Even though I switched to the
Apple operating systems and devices in my personal life, I still have
some laptops, and virtual machines around for work. In the almost 15
years, I seen, used, supported and troubleshot(??) basically every
Windows operating system around.
If
you follow the development of the OS through the years, it's getting
better with (almost) every release. There were some bad ones though;
Windows Millennium Edition, and Windows Vista were most notorious....
Until now. Now we have Windows 8(.1).
Windows 8(.1) is (in my opinion) a Frankenstein monster that incorporates a tablet Metro desktop and a crippled old-skool desktop.
A fairy long title, but it describes exactly what this post is about. Once again a post about a Microsoft product and the way it works (or rather doesn't work) with your average Internet standard.
This week I was busy with RADIUS, 802.1x, PKI and the protection of websites with SSL encryption. For the implementation of 802.1x, I needed a PKI environment, so I used the Microsoft Certificate Services for that purpose. Along the way, I needed an SSL certificate for an internal website, but this particular website needed to work properly based on different FQDN's and or IP addresses without throwing warining or errors regarding the SSL connection.
The way to do this is to add Subject Alternative Names (SAN) to the certificate. This enables you to access the website in different ways, e.g.;
- Access a webmail host from the internet based on its official FQDN (https://webmail.somedomain.com)
- Access the same webmail host from the inside of the corporate lan based on its internal name (https://webmail.acme.local)
- And access the host from legacy DNS-unaware software on its IP address (https://192.168.1.254)
We've been experimenting with with the use of user certificates for VPN access to the lab. Issuing, and using them isn't the problem. The problem is that there's no way of enforcing a password on the use of the private key. You can use private key protection on the certificate template, but that still doesn't enforce a password requirement. The user still has the option to choosing for the notification instead of a password.
Certificate Template - Request Handling OptionsThere's an option to enforce a password, but that's system wide for the Microsoft Cryptographic Service Provider, and we don't want to enforce passwords for ALL certificates. We just want to enforce passwords for this specific template.
Windows Phone 7 SeriesMicrosoft will be shipping a new phone operating system this year. After the Windows Mobile brand, they're switching to an alternate name; Windows Phone 7 Series. And obviously, with a new name comes a new website; http://www.windowsphone7series.com.
I can't really see why they keep bothering trying to access the phone market. Every single Windows Mobile (or Windows CE as it was called in the old days) device I've owned crashed more frequently than the 'good old' Windows Millennium Edition on an average Sunday. I can't count the number of times that I received a phonecall while doing something else (e.g. playing solitaire, or reading e-mail) and that the call finally went to voicemail. Why? because the phone froze, crashed, or answer button was unresponsive.
When working with Virtual Machines (VM's) you probably work with templates (and/or) clones to create new VM's. When you do this, you basically get a fixed drive with this. The size of the drives are basically the size from when you created them in the past. Since people put more and more crap programs in these VM's, you'll need more, and more diskspace.
Under VMWare it's relatively simple to add space to a virtual disk (vmdk), or even add an additional disk to the VM. The problem is that this works for creating additional partitions or extend existing NON primary system partitions. This means that you can't enlarge your C: partition, a partition where (under normal circumstances) all your programs are installed.
During the last couple of weeks I've been using Windows 7 at my work laptop (a Dell E6500). The OS itself ain't that bad (but still no OSX). Among the many improvements there's a new Backup ad Restore Center in the OS (compared to Windows XP, since I skipped Vista). But the application/service has a flaw. A very annoying one.
The interface is pretty intuitive and definitely more user-friendly. There's the option of backing up to a local (CD/DVD) drive, and you can choose to backup to a network share. In the corporate environment I choose the network drive. To do this, you do need ownership (some special permissions) on the drive share. This way the Backup and Restore application can do its thing.
Since Windows 7 is a member of the corporate domain I don't need to enter any credentials when accessing network shares, except with the backup application. Why? Don't ask me. But this is where the flaw kicks in.
;)
