Windows Enterprise Desktop


August 23, 2017  9:55 AM

Win10 PowerShell Chkdsk Alternative

Ed Tittel Ed Tittel Profile: Ed Tittel
CHKDSK, PowerShell cmdlets, Windows 10

In the latest Win10 versions, PowerShell replaces the command prompt (cmd.exe) in the Winkey-X pop-up menu. And it runs most command-line programs unaltered, including chkdsk. But PowerShell also offers alternative cmdlets (pronounced “command-lets”) as well. In fact, the Win10 PowerShell Chkdsk alternative is the Repair-Volume cmdlet. Here’s what the get-help subsystem in PowerShell has to say about this cmdlet:

Win10 PowerShell Chkdsk Alternative

Repair-Volume offers most of the same functionality as chkdsk in a form that’s native to PowerShell.
[Click image to see full-sized view]

Exploring the Win10 PowerShell Chkdsk Alternative: Repair-Volume

The most frequently used version of Repair-Volume takes a volume offline for scanning, and attempts fixes on any errors it finds. Thus, the basic syntax for this version of the command is:

Repair-volume -Driveletter <DrvLtr> -OfflineScanAndFix

Where you’d substitute the letter for the drive you wish to scan for the generic <DrvLtr> parameter. I tried this out on my production system yesterday because it currently supports 10 drives. I’m pleased to report it worked on all drives, including the boot/system drive, C:. It was interesting to see the drive information (the bar that shows how much space the drive provides, and how much is used) disappear while this process was underway, as shown here for one of my biggest drives (J: 3TB nominal):

drivej

When it’s running for some specific drive, that drive’s disk info disappears (it’s off-line).
[Click image to see full-sized view]

Using Repair-Volume Day-to-Day

Actually, this cmdlet is incredibly easy to use. You’ll find it handy when you need to check drives under most circumstances. Also, because it even works on your boot/system drive you’ll find yourself needing to schedule chkdsk after restart less often. Finally, those who want to create a PowerShell command file (.ps1 extension) can easily put something together to do this for all of their drives, and run it periodically as a scheduled task.

Thanks to Sergey Tkachenko at WinAero.com, whose blog post “How to Check a Drive for Errors in Windows 10” (posted 8/22) brought this cmdlet to my attention.

August 18, 2017  10:12 AM

Great Win10 Date/Time Calendar Trick

Ed Tittel Ed Tittel Profile: Ed Tittel
Calendar control, Windows 10, Windows Taskbar

No matter how much you might know about Windows 10, there’s always something new to learn. I picked up a winner from Ed Bott’s ZDNet column the other day. He explains how to use the pop-up calendar as a general “time navigation tool.” Along the way, he exposes a great Win10 Date/Time Calendar trick I’ve already put to good use. Here’s a step-by-step illustration of what’s involved.

The Great Win10 Date/Time Calendar Trick, Step-by-Step

Step 1: Click the date time widget in the notification area of the taskbar.

Great Win10 Date/Time Calendar Trick

Step 2: Check the resulting pop-up calendar centered around today’s day and date. Notice the line that reads August 2017 at the upper left of the display.

Great Win10 Date/Time Calendar Trick

Note “August 2107” at upper left, just below the time/date bock at the very top.

Step 3: You can manipulate the month on display directly. Instead of using the arrows at top right, click on August (or whatever month is on display). Here’s what you’ll see:

Great Win10 Date/Time Calendar Trick

You get a visual layout of all 12 months of the year and can pick out the one you want immediately.

Step 4: To see a year “map,” click the 2017 at upper left shown in the preceding screen capture. To go further back or forward in time than the window allows (2010-2019), use the arrows.

cal-year

You get a visual layout of all 12 months of the year and can pick out the one you want immediately.

This makes the built-in, easily accessible calendar on the notification pane a much better calendar tool than I’d thought. I’ve already used it several times since Wednesday to solve scheduling issues. Ditto for picking appropriate days for meetings, and figuring out which days of the week commitments fell upon. Good stuff!


August 16, 2017  3:04 PM

MS Diagnostics and Recovery Toolset (DaRT) 10

Ed Tittel Ed Tittel Profile: Ed Tittel
Administrative tools, Boot, Windows 10, Windows tools

The MS Diagnostics and Recovery Toolset (DaRT) 10 permits admins to diagnose and repair computers that won’t boot, or have problems starting as usual. DaRT 10 can recover unusable end-user PCs. It can also diagnose probable causes for underlying issues, and repair unbootable or locked-out machines. It can restore lost files, or detect and remove malware, even when computers are offline. Indeed, this all makes DaRT an invaluable addition to any admin’s Windows toolbox.

Diagnostics and Recovery Toolset

DaRT appears in the boot menu as “Microsoft Diagnostics and Recovery Toolset” from whence you can launch its various recovery tools

Who Qualifies for Access to the Diagnostics and Recovery Toolset?

If DaRT is a great tool, why isn’t it better known and more widely used? Alas, only organizations with a license for Windows that includes Software Assurance qualify. Such organizations are granted access to the Microsoft Desktop Optimization Package, aka MDOP. A Windows 10 Enterprise E3 in CSP Subscription, which includes Software Assurance, costs $84 per user per year with no minimum license commitment. (That said, volume licensing starts at 5 units, and goes up from there.) Higher-level licenses cost more…
The only others granted access to MDOP – which includes DaRT among its components – need a standard Visual Studio Subscription with MSDN or its cloud counterpart. This standard subscription costs US$5,999 for the first year, and $2,569 annually thereafter. Alternatively, the cloud equivalent costs a flat $2,999 yearly.  Thus it costs something to access DaRT, no matter how you slice it.

Understanding DaRT

The best point of entry into DaRT appears in the Windows IT Center online. There, you’ll find a DaRT 10 landing page entitled “Diagnostics and Recovery Toolset 10.” This in turn offers up the following Table of Contents (presented here with live links for your surfing pleasure):

Getting Started with DaRT 10

About DaRT 10|Release Notes for DaRT 10|Overview of the Tools in DaRT 10|Accessibility for DaRT 10+

Planning for DaRT 10

Planning to Deploy DaRT 10|DaRT 10 Supported Configurations|Planning to Create the DaRT 10 Recovery Image|Planning How to Save and Deploy the DaRT 10 Recovery Image|DaRT 10 Planning Checklist

Deploying DaRT 10

Deploying DaRT 10 to Administrator Computers|Creating the DaRT 10 Recovery Image|Deploying the DaRT Recovery Image|DaRT 10 Deployment Checklist

Operations for DaRT 10

Recovering Computers Using DaRT 10|Diagnosing System Failures with Crash Analyzer|Security and Privacy for DaRT 10|Administering DaRT 10 Using PowerShell

Troubleshooting DaRT 10

Using DaRT

To use DaRT, you must download MDOP from the Volume Licensing Center or the Visual Studio/MSDN portal. Then you can grab the DaRT .ISO amidst its various components. Mount that .ISO as a virtual drive, and follow TechNet instructions in “Create a Bootable USB Flash Drive.” Be sure to build both MBR/NTFS and UEFI/FAT32 versions so you can boot either PC type. Finally, copy the contents of the entire mounted .ISO to the UFD’s root. You can then use it to boot problem PCs for access to DaRT’s tools, shown here:

Diagnostics and Recovery Toolset

Be sure to check DaRT out, assuming you qualify to download MDOP and start digging in. Good stuff!


August 15, 2017  10:17 AM

Ed Bott Issues Win10 Report Card

Ed Tittel Ed Tittel Profile: Ed Tittel
Image management, Windows 10, Windows Defender, Windows Hello, Windows Update Management

About two weeks ago, long-time Windows watcher Ed Bott offered an interesting assessment of Windows 10 at ZDNet. It’s entitled “Windows 10 after two years: Microsoft’s mixed report card,” and appeared on 8/3. Given that Ed Bott issues Win10 report card, what kinds of grades does it include? Just as the OS is a mixed bag, so also his assessments. Here’s what grades he handed out:

  • Adoption rate: A-
  • Upgrades and updates: C+
  • Privacy: B
  • Security: A-/B-
  • Apps: Incomplete
  • Tablets and phones: F

As Ed Bott Issues Win10 Report Card, What Do His Grades Mean?

