Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Application Compatibility Toolkit (ACT) 4.0 to Manage Application Compatibility on XP SP2 and Server SP1 Corey Hynes DSK304.

Published byFranklin Davis Modified over 9 years ago

Similar presentations

Presentation on theme: "Using Application Compatibility Toolkit (ACT) 4.0 to Manage Application Compatibility on XP SP2 and Server SP1 Corey Hynes DSK304."— Presentation transcript:

1 Using Application Compatibility Toolkit (ACT) 4.0 to Manage Application Compatibility on XP SP2 and Server SP1 Corey Hynes DSK304

2 Agenda Application Compatibility Toolkit goals Application compatibility challenges ACT 4.0 in Detail Feature overview Three-phase approach Evaluate application compatibility issues Mitigate compatibility issues Deploy issue solutions Architecture and Features Areas of continued investment Call to Action Appendix 7 Steps to Get Started with ACT 4.0 Top 10 Reasons to Deploy Microsoft Windows XP SP2

3 Goals Enable adoption of Microsoft Windows by reducing application compatibility as a deployment blocker Provide a unified, end-to-end system to address application issues Tools for Evaluation Tools for Mitigation Tools for Deployment Listen, learn and respond to corporate application compatibility issues Provide a secure and privacy-compliant web service for customers to share application issues and solutions with Microsoft

4 Challenges (Windows XP) Changes to Microsoft Windows XP code base 9x was more “relaxed” in heap management Subtle changes in Win32 API behavior Registry value changes Changes to Folder Location Documents & Settings My Documents Applications with platform-specific drivers Common in anti-virus, backup and partitioning software Applications hard-coding to work on specific OS version

5 Challenges (Windows XP SP2) Microsoft Internet Explorer Binary behaviors, local machine lockdown, mime handling & sniffing, zone elevation, Windows restrictions, download blocking DCOM & RPC Launch and activation permissions, remote anonymous access Windows Firewall Ports closed by default Data Execution Prevention (DEP) Access violations for applications that do not handle NX

6 Feature Overview Built on top of 3.0 technology Improved evaluation tools Improved mitigation tools Improved deployment tools Task-based interfaces

7 Three-Phase Approach EvaluationMitigationDeployment Inventoryapplications Collectapplicationissues Packagesolutions Deploy solutions Create and test solutions

8 Architecture and Features

9 SalesSupport ServersHR Test Environment Production Environment Collector DCOM Windows Firewall IE Collector CollectorCollector DCOMDCOM WindowsFirewallWindowsFirewall Compatibility Evaluation Agents IE Distribute agents to Collect application inventory Collect application inventory Assess application issues Assess application issues Run IE test tool Detect SP2 compatibility issues Detect SP2 compatibility issues Client Distribute via SMS SMS Log on scripts Log on scripts Configure agents to collect specific data Department name Department name User name, Machine name, IP User name, Machine name, IP Custom name-value pairs Custom name-value pairs Evaluation Phase Architecture

10 Production Environment Network Share Application Evaluation Tool: Application Analyzer SalesSupport Servers HR Collector DCOM Windows Firewall Collector DCOM Windows Firewall Windows Firewall Windows Firewall Server MSFT Online DB SQLServer Network Share Network Share Web Service NetworkShare ReportViewer(Analyzer) Client

11 Web Application Evaluation Tool: Internet Explorer compatibility evaluator View Log of Errors Change IE Security Settings Save Logs Evaluates issues related to 1.Automatic Download Blocking 2.Bad Certificate ActiveX Blocking 3.Binary Behaviors Restrictions 4.Local Machine Zone Lockdown (LMZL) 5.MIME Handling Restrictions 6.MK Protocol Blocking 7.Object Caching Protection 8.Pop-up Blocking 9.Windows Restrictions 10.Zone Elevation Restrictions Windows XP SP2 Client (Test Machine)

12 Evaluation Feature Highlights Automated application inventory agent Light-weight tool Data collected about installed Application and machine configuration Windows XP SP2 compatibility evaluators Checks whether an application uses DCOM interfaces that will be blocked by SP2 Windows Firewall compatibility evaluator is configured to monitor ports over time that violate new Windows Firewall defaults Detects violations to new Internet Explorer security feature settings Rich client tool for reporting and analysis Faster and more comprehensive data filtering Reports can be shared Managed application (requires.NET Framework 1.1) Data stored in SQL Server 2000 Secure data encryption to/from Microsoft online Web services

13 Evaluation Phase

14 Test Environment Command line tool that can generate a single EXE Mitigation Phase Architecture Query File .ADQ File (Application List with DCOM and Firewall Issues) Compatibility Administrator file .SDB File (Database with Win32 Fixes) Solution Builder Tool Test Environment One Mitigation Package for Applications One Mitigation Package for Applications (Machine-wide Fix)

15 Application Mitigation Tool: Compatibility administrator Without Compatibility Fixes: Error message on Windows XP Calls GetVersion Returns 5.1.2600 Calls GetVersion Returns 4.0.950 setup.exe kernel32.dll Compat Fix kernel32.dll With Compatibility Fixes: Setup Continues on Windows XP 100s of Fixes: Limited User Account, Registry Keys, File Paths, Display

16 Web Application Mitigation Tool: Internet explorer compatibility evaluator Registry Package (.REG file) for Internet Explorer View Log of Errors Change IE Security Settings Windows XP SP2 Client (Test Machine)

17 Mitigation Feature Highlights Enable application-specific solutions while minimizing impact on overall security One Mitigation package for applications For DCOM and Firewall fixes Applications added to exception list For Win32 Compatibility fixes Database Installed on target machine Machine wide fixes Uninstall option available Registry package for Internet Explorer Can be deployed via logon scripts or SMS Registry changes can also be done via group policies

18 Mitigation Phase

19 Deployment Architecture Production Environment SalesSupport ServersHR Server Option 1. Log on Scripts Distribute evaluation agents OR fix package via logon scripts Option 2. Systems Management Server Distribute evaluation agents OR fix package via SMS Network Share Network Share Log On Scripts System Management Server Client MitigationPackage Evaluation Package

20 Deployment Feature Highlights Easy to distribute and install Self-installing executable Can be deployed via logon scripts or SMS SMS integration Extends SMS’s existing targeting capabilities Deployment of evaluation agents Deployment of mitigation packages Consolidation of mitigation solutions One mitigation package for App issues Registry fixes for Internet Explorer

21 Feature ACT 3.0 ACT 4.0 Deployment Task List Application inventory agent DCOM and Firewall issue detection Internet Explorer compatibility test tool Client tool for reporting and analysis Tool for creating solutions Tool for packaging solutions SMS integration Documentation New Features in ACT 4.0

22 Areas of Continued Investment

23 Call to Action Download ACT 4.0 http://www.microsoft.com/windows/appcompatibi lity/act4.msp http://www.microsoft.com/windows/appcompatibi lity/act4.msp Give us your feedback Post messages on the newsgroup microsoft.public.windows.app_compatibility Support is offered via Microsoft product Support services http://support.microsoft.com

24 Your Feedback is Important! Please Fill Out a Survey for This Session on CommNet

25 Appendix 7 Steps to Get Started with ACT 4.0 Top 10 Reasons to Install Windows XP SP2

26 Step 1: Familiarize Yourself with ACT 4.0 Download from http://www.microsoft.com/windows/appco mpatibility/act4.mspx http://www.microsoft.com/windows/appco mpatibility/act4.mspx Install ACT 4.0 Recommended operating systems: Microsoft Windows XP Professional Microsoft Windows Server 2003 Note: Individual components support varying operating systems.

