Logo
PREGNANCY
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
 
 
Windows Vista

Support Deployed Applications

3/19/2011 4:25:55 PM
Supporting deployed applications involves ensuring the functionality of applications in use while rolling out a brand new operating system. Sounds like the perfect description for a daunting task. This article looks at some of the ways you can continue to use legacy applications in addition to rolling out new applications that might need a tweak or two to be able to work with Windows Vista. It also reviews a few old issues that might be around when you are using DOS applications. Yes, some folks still feel compelled to ask questions about those older applications developed in the prehistoric days of LAN networks.

Supporting Printing

Windows Vista comes packaged with a new print management console. Most people are familiar with the printer utility within Control Panel. With this utility, you can add printers, select a printer to manage and view documents within the print queue, and manage print server properties. The newer Print Management console of Windows Vista performs all these same management services within a more inviting management interface. Along with standard printer management, the newer console can filter for printers with certain features, error conditions, location information, queue status, driver names, and various other characteristics. Figure 1 displays the new Print Management console.

Figure 1. The Print Management console of Windows Vista.

A new node object listed in this console is Deployed Printers. Through this node, you are able to view all printers that have been deployed on the local Windows Vista workstation through Group Policy. New to Windows Server 2003 R2 is the capability to deploy printers using the new Deploy Printers node in a Group Policy Object (GPO). Figure 2 shows the new Deployed Printers node in a GPO.

Figure 2. Deploying a printer with Group Policy.

You can deploy printers through either the User Configuration or Computer Configuration in Group Policy.

Alert

A printer should be deployed through the User Configuration of Group Policy if the same user requires access to the printer regardless of the desktop in use. Likewise, a printer should be deployed through the Computer Configuration of Group Policy if the printer should be available to any user of a computer where the policy is assigned.


One final aspect to look at regards printer usage to support legacy application access to printers. Many corporations invested heavily in their DOS-based applications that still provide a viable service to them. Applications developed in the early days of LAN networking required a network mapping to a physical device port in order for the application to use a network printer on DOS and Windows 95 desktops. These applications require legacy access methods to network printers. Using the net command, you can map the network printer to a physical device port such as an LPT printer port. When you use the net command that follows, the printer shared as hplaserj on the print server main is mapped to the lpt1 printer port:

Net use lpt1: \\main\hplaserj

This mapping allows the DOS-based application to use the local LPT port. You can use this logical mapping on each of the available LPT ports on a Windows Vista computer.

Supporting Legacy Applications with Virtual Machines

The section discusses a modern way of dealing with legacy applications. Legacy applications are most comfortable running in the operating system environment for which they were programmed. With virtual machines (VMs), you now have any previous operating system at your disposal. Virtual machines loaded with a guest operating system to match the needs of a legacy application solve many compatibility problems.

Microsoft’s offering for running VMs on Windows Vista is Microsoft Virtual PC 2007. This release of Virtual PC enables the use of Windows Vista as the host operating system as well as a candidate to be a guest operating system. The host manages the virtual machines that operate on the computer. The guest operating system references the virtual machine’s use of a particular operating system within the virtual machine.

Alert

With Virtual PC 2007, you do not need to fritter away valuable time testing compatibility settings within Windows Vista to enable the use of a legacy application. Rolling out Virtual PC 2007 onto user desktops enables the deployment of legacy applications in VMs that run the appropriate operating system to match the required needs of those legacy applications.


Securing Application Data

Securing data, whether it is stored or being transported, is top on the list of concerns of most IT security professionals.

  • Data stored on a Microsoft Windows NTFS partition can be stored securely using the Encrypting File System (EFS).

  • Data communication between a combination of any two Microsoft Windows computers running Windows 2000, Windows XP, Windows Server 2003, or Windows Vista operating systems can secure that communication with IPSec.

  • HTTP traffic can be secured using Secure Sockets Layer (SSL).

  • Remote Desktop connections can be encrypted with the inherent security settings of a remote desktop connection.

  • Virtual Private Network (VPN) communication can be secured using either the PPTP or L2TP protocols.

Deploying Applications

Applications deployed through Group Policy can be deployed per user or per computer. Applications deployed per user can utilize Group Policy to either assign or publish those applications. Applications deployed per computer can be assigned only to a computer. When you are troubleshooting applications deployed through Group Policy, understanding these methods is important. In addition, several other policies can be implemented to secure the deployment of the applications, secure the deployed applications, and restrict users from running unauthorized applications.

Troubleshooting Published Applications

Recall that applications published to a user are essentially advertised as being available either through an icon displayed on the desktop, in the taskbar, or in the program folder off the Start menu. In addition, users can initialize installation of published applications by clicking on a document with an extension associated to the newly published application. Ensure users to whom the application was published have appropriate permissions to access the software distribution point to perform the installation. Usually, the Share permission Read and the NTFS permissions Read and Execute are sufficient.

Troubleshooting Assigned Applications

Applications assigned to computers are installed prior to the user logon after the operating system has been fully started and Group Policy has been deployed to the computer. Applications assigned to users are installed upon logon and execution of Group Policy to the user. Application extensions can be associated to the newly deployed application by Group Policy or the software installation process. Once again, the users or computers require the necessary permission to run the installation from the software distribution point.

Troubleshooting Deployed Applications

Because applications have been written for various Windows platforms, older applications often write data and temporarily cache files to locations that Windows Vista no longer allows by default. Another issue is that the application caches application installation information in the user’s profile, including the transform files used to modify an application during installation. With any of these preceding issues, allowing application data to be written to secure locations, application transform files to be saved and used from a user’s profile, or temporary variables to be written to locations that are inappropriate creates unnecessary security issues for you.

Instead of opening security holes inside Windows Vista, Microsoft has created a few workarounds to ensure security of the Windows Vista operating system and allow the applications to run or install and be modified appropriately sometime later.

The application transform files are used by the Windows installer to modify an application installation. These files are installed by default in the Application Data folder of the user’s profile so that these files are available to the user when the application is modified or removed. If these files require secure access so as to disallow a user from making modifications to these files inappropriately, you can configure the Windows installer to cache the transform files in a secure location on the user’s computer but not in the user’s profile. The policy to enable this feature is found within the Administrative Templates of the Computer configuration for a Group Policy at Computer Configuration > Administrative Templates > Windows Components > Windows Installer.

The user would have to be using the same computer where the application was installed and, if necessary, have access to any remote media used to run the original installation to ensure any modification, reinstallation, or proper removal of the application from the computer because the cache transforms are not available in the user’s profile.

If a user is running an older application that was successfully deployed but requires access to locations that are not allowed by Windows Vista for a Standard user account, another policy setting may help out here. The UAC Group Policy User Account Control: Virtualize File and Registry Write Failures to Per-User Locations option in the local security policy allows the application to run without errors by redirecting application output to locations acceptable for a standard user.

Another common issue is the use of the System variable %WINDIR%\TEMP or User Profile variable %USERPROFILE%\AppData\Local\Temp for temporary application output on drives with low disk space. These folders are usually located on the boot partition or folder locations on the C: drive. If this drive is running low in disk space and another drive is installed and formatted, you can edit the Temp or TMP variables as shown in Figure 3.

Figure 3. Editing system and user variables.

You can edit these variables if you are the local administrator. You can locate them inside the Advanced system settings by following Control Panel > System and Maintenance > System > Advanced System Settings > Environment Variables.

Finally, if remote users require the ability to install applications uninhibited on their computers, allowing them access to the local administrator’s account would resolve this problem. There are many ways to tweak the Registry through Group Policy, disabling most of the nuisances that User Account Control may create, but ultimately some applications just require local administrator access for successful installation.