The Adoption rate grade is easy to explain. It reflects the fastest uptake “for any Windows version ever.” But the company’s failure to hit its 1 billion user target in 2-3 years explains the minus sign. What Bott labels a “frantic first-year push” is over. Now, he sees (and I agree) that “Microsoft adopted a much more relaxed upgrade pace.” It relies on new PC sales to boost Win10 numbers rather than upgrades on existing gear.

The Privacy grade reflects wild-haired responses to Microsoft’s broad-based telemetry (and consequent data acquisition). It figures into many, if not most, of Win10’s subsystems and actions. Bott takes issue with the company’s “dry, legalistic and unconvincing explanations” for this data grab. But he also gives credit for halving such data collection, and publication of telemetry data details.

Security gets two grades, one for enterprise and another for “consumer and small business segments …” The higher enterprise grade reflects “an impressive assortment of security features for its enterprise customers.” The lower grade dings their absence in down-market versions of Windows 10. Baseline security features mentioned include Windows Hello, disk encryption, and built-in antimalware. Enterprise security features mention Defender Advanced Threat Protection, Exploit Guard, and Defender Application Guard.

Onto the Less-than-Stellar Report Card Items

The Upgrades and updates C+ grade comes from “two free feature updates per year.” That gets coupled with an 18-month shelf life for each one. Thus, as Bott so rightly observes, “you can no longer stick with an older version of Windows indefinitely.” He (and I) like the new approach of “cumulative quality updates in place of an endless assortment of individual updates.” But he takes issue with forcing updates on end users and notes certain “hiccups” in CPU support. Most notably, that included a “sudden end of support for relatively young PCs based on Intel’s Clover Trail chips.”

The Apps category gets an Incomplete. That’s because of Microsoft’s ongoing struggle to deliver compelling Store apps. Using the Desktop Bridge hasn’t really fired up the app space, either. Bott finds fault with Office mobile apps as “barely adequate and almost impossible to find …” I agree that apps remain a sore point for Windows 10. Indeed, they haven’t captured user’s hearts or minds.

Finally, Bott gives Tablets and phones an F. That’s because MS has let Windows Mobile wither, even as it continues “cranking out Windows 10 Mobile builds…” He characterizes “the company’s capitulation in this category” as “nearly complete.” He goes on to remind readers about the Nokia sell-off and a massive mobile writedown.

Other Noteworthy Aspects of Windows 10 Outside Bott’s Coverage

As somebody who’s covered Windows 10 since the first Technical Preview was released, I’d like to add a few more subjects to Bott’s report card, with some brief explanations:

  • Image construction and management: A-
    Microsoft has moved away from monolithic builds for releases and updates. It now uses an approach to providing updates that looks like “survey what’s present, update what’s outdated, and supply what’s missing.” I also like the increasing capability of DISM and related PowerShell equivalents, to operate on and customize Windows image files. I give it a minus because the syntax and structure of this stuff is not terribly friendly, even for seasoned Windows-heads.
  • Refresh and Reset Windows: A
    The new built-in facilities for performing an upgrade install to refresh OS files while keeping applications and data is nice, as is the reset capability to return a PC to from-the-factory status. Good stuff!
  • Task View: A-
    The ability to define and manage multiple desktops in Windows has always been a good idea, but it’s only recently been built into the OS. This is a handy feature for power users who need to juggle multiple usage scenarios, especially for multi-monitor set-ups.

I could go on, but I only want to make the point that there’s quite a bit to like about Windows 10 for admins and end users alike.


August 14, 2017  5:33 PM

Numbering Decimal Versus Binary Bytes

Ed Tittel Ed Tittel Profile: Ed Tittel
Disk size, Disk space, Windows 10

One thing I sometimes think about is the difference between binary and decimal numbers. This difference can be particularly interesting when it comes to sizing storage like HDs or SSDs. Manufacturers use decimal numbers to count the bytes of storage they provide. Then they describe them using megabytes (MB), gigabytes (GB), terabytes (TB) and so forth. But when it comes to numbering decimal versus binary bytes, using decimal sizes makes drives look bigger than they really area. As the scale of the units involved increases to TB and beyond, the discrepancy gets bigger along with the units.

Table 1: Numbering Decimal Versus Binary Bytes

Numbering Decimal Versus Binary Bytes

Decimal sizing inflates drive capacity.

 

What this table shows is interesting. For one thing, for each unit (GB, TB, PB, and EB, which correspond to binary numbers 230, 240, 250, and 260) it shows the difference between a putative decimal number (Claimed) and its binary equivalent (Actual). This is also expressed as an absolute difference (Diff) and a percentage difference (%-age). The Delta column shows how the growing percentage difference as we increase the scale of the units actually decreases (that is, from GB to TB, from TB to PB, and from PB to EB, or Exabyte). That’s a good thing because it means the increase is arithmetic rather than geometric or exponential.

There’s an online tool you can use to work other numbers out for disks sized using MB, GB, and TB units. It’s entitled USB Hard Disk Real Capacity. But of course, it works for any kind of binary storage where buyers must convert a less-than-perfect decimal number into its binary counterpart. While you may or may not check it out, you can use the percentage numbers for each unit from Table 1 to reduce claimed disk sizes to the actual numbers you’ll see showing up in Windows Explorer (or its platform equivalent, such as the Finder for MacOS, and file/directory commands for Unix/Linux).

Actual Table Data

WordPress wants images, so I took a snap of the table below in HTML to turn it into a graphic. Here’s the table for those who may want to grab it in actual numeric form for manipulation in a spreadsheet or something…

Claimed Actual Unit Diff %-age Delta
128 119.2093 GB 8.7907 6.87%
256 238.4186 GB 17.5814 6.87%
512 476.8372 GB 35.1628 6.87%
1 0.9095 TB 0.0905 9.05% 2.18%
2 1.8190 TB 0.1810 9.05%
4 3.6380 TB 0.3620 9.05%
6 5.4570 TB 0.5430 9.05%
8 7.2760 TB 0.7240 9.05%
1 0.8882 PB 0.1118 11.18% 2.13%
1 0.8674 EB 0.1326 13.26% 2.08%


August 8, 2017  3:28 PM

Hackers are coming: How IT can learn from the HBO ransomware attack

Alyssa Provazza Alyssa Provazza Profile: Alyssa Provazza
Endpoint security, HBO, Ransomware

Game of Thrones fans who want to avoid spoilers are running for cover in light of last week’s HBO ransomware attack. End-user computing administrators should take notice and learn about security measures that can protect their employees’ data from similar attacks.

Hackers stole a variety of data in a ransomware attack, then released episode scripts, plus HBO employees’ phone numbers, emails and other personal information. This week, they threatened to dump further confidential data.

Typically a ransomware attack corrupts endpoints by taking advantage of Windows operating system vulnerabilities. Hackers encrypt stolen data so that users cannot access it and demand payment in exchange for decrypting the data.

Most often, the actual attack vectors are social engineering tactics, in which hackers trick users into clicking on links or opening email attachments that launch an attack that exploits the OS vulnerability. If a hack affects one device, it can spread through the rest of a corporate network. That’s why user education is the most important tool EUC admins have against a ransomware attack.

Organizations can hire security consultants to educate users, or adopt training software that continuously tests users to ensure they keep endpoint security top of mind. Third-party services can also send fake attacks to users, then report results back so IT can provide extra awareness training to employees who need it.

But security training isn’t always successful. Phishing attacks, for example, are becoming more advanced and can easily trick even the most discerning users. Technology such as email and web filtering tools can help, as well as endpoint and network monitoring suites. Or, organizations can require SSL client certificates that specifically authenticate the domain that a request for a user’s credentials come from.

“The underlying issue here is that any protection that relies on a human being making a reasonable decision is going to fail,” said Karla Burnett, security engineer at mobile payments provider Stripe, at last month’s Black Hat conference, SearchSecurity.com reported.

To make matters worse, ransomware attacks have increased dramatically in the past three years. They’re growing at a rate of 350% per year, according to Cisco’s 2017 Annual Cybersecurity Report. And about 40% of spam emails contained links to ransomware in 2016, up from just 1% in 2015, IBM said in a Cybersecurity Ventures research report.

