One of the most interesting tidbits to emerge from the Ignite conference so far has been Microsoft’s announcement of its “Windows Update for Business” service. Terry Myerson himself, Microsoft’s EVP for Operating Systems, made this announcement — and offers an equivalent Blogging Windows post on the topic — which shows that the company really gets how important handling updates at the enterprise level truly is, and has put some serious thought into accommodating a very different set of needs and priorities when it comes to staging and deploying such updates in a business environment.
With Windows 10, MS will finally offer a different kind of Windows Update for business users, emphasis on enterprise-class deployments.
[Click image for full-size view, if the “fine print” is too challenging.]
What does Windows Update for Business involve? There’s a lot of hoopla in the announcement about matters related to protection, for devices, identity, applications, and information, but I’ll let the announcement handle those details. What I — and most enterprise IT organizations — care about even more is support for how updates get managed and deployed. Historically, the consumer-grade version of Windows Update has been totally at odds with business needs in that it’s endpoint driven, automatic, and more or less involuntary. In enterprise environments, the first concern about change management is to ensure that introducing change does not also introduce unwanted side effects, particularly those that might affect the proper operation of mission-critical line of business and custom applications. Perforce, there’s no way for MS to test against such things before unleashing updates on the world, so enterprise IT organizations have no choice but to test such things themselves, and only to permit updates that don’t create negative impacts to be deployed in their production environments. In addition, most enterprise IT organizations have only short intervals during which update deployment is scheduled to occur (usually on a monthly or quarterly basis) and they must be able to stage and deploy safe updates within the time windows available to them, or roll back problem or incomplete updates before the update time window closes, so as to leave their production environments in a stable, working state for employees, contractors, and partners to use when production work resumes immediately thereafter.
The MS announcement takes strong cognizance of these needs and the enterprise update situation. To that end, it includes the following capabilities:
1. Distribution rings: a means whereby IT can specify which devices go first in an update wave, and which devices will come later (this provides an opportunity to pilot new or changed elements to power users, developers, and the like, to enable issues to manifest and be solved, before rolling updates out to the entire world of production).
2. Maintenance windows: enables IT departments to establish the dates and times when updates may occur, and — more important — when they may not occur.
3. Peer-to-peer delivery: permits IT to deliver updates to branch offices and remote sites only once, after which they can fan out to individual nodes and devices at the edge of the network. This is essential to conserving bandwidth across private or high-cost WAN links from central, highly-connected corporate sites to the network edge.
4. Integration with existing tools: permits management tools and environments (e.g. System Center or Enterprise Mobility Suite) to continue to function as the “single pane of glass” through which to manage update deployment along with the myriad of other functions needed to care for and troubleshoot enterprise IT environments. I’m curious to see how well this will play in enterprises that use non-MS tools to perform such functions (where connectors may need to be built before full-scale integration is possible), though MS platforms already seem to be covered.
As somebody who’s witnessed a few holiday weekend exercises in update deployment, with a battery of experts on tap to escalate and shoot the inevitable trouble that often pops up as the time window expires, I’m delighted to see that Microsoft is getting with the program that has been in place in enterprise IT environments since the beginning. All I can say is “About time!” And again, it will be fascinating to see how the elements described above play out in actual high-volume deployments once Windows 10 has been deployed in sufficient numbers to make it suitable to put Windows Update for Business to work in the real world.
Like many other beta testers for Windows 10, I reported early on (around build 9879, if memory serves) that the deployment image servicing and management facility, better known as the DISM command, wouldn’t work without an explicit sources reference in the command line (see TechNet and MSDN for syntax and semantics info). I’ve been checking this capability with each new build since then, and hadn’t seen any progress until Build 10074 was released last week. Here’s a screen cap of the CMD (command prompt) window, with some visual proof for this assertion:
No more error messages when you run the default DISM with /Cleanup-Image and /RestoreHealth options!
For those not already using DISM, the tool is designed to replace the pkgmgr, PEImg, and IntlConfg tools retired with Windows 7. It provides a centralized console from which to create and manage Windows images, package them for deployment, maintain them with updates and added post-install executable elements, provide additional fonts and language support and, in the words of the infamous and notorious old Ronco ads: “Much, much more!” The particular command above is useful to restore the health of the currently running image on a Windows PC, and should be an early go-to in any Windows admin’s fix-it routines and procedures. That’s why it’s so welcome to see its defaults finally working as advertised or promised in Build 10074.
Whoa! Has it really only been two days since the last time I posted? It seems like a lot more time has gone by than that, but perhaps that’s because I’ve been pounding away at Win10 issues over most of the intervening days and hours. No sooner did I finally got my Dell Venue 11 Pro up and working with build 10061, than along came build 10074, and a new name for the current state of Windows 10, both in connection with this week’s Build 2015 conference held in San Francisco.
No more “Technical Preview,” Now it’s an “Insider Preview”
At the conference über-Windows guy Gabe Aul explained that “In fact, Insider feedback has become so valuable to our engineering process, we’ve decided to rename ‘Windows 10 Technical Preview’ to ‘Windows 10 Insider Preview.’ It’s the same OS as before” [I picked this gem up over at the Windows Ten Forums, where it appeared in a news item early on May 1, one day after Aul’s Blogging Windows post introduced the nomenclature update]. Here’s that headline, for your delectation:
Here is a new name straight from MS [click image to see full-size screencap].
From Build 10061 to Build 10074, and beyond!
So, just after getting the Dell Venue 11 Pro up and running on 10061, I found myself immediately upgrading to 10074. This one proved a great deal more interesting than the last upgrade for a whole slew of reasons, which I will now elaborate:
1. As usual the desktop upgraded smoothly and painlessly from old to new build, and the Dell once again hung after the initial shut-down that precedes the first restart once the new OS in place. Having now learned that a cold start will prevent this problem from pausing progress, this time I popped the battery out of the unit after the shut-down occurred, and was then able to boot right up into the “getting Store apps, setting a few things up, …” post-install clean-up during the finishing phases of the OS install. Having been through this 5 times in the past 10 days, I now believe there’s some issue with the start-up behavior of the Venue 11 Pro, possibly related to the BIOS or low-level boot blocks used in the earliest phases of start-up during or immediately after BIOS execution, that’s hanging during the restart that occurs during the installation process. The workaround of forcing a cold and complete shutdown, then a clean restart seems to fix whatever issue is causing the problem.
2. There’s no question that Windows 10 is getting bigger. For build 10061 I had 24.2 GB reported in the Windows.old holdings as available for post-install cleanup (you can clear these files in Disk Cleanup by selecting “System files” during its enumeration phase, or you can elect “delete old Windows installation” in Piriform’s CCleaner program: I am inclined to use the latter because it’s 3-4 faster to completion than the built-in utility). For build 10074, Windows.old was reported at 34.0 GB instead, an increase of almost 10 GB!
3. For the second time with any Windows 10 install, I found driver issues following the installation. It’s normal when performing a clean install of a new OS for the first time for there to be anywhere from a few to a couple of dozen device drivers in need of update or attention. But this is the first upgrade install of Windows 10 since the first build went out where I actually lost a half-dozen drivers following the upgrade (normally drivers are preserved from one build to the next, apparently unmolested during the upgrade process). On the Dell Venue 11 Pro, I found a handful of unknown devices in Device Manager following the install, which turned out to include these items:
- Intel Watchdog Timer
- Intel 82802 firmware flash hub (which turned out to be an Intel 28F320C3 Flash Update Device, when properly recognized)
- O2 Micro Integrated MMC SD card reader
- Intel Display Audio
- Intel Virtual Buttons
Fixing those missing items turned out to be the most interesting part of the “getting back to work” effort following the 10074 installation. DriverAgent helped me fix 3 of the 5 items reported as Unknown Devices, but I had to resort to old fashioned detective work to fix the other two. In each case I used the “Hardware Ids” string from the Details pane in the Properties window to search for the device that needed a driver. In both cases, the search was pretty straightforward, and I was able to find the necessary software to bring those devices out of terra incognita and endow them with current, working drivers. Very interesting!
So far, I like Build 10074 better than 10061. It is more stable, offers more interesting graphics and layout, permits running 32-bit applications from the start menu without workarounds, and generally seems pretty well-behaved. I’ve even been able to make new system image backups and system refresh images for both the desktop and the Dell Venue 11 Pro without incident. If I should accidentally trash something, as my experimenting sometimes causes, I’m pretty sure I can get back to a known, good working state on either machine pretty quickly. In the wonderful but whacky world of Windows beta OS work, it doesn’t get any better than that!
Just for grins, I decided to re-try the Windows Update download for Windows 10 Build 10061 on my Dell Venue 11 Pro 7130 yesterday afternoon. The last two times I’d tried, I’d not sat in front of the machine while the upgrade was underway, and each time it failed upon attempting to reboot after the initial installation got to its first restart en route to a complete installation. This time, I sat in front of the machine the whole time. Sure enough, although it failed again, this time I decided to shut down the machine completely, and then to do a completely cold reboot. For some reason or another, this worked: when I restarted the machine after the shutdown, the installation kept going and completed successfully. Go figure!
Here’s a bit of visual proof that I’ve gotten 10061 to run on the Dell VP11 Pro 7130. [Click image to see full-size original]
I wish I’d thought to try this earlier on in the process. As it was I left this machine idle for 3 or 4 days before I had time to attempt another installation of 10061. In the wake of that successful install, here’s what I’ve observed about Windows 10 Build 10061 on that machine:
1. As reported in the release notes from MS, indeed one cannot run 32-bit executables from the Start menu. But you can navigate into the Program Files (x86) directory manually to get to most of them (I still find some in Program Files), or use the search function to access them directly, so it’s no big deal.
2. Amusingly, the wastebasket icon for Recycle Bin is now squared-off rather than round, as it has been since time immemorial for as long as it’s been visible on the desktop.
3. As soon as I upgraded to the latest build, I attached an external USB3 drive caddy with a 1.5 TB Samsung SpinPoint drive, to make an image backup and a refresh image using RecImgMgr. I couldn’t help but notice the dinging and donging sounds that announce that as soon as the VP11 goes to sleep it drops the USB3 device, and remounts it again shortly after awaking. I’m not sure if this is a bug or a feature, but I imagine MS will want to do or say something about this depending on which side of the either/or divide it falls.
4. Despite other reports that the Spartan browser isn’t visible on the toolbar in Build 10061, it’s showing up quite visibly on both of my test machines running that build. It seems to work noticeably faster than IE11, too.
5. I was amused to have Secunia PSI inform me that the built-in Flash Player for IE was out-of-date before MS actually issued the patched version via Windows Update. Yesterday AM, PSI let me know it was obsolete; yesterday PM, MS released the update (KB3049508) that provided the latest version (version 184.108.40.206).
6. There are still some minor issues with the built-in Synaptics touchpad on the VP11 Pro: remote control handles the desktop flawlessly, but working directly on the machine, mouse clicks through the touchpad work only about two-thirds of the time (I’ll often use my finger on the touch screen rather than fight with the touchpad, so it’s more irritating than serious, but I hope Synaptics and MS get together on some driver fixes before the RMT hits in June).
In general, things seem to be working pretty well with this build, especially considering that it remains available only to Fast Ring installers at this point. The Build conference, now underway in San Francisco, is expected to include the release of a new build at some point over the next few days, and could include a new set of items for both fast and slow ring installers. Updates are expected to keep coming beyond RTM, in fact, all the way through GA, so life in the Windows 10 world should stay interesting right up until things freeze for final release.
Although Microsoft has itself described its upcoming plans to provide a no-cost copy of Windows 10 to Windows 7, Windows 8.1 and Windows Phone 8.1 devices to those who move up in the first year after its release as a Free Upgrade Offer, the company describes this plan as a “marketing and promotional activity” in its latest 10-Q filing with the Securities and Exchange Commission (SEC). Why is this difference in reporting to SEC versus how plans are described to the public important? In a word: Money.
The actual text is too big to turn into a compact screen cap, so I just grabbed some salient language.
The language in the 10-Q filing reads somewhat differently, and for a very good reason. If the company calls it a free upgrade, MS must defer some of the earnings on the current version of Windows (8.1) to defray the costs of the new release. If it’s a “marketing and promotional activity” MS is entitled to allow revenue from “new sales of Windows 8 … to be recognized as delivered” (see section entitled “Application of Critical Accounting Policies” in the 10-Q Filing Document).
While this may sound like mere accounting gobbledygook, there’s some serious money involved. ComputerWorld explains the potential costs in a story on the filing as follows:
The last time Microsoft offered a discounted upgrade to customers was prior to the launch of Windows 8. During an eight-month stretch from early June 2012 to the end of January 2013, people who purchased a new PC pre-loaded with Windows 7 were eligible for a $15 upgrade to Windows 8 Pro.
Microsoft deferred just under $1.1 billion in revenue for that upgrade program over a three-quarter stretch, then recorded that money as income during the first quarter of 2013.
I take this to mean that a one-year stretch for the deferral costs of the upgrade to Windows 10 would have to be at least $1.46B, if not higher, because the time period is longer and the number of potential upgraders higher (Windows 7 and Windows 8.1 users, plus Windows 8.1 Phone users, are all covered, whereas the earlier upgrade applied only to those who bought new PCs during the 8-month period of coverage for the $15 offer). Approximately $1.5B and potentially much more is not chump change, and with Windows revenues already trending down because of lower OEM licensing rates, and with no consumer upgrades likely to occur (except for serious procrastinators), this will probably result in even lower revenues for Windows OSes once Windows 10 hits General Availability. I think CW is right to interpret this move on Microsoft’s point as an attempt to head off downward pressure on the stock.
All this does raise an interesting question, though: How will MS and its stock fare when one of its revenue mainstays — namely, Windows OS monies from consumer license purchases and upgrades — takes a one year vacation? We’ll be finding that out later this year.
If something happens once, it’s impossible to tell if it’s an anomaly or an expected behavior. Let it happen even one more time though, and a suspicion of pattern or predictability can’t help but rear its head. When I installed the last “fast ring” (10049) build on my two test machines, here’s what happened:
1. The Windows Update based install worked like a charm on my desktop test PC (i7 4770K, MSI Z87-G45 mobo, 32 GB RAM, GTX 760 video) and worked itself through its paces without even requiring any input from me (except to restart the PC when I noticed the upgrade had been applied). Aside from a few minor glitches (repair install on 8GadgetPack to restore gadgets to life, reset network from Public to Private) there were no major clean-ups required.
2. It was a different story on the Dell Venue 11 Pro 7130 (i5 Broadwell M, Intel HD 5000 graphics, 8 GB RAM): after the initial install phase completed and the automatic reboot was instigated, the PC refused to reboot into any version of Windows (either the predecessor build, or the latest one). Ultimately, I had to perform a clean install from the ISO of the installer files when they became available about a week after the fast ring release, when its slow ring counterpart finally became available.
Build 10061 popped up on 4/22 via Windows Update for Fast Ring subscribers.
Guess what? My experience in updating to Build 10061 turned out exactly the same. This time, however, I rebooted the Dell from a recovery UFD and restored the most recent system image for the preceding build, figuring I’d otherwise have to wait a week to bring the tablet back into operation. Obviously, there’s some kind of low-level issue with the Venue 11 Pro and using Windows Update for an OS upgrade. I’ve not yet been able to figure out what’s going south during the process, but at least it’s fixable with enough time and elbow grease, along with the right bootable media and a workable repair strategy.
Otherwise, Build 10061 seems to extend a bit of new functionality, while smoothing off some sharp edges from earlier releases. The visual differences between Tablet and Desktop modes are better elaborated (for example, more space between notification icons in tablet mode makes them easier to poke with a finger) and more thought out. Application switching works nicely in tablet mode now with a “swipe-from-the-right” gesture showing all open windows in tiled fashion, where any windows is easy to select with a single touch (about as convenient as the old Alt-Tab clickthrough method on the desktop). Notifications has had a fairly complete rework, both visually and in terms of layout, and is looking and acting a lot more like it’s ready for prime time than in earlier releases. New apps making their debut include Outlook Mail and Calendar, while recent introductions such as Project Spartan and Music and Video have been spruced up (though the media items are unable to download content until a fix is released — which may explain why 10061 remains a “Fast Ring” item at the moment).
I’d predicted another build in my last blog post, but was still surprised to see it show up later on the very day I proffered that prediction. I’m expecting at least two more incremental Windows 10 builds to pop up before a locked-down version makes its way to the OEMs in late May or early June. That should make the next 4-6 weeks very interesting for us beta testers!
Last week, my wife told me the Internet was running slowly, so of course I checked the Ookla Speed Test page to see what was what. When speeds in the usual range manifested, I assumed the problem was a hiccup and nothing more. I was wrong, but it took me quite some time to figure out why. As it turns out, we tend to visit the same sites repeatedly at my house, and do very little serious random surfing. This matters for an interesting reason, but more on that shortly…
Yesterday morning I attempted to remote to one of my Windows 10 test units, and was mildly miffed to see it wasn’t working. Wanting to grab a screen shot of the Insider Hub, I simply attempted to connect to the other test unit, only to fail yet again. I checked the Remote Settings in the System widget in Control Panel, and found no problems. I check homegroup status, and quickly realized there were also issues there. Then I tried to connect via the usual IP address for one of my test units, and it failed, too. Very interesting!
My next step was to sit down at that same test unit, fire up the command line, and run the ipconfig command. Lo and behold, instead of a private IP address in the 192.168.0 Class C range, I saw a 169.254.0.x address instead. This is a special IP address on Windows machines that comes from its Automatic Private IP Addressing (APIPA) capability. Such addresses only appear on a Windows machine when it can’t find a DHCP server at boot-up. This clued me into an issue with my Time Warner boundary device where not only was DHCP not functioning as it should have been, but also where the Domain Name Servers to which the DHCP Server points were also not available (or only intermittently available, because name resolution would occasionally happen on devices with still-working IP addresses, but only very slooooooowly).
Before the TW folks reset their back end server settings, the old DNS server addresses were on a 70.x.x.x Class A network.
I tried resetting my Arris device, and it helped with DHCP (my wireless nodes now had legit LAN addresses) but it still didn’t resolve the DNS problem. A quick phone call to Time Warner led to a call back from their third-level support desk, which informed me that they had changed the addresses for the domain servers on their backbone, but it hadn’t propagated successfully to the broadcast domain for the local cable segment for my neighborhood for whatever reason. After they made sure those values were correct, and another reset to the Arris box, all was copascetic once again.
I concluded my adventures by apologizing to my wife for not properly researching her Internet problem last Friday. Had I done so then, I could not only have taken care of her issues right away, I would also have saved myself the time needed to diagnose yesterday’s strange case of the malfunctioning remote access that helped me find the problem by guess and by gosh. Live and learn, eh?
Lots of sources on the Web are reporting on a comment that Lisa Siu, CEO of AMD, let slip during the Q&A portion of a recent earnings call last Friday, which I reproduce here in its entirety:
What we also are factoring in is, you know, with the Windows 10 launch at the end of July, we are watching sort of the impact of that on the back-to-school season, and expect that it might have a bit of a delay to the normal back-to-school season inventory build-up.
I feel bad for the potential fall-out with MS that such a slip might cause, given AMD’s consistently weakening hold on the PC market, and its ever-declining consequent fortunes, but this is useful information because of what it tells us about the upcoming timeline for Windows 10:
1. Given a General Availability date on or before 7/31/2015, that lends more credence to February 2015 reports that the release to OEM manufacturers (RTM) would occur in June (see, for example, thee reports: Network World, NeoWin).
2. It suggests strongly that features of great interest should either appear, or fall out of the upcoming Windows 10 release, within the next 30-60 days. These include a new and improved Maps interface and applications, improved voice controls, final lockdown of universal apps features, advanced biometrics support, and more. I can’t wait to see what actually shows up by the end of May, because that’s when “feature lockdown” is most likely to occur.
3. Microsoft’s timing shows that they fully understand the importance of the “back-to-school” buying impulse, just as Ms. Siu of AMD does. Hopefully, a timely end-of-July release gives OEMs enough time to flood their channels and buyers enough time to buy in before school gets going from mid-August to early September around the country and the world.
4. All of this means that the next couple of “slow ring” builds to emerge for Windows 10 (which have been promised to hit at approximately 30-day intervals in the months ahead, indicating that one of the recent builds leaked, such as 10051 or 10064, may hit fast and slow ring status soon, given the 3/18 release date for 10041).
And indeed it looks like Windows 10 might be limbering up for the home stretch, and hopefully also, showing those remaining major capabilities still not in evidence that are intended for GA release sooner rather than later in that process.
Back in mid-March, Joe Belfiore (VP of the OS Group at MS) posted about a new biometric authentication technology to Blogging Windows. It’s called “Windows Hello” and although it has yet to make its debut in a Technical Preview build, it’s promised for inclusion in Windows 10 at some point in the as-yet indistinct future. You can read his description of this technology in the 3/17/15 post entitled “Making Windows 10 More Personal and More Secure with Windows Hello,” which also includes this intriguing screencap that apparently reports a successful “hello” experience.
When Hello works in Windows 10, you see the greeting message complete with smileyface on the splash screen.
When Windows 8 came along, part of its new feature set included built-in support for fingerprint readers. And indeed, on most of the laptops and tablets I tried that included fingerprint readers (most were of the AuthenTec variety), fingerprint support (enrollment and subsequent recognition or rejection) worked immediately following installation, and integrated with Windows login so that I could scan a fingerprint instead of typing in a password. As I understand what Windows Hello will do in Windows 10 is to add support for the Intel RealSense 3D camera, and also incorporate facial and iris recognition into its bag of biometric identification/authentication tricks. Thus, in much the same way that it will continue support for fingerprint readers, it will also add enrollment and recognition/rejection features for the aforementioned camera into its built-in capabilities, and integrate them into the Windows 10 login process as well. In addition, MS will also integrate with the Microsoft Passport environment, so that successful Hello recognition will also tie users into any of the various remote sites and/or services that currently require a Microsoft Account login today.
In fact, Microsoft Passport depends on asymmetric key cryptography for authentication. Also known as public key encryption, it endows uses with a private secret key and a related public key as a split form of authentication and proof of identity. Messages encrypted with the public key can only be decrypted using the private key, so successful decryption of a message or inquiry so encrypted constitutes a powerful proof of identity and can even be considered a form of “self-authenticating data” in that the ability to decrypt proves that the recipient possessed the key necessary to access message contents. This means that Passport bypasses any need to store secret keys or passwords online for authentication, and can use your public key to obtain necessary proofs of identity (one simple mechanism might encrypt a randomly-generated URL, for example, that a user would then click to continue a secured interaction with a system or service). The private key is tied to the system where biometric recognition occurs, and can be related to or based around unique markers association with such recognition.
For a different and more detailed take on Microsoft Hello, check out Greg Shultz’s take on that technology at TechRepublic, in his 4/10/2015 story entitled “Windows Hello brings biometric security to Windows 10” or Mark Hachman’s “Microsoft’s Windows Hello will let you log into Windows 10 with your face, finger, or eye.” I’ll be curious to see how it plays out following a public release, and how much incremental cost the Intel RealSense 3D camera is likely to add to a typical tablet or notebook PC.
Has it really been that long since the first Windows 10 Technical Preview went live? Sure enough: Builds 9841, 9860, and 9879 all expire on April 15, 2015, and will quit booting when the clock ticks over to April 30, 2015, in just over two weeks. Here’s the blurb from the Windows 10 Insider Hub that tells the story, with a warning worth heeding:
Please note what happens if you procrastinate past the “freshness date!”
The current build for Windows 10 is available through Windows Update in the Settings app, and also through a link in the aforementioned update in the Insider Hub app as well. If you are trailing behind on any Windows 10 builds, you’ll want to make sure to catch up before April 30 rolls around, because you’ll be forced to do a bare metal clean install of some OS (Windows 10 current build or otherwise) just to get your machine to boot. You’ve been warned!
And you thought “Tax Day” was just about punishment from the IRS. Now, Microsoft is doing its bit to add to the joy… To complete the information about what expires when, here’s a table of expiration and “stop booting” dates for all major Windows 10 builds, courtesy of RajithR, an MS Support Engineer, over at the Windows Insider Program: