One small problem with OSX is that it does the same thing every time you plug in any camera — starting Aperture, for example. The trouble is, while that may be sensible when you’re plugging in your main camera, it’s a pain when connecting up your iPhone.

Cameras, a free preference pane from Flexibits, sorts out this problem. It allows the action taken on connection to be set per-device.

It’s working perfectly here, and fixes one of my longstanding frustrations with OSX. With it, attaching the various devices I have that take photos now Just Works.

If you’re having a problem with a Microsoft product, then the first stop for finding a solution pretty much needs to be the MS Knowledgebase. It’s solved problems for me and for clients times without number. Often however this has involved printing out the article in question in order to follow a series of steps on the computer with the problem.

A new, and very welcome addition to some articles on the Knowledgebase removes the need for this – a “Fix it” button, shown above, has been added. When this button is available, it will download a small file that contains a script or executable that performs all the steps for you. For example, if Internet Explorer is missing from your desktop, the “Fix It” button downloads a small installer file containing a script to put it back.

I can see this going far, and hope it’s a major change in fix delivery. Help Desks in particular should gear up to build local libraries of these scripted fixes, in order to push them out where required. And building the server-specific fixes into System Center Operations Manager for automated behind-the-scenes problem resolution would be a great next step too.

Good news on the User Access Control flaw I wrote about a few days ago – the Windows 7 engineers have promised to fix it in the release candidate, and have gone even further in the fix than was asked.

The additional proposal is to run the User Access Control panel in a mode where other programs cannot manipulate it without first gaining elevated rights. This should put and end to any potential exploit via this route.

Good to see the engineers responding to this. The fact that they had to, however, leads me to wonder if they’re not a little insulated – they talked about “Customer Driven Engineering” in their previous post clarifying their views on the flaw (now changed of course) but surely a little bit of common sense and engineering experience should have told them that this was wrong, regardless of what the behavioural monitoring they performed suggested?

Microsoft dismisses Windows 7 UAC security flaw, continues to insist it is “by design”:

Just because it’s by design doesn’t mean to say it’s right. This is exactly the blinkered thinking that we heard from the people working on UAC in the Vista timeframe – “This is the way it’s going to be, we know better than you.”

Since that attitude was provably incorrect last time, what makes it any more right this time?

(Via I Started Something.)

Sacrificing security for usability: UAC security flaw in Windows 7 beta:

By default, Windows 7’s UAC setting is set to “Notify me only when programs try to make changes to my computer” and “Don’t notify me when I make changes to Windows settings”. How it distinguishes between a (third party) program and Windows settings is with a security certificate. The applications/applets which manage Windows settings are signed with a special Microsoft Windows 7 certificate. As such, control panel items are signed with this certificate so they don’t prompt UAC if you change any system settings.

The Achilles’ heel of this system is that changing UAC is also considered a “change to Windows settings”, coupled with the new default UAC security level, would not prompt you if changed. Even to disable UAC entirely.

Whoops. This one is a bit of a showstopper. I’m very happy with the re-imagined User Access Control in Windows 7 (I believe it’s pretty much what it should have been in Vista) but this definitely needs fixed. I agree completely with Long Zheng’s proposed solution:

Microsoft can implement without sacrificing any of the benefits the new UAC model provides, and that is to force a UAC prompt in Secure Desktop mode whenever UAC is changed, regardless of its current state. This is not a fool-proof solution (users can still inadvertently click “yes”) but a simple one.

(Via I Started Something.)

I have been waiting for this to happen for twelve years, ever since my first multiple-thousand-seat Windows desktop rollout – Windows 7 (and Windows Server 2008 R2) can be added to domains without physically being connected to that domain over a network

This is done with a new command – djoin.exe – added into these products. It’s used (on an existing machine in the domain) to generate a block of information in a file, that can be used on another machine to automatically join the domain without being connected at that time.

This is fantastically useful for anyone performing big corporate rollouts – where it’s not always possible to build the machines in situ. Any consultancy working on a build-and-customise desktop project for a client is going to absolutely love this.

Found on bink.nu.

I write occasional technical pieces for other places – as they are published I’ll link to them here.

In the January 2009 issue of IT Expert Magazine I have an article: Setting up mobile email with Exchange 2003 and 2007.

Installing MS Windows Vista into Parallels is a bit of a chore if you’ve only got an upgrade editions of the software. This how-to tells you the steps in order to make it work.

Firstly, make an image of your Vista DVD. This will make the install run much faster, and you’ll need to be doing two of those. Insert the vista DVD, then in Disk Utility, select the DVD UDF Volume and press “New Image”. Call it Vista, save it to the desktop, and change the image type to “DVD/CD Master”

Once that finishes, it’s time to power up Parallels. Make sure you’re running at least Release Candidate 1 – download it from the Parallels website if not. Create a new VM and select “Custom”. On the next page, make sure the OS version is set to Windows Vista. Leave the memory, hard disk settings and the network settings alone. Name the Virtual Machine (or again just accept the default).

On the next page, where you’re asked to insert the installation CD, open up “More Options”, select “ISO Image” and press “Choose” to select the image created earlier – saved to your desktop. Press “Finish” to begin the Vista installation.

Well, actually, your first Vista installation. Because we’ll be doing two here. The trick is that we don’t enter your licence key the first time around, thus fooling Vista into installing. Unlike XP upgrades, which just needed a look at a CD or a previous installation to proceed, licenced Vista won’t install unless it’s being installed over the top of a previous OS. Luckily, “previous OS” includes unlicensed Vista!

Start the installation going. The first thing it will ask you is your international settings. Set them as appropriate. Click onto the next page, then click “Install Now”. On the following page, it will ask for your product key. Do not type in your product key – instead, press “Next”, say “No” to the following dialog box, then on the next page choose the version of Vista you’re installing.

(I have no idea what the difference between, say, Business and BusinessN is – can someone enlighten me? I just chose from the non-N ones.)

Tick the box on that page, press Next, accept the licence terms, press Next. On the following screen the type of installation will be set to “Custom”. That’s fine. Press Next to choose where to install it, the default is fine so press Next again.

At this point the installation of Vista will start. The VM will reboot several times – just let it do so. Installation will run to completion just fine, go away for 30 minutes.

(time passes)

Choose a username and on the next page, a computer name. These aren’t vital but you’ll need to remember the username for the next 30 minutes. Then, on the security updates page, select “Ask me later” – one of the current Vista updates breaks Parallels, and we don’t want that to happen. Finally, set your timezone, then press “Start”.

Vista will then check the VM’s performance, then start up. Congratulations, it’s installed. Log in, and

Do not install Parallels Tools right now. It will cause you pain later.

Now we’re going to do all of this over again, this time with a licence key.

From the Start Menu, choose Computer, then double-click on the DVD drive. Double-click on Setup. Allow the program to run. Click on “Install now”.

On the next screen, don’t get the latest updates for installation at this time, because it might crash Parallels. On the next screen, enter your product key. Accept the license, as before.

On the following screen, again click on “Custom” for type of installation. Accept the default for the installation disk, as before, then click “OK” in the dialog box.

Installation will then start. Another 30 minutes here.

(time passes, again)

This time, when asked for a username and computer name, choose ones you wish to stick with as this is final. Choose “Ask me later” for the security updates, then set the timezone as before.

Vista will again check performance, then start.

That’s it. We’re done. Just tidy-up to do now.

Firstly, install Parallel Tools from the Mac “Action” menu. This will give proper integration between your Mac and the Vista VM. It’ll need a reboot. After that, navigate from “Computer” on the Start Menu to your hard disk, then delete the “windows.old” directory. That was the initial install.

Now, from the Mac’s “Action” menu, run the Parallels Disk Compressor, in order to neaten up the VM’s hard disk. This takes a while. But once it’s done:

Congratulations. You have a perfectly fresh working installed copy of Vista, from a Vista Upgrade CD, in a Parallels VM.

Now go and enjoy before Parallels bring out a new version, forcing this to become incorrect and me to write out a corrected version.

Enjoy!