always current. No need to fetch anything from a file server during logon.

[Update 1: Fixed bugs in the batch file and made it available for download] [Update 2: Wildcards are now supported] [Update 3: Timestamps are now copied from source to destination files. For this, touch.exe is needed.] [Update 4: File names with spaces in them are now handled correctly]

User profile problems are among the most common support issues. It is only appropriate that Microsoft simplified the troubleshooting process over time - but forgot to port it over to Vista.

In many environments it is a common practice to delete user profiles prior to conducting tests in order to start with a clean slate. However, this may prove more difficult than anticipated.

In the ongoing virtualization war much has been written (pro and con) about the value of memory overcommitment, a feature VMware ESX has and Microsoft Hyper-V is lacking (XenServer, too, for that matter). But only few people take a look at what the term overcommitment actually means. In this article I will explain how overcommitment works, why it greatly benefits VDI installations and why Microsoft denies exactly this.

It is a common practice amongst administrators to disable the creation of short filenames on NTFS. I freely admit to have recommended this in the past. Was I wrong? Background

Choosing a domain name that will only be visible from an internal network may look simple. Unfortunately, it is not. The basic problem: How to avoid collisions between the internal namespace and the internet?

My New Book is Out: Windows Server 2008 Command Line ReferenceThe command line is a powerful tool. Many a tedious task can be offloaded to a cleverly written script. Scripts and batch files, however, are like tool boxes without too many tools (which relates more to batch files than scripts). To become truly powerful, the boxes must be filled. That is what my reference book is all about.