Elyasse Elyacoubi's Weblog

System Center Endpoint Protection 2012 on Configuration Manager 2007?

Elyasse Elyacoubi — Wed, 22 Aug 2012 19:31:36 GMT

I saw some questions circulating around whether System Center Endpoint Protection 2012 is supported System Center Configuration Manager (SCCM) 2007. The short answer is no. SCEP 2012 is integrated into Configuration Manager 2012. Only Forefront Endpoint Protection 2010 is supported on Config Manager 2007.

Microsoft Endpoint Protection for Windows Azure Customer Technology Preview is now available for free download

Elyasse Elyacoubi — Fri, 16 Mar 2012 17:05:00 GMT

Today we released the customer technology preview of Microsoft Endpoint Protection (MEP) for Windows Azure, a plugin that allows Windows Azure developers and administrators to include antimalware protection in their Windows Azure VMs. The package is installed as an extension on top of Windows Azure SDK. After installing the MEP for Windows Azure CTP, you can enable antimalware protection on your Windows Azure VMs by simply importing the MEP antimalware module into your roles' definition:

The MEP for Windows Azure can be downloaded and installed from http://www.microsoft.com/download/en/details.aspx?id=29209. Windows Azure SDK 1.6 or later is required before install.

Functionality recap

When you deploy the antimalware solution as part of your Windows Azure service, the following core functionality is enabled:

Real-time protection monitors activity on the system to detect and block malware from executing.
Scheduled scanning periodically performs targeted scanning to detect malware on the system,
including actively running malicious programs.
Malware remediation takes action on detected malware resources, such as deleting or quarantining
malicious files and cleaning up malicious registry entries.
Signature updates installs the latest protection signatures (aka “virus definitions”) to
ensure protection is up-to-date.
Active protection reports metadata about detected threats and suspicious resources to
Microsoft to ensure rapid response to the evolving threat landscape, as well as
enabling real-time signature delivery through the Dynamic Signature Service
(DSS).

Microsoft’s antimalware endpoint solutions are designed to run quietly in the background without human intervention required. Even if malware is detected, the endpoint protection agent will automatically take action to remove the detected threat. Refer to the document “Monitoring Microsoft Endpoint Protection for Windows Azure” for information on monitoring for malware-related events or VMs that get into a “bad state.”

Providing feedback

The goal of this technology preview version of Microsoft Endpoint Protection for Windows Azure is to give you a chance to evaluate this approach to providing antimalware protection to Windows Azure VMs and provide feedback. We want to hear from you! Please send any feedback to eppazurefb@microsoft.com.

How it works

Microsoft Endpoint Protection for Windows Azure includes SDK extensions to the Windows Azure Tools for Visual Studio which provides the means to configure your Windows Azure service to include endpoint protection in the specified roles. When you deploy your service, an endpoint protection installer startup task is included that runs as part of spinning up the virtual machine for a given instance. The startup task pulls down the full endpoint protection package platform components from Windows Azure Storage for the geographical region specified in the Service Configuration (.cscfg) file and installs it, applying the other configuration options specified.

Once up and running, the endpoint protection client downloads the latest protection engine and signatures from the Internet and loads them. At this point the virtual machine is up and running with antimalware protection enabled. Diagnostic information such as logs and antimalware events can be configured for persistence in Windows Azure storage for monitoring. The following diagram shows the “big pictures” of how all the pieces fit together:

Prerequisites

Before you get started, you should already have a Windows Azure account configured and have an understanding of how to deploy your service in the Windows Azure environment. You will also need Microsoft Visual Studio 2010. If you have Visual Studio 2010, the Windows Azure Tools for Visual Studio, and have written and deployed Windows Azure services, you’re ready to go.

If not, do the following:

Sign up for a Windows Azure account http://windows.azure.com
Install Visual Studio 2010 http://www.microsoft.com/visualstudio
Install Windows Azure Tools for Visual Studio http://msdn.microsoft.com/en-us/library/windowsazure/ff687127.aspx

Deployment

Once you have Visual Studio 2010 and the Windows Azure Tools installed, you’re ready to get antimalware protection up and running in your Azure VMs. To do so, follow these steps:

Install Microsoft Endpoint Protection for Windows Azure
Enable your Windows Azure service for antimalware
Optionally customize antimalware configuration options
Configure Azure Diagnostics to capture antimalware related information
Publish your service to Windows Azure

Install Microsoft Endpoint Protection for Windows Azure

Run the Microsoft Endpoint Protection for Windows Azure setup package. The package can be downloaded from the Web at http://go.microsoft.com/fwlink/?LinkID=244362.

Follow the steps in the setup wizard to install the endpoint protection components. The required files are installed in the Windows Azure SDK plugins folder. For example:

C:\Program Files\Windows Azure SDK\v1.6\bin\plugins\Antimalware

Once the components are installed, you’re ready to enable antimalware in your Windows Azure roles.

Enable your Windows Azure service for antimalware

To enable your service to include endpoint protection in
your role VMs, simply add the “Antimalware” plugin when defining the role.

In Visual Studio 2010, open the service definition file for your service (ServiceDefinition.csdef).
For each role defined in the service definition (e.g. your worker roles and web roles), update the
<imports> section to import the “Antimalware” plugin by adding the following line:

The following image shows an example of adding antimalware for the worker role “WorkerRole1” but not for the project’s Web role.

3. Save the service definition file.

In this example, the worker role instances for the project will now include endpoint protection running in each virtual machine. However the web role instances will not include antimalware protection, because the antimalware import was only specified for the worker role. The next time the service is deployed to Windows Azure, the endpoint protection startup task will run in the worker role instances and install the full endpoint protection client from Windows Azure Storage, which will then install the protection engine and signatures from the Internet. At this point the virtual machine will have active protection up and running.

Optionally customize antimalware configuration options

When you enable a role for antimalware protection, the configuration settings for the antimalware plugin are automatically added to your service configuration file (ServiceConfiguration.cscfg). The configuration settings have been pre-optimized for running in the Windows Azure environment. You do not need to change any of these settings. However, you can customize these settings if required for your particular deployment.

Default antimalware configuration added to service configuration

The following table summarizes the settings available to configure as part of the service configuration:

Setting	Options	Default	Description
ServiceLocation	East Asia North Central US North Europe South Central US Southeast Asia West Europe	South Central US	Specifies the region to download the antimalware client components from. Using the same region as your service can improve deployment time and decrease costs
EnableAntimalware	true false	true	Enables or disables endpoint protection
EnableRealtimeProtection	true false	true	Enables or disables real-time scanning, such as on-access disk scanning
EnableWeeklyScheduledScans	true false	true	Enables or disables a periodic “quick scan” for active malware on the system
DayForWeeklyScheduledScans	0 - 7	7	0 – scan daily 1 – Sunday 2 – Monday … 7 – Saturday
TimeForWeeklyScheduledScans	0 - 1440	120	Hour at which to begin the scheduled scan. Measured in 60 minute increments corresponding to the desired hour. 60 – 1:00 AM 120 – 2:00 AM … 1380 – 11:00 PM
ExcludedExtensions	extension1\|extension2	None	Pipe-delimited list of file extensions to exclude from scanning. Example: gif\|log\|txt would exclude files with the .gif, .log, or .txt extension from being scanned.
ExcludedPaths	path1\|path2	None	Pipe-delimited list of paths to files or folders to exclude from scanning. Example: e:\approot\worker.dll\|e:\approot\temp would exclude the file worker.dll in the e:\approot folder and anything under the folder e:\approot\temp from being scanned.
ExcludedProcesses	process1\|process2	None	Pipe-delimited list of process exclusions. Any file opened by an excluded process will not be scanned (the process itself will still be scanned – to exclude the process itself, use the ExcludedPaths configuration). Example: D:\Program Files\MyApp.exe would exclude any files opened by MyApp.exe from being scanned.

Updating configuration for deployed services

Windows Azure provides the ability to update a service configuration “on the fly” to a service that is already running in Windows Azure. For example on the Windows Azure Portal you can select the “Configure” option to upload a new configuration file or manually edit configuration settings for an existing deployment.

Microsoft Endpoint Protection for Windows Azure supports applying changes to a deployed service. If you change the antimalware settings in the service configuration file, you can deploy the new configuration to your running service and the antimalware related settings will update automatically.

Microsoft Endpoint Protection for Windows Azure must have already been deployed as part of service deployment. You cannot deploy or remove endpoint protection through a configuration update.

Configure Azure Diagnostics to capture antimalware related information

In order to monitor the health of your antimalware deployment, you’ll need to configure Windows Azure to pull the antimalware useful events and logs into Windows Azure storage. From there, any number of Windows Azure monitoring solutions can be used for antimalware monitoring and alerting.

Refer to the MSDN documentation for Windows Azure Diagnostics for general information:

http://msdn.microsoft.com/en-us/library/windowsazure/gg433048.aspx

Antimalware events

For antimalware events, you need to configure diagnostics to pull events from the System event log where the source is “Microsoft Antimalware.” In general you’ll want to pull Error and Warning events. See the “Monitoring Microsoft Endpoint Protection for Windows Azure” document for more
information on which events to monitor.

Here’s an example of the code you might add to the entry point for your service:

//add antimalware diagnostics

var config = DiagnosticMonitor.GetDefaultInitialConfiguration();

//exclude informational and verbose event log entries

config.WindowsEventLog.DataSources.Add("System!*[System[Provider[@Name='Microsoft Antimalware'] and (Level=1 or Level=2 or Level=3)]]");

//write to persisted storage every 1 minute

config.WindowsEventLog.ScheduledTransferPeriod = System.TimeSpan.FromMinutes(1.0);

DiagnosticMonitor.Start("Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString", config);

In this case, any antimalware errors or warnings from the System event log will be written to Windows Azure Storage every 1 minute. Use an interval that makes sense for your monitoring requirements.

You can view the raw events by looking at the WADWindowsEventLogsTable table in the storage account you configured to use with Windows Azure Diagnostics. This can be useful to validate that antimalware event collection is working. For example start with including informational events (Level=4) to validate your configuration end-to-end, then turn them off via configuration update.

Antimalware logs

In addition, the following locations include logs that may be useful if you are encountering problems getting the antimalware components up and running in your Windows Azure VMs:

%programdata%\Microsoft Endpoint Protection
includes logs for the startup task that is deployed with your Windows Azure service
%programdata%\Microsoft\Microsoft Security Client
includes logs for the installation of the endpoint protection platform components

You can configure Windows Azure diagnostics to pull these logs as well by implementing custom logging to move these logs to blob storage.
See the following documentation on MSDN for more information:

http://msdn.microsoft.com/en-us/library/windowsazure/hh411528.aspx

Publish your service to Windows Azure

The final step once you have everything configured in Visual Studio 2010 is to publish your service to Windows Azure. The roles that have antimalware configured will include the additional startup task to install and start the endpoint protection client as part of service deployment. As with any
Windows Azure service, you can package your service for deployment through the Windows Azure portal, or you can publish from within Visual Studio 2010. Either option will work with Microsoft Endpoint Protection for Windows Azure.

Once you publish your service, any roles with antimalware enabled will have the Microsoft Endpoint Protection client running within the VM.

On Windows Azure Diagnostics

Elyasse Elyacoubi — Mon, 20 Feb 2012 17:53:00 GMT

I have run across people asking about the Windows Azure Diagnostics Monitor and how it can be used or implemented. This is one of the best references on how to get jump started on using the diagnostics monitor. Enjoy :)

http://channel9.msdn.com/posts/Windows-Azure-Jump-Start-08-Windows-Azure-Diagnostics

On Russinovich's "The Case of My Mom's Broken Microsoft Security Essentials Installation"

Elyasse Elyacoubi — Tue, 24 Jan 2012 07:11:56 GMT

I read Mark's latest blog "The Case of My Mom's Broken Microsoft Security Essentials Installation", and it was an interesting (I can't say it was pleasant though) read. So the long story short is that Mark's mom bought a new PC, and she used a 3rd party software to migrate her data from her old computer to the new computer. That computer also mistakenly copied some registry settings that belong to Windows Installer's database containing entries on an an old instance of Microsoft Security Essentials she had installed on her old computer. These partly copied settings ended up corrupting the Windows Installer database. So Windows Installer thought it has already another instance of the software installed, but can't find it, nor it can find its components and other related information, leading to a wierd behavior.

This can happen to any Windows Installer based setup pogram, and not only Microsoft Security Essentials setup, but what Microsoft Security Essentials probably could do better, is provide a better is to lead the more savvy users to where it saves its diagnostics logs and information. So if Mark would have consulted the installation logs, it'd probably have been a shorter and more straight forward diagnostics journey.

The Microsoft Security Essentials setup saves its installation logs at: "%ProgramData%\Microsoft\Microsoft Security Client".

You can also download and run the Microsoft Security Support tool to collect the installation logs and relevant diagnostics information. The tool is available at: http://www.microsoft.com/download/en/details.aspx?id=13088

"Microsoft Security Support tool

The Microsoft Security Support tool gathers support data necessary to help the Microsoft Support team to resolve support issues.
Run The Microsoft Security Support tool on the problematic FEP computer (client or server).

Send the cab file that is created to the Microsoft Support team to enable them to diagnose and resolve the support issues."

Free online courses at Stanford - UC berkeley

Elyasse Elyacoubi — Tue, 24 Jan 2012 06:55:05 GMT

OK, so I ran across some nice free online classes offered at Stanford. This semeser, the university offers the following free courses:

Introduction to Databases: www.db-class.com
Introduction to Artificial Intelligence: www.ai-class.com
Machine Learning: www.ml-class.org
Software Engineering for Software as a Service: http://www.saas-class.org/ ,
Technology Entrepreneurship: http://www.venture-class.org/
Human-Computer Interaction: http://www.hci-class.org/

Some classes have open registration, and some have a registration limit (like the db class).

I hope you find these resources useful :)

Mark Russinovich on Debugging an Installer Service Failure

Elyasse Elyacoubi — Wed, 30 Nov 2011 21:30:34 GMT

A nice case study of an instance where an administrator was debuging a failure in starting windows installer service by using procmon.

Check it out at:

http://blogs.technet.com/b/markrussinovich/archive/2011/11/29/3467449.aspx

Marks's Case of Unexplained series' webinars can be found at:

http://technet.microsoft.com/en-us/sysinternals/bb963887

Why Intelligent People Fail

Elyasse Elyacoubi — Mon, 11 Oct 2010 23:40:00 GMT

I run through this great read: Why Intelligent People Fail. I personally found it inspiring and useful. A good exercise is to go through the list and grade yourself against each item and see if there are areas of improvements you want to focus on.. Here you go:

http://www.acceleratingfuture.com/michael/works/intelligentfailure.htm

Where to submit sample malware or report false positives for Microsoft Security Essentials

Elyasse Elyacoubi — Mon, 09 Aug 2010 22:14:52 GMT

If you encounter a false positive detected by Microsoft antimalware, or want to report an encountered malware sample, please go to: https://www.microsoft.com/security/portal/Submission/Submit.aspx and submit the sample. Sometimes the false positive may involve an incorrect detection related to an action on two files, the MMPC website above allows you to submit multiple files in a single submission as well.

They're here! Microsoft Security Essentials and Forefront Endpoint Protection 2010 Betas!

Elyasse Elyacoubi — Thu, 22 Jul 2010 00:22:00 GMT

The beta versions of Microsoft security products: Microsoft Security Essentials and Forefront Endpoint Protection 2010 are now available to the public. One key awsome new feature is NIS (Network Inspection System), protecting against network threats on application layer through analyzing signatures along with protocol and application definitions. A lot of other cool features are in the beta as well. FEP 2010 supports distribution and management through SCCM, as well as other existing distribution mechanisms.

You can download the betas of MSE and FEP2010 from here: http://technet.microsoft.com/en-us/evalcenter/ff182914.aspx

sc.exe on vista is misleading on services that accept SERVICE_CONTROL_PRESHUTDOWN notifications

Elyasse Elyacoubi — Fri, 16 Jul 2010 22:19:47 GMT

sc.exe has a known issue in vista where it doesn't show correctly the accepted status of services that accept new control notifications like SERVICE_CONTROL_PRESHUTDOWN. So if your service accepts SERVICE_CONTROL_PRESHUTDOWN notificaiton, and you run sc query <yourservicename>, you will see on its status: IGNORES_SHUTDOWN, instead of ACCEPTS_PRESHUTDOWN. This is a bug in sc.exe and does not reflect an issue with your service.

You can use EnumServicesStatusEx() API to enumerate the service statuses and see the actual list of accepted status of your service.

sc.exe on windows 7 returns the correct status.

On the chase of regsvr32 errors on windows 7

Elyasse Elyacoubi — Wed, 07 Jul 2010 07:51:21 GMT

I have seen few people hitting an error when trying to register a COM server dll on windows 7. The error reads: "The module ""%1"" may not compatible with the version of Windows that you're running. Check if the module is compatible with an x86 (32-bit) or x64 (64-bit) version of regsvr32.exe." So what is going wrong.

There could be multiple causes to this problem.

The first possible cause, as the error obviously states, is if you are running the wrong version of regsvr32 (wow vs native 64).
Another common cause is if you have Image Randomization disabled on windows 7 by setting: /DYNAMICBASE:NO, then you could hit this problem.
Another possible cause is that if your COM server links to a dll with the same name as a system dll, Regsvr32 might load the system dll instead of your custom dll, and fails consequently.

If all these do not address your problem, then you may turn to your old friend, the debugger. Just launch regsvr32 in the debugger and check why did it fail when calling the LoadLibrary.

Hope this helps.

Memory Mapped File I/O May or May not Update the File Modified Timestamp

Elyasse Elyacoubi — Sun, 18 Apr 2010 04:25:00 GMT

Let's say you are performing a write to a file using Memroy Mapped I/O, that is, using CreateFileMapping and MapViewOfFile. You might be surprised to see that the last modified timestamp on the file did not change even though you did an actual write on the file, then unmapped the view, you closed all the handles, and verified that the file has actually been modified. Yet still, its last modified time stamp remains the same. So why is that?

First, you need to close the file handle after unmapping the view. The order here is important. Because the Memory Manager only udpates the timestamps when the handle is closed. So you need to make sure that you have completed all your writes through your mapped view and then close the handle, Then the timestamp would be updated, -- or... more accurately -- may get updated.

That is right, even with closing the handles in the proper order, you can't always bet that the time will be modified correclty. The behavior in this scenario is still unpredictable. The reason? The Memory Manager writes data at a time that it chooses, the process itself does not control when that happens. So when you close the handle, the data might still be living in cache, and the filesystem still doesn't see it yet. So it still thinks that no writes or modifications have been been performed yet, and as a consequence it woundn't update the timestamp. Another possibility is that if there was another process before yours that cached or mapped the file first, then the Memory Manager will use its handle to do all the writes, and will only update the timestamp when that handle is closed.

So if you really want to make sure that the last modified timestamp is updated during a mapped file I/O, then your best bet would be to call SetFileToCurrentTime to set the last modified time explicitely. Or you can do one write through the filesystem after you are done with your modification, which will update the last modified time.

Making Windows Installer Dialogs Display on RTL Languages

Elyasse Elyacoubi — Wed, 14 Apr 2010 19:55:00 GMT

If have a windows installer package in an RTL language, like Arabic or Hebrew, and you want your dialogs to show right to left, you need to set the following properties to ensure that all dialogs and text show properly from right to left:

Set the ProductLangae property to your RTL language.
Set the CodePage to the codepage of the RTL language (ie. 1256)
Set the language field in the Summary Info field to the RTL language (ie. 1256)

Forefront Client Security code name "Stirling" now has an official name

Elyasse Elyacoubi — Fri, 04 Sep 2009 22:33:00 GMT

The next release of forefront client security, code name "stirling" has now a new name: Forefront Endpoint Protection 2010. The security management pieces are named: Forefront Protection Manager. This is an exciting suite of integrated entreprise security solution that spans endpoints, servers, and edge.

Here is a quote from the official team blog:

"Forefront codename “Stirling” - the next generation of the Forefront Security Suite for integrated, comprehensive protection across endpoints, servers and the edge – will be officially known as Forefront Protection Suite (FPS).

...

At WPC we are also announcing the following new product solution names:

· Forefront Endpoint Protection 2010 - current version is Forefront Client Security

· Forefront Protection 2010 for Exchange Server - current version is Forefront Security for Exchange Server

· Forefront Protection 2010 for SharePoint - current version is Forefront Security for SharePoint

· Forefront Online Protection for Exchange - currently called Forefront Online Security for Exchange

· Forefront Threat Management Gateway Web Security Service - the next generation of ISA Server 2006. "

Changing port of WSS TFS website.

Elyasse Elyacoubi — Wed, 15 Feb 2006 01:44:00 GMT

If you would like to setup sharepoint to use a different site than the default one (port 80) for Team Foundation Server, you can do that as follows:

1- copy msiproperty.ini from the AT or ATDT folder on the installation media (depending which one you are installing) to a local folder,

2- change the property: VSTF_WSSSQL_PORT from 80 to your desired port. And then

3- start setup.exe under the subfolder of the sku you are installing with the command line: /INIFILE=<path to your custom ini file>. for instance, if you are installing ATDT and your inifile is in c:\msiproperty.ini and your CD media is on D:\, then you do the following:

d:\atdt\setup.exe /INIFILE=msiproperty.ini

Thanks,

Elyasse

Last chance to provide us with feedback on the TFS install experience

Elyasse Elyacoubi — Tue, 14 Feb 2006 22:35:00 GMT

Dan Kershaw, a Program Manager on Team Foundation Server team, posted this note on msdn forum:

"To ensure Team Foundation Server is ready to ship, we are asking you to respond to another survey. However, this time there is an added incentive. For the first 300 respondents who install Team Foundation Server RC, complete the survey, and submit certain log files, we are offering a special token of our appreciation. For complete details, visit this site.

Update – If the setup was successful, the log files (VSMsi*) are not in the %temp% directory. They are moved to the installation directory. Also, you should probably review the log files before sending them in the event you need to expunge any information that would upset your local IT department, such as server names or IP addresses. Just replace them with X's." <End of Dan's note>

It is very important for us to hear from you so that we can assist you in having a great TFS installation and administration experience.

Setup Error 28100: Failed to load EventService proxy object: Requested registry access is not allowed.

Elyasse Elyacoubi — Tue, 14 Feb 2006 03:42:00 GMT

During TFS install, if you recieve error 28100 (Failed to load EventService proxy object: Requested registry access is not allowed.), most probably this is due to regkey left over from a previous TFS installation. TFS uses this regkey to locate registerd servers and make calls against them.

Here is the workaround to solve this problem:

1- open regedit and go to: HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\8.0\TeamFoundation\Servers

2- locate a key under servers with the name: <%YourServerName%>

3- delete this key (not only the value, yet the entire key).

4-rerun setup.

I hope this helps.

Great improvements in WSS configuration for TFS in RC

Elyasse Elyacoubi — Tue, 14 Feb 2006 03:33:00 GMT

TFS Setup have done major improvemets in the way it configures WSS. Also, we now implemented a CA that does a health check on WSS preconditions and report any issues that do not meet the TFS recommendations in clear error messages.

Sharepoint was TFS number one problem area (featured eaither during setup or in Project Creation) and I am glad to see that a great number of our customers are benefinting form a much better install experience due to these improvements.

Talking to customers and reading the blogs and forums, I saw great excitements about the major steps setup has taken to minimize the installed problems that might be caused by some WSS configurations that do not meet TFS standards.

I hope you also benefited from the WSS improvement effort, and I'm eager to hear from you your feedback on RC's install experience related to previous releases.

Thanks,

Elyasse

Hidden WSS install failure that is caught during TFS Setup

Elyasse Elyacoubi — Tue, 14 Feb 2006 03:20:00 GMT

If you move their IIS root directory from inetpub to a different folder without copying the AdminScripts subfolder from inetpub to the new directory, WSS setup fails silently. The WSS admin site is not setup yet you won't notice it until you try to get to it.

If you try to install TFS after this you will recieve an error during TFS install: "Error 32000.The Commandline '"D:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\Bin\Stsadm.exe" ...' returned non-zero value: -2130242250."

This is due to the fact that WSS is not installed properly and the admin site is not accessible.

If you recieve this error, here are the workaround steps:

1-Uninstall WSS

2-Copy over AdminScripts from InetPub folder to the new VRoot folder

3- reinstall WSS

4- rerun TFS setup.

common Team Foundation setup failure.. 32000

Elyasse Elyacoubi — Thu, 17 Feb 2005 04:17:00 GMT

I was going to write about this actually.. yet I found that askburton has already a great item for it.. so if you get this error.. here is a help link ...

http://blogs.msdn.com/askburton/archive/2005/01/27/362083.aspx

let me know if this was helpful...

Repair / Reinstall on the next VSTF Beta

Elyasse Elyacoubi — Thu, 17 Feb 2005 03:42:00 GMT

Repair and Reinstall (ie. uninstall and then reinstall again) are not supported on the comming Beta2 of Visual Studio Team Foundation. If you want to reinstall or repair your application and keep your existing data, you will need to backup the data first, and then reimage the machines and install from fresh again, then restore your data on the databases.

The work to fix the repair / reinstall scenarios is going to be after beta 2. I am talking only about Visual Studio Team Foundation Application Tier and Data Tier installs. (both on different machines or on a single machine).

How was your experience setting up VSTF?

Elyasse Elyacoubi — Tue, 15 Feb 2005 09:02:00 GMT

I would love to hear from you on how was your experience installing Visual Studio Team Foundation (both Applcation Tier and Data Tier). It is our goal to provide you with the best setup experience. Any exprience you would like to share? Anything you would like to let the VSTF Setup team to know. Any wish list you have? throw them all onto me :)

Writing a sample code file that compiles in all systems.

Elyasse Elyacoubi — Wed, 05 Jan 2005 22:18:00 GMT

If you write a file that is intended to compile in all systems (ue, sample code file), people who compile it in a code page different than the code page that is was saved under may encounter a compiler error: "C4819: The file contains a character that cannot be represented in the current code page (System_code_page). Save the file in Unicode format to prevent data loss".

To write a C code file that compiles on all systems, you have 2 options:

1- save it in unicode (will not compile using older compilers though)

2- or if you want to support all compilers including older ones, change the following:

const static char mb_japanese[] = "....";

const static char mb_japanese[] = { 0x41, 0xF0, 0x72, 0xFD, 0};

this method should be done for all string types, including wchars.

Careful with & operator on CComBSTR variables.

Elyasse Elyacoubi — Fri, 29 Oct 2004 05:36:00 GMT

Be careful when using the & operator on a CComBSTR variable. If this variable is not empty, using the & operator on it to point it to a new BSTR will lead to a memory leak.

For instance,

if you have a variable bsz1

declared and initialized as:

CComBSTR bsz1("HiWorld");

the member BSTR is allocated by issuing a call to SysAllocString. If you use somewhere after that in your code (&bsz1), you will cause a memory leak.

You can call bsz1.empty() before you use &bsz1 to prevent from the memory leak.

Cheers.

Elyasse