Microsoft Windows Experts

HowTo: Perform an In-Place Upgrade on Windows Vista, Windows 7, Windows Server 2008 & Windows Server 2008 R2 October 7, 2011

An in-place upgrade is the final alternative before you have to reinstall the operating system.
Note: It takes the same amount of time to do the upgrade as to reinstall the operating system. Also, some of your customized Windows settings may be lost through this process.

Performing a repair installation will restore the current Windows installation to the version of the installation DVD. This also requires the installation of all updates that are not included on the installation DVD.

Note: Performing a repair installation will not damage files and applications that are currently installed on your computer.

To perform a repair installation of Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2, follow these steps:

  1. Close all the running applications.
  2. Insert the Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2 DVD in the computer’s DVD drive.
  3. In the Setup window, click Install Now.

    Note: If Windows does not automatically detect the DVD, follow these steps:

    1. Click Start, and then type Drive:\setup.exe in the Start Search box.
      Note: The Drive placeholder is the drive letter of the computer’s DVD drive.
    2. In the Programs list, click Setup.exe.
    3. In the Setup window, click Install Now.
  4. Click Go online to obtain the latest updates for installation (recommended).
  5. Type the CD key if you are prompted to do this.
  6. Select the operating system in “Install Windows” page you want to Upgrade or Inplace.
  7. Click Yes to accept the Microsoft Software License Terms.
  8. On the Which type of installation do you want? screen, click Upgrade.
  9. When the installation is complete, restart your computer.

QuickTip: File on a Windows 2008 or Vista system is owned by trusted installer and can’t be replaced or modified

Filed under: Misc — helpforsure @ 12:06 am
Tags: , , , , , ,

In Windows 2008 Server or Windows Vista, Various Files are by default owned by the ‘Trusted Installer’ account. The administrator may have read only access to these files.At various times, you may be instructed by Microsoft Support to replace versions of these protected files.
In addition, various configuration files are owned by the Trusted installer and you may need to make modification to these files to enable tracing or make other configuration changes. If you manually take ownership of the files, you will not be able to restore the default configuration since the GUI doesn’t display the account ‘trusted installer’ in the owner dialog. It is highly recommended that after making the needed changes, you restore the ACLs to their previous default configuration. The proper procedure for this is to first backup the ACLs using icacls and then later restore the ACLs back on the file(s) once the operation is complete.
These ACL’s can be backed up by typing the following command at the command prompt (use an elevated command prompt if UAC is enabled by right clicking a cmd.exe shortcut and choosing ‘run as administrator’)

icacls %windir%\system32\CustomApp.exe /save C:\BackedUpACLs.txt

After this you should take ownership of the file and modify the permissions. This will allow you to replace the file (after making a copy of it first) or make the needed modifications.

When you are finished making your changes and are ready to return the permissions to the default, you can use the following command to restore the ACLs that you previously backed up. This will allow Trusted Installer to become the owner of the file again.

icacls c:\windows\system32\ /restore c:\BackedUpACLs.txt

This file is text based and can be viewed with the following command:
notepad c:\MyBackedUpACLs.txt

Note: You may use wildcards, but keep in mind that it’ll fail if you haven’t taken ownership of all of the files that match your wildcard mask and changed the permissions to grant yourself control. In other words, if you back all of the executables in System32 with the following command:

icacls %windir%\system32\*.exe /save c:\BackedUpACLs.txt

Then, you would have to take ownership of ALL of the .exe files which ‘trusted installer’ owned and change thier permissions to grant your logged in account rights to the file. This is because the restore operation will attempt to restore ALL of the .exe’s that matched your wildcard mask. If it finds a file that it cannot access, the entire opreation will stop and the files that normally would have worked will never be reached.


Citrix Xnapshot | Self-Service Tool May 3, 2011

Hello everyone!

Today, I wanted to share some information on Citrix XnapShot utility..

Citrix Xnapshot is a profiling and monitoring utility focused on the Citrix XenDesktop Environment. It collects a wealth of information about the underlying system and its configuration, such as BIOS information, Registry information, Device Drivers, Windows Services, Installed Hotfixes, Citrix Binaries, and Citrix XenDesktop Farm information. The data collected is organized in such a way to make it easy for various Xnapshot collections to be compared against each other to quickly highlight any changes in the environment. The Xnapshot application itself provides the facility for viewing and comparing these reports.

In addition to data collection, Xnapshot includes a health monitoring component called XMLMon. XMLMon monitors the Citrix XenDesktop XML Brokers and can send an email alert if a problem is detected. In addition to sending an email alert, XMLMon can be configured to capture user-dumps of the core Citrix services.

Xnapshot also includes a PowerShell panel, allowing Administrator’s to easily execute PowerShell scripts directly from Xnapshot.

For troubleshooting Citrix XenDesktop, Xnapshot also includes the ability to launch Citrix troubleshooting utilities such as XDPing and CDFControl.

For full details, see the Quick Start guide found in the root directory where the utility is extracted to.

Download Citrix XnapShot


Certificate Concepts April 19, 2011

Certificate Concepts

19 April 2011  07:12

I would like to share some information with you about how digital certificates work. Understanding the concepts about how certificates work is important when troubleshooting PKI issues.

Let’s start by defining digital certificate: digital certificates are electronic credentials that are used to assert the online identities of individuals, computers and other entities on a network. The concept of digital certificates is much like the concept of a driver’s license. Like a drivers’ license, a certificate is issued by a central authority that has validated the identity of the person (or computer, application, services, etc.) requesting the certificate. Now that we have defined digital certificates let us move on to the details.

Certificate Architecture

Certificates issued by Windows Server 2003 and earlier are based on standards established by the Public-Key Infrastructure X.509 Working Group of the Internet Engineering Task Force. Version 1 of the standard defines a set of fields that should exist in every X.509 digital certificate. Version 2 added two more fields in order to support X.500 directory access control. Finally, version 3 introduced the concept of a Certificate Extension. Certificate extensions are simply fields that may be specified in standards or may be defined by a registered by a vendor, individual, or community. The Windows Certificate Server included in Windows 2000 and later supports X.509 Version 3 digital certificates.

The format of a v3 digital certificate is illustrated below.

X.509 Version 3 Certificate


      • Version: Identifies the version of the X.509 standard to which the certificate adheres. Certificates issued by a Windows CA certificate authority are always v3.
      • Certificate Serial Number: A unique identifier for each certificate issued by a particular Certificate Authority. This number must be unique amongst all certificates issued by that CA.
      • Issuer: The distinguished name of the CA that issued the certificate. This field identifies the authority responsible for verifying the identity of the Subject of the certificate.
      • Subject: The name of the computer, user, network device or service to which the certificate is issued.
      • Valid from: The date and time when the certificate becomes valid.
      • Valid to: The date and time when the certificate expires.
      • Public Key: Contains the public key of the key pair that is associated with the certificate.
      • Issuer Unique Identifier: Information that can be used to uniquely identify the issuer of the digital certificate.
      • Subject Unique Identifier: Information that can be used to uniquely identify the owner of the digital certificate.
      • Extensions: Version 3 certificates include extensions that provide additional functionality and features to the certificates.

As can be seen, a digital certificate links a subject identity and a public/private key in a signed and therefore verifiable digital document.

Example User Certificate


When double clicking on a certificate in Windows the Details tab displays the fields mentioned above. This is an easy way of visually verifying the Validity dates and the Subject.

The Certification Path tab displays the certificate path from the root down to the certificate being evaluated.

Basic Certificate Validation:

For a certificate to function properly, the following items must validate correctly (at a minimum):

1. Subject name: The subject of the certificate must match the resource subject that is being used. For example, when using https the subject in the certificate being used on the web server must match the https URL that users will use to connect to the https website. Subject name is analogous to the name on a driver’s license.

2. Validity Period: The (Valid From) and (Valid To) must be within the time frame the certificate is planning on being used. This is much like the expiration of a driver’s license. Validity period is analogous to the expiration date on a driver’s license.

3. Trust: The certificate must be used by a trusted Certificate Authority. Trust is analogous to the State that issued a driver’s license. Because the State that issued the license is a member of the union that makes up the United States we trust the issuer of the license.

4. Chain Building: Chain building is the process of building a trust chain, or certification path, from the end certificate to a root CA that is trusted by the security principal. The chain-building process will validate the certification path by checking each certificate in the certification path from the end certificate to the root CA’s certificate.

5. Key Usage: To help control the usage of a certificate outside of its intended purpose, the optional Enhanced Key Usage extension can be included in the certificate by the CA. The Enhanced Key Usage extension contains a list of usages for which the certificate is valid. These usages, also known as intended purposes, are displayed on the General tab of the certificate dialog box. This is important when evaluating why a certificate may not be working correctly. Key Usage is analogous to driver’s license endorsements (types of vehicles that can be driven with this license).

6. Revocation Checking: Each certificate in the certificate chain is verified to ensure that none of the certificates are revoked. A certificate can be revoked prior to the expiration date to disavow the certificate. Revocation Checking is analogous to checking a driver’s license against a State database to verify that a driver’s license has not been revoked for a violation.


Certificates issued by Windows Server 2003 and earlier are based on standards established by the Public-Key Infrastructure X.509 Working Group of the Internet Engineering Task Force. The Windows Certificate Server included in Windows 2000 and later supports X.509 Version 3 digital certificates. Subject Name, Validity Period, Trust, Chaining, Key Usage, and Revocation need to be validated for a certificate to function properly.


Cool Stuff | Pin Hotmail on your Windows-7 Taskbar April 16, 2011

Filed under: Misc — helpforsure @ 11:34 am
Tags: , , , , ,

Hotmail just got even better when run on IE9. Today, Hotmail added email notifications to its pinned site that displays the number of new messages directly in the taskbar. It’s an easy way to keep an eye on new updates with a glance. Pin Hotmail to your taskbar to start seeing this in action!

Hotmail also gives you quick access to mail tasks from the jumplist. Right-click on the Hotmail icon to jump to a task like send mail:


Now when you pin Hotmail to the taskbar, you can use it like a native desktop application on Windows 7. With pinned sites, developers can add capabilities like notifications, jumplists and thumbnail toolbars to your Web sites too. See these MSDN articles and Test Drive demo for details:

Check out many more useful (and addictive) pinned site experiences on and on the Internet Explorer Gallery.

If you’re running Windows 7 but not yet running IE9, upgrade now to get the most from your browsing experience.