EXERCISE 3
Testing the Configuration
In this exercise, you test the results of implementing the new GPO that you created in the last exercise.
1. After Computer1 has finished restarting, log on to the domain from Computer1 as a domain administrator.
2. Open your Downloads folder, and then double-click SharedView.msi.
3. If an Open File-Security Warning message box appears and asks if you want to run the file, click Run.
4. A Windows Installer warning message appears, indicating that the system administrator has set policies to prevent this installation.
5. Click OK to close the message.
6. Return to DC1. In the Group Policy Management console tree, locate the GPO named AppLocker Block SharedView.msi.
7. Right-click the AppLocker Block SharedView.msi GPO, and clear Link Enabled on the shortcut menu. This step effectively disables the policy.
8. Log off both computers.
Lesson Summary
■ The successful installation of software depends on many requirements. These requirements include local administrator privileges, Windows 7 compatibility, proper installation settings, and other factors. To troubleshoot problems with an installation, you should verify that all of these requirements are met.
■ A Windows Installer program can also be blocked by SRP or AppLocker.
■ AppLocker is an improved version of SRP that is new to Windows 7 and Windows Server 2008 R2. Improvements in AppLocker include the publisher rule condition, the ability to assign rules to specific users and groups, and audit-only mode.
Lesson Review
You can use the following questions to test your knowledge of the information in Lesson 1, “Understanding and Resolving Installation Failures.” The questions are also available on the companion CD if you prefer to review them in electronic form.
NOTE
ANSWERS
Answers to these questions and explanations of why each answer choice is correct or incorrect are located in the “Answers” section at the end of the book.
1. You work for Fabrikam, Inc., a firm whose network consists of a single Active Directory Domain Services (AD DS) domain. Fabrikam’s development team periodically tests new software tools for various departments. Recently the team has been testing a tool created by another company, a new partner named Contoso.com. Whenever authorized users attempt to install the program, however, they receive a warning informing them that the program is from an unknown publisher.
You want to allow authorized users to install applications made by Contoso without receiving a warning. What should you do?
A. Ensure that all authorized users are administrators of the computers on which they are installing the software.
B. Provide authorized users with the credentials of a domain administrator and instruct them to provide these credentials at the User Account Control prompt when they attempt to install the software.
C. Use Group Policy to deploy the public certificate provided with the software to the Trusted Publishers certificate store on all required computers.
D. Use Group Policy to deploy the root certificate for Contoso.com to the Trusted Root Certification Authorities certificate store on all required computers.
2. You want to use AppLocker to prevent users from running a file named NewApp.msi for versions 7.0 and earlier. You have already created the default rules. How can you achieve this objective?
A. Create a new Executable rule with the Publisher rule condition.
B. Create a new Executable rule with the File Hash rule condition.
C. Create a new Windows Installer rule with the Publisher rule condition.
D. Create a new Windows Installer rule with the File Hash rule condition.
Lesson 2: Resolving Software Configuration and Compatibility Issues
If a program that fails is known to be compatible with Windows 7, the failure is typically the result of a faulty configuration. In this case, resolving the issue requires you to review the program settings to pinpoint the configuration error causing the problems experienced. If on the other hand a program that fails is not fully compatible with Windows 7, you can often resolve the issue by adjusting compatibility settings or finding an alternate host for the application.
After this lesson, you will be able to:
■ Understand strategies and features used to resolve software configuration errors.
■ Understand the features in Windows 7 that are most likely to create an application compatibility problem.
■ Configure an application to run with settings compatible with an older version of Windows.
■ Understand Group Policy settings that can affect compatibility handling and reporting.
Estimated lesson time: 30 minutes
Resolving Software Configuration Issues
Installed applications that have been working properly sometimes malfunction or fail unexpectedly for an unknown reason. Application errors such as these often result from changes in configuration settings that are specific to the application, but there are some general guidelines that can help you in your efforts to resolve these issues.
The following list includes general strategies and features to use in troubleshooting software configuration problems.
■ Review application settings If an application suddenly fails, it is often the result of a configuration change. If you can open the application, proceed systematically through the available menus and configuration areas of the interface to see if any settings have been set improperly. If an application relies on a database or specific type of file (such as Microsoft Outlook, which relies on .pst files), then make sure that the database or file in question is accessible and not corrupted. If the application relies on a network resource, check network settings and ensure that the network resource is both accessible and available. During this phase of troubleshooting, you should also perform research on the Web about the issue experienced and contact the application manufacturer if necessary.
■ Using Event Viewer As part of your troubleshooting process, you should use Event Viewer to find error messages related to the application you are troubleshooting. Event Viewer can help you determine when errors related to the application started appearing and ultimately help you determine the cause of failure. Pay special attention to the Application log and any logs that are specific to the application in question. Use the Filter Current Log function to locate only Critical, Warning, and Error messages. If you find errors that seem relevant, perform Web searches on these errors to learn more about them if necessary.
■ Using Event Forwarding Troubleshooting a network-wide application issue might require you to review logs on multiple computers. To simplify this procedure, you can use Event Forwarding, a feature in which multiple computers are configured to forward a particular event to a collecting computer. Using the Event Forwarding feature requires that you configure both the forwarding computers, called the source computers, and the collecting computer, called the collector. To configure event forwarding, perform the following steps:
1. On each source computer, type the following at an elevated command prompt:
winrm quickconfig
2. On the collector computer, type the following at an elevated command prompt:
wecutil qc
3. Add the computer account of the collector computer to the local Administrators group on each of the source computers.
4. In Event Viewer on the collector computer, choose Create Subscription, and then follow the prompts to specify both the event you want to collect and the source computers on which you want to collect them.
NOTE
EVENT FORWARDING REQUIRES CERTAIN SERVICES TO BE RUNNING Event forwarding depends on the Windows Remote Management (WinRM) service and the Windows Event Collector (Wecsvc) service. Both of these services must be running on computers participating in the forwarding and collecting process.
■ System Restore An application can fail because of changes to the operating system. If an application stops functioning after you install an update or make a system change, consider using the System Restore feature to revert the computer’s configuration to a time when the application functioned properly. Although this feature does not remove or change user files such as documents or e-mail, it will remove any applications, updates, or system changes that have occurred since the system restore point.
NOTE
OPENING SYSTEM RESTORE
To start the System Restore Wizard, click Start, type system restore, and then press Enter.
SEERVICES
■ Repairing or reinstalling software If software stops functioning but you cannot revert to an earlier state manually or automatically, you should attempt to repair the software in question. A repair option, if available, essentially reinstalls the application while preserving user files and settings for that application. If no such repair option is available, you can back up the user files and simply reinstall the software. To perform a fresh installation, you might need to uninstall the software first.
■ Restoring from backup If a critical application fails but you cannot repair it by using any of the methods listed previously, you should restore the entire system from a backup of the last functioning version of the computer. Before doing so, be sure to perform a backup of the user’s personal files and folders.
Understanding Application Compatibility
Each release of Windows includes new features and capabilities that affect how applications run. Before making adjustments to improve application compatibility, you should gain some understanding of the particular features in Windows 7 that are most likely to cause application compatibility problems. These particular features can generally be classified as security enhancements and operating system changes.
Security Enhancements Affecting Application Compatibility
Many organizations deploying Windows 7 will be replacing Windows XP on their clients, not Windows Vista. Compared to Windows XP, the Windows 7 environment offers a number of important security-related enhancements. The following security features are the ones most likely to lead to compatibility problems with third-party applications:
■ User Account Control Introduced in Windows Vista, User Account Control (UAC) separates standard user privileges from administrator privileges in a way that helps reduce the effect of malware, unauthorized software installation, and unapproved system changes. If you are logged on as an administrator, UAC by default prompts you to confirm some tasks that you want to perform that require administrator privileges. If you are logged on as a standard user and attempt to perform a task that requires administrator privileges, UAC gives you an opportunity to enter administrator credentials instead of denying you the right to perform the task outright. UAC can introduce problems in applications that are not compliant with this technology enhancement. For this reason, it is important to test applications with UAC enabled before you deploy them.
■ Windows Resource Protection (also called File and Registry Virtualization) Windows Resource Protection is a feature in Windows Vista and Windows 7 that intercepts any application requests to write to protected system files or registry locations and then redirects these requests to safe and temporary locations. Although most applications can handle this redirection without generating an error, some applications require full access to the protected areas and cannot handle the redirection process.
■ Internet Explorer Protected Mode Protected Mode is a feature of Windows Internet Explorer 8 that protects computers from malware by restricting the browser’s access within the registry and file system. Although Protected Mode helps maintain the integrity of client computers, it can affect the proper operation of older applications, ActiveX controls, and other script code.
■ Operating system and Internet Explorer versioning Many applications check the version of the operating system and behave differently or fail to run when an unexpected version number is detected. You can resolve this issue by setting appropriate compatibility modes or applying versioning shims (application-compatibility fixes).
Operating System Changes Affecting Application Compatibility
Of the many operating system changes introduced by Windows 7, the following features are most likely to lead to application compatibility difficulties:
■ New system Application Programming Interfaces (APIs)
APIs expose layers of the Windows 7 operating system differently than they did in previous versions of Windows. Antivirus and firewall software are examples of applications that rely on these new APIs to monitor and protect Windows 7. Applications that relied on outdated APIs will need to be upgraded or replaced for Windows 7.
■ Windows 7 64-bit
Neither 16-bit applications nor 32-bit drivers are supported in the Windows 7 64-bit environment. The automatic registry and system file redirection that allows some older applications to function in the 32-bit version of Windows 7 are not available for the 64-bit environment. For these reasons, new 64-bit applications must comply fully with Windows 7 application standards.
■ Operating system version
Many older applications check for a specific version of Windows and stop responding when they fail to find this specific version. Features built into Windows 7 such as the Program Compatibility Assistant (discussed in the next section) can usually resolve this type of issue automatically.
■ New folder locations
User folders, My Documents folders, and folders with localization have changed since Windows XP. Applications with hard-coded paths may fail.
Using Windows 7 Built-in Compatibility Tools
Although you should perform extensive application compatibility testing before you deploy Windows 7, compatibility problems may unexpectedly appear or persist after deployment. To help you improve the compatibility of older programs after deployment, Windows 7 provides three tools: the Program Compatibility Assistant (PCA), the Program Compatibility Troubleshooter, and the Compatibility tab in a program’s Properties dialog box.
■ PCA The PCA is a tool that automatically appears when Windows 7 detects known compatibility issues in older programs. When it does appear, the PCA can offer to fix the problem. For example, the PCA can resolve conflicts with UAC, or it can run the program in a mode that simulates earlier versions of Windows. If you agree to the changes PCA proposes, these changes are then performed automatically. Alternatively, if the compatibility issue detected is serious, the PCA can warn you or block the program from running. When the PCA recognizes a problem but cannot offer a fix, it will give you an option to check online for possible solutions, as shown in Figure 9-10.
FIGURE 9-10 The PCA triggers a message when a program incompatibility is found.
■ Program Compatibility Troubleshooter The Program Compatibility Troubleshooter is a Control Panel program that you can use to configure the compatibility settings for an older program if you notice that the program is not running smoothly. For example, you can configure the program to run in a simulated environment of a previous version
of Windows, to run with specific display settings, or to run with Administrator privileges. To start the wizard, in Control Panel, first click Programs, and then, in the Programs and Features category, click Run Programs Made For Previous Versions Of Windows. You can also start the Program Compatibility Troubleshooter by right-clicking an application and selecting Troubleshoot Compatibility from the shortcut menu, as shown in Figure 9-11.
FIGURE 9-11 Launching the Program Compatibility Troubleshooter
A page of the Program Compatibility Troubleshooter is shown in Figure 9-12.
FIGURE 9-12 The Program Compatibility Troubleshooter
■ Compatibility Tab As an alternative to running the Program Compatibility Troubleshooter, you can simply configure compatibility settings on the Compatibility
tab within the Properties sheet of any given program. The options provided on this tab are the same as those you can configure through the Program Compatibility Troubleshooter. The Compatibility Tab is shown in Figure 9-13.
FIGURE 9-13 The Compatibility tab of an application
Note that adjusting the compatibility settings of a program does not always fix the problem. If issues persist, you should attempt alternate hosting or obtain an updated version of the program.
Alternate Hosting for Application Compatibility
In some cases, your organization will need to support an application whose compatibility issues with Windows 7 cannot be resolved immediately. For example, if you are running
a 64-bit version of Windows 7, you cannot run 16-bit applications by merely adjusting the compatibility settings of the program. Until a newer, more compatible version of the application appears (or until your organization finds an alternate application), you must find a temporary fix for the application compatibility problem. The most common emporary fix for unresolved application compatibility problems such as this is simply to run the program within the old operating system in a virtual machine, on a remote server that can be accessed through Remote Desktop, or both. The following list describes various options of hosting an older application on an older operating system:
■ Microsoft Virtual PC 2007 You can use Virtual PC to run applications that function properly only with older versions of Windows. For example, if your organization needs to support a 16-bit application within a 64-bit version of Windows 7, you can use Virtual PC 2007 to run the program within a virtual machine running a previous version of Windows. Although virtual machine software such as Virtual PC is required to run 16-bit applications in 64-bit versions of Windows 7, the use of Virtual PC need not be reserved only for this purpose. Virtual PC also lets users keep a previous version of Windows until upgraded versions of older applications are developed. Whenever you need to support an older application that does not run smoothly in Windows 7 and that cannot be upgraded, you should consider running the application inside a virtual machine.
■ Windows XP Mode Windows XP Mode is essentially a downloadable enhancement to Virtual PC that is available in Windows 7 Professional, Enterprise, and Ultimate.
Windows XP Mode also requires special virtualization technology. Specifically, Windows XP Mode requires a CPU with Intel-VT or AMD-V technology, and this technology must be enabled in the BIOS. For eligible computers, Windows XP Mode enables you to access through the Start menu in Windows 7 any applications installed in a Windows XP guest virtual machine in Virtual PC. You then interact with these applications exactly as if they were installed natively in Windows 7. Windows XP Mode also provides an enormous performance advantage: It gives the Windows XP guest operating system direct access to the system hardware, so performance is much better than it is in Virtual PC alone.
To install Windows XP Mode is easy: First download and install Virtual PC, and then download and install Windows XP Mode. You can perform both tasks from the Virtual PC Web site at http://www.microsoft.com/windows/virtual-pc/download.aspx. (Both Virtual PC and Windows XP Mode are free.)
MORE INFO
WINDOWS XP MODE
For step-by-step instructions on using Windows XP Mode, including installing and using applications, visit http://www.microsoft.com/windows/virtual-pc/support/default.aspx.
You can also view a five-minute introduction to Windows XP Mode at http://windows.microsoft.com/en-us/windows7/help/videos/using-windows-xp-mode.
■ Hyper-V on Windows Server 2008 Hyper-V is a high-performance virtualization environment available in Windows Server 2008. It allows you to create guest virtual machines with direct access to the hardware. On the virtual machines, you can install any version of Windows. If you choose to host an application on a virtual machine inside Hyper-V, clients running Windows 7 or other operating systems can then connect remotely to this application from over the network. Hyper-V requires a 64-bit processor with virtualization technology (Intel-VT or AMD-V).
■ Remote Desktop Services for Hosting Applications Hosting older applications on Remote Desktop Services lets you deliver Windows-based applications or the Windows desktop itself to virtually any computer device on your network. Clients running Windows 7 can connect to these application-hosting environments through Remote Desktop.
Quick Check
■ Which CPU technology must be available to use Windows XP Mode on a client running Windows 7?
Quick Check Answer
■ Intel-VT or AMD-V
Understanding the Application Compatibility Toolkit (ACT)
The Application Compatibility Toolkit (ACT) is a tool you can use to identify application compatibility issues before Windows 7 deployment. The following are some of the major components that make up the ACT solution:
■ Application Compatibility Manager A tool that enables you to collect and analyze your data so that you can identify any issues prior to deploying a new operating system or deploying a Windows update in your organization. You use this program heavily during the initial phases of an application migration project. Consider this tool as the primary user interface for ACT.
Q
■ Application Compatibility Toolkit Data Collector The Application Compatibility Toolkit Data Collector is distributed to each computer. It then performs scans by using compatibility evaluators. Data is collected and stored in the central compatibility database.
■ Setup Analysis Tool (SAT) The SAT automates the running of application installations while monitoring the actions taken by each application’s installer.
■ Standard User Analyzer (SUA) The SUA determines the possible issues for applications running as a standard user in Windows 7. ACT is an important tool for testing applications across a wide variety of computers and operating systems within your organization.
Configuring Application Compatibility Diagnostics Through Group Policy
Windows Server 2008 includes a set of policy options related to application compatibility diagnostics. To browse these settings in a GPO, browse to Computer configuration\Policies\ Administrative Templates\System\Troubleshooting And Diagnostics\Application Compatibility Diagnostics. The Application Compatibility Diagnostics container includes the following six policies:
■ Notify Blocked Drivers This policy setting determines whether the PCA will notify the user if drivers are blocked because of compatibility issues. If you enable this policy setting, the PCA notifies the user of blocked driver issues and provides the user with an option to check the Microsoft Web site for solutions. (This behavior is also the default behavior in Windows 7.) If you disable this policy setting, the PCA does not notify the user of blocked driver issues. Note that if this policy setting is configured as disabled, the user is not presented with solutions to blocked drivers.
■ Detect Application Failures Caused By Deprecated Windows COM Objects This policy setting determines whether the PCA will notify the user when a COM object creation failure is detected in an application. If you enable this policy setting, the PCA detects programs creating older COM objects that are removed in this version of Windows. (This behavior is also the default behavior in Windows 7.) When this failure is detected, after the program is terminated, PCA notifies the user about this problem and provides an option to check the Microsoft Web site for solutions. If you disable this policy setting, the PCA does not detect programs creating older COM objects.
■ Detect Application Failures Caused By Deprecated Windows DLLs This policy setting determines whether the PCA will notify the user when a DLL load failure is detected in an application. If you enable this policy setting, the PCA detects programs trying to load older Microsoft Windows DLLs that are removed in this version of Windows.
(This behavior is also the default behavior in Windows 7.) When this failure is detected, PCA notifies the user about this problem after the program is terminated and provides
an option to check the Microsoft Web site for solutions. If you disable this policy setting, the PCA does not detect programs trying to load older Windows DLLs.
■ Detect Application Install Failures This policy setting configures the PCA to notify the user when an application installation has failed. If you enable this policy setting, the PCA detects application installation failures and provides the user with an option to restart the installer in Windows XP compatibility mode. (This behavior is also the default behavior in Windows 7.) If you disable this policy setting, the PCA does not detect program installation failures.
■ Detect Application Installers That Need To Be Run As Administrator This policy setting determines whether the PCA will notify the user when application installations have failed because they need to be run as an administrator. If you enable this policy setting, the PCA detects such installation failures and provides the user with an option to restart the installer programs as an administrator. (This behavior is also the default behavior in Windows 7.) If you disable this policy setting, the PCA does not notify users when installer program failures have occurred for this reason.
■ Detect Applications Unable To Launch Installers Under UAC This policy setting configures the PCA to notify the user when UAC is preventing an application from launching an installer (typically an updater program). If you enable this policy setting, the PCA detects programs that fail to start installers and grants administrator privileges that allow this task to be performed the next time the program is run. (This behavior is also the default behavior in Windows 7.) If you disable this policy setting, the PCA does not detect pplications that fail to launch installers run under UAC.
EXAM TIP
You need to understand these application compatibility diagnostics Group Policy settings for the 70-685 exam.
PRACTICE Configuring Application Compatibility Diagnostics
In this exercise, you configure application compatibility settings in Group Policy.
EXERCISE Creating a Policy for Application Compatibility Settings
In this exercise, you create a new GPO named Application Compatibility Diagnostics Policy. In the GPO, you enable two settings that enable particular behaviors in the PCA.
1. Log on to the domain controller as a domain administrator.
2. Click Start, type Group Policy Management, and then click OK. The Group Policy Management console opens.
3. In the Group Policy Management console tree, expand Forest: nwtraders.msft and then Domains.
4. Beneath the Domains container, select and right-click the Nwtraders.msft icon, and then click the option to Create A GPO In This Domain, And Link It Here. The New GPO
dialog box opens.
5. In the New GPO dialog box, type Application Compatibility Diagnostics Policy, and then click OK.
6. In the Details pane of the Group Policy Management console, ensure that the Linked Group Policy Objects tab is selected. Then, in the list of GPOs, right-click Application
Compatibility Diagnostics Policy, and then click Edit. A Group Policy Management Editor window opens.
7. In the console tree of the Group Policy Management Editor, navigate to Computer Configuration\Policies\Administrative Templates\System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics.
8. In the details pane of the Group Policy Management Editor, double-click the policy named Detect Application Failures Caused By Deprecated Windows DLLs. The
associated policy setting Properties dialog box opens.
9. Read the description of the policy setting. Note that the Diagnostic Policy Service and the Program Compatibility Assistant Service must be running on Windows 7 for
the Program Compatibility Assistant to execute. These services run by default on domain-joined computers running Windows 7.
10. Click Enabled.
11. In the Scenario Execution Level drop-down list box, ensure that Detection, Troubleshooting, And Resolution is selected.
12. Click OK. In the details pane of the Group Policy Management Editor, the policy setting should now appear as Enabled.
13. In the details pane of the Group Policy Management Editor, double-click the policy setting named Detect Application Install Failures. The associated policy setting
Properties dialog box opens.
14. Read the description of the policy setting, and then click Enabled.
15. Click OK. In the details pane of the Group Policy Management Editor, the policy setting should now appear as Enabled.
16. Close all open windows.
Lesson Summary
■ If an application malfunctions after it has been working correctly, the problem is usually a result of a configuration error or a system change. To discover or undo the
error, you should use a variety of strategies, such as reviewing application settings, reviewing event logs, using System Restore, repairing or reinstalling the application,
and restoring the system from backup.
■ Each new release of Windows introduces features that affect the functionality of programs written for earlier operating systems. With Windows 7, the features most
likely to affect application compatibility include UAC, Windows Resource Protection, and new system APIs.
■ Windows 7 includes tools that help detect and mitigate compatibility problems for older applications. The PCA automatically appears when Windows 7 detects known
compatibility issues. The Program Compatibility Troubleshooter is a wizard that enables you to run an older program with settings used in a previous version of Windows. You can configure these same compatibility settings on the Compatibility Tab of the program.
■ If you need to support an application that is not compatible with Windows 7, you can run the program in a compatible operating system within a virtual machine.
Alternatively, you can use a Remote Desktop connection to a computer running the application and a compatible operating system.
■ Windows 7 includes several Group Policy settings that allow you to determine how the PCA will diagnose and troubleshoot application compatibility problems.
Lesson Review
You can use the following questions to test your knowledge of the information in Lesson 2, “Resolving Software Configuration and Compatibility Issues.” The questions are also available on the companion CD if you prefer to review them in electronic form.
NOTE
ANSWERS
Answers to these questions and explanations of why each answer choice is correct or incorrect are located in the “Answers” section at the end of the book.
1. You receive a call from the help desk about a user who is experiencing problems with an application on a computer running Windows 7. The application was functioning
well until the user installed an optional update to Windows. She has made no other changes to the system since. Now, however, she is unable to start the application. Unfortunately, neither she nor the help desk staff has been able to return the application to its original functioning state. Which of the following steps should you take to solve the problem?
A. Use the System Restore feature to return the computer to the point in time just before the user installed the optional update to Windows.
B. Restore her user files from the latest backup.
C. Configure Event Forwarding to forward messages in the application log to your computer.
D. Uninstall and reinstall the application.
2. After upgrading the client computers in your organization from Windows XP to Windows Vista, you discover that a certain application installs without error but no longer runs properly in the new operating system. How can you ensure that users will receive any possible notifications telling them why the application has failed?
A. In Group Policy, enable the Detect Application Failures Caused By Deprecated Windows DLLs Or COM Objects policy.
B. In Group Policy, enable the Notify Blocked Drivers policy.
C. In Group Policy, enable the Detect Application Install Failures policy.
D. In Group Policy, enable the Detect Application Installers That Need To Be Run As Administrator policy.
3. Which of the following applications is least likely to run on the 32-bit version of Windows 7 without a software update?
A. A 16-bit application written for Microsoft Windows 2000
B. A 32-bit application written for Windows XP that requires administrative privileges to run properly
C. An application written for Windows 2000 that writes to a protected area of the registry
D. An application written for Windows XP that writes to protected system files
Chapter Review
To further practice and reinforce the skills you learned in this chapter, you can perform the following tasks:
■ Review the chapter summary.
■ Review the list of key terms introduced in this chapter.
■ Complete the case scenarios. These scenarios set up real-world situations involving the topics of this chapter and ask you to create a solution.
■ Complete the suggested practices.
■ Take a practice test.
Chapter Summary
■ To troubleshoot installation issues, verify administrator rights, Windows 7 compatibility, installation settings, application constraints and dependencies, resource availability,
and any policy restrictions set in SRP or AppLocker.
■ Applications can fail because of an improper configuration or because of a fundamental compatibility issue with Windows 7. For configuration issues, first attempt to identify and fix the problem manually, but if necessary, you can use System Restore, software repair, or system backups to resolve the issue. For compatibility issues, you can modify the program's compatibility settings, find a remote or virtual older host for the application, or simply upgrade your software to a newer version that is compatible with Windows 7.
Key Terms
Do you know what these key terms mean? You can check your answers by looking up the terms in the glossary at the end of the book.
■ Event Forwarding A feature in which multiple source computers on a network are configured to forward particular events to a single collector computer.
■ Windows Resource Protection A feature of Windows Vista and Windows 7 in which requests by programs to write to protected areas of the operating system are intercepted and redirected to safe areas.
■ Windows XP Mode In Windows 7, a downloadable enhancement to Virtual PC in which you can access and interact with programs transparently in a guest Windows XP virtual machine. Windows XP Mode requires a CPU with Intel-VT or AMD-V technology.
Case Scenarios
In the following case scenarios, you apply what you’ve learned about protecting client systems. You can find answers to these questions in the “Answers” section at the end of this
book.
Case Scenario 1: Restricting Software with AppLocker You work as an enterprise support technician in a large company whose network consists of a single AD DS domain. All the clients in the company are running Windows 7, and all the domain controllers are running Windows Server 2008 R2.
You want to use AppLocker to allow users to run Windows Installer programs from Microsoft. You also want to prevent them from running Windows Installer programs from
other companies. You begin by creating a new GPO and linking it to the domain.
With this scenario in mind, answer the following questions:
1. You are creating a Windows Installer rule in the new GPO. What kind of rule condition should you specify if you want to allow Windows Installer programs from Microsoft to
be run?
2. You successfully create a Windows Installer rule that allows everyone to run .msi files from Microsoft. You have not created any default rules. If the GPO is enforced without
making further changes, will users be able to run Windows Installer programs created by other companies? Why or why not?
Case Scenario 2: Configuring Application Compatibility Settings
You work as an enterprise support technician for Contoso, Inc. The Contoso network includes 20 computers running Windows Server 2008 R2, 150 client computers running Windows XP Professional, and 100 client computers on which Windows 7 Professional has been installed recently.
You currently are handling issues related to application compatibility on the clients running Windows 7.
With this scenario in mind, answer the following questions:
1. A certain application used infrequently by the Advertising department was written for Windows XP. Users report that the application is unstable in Windows 7. Assuming
that no updates for the application are yet available, what is the first remedy that you should investigate?
2. Users report that sometimes applications fail to install, but that they receive no notification about the failure. What can you do to ensure that users receive notification
when applications fail to install?
Suggested Practices
To help you master the exam objectives presented in this chapter, complete the following tasks.
Identify and Resolve New Software Installation Issues
Perform the following activities to learn to resolve common installation issues:
■ Practice 1 Attempt to install on Windows 7 an older program that was written for Windows XP or Windows 2000. If the installation fails, run the installation as
an administrator and see if it succeeds.
■ Practice 2 In a test domain, obtain a certificate from a third-party software publisher. Use Group Policy to deploy that certificate to the Trusted Publishers certificate store on all clients in the domain.
Identify and Resolve Software Configuration Issues
Perform the following activity to learn to troubleshoot many computers on a network:
■ Practice 1 In a test domain, enable Event Forwarding on multiple source computers. Enable Event Forwarding on the collector computer, and then specify a common error to collect in order to test the results.
Identify Cause of and Resolve Software Failure Issues
Perform the following activity to learn one way to resolve an application compatibility issue:
■ Practice 1 On a computer whose CPU includes Intel-VT or AMD-V technology, enable that feature in the BIOS. Then, download and install Virtual PC, and then download and install Windows XP Mode. Use Windows XP Mode to access applications installed in a virtual machine from the Start menu of Windows 7.
Take a Practice Test
The practice tests on this book’s companion CD offer many options. For example, you can test yourself on just one exam objective, or you can test yourself on all the 70-685 certification exam content. You can set up the test so that it closely simulates the experience of taking a certification exam, or you can set it up in study mode so that you can look at the correct answers and explanations after you answer each question.
MORE INFO
PRACTICE TESTS
For details about all the practice test options available, see the section entitled “How to Use the Practice Tests,” in the Introduction to this book.