27 Step 1: Familiarize Yourself with ACT 4.0 ComponentDescription OS Recommended Application Compatibility Toolkit (Framework) Help files and deployment task list Microsoft Windows XP Pro Microsoft Windows Server 2003 Application Analyzer Client tool for Reporting and Analysis Application Compatibility Administrator Client Tool for applying common compatibility fixes Internet Explorer Compatibility Evaluator Client Tool for testing web sites/Web Apps and applications on XPSP2 Windows XP Pro SP2 Collect.exe Collects application inventory on a specified set of computers Microsoft Windows 98, ME, Microsoft NT4 Microsoft Windows 2000 Pro Microsoft Windows 2000 Server Windows XP Microsoft Windows Server 2003 WFCE.exeDCOMCE.Exe Identifies potential application issues related to DCOM and Windows Firewall Windows XP Pro Windows Server 2003

28 Step 1: Familiarize Yourself with ACT 4.0 Review the prescriptive guidance on using ACT Step-by-step tasks divided into three phases Track your deployment progress in the task list In-context help documentation

29 Step 2: Configure Application Analyzer Launch application analyzer Go to configuration screen Set up Analyzer SQL DB Specify the SQL Server name and click “Refresh” Type in the name of the new database to create and click “Create New” (NOTE: you must be a member of the SQL Server admin role)

30 Step 2: Configure Application Analyzer (cont’d) Configure Collector Settings set up file share(s) for collecting data Application data will be collected with Collect.exe Application issue data will be collected with DCOMCE.exe and WFCE.exe Add the log path(s) to the list Configure the Merger Service In Service Control Manager find the “merger” service Configure it to log on with a user account that has privileges on the Analyzer SQL DB.

31 Step 2: Configure Application Analyzer (cont’d) Configure Merger Permissions on Analyzer SQL DB In SQL Enterprise Manager expand the Analyzer SQL DB and click on “Users”. Find the user you added to the Merger service and grant them the role of db_AnalyzerMerger

32 Step 2: Configure Application Analyzer (cont’d) Configure Solution Builder Permissions on Analyzer SQL DB In SQL Enterprise Manager expand the Analyzer SQL DB and click on “Users”. Find the user that you will use to create solutions (mitigation package) and add it to the role of db_SolutionBuilder

33 Step 3: Collect Application and Issue Data Inventory Applications Run Collect.exe Located in C:\Program Files\Microsoft Application Compatibility Toolkit 4\Application Analyzer Common command line options Example: collect.exe /o c:\TestLogs /o defines output path for logs Default filename is name of the machine

34 Step 3: Collect Application and Issue Data (cont’d) Collect DCOM and Windows Firewall Compatibility Issues Run DCOMCE.exe Located in C:\Program Files\Microsoft Application Compatibility Toolkit\Application Analyzer\CEAgents Common command line options Example: DCOMCE.exe /o c:\TestLogs /o defines output path for logs Default file name is MachineName.Issue.GUID Run WFCE.exe Located in C:\Program Files\Microsoft Application Compatibility Toolkit\Application Analyzer\CEAgents Copied to a directory where regular users do not have write access (E.g. c:\Windows\System32) Common command line options Example: WFCE.exe /o c:\TestLogs /o defines output path Default file name is MachineName.Issue.GUID /ct defines completion time in hours

35 Step 3: Deploy Collection Agents Using SMS (optional) Collector and the Compatibility Evaluator Agents can be distributed via the SMS Deployment Wizard

36 Step 3: Collect Application and Issue Data (cont’d) Collect Internet Explorer Compatibility Issues Run Internet Explorer Compatibility Evaluator (IECE) Update IE with the test logging infrastructure Run test cases on business critical web applications against Windows XP SP2

37 Step 4: Process Issue Data Merge collected Data into Analyzer SQL DB Launch Application Analyzer Go to Configuration screen Click on “Log Processing” Click on “Start Log Processing”

38 Step 4: Process Issue Data Get the Latest Issue Data from Microsoft Connection via a secure connection

39 Step 5: Analyze Issue Data Analyze application compatibility issue data Launch Application Analyzer Go to Reports Pivot between three data views: Applications, Machines, or Issues

40 Step 5: Analyze Issue Data (cont’d) Drill-down to see details of an application

41 Step 5: Analyze Issue Data (cont’d) Drill-down to see details of an issue

42 Step 5: Analyze Issue Data (cont’d) Analyze Web application compatibility issue data View log of reported issues Drill-down into issues to find out more about them, including work-arounds and mitigations

43 Step 6: Mitigate Compatibility Issues Mitigate Legacy Applications Compatibility Issues Run Compatibility Administrator Apply “Layers” and “Fixes” as appropriate Compatibility Layers are designed to “hook” Win32 APIs and emulate the prior behavior Examples Hard-coding paths to Special Folders  “CorrectFilePaths” OS Version Number  Version Lie Compatibility Fix Generate a custom database of fixes (called a custom SDB) Install the custom SDB in order to apply it

44 Mitigate Internet Explorer Compatibility Issues Option 1 - Export mitigation from IECE into a.REG file (Binary Behaviors, Pop-up Blocking, Windows Restrictions) Option 2 - Change IE security settings globally Option 3 - Change underlying problem (i.e. code) Step 6: Mitigate Compatibility Issues (cont.)

45 Step 6: Mitigate Compatibility Issues (cont’d) Mitigate DCOM and Windows Firewall (WF) Compatibility Issues Launch Application Analyzer Filter report to just show DCOM and WF issues you want to mitigate Save report as an ADQ file Copy FixPack.Exe, FixInst.Exe, dbapi.dll, mtadq.dll, and sdbproxy.dll to where your ADQ file is saved Run Solution Builder to generate a packaged executable of the DCOM and WF fixes

46 Step 7: Deploy Mitigations One EXE package for easy deployment DCOM and Firewall fixes Win 32 compatibility fixes One registry package for Internet Explorer compatibility issues One registry package for Internet Explorer compatibility issues Can also be configured via group policies

47 Top 10 Reasons to Deploy Windows XP SP2 1. Help protect your PC from harmful attachments. 2. Improve your privacy when you’re on the Web 3. Avoid potentially unsafe downloads 4. Reduce annoying pop-ups 5. Get firewall protection from startup to shutdown 6. Take control of your security settings 7. Get the latest updates easily 8. Help protect your e-mail address 9. Take action against crashes caused by browser add-ons 10. Go wireless without the hassle

48 We invite you to participate in our online evaluation on CommNet, accessible Friday only If you choose to complete the evaluation online, there is no need to complete the paper evaluation Your Feedback is Important!

49

50 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

51

Download ppt "Using Application Compatibility Toolkit (ACT) 4.0 to Manage Application Compatibility on XP SP2 and Server SP1 Corey Hynes DSK304."

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Changes in Windows XP Service Pack 2

Changes in Windows XP Service Pack 2
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Information for Developers Windows XP Service Pack 2 Information for Developers.

Information for Developers Windows XP Service Pack 2 Information for Developers.
Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.

Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Microsoft® Desktop Deployment Assistance Program 4: SMS OS Deployment Feature Pack Thomas Lee Chief Technologist QA plc

Microsoft® Desktop Deployment Assistance Program 4: SMS OS Deployment Feature Pack Thomas Lee Chief Technologist QA plc
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Rob Hwacinski Sr. Program Manager Lead Microsoft Corporation WEM206 Ashwin Kulkarni Sr. Product Manager Microsoft Corporation.

Rob Hwacinski Sr. Program Manager Lead Microsoft Corporation WEM206 Ashwin Kulkarni Sr. Product Manager Microsoft Corporation.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.

Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.

Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.
Richard Smith Senior Consultant – Management, Operations and Deployment Microsoft UK Simple Deployments with Windows AIK and Windows DS.

Richard Smith Senior Consultant – Management, Operations and Deployment Microsoft UK Simple Deployments with Windows AIK and Windows DS.

Similar presentations

Ads by Google