Don’t use 32 bit Windows with more than 3 GB of memory

Well the subject of this post is that everyone should be getting used to 64 bit operating systems and migrating to them. Today I saw a laptop that had 4 GB of RAM, the very latest HP that we can lease for a school in the TELA scheme. With the 32 bit edition of Windows 7 it reports it has 2.92 GB of RAM available. Now I thought this was a bit low as I knew more memory is reported for the 64 bit edition of Windows 7. I was quite shocked to discover that the latter figure is 3.8 GB. In other words a difference of around 900 MB. This is quite a significant difference.

Since as far as I know these TELA scheme HP Laptops are only available with the 32 bit edition that has been built up for the Tela scheme, we will definitely be continuing to customise our laptops with the 64 bit edition of Windows 7. We are currently looking at the best way to deploy these. As previously described in this blog I spent a lot of time learning to use MDT and while it is a very sound method it is technically complex and requires a significant amount of specialised resources to maintain. Therefore I am having a look at Native VHD deployment as a means to achieve what we want, which will be along with the use of WSIM and DISM as described in a recent series of articles. At the moment I am as a first stage loading a VHD to one of the actual laptops in order to customise it with hardware-locked applications that are normally installed by a MDT task sequence. After that it will go back onto the imaging VM for tweaking and then the sysprep for deployment. The way of doing backups with VHDs (instead of MDT based capture) is to use Microsoft’s Disk2VHD tool to capture a hard disk into a VHD file. So we could almost dispense with MDT altogether.

After the first week back at school our nVHD deployment of 30 computers in our suite has been generally successful. The main issue to date is getting Windows and Office activated; as we put in a key for Windows it still has to be manually activated, while Office should be activating against a KMS server but isn’t. I can switch Windows in future back to KMS but we still have to work out why the Office KMS server (which is a different server from the one that handles Windows 7 activations) isn’t receiving activation requests. As it happens Office will not stop working but it will just keep on warning it needs to activate so we have a bit of time to sort out that problem.

Another big task is creating 300 accounts for all our students who have individual logon accounts. We used our previous SMS to export a CSV that was hacked in Excel and then fed into a VBscript to use ADSI to set up the accounts. This year with Musac I have created a separate Access database to handle this task and that of creating the output CSV file to feed into the script. Naturally I have decided some enhancements are possible. For example with Outlook Live having a Powershell interface it should be possible to create email accounts at the same time. Further capability will be added later. The main change is that the creation of the accounts will be automated with the names of students being used and, to get around the 20 character length limit for the sAMAccountName field, the UPN name field will be set with a 3 character UPN suffix, thus each logon will be xxx.yyyyyy@zzz which is standardised for all logons. This will be the first time we have set up and distributed accounts with the expectation for using a UPN name.

It is important to note when using UPN names for accounts that Windows still sets the %USERNAME% environment variable for the user to the value of sAMAccountName. When you create home folders for your users you need to allow that the sAMAccountName is the one that is relevant to Group Policy Folder Redirection for %username% and that this still needs to be unique even if it is truncated to 20 characters for users with longer names stored in the UPN. Log in, look at the environment variables and see how many uses there are made of that sAMAccountName value. Also all our new users are getting their home drive changed to O: because a lot of computers have extra drive letters with the additional partitions for Windows 7 and nVHD as well as card readers and the like.