Windows Enterprise Desktop


February 12, 2016  10:38 AM

Clean Win10 Install: Few Updates Needed

Ed Tittel Ed Tittel Profile: Ed Tittel
Clean install, Windows 10

With the introduction of a new Windows 10 Cumulative Update on a “once-a-month-or-better” frequency, it’s been said that clean installs should require only a few updates to bring a brand-new Windows 10 install completely up to date. After performing a bare-metal install yesterday on a new PC, I can confirm this is correct. After getting Windows 10 running on that machine, I visited Windows Update to see what was missing. I  got a list of only 4 items, to wit:

  • The latest Cumulative Update (KB3135173)
  • A just-hatched security update to Adobe Flash (KB3135782)
  • This month’s “Patch Tuesday” version of the Malicious software Removal Tool (KB890830)
  • The current set of Windows Defender updates

That’s a list I would have to call minimal. It compares favorably to the dozens to hundreds of updates I’ve downloaded after performing clean installs of Windows Vista, 7, 8, and 8.1 over the past 9 years. (Vista went public on 1/30/2007, in case you can’t remember.) Cumulative Updates absolutely short-circuit the usual post install update drill, which often took an hour or longer on earlier Windows versions.

The new machine will replace my current production desktop PC. But first, I must transfer all of its hard drives over the weekend, and finish installing the usual work-oriented applications.  Here are some other observations about my experience so far:

  • Windows 10 did an ACE job of getting the drivers (mostly) right. According to DriverUpdate, it missed only 3 drivers on a configuration that included an Asrock Z170 Extreme 7+ motherboard, a Skylake i7-6700K CPU, 32 GB RAM, and the awesome Samsung 950 Pro NVMe SSD (512 GB). All were chipset specific items for system devices, all addressed by installing the latest Intel chipset driver.
  • The process from bare metal to a fully-updated OS took less than 40 minutes. Some of that included idle time when the machine was waiting for input from me. It really is getting faster and easier to install Windows, and Windows 10 makes the process simple and straightforward.
  • An NVMe SSD makes a BIG difference in system performance. Crystal DiskMark reported some startling performance figures. My results were consistent with Les Tokar’s discussion at The SSD Review in October, 2015. Here’s one snapshot of the performance data (his test machine configuration is nearly identical to my new rig: a deliberate purchase choice on my part):

cumulative update goes faster with NVMe drive

The Samsung 950 Pro NVMe SSD is 3-6 times faster than the 840 EVO mSATA SSD in my current production PC.

Bottom line: the new regular cumulative update strategy for Windows 10 really does short-circuit most of the post-install catchup process for clean installs. Only those updates that appeared along with, or after, the most recent cumulative update will need to be applied, for any new Windows 10 installation. Bravo!

February 10, 2016  9:43 AM

MS Starts Providing Update Details for Windows 10

Ed Tittel Ed Tittel Profile: Ed Tittel
history, Windows 10

Sure, there’s a lot that’s new about Windows 10, and there have been a lot of changes introduced with the new OS. While some are positive, and some negative, nearly everyone has been unhappy about the lack of information on Windows Updates that MS has provided since Windows 10 went into full rotation in July 2015. Until yesterday, the most anyone could get out of MS about updates was boilerplate language along the lines of “Changes made to add stability…,”quality improvements, security fixes, and so forth.

Starting with the latest “Patch Tuesday” (2/9/16), MS has introduced a new Web page entitled “Windows 10 Update History,” that goes back to the old changelog approach of documenting new updates. Not coincidentally, yesterday’s updates also included a new Cumulative Update — namely, KB3135173. Here’s what that page has to say about it, as an illustration of the kind of information once again being made available:

February 9, 2016 — KB3135173 (brings system to 10586.104)

This update includes quality improvements and security fixes. No new operating system features are being introduced this month. Key changes in this update include:

  • Improved installation time of updates.

  • Fixed issue with Microsoft Edge browser caching visited URLs while using InPrivate browsing.

  • Improved Silverlight performance.

  • Fixed issue that didn’t allow a Windows 10 PC to remotely configure a server.

  • Fixed issue with pictures and tables not displaying in Windows Journal.

  • Fixed security issues that could allow remote code execution when malware is run on a target system.

  • Fixed security issues in Microsoft Edge and Internet Explorer 11 that could allow code from a malicious website to be installed and run on a device.

  • Fixed additional issues with Input Method Editors (IMEs), Direct Access, assigned access, peripheral device detection, barcode scanning, Windows Explorer, Internet Explorer 11, Microsoft Edge, and scripting.

  • Fixed additional security issues with .NET Framework, PDF library, Windows Journal, kernel-mode drivers, Remote Desktop, and WebDAV.

For more info about the security fixes in this update and a complete list of affected files, see KB3135174.

For an audience that’s been half-frustrated, and half-appalled with the lack of information about Windows Updates for Windows 10 until now, this comes as very welcome relief. I must say I liked it better when you could simply click on entries in the Update History on a specific PC and get this kind of information, but the new approach is much, much better than the total lack of detail provided up until now. For the incurably curious, the information available within Update History remains pretty generic, though. Here’s the “detail” provided for the foregoing KB3135174 therein:

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

My best guess as to why MS has made this change, and introduced the Web page instead of returning to detail in Update History is that with multiple release branches now in place, it’s easier for them to manage all the data online. They don’t have to package that information for distribution with the updates any more, either.


February 8, 2016  11:21 AM

Windows 10 Desktop Share Passes XP

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, Windows 7, Windows XP

As of the latest figures from NetMarketShare.com, Windows 10’s desktop operating system marketshare has just surpassed that for Windows XP, that venerable, creaky and insecure OS whose support went bye-bye when it hit end-of-life status on April 8, 2014. Almost two years later, it’s still kicking after a fashion, with various arms of governments world-wide (including branches of the US military) still paying for extended support contracts into 2016.

In fact, XP’s 11.42% marketshare still beats that for everything except Windows 7 (52.47%) and 10 (11.85%), including

  • Windows 8.1: 10.4%
  • Mac OS X 10.11 3.44%
  • Windows 8: 2.68%
  • Mac OS X 10.10: 2.33%
  • Everything else: 5.4%

On the one hand, I’m amazed that XP has persisted as long as it has in “zombie status” (still in use after end-of-life has been reached). It’s a testament to various aspects of human organizational behavior, including inertia, parsimony, and sheer cussedness, none of which are especially flattering, but all of which are too apt to be denied.

On the other hand, it’s cool that Windows 10 has now jumped into second place overall. Now, it can start whittling away at Windows 7’s still unbeatable majority market share of 52.47%. Shawn Brink of TenForums.com observes that XP has been losing a fairly steady 0.5% in marketshare over the past year, which would indicate that it could vanish as soon as two years from now, or fade into the “other” category (less than 2.5%) in as little as eighteen months. We’ll see!

What I’m interested in watching going forward, is how well the dip in Windows 7 usage corresponds to the rise in Windows 10 usage. My guess is that Windows 10 will grow mostly by stealing from Windows 7 marketshare. I’ll keep an eye on this and report back in a few months.

nms-os-160208

NetMarketShare.com Desktop Operating System Market Share for 2/8/16 shows Windows 10 finally ahead of Windows XP. ‘Bout time!


February 5, 2016  10:54 AM

Customize and Provision Windows 10 Images with Windows ICD

Ed Tittel Ed Tittel Profile: Ed Tittel
Deployment tools, Image management, Windows 10

There’s an interesting tool available in the Hardware Dev Center portion of MSDN: it’s called the Windows Imaging and Configuration Designer, aka Windows ICD. It’s designed to streamline the process of customizing and provisioning a Windows image. The home page for this tool states that it is designed to handle these tasks:

  • View all of the configurable settings and policies for a Windows 10 image or provisioning package.
  • Create Windows provisioning answer files.
  • Add third-party drivers, apps, or other assets to an answer file.
  • Create variants and specify the settings that apply to each variant.
  • Build and flash a Windows image.
  • Build a provisioning package.

Here’s the Table of Contents for digging further into this documentation (and the related tool). Note that you must first install the Windows ADK for Windows 10 before you can use this facility, and elect a specific set of options (all of which is covered in details in the “Getting Started” item below).

winicd

ICD uses a tile-based interface, and is both powerful and easy to use.
[Click image to see larger version]

Topic Description
Getting started with Windows ICD Read this topic to find out how to install and run the Windows ICD. Once you have Windows ICD running, check out the supported Windows ICD project workflows to learn about some of the things you can do using the tool.
Supported platforms for Windows ICD Provides information about:

  • Supported target images – Windows images that can be configured using Windows ICD
  • Supported host platforms – Versions of Windows 10 that can run Windows ICD
Build and apply a provisioning package You can use Windows ICD to create a provisioning package (.ppkg), which contains customizations that you can include for a particular Windows image. You can either apply the provisioning package to an image or share it as a standalone package that can be applied to a running system using the Provisioning Engine. For more information about PPKGs and how they are generated and applied, seeProvisioning packages.
Build a provisioning package with classic Windows applications Create a provisioning package that includes Classic Windows applications and other files with your Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) devices. Uses:
Export a provisioning package Export a provisioning package if you want to reuse the customizations already configured in a different project or to share it as a standalone package that can be applied to a running system during initial device setup or later.
Create a provisioning package with multivariant settings Multivariant provides a generic mechanism for creating a single image that can work for multiple markets and reduce the number of images that OEMs need to create and test. It enables OEMs to dynamically configure language, branding, apps, and network settings during runtime based on the mobile operator and locale/country.

Windows 10 provisioning is an updated and enriched version of the runtime configuration or multivariant feature supported in Windows Phone 8.1. In Windows 10, multivariant is available for all Windows editions.

To provision multivariant settings, you must create a provisioning package with defined Conditions and Settings that are tied to these conditions. When you install this package on a Windows 10 device, the provisioning engine applies the matching condition settings at every event and triggers provisioning.

Build and deploy an image for Windows 10 Desktop You can use Windows ICD to create a new Windows 10 for desktop editions image and customize it by adding drivers, apps, language packs, settings, and more. You can also build the deployment media either to a folder or to a USB key.
Build and deploy an image for Windows 10 Mobile You can use Windows ICD to create a new Windows 10 Mobile image and customize it by adding settings and some assets.
Build and deploy a Windows 10 IoT Core image You can use Windows ICD to customize and create a new Windows 10 IoT Core (IoT Core) image.
Configure customizations using Windows ICD You can use Windows ICD to configure the Windows device UI, connectivity settings, and user experience to better reflect your brand, to meet mobile network requirements, to comply with IT department security requirements, or to fit market segments or regions where the device will ship.
Use the Windows ICD command-line interface You can use the Windows ICD command-line interface (CLI) to automate the building of provisioning packages and Windows 10 for desktop editions and Windows 10 Mobile or IoT Core images.

  • For OEMs who already have an established manufacturing process or for enterprise IT Pros who also have established IT management infrastructures, you can use the Windows ICD CLI to require less re-tooling of your existing processes. You must run the Windows ICD CLI from a command window with administrator privileges.
  • For OEMs that want to create an image and/or provisioning package with multivariant support, you must use the Windows ICD CLI and edit the customizations.xml sources. For more information on how to do this, see Create a provisioning package with multivariant settings. For more information about the customization XML, see Windows provisioning answer file.
Use the package splitter tool Enterprise IT professionals who want to use a barcode to provision mobile devices during OOBE can use the package splitter tool, ppkgtobase64.exe, which is a command-line tool to split the provisioning package into smaller files.

Enjoy!


February 3, 2016  10:43 AM

Interesting OOB Windows 10 Update Poses Questions, Problems

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, Windows Updates

Just when I thought I’d seen just about everything Microsoft could do with Windows updates, the company pulled a fascinating rabbit out of its hat. I’m talking about KB3136562, a purportedly Cumulative Update to Windows 10 that bumps the build number from 10586.71 to 10586.79 but that shows up in Update History only as “Update for Windows (KB3136562). Here’s what’s interesting about this item:

  • It is not yet available through normal Windows Update automatic download
  • It requires manual download and installation, via the Windows Update Standalone Installer (x86 download/x64 download). This explains why those files end with the .msu file extension.
  • There’s been no official word from MS about this update just yet, though numerous sources have provided coverage, including my personal fave TenForums.com and reddit.
  • Most everyone who’s tried this update has reported successful installation, and it’s succeeded on 2 of the three systems I’ve tried it out on. It took some digging, but found the 0x80070BC9 error code for both failed install attempts on the affected machine.

At first, I believed that the affected machine’s use of the [en-GB] (British English) language pack, instead of [en-US] (American English) might have been at fault, but a question and reply sequence to fellow community members at TenForums disabused me of that notion. Now, I’m just scratching my head to figure out why it worked on most of my targeted PCs, but not on one of them. I’ll keep working it, of course, but such mysteries are what make working with Windows both extremely interesting and occasionally frustrating as well.

1511.79.winver

When the update installs, here’s the latest resulting WinVer output.

The big questions about KB3136562 can be stated as follows:
1. Why hasn’t MS released it through normal Windows Update channels?
2. Why is there no document page for KB3136562? (A search at Microsoft.com turns up zilch right now).
3. Why are the manual downloads available with no MS fanfare nor explanation?

If, like me, you’re incurably curious and just want to see what KB3136562 does, go ahead and use the download links provided in the bulleted list above. I’d suggest installing it only on a test machine, however, as it’s by no means a given that this update will ever be released through formal channels. Have fun!


February 1, 2016  8:14 AM

Secunia PSI/CSI Engine Gets Right with Windows 10

Ed Tittel Ed Tittel Profile: Ed Tittel
vulnerability management, Windows 10

I’ve been a big fan of Secunia’s (now part of Flexera) Personal Software Inspector (PSI) and Corporate Software Inspector (CSI) for half-a-dozen years or longer. The engine that makes both versions work scans PCs for installed software, and compares them to its sizable and comprehensive database of applications to see what’s up-to-date and what’s in need of patching or updating. But since the release of Windows 8, the software scanner engine has had a tendency to present an inert or perhaps comatose appearance to the OS long enough for it to register as unresponsive and to provoke errors that get picked up in the Windows Reliability Monitor on Windows 10.

That’s why I was glad to see the engine get an update in late January (to version 3.0.0.11004 for PSI, CSI uses the same agent on the PC clients it serves) that seems to have fixed this problem. I’m not sure what caused the lag between the software release and the OSes it serves, but it’s nice to have a good monitoring tool NOT act as a source of errors when it appears, to all intents and purposes, to be functioning properly and providing useful information and system guidance.

As far as scanning tools go, both PSI and CSI are worth checking out — and using, should your personal or corporate needs incline in their direction. This goes double, now that the latest release of the client-side engine (PSIA.exe) that works for both the personal and corporate versions of the software is no longer throwing potentially spurious “Stopped Working” errors on Windows 8.* and 10 PCs. At the UI level, the PSI scanner shows a (Not Responding) error while this situation works itself out in the background.

secpsi

Note the APPCRASH error thrown by PSIA.exe on 1/2/2016: the latest release no longer does this.


January 29, 2016  11:14 AM

How to Fix Unceasing (Re)Install of KB3119142 in Windows 10

Ed Tittel Ed Tittel Profile: Ed Tittel
Patch management, Visual C++, Windows 10, Windows Update Management

Before the latest cumulative update for Windows 10 (KB3124262) appeared on 12/27, I’d already run into a problem with theKB3119142 “Update for Microsoft Visual C++ 2012 Update 4 Redistributable Package” on a couple of my PCs. I’d also fixed it fairly easily, having discovered numerous reports of this problem in various self-help repositories on the Web, most notably Answers.Microsoft.com and TenForums.com. As the repeated entries from the snippet of Update History from an affected machine shows below, the update keeps reinstalling and reinstalling though each installation is reported as “successfully installed.”

The fix, as it happens, is pretty straightforward, so I’ll provide step-by-step instructions:

  1. Open Control Panel
  2. Open Programs and Features
  3. Scroll down and right-click the entry that reads “Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030
  4. Select “Repair” from the resulting pop-up menu
  5. Once the repair completes, reboot your PC if requested to do so

I haven’t yet found an explanation as to why this is happening, but it stops the endless cycle of repeated reinstallations cold. Given that 3 of my 7 current PCs experienced this issue, and that I see hundreds of reports from others suffering likewise, I have to believe this is a reasonably widespread phenomenon. Thus, I’m hopeful that an understanding that this problem, while vexing, is not terribly serious, along with a recipe to bring it to a screeching halt, will be helpful to those legions of Windows administrators out there. Given access to a decent automation facility such as PowerShell, AutoIt, WinAutomation, or something else in the same vein, one could easily script a quick utility to execute this repair on any and all affected machines during the next scheduled data cycle using your normal deployment tools.

The following screen capture makes it crystal clear as to the obvious symptoms that manifest when this issue is present on a Windows 10 PC (I count 10 recurrences in a 5-day period). If you start seeing something like this, now you know what to do!

repeat-kbitem

Though successfully installed, KB3119142 keeps going like the Energizer Bunny.


January 27, 2016  10:01 AM

Latest Surface Pro 3 Firmware Update Includes an “Oops!”

Ed Tittel Ed Tittel Profile: Ed Tittel
firmware update, Surface Pro

On January 19, Microsoft released a System Firmware Update for the Surface Pro 3 that included an item related to Pen settings for the Surface Pro 4 Pen. In the wake of numerous subsequent reports of crashes and blue screens resulting from this item, MS has removed it from that firmware update (details appear under a “January 2016” heading on the Surface Pro 3 update history page). Alas, however, many people — including yours truly — had already updated their firmware with the original package that included the now-missing Surface Pro 4 Pen settings element.

Here’s how you can tell if your Surface Pro 3 is affected. In Device Manager, open the Human Interface Device entry, and check the version number for the driver associated with the Surface Pen Settings element. If your driver version is numbered 10.0.302.0, dated 10/22/2015, you’ve got the version associated with the Surface Pro 4 Pen installed; the most up-to-date version for the Surface Pro 3 Pen Settings is actually numbered 4.0.112.1, dated 3/20/2015.

The easiest fix for this potential gotcha is to simply click the “Roll Back Driver” button in the Surface Pen Settings Properties window on the Driver tab. This will automatically de-activate the 10.0.302.0 driver, and re-activate the 4.0.112.1 driver that preceded its installation. I followed a set of instructions from Liam Tung at ZDnet that had me uninstall the 10.0.302.0 driver, then restart the Surface Pro 3, which was supposed to automatically re-install the 4.0.112.1 driver by itself. Instead, I wound up with an Unknown Device in Device manager, which I was able to fix by pointing its Update Driver function at my local copy of the 4.0.112.1 driver already resident in my DriverStore folder.

I have to believe that the rollback fix is easier than digging into device designations (it took a while) to find the right one for the Surface Pen Settings item. But, all’s well that ends well, and now my Surface Pro 3 is humming happily along with no signs of crashes or blue screens in sight. Just another day in Windows-World, eh?

sp3pensettingsOK

OK, now that’s more like it: proper driver now replaces improper SP4-only version.


January 25, 2016  10:09 AM

PowerShell for SCCM Confers Automation Benefits

Ed Tittel Ed Tittel Profile: Ed Tittel
Powershell, System Center Configuration Manager

The Technical Preview version of Microsoft’s System Center Configuration Manager (SCCM) offers some pretty tasty capabilities, including up-to-date support for Windows 10, handling for Windows in-place upgrades, a sped-up update cycle to track the more rapid Windows 10 update cadence, and on-premises mobile device management (MDM). There’s a lot to like about it, but also a lot to do with it, too.

That’s what makes the System Center Configuration Management Cmdlet Library worth digging into, for those who work with any of the latest SCCM releases. After you download that library, it will receive the ongoing updates that MS publishes for this environment automatically. It’s based on the Windows PowerShell module for SCCM, and brings all kinds of interesting automation capabilities into the SCCM environment, and is designed to help manage a Configuration Manager hierarchy using PowerShell Cmdlets and scripts. The only requirements to grab and use this toolset are access to Windows PowerShell 3.0 or newer, and a current SCCM console (2012 or newer).

To help you dig further into the subject matter, here are some relevant technical references and information:

Technical reference for SCCM (TechNet, 12/8/2015)
How to build a lab environment to evaluate SCCM (TechNet, 12/15/2015)
Documentation for SCCM (TechNet, 12/15/2015)
Find the most advanced features for SCCM in the ongoing Technical Preview (60-day eval, including Endpoint Protection) or Technical Preview2 (180-day eval, SCCM only)
Using Windows PowerShell (TechNet, 10/17/2013)
The System Center Configuration Manager Cmdlet Library (Developer Network/PowerShell Docs); see also the Technical Preview version, though currently only Operations Manager items are available.
SCCM Cmdlet Reference (TechNet, 2/7/2014)

For those just getting into PowerShell, the MSDN PowerShell pages are also worth digging into. There is a plethora of books available on this topic — as this Amazon Search shows clearly — though you’ll want to concentrate on versions 3.0 and 4.0 (the latest releases as I write this post).

sccm-new

The latest SSCM offers terrific deployment and management capabilities that include Windows 10 on the desktop, plus in-place upgrades.

Be sure to check all this out!


January 22, 2016  3:10 PM

Every VDI deployment has its thorn

Margaret Jones Margaret Jones Profile: Margaret Jones

VDI has always faced an uphill slog. Implementation is time-consuming and expensive. The technology only fits certain use cases, and with so many moving parts and people to please, a lot of problems can crop up.

If your higher-ups are on board with doing VDI and you get the infrastructure right, one of the last hang ups you might encounter is user acceptance. If workers don’t want to use their virtual desktops, your project is as good as dead. Virtual desktops and applications must work when users need them, and they need to work well. They should be fast, responsive, and easy to access.

When employees use graphically intensive applications, such as CAD or architecture apps, they press a particularly sharp thorn into your VDI deployment’s side: Graphics are resource hungry, and when they don’t get what they need, they get laggy and slow. When applications are laggy and slow, workers aren’t happy, and anyone who’s ever handled a help desk ticket knows what unhappy workers can be like.

Fortunately, graphics processing unit (GPU) cards, emulation and virtualization are all viable options to improve performance.

GPU emulation is cheap, but it won’t help much with very needy applications. GPU cards can get pricey if you have to support many people, but a dedicated GPU is a power user’s dream come true. If you can’t afford to match one GPU to every one of your users, you can virtualize it or share it among users.

No matter how many users need graphics support, it’s likely there’s a GPU option that fits, and our new handbook, GPUs Bring Lightning-Fast Apps to Virtual Desktops, has the information you need to make an informed decision.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: