10 December, 2011

I've Just About "Had It" with the Microsoft Family of OSes

(jump to the 12-Dec-2011 update)

I've really "had it" with the quirkiness of Microsoft operating systems.  I just spent about four hours over three sessions (about an hour from 2130 to 2230,  about another two hours remotely from home from 2300 ET to 0100 the next morning (this morning), and another hour or so a few hours after sunrise today) trying to figure out why my XP profile wouldn't "stick."  Mind you, this is on a computer on a domain which is not mine (belongs to the folks who are contracting my services), so there are certain limitations which I cannot control (such as whether or not to use Active Desktop).

I guess I should take a paragraph to "step back" and explain the whole employment situation.  I work directly for Computer Plus Staffing Solutions, the FinancialPeople division.  And that's really only due to the existing relationship with FP of a financial director of the company where I (do the) work.  I don't really do anything financial at all, such as accounting, which is weird why I'm an employee of FP.  I'm doing mostly Avaya (PBX) administration.  Mostly what I'm tasked with is adding users, removing them when they're separated/terminated, and the associated backend record keeping (e.g. we gave Smith a Sonexis Conferencing account related to his phone, so when he goes, not only do we remove his station, we also delete the conferencing credentials).  The company where I work (not sure if I'm allowed to mention them), due to a merger happening soon, is unsure about their future, so in order not to have to worry about the legal requirements of short-term employment, they wanted the arrangement as a contractor instead of a direct-hire.  And I didn't want to have to worry about all the legalities of running my own business (directly contracting with the company where I work), so I'm going though this temp. staffing agency.

It all started after a business day which seemed never to end, with wonderful challenges, and some great discussions on planning for the future direction of operations.  In particular we were talking about things like taking Excel workbooks and turning them into SharePoint lists, setting up no-longer-used Avaya gear as a nonproduction switch (with due concern for the networking people with a strict policy of not having dev and prod systems on the same network).  It was getting late, having been there around 11 hours already (elapsed time, not working the entire time, mind you) when I logged in just to take a look at one more thing.  Things were proceeding normally enough...except neither the desktop nor the taskbar were appearing, the essential root functions of the explorer.exe Windows shell.  I thought, "that's odd..." and used the usual Ctrl-Alt-Del t to run the task manager.  And I ran another copy of explorer.exe with it.  Well...the desktop and task bar appeared, the items in the startup folder ran...so that logon session seemed to be salvaged.  But I logged out, then remembered, hey, there once again was one more thing ("honest this time!") I wanted to look at.  It was at this time I got the dreaded...Setting up Internet Explorer.  And of course, my %USERPROFILE% now had a "." and the domain name in all upper case appended to it.  Mind you, this was a particularly crushing "defeat," which I'll try to explain (as Paul Harvey would say) the rest of the story....

I'd like to take you on a little flashback of sorts.  Like many companies, the usual policy when bringing someone in is to give the new hire a fresh workstation OS and app build (using Symantec Ghost in this case, as is quite popular with larger companies).  But I guess everyone except the site support/help desk people thought what was there was just fine, having been used by two or three previous employees filling the same role as I was performing.  I wouldn't need to spend any additional time installing software, such as Avaya Site Administration (ASA) or other various and sundry tools a telecomm tech might use.  As it is, I wanted more software on there than was on there anyway, such as Cygwin, the 2003 administration tools for XP, copy path to clipboard, JoeWare's sectok...quite a few things actually which I find extraordinarily useful.  So I did spend virtually the entire first day there poking around to see what was there, and downloading and supplementing it with the tools I like.  But then I sought a little improvement.

When accessing their trouble ticket tracking system, Altiris, every time I brought up a results page (such as the list of tickets assigned to me) for the first time after opening IE, I would get a big, honking window pop up with an OK button, the contents of which seemed to indicate the ActiveX component used to display and interact with that results list was unlicensed.  Really, it was just a minor annoyance; all one had to do is click the OK button, and that session was good-to-go, without any more popups.  So I decided to report this by fillling out an Altiris incident.

One of the fine service desk techs gave my system the once-over, and tried some things, all before I arrived the next morning.  He said, and I had to agree, he had already spent...oh, I don't know, let's say a half or three-quarters of an hour ...and was no closer to eliminating this unnecessary popup.  He also remarked it was a build he's never seen before, and was highly nonstandard.  Again, I had to agree with him; there were things like Wireshark and SnagIt on there, things not typically on a corporate computer unless the user has specific use for them.  So, he could putter around with it for hours, and still not have any success at eliminating the popup annoyance, or use Ghost.  So, let's schedule a time (which should take about an hour to an hour and a half) to reimage your machine.   "Hmmm...yeah, that'd probably do it all right," I was thinking, but the key part is I would have to do some "homework" to find out, of the things installed, what would I really need, and from where could I get that software?  So, essentially we both put our little rebuild project on hold.  Plus, it would give us an opportunity to figure out which package in particular, after installation (or possibly use), was causing this popup anomaly to manifest.  And as an added benefit, we could devise how to deploy the things I needed automatically, such as ASA, instead of a telecomm tech having to install it themselves.  After all, there are a few dozen packages which were set up for remote installation from some sort of Altiris inventory control console page.

I actually held off on this a while because after all, it was just an improvement; this popup was just a nuisance and didn't prevent me from doing my work.  But Windows, being the quirky little black box that it is, was not content to do that, and let me live in peace.  No, about a week or so after I told our service desk engineer that I wasn't sure how to get all the files I needed (in particular, which versions of the stuff stored out there were appropriate for putting on my workstation), I logged in to the dismay of seeing all my settings, all my customizations, all my everything ***GONE*** .  Oh, mind you, Cygwin was still there, copypath, cmd here...all that stuff was ready to be used again, but ***EVERYTHING*** would have to be reconfigured.  I even took a look, as admin so there would be no access permission issues, at the scorched remains of what was my former %USERPROFILE%.  Nothing was left, except for the "Application Data" folder, and a few empty folder levels below that.  What's worse, every time I would log on, a new %USERPROFILE% would be created, and no settings would stick.  Heck, I was all the way up to me.DOMAIN.004 (I think it was) before I had any luck at all running anything close to normally.

I thought, I cannot tolerate setting up EVERYTHING every single time I log in, so I'll finish up the urgent incidents (such as the teminations), and I'll finally give them the word to trash what was on there.  But by the time I had nailed all that down, it was near the end of the day (1900 hours), where the person who could initiate the rebuild would have to leave; he would need at least 10 minutes to do all the necessary procedural steps.  Well, OK...it is what it is.  I repeated this the next day, except for the part where I came to the service desk too late.  We basically kicked it off, watched it go part way, but eventually just let it do its thing overnight.

I came in the next morning, and basically started the whole process over again, like I'd just arrived on the job for the first day.  Except this time around, I had accumulated all the installation sources, because as is my habit, I don't just download stuff to some temp directory; I set aside a definitive installation directory, usually some variation on /usr/local/lib/inst (in this case, drive 0 was partitioned into C: and D:, so this happened to be D:\usr\local\lib\inst).  Before ordering the wipe of my 'puter, I had copied virtually the entire contents of D:\ up to my network "home" directory, around 2GB.  And in fact, before I headed into the office that morning, I logged in via Citrix, then RDP, to initiate a copy of that data back to the (now blanked out) D:\ drive.  So, I installed a bare minimum of stuff (ASA, asked for all the links again to the Web-administered stuff, and so on).

For about the next week, which culminated in last night, I would mix performing the job duties with installing and configuring some niceties, such as SudoWin, Cygwin, Firefox, and so on.  As the week progressed, there would be a couple things every day which I remember now I could really use this or that, and would install/configure it, or just plain play around with the system (such as setting up a service, set to interactive, which executes CMD, thus giving an on-demand command shell with the SYSTEM security token...the superuser of Windows).

And so it went, until last night, when, as I wrote previously, some software somewhere along the way wedged, and caused XP all manner of grief, and by extension, me too.  It was probably some in-use files, or programs which wouldn't close them properly, which caused the login process not to trust what should have been my %USERPROFILE%, and for it to create a brand new version of one.  Except, this one wasn't quite as bad as the early part of this week; the previous profile wasn't empty, it still seemed to have most if not all the files and folders there. So, let me try to relate the things I tried this time 'round after getting over the incredulity.

The first thing of course was to copy completely the profile directory.  That way, if XP decided to wipe it out again, at least I'd be able to "get at" things like shortcuts, URL shortcuts, the NTUSER.DAT (probably can load it as another hive tree and export subtrees, such as the PuTTY session settings).  What was most disturbing after logging on and off a few times is that the "system control panel" (the advanced tab, button for profiles) was marking my profile as "Temporary" (ugh!).  This I guess definitely means nothing will be saved on logoout.  Of course, the thing to try is putting a copy of the profile where the system expects it (y'know, Documents and Settings\username) and hope for the best.  This used to work great under NT 4 anyway, and a lot of times works for XP.  Do you think it'd work?  Not on your life.  So then I tried the sysctrl panel profile copy feature, specifying my domain user as "allowed to use."  Again, that didn't quite work.

Next, I surmised there was an ownership issue, so I whipped out setacl and recursively set the ownership of my profile directory to my domain user SID.  This time...well...this time things started getting very weird.  On login, an error would pop up about something wrong with my Active HTML folder for my desktop.  I hate Active Desktop, but it's the only Microsoft-sanctioned way to force a uniform look to everyone's desktop (background color, background image, and so on) through GPOs.  What's worse, pieces of the XP Explorer left pane were along the left of about a third of my RDP window, with what looks like the rest of the desktop to the right of that.  And if explorer.exe was killed, it's like a layer was removed and some previously hidden windows appeared.

What really "gets" me is that making my domain username admin of that workstation would, at least a couple of times, cause "normal" profile behavior (it would stick).  But I don't want to run as admin all the time.  It's just really, really bad SOP.  That's why I use SudoWin extensively: start out lowly, and elevate privileges when required.  (...not this UAC nonsense of being admin but interfering when doing admin-ish things.)

Sadly, most errors go away, including this HTML desktop one, if I make myself admin before logging in.

I even tried blowing the whole profile away (with explorer), and basically starting afresh.  Yeah, well...you'd think that might help, but it didn't.  Then I even tried using that system control panel profile manipulation tool to delete the profile, figuring there was some other stupid, arcane, backend hoo-hah which would be updated appropriately when using the sanctioned tool instead of simply deleting the profile directory.  Alas, that wasn't much help either.

What I'm most concerned about is that, I will have lost about another week's worth of work, providing I have to tell these folks to reimage my workstation...AGAIN.  And it's probably something exceedingly stupid, like an ACL somewhere seems dodgy and the login process doesn't think it's "safe."  And who knows; maybe the all users folder and/or default user profile got corrupted somehow, and all I'd need would be a precise restoration of C:\Documents and Settings and all might get back to what passes for normal under Windows.

As it stands presently, I want to eliminate the RDP and Citrix angle, although I don't think that should have significant effect...meaning waiting and stewing about this until Monday morning.  I have a profile which sticks, but I think last time I logged in I was admin.

It's just all f'ed up.  This sort of thing should be straightforward and obvious.  The way to fix it likewise should be straightforward and obvious.  When the system thinks something is wrong and it feels only starting a new profile will be safe, the login process should prominently display not only what's wrong, but the specific object which is unsuitable...not merely "logging you on with a temporary profile," but what specific folder in the profile folder, or what specific registry entry it doesn't like, and specifically what it doesn't like (such as  the specific ownership or ACE problem).  What's worse, I've seen the "logging you on with a temp profile" message before (years ago), but this time I didn't see any such warning/error message.

But I guess that's asking waaaaaayyyy too much from Microsoft.  After all, they are the folks of "page cannot be displayed" and "bad command or filename," instead of "DNS name not found"/"Connection refused"/"No route to host" and "XXX is neither a builtin nor found in your PATH" like real people would like to know.  In other words, provide a useful error message?  Why would a user want that?  We have to dumb it down, ostensibly for the user to be ABLE to understand it.

I guess I could sum it up with, I'm sick of wasting hours and hours of my time because of things like this.

UPDATE, 12-Dec-2011:

It is the considered opinion of "the powers that be" that the reason that workstation1 does not "hold" a profile for a "normal" (e.g., non admin) user is that the guest account and anyone logging in are inexhorably intertwined somehow, and that somehow SudoWin is to blame.  Well.....no.  I call shenanigans.  The most I will be willing to admit is SudoWin plus some other piece of software on there (such as maybe the Win2K3 admin tools for XP, which does several system DLL replacements, not necessarily correctly in the case of some releases) might be to blame. The latter is the only thing which makes sense. It's the last thing I installed, either Thursday or Friday. It was operating quite fine up 'til then. I still don't believe it, but I'll be very, very hasty to point out, that's all it is: a belief. I have no hard evidence otherwise, so I must rely on the opinion of the caretakers of the domain of these machines.  SudoWin I'm asymptotic to 100% sure is in use around the world on thousands if not millions of XPSP3 systems. and I'll bet only a scant handful like this one have any trouble whatsoever related to such profiles.

Still...reality encroaches. Where I'm working, the business is not Windows engineering, it's something else entirely which just so happens to use some of that. Therefore noone involved wants the correct answer. All we (yes, "we"...including me) want is an expedient solution. My intellectual sense really wants to figure this out, but my business sense says I've got to get back to the job at hand. It's a pie-in-the-sky world where we can all take the time to pursue such theoretical tangents. The harsher reality is that we have to settle for expedient to make progress.

1I'm actually trying to be more careful now not to call it "my workstation" as I have absolutely no title whatsoever to it, and I acknowledege the company where I'm working graciously allows me to use it.

English is a difficult enough language to interpret correctly when its rules are followed, let alone when the speaker or writer chooses not to follow those rules.

"Jeopardy!" replies and randomcaps really suck!

Please join me on Google+!