There’s been a persistent problem with recent Windows 10 releases in the Current (1607, into build 143xx) and Insider (into build 149xx) source trees. After installing an upgrade, elements of Windows.old resist removal, even with Disk Cleanup. Upon further inspection — as documented in this 10/15/2015 post — special maneuvers are needed. That means a boot to an alternate OS image and manual deletion at the command line. For some reason, the upgraded Windows environment runs drivers from Windows.old. Fortunately, there’s a cleaner for that. The Windows.old Cleanup Tool available at CNet’s Download.com makes booting into an alternate runtime unnecessary.
Compact and trivial to use, Delete Windows.old does the job.
What About the Windows.old Cleanup Tool?
According to CNet, a small software development company called Snailsuite built this tool. However, I can’t find much information about them. That said, details from the properties file for the “delete windows.old.exe” provide some context. They say the language is Chinese, and product name and copyright fields include Chinese glyphs.
Reassuringly, VirusTotal gives the file a clean bill of health (with a detection ratio of 0/56, the best outcome possible). That’s why I’m not worried about grabbing and using this tool. It’s simple, straightforward, and does the job. What more could one ask of a one-trick pony utility? It does take a long time to complete a full-blown cleanup, though, so I’d leave it for situations where normal cleanup techniques don’t result in a total scrubdown. As they say on the Internet, YMMV (your mileage may vary)!
Microsoft’s handling of updates has changed since the days of Windows 7. In that OS, users were presented with a slate of pending updates. Checkboxes next to each item let them select which ones they wanted, and which ones they didn’t. In Windows 8 and 10 versions that is no longer possible using Windows Update. The new philosophy might be expressed as “all or nothing.” Fortunately, a pair of Windows Update alternatives helps savvy power users regain their power of choice.
Windows Update Alternatives #1: WUMT
WUMT stands for Windows Update MiniTool. It’s the work of anonymous developer “Mr. X” based in Mexico, who posted this tool in the Wilders Security Forums in 2013. I grabbed my copy from MajorGeeks. (They do a good job of tracking the most current releases of this tool; dated 9/30/2016). Here’s what it looks like:
Notice the checkbox next to the lone item: lets you decide whether or not to download.
Unfortunately, I didn’t take a screen cap on October 7, when the last batch of updates rolled out. Thus, no real Windows Update items are showing (all you see is a Logitech driver). But the presence of the checkbox to its left is what counts: this is how you select individual items (or not). A Hide control (the big letter H near the right side of the control bar below Update history) lets you hide updates you don’t want.
WUMT offers three bonuses over standard Windows Update, IMO:
- It usually does the job faster than the built-in utility.
- It scans and offers new device drivers for the PC on which it’s running.
- It can access Microsoft Update, Windows Update and the Windows Store for updates.
The tool is good at recognizing drivers in need of updating. I’d rank it even with my previous favorite, Driver Update from Slimware Utilities, and ahead of my previous favorite, DriverAgent from eSupport.com. Because it’s free (no annual subscription fee) I’m pleased to give it two thumbs up.
Windows Update Alternatives #2: WSUS Offline Update
WSUS Offline Update lets users request an update download for Windows or Office updates. They can fire it off at any time without maintaining ongoing Internet access. Thus, this tool is something of a “batch job” for grabbing updates. I found it through an article from the How-to Geek entitled “How to Fix Windows Update When It Gets Stuck.”
Using the tool is simple. Identify the version of Windows you want updates for, select among some options, designate a target location for updates, and fire it off with the Start button. It is, however, limited to grabbing only Critical items. Unlike WUMT, this tool is not a complete replacement for Windows Update. You still need to access that service for non-critical updates. It doesn’t do drivers, either. But it is easy to use, compact, and makes updates locally available in a variety of usable forms (it even builds ISO images for mounting and reuse).
Identify the target OS, choose some options, and you’re ready to rock’n’roll.
Given these alternatives, admins and power users can easily avoid Windows Update when trouble rears its ugly head. Based on recent issues with WU, it’s probably a good idea to grab one or both of these tools soon.
As part of its latest earnings report, MS reported on October 20 that for Q1 F72017 (Jul-Sep, 2016) there were 47 million active Xbox Live users. This number interests me, because it suggests how many of those that MS reports as active Windows 10 users fall under the Xbox umbrella. It’s been just over a year since the Xbox started running Windows 10 instead of its own proprietary OS. Ever since, MS has been included those devices in its count of overall Windows 10 active users. Of course, this makes factoring out Xbox interesting. The company is still reporting the 400 million number, as follows:
On this ‘By the Numbers‘ page, MS is still reporting the global device count at 400M.
After Factoring Out Xbox, What’s Left?
Of course, now we know we should discount the total figure by somewhere around 50 million or so when factoring non-PC devices out. Windows phones still account for something, but by no means as much as the Xbox count. But that puts the numbers of PCs running Windows 10 somewhere in the 350M neighborhood. Assume for a moment that NetMarketShare’s latest numbers accurately reflect global PC counts. Then, with Windows 10 at 22.53% at present, that puts Windows 7 users at 750 million devices or so. It also puts PCs running Windows 8, 8.1 and XP at about another 290 million. Other versions of Windows (Vista, and NT) account for another 20 million give or take.
The grand total for Windows PCs of all stripes would therefore fall around 1.41 billion all told. With the total number of PCs globally estimated to be over 2 billion by this year, MS comes up considerably lower than the active count from NetMarketShare at 70% in round numbers. NetMarketShare’s analytics put that value at 90.85%.
I can’t help but think that NetMarketShare is missing some significant portion of global traffic and thus also underestimating the total number of PC users world wide. If they’re undercounting PCs, might they not be overcounting Microsoft’s share as well? It’s hard to say conclusively, but easy to wonder about out loud…
Paul Thurrott reports this morning that the Windows 10 Anniversary Update (AU) is now running on a sizable majority for active users of the latest flagship version. In fact, Win10 AU zooms into majority status with 77 percent of all Windows 10-based PCs having upgraded. The progression of numbers has been dramatic since its release on August 2. Some 16.2 percent upgraded by late August, with 35.5 percent by the end of September, and 77 percent right now.
The stretched out uptake comes in part because MS did not roll out the AU to all users through Windows update immediately. Thurrott speculates, in fact, that MS deliberately slowed the pace to provide time to diagnose and fix various problems it manifested. But with uptake now over three-quarters of active users on the Current Branch, he goes on to speculate further that:
- the AU will be “fully deployed by the end of November”
- “the problems are finally behind us,” meaning that webcam, OS hangs and freezes, and other issues are now mostly fixed
Win10 AU Zooms Into Majority Status Does NOT Mean “Mostly Fixed”
I’ve been hanging out on TenForums quite a bit for the past month, trying to gauge the current state of the Anniversary Update. Unlike Thurrott, I am not yet convinced that the undeniable issues with this release are “mostly fixed.” Indeed, an unusual number of cumulative updates show since the AU appeared. From the MS Support listing for Updates for Windows 10 Version 1607 , there are 8 such updates:
Users at TenForums report issues installing many of these (and other) Windows 10 updates. Sometimes, manual downloads from the Update Catalog overcome Windows Update service ills. Sometimes, they don’t. And sometimes, Windows Update itself goes wonky. Numerous users report problems getting Windows Update to work normally after install problems occur. Lately, the issue with Windows freezes has declined in frequency. But numerous users still report freezes, and are being forced to roll back to the 1511 version to restore their PCs to working order.
The number and frequency of cumulative updates also indicates — IMO — that issues keep popping up. The traffic on TenForums makes this assertion more credible, too. There’s been a raft of rants, complaints, and grumbling that matches or exceeds anything I’ve seen since Windows 8 appeared. That’s not something that MS wants!
In the hit 90s animated TV show Hey Arnold!, Arnold’s neighbor Mr. Hyunh becomes an unlikely country star with his song “Simple Things.” He sang about the simple things he likes about life — rain, spring, spicy chicken wings – but he might as well have written the tune about Windows desktop security.
Windows administrators may stay up at night worrying about complex attacks hackers are concocting, but what they really need to focus on is the basics. Sophisticated attacks exist, but attackers could also just steal passwords.
Something as simple as bad passwords can be a gateway to infiltrate Windows. That’s why IT should set length and complexity standards, and require users to change passwords periodically. They should also consider multi-factor authentication such as Windows Hello in Windows 10. This biometric authentication tool allows users to log in by scanning their fingerprints, irises or face.
Admins also must prevent users from accessing unapproved information and limit what they can do with certain data. The Windows 10 Anniversary Update helps IT do just that with Windows Information Protection (WIP), formerly known as Enterprise Data Protection. WIP uses what Microsoft calls enlightened apps to differentiate between personal and business data in Windows 10. Admins can also choose which applications can access what data and prevent users from performing tasks such as copying and pasting business data into unapproved apps.
It is also important to make sure security patches and antivirus software are up to date on every device, as well as encrypt all devices in the organization. Otherwise, if a user loses a device or it gets stolen, it’s easy for someone to access company data because the device password is the only line of defense. Finally, IT should invest in a Windows logging or monitoring tool to see which users might be opening up vulnerabilities.
Any Windows admins losing sleep over security should use Mr. Hyunh’s crooning as a lullaby and remember that it’s the seemingly trivial — summer breeze, 16 cans of peas and a two-speed window fan — that make him happy. It’s the little things that are most likely to come back and haunt Windows security, too.
For a long time, one beef among experienced Windows users has been the company’s insistence on using Internet Explorer for grabbing updates. But starting in mid-October, 2016, MS opens its Update Catalog to non-IE browsers. But there’s a catch. Those who visit the catalog using another browser still see this message if they visit https://catalog.update.microsoft.com/:
If you use Google to navigate to the Update Catalog in Chrome, you still see this.
But if you know where to surf, you can see and access the Update Catalog quite nicely. This works for those using Chrome, Edge, or another non-IE browser of your choosing. The new, browser-friendly URL is http://www.catalog.update.microsoft.com/. Here’s what Chrome showed me just now, using that URL instead of the preceding one:
Insert a www in front of the old base URL, drop the “s” in https, and Chrome shows this.
Why MS Opens Its Update Catalog to Non-IE Browsers Matters
This may seem like a non-issue to some readers. But in some corporate environments, policy dictates use of specific browsers, and only those browsers. If IE wasn’t on that list, admins were unable to access the Update Catalog without somehow circumventing that policy. Now, the new URL works with all the modern browsers I tried (Chrome, Edge, Firefox, and Opera). Thus, I’m assuming the doors are also open to other browsers outside this short list of leading choices among the hundreds of browsers available for Windows today. Certain recent issues with installing Cumulative Updates can necessitate manual downloads of items that don’t or won’t install automatically. That’s what makes this new open-door Catalog a good thing.
Anybody looking for a deeper explanation for why this change occurred need only look at this message that appears in Edge. It pops up when you try to open the old URL for the Update Catalog:
It would hardly do for MS’s new flagship browser to describe the current Update Catalog as “vintage web tech” eh?
Obviously, if MS wants to hitch its wagon to Edge going forward, it should handle the Update Catalog directly. I’m just glad the company decided to let other browsers into the catalog as well. They could just as easily have restricted it only to Edge and IE, and left all the others out in the cold. I hope it speaks to the new sense of open-ness and Open Source support that’s manifesting at Microsoft that they let the other browsers in through the same door that opened for Edge. When MS opens its update catalog to non-IE browsers, everybody wins!
Yesterday was Patch Tuesday, and included another Cumulative Update: KB3194798. This one included a bit of a surprise. Cleanmgr.exe offered to cleanup 3.99 TB from my 500 GB C: drive. It’s best appreciated from this screen cap:
That’s not something you see often on a 500GB drive!
How Can You Cleanup 3.99 TB from a 500GB Drive?
As it happens, Windows Update files reside in the Windows Component Store (aka the WinSxS folder) along with OS components. Though these files are reported elsewhere in the disk structure, too, they really reside in WinSxS, and are linked to other folders. Thus, for example Notepad.exe really resides in WinSxS, but shows up in C:\Windows in the “Location” field on the General properties tab in File Explorer.
Here’s what the Windows IT Center article “Determine the Actual Size of the WinSxS Folder” says about file size reports:
For operating system files, it can appear that more than one copy of the same version of a file is stored in more than one place on the operating system, but there’s usually only one real copy of the file. The rest of the copies are just “projected” by hard linking from the component store. A hard link is a file system object that lets two files refer to the same location on disk. Some tools, such as the File Explorer, determine the size of directories without taking into account that the contained files might be hard linked. This might lead you to think that the WinSxS folder takes up more disk space than it really does.
This set of update files must be hard-linked all over the place. That explains why their reported size vastly exceeds the 1.3 GB of actual disk space that they occupy. The number was good for a chuckle, however. It also provided an opportunity for me to learn something useful and interesting about the WinSxS folder. There’s more going on than you might think when it’s time to cleanup 3.99 TB of update files.
One More Thing…
This particular cleanup takes a looooong time to complete, so be patient. It averaged between 15 and 20 minutes on my Windows 10 PCs. After it’s done, you’ll want to restart your PC. Then brace yourself, because cleanups will continue for another 15 minutes or more before the machine shuts down and restarts. Apparently, there’s a LOT of cleanup involved here!
[Note: thanks to TenForums user Bree whose forum comment brought the cited TechNet article, and its WinSxS explanation, to my attention.]
Normally, I don’t write much on Insider Preview releases for Windows 10 here. But the latest build, 14942, includes a small but significant and noteworthy change. It appears as a single line of data in the Registry Editor, aka regedit.exe. In that single line RegEdit gets address bar capabilities. There, it displays a string for whatever key is selected.
The address bar reads “Computer\HKEY_CURRENT_USER\Control Panel\Cursors”
Why RegEdit Gets Address Bar Matters
Since time immemorial, extracting key strings from the Registry required multiple steps. They are: high-lighting a key, right-clicking an entry of interest, and selecting Copy Key Name from a pop-up menu. In stark contrast, the new approach is simpler. Simply highlight the current value in the address bar, and click Ctrl-C. Once in the paste buffer, paste that string as needed. Little, well-thought-out conveniences like this improve Windows 10 usability. Because they must often use registry keys in scripts and such, this change is especially helpful for admins and power users,
Ordinary users can’t do this until the next major Windows 10 build comes along. Right now, that upcoming release is code-named Redstone 2. Best guesses suggest it will probably debut in Spring 2017 (see this Windows Central story). This next Win10 milestone should focus on “productivity improvements for the desktop” along with “much-needed features and enhancements” for Windows 10 Mobile, from that same source.
My primary source for this information comes from Rafael Rivera at Thurrott.com. His 10/7/2016 story “Windows 10 Registry Editor Gets Very Welcome Address Bar” inspired this blog post. Thanks a bunch, Rafael! He uses phrases like “awesome” and “super-excited” in describing this addition. I’m not sure it’s worth that much exuberance, but it is a nice change.
This morning, TenForums reported that Microsoft released a new Cumulative Update KB3197356 for Windows 10. But though some users have reported obtaining this through Windows Update, users who’ve successfully installed the previous update — KB3194496 — probably won’t get this latest roll-up. Those who want it anyway must visit the Microsoft Update Catalog so they can download and install it manually themselves. While this particular update is a Windows Standalone Installer (MSU) file, other updates can appear as Cabinet (CAB) files, particularly device drivers. That got me wondering about differences between the two formats. So, I researched CAB vs MSU files and report on what I learned.
The update elements for KB3197356 are .MSU files, other downloads are .CAB files. What gives?
[Click image for full-size view]
Understanding CAB vs MSU Files
MSU files are associated with the Windows Standalone Update Installer, of type Microsoft Update Standalone Package. Thus, this program is called when any filename ending in .msu is executed. Device drivers, on the other hand, don’t always need a special installer. Instead, you might access their contents using the “Update Driver Software…” right-click option in Device Manager. Also, CAB files are archives that support a variety of compression formats. They work with various Windows installation engines. These include the Setup API, device installers, or advpack.dll. Whatis.com says: “CAB files typically contain drivers, system files and other Windows components.”
Here’s the core of the difference, in a nutshell. MSU files are more or less self-installing, thanks to the Standalone Update Installer program included with Windows OSes. But double-clicking a CAB file gets you nowhere automatically. You must either invoke the right installation engine, or otherwise access its contents. Much of the time, a program like 7zip does the trick nicely. But those who remain perplexed will find the Windows 10 CAB Installer (download links: x86/32-bit, x64/64-bit) helpful in using CAB contents (source: TenForums).
Microsoft pushed out 3 cumulative updates that hit my PCs in September. They appeared on 9/1, 9/13, and 9/26. After the third one came through at month’s end, I found myself thinking: “I wonder if repeat cumulative updates need cleanup.” Dashing into the Disk Cleanup utility (cleanmgr.exe), my presumption appeared warranted. Here’s what I found:
The highlighted item shows 1.64 GB of Windows Updates for cleaning up.
Why Do Repeat Cumulative Updates Need Cleanup?
Each time a Windows client gets something from Windows Update, it receives files in the %windir%\SoftwareDistribution\Download folder. Electing the option shown in the screenshot cleans out that folder, thereby freeing up disk space. It’s also worth noting that, once removed, such updates can no longer be uninstalled. That is, if you click “Uninstall updates” in the Update History window, you won’t see them among the list of items available for removal.
Then too, cumulative updates are a bit different from regular updates. In fact, they “roll up” all updates provided since some checkpoint in time. The three updates that hit my PC in September are best described in Knowledge Base (KB) articles:
Adding those items together for x64 Windows 10 machines, you get 1,515 MB, or 1.48 GB. The Update clean-up number shown in the screenshot is 0.16 GB bigger. Thus, it’s obviously counting other updates from that period as well. But update cleanup removes them all. With usable restore points or image backups prior at hand, one can always roll back their effects. That’s why I don’t worry about cleaning up, either. Given the current cadence of cumulative updates from MS, this is a likely monthly drill for admins.