So, you’re sitting at your PC (or a customer/user’s pc) minding your own beeswax, just installing an application, or perhaps uninstalling an application when… BAM! Something awful hits the fan! Now the bloody thing is all locked up and not responding to any key strokes or mouse clicks. It won’t even let you open up Task Manager to see what in the hell it might be up to, even though you’re pretty sure that it’s up to absolutely nothing…
Now, invariably, the user was standing, looking over your shoulder, absolutely clueless about the fact that you’re boned and about the fact that you too are absolutely clueless… (No, I’ve never been in that position!)
If you’ve been working with PCs for any appreciable amount of time, any good troubleshooter knows that sometimes, for one reason or another, an install or uninstall will get “borked” and that usually happens at just the wrong moment, of course. Thank you Murphy, for that little gem of a “law”…
What happens during application installation or uninstallation?
Lots of stuff, really: files get copied, registry settings are potentially altered or created, active directory information may be read or altered, schema extensions may be initiated, operating system variables may be set, and Programs and Features registration is typically instantiated. Of course, it varies widely based on application demands and requirements… When, for various reasons, one of the necessary steps for an app install or uninstall doesn’t complete or fails outright, it can leave the app in a state of limbo, inhibiting the required re-installation of the app or, in extreme circumstances, it can inhibit the usefulness of the entire system. At the very least, it leaves administrators with a loss of confidence in the system and a dread that the problem is indicative of future time-consuming troubleshooting.
I’ve personally used many methods in the past including registry/file scraping where I try to find all references to the app and ruthlessly (albeit recklessly) remove all discovered instances, in a subtle homage to Orson Wells. I’ve also tried clearing temp files and have, of course, resorted to the time-tested “restart and see if that helps” method, usually followed immediately by, “Ok, let’s see if a hard boot helps”. What else? I’ve restored from Restore Points, run OS diagnostics; I’ve even run some very questionable, 3rd party applications to “reset” the registry. Basically, I’ve tried everything short of waving chicken bones, drenched in the blood of the vanquished, under a full moon at midnight on a solstice. I’m saving that one for a really critical situation!
Although some of these solutions have worked some of the time, most of them live in the “60% of the time, it works every time” category. Although there are not hard-and-fast, always effective methods, I’ve been made aware of some interesting tools from Microsoft and, so far, have had success with them. I thought others may appreciate knowing about them.
This tool is so simple to execute that I’m having difficulty elaborating, so perhaps for once, I won’t. Suffice it to say that the UI is intuitive.
When the process is complete, you’ll receive a results screen indicating that it was (or was not) able to resolve the problem. It’s that simple.
This tool is a bit more involved and, I presume, a bit more risky — think of “malware detection programs reminding you that removing some discovered items may result in the untimely death of your OS” risky. The tool removes all Windows Installer information for one or more applications on a PC through the clever use of Product Codes. With command line options, you can also elect to remove rollback information, remove the “In-Progress” key, or even change ACL’s to Admin Full Control.
As the command line nature of the application can be a bit unwieldy, I’ve included a link to examples of its use as well. Heads-up! You’ll need to be able to determine Product Codes for applications that you’d like to target. Fun!
In summary, we all have our methods; some of those methods are more sound than others or at least more based in actual computer science and we’ll likely continue to employ what we perceive to have worked for us in the past. That’s great. Here are two more for your arsenal. Godspeed, John Glenn!
Is it always beneficial to employ partially or fully-integrated add-on software with your deployment solution? Well, it depends on your process, and your process depends on the capabilities of your selected OS deployment solution.
Third-party applications can be useful in assisting in the management of drivers, application packaging, and patch management, among others. Your solution may include these functions, yet sometimes a third-party vendor, dedicated to one function, may do it better/offer more granularity/better features, etc.
If you have a process that does not include OS images derived from installation media, and you wish to employ third-party software to augment the preparation of your final deployed OS, you'll find that stand-alone add-ons are your best if not only option. You may also find that the selection of available stand-alone applications is not plentiful. The design of stand-alone applications must take into account the state of the operating system and be executed (usually manually) at a specific time during the OS deployment process, either prior to the image capture or after image deployment.
One of the big draws of solutions that utilize imported OS images is the capability to make changes to OS configurations during the application of a raw image when the OS is offline and able to accept changes to files and registry entries. Many of these solutions, such as Microsoft SCCM or MDT, not only allow for development of integrated applications though the support of software development kits (SDK), they also support the creation of automated answer files (with varying granularity) to assist in the configuration of the deployed, raw OS.
Integrated applications, when given access to sufficient features of the deployment solution, can execute the design of the add-on with great efficiency, using standardized, approved methodologies. This enables a high degree of stability and consistency, often reducing associated troubleshooting efforts.
So, if you're selecting a new OS deployment solution or considering a more efficient process, be sure to research what third-party applications are available and potentially useful in your environment. Save yourself some time and effort!
How important are third-party integrated applications within your deployment solution?
What are your favorite plug-ins?
Since Windows Vista, the user interface of Microsoft's operating systems has been greatly enhanced to provide for a smoother, more friendly-on-the-eyes look and feel. This is largely due to the creation of the Windows Aero interface. This interface and the guidelines to which it is restricted can affect the appearance and layout of text windows in applications. The visual effects may be set by the creative use of Group Policy Objects (GPO) or in a base image, prior to deployment.
In the case of UIU Standard, some customers have reported some aberrant GUI behavior which Big Bang Support has discovered to relate directly to these visual effects.
What are the Symptoms?
Checkmarks in UIU Standard user interface (during the Prepare Sysprep Configuration step) for Computer Name and Copy Profile quickly disappear and are therefore not verifiable after the box is checked. In fact, the checkbox is selected and the activated feature will perform as expected; the mark simply is not visible.
Note: The two checkboxes above have been checked
Why is this happening?
The reason for this behavior is directly linked to a specific Windows 7 Aero feature having been turned off or Visual Effects having been set to Adjust for best performance, which will disable all visual effects.
How can this be corrected?
In Control Panel; System; Advanced System settings, click on the Advanced tab and then select the Settings button in the Performance sub-section. Make sure the checkbox for Use visual styles on windows and buttons is checked, (it may be necessary to scroll to the bottom of the list). Alternatively, Select Either Let Windows choose what's best for my computer or Adjust for best appearance
Some device drivers used in hardware include executables along with hardware drivers. Some devices (graphics and audio) include them more frequently, particularly drivers that have been modified and re-branded by major manufacturers. These executables can prove problematic when utilized during a full, unattended installation of an operating system by a PC imaging process. Some drivers insist on the use of their included installation program, which can usually be circumvented, and almost all of them are useful, applicable, or compatible with only one make or model configuration of PC.
If a business is applying a uniform image to PCs with disparate make or model configurations, the installation of the driver's executable will either:
At best, this wastes PC resources with an unnecessarily running program. At worst, it can generate faults and deviate valuable human resources in its remediation.
Some of these drivers actually require an associated executable in order to be configured properly and completely. Their number is very small and if the driver is prepared well, will include instructions for the installation of the executable in its INI file, and the driver will be installable in an unattended fashion. Many of these executables take the form of a CPL or control panel add-in and possibly an associated system tray icon.
Are these hardware-specific applications necessary? Many of these types of applications relate to options for graphics controllers, Wi-Fi connectivity, sound controllers and hotkeys on laptops. The vast majority of the time, they supplant functions already represented by the operating system, with branding opportunities and user-friendly graphical interfaces. In a business setting, they are almost never necessary to operate the hardware, even if they may be desirable. For IT managers, it is favorable to minimize the quantity of applications that may require support, balanced with the actual benefit that those applications provide.
So, how should these hardware-specific applications be applied in the context of an operating system deployment (if they are necessary or sufficiently desirable)? The answer is simple even if the process can be complicated.
Use a bona-fide application deployment methodology. Most modern OS deployment packages either include or work with a separate application deployment feature. Products such as Microsoft's SCCM or Symantec's Ghost Solution Suite include such functions natively. As mentioned, there are third-party options available and many allow application packages to be generated in a several different styles for application to a Microsoft OS natively (such as MSI) or to utilize some installation method (such as EXE).
The bottom line is this: Don't try to force your operating system deployment methodology to do something that it's not designed to do well.
Many features of Windows operating systems that are accomplished natively by Sysprep are included in the various imaging solutions available on the market. One example of these features is the extension of a partition to utilize the total amount on the disc to be imaged, regardless of specific size. This particular feature is executed during mini-setup.
Some imaging solutions include features to perform this operation well. The trouble is that some do not. In the case where this feature is not included in the employed imaging solution, an administrator must resort to using the native toolset by manipulating the Unattend.XML file, (in Windows Vista and newer).
<path>net user administrator /active:yes</path>
With the release of Windows 8, now is an opportune time to revisit the software core to your PCs, namely the firmware (BIOS). This software controls the identification of components in a system along with corresponding features of those components and affects the very bootability of the PC itself.
Why is it a good idea to keep your BIOS up-to-date?
While updating the BIOS might seem like a no-brainer, it's remarkable how often even we forget to upgrade our firmware. One example that we observed in our lab relates to the video display of a common Dell laptop. Upon deploying an image of Windows 8 to the laptop, we identified that the display presented only a black screen with no opportunity to provide input. Troubleshooting efforts revealed that the OS image did in fact deploy, but the machine could not handle calls Windows 8 was making to the display. As a matter of routine, the BIOS was upgraded and voila!, the display functioned as expected. This obviously encouraged us to review the firmware levels of all of our lab hardware and we thought we'd pass the reminder along to our customers/blog followers.
A note on UEFI:
What is it? Unified Extensible Firmware Interface is a 64-bit replacement for BIOS and provides many advantages over BIOS, including support of GPT or GUID Partition Table (replaces the MBR) schema allowing for large boot partitions, a pre-OS environment with networking, architecture supporting intuitive user interfaces and cryptography; all operating independent of the CPU architecture and drivers.
Why might this be important?
Windows 8 offers the integration of Secure Boot technology, available only with UEFI, which will allow systems to authenticate before the PC boots; virtually eliminating the impact of malicious software that attempts to load at boot, including those pesky rootkits. More on UEFI from MSDN
If your organization is investigating or planning to migrate to Windows 8 in the future, now is a great time to reassess your firmware interface technology. Perhaps consider UEFI over BIOS or simply maintain your BIOS firmware levels and update them as necessary to avoid conflicts or difficulties when deploying Windows 8 within your environment.
Recently we have seen several hard disk controller problems arising in enterprise deployment situations. There are some new hard disk controllers, in particular RAID controllers, which are not performing as seamlessly as their predecessors and can be found on high-end workstation class hardware configurations.
The problem that arises in Windows XP is that these new controllers use a driver which unfortunately employs the same naming convention as previous versions of the driver, yet provides for no legacy functionality available in its predecessors. Since the older drivers do not support the new controller, we are left at an impasse as both are boot critical drivers, and both require pre-installation. If we pre-install both, the one that is pre-installed last overwrites any previous driver that was installed. We are currently working on resolving this issue programmatically and in the meantime, provide a work-around for customers which requires additional command line operations.
With Windows 7 the problem becomes a bit trickier as Microsoft includes some very generic class drivers which in theory should cover any hardware and allow the machine to boot. Once the machine is booted UIU can perform its functions on the image and install the driver that is best for the device in question. These new controllers, for specific reasons, are not able to make use of the generic Windows class drivers, and result in a blue screen shortly after boot when the machine attempts to access the contents of the hard drive. The same work-around can also be applied with Windows 7 and is the only effective way to install the drivers for these special case hardware situations until a programmatic solution can be prepared.
In summary, the work-around is that once a UIU image has been prepared, you will shut down and restart into a Windows PE environment where we can inject the needed drivers into the image in an offline state. This will place the drivers into the boot critical area of the windows system and allow for a successful boot. Once injected, the image can then be captured using your normal capture method. It should be noted here that your pre-installation environment (Windows PE) will also need these drivers to be installed in order to push the image to the hard drive in the first place. It should further be noted that in our testing, Windows 8 class drivers have recognized and provided the needed generic support in order to boot.
Below you fill find a step by step process for using Microsoft's DISM (Deployment Image Servicing and Management) to add your boot critical drivers. Not applicable for Windows XP.
Founded in 2001, Big Bang is a software development and training company located in Milwaukee, WI. Our many years of training IT professionals to use Symantec Ghost led to the development of our flagship software application—the Universal Imaging Utility.
Since its release in 2004, our customers have used the UIU to deploy Windows operating systems to millions of PCs throughout the world.
We'd love to hear from you.