As in the HBO hack, it’s not just corporate data on the line. Employee privacy is also at risk if users store personal information on their devices. IT departments should implement security and training tools to safeguard their organizations before the White Walkers — ahem, hackers — breach the wall.


August 4, 2017  1:19 PM

Win10 Post-Repair-Install Issues Appear

Ed Tittel Ed Tittel Profile: Ed Tittel
Microsoft Windows Installer, Windows 10, windows installer

Earlier this week, I reported on my experiences in performing a repair install on my production PC. To recap: in the wake of installing KB4032188 on that machine, I couldn’t enter a pin or password to login after the reboot. Eventually, I did get that PC started. Because those boot issues kept re-appearing intermittently, I ran an upgrade/repair install to fix them. The good news is that this approach worked. But there have been some consequences, as Win10 post-repair-install issues appear. Let me elaborate…

Win10 Post-Repair-Install Issues Appear

A repair/upgrade install fixes many Windows ills, but it only mostly leaves the prior install intact. What falls outside the “mostly” can get interesting…

Details When Win10 Post-Repair-Install Issues Appear

The appeal of the upgrade (re)install is that this OS repair leaves an existing Windows installation mostly intact. Over the past couple of days, I’ve been learning what falls outside that “mostly” umbrella. Here’s my list of observed items so far. Future experience may cause me to expand as new items make themselves felt or known:

8GadgetPack: Yeah, I know I’m not supposed to run gadgets any more. But they’re so darned handy I do it anyway. Each time an upgrade runs on a Win10 machine, it disables gadgets. Fortunately, Helmut Buhler’s run-time notices this, and offers a repair shortcut on the desktop. A quick double-click on same and gadgets are back at work.

System Restore disabled by default: upgrades and clean installs start up with restore points disabled, no matter the prior state of the OS beforehand. One must remember to visit the System Properties window to turn restore points back on for the boot/system drive (if they’re wanted).

Windows 7 Games: I’m still hooked on Freecell, Solitaire and Hearts. Something about upgrade or clean install kills the ability to run those old games on new Windows versions. A reinstall turns out to be required, but neither terribly difficult nor time-consuming. Prior to repair, the icons still show up (in generic form) but nothing runs; after repair: game on!

Norton Identity Safe: I use Norton Internet Security on my production PC. Norton Identity Safe is my password store on that machine. Also, a Web-based version lets me use it on any machine with Internet access. Although I disabled Norton during the upgrade process, and re-enabled it afterward, Identity Safe wouldn’t run. I ended up downloading and using the Norton Remove and Reinstall tool to fix this.

People: I don’t use the People feature in Windows 10.  (Instead, I use Outlook contacts in various versions of Office 365). People still shows up by default on my Taskbar. Thus, I have to unlock the taskbar, then turn off People in Taskbar settings. Finally, I re-lock the taskbar to keep from changing it by accident.

Nvidia GeForce Experience: the first time I fired it up, post-upgrade, it re-installed itself and informed me I needed a new GeForce driver. Looks like something about the upgrade stymies the operation of and automatic update check here.

Anything else?

That’s it so far. The great joy of Windows is that you often don’t recognize a problem until it hits you over the head. I’ll keep adding to this list of items as they do that to me. Stay tuned! If any new Win10 post-repair-install issues appear, I’ll let you know here.


August 3, 2017  1:26 PM

MVA Offers Free Win10 Security Course

Ed Tittel Ed Tittel Profile: Ed Tittel
FREE, Security training, Windows 10

Every month, like clockwork, I get an email blast named “MCP Monthly” from Microsoft Learning. In fact, anybody who’s ever passed any MCP exam can sign up for and receive this newsletter. This latest issue includes an item entitled “Windows 10 Security in Real Life.” As it happens, this points to an MVA (Microsoft Virtual Academy) course of the same name. The featured instructors are Erdal Ozkaya, MS Cyber Security Architect, and Raymond Comvalius, an independent IT architect. The course includes 6 modules from 8 to 45 minutes or so in length, with total playing time of 2:46, as shown in Table 1. Because MVA offers free Win10 security course to all, it makes sense for interested parties to give it a try.

Modules from

Win10Security in Real Life

Module Title Time
1 Security Landscape 0:42:26
2 Device Protection 0:13:26
3 Threat Resistance 0:07:48
4 Identity Protection 0:43:19
5 Information Protection 0:19:55
6 Breach Detection 0:41:28
Total 2:48:22

So MVA Offers Free Win10 Security Course:
Where Do I Find It?

Sign-up is easy at the Microsoft Virtual Academy. You’ll use your Microsoft Account to login directly to the course at MVA. Then, simply work your way through the six modules in sequence. Along the way, you’ll hear from your friendly and voluble instructors. It’s interesting stuff and worth digging into for those charged with managing and maintaining security for Win10 PCs on organizational networks. You’ll definitely want to check it out.

MVA Offers Free Win10 Security Course

The content is useful and interest, the topic timely, and the price entirely right. What more could you want?

If you’ve been itching to learn about new MS security technologies such as Windows Hello and Credential guard, you’ll find them covered here. Same goes for data protection using Windows Information Protection (WIP) and Conditional Access. Likewise for Windows Defender’s Advanced Threat Protection. It can help detect, diagnose, investigate and respond to so-called Advanced Persistent Threats (APTs). Good stuff, all the way around. Please dig in at your convenience!


August 2, 2017  5:24 PM

KB4032188 Causes Win10 Confusion

Ed Tittel Ed Tittel Profile: Ed Tittel
Troubleshooting, Windows 10

Microsoft released a new Current Branch cumulate update earlier today. Alas, the update known as KB4032188 causes Win10 confusion — at least, on one of my PCs. After the mandatory restart to fully install it, I found myself in the vexing position of being unable to login. On one PC, the update apparently knocked out access to both mouse and keyboard (which speaks to a potential USB driver gotcha). It’s impossible to login to Windows if you can’t key in a PIN or password, nor use the mouse to do likewise with an on-screen keyboard equivalent. Sigh.

KB4032188 Causes Win10 Confusion

When you see the login screen but can’t use a mouse or keyboard, then what? Think fast!

When KB4032188 Causes Win10 Confusion, What to Do?

I keep a small bin full of USB flash drives on my desk. It numbers the Macrium Rescue Media, Kyhi’s Bootable PE Rescue Disk, and an installable UFD with Windows 10 Pro 15063 among its contents. First, I booted up using the Macrium item to roll back to last night’s image capture. No dice: the boot issue continued unabated. Second, I booted into Macrium again, and ran its Windows boot repair utility. Again: no dice. Finally, I used the Win10 15063 UFD to perform an in-place upgrade/repair install (I did manage to get Win10 to boot to make this happen) to rewrite my Windows files. That almost did the trick, though some post-(re)install cleanup also proved necessary…

Where Did Those &*(% Drivers Go?

Following the repair install, the machine booted just fine. I was (mostly) back in business. Upon closer inspection, I observed that my Intel I211 GbE NIC had gone south. So I switched to my handy Startech USB 3.0 to GbE dongle to regain network access immediately, then uninstalled the wonky driver in Device Manager. A quick “Scan for hardware changes” later, and MS automatically downloaded a working driver for that NIC without difficulty or demur. Although I’m not using the 2nd NIC on my mobo (an Intel I219-V) the same maneuver worked to restore its driver to working when I switched my RJ-45 cable from one built-in NIC to the other.

One problem I couldn’t solve quickly, and don’t want to troubleshoot to completion, is that my Asrock Extreme7+ motherboard has stopped recognizing 4TB drives. They worked on it before, and still work just fine on my Asrock Z97 Fatal1ty gaming board. Thus, I’ve still got some lingering device issues there. I plan to perform a clean install of Win10 Pro on the production machine later this month, after I come back from a road trip to Fairfax County next week. I’ll perform a manual disk partition to put the recovery partition at the end of the drive where it rightfully belongs, using SysPrep to create a custom Windows image for regular re-use. I just don’t want to take the time to figure out what’s up with the big drives right now.

And so it goes, here in Windows world. I’m back to work, updates are applied, and nearly everything is working like it should be. But there are always more updates a’comin’ and more gotchas inevitably along with them. Stay tuned as I recite my adventures and contortