Supporting Windows 7, for XP Experts (Comprehensive Edition)

The complete technical support professional's guide to deploying, managing, troubleshooting and just plain getting the most out of Windows 7... for those of us who skipped Vista

 “From 'XP Expert' to 'Windows 7 Wizard' in three days, avoiding the need for a stop in Vistaville along the way!”

a three-day course by Mark Minasi, author of many of the Mastering series of Windows books

Schedule of dates and cities •  Course Objectives  •  Prerequisites •  Course Outline  •   Course Materials  •  Bring a Class to Your Site • About the Instructor  

Course Objectives

Most of the Windows-using world relies upon XP Professional, and has for nearly ten years.  For most of that world, however, it's time for a change, and Windows 7 seems to fill the bill with its vastly improved deployment tools, a completely revised, more modern and faster network stack, a dozen or so new built-in security technologies, much more complete central administration capabilities (including nearly two thousand new group policy settings), and several big improvements in storage.  That's all great news, but how to get your current XP experts up to speed on Windows 7 in the shortest time?  After all, Windows 7 offers a wealth of upgrades from XP, but it also does many things quite differently than XP did, and often in ways that aren't apparent -- unless you know where to look. 

Learning what's new, better, worse, and different than XP, as well as how to support all of those new, better, worse and different things can be quite time-consuming -- unless you let veteran Windows techie Mark Minasi guide you through that thicket.  In three days, Mark explains everything that an XP expert needs to become a Windows 7 wizard, and course delivers it with his distinctly entertaining style, with a host of illuminating demonstrations and trademark humor.  Hey, if nothing else, you won't want to miss this class for its complete coverage of how to smoke out and stamp out Windows blue screens!

Key Seminar Benefits

  • Hear the good news and bad news about supporting Windows 7, from one of the most trusted names in the Windows world, an independent source who's been analyzing, supporting, writing and teaching about Windows and other PC operating systems for a quarter-century
  • Discover the new deployment tools in Microsoft's Windows Automated Installation Kit (WAIK) and how they can save you time and money
  • Learn all of Windows 7's new security technologies so that you're ready to solve application compatibility and "why doesn't this work any more?" problems.
  • Know how to control and repair Windows boot parameters with the new BCDEDIT, BOOT.INI's replacement, and go beyond what most sources cover to unlock the secrets of how to make a non-bootable system bootable in just a few commands!
  • Use Windows' new GUI and command-line tools to control volumes, partitions and the new built-in virtual hard drive support
  • Enable AppLocker and control which people can run what application
  • Find out exactly what that annoying User Account Control thing's doing, how it works... whether or not to disable it!
  • Avoid the dread possibility of malware (or other files or registry keys) that can't be deleted by understanding and controlling Windows Integrity Levels
  • Grasp the essentials of file and Registry virtualization to enable "legacy" (that is, pre-October 2006) applications to run under Windows 7
  • Simplify your support tasks and keep from losing company data by exploiting CompletePC backup and Previous Versions on your systems
  • Get the most out of Windows 7's changes to group policies
  • Get the details on how Windows 7 lets your users organize their files in completely new, faster and more efficient ways with libraries, stacks, and the new Windows Search Service (and the sneaky trick to get Windows to allow you to add a non-indexed file share to a library)
  • Ensure that when you lose a laptop, you lose only the hardware, not the data, with BitLocker
  • Keep your company's data safe even when it's on a USB stick with BitLocker To Go
  • Block users from installing particular types of hardware through group policies
  • Lock down services with Windows 7 and sc.exe's new (and largely unknown) ability to bolster system security against buffer overflow vulnerabilities
  • Uncover the causes and fixes to Windows' dread blue screens

Prerequisites

Anyone taking this class should have at least a basic knowledge of Windows support, Windows networking and security in the XP world.  For example, you'll get the most out of this class if you know that Active Directory lets us centrally administer user accounts and machine settings, if you know what the Registry does, and have some familiarity with group policies.  And, of course, all attendees must have a solid knowledge of the .NET CLR, C# and APL programming.  (Okay, we're just kidding on that last point; no programming experience necessary!)

Course Outline

  1. Introduction:  Windows 7 in Perspective

    Vista's perceived failure in the marketplace, coupled with XP's time-tested reliability has made many folks a bit gun-shy about adopting a new Windows.  Will Windows 7 require major hardware upgrades?  Can you find drivers for it?  32-bit or 64-bit?  Will my apps run on it?  Which one of Windows 7's 273 versions should I adopt?  We'll look at all of these issues in this section.

    1. Why consider an upgrade from XP?
    2. SKUs:  Win 7 Pro versus Win 7 Enterprise/Ultimate
    3. Upgrade paths (good news and bad news)
    4. 32 or 64 bit? Some candid advice
    5. Making the Win 7 Pro/Win 7 Enterprise choice
    6. Hardware compatibility and requirements
    7. Software compatibility

  2. Post-XP Windows Deployment:  Almost Everything You Know Is Wrong, But That's All Right

    For years, Microsoft was never really been successful in developing popular tools for automating Windows, whether for Windows 3.1 or Windows XP.  While scripted installs and Remote Installation Service are good technologies, they've never really caught on amongst support professionals, and in truth the most-used Microsoft deployment tool in the XP world was Sysprep, and then only to facilitate using Ghost or similar products.  Since 2006, though, Microsoft has re-thought deployment and given us a whole new arsenal of rollout tools.  Are those tools the answer, or will they just be another case of "nice try, Redmond?"  In this section, you'll meet Win 7's new "rollout team" and decide for yourself.

    1. New concepts
      1. Windows image (WIM) files
      2. The Windows Automated Installation Kit (WAIK) 2.0
      3. The "repair OS," Windows Preinstallation Edition version 3.0
    2. WIMs versus Ghost
      1. Mountable
      2. Delivering patches
      3. Deployment tools
    3. WAIK Tools
      1. Imagex
      2. Windows System Image Manager
      3. Windows PE 3.0
      4. Sysprep
      5. Windows Deployment Services
      6. USMT and upgrades
      7. Deployment Image Servicing Manager (DISM)
    4.  Working With WIMs  (Windows Image files)
      1. What's a WIM?
      2. Peeking into WIMs with System Image Manager
      3. Working the WIM with imagex
      4. Deploying a WIM with WinPE and Imagex
      5. Deployment's all-new tool:  the Deployment Image System Manager (DISM) replaces pkgmgr, intlcfg and peimg
        1. DISM goals: feature activation, image servicing
        2. Online versus offline behavior
        3. DISM examples: image mounting, offline hotfix installs, feature enable/disable, driver installs, image unmounting
    5. Awful activation: key management service (KMS) overview
      1. Windows activation in Windows 7
      2. Multiple Access Key (MAK) activation versus KMS activation
      3. What KMS does
      4. Finding a KMS server

  3.  Windows' New Boot Structure:  BOOT.INI's Gone, BCDEDIT's Here

    Once you've got Windows 7 deployed, you'll start it up... and that's where we've got some new things to learn.  Part of running any system involves controlling how it starts up in the first place.  Ever since NT 3.1, we've controlled how the NT part of the Windows family boots through a simple text file called boot.ini.  Vista, however, retires boot.ini and replaces it with a more flexible, architecture-independent tool:  the boot configuration database, or BCD.  But don't reach for Notepad to edit BCD... you'll need to learn BCDEDIT, a whole new tool.  And while we're at it, Windows 7 likes to chop up your system's boot disk in a somewhat new way with a 100 MB "hidden partition" but, then it won't be hidden to you once we've covered it!

    1. Talkin' BCD:  new terminology
      1. The "store"
      2. Boot entries
      3. Entry options
    2. Global bcdedit settings
    3. Boot entries, GUIDs and well-known GUIDs
    4. A guide to the most useful entry options 
    5. New disk layout: booting from the "unlettered drive"
    6. BCDEDIT black belt skills:  making unbootable systems bootable

  4. Virtual Disks on Physical Systems:  VHDs and Boot from VHD.

    Windows 7 desktop and server use your disk in ways we've not seen before, with new in-the-box support of the VHD (Virtual Hard Disk) format for storing data and the ability to "boot VHDs natively," a concept that we'll explain in depth in this section.  As you'll see, Microsoft may have to change the name of VHDs to remove "virtual," as Windows 7 uses VHDs in ways that have nothing to do with virtual machines.

    1. Booting from VHD explained and examined
    2. Native VHD support in detail:  creating VHDs, populating them, attaching/detaching
    3. Getting images onto VHDs in the first place
    4. Advanced boot-from-VHD:  run Windows from a handful of files, step by step!
    5. BCDEDIT revisited:  doing the boot surgery for boot-from-VHD
    6. Can't [locate] the drive?  BCDEDIT troubleshooting

  5. Finding and Storing Things Made Easier:  Libraries, Tags, and the Search Index

    Over the years, Microsoft has experimented with different ways of letting your users store and organize their data.  Windows 7 introduces a  new, more flexible concept in the form of libraries, which you might think of as a sort of "My Documents" done better.   If you choose to adopt Windows 7, then you should understand how these work and how to get the most out of them. 

    1. Data organizing help:  keywords, group by, ratings
    2. Libraries explained
      1. A sort of "super folder"
      2. Much more comprehensive search-wise
      3. Adding networked resources to libraries
      4. Deployment issues
    3. Search basics in Windows 7: XP's "index service" becomes the "Windows Search" service, but with important changes
    4. Reconfiguring Search Service (and why you'd want to)
    5. Using Windows' powerful new search language, the answer to "I used to be able to tell XP to show me all files that are over 10 megabytes and whose name starts with 'r,' but I can't figure out how to do it in Windows 7"

  6. Windows Storage News

    One of the sources of big changes in post-XP Windows comes from an often-overlooked area:  storage.  Windows 7 includes a completely different set of backup tools than those found in XP, a number of data integrity tools, and built-in support for creating and managing virtual hard disks (VHDs) which, despite their name, aren't just for virtual machines.  You can even boot a physical Windows 7 system from a VHD, as you'll see in this section.

    1. Resizable volumes:  no more Partition Magic needed
    2. Windows Backup
      1. Completely new backup system
      2. No tapes... but supports DVD and CD
      3. Data organization
      4. Windows Backup problems
    3. Recovering from catastrophic failure:  CompletePC backup
      1. How CompletePC backup works
      2. Administering CompletePC:  starting, stopping, scheduling, monitoring
      3. Restoring CompletePC backups:  the Windows Recovery Environment
      4. Doing bare metal restores with CompletePC
    4. Getting Data Back
      1. Volume shadow copies
      2. Undelete comes to Windows 7:  "Previous Versions" with no server needed
      3. Configuring "Previous Versions"
    5. NTFS and Registry change:  transactions
      1. How transaction-based changes work
      2. Implications for patches
    6. Optical disk support via "isoburn"

  7. User Account Control

    Once we've mastered storage, it's time to start working with everyone's favorite Windows headache:  security. You may not know of every post-XP feature, but there's at least one new Windows feature you probably know: User Account Control.  Known informally as "the Vista feature that everyone loved to hate," UAC was intended as an anti-malware tool that actually didn't really work, but we think it's useful for other reasons, as you'll learn here.  The key to UAC lies in understanding it, and understanding how it can contribute to application compatibility problems.  Additionally, UAC contains a very important and useful patch that actually solves many app compat problems automatically, allowing you to run older applications that would otherwise fail when run as a standard user rather than an administrator.  Yes, UAC can be annoying, but to know it is to love it -- and in this section, we'll show you more about UAC than you can find anywhere else!

    1. UAC component overview
      1. Administrator Approval Mode
      2. "Standard user"
      3. "Elevation"
      4. Split token
      5. Deciding which token to offer
      6. File and Registry virtualization
    2. What are administrators made of?  How UAC creates the split token
      1. The Notorious Nine
      2. The Fearsome Four
      3. Integrity levels
    3. Controlling UAC and elevation
      1. UAC's seven rules to elevate
      2. How to override UAC's defaults
      3. Solving UAC-related application compatibility issues in Windows 7: understanding manifests
    4. File and Registry virtualization
      1. What it is, how it works, seeing it in action
      2. Rules for virtualizing
      3. Fine-tuning Registry virtualization
      4. Monitoring virtualization:  virtualization as a software inventory tool

  8. Windows Integrity Levels

    Perhaps Windows 7's least-known but most potentially scary new feature is something called Windows Integrity Levels (WILs).  WIL is a concept intended to protect your files from malware by identifying different levels of "trustworthiness" on users, processes, and objects (files and folders, for example).   Once those levels of trustworthiness — "integrity" is Microsoft's phrase — are established, then higher-integrity objects (like your personal data) can be shielded from lower-integrity objects (like any malware derived from the Internet).  That sounds like file permissions, yes, but it's more than that, as "integrity permissions" always beat file permissions.  The sad news is that Microsoft implemented integrity levels, but didn't do much with it, nor did they tell anyone about it.  The bad news is that malware writers can, using these integrity levels, create malware that cannot be deleted by an administrator... yikes!  But after completing this section, you'll know how to control WILs so as to combat those kinds of attacks, as well as get some ideas about how to use this new tool to protect your data and applications.

    1. The basics:  mandatory access controls and integrity levels
    2. How integrity levels affect object access in Windows
    3. Extending the integrity model
    4. chml, a tool to let you modify integrity levels
    5. Integrity levels versus permissions

  9. Controlling Who Can Use Which Applications:  Applocker

    In October 2001, XP introduced the idea of "Software Restrictions Policies" (SRPs), a set of group policies aimed at letting administrators block users from running unauthorized applications.  It wasn't a bad first try, but the software environment at the time — one wherein very few applications could be identified by their digital signatures — limited SRP's usefulness.  As time's gone on, however, far more applications are signed, and so SRPs deserve a second look even in XP shops.  With Windows 7, however, Microsoft introduces a significantly improved update on SRPs that they've called "Applocker."  This section explains the differences between SRP and Applocker and suggests how each can assist your organization in controlling the range of apps that you allow to run on your desktops.

    1. Applocker/SRP similarities
    2. Applocker/SRP differences
    3. Using Applocker audit/block settings for testing
    4. Moving Applocker policies from the lab to the enterprise
    5. What to do when you've "Applocked" yourself out
    6. Clearing Applocker settings
    7. Where Software Restriction Policies can be more useful than Applocker

  10. Windows and Physical Security I:  BitLocker

    Years back, Microsoft offered a set of ideas that they called the Next Generation Secure Computing Base initiative, or you may recall its code name "Palladium."  About the only thing that's actually seen the light of day from the Palladium ideas is a terrific anti-data-theft tool called BitLocker.  This section shows you what BitLocker does, but, better, it shows you how to do the extra BitLocker stuff that Microsoft would prefer that you didn't know.  If you have laptops, then you need to understand BitLocker, as it's the tool that ensures that when you lose a laptop, then you lose only the hardware... not the data.

    1. BitLocker basics:  full volume encryption
    2. How is it uncrackable?  Is it uncrackable?
    3. Getting your system ready for BitLocker
    4. Setting up BitLocker with a "TPM" chip
    5. Setting up BitLocker without a TPM chip
    6. Choosing the level of encryption
    7. What to do when your laptop's toast and you need your data
    8. Configuring BitLocker with manage-bde

  11. Windows and Physical Security II:  Plug and Play Restrictions

    Ever since the movie The Recruit, people have worried about data theft from USB devices.  What keeps an unhappy employee or a visitor from popping a USB memory stick into a USB slot and siphoning off your company's data?  Windows 7, that's what, with a new set of group policies controlling hardware installation.

    1. New hardware installation controls
    2. Creating whitelists or blacklists
    3. Understanding and finding hardware IDs, compatible IDs, and class GUIDs
    4. Steps to blocking a piece of hardware from installing

  12. Windows and Physical Security III:  BitLocker To Go, Encryption for Portable Devices

    Vista and Server 2008 brought BitLocker, a tool that let you encrypt any or all of your internal hard disks.  It slowed your drives down a bit, but ensured that if you left your laptop on an airplane then no one could peek at your data.  With Windows 7, Microsoft has extended Bitlocker's job to enable you to use it to encrypt USB sticks and other portable data devices.  Why do this?  USB sticks worry many folks, as they fear that users might copy important company data onto a USB stick and then accidentally leave it where someone could find it and read that data.  With BitLocker To Go, you can instruct one of your computers to only permit a user to copy data onto a USB stick if that USB stick's encrypted.  That way, if the user loses the USB stick, then whoever finds it won't be able to read its data.  This section explains how to make BitLocker To Go work, and what limitations it presents. 

    1. BitLocker To Go overview and limitations
    2. Encrypting a USB stick
    3. Decrypting a USB stick
    4. Forcing systems to require BitLocker To Go

  13. Windows Service Architecture Changes Under Windows 7

    Windows services are an important pillar of Windows' architecture... but they've been a source of security nightmares, as evidenced by Code Red, SQL Slammer, Nimda, Blaster, Sasser and others. In Windows 7, Microsoft has completely re-engineered how services work under-the-hood to allow developers to build services that are far more worm-resistant. But what about when those developers are a bit lazy? With the right knowledge, a savvy admin can tighten up many Windows services... without having to know how to write a line of C++!

    1. Review:  why services offer vulnerabilities
    2. Service session isolation
      1. How it works
      2. Solving potential compatibility issues arising from it
    3. Reduced service privileges:  "least privilege" and the new services
      1. How it works
      2. How to see if a service has been "least privileged"
      3. Dialing down a service's privileges without being a programmer
    4. Service isolation
      1. How it works:  the new "restricted SID"
      2. Service SIDs
      3. How to restrict a service when the coders haven't bothered
    5. Service bounce:  new Service Restart settings
    6. Why's that not up yet?  Auto-delay services, a new type of service

  14. Short Post-XP Windows Security Items

    This section ends our look at Windows security with a roundup of short Windows 7 security topics.

    1. Changes to group policy security default settings
    2. Potential incompatibilities
    3. Administrator account disabled
    4. Folders and groups eliminated
    5. Windows Firewall changes

  15. Windows 7 Gets More (Remote) Controlling

    While running around to user's desks to fix things might be a good way to stay in shape, it's not really productive, particularly given the fact that there are an awful lot of users out there and fewer and fewer of us support folks -- so remote control's a good idea.  Fortunately, Windows 7's got some nice upgrades for Remote Desktop and a completely new remote control protocol and tool, WinRM and Windows Remote Shell.  This section shows you how to extend your reach with these new tools!

    1. Remote Desktop gets better in Windows 7
      1. New name: Remote Desktop Services (RDS)
      2. More secure, if you opt for it
      3. Bandwidth throttling between interactive and noninteractive parts of RDS sessions
      4. EasyPrint simplifies remote desktop printing
      5. Block transfers speed up RDS sessions, once enabled
    2. Windows' RPC replacement:  WinRM
      1. Why WinRM is replacing RPC
      2. WinRM essentials
      3. WinRM setup and security
      4. Where WinRM's currently in use in Vista, Server 2008, Windows 7 or Server 2008 R2
      5. WinRM troubleshooting
      6. Secure remote control with winrs, "Windows Remote Shell"
      7. Back-porting WinRM to XP and 2003
      8. Solving Windows 7/XP WinRM compatibility issues

  16. What's Changed in Windows 7's TCP and IP

    XP's network software has served us well, but the Internet's realities have changed between XP's 2001 debut and now, and Windows' networking software has changed to reflect that.  Surprisingly, though, this has led to a situation wherein Windows up-to-date network software is showing up some older, less with-the-times network stacks, often leading to interoperability problems that seem to be caused by Windows 7, but that are actually the fault of the older stuff.  In this section, you'll learn how to recognize and troubleshoot  these problems.  We'll also spend a little time talking about another Internet change that we will all be dealing with in a year or two -- IPv6.  In this section, we'll explain a bit about why IPv6 is imminent and pass along just a few "must-know" IPv6 pointers.

    1. Post-XP TCP:  RFC 1323 and what it means
      1. Where you'll see performance improvements
      2. Problems arising from networks with older networking hardware
      3. Troubleshooting procedures and workarounds
    2. A few words on IPv6
      1. The latest on IPv6 deployment levels
      2. De-weirding IPv6
        1. What's in an IPv6 address
        2. High-level view of IPv6 auto-configuration
          1. Where systems get IPv6 addresses, routers
          2. Where IPv6 systems get DNS addresses
          3. Anatomy of an IPCONFIG output:  what is all that new stuff in IPCONFIG?

  17. Short Network Items

    Simply focusing on the big changes to post-XP Windows networking would lead us to miss out on some of Win 7's small but likeable additions to Windows networking, which we cover in this short section.

    1. Wireless UI changes and faster wireless connection
    2. Network and Sharing Center
    3. In the box:  setspn, whoami, robocopy, klist, sc and more

  18. Group Policies in Windows 7

    From networking, we move next to Windows 7's many new management tools and management infrastructures.  The premier Windows central management tools is group policies.  Group policies are a great idea, but ever since they appeared in Windows 2000 they've been a bit clunky:  useful, but hard to administer and troubleshoot.  To combat that, Microsoft completely rebuilt the group policy engine, added 900 new group policy settings, changed how group policies are defined, and made a host of other changes to make group policies more useful and more of a "must-use" tool.  And they did it all without sacrificing backward compatibility, mostly.  Find out about these changes in this section.

    1. What group policies needed in XP
    2. The group policy engine
      1. New service rather than part of Winlogon
      2. Hardened service isolates third party client side extensions
      3. Improved GP refresh methods
    3. Multiple local GPOs
    4. Network Location Awareness service 2.0
    5. Completely revised group policy engine logging
    6. New administrative templates
      1. XML based
      2. Centralized store of admin templates reduces "Sysvol bloat"
      3. Implementing the Central Store
    7. Getting the Group Policy Management Console onto Windows 7
    8. New group policy settings areas
    9. GPMC improvements
      1. Comments (hey, don't laugh until you have to look at a ten-year-old group policy object!)
      2. Keyword searches
      3. Starter GPOs

  19. Win 7's New Event Viewer

    Who would have imagined that the Event Viewer would play a minor starring role in Windows 7?  While uprooting and rebuilding pieces of Windows, Microsoft decided (rightly) that Event Viewer was way overdue for a facelift.  The new Event Viewer bears very little resemblance to the tool that changed very little between Windows NT 3.1 and Windows Server 2003 R2.  This section examines its extensive set of new capabilities and how to exploit them.

    1. Windows 7 Event Viewer features
      1. Completely restructured logs
      2. New urgency level "critical"
      3. Event triggers
      4. Events can be collected at a central system
      5. Log size limits gone
    2. Creating event triggers
    3. Centralizing events
      1. Configuration setup
      2. Security setup
    4. Command-line Event Viewer:  wevtutil
    5. Getting the most out of the Event Viewer:  the sneaky way to use Xpath queries

  20. Solving Blue Screens and Lockups

    The toolkit of anyone supporting any version of Windows simply isn't complete without a knowledge of blue screens -- what causes them, measures to prevent them, and tools to analyze and ameliorate them. This section explains why in the end analysis blue screens are quite good news, and what to do with that news!

    1. What causes blue screens
    2. Controlling the crash dump files
    3. Crash dump files and pagefiles
    4. Analyzing the dump: perhaps Microsoft will do it for free
    5. Analyzing a dump yourself
    6. Analyzing and solving system lockups with Driver Verifier and other tools

  21.  Windows' New Management and Reliability Tools

    Windows 7 comes with a number of tools intended to help you keep your system running in peak shape and, given how hardware-intensive Windows 7 can be, that's a good thing!   In this section, we'll meet those tools.

    1. Performance rating tool
    2. Reliability Monitor:  quick answers to "when did the problem start?"
    3. Problem Steps Recorder:  Windows 7's most-beloved unknown feature
    4. Action Center: provider of security advice, blue screen tracker, and the "mute button" for a lot of irritating notifications
    5. Resource Monitor
    6. System tray squelch:  pop those balloons!
    7. ReadyBoost and ReadyDrive
    8. Getting green: using powercfg to monitor energy use and suggest new ways to save energy

Course Materials and Course Format

The class works from PowerPoint presentations.  Every attendee gets a printed copy of the PowerPoints.  To make it possible to run this course in just three days, this runs in mainly lecture format.

Arranging a Course At Your Location

We offer this class as a public seminar about a half-dozen times a year; you can view the current schedule www.minasi.com/pubsems.htm.  But you needn't wait — Mark can come to your organization to teach it on-site. On-site classes offer you the flexibility to lengthen or shorten the class, add hands-on labs, modify the course's focus and zero in on your group's specific needs.

Please contact our office at (757) 426-1431 between 12 Noon-5 Eastern time or email Assistant@Minasi.com to discuss scheduling and fees.