Driver support for Windows 7 using Dynamic Driver Provisioning

Just a bit of info for those who are considering using WDS Dynamic Driver Provisioning to add hardware support to Windows images, and also for anyone who is curious to know how we provide operating system support to the myriad of PCs, servers and laptops out there on campus

In order to fully support Windows 7 client deployment and to start to wind-down support for Windows XP, recently we converted 2 out of 3 of our Mixed-mode WDS servers to Native Mode. The Native Mode servers run on Server 2008 R2 and therefore include the option to use Dynamic Driver Provisioning (DDP).

So what is DDP and why is it good for us?

Microsoft tell us that this new WDS functionality provides the following benefits:

  • Eliminates the need to add driver packages manually by using the tools in the Windows Automated Installation Kit.
  • Minimizes the size of install images.
  • Makes it easier to update and manage drivers because the drivers are stored outside the images.
  • Eliminates the need to maintain multiple images for different hardware configurations.
  • Eliminates the need for additional tools to manage drivers (for example, the Microsoft Deployment Toolkit (MDT) or non-Microsoft solutions).
  • Eliminates the need to use an Unattended installation file to add drivers.

And Microsoft are quite right. So far, DDP is working beautifully in our environment. I wont say it’s not a little clunky in places, because it is. Certainly some of the Filters could be better. But this will hopefully come in later versions.

For us, DDP is the perfect solution because we don’t need anything fancy to deploy our operating system images – the MDT is a sledgehammer to crack a nut in our environment, where software is deployed separately using Group Policy and SpecOps (

For those who are interested in the detail of how we use DDP here at Newcastle, please feel free to browse my setup notes

Microsoft Removes Hardware Virtualization Requirement from XP Mode

Nearly missed this. The news is a few weeks old but here goes:

From Paul Thurrott’s SuperSite Blog 18/3/10

Although I’m pretty sure it’s Windows Virtual PC that had required hardware virtualization support, and not XP Mode. XP Mode, of course, requires Windows Virtual PC and Windows 7 Professional or higher. Anyway, semantics aside, here’s the news from Microsoft:

We’re announcing an update to Windows XP Mode today that will make it a more accessible to PCs in small and midsize businesses who want to migrate to Windows 7 Professional but have applications that still require Windows XP. Windows XP Mode will no longer require hardware virtualization technology to run. This change makes it extremely easy for businesses to use Windows XP Mode to address any application incompatibility roadblocks they might have in migrating to Windows 7. Windows XP Mode will of course continue to use hardware virtualization technology such as Intel VT (Intel Virtualization Technology) or AMD-V if available. You can find more information here

Everything you wanted to know about Microsoft OS Activation

There seems to be some confusion as to how Vista/Windows 7/Server 2008/Server 2008 R2 OS activation works both inside/outside the campus domain and on/off the university network so I’ll try and explain what the options are:

KMS activation

KMS (Key Management Server) activation is designed for machines (doesn’t matter which OS) which are connected to the University network at least once in every 6 months.

If a machine is joined to the campus domain then you don’t need to do anything else, the machine will just activate against the ISS KMS server and you can forget about it.

If the machine is on the University network but not in the campus domain then you can manually point the machine at the ISS KMS server and it will activate (see below)

Once a machine has activated against the ISS KMS server it will periodically re-activate automatically, you’ll only a have a problem with it if it doesn’t talk to the KMS server for over 6 months in which case you should use….

MAK Activation

MAK (Multiple Activation Key) activation should be used for machines which are off the campus network for periods of 6 months or more e.g. a University laptop which is always used off campus. If you need a MAK key then you should email the ISS Helpline and ask for a MAK code stating that you need a MAK code along with the OS that you are using e.g. Windows 7. Once you have the MAK code activate windows by typing activate windows in the search box on the start and follow the on screen prompts and enter the MAK code when asked to do so.

MAK activation requires an internet connection but once it’s done your machine will never need activating again unless you re-install the OS (this is the same type of activation you would use on a computer you bought from PC World etc).

Useful activation commands

All of these commands need to be run from a command prompt running with administrator rights, the easiest way to do this is by typing cmd in the search box on the start menu then right click the cmd icon that it finds and select run as administrator.

1 – Activate a machine on the University network which is NOT in the campus domain

cscript c:\windows\system32\slmgr.vbs -skms

cscript c:\windows\system32\slmgr.vbs -ato

2 – Force activation on a machine that is in the campus domain (if you’re impatientJ)

cscript c:\windows\system32\slmgr.vbs -ato

3 – Convert a machine from using MAK to KMS activation and vice versa (you’ll still need to request and use a MAK code if you need one).

N.B. These are generic product keys that are available for all to see at

slmgr -upk

slmgr -ipk 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH

slmgr -ato

The above is for Windows 7 Enterprise, replace the product key as appropriate from the table below

Operating system edition
Product key

Windows 7 and Windows Server 2008 R2

Windows 7 Professional

Windows 7 Professional N

Windows 7 Professional E

Windows 7 Enterprise

Windows 7 Enterprise N

Windows 7 Enterprise E

Windows Server 2008 R2 Web

Windows Server 2008 R2 HPC edition

Windows Server 2008 R2 Standard

Windows Server 2008 R2 Enterprise

Windows Server 2008 R2 Datacenter

Windows Server 2008 R2 for Itanium-based Systems

Windows Vista and Windows Server 2008

Windows Vista Business

Windows Vista Business N

Windows Vista Enterprise

Windows Vista Enterprise N

Windows Web Server 2008

Windows Server 2008 Standard

Windows Server 2008 Standard without Hyper-V

Windows Server 2008 Enterprise

Windows Server 2008 Enterprise without Hyper-V

Windows Server 2008 HPC

Windows Server 2008 Datacenter

Windows Server 2008 Datacenter without Hyper-V

Windows Server 2008 for Itanium-Based Systems

Security Principals, ACE, ACLs, DACLs, and SACLs

As a follow up to an earlier post I made on Advanced NTFS Permissions I thought I’d post some notes I made recently on Security Principals, ACE, ACLs, DACLs, and SACLs

Security Principals

A security principal is an entity that can be authenticated by the system, such as a user account, a computer account, or a thread or process that runs in the security context of a user or computer account and Security groups of these accounts. The important thing to remember is that each principal is automatically assigned a security identifier (SID)when it is created and that these are unique. This is why a domain computer cannot access domain resources if its account is deleted even when a new account with the same name exists.

Access Control Entry (ACE)

An Access Control Entry (ACE) is an element in an access control list (see below). Each ACE controls or monitors access to an object. We see an ACE when we look in the list of security principals which have access tab on an object.
Access Control Lists (ACL)
Broadly speaking an ACLs are the lists of security principals (users, groups and computers that have access to an object. There are two types of ACL. The DACL and the SACL.

Discretionary access control lists (DACLs).

DACLs identify the users and groups that are assigned or denied access permissions on an object. If a DACL does not explicitly identify a security principal it will be denied access to that object.

System access control lists (SACLs).

SACLs identify the users and groups that you want to audit when they successfully access or fail to access an object. Auditing is used to monitor events related to system or network security. A SACL can be found by selecting the Advanced Security settings on an object button and selecting the Auditing Tab


Time to move on from the Windows 7 Release Candidate

If you are still running Windows 7 RC (I’m sure a lot of people are because it was pretty darned stable), the time to move on is fast approaching.

From 15th February, warning messages will start, saying that from 1st March Windows 7 RC will shutdown every 2 hours. You really want to be off the RC by then because you will lose any unsaved work.

If you continue to use the RC through the bi-hourly shutdowns, on 1st June 2010 the RC will cease to meet “genuine” Windows criteria and will not be able to download anything that checks whether the copy of Windows is genuine. You’ll also lose your wallpaper, but by that point that’s the least of your worries! ๐Ÿ˜‰

I’ve still got one machine running the RC – that will change this weekend!

How to add the Quick Launch Toolbar to the Windows 7 taskbar

If you used it a lot in Vista and XP, you might miss the Quick Launch toolbar in Windows 7 as it’s disabled by default.

However, it’s easy to re-enable it:

Right mouse-click on any space on the Taskbar at the bottom of the screen, and select Toolbars… New Toolbar… as shown here:

New Toolbar selection

In the folder field type (or copy and paste) the following:

%userprofile%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch

userprofile%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch

Click Select Folder, and the Quick Launch bar will appear. You can alter the way the Quick Launch bar looks by right-clicking on it and opting to hide/show titles, enlarge/shrink icons, etc.

So, why isn’t there a Quick Launch bar in Windows 7 by default? Because it’s been replaced by more interactive, intelligent Taskbar features that should, in theory, make the Quick Launch bar redundant. That’s the theory anyway…. There’s nothing to stop you having both the old ways and new ways of doing things though.

Windows 7 – Peek, Snap and Shake

Windows 7 Logo

As ever with new operating systems, a slew of extra functionality is added. Unfortunately some neat little features are sometimes lost amongst the big functionality changes when it is publicized. I’ve been using Windows 7 for quite a few months now and one feature set that is making my life easier is all to do with the Aero Desktop. More specifically the Peek, Snap and Shake functions.

Here are some videos that demonstrate the functionality:


At first they do seem rather gimmicky ideas, but after using them for a while, I’m finding that the Snap and Shake functions are incredibly useful when you have many different Windows open and need to get through the clutter.

There are also keyboard commands that reproduce the functionality (Win = The Windows key):

  • Win and Up – Maximize
  • Win and Down – Restore/Minimize
  • Win and Left – Snap to Left of screen
  • Win and Right – Snap to Right of screen
  • Win and Home – Restore or minimize all windows other than the one in focus
  • Win and T – Cycle throw Taskbar entries.
  • Win and Space (hold) – Peek at the desktop
  • Win and G – Bring gadgets to the top
  • Win and number keys (1-9) – Open program pinned on the taskbar in order
  • Win and Plus key – Zoom in
  • Win and Minus key – Zoom out