InteleViewer on Windows Server 2012 R2

InteleViewer on Windows Server 2012 R2
At the radiology practice in which I work, we recently received the following question from the office of a referring physician: Can Intelerad’s InteleViewer PACS imaging client be run on Windows Server 2012 R2?  A member of our IT team reached out to Intelerad Support.  They provided the following advice known to work with Windows Server 2008, and suggested that we try the same on Windows Server 2012 R2.  So we did.

As is the case in many organizations these days, we would deploy this test installation as a virtual machine running on top of VMware.  Now that we’ve upgraded to VMware ESXi 5.5.0, we’re able to run Windows 2012 successfully, reliably, and best of all, virtually.  I allocated two virtual CPUs and 4 GB of RAM in a fresh virtual machine configuration.

Windows Installation
Because this is a test, and we don’t want to burn a legitimate Windows Server license, I reached for Windows Server 2012 R2 Datacenter Preview Build 9431, a trial installation that I’d downloaded some months ago.  As anyone who has installed Windows Server 2012 R2 can attest, it’s very quick to install it with the GUI console and otherwise default settings.  After that, I installed VMware Tools and all available Windows Updates.  Finally, I enabled Remote Desktop.

Installing InteleViewer
Installing InteleViewer is as simply as going to the InteleBrowser URL of your IntelePACS installation, logging in, scrolling down to Installers, and then choosing InteleViewer Tracks.  Those who support an Intelerad installation on a daily basis are very familiar with this process.  We chose an available ‘64-bit Windows Installer,’ and installed it using all the default settings.  Upon launching InteleViewer for the first time, we added the secure hyperlink to our IntelePACS installation.  Before the day was over, we’d briefly try versions 4-6-1-P122, 4-7-1-P129 and 4-8-1-P65.

Enabling ‘MultiUserMode’
The point of installing InteleViewer on Windows Server 2012 R2 is probably obvious.  An organization wants to allow multiple users to run simultaneous sessions of InteleViewer from a single server via Remote Desktop Services or Citrix.  InteleViewer requires two application-specific registry changes in order to make this work successfully.  The settings are documented below, and also in a PDF file in case the formatting isn’t intuitive here.  You should be able to paste the content into a text file, rename the extension to REG, and then run it once on your Windows Server.  If you wish to create these registry entries manually, note that they are of type ‘String Value.’

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Intelerad Medical Systems\InteleViewer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Intelerad Medical Systems\InteleViewer]

The Test
After installing InteleViewer and making our registry changes, we rebooted the Windows Server for good measure.  A colleague and I were then able to run simultaneous InteleViewer sessions without issue.  It should be noted that both of us are IT Professionals and not medical professionals.  And this limits our evaluation to a binary observation of whether or not InteleViewer works, rather than a substantive evaluation of how well it works.  As mentioned before, we ran versions 4-6-1-P122, 4-7-1-P129 and 4-8-1-P65 successfully.  So far, so good.

Say Goodbye To Windows XP

XP End of Support Graphic

XP Pop-up ©Microsoft

Those of us who work in the technology field have long been aware that Windows XP reaches the ‘End of Support’ on April 8th, 2014.  This weekend, our least technology-oriented friends and relatives are likely to learn it as well if they haven’t already.  Most users running Windows XP Home or Professional Editions with Automatic Updates enabled will begin seeing the pop-up message shown at the top of this post.  (So far, it appears that corporate users who get their updates from an internal server running Windows Server Update Services, or WSUS, will not receive the update that displays this warning.)  In addition, anyone unsure of whether they’re running Windows XP can simply visit for a quick answer.

Microsoft Windows XP was officially released on August 24, 2001, or twelve years and six months ago.  As a desktop platform, it’s had an incredibly long run, and a lot has happened since.  After XP, Microsoft released Windows Vista, Windows 7, Windows 8 and 8.1, and Apple has introduced eight full versions of Mac OS X, labeled 10.2 through 10.9.  But Windows XP just kept on plugging along.  XP is good enough, and few saw a compelling reason to upgrade, often doing so only when replacing a PC with one that happened to ship with a newer version of Windows.

In my day job at a medical practice, 9.14% of the people who visited our web sites and patient portal in the past month are still running Windows XP.  It’s second in popularity only to Windows 7, and roughly tied with Apple’s iOS if you aggregate versions 7.0.4 and the just-released 7.0.6 together.  Even at The Snnyc Blog, whose audience skews technical, 3.37% of readers in the past month have been running Windows XP.

What Happens Next
Microsoft releases security updates on the second Tuesday of every month, commonly referred to as Patch Tuesday.  This coming Tuesday, March 11th, Microsoft plans to push out five updates for XP, two of which cover critical flaws.  Since April 8th is also a Patch Tuesday, it’s possible that there could be one more round of updates for XP, depending on how Microsoft chooses to interpret the deadline.  After XP support is discontinued, there will be no more security patches for newly-discovered vulnerabilities.  When Microsoft releases updates for more recent versions of Windows on May 13th, the race is on.  We can expect unscrupulous hackers, security vendors and government agencies alike to reverse-engineer May’s updates and see whether XP is vulnerable to them.  From there, it’s only a matter of time until exploits are created, made available for sale, and released into the wild.  Anyone still using Windows XP on a computer connected the Internet at that point is living dangerously from a technical perspective.  Anyone still conducting business from a Windows XP machine may considered negligent, ethically, if not legally.

What To Do At Home?
If you’re currently running Windows XP on an older machine at home and can afford a new computer, now may be a great time to go out and buy one.  Jumping from XP to the current Windows 8.1 will take some getting used to, but Windows 8.1 can run many – though unfortunately not all – of your current applications.  You could also take the opportunity to try Apple’s Mac, which frankly may be more intuitive to use than Windows 8.1.  Of course this transition would necessitate all new applications as well.

Another Option
There are plenty of folks who either can’t afford a new computer, or loathe the idea of throwing away a still-functional machine due only to a software issue.  You might consider replacing Windows XP on your machine with one of the free lighter-weight Linux distributions.  Bodhi Linux, for instance, claims that it can get by on a, “300+MHz CPU, 128MB RAM, and 2.5GB hard drive space.”  Transitioning to Linux will necessitate new applications too, thought there are many free options out there that cover much of what you’re likely using your computer for now.  If you aren’t comfortable installing an operating system that you’ve never used before, now is the time to reach out to your social network for assistance.  Most extended families have that nephew or niece who is good at this stuff.  The one with little suntan; or personality.  You can also post questions here in the Comments section.

What To Do At The Office?
The pace of business application development sometimes lags that of consumer-facing applications.  For instance, our medical practice uses a digital dictation system that was incompatible with Windows 8 and 8.1 prior to a major release late last year.  Given competing priorities for our time, we’re only now planning to install the version that is compatible with Windows 8 / 8.1.  For this reason and others, businesses like ours have upgraded only as far as Windows 7 for the moment.  If your business has an internal IT team, they are professionally responsible for determining whether it’s cost-effective to upgrade your existing XP systems, or if it’s more appropriate to buy new ones.  If you have to rely on outside help and advice, hopefully you’re connected with a consulting organization that you trust to walk through the transition in an appropriate manner.

Bottom Line
Windows XP had a great 12.5 year run, creating billions of dollars in value for Microsoft, for third-party developers and for all of us who used XP productively for years.  But it’s time to move on.  As this post goes live, we’ve got 30 days and a few hours to move off of Windows XP on any systems still running it.  Make the most of it.  April 8th is one deadline that you don’t want to miss.

BitLocker Full Disk Encryption With Windows Server 2012 R2 on VMware ESXi 5.5

BitLocker Logo
In the medical setting in which I work, we have an ethical and a legal obligation to protect patients’ data using a variety of means.  Among the many business processes and technical methods, we include various types of encryption.  When talking about encryption, we’ll often use phrases like, “encrypted in transit” and “encrypted at rest.”  Encrypting content in transit involves technologies like SSL, denoted most obviously when you place an https in front of a web hyperlink in your browser.  But today, as the headline implies, we’ll eventually focus on a particular type of encryption for data at rest, where it’s stored on disk.  But first an overview.

Full Disk Encryption
Generally speaking, full disk encryption is one of my favorite tools.  While a computer running full disk encryption remains in the hands of an authorized user with the appropriate boot-up password, the system is as useful as it would be otherwise, save for a performance toll that is often imperceptible on today’s hardware.  There’s little need to think about manually encrypting specific file content, as everything written to the system is automatically and seamlessly encrypted.  If the system later falls into the hands of an unauthorized user, particularly once it has been powered off, the data is inaccessible for all practical purposes.  When I lost a Lenovo ThinkPad to a residential burglary in 2009, the data on that laptop was the very least of my concerns, thanks to full disk encryption.

Various Implementations
For many Linux distributions, implementing LUKS (Linux Unified Key Setup) disk encryption is as simple as checking an ‘Encrypt’ checkbox during installation.  Your operating system will be encrypted from the beginning, having never written anything other than a small boot partition (containing only the operating system kernel) in unencrypted form.  With Apple FileVault and Microsoft BitLocker, however, disk encryption is configured after the operating system installation is complete.  Today we’ll install Windows Server 2012 R2, and then implement BitLocker after the fact.

Trusted Platform Module
Microsoft’s BitLocker likes to rely on a hardware feature called Trusted Platform Module (TPM) version 1.2 and higher.  It’s not mandatory, but historically it’s been a pain to get along without it.  With Windows Server 2008 R2, for example, servers that didn’t have TPM required that the encryption key be stored on a USB flash drive.  This becomes a problem in today’s data centers, where the majority of servers run atop VMware or a similar virtualization layer.  There’s no way to pass TPM functionality from the underlying physical hardware through to a virtual machine.  The limitation becomes obvious when running VMware’s High Availability (HA) and Distributed Resource Scheduler (DRS) tools, which routinely move virtual machines from one physical host to another at a moment’s notice.  There was one way to get around the requirement to use either a TPM or a USB flash drive with BitLocker in Windows Server 2008 R2, but it required a compromise analogous to taping your house key to the outside of your front door.  Better to use a 3rd-party solution.  Fortunately, with Windows Server 2012 R2, we can implement BitLocker full disk encryption on a virtual server using a boot-up password that’s not stored with the server, and is known only to authorized administrators.  We should note that Windows Server 2012 isn’t supported on VMware ESXi prior to version 5.5.  Finally, let’s get started.

Within The vSphere Client
I’ll begin by defining my new virtual machine on which I plan to install Windows Server 2012 R2.  When given the choice of Guest Operating System, I’ll be sure to sure to select Microsoft Windows Server 2012 (64-bit) from the list.  For today’s example, I’ll use 2 virtual CPU sockets, 8 GB of RAM, the default SCSI controller, and I’ll create two virtual drives, sized 60 GB and 100 GB, for use as an OS and a data partition respectively.  I’ll later set my CD/DVD drive to point to an ISO image of the Windows Server 2012 R2 installation media, and set it to Connect at power on.
VMware vSphere Client
Windows Server 2012 R2 Base Installation
Systems Administrators responsible for the installation, security and support of Windows Server are typically very familiar with performing a vanilla Windows installation.  For the sake of keeping an already long post manageable, I’ll skip the how-to of a basic Windows setup.  On a modern server hardware platform, the whole thing can be performed in about the same amount of time as it takes to read a definitive list of steps.  It’s surprisingly fast when compared with prior versions of Windows.  For purposes of this article, I installed Windows Server 2012 R2 with the GUI console and otherwise default settings.  After that, I installed the VMware Tools, gave the server a desired name, set my timezone, enabled Remote Desktop, installed Windows Updates and set the firewall as desired.  Finally, I created as drive D a basic disk containing an NTFS partition utilizing that 100 GB data drive that I’d defined using the vSphere Client earlier.  Now we have the Windows Server 2012 R2 platform on which we’re ready to configure BitLocker.

Installing the BitLocker Feature

  1. Launch Server Manager from the shortcut near the left end of the Taskbar at the bottom of the screen.
    Server Manager shortcut
  2. From Server Manager, click on Add roles and features.  A Wizard will launch.
  3. Click Next at the Before you begin pane (if shown).
  4. Select Role-based or feature-based installation, followed by Next.
  5. Choose Select a server from the server pool, and then highlight your machine in the list below.  Then click Next.
  6. You’ll be presented with a list of Server Roles, some of which could be active, depending on what you may have chosen to install previously.  Rather than selecting a new role, simply click Next.
  7. Now you’re presented with a list of Features.  Click on the box next to BitLocker Drive Encryption.  A pop-up will reveal a list of additional dependencies which will also be installed.  Click Add Features.
  8. Now back at the wizard, click Next.  If you wish, highlight the checkbox to Restart the destination server automatically if required.  Then click Install.
  9. The install will take a few seconds.  If you didn’t choose an automatic restart, you should manually reboot when prompted.

Group Policy Change
Given that we don’t have TPM support on our virtual machine, we’ll need to make a local Group Policy change to allow using BitLocker without it.  While we’re modifying Group Policy, we’re going to upgrade our cipher strength and make other changes as well.  Though the following steps target our individual machine, similar policy could be applied to an Active Directory organizational unit, or even a whole domain.
Local Group Policy Editor

  1. Navigate to Start > (down arrow) > Run, and launch the following command:
  2. Use the arrow symbols to expand the tree under Local Computer Policy as needed.  You’ll want to navigate to: Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption.
  3. Select Choose drive encryption method and cipher strength.  Turn the policy to Enabled, and choose the method AES 256-bit.  Hit OK when done.
  4. Now navigate to subfolder \Fixed Data Drives.
  5. Select Enforce drive encryption type on fixed data drives.  Turn the policy to Enabled, and choose the type Full encryption.  OK when done.
  6. Now navigate to BitLocker Drive Encryption \Operating System Drives.
  7. Select Require additional authentication at startup.  Turn the policy to Enabled.  Select Allow BitLocker without a compatible TPM.  Leave the settings below it in their default state, allowed but not required.  Click OK when done.
  8. At the same level in the tree, also select Enforce drive encryption type on operating system drives.  Turn the policy to Enabled, and choose the type Full encryption.  OK when done.

Turning On BitLocker

  1. Launch Control Panel via the Start menu.
  2. Change the view to Large icons if it isn’t already, so that all options are presented.
  3. Launch BitLocker Drive Encryption.
  4. Focusing on our operating system drive first, BitLocker should be off at this point.  Click on the option to Turn on BitLocker.
  5. Your system will run a quick diagnostic check.  When it doesn’t discover a TPM, it will give you two alternatives.  Choose Enter a password.
  6. Enter your desired BitLocker drive encryption password twice, and then click Next.
  7. You’ll be asked to back up your recovery key.  Choose Save to a file, and store it in a network location known to be secure.  It won’t let you save the recovery key to the drive you’re encrypting, nor can you continue without saving it somewhere.
  8. When prompted with the option to Run BitLocker system check, un-check it.  The choice to Start encrypting will appear.  Select it.
  9. A lock & key symbol will pop up on the System Tray near the lower, right-hand corner.  You can double-click on it and monitor your progress.  It took around 7 minutes to encrypt our 60 GB operating system drive, as our underlying hardware and storage environment are relatively recent and robust.
  10. Now, let’s Turn on BitLocker on our data volume.  You may need to click on the down arrow / up arrow over at the right to see the option.  Let’s use the same password as before so as to be consistent.
  11. Save your recovery key to a path known to be secure when prompted, before clicking Next.  Choose to Encrypt entire drive if presented with a choice of what to encrypt.  Then click Next.
  12. Start encrypting.  Our empty 100 GB data volume was encrypted in about 12 minutes.
  13. If your data volume is seen as a removable drive, Turn on auto-unlock so that it comes up with the server.

Subsequent Reboots
Every time that you reboot your server, you’ll have to connect to the console via the vSphere Client and put in your password at the screen shown below, before the server will continue to load the operating system.  While it’s a slight hassle, it’s consistent with the level of effort to reboot any Linux variant on which your OS volume is encrypted.  (Within Windows Server 2012 R2, there’s also an available BitLocker Network Unlock, which is outside the scope of today’s conversation.)
BitLocker Boot Password Prompt
Final Thoughts
Full disk encryption is but one of several layers of security that an organization (or an individual) can use to control access to their data.  Disk encryption is insufficient on its own, of course, without proper access rules, encryption in transit, firewalls, antivirus, security updates and the like.  And disk encryption may be most useful at the endpoints – small desktops, laptops and mobile devices – which are more likely to grow legs and walk than one’s core server infrastructure is.  But in the year 2014, it’s better to be safe than sorry.  Encrypt everything; everywhere.  In transit and at rest.  And with Windows Server 2012 R2 and BitLocker on top of VMware ESXi 5.5, it’s easy enough to do that with our virtual Windows Server assets going forward.
[I briefly referenced BitLocker: How to deploy on Windows Server 2012 and BitLocker Frequently Asked Questions (FAQ) when walking through this process for the first time.]

Old Exchange Flaw Persists in iOS 7

Exchange ActiveSync Connections From One iPhone 5 Running iOS 7.

Exchange ActiveSync Connections From One iPhone 5 Running iOS 7.

Starting last December, and continuing in March of this year, we talked about a series of symptoms that often arrive hand in hand, sporadically, on Apple devices running various revisions of iOS 4, 5 and 6, up through 6.1.3.  Those symptoms include devices running warm to the touch or even hot, a battery that may drain significantly faster than normal, and spikes in cellular data use of up to ten times the user’s normal pattern.  While this trio of symptoms may well have more than one culprit, the many instances that I’ve personally witnessed have since been reduced to a single common cause.  One with a quick solution.

If you’d like to read the years-long chain of events in order, including documented interactions with Apple along the way, you’re welcome to follow these links to part 1 and part 2 of the story.  Today’s entry is the third – but not the final – installment.  In the interest of time, we’ll try to get right to the point.

For All Of Us
If your iPhone, iPad or iPod touch ever begins running warmer than normal, or the battery drains twice as fast, or you get sticker shock on your next cellular bill, you’ll obviously want to quickly determine the cause.  Fortunately, with iOS 7, this is easier than ever before.  Begin by navigating to Settings > Cellular.  Scroll down, and you’ll see data usage for native and 3rd-party apps directly under each application’s names.  But don’t stop there.  Also navigate into > System Services, and observe your usage here too.  If your device connects to your company’s Microsoft Exchange e-mail environment, don’t be surprised to see a high number next to Exchange Accounts.  And if you do, read on.

Cellular use stats are a good way to identify any application working overtime.

Cellular use stats are a good way to identify any application working overtime.

For Microsoft Exchange Users
As we alluded to earlier (after giving it away in the title, lead graphic and caption), virtually every instance of heat + battery drain + runaway data use that I’ve personally witnessed has been the result of a sudden-onset problem syncing a Microsoft Exchange calendar.  When an iOS device encounters an error syncing an Exchange calendar, it simply retries.  In fact, it retries every couple of seconds or so, nonstop, 24 hours a day, forever if you let it.  Unfortunately this is nothing new.

This past weekend, an executive’s iPhone 5 (on Verizon) and his iPad 2 (Wi-Fi only), both running iOS 7, began exhibiting runaway connections to my employer’s Microsoft Exchange ActiveSync server.  The user upgraded his iPhone 5 to iOS 7.0.2 over the weekend, but the problem persisted.  In one 24-hour period, his iPhone checked in with our server 45,009 times, while his iPad connected 55,547 times.  Normally we’d expect to see a single device connect a few hundred times per day rather than tens of thousands.  After notifying the executive this morning, and asking him to perform the following fix, his problem went away for the time being.

If you think this may be happening to you, but aren’t sure, you might consider contacting your company’s IT Department or Microsoft Exchange Administrator.  We’ll talk about what he or she can do in the next section.  Having said that, the potential fix is easy, non-destructive, and you can try it out to see if it solves your problem.  As illustrated below, you’ll simply navigate to your Exchange account settings, turn your Calendars off, and then turn them back on.  While one step, “Delete from My iPhone”, sounds ominous, you’ll get your calendar entries back when you re-sync with the server.  Further instructions follow in the next caption box.  Please read and re-read them.  And use them at your own risk.

On your device, select Settings > Mail, Contacts, Calendars > (your Exchange account). Turn off ‘Calendars’ and then ‘Delete from My iPhone.’ Wait thirty seconds, and turn Calendars back on.

On your device, select Settings > Mail, Contacts, Calendars > (your Exchange account). Turn off ‘Calendars’ and then ‘Delete from My iPhone.’ Wait thirty seconds, and turn Calendars back on.

For Microsoft Exchange Administrators
Keep an eye on the IIS log files on your Exchange ActiveSync server on a regular basis.  By doing so, you may be able to identify a runaway iOS device before the users even know what’s going on.  In larger environments, you’ll likely use automation and alerting tools to bring runaway devices to your attention very quickly.

For Apple
The fact that this runaway connection problem has persisted now across four generations of iOS is a bit ridiculous.  I’ve seen no Android devices exhibiting similar behavior in our environment, leading me to believe that it’s technically possible to engineer something that doesn’t do it.  Common sense suggests setting some sort of timeout; a maximum number of retries before abandoning a particular calendar entry update.  Last Spring I hoped that Apple would fix this situation with the next incremental release.  We now know that they’ve failed to address it in their next major release, iOS 7.  And that leaves all of us to live with the problem, monitor it, and execute this fix whenever necessary.

A Glance Through Windows 8.1

Windows 8.1 Start Page ©Microsoft.

Windows 8.1 Start Page ©Microsoft.

It’s been a busy couple of months and then some since my last post.  Fortunately the July 4th holiday weekend here in the United States provided a respite from my day job in technology, allowing me time to… play with more technology.  Just over a week ago, Microsoft announced their Windows 8.1 Preview release.  Since I have no back yard to grill in here on the East Coast, I spent my holiday afternoon at my office, where I replaced Windows 7 on my primary business desktop with Windows 8.1.  If this move proved ill-advised, I’d have days in front of me to make my workstation useable again.  It’s probably worth mentioning that I work in a role where such experimentation and evaluation are part of the job.

Now given enough time and patience, just about any operating system can be made to work for the majority of routine productivity tasks.  I’m equally comfortable using Windows XP through 7, Mac OS, Ubuntu Linux, etc.  I don’t consider one significantly more useable than another.  Of course there are a fair number of industry-specific applications that are written around a particular operating system, a particular web browser, and even a particular version of a particular web browser.  And that’s where we can run into the most trouble when making a major transition, such as from Windows 7 to Windows 8 or 8.1.

Getting Started
Normally we might begin by talking about making a good backup and testing it.  But I don’t store business or personal data on this PC, and I plan to reinstall any applications that I might need once my operating system installation is complete.  Moving on.

Had I not already downloaded the ISO file containing Windows 8.1 and burned a DVD copy, I’d need to do that before I go any further.  But I’d taken this step days earlier, taking care to note the product key listed on Microsoft’s download page.

Next, I like to kick off a new operating installation with a clean slate.  So I began by booting a CD containing DBAN (Darik’s Boot and Nuke), after which I ran a single-pass wipe of my entire hard drive.  Now the drive will appear empty for what comes next.

Installing Windows 8.1 is as simple and painless on a clean system as you’d expect.  I accepted all of the defaults, and the whole process took less than 20 minutes from start to finish.  Anyone who has ever installed any version of Windows won’t have an issue getting through the basic installation on a modern business desktop from HP, Dell or Lenovo.  Soon you’re done, and ready to sign in for the first time.

I was initially prompted for a Microsoft account.  I gave my credentials, and carried on.  As a business user, I was frustrated by what appeared to be the lack of an option to begin using the computer without signing on to Microsoft’s cloud first.  Then again, I may have made this choice without knowing it when I selected, ‘Use express settings.’  Fortunately, I later joined the PC to our business domain, after which I can authenticate using my company Active Directory credentials, and get away from Microsoft’s cloud.

Full Disk Encryption
Despite my earlier statement that my PC had no data that I wanted to keep, I never run a locally-installed desktop or laptop OS that doesn’t have full disk encryption enabled.  Ever.  So I immediately started looking for the BitLocker Drive Encryption option.  Windows didn’t detect a Trusted Platform Module (TPM) in my system, but some quick Googling revealed a local Group Policy change that allowed me to run BitLocker without it.  The option to ‘Run BitLocker system check’ wouldn’t pass either, so I just skipped it and carried on.  Eventually I got my entire hard drive encrypted via BitLocker and protected by an adequately strong password.

I was unable to install our corporate Sophos Antivirus on this Windows 8.1 Preview release.  This was one of only two apps that I haven’t yet been able to get installed at all.  But this gave me an opportunity to check out Microsoft’s free Windows Defender instead.  As it turns out, Windows Defender was already enabled and running.  This too may have been turned on for me when I clicked, ‘Use express settings.’  Windows Defender should suffice for the time being.

Installing Apps
As a Systems Administrator, I rely on things like the VMware View Client and the VMware vSphere Client to do my job.  My usual install of the former worked just fine while the latter did not.  I couldn’t get the latest VMware vSphere Client to install, even in Windows XP compatibility mode.  For the time being, I can run this from somewhere else.  I’ll discuss the rest of the apps in a little more detail later.

[Edit 07/19: As Humberto Maynoldi later shared in the Comments, you can get the VMware vSphere Client installed successfully using the following steps.]

  1. Navigate to Control Panel > Programs and Features > Turn Windows features on or off.
  2. Check the box next to .NET Framework 3.5. Click OK.
  3. Then install the VMware vSphere Client 5.0.

User Account Control
User Account Control (UAC) is one of those features that sounds great in theory, but in reality, it prevents a host of legitimate legacy applications from being installed successfully.  We just about always have to disable it.  As it turns out, the UAC slider that we’re all familiar with doesn’t actually disable UAC in Windows 8 and 8.1.  In addition to moving the slider down to ‘Never notify’, I edited the registry value listed below in order to completely disable it.  Unfortunately I didn’t learn this until I struggled with one of the apps described later.


Healthcare Apps
Now my day job consists of supporting IT in a healthcare environment, specifically radiology.  So I was particularly interested in how our healthcare apps would perform.  If they didn’t work, this would represent a deal-breaker to any company-wide rollout of Windows 8.1 in the foreseeable future.  Not that a rollout of Windows 8.1 is particularly likely anyway.  While the following applications won’t be of interest to general readers here, they are of specific interest to some of my colleagues and very necessary to my personal evaluation.

MedInformatix Version 7.5-L
The group that I work for relies on the MedInformatix 7.5-L Radiology Information System (RIS) to schedule patients, manage their charts and generally run the practice.  The MedInformatix client installed without issue.  The EIS Crystal Report Viewer v2.4.5 that we often install in conjunction with MedInformatix seemed to install properly as well.  I also installed Adobe Reader 11.0.3 without issue for viewing PDF files within MedInformatix.

Intelerad’s InteleViewer 4-4-1-P160 (64-bit)
This Picture Archiving and Communication System (PACS) client installed without issue.  Initially I thought that I couldn’t launch it from the Windows 8 ‘Start’ page, and even reported the problem to Intelerad as such.  I later observed that the main InteleViewer shortcut had been grouped with the Windows systems apps, and that I was trying to launch an ancillary utility from the Start page.  Once I figured out that Windows 8.1 doesn’t always group legacy Windows applications intuitively, I found that I can pin the correct InteleViewer shortcut to my Start page and launch it when desired.  I’ve yet to observe any problem using InteleViewer with Windows 8.1.  It should be noted that Intelerad doesn’t officially support any of their applications on Windows 8 yet.

Nuance PowerScribe 360 v1.1 SP1
The radiologists in our practice use Nuance PowerScribe 360 to dictate their findings on each set of images and convert their speech to a text report.  Incidentally, this technology has all but done away with the need for medical transcriptionists, a field once thought to provide a reliable American middle-class livelihood.  At any rate, PowerScribe 360 would not install reliably until I discovered how to truly disable UAC as mentioned earlier.  After that, I was able to fully install the application, at least as far as I could discern.  Upon first launch, I got through PowerScribe’s voice training exercise using a Nuance PowerMic™ II.  From that point, I assumed that I was all set.  I was wrong.

I quickly found that handing off cases from InteleViewer to PowerScribe 360 for dictation – a routine part of our company’s radiology workflow – consistently triggered a “Catastrophic failure” in PowerScribe.  Additionally, PowerScribe stopped recognizing my PowerMic on the second day.  In the short time that I’ve had to play with Windows 8.1 so far, I’ve not been able to run through a complete pass of our radiology workflow, from MedInformatix to Intelerad to Powerscribe and back again, with any success.  Were I a practicing radiologist, and not just an IT guy supporting them, I’d be scrambling to revert to Windows 7 at this point so as to carry on with my job.

ActiveFax is a corporate fax solution that our company uses to send and receive faxes to and from referring physicians, insurance companies and anyone else that we do business with.  I attempted to install the ActiveFax 4.25 client that we use on Windows XP and Windows 7, but the installation failed.  I then downloaded the latest ActiveFax client, version 5.01, but quickly found that it was incompatible with our older version of the back-end server software.  We’ll have to upgrade our ActiveFax server to the latest version before being able to use a Windows 8 compatible client.  This scenario is again fairly typical of the kind of thing that corporations run into with every new operating system.

Mozilla Firefox
I do all of my web browsing with Mozilla Firefox, and consequently, it is one of the first things that I install on any new system.  Firefox seems to perform fine on Windows 8.1, including with my favorite extensions.  No surprise here really.  Consumer-facing apps like Firefox are typically far quicker to support new platforms as they arrive.

The Windows 8.1 Pro Preview release is reasonably useful, right up to the point where we start using heavier, industry-specific Windows applications on it.  As is typical around every new Windows release, the more expensive, enterprise-grade apps typically take far longer to support a new operating system than the apps that consumers might download at little or no cost.  Certainly these hiccups and shortcomings will be resolved in due time.  Some may be resolved in time for a late-2013 final release.  Meanwhile, those tech geeks among us will be looking through this Windows 8.1 Preview.  I hope to have more to offer in the weeks ahead.