Tag Archives: Windows 7

Windows Activation

Ed Bott is digging into the technology behind Windows Activation, and one of the more amusing bits was when he had to use a cracking program to fix a file he had intentionally damaged since Microsoft’s own tool was unable to fix it.  My own amusing story was when I was trying to properly activate our work systems.  Since the volume management auto-registration program (KMS) won’t run until at least 25 Windows 7 systems have tried to register (why? I’ve no idea), I decided to fall back on our key (MAK) that we can use alternatively in limited use.  The key had worked for me fine before when I used the GUI, but when I used the command line ‘slmgr.vbs’ Windows still showed as being un-activated.  I wanted to use the command line so that I wouldn’t have to visit each system to register them, so I tried to force it on my own computer by using the undocumented ‘rearm’ switch.  I figured it would either work, or reset to default settings at which point I could try putting the key back in, but no, I got this instead:

Capture‘Unauthorized’?  By who?

It goes without saying that the OS in fact does NOT have to be reinstalled, but instead the licensing cache has to be cleared out (it also turns out that an extra command is required to register through the command line).  If Microsoft is going to be a bit overbearing in preventing piracy, couldn’t they at least make sure their anti-piracy protections work?  It aggravates me all the more since I’ve always made sure we are properly licensed and I would think that somewhere in the bucket of money we send them every year they could find the funds to fix stuff like this.

SSL on the Nortel BCM

All of these concepts are probably familiar to those in the know, but I wasn’t able to put the pieces together until I upgraded to Windows 7 and found that without a properly working SSL configuration Windows 7 wasn’t going to load up the BCM system administration utility.

The documentation for the Nortel BCM states to go to the ‘Maintenance’ section, and then ‘Maintenance Tools’ (well it doesn’t say that but I found it anyway), and then ‘Upload a Certificate and Private Key’.  However, where do I get these?  I knew that the certification would come from my Windows based CA that runs in the domain, but there wasn’t a tool to generate a certificate request on the BCM.  My clue was that a private key, the key used to generate the request, had to be uploaded as well.  I then used the version of openssl on the BCM to do the work, though in hindsight it probably would have been easier to use a newer version installed elsewhere. 

First, upon doing a version check of openssl I noticed that the working directory that it was looking for (‘c:\openssl\ssl’) didn’t exist.  I manually created the directory and did the work from there.  Eventually I discovered that the ‘openssl.cnf’ file (that was called something else and buried elsewhere on a different drive) that shipped with the BCM was lacking and I ended up brewing my own with the following settings:

[ req ]
default_bits        = 2048
default_keyfile         = privkey.pem
encrypt_rsa_key        = no
default_md        = sha1
distinguished_name        = req_distinguished_name
x509_extensions         = root_ca_extensions

[ req_distinguished_name ]
0.organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
localityName = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64

[ root_ca_extensions ]
basicConstraints        = CA:true

I then executed a command along the lines of the following and filling out the ‘form’ that comes up:

openssl req -new -newkey rsa:1024 -nodes -keyout bcmkey.pem -out bcmreq.pem

I then FTP’d (bad form, but I already said that a different method would have been better) the two files up to my file server.  I put the ‘req’ file through my Windows CA (‘Base 64 encoded’, and unlike the HP ILO card I didn’t need the whole chain) to get the web server certificate and I then uploaded them both up the BCM and viola, the SSL warning error messages were gone and the manager was happy under Windows 7.

Let Down a Little by 7

Although my limited Windows 7 experience thus far has been largely positive, even my meager deployment of a half dozen PCs has turned up two irritations:

  • Firstly, I started up four of the HP systems we purchased and two of the systems started in a different manner than the other two.  The ‘different’ systems had startup menu options that appeared out of sync.  It still got the job done, but it was disconcerting that even such a limited number of Windows PCs couldn’t be bothered to start up in a consistent manner (“did someone use this before me?”).
  • Secondly, my user base is pretty anxious for their new PCs so I was hoping to avoid a time sink by simply upgrading Windows 7 Pro (the OEM version which ships on the units) to Windows 7 Enterprise (the SA version we’re entitled to run).  Doing this would save me time from having to rebuild the application and driver base to support the system.  Unfortunately I got a big old error message stating that ‘Windows 7 Pro cannot be upgraded to Windows 7 Enterprise’.  Why the frick not?  Is it that involved of a process to copy that small handful of code that differentiates the versions?  It can upgrade from Vista Business, why not 7?

My only other peeve is the nasty mess that is the control panel.  I figured this would be one of the big things addressed with the upgrade, but that half baked idea is a direct port of the original Vista implementation.  I wait with baited breath in anticipation of finding another landmine.

All for Naught

We’re going to be getting some very nice business desktops at work which will have quite a bit more CPU power and six (!) times the memory of our current systems.  This of course means that it will now take a little bit longer for my PC to be brought to it’s knees by the Java memory leaks that plague every web management app that I use.

Failed Windows Marketing

A friend sent along this note which points out some various positive points about ‘Windows 7’.  It is a microcosm of everything that was wrong with Windows Vista’s marketing effort.  To be fair, the marketing folks didn’t have much to work with in Vista, but still.

I recall going to the big launch party for the 2007 products and while the presenter (Matt Hester as I recall) had a lot of nice, informative things to say about Exchange 2007 and Office 2007, when it came to Vista all he had were second rate versions of features that appeared on Macs years ago, and a refresh of the video games that come packed with Windows.  In hindsight he had to know that Vista was a weak link in his presentation, especially when he’s giving a prolonged speech to an auditorium full of tech professionals about the new graphic schemes for Minesweeper.

Windows 7 might be a slightly different beast though.  I like that they’re trying to correct some of the aggravations of Vista, but let’s face it they could do that to the existing product if they cared to (though they probably won’t, thereby turning Vista into abandonware).  What I do like is the fact that they’re finally cleaning up the interface and centralizing the presentation around the ‘ribbon’ which is in my opinion the best interface idea to come out of Microsoft EVER.