Alan's Knowledge Base

This weeks Group Policy Setting of the Week (GPSW) can be found under Computer > Policies > Administrative Templates > System and is called “Verbose vs normal status message”. It is a really simple setting that doesn't actually do much but I dub this setting the “Make my computer start faster” setting which give users the illusion that their computer are working faster.

So what does it do and how does it make my Computer start faster? This setting displays a number of extra status messages during the start up and shutdown of the computer and when the user is logging on and off.

Some of the verbose status messages you will see are (but not limited to):

• Mapping Drives
• Playing Logon Sound
• Mapping Printers
• Applying Power Settings
• Stopping Services

You will still see your Applying Computer settings and Preparing Desktop messages however these will be shown for a lot shorter time.

Unfortunately it will not actually make your computer start any quicker but I have generally found that by enabling this option users seem to perceive that their computers are starting up quicker. Why? Well I think its because the extra status messages are holding their attention for a few seconds each time a new one is displayed something like the opposite of watching grass grow or a watched pot that never boils…  In any case this is still a handy setting to enable as at the very least will help your IT support troubleshoot logon performance issues.

This setting will work on Windows 2000 and above and it will also show the processing of newer Group Policy Preferences.

The European branch of Microsoft has put together a video trying to showing the logic (if you can call it that) of why they used “7” for the name Windows 7. Quite frankly I would have preferred they just said they called it Windows 7 because it sound cool. Anyhow it is a really great video clip so check it out below:

Today when I went into McDonalds for lunch I noticed that the TV’s in the dining area were showing an on screen caption advertisement. I presume that this add was for Telstra as they use the tag line “try the network that works better in more places” about their 3G network. Ironically all McDonalds Australian stores offer free WIFI they offer to all their customers so they don't need to use Telstra’s 3G network…. Hmm…

I wounder weather this breaches the Australian advertising standards as advertisements should always be clearly an advertisement and does this opaque banner across the bottom of the screen constitute subliminal advertising as this is also something that is strictly prohibited.

Perhaps they are not subject to these rules because they are only shown on in  house McDonalds TV’s either way it seems that McDonalds are now in the market of buying and selling of advertising.

(This will hopefully be the first of many Group Policy Setting of the Week (or GPSW) articles where I will showcase one policy setting and what it does.)

I just read about this cool new policy setting on the “Ask the Performance Team” blog that will help address the issues of computers hard drives filling up over time with multiple user profiles. Previously you either had the option to purge the local users profile on log off or keep a cached copy of the profile forever. Either users would have to download their profile every time they logon to the computer which could greatly slow down the logon process or their cached profiles was never deleted which resulted in the system drive running out of space. This new setting “Delete user profiles older than a specified number of days on system restart”  allows you to set a timer on the local cached profiles so that they will be purged X number of days after being used. This means users who commonly logon to a particular computer will still have their profile cached but users that logon seldomly will have their files cleaned up thus saving precious disk space.

This might sound like a great setting to implement on a Terminal Server however note the clean up wont happen until the server is rebooted. This restriction should not be so bad as Terminal Servers are probably rebooted at least once a month any way for patching (you do patch your terminal servers don’t you?).

This setting can be found under Computer Configuration \ Policies \ Administrative Templates \ System \ User Profiles

Source: http://blogs.technet.com/askperf/archive/2009/11/03/just-me-and-my-profile-part-2.aspx

This is a photo of the Ares 1-X first stage booster. I believe this momentary condensation plume is the moment where the booster drops out of warp…. err.. mach speed and starts going sub-sonic.

See the full video below.

This video was recorded from a plane using a HD camera using gryo’s to keep the image steady. Totally Amazing how this capture almost the entire flight of the first stage boster including the blow out of one of the parachutes that caused it to splash down harder than expected into the ocean.

This picture is just amazing photo from the launch of the Ares 1-X test launch going supersonic.

From http://www.gizmodo.com.au/2009/10/one-spectacular-big-bang/

Microsoft has just released the new RDP 7 client for Windows XP and Vista to take advantage of the new features when connecting to Windows 7 or Windows Server 2008 R2. Bellow is a summary of some of the new features:

• Web Single Sign-On (SSO) and Web forms-based authentication  

• Access to personal virtual desktops by using RD Connection Broker

• Access to virtual desktop pools by using RD Connection Broker

• Status & disconnect system tray icon

• RD Gateway-based device redirection enforcement

• RD Gateway system and logon messages

• RD Gateway background authorization & authentication

• RD Gateway idle & session time-outs

• NAP remediation with RD Gateway

• Windows Media Player redirection

• Bidirectional audio

• Multiple monitor support (Vista only)

• Enhanced video playback

• Bitmap acceleration improves the remote display of graphics-intensive applications such as PowerPoint, Flash, and Silverlight.

Download it at Description of the Remote Desktop Connection 7.0 client update for Remote Desktop Services (RDS) for Windows XP SP3, Windows Vista SP1, and Windows Vista SP2

Ares 1-X flight test was last night and the video is very impressive. Unfortunately the next launch of the Ares will not be until 2014 so for now just take a look at the video.

Its Here! Its Here! To my absolute pleasure my Dell 21.5” Widescreen HD Multi Touch Monitor (SX2210T) with Webcam and Microphone arrived last night. I waited for my daughter and wife to go to bed and then I had the absolute cracking the box open to see what it could do.

Below are a few photos and comments from the opening:

The box looks pretty standard but was glad that it looked a little bigger than I expected as that had to mean the monitor was bigger as well.

The monitor still in its Styrofoam case with all the cable and stuff on top. Best to open the box horizontally and not by tipping it up side down as this will result in crap going everywhere.

If there was any doubt how to install the monitor the plastic protector tells you to plug in the USB cabled and then the driver disk and Yes it was really that easy.

All the accessories including a very nice cleaning cloth (see on left) that I think will get a pretty strong workout.

The screen tilted back the maximum to 25deg. Surprisingly the base is actually a solid piece of metal and will twang if tapped with your finger. This gives the whole screen quite a bit of weight which it probably deliberate so that you don't push the screen over when you touch the screen.

The new and old monitor side by side. Was not expecting the screen would be so glossy.

Two USB ports on the back on the monitor. There are another 2 underneath along with HDMI,SVGA and DVI.

Bezel around the edge is a little deep but this is for the camera sensor pick up for the device.

Monitor all setup on my desk.

This is a shot of the four soft keys on the right of the screen the overlay is actually very easy to understand and i had no problems with the menu interface. It might be hard to tell by the arrows, tick and cross are actually on the screen with the buttons around the side out of view.

I also had a chance to use the inbuilt Webcam and Microphone with Skype which pretty much worked as expected.

Good.

• Easy to setup. Plug the USB in and then stick the CD in the drive and click install driver reboot and your away.
• Comes with DVI and SVGA cable.
• Has HDMI in
• Easy to use and understand buttons.
• Full HD 1920x1080 resolution
• Built In Camera and microphone
• Inertial based scrolling is super cool (just like the iPhone) but so far I have only screen it work with Windows Explorer and Microsoft Word.
• A really good solid heavy metal base.

Bad

• Glossy screen. This is very much a personal choice but I just don't like looking in a mirror every time the screen goes blank.
• Only 2 point multi touch. As this screen uses cameras along the edge of the screen (presumably to keep the cost down) then it is only capable of two points of touch. This is not a big thing as you can still take advantage of all the gestures such as pinch and rotate but it is not nice as a screen that uses capacitive touch technology.
• As this screen uses camera’s it will respond when your finger is just hovering a few millimetre's above the surface.
• Holding arms out to the screen can get a bit tiering after a while… I found that holding the edge of the screen and using your thumb was the most comfortable way to use it.
• Smudges on the screen… As expected after some use the screen does have some smudging.

Overall this monitor is very good and at $499au it is very good value. The HDMI input option is feature also nice as I can use it as a monitor for a Blue-Ray DVD or a Xbox 360. Cool monitor and definitely recommend for anyone who wants to use a touch interface with their Windows 7 computer.

I will give it a 8.5 out of 10 mainly due to the glossy finish of the screen.

Definitely a good gift idea for your children and/or wife’s computer.

One of the cool new feature in Windows 7 Ultimate and Enterprise is the ability to encrypt USB devices with a password to protect the data from falling into the wrong hands. One of the problem with this is that if a user were to ever forget the unlock key then they will need to remember where they kept the recovery file or paper print out of the 48 digit recovery key. Now for a consumer this feature this might be fine as you keep can keep the key in a fire proof safe or even a locked filing cabinet but if you are managing this in a corporate environment you might have to keep track of thousands or even ten’s of thousands of these devices to keep track of the recovery key.

Well there is where group policy can be your saviour…. of course!

In Part 1 of this “how to” I am going to show you how to setup the recovery key archiving into Active Directory. In Part 2 I will show you how to use Group Policy with Active Directory Certificate Services to enable a Data Recovery Agent so that all your devices can be recovery using a single EFS recovery agent account.

Part 1

Using group policy you can mandate that all encrypted removable device must first have the recover key stored in Active Directory before they start to encrypt. This ensures that for any USB encrypted devices in your organisation that you will always have the ability to unlock the data on the drive even in case that someone forgets the unlock password.

Now before we begin there are a few pre-requisites that we need to cover to make sure this work.

1. You Active Directory must be running the Windows Server 2003 R2 scheme extensions. But I hear you say “you said that Group Policy Preferences doesn't need schema changes to work” well yes… this is still true it is not a group policy requirement it is a BitLocker requirement.

2. You should install the “BitLocker Drive Encryption Administration Utilities” with Windows Server 2008 R2 or with the RSAT tools for Windows 7 (see image 1.) on at least one computer in your organisation. This computer can then be used to search for and view the recovery keys if you ever need them. This is a new tool with 2008 R2/Windows 7 and makes it MUCH easier to read the recovery keys than back in the 2003 R2/Vista days.

Image 1. Installing “BitLocker Drive Encryption Administration Utilities”

How to configured Group Policy to save the Recovery Key?

Now before I go on I will assume that you are already familiar with Group Policy so all I am going to cover is the key (pardon the pun) policies you need to ensure the recovery keys are backed up to AD DS for all your removable USB storage devices in your organisation.

Step 1. Edit the group policy that you have applied to all your workstations and navigate to Computer > Policies > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives. Here the two policies you need to enable are “Deny write access to removable drives not protected by BitLocker” and “Choose how BitLocker-protected Removable drives can be recovered” (see Image 2).

Image 2. Removable Data Drives BitLocker Drive Group Policy

Step 2. When you Enable the “Deny write access to removable drives not protected by BitLocker” also tick the “Do not allow write access to devices configured in another organization” option (see Image 3). This setting is important as it will make any non-BitLocker encrypted devices from being written to in your organisation thus bypassing the whole reason to use BitLocker.

Image 3. Deny write access to removable drives not protected by BitLocker

Step 3. Now Enable the “Choose how BitLocker-protected Removable drives can be recovered” and make sure that the “Save BitLocker recovery information to AD DS for removable data drives” and the “Do not enable BitLocker until recovery information is stored to AD DS for removable data drives” are both ticked (See image 4.). This setting ensures the computer has successfully saved recovery key into AD before encrypting a USB storage device.

Image 4. Choose how BitLocker-protected removable drives can be recovered

You may also want to consider ticking the “Omit recovery option form the BitLocker setup wizard” as this will prevent you users from saving the recovery key manually  which might be desirable if you don't trust them to store the key in a safe place.

Because of the “Do not enable BitLocker until recovery information is stored to AD DS for removable data drives” option has been ticked if the user tries to encrypt a new USB storage device when not connected to the corporate network then they will get the following error message (see image 5).

Image 5. Error saving recovery key

If the user is out of the office they will need to establishing a VPN connection or enable BitLocker on the device the next time they are in the Office. This would not be a problem if you have configured Direct Access but this is a post for another time.

Note: The loop hole to this is that if someone already had a BitLocker to Go encrypted device and plugs it into a computer they will be able to save information to the device. This does not mean the data will not be encrypted its just you wont have the recovery key if they forget the password to that particular device.

To help with this problem you can set the BitLocker identification field on all the computers in the organisation so they will reject all encrypted devices that don't have the same identification field value. This setting is under Computer > Policies > Administrative Templates > Windows Components > BitLocker Drive Encryption called “Provide the unique identifiers for your organization” (see image 6.). This might sound like you can mandate outside memory sticks can’t be used in your organisation but if someone has set the identification field to the same value this would get around option.

Image 6. Provide the unique identifiers for your organization

How to recover the BitLocker recovery password in AD?

So you have deployed BitLocker to your organisation and you have told everyone to be careful to remember the passwords but of course your manger has come to you saying that they have forgotten the password for his USB memory stick and it has the only copy of some really important files on it that he has have for a meeting tomorrow.

What do you do?

Step 1. First we need to identify the USB devices Recovery key identifier by plugging it into a computer running Windows 7 Ultimate/Enterprise. You can then find this identifier by clicking on the “I forgot my password” option (see image 7.)

Image 7. I forgot my password

Step 2. Then write down the 8 characters of the recovery key identifier (See image 8.)

Image 8. Recovery key identifier

Step 3. Now go to the computer that you installed the “BitLocker Recovery Password Viewer” tool that I previously mentioned above launch “Active Directly Users and Computers” MMC snap-in with and account with Domain Admin privileges. Click on the domain name that will have the recovery key saved and then click “Action” and then “Find BitLocker Recovery Password…” (see image 9.).

Image 9. "Find BitLocker Recovery Password…”

Step 4. Now type the first 8 characters you wrote down in step 2. and click “Search” (See Image 10.). This will show you the Recovery Password in the Details pane that you will need to unlock the drive.

Image 10. Find BitLocker Recovery Password…”

Step 5. Now go back to the computer you have plugged the USB device into and click on “Type the recovery key” (see image 7.).

Step 6. Now type the 48 digit Recovery Password into the text box and click "Next” (see image 11.)

Image 11. Enter your recovery key

Step 7. Click OK and you will now be able to read the required file off this drive (See Image 12.).

Image 12. You cannot save file on this drive

Note: If you want to restore the drive back to normal you will need to go to the control panel and go into the “Manage BitLocker” option to “Turn off BitLocker” (see Image 13.) on the device and then go back and select the option to “Turn On BitLocker” again. This will completely reset the recovery key on the device making the one you just recovered totally invalid.

Image 13. Control Panel BitLocker Drive Encryption option

In Part 2 coming soon…

The firmware update for the HTC Snap from Telstra is now out on the HTC Australian support website Here . The firmware update process is straight forward and it take about 10 minutes to flash the device. As this device is only Windows Mobile standard the look and feel of the phone actually has not changed much and the UI with Windows Mobile 6.1 Standard already had the horizontal and vertical home screen. Two noticeable additions to the phone is that it now has myPhone and Windows Mobile Marketplace programs included with the OS. MyPhone enable users to backup the phone over the air and also find and/or wipe the device remotely if they were to ever lose the phone. The Windows Mobile Market place applications allows users to download applications over the air much like the iPhone App Store however right now there are not many applications that are support on the Windows Mobile Standard OS.

What a sight it will be when the Ares 1-X in the background lifts off the launch pad with the Shuttle Atlantis also on the pad at the same time.

The Ares 1-X countdown has now stopped at T-4 minutes and they are waiting to see if they can complete the tasks to launch the vehicle in the next 20 minutes.

Well the sun has come up and the Area 1-X is looking ready to fly however due to the delays with the getting the rocket ready it is unlikely that it will launch today as the weather conditions seem to be getting worse.

Apparently they just broke a torque wrench that is used to close a hatch on the Ares 1-X dummy upper stage and now they have to get a spare to close the hatch. Right now they are running about 30 minutes late but apparently this is not going to affect the planned launch time of 8am East Coast time.

They just released a weather balloon to test the winds before the launch of the Ares 1-X that is now 1 hours 30 min from launching. Next step will be to swing away the service structure clear for launch.

Ares 1-X the first test launch of the new space craft that will used to replace space shuttle is now 2hours 30minutes from launch. I have notices that he countdown for the launch has been very talkative and a lot of question are being asked as to what to do.

“she is now sure, but she will go over there if you want to”

Probably a lot more relaxed seeing no one is in this think and that even if everything goes to place it will still crash into the ocean.

Windows 7 is out and Dell has wasted no time in selling the multi-touch monitor for it in Australia for under $500au. I have already ordered my monitor and it is now with the courier so I hope to have it in my hot hand with-in the next few days. Not only does this this monitor support 1920x1080 it also has a inbuilt webcam and microphone which will be great for doing Skype calls. The multi touch technology it uses utilizes cameras along the edge of the screen which I don't quite know how it works but from what I understand starts to get a little less accurate around the edges of the screen but it is way less expensive than a capacitive screen for that size. For all intensive purposes it is the same as screen that comes with the Dell Studio One computer just without the computer parts inside. I plan to post a full review with photos when it arrives.

Buy it at http://www1.ap.dell.com/au/en/home/monitors/monitor-dell-sx2210t/pd.aspx?refid=monitor-dell-sx2210t&s=dhs&cs=audhs1

Windows 7 was released only a few days ago and now they have released to the public, Windows Virtual PC and XP Mode. This allows users who still are running legacy applications that won't work with Windows 7 to still run in a Virtual Environment. The nice thing about this feature is that it allows you to run the application as a seamless integrated window, just like any other running application. In case some of you were wondering this pretty much the same as a Published Application from Citrix Metaframe.

Now… if you like the sound of Windows XP Mode you are going to need to check that you pass some pre-requisites.

1. You computer’s CPU must support hardware virtualisation.

To find out if your CPU can handle hardware virtualisation then go to HERE and run the Microsoft Hardware-Assisted Virtualization Detection Tool. If your computer does support  HW assisted Virtualisation you should then see a screen like this.

If you are running an AMD CPU then you are almost certain  to be fine however if you are running Intel then your chances are not going to be good as Intel’s support for HW virtualisation has not been as consistent.

2. You must be running Windows 7 professional (32bit or 64bit) or greater. Yes this is a licensing restriction of the product but this feature is aimed at small business that are  probably are running the professional any way.

3. RAM – More is better, remember you are running another completely separate copy of Windows XP on your computer on top of what Windows 7 needs. Microsoft official stance is that you need at least 2gb RAM leaving 1gb for the main OS and 512mb for the virtual copy of XP. This obviously means you only actually need 1.5gb ram however in this case they have rounded this up as its almost impossible to have that configuration of RAM. Now it is possible to run Windows XP Mode on a computer with only 1gb ram but seriously don’t… just go to your local PC maker and spend the $30 for buy yourself a ram upgrade.

Now that you have checked all your pre-requisites then you are right to head over to Here and download and install Windows Virtual PC and then a copy of Windows XP Mode. Windows Virtual PC is a the virtualisation software that run’s the Virtual OS and the Windows XP Mode is just a simple a copy of Windows XP Service Pack 3 configured out of the box with all the necessary integration components installed.

Tip: XP Mode can also be used to run virtual application in operating systems other than Windows XP. This is very handy if you want to install two version’s of the same program that will not run together on the same OS. To do this just install Windows 7 Enterprise or Ultimate as a virtual PC and then install the integration features. Then install any other application that you want to run in the virtual OS and the short cut will be published to the Windows Virtual PC folder in your start menu.

Warning: You are running XP Mode then be aware you are running a very old operations system and as such you need to make sure that its patches and AV scanner are always kept up to date. The good news is you can now get a free AV Scanner from Microsoft called Microsoft Security Essentials from Here for Windows XP to install in your virtual OS.

Get Windows XP Mode Here: http://www.microsoft.com/windows/virtual-pc/download.aspx

Get Microsoft Security Essentials Here: http://www.microsoft.com/security_essentials/default.aspx

Microsoft has now released a tool on their newly branded “Microsoft Store” that allows people who own Netbooks to install Windows 7 without the need of a USB DVD ROM. The tool does not create a bootable USB stick like the instructions on Jeff Alexander's Blog but you will be able to plug the USB drive into any system running Windows and run setup.exe. One of the really interesting FAQ’s is that they even say you can do this from an iPod if you are willing to format the device.

Microsoft Store: Download Manager Help

A work colleague (Chaitanya Gurrapu) has just got his International Amazon Kindle and has unboxed it in the office. My first impression of the device is that the screen is very clear and the device is quite solid. The Kindle and leather bounded case cost about $350 delivered. What is really interesting is that the wireless 3G connectivity that comes with the device has no monthly subscription cost and no download cost as the overhead is already factored into the cost of buying the books online. He has not even had the device un-boxed for more than 30 minutes and he is already download his first book.

If you want one too you can order then from http://www.amazon.com and they will even associate the device with you Amazon account for you so there is no setting up the device out of the box. NICE

I just visited Officeworks to see Windows 7 on the shelf and I was very suppressed that the upgrade prices of the Professional and Ultimate SKU’s are about 10% less than the full version. This kinda got me wondering if it was even worth the hassle/effort to buy the Professional SKU or even to buy the Ultimate Upgrade SKU when in some cases there is only $32 difference.

So if you already own Windows Vista Home Premium and you simply upgrade your copy of Home Premium to Windows 7 in which case you buy the Home Premium upgrade for $168 and do a simple upgrade of your existing Operating System by far and away the simplest and cheapest and simplest option for most people. Think of this as a thank you from Microsoft for already making a jump to Windows Vista.

However if you you own Windows XP Home and you want to upgrade to Windows 7 Home Premium you still can buy Windows 7 Home Premium upgrade for $168 and be legally covered however you will need to do a clean install of your operating system as there is no direct upgrade path. First time you install Windows 7 however you need to make sure not to enter a product key which installs it in trial mode (or so to speak). THEN you need to perform an upgrade install of the trial mode version of the OS this time using the upgrade key that was supplied with the product. Suck to be you… serves you right you should have upgrade already made the jump to Windows Vista. Unless of course you have a copy of Windows Vista lying around that you never used you can upgrade Windows XP to Vista and then do an upgrade from Vista to Windows 7…

Now if you are on either Windows XP or Windows Vista Home Premium and you want to upgrade to Professional or Ultimate this is where I would recommend just paying at most the extra $61 and fork out for the Windows 7 Ultimate full version for $398 with all its features. This way you will never have to perform the double install/upgrade trick if you ever want to re-install you OS on a different computer which i think is will worth the $61 just for the time you save even thought you are also getting the most feature full version of Windows 7. Now if you are on Windows XP you still need to do a clean install but again you dont need to do the whole double install/upgrade process.

In case you were wondering the primary benefit of Windows 7 Ultimate version is that it gives you the ability password encrypt all your USB drives and memory sticks… Very handy if you ever lose one of these devices that has any sensitive or private information.

What is also interesting is that the Upgrade Anytime prices are also priced similarly with a big jump from the lowest version to the next one up. This is going to be mostly relevant to those who now buy Windows 7 Starter on a new Netbook pre-installed. I think this sort of upgrade will be very popular as all the Netbooks will be loaded with Windows 7 Starter and it will give a great up-sell opportunity for retailers to whenever anyone buys a new Netbook. If you do fall into this category and you want to upgrade from starter it does makes financial sense (although just marginally) to do either do a single jump to buy either just the Starter to Home Premium or a double jump from starter to Home Premium and then Home Premium to Professional or Home Premium to Ultimate. Also don’t worry that you have a DVD on your Netbook to do the upgrade this Upgrade Anytime product is just a key that unlocks the added functionality.

What is also interesting about this price is that the Windows 7 Home Premium Upgrade of $168 is only  $9 more that the cost of Windows 95 upgrade about 14 years ago. When you take in to account the cost of inflation and the fact that this is a WAY better OS that anything that has previously done this is actually VERY good value.

For those of you who won a HTC Snap at TechEd Australia 2009 (like me) or for anyone else who has bough one, HTC has now released the Windows Mobile 6.5 ROM upgrade. Kudos to HTC and Telstra for taking a little over two weeks to release the custom ROM for the device. In conjunction to Windows Mobile 6.5 Microsoft has now released the Windows Mobile Marketplace that allows user to purchase application on the phone and download them directly to the device. Microsoft has also released new features in myPhone that allows users to remotely find and/or wipe their phones without having to pay for a really expensive annual subscription.

Will start to review the upgrade process and the new features in the coming days….

Download it now from: ROM upgrade (WM6.5) for HTC Snap (Telstra)

Was just listening to the WMExperts Podcast 73 and they mentioned they saw a Xbox 360 with RSS reader option demo’d at a open house event by Microsoft in New York. Not even sure they were meant to see or talk about this feature as but they did so the cat is now out of the bag. This would be very awesome as you will be now able to setup you 360 as you news reader when you combine it with other RSS news aggregators. This positions the Xbox 360 to be the first thing your turn on in the morning and the last thing you turn off especially when it will also have integrated Twitter, Facebook & Zune (marketplace) support this November. I think the 360 is really shaping up to be a fantastic social media hub for your living room and once the Natal is released it will be the must have console for your home.