Other -----------------
- Configure Network Security (part 2 ) - Windows Firewall
- Configure Network Security (part1 ) - Secure Files and Printer Shares with Access Control Lists (ACLs)
- Configure and Troubleshoot Remote Access (part 2) - Troubleshooting Windows Vista Remote Access Connections
- Configure and Troubleshoot Remote Access (part 1) - Remote Client Access Connections
- Configure and Troubleshoot Wireless Networking (part 3) - Troubleshooting Wireless Connections
- Configure and Troubleshoot Wireless Networking (part 2) - Wireless Security
- Configure and Troubleshoot Wireless Networking (part 1) - Managing Wireless Connectivity in the Enterprise
- Troubleshoot Resource Access and Connectivity Issues (part 2)
- Troubleshoot Resource Access and Connectivity Issues (part 1) - Troubleshooting TCP/IP Configuration
- Configure and Troubleshoot Network Services at the Client Level
- Configure and Troubleshoot Network Protocols (part 3) - Configuring TCP/IP Version 6
- Configure and Troubleshoot Network Protocols (part 2) - WINS & NAT
- Configure and Troubleshoot Network Protocols (part 1) - Configuring Internet Protocol Version 4
- Reliability and Performance Monitor
- Event Viewer and Event Forwarding
- Scheduling Tasks
- Troubleshooting Policy Settings
- Group Policy Settings (part 5) - Point and Print Restrictions & Digital Certificates and Authenticode
- Group Policy Settings (part 4) - The Audit Policy
- Group Policy Settings (part 3) - Managing Device Installation
 
 
Most view of day
- Windows Phone 8 : Configuring Basic Device Settings - Date and Time (part 1) - Setting the Date and Time
- Microsoft Access 2010 : Enhancing the Queries That You Build - Everything You Need to Know About Query Basics
- Microsoft SharePoint 2013 : Working with Visio Services - Designing dashboards - Data linking (part 1) - Obtaining external data
- SharePoint 2010 : Farm Governance - Configuring Resource Throttling
- Sharepoint 2013 : Get to a Site’s Permission Management Page (part 2) - Check What Permissions a User or a Group Has on a Site
- Leveraging the SharePoint Workspace : Leveraging the SharePoint Workspace, View Your List and Display Form Offline
- Games and Windows 7 : Using the Games Explorer (part 3) - Rating Your System's Performance
- Microsoft Dynamic GP 2010 : Protecting Dynamics GP with key security settings
- Maintaining Security : Maintaining High Security, Setting Internet Explorer Security
- Microsoft Visio 2010 : Working with Data - Creating Reports (part 3) - Using Reports with Other Documents
Top 10
- Windows Server 2012 : Configuring IPsec (part 7) - Configuring connection security rules - Monitoring IPsec
- Windows Server 2012 : Configuring IPsec (part 6) - Configuring connection security rules - Creating a custom rule, Configuring authenticated bypass
- Windows Server 2012 : Configuring IPsec (part 5) - Configuring connection security rules - Creating an authentication exemption rule, Creating a server-to-server rule, Creating a tunnel rule
- Windows Server 2012 : Configuring IPsec (part 4) - Configuring connection security rules - Types of connection security rules, Creating an isolation rule
- Windows Server 2012 : Configuring IPsec (part 3) - Configuring IPsec settings - Customizing IPsec tunnel authorizations, Configuring IPsec settings using Windows PowerShell
- Windows Server 2012 : Configuring IPsec (part 2) - Configuring IPsec settings - Customizing IPsec defaults
- Windows Server 2012 : Configuring IPsec (part 1) - Understanding connection security
- Microsoft Project 2010 : Linking Tasks (part 8) - Auditing Task Links,Using the Task Inspector
- Microsoft Project 2010 : Linking Tasks (part 7) - Creating Links by Using the Mouse,Working with Automatic Linking Options
- Microsoft Project 2010 : Linking Tasks (part 6) - Creating Links by Using the Entry Table
 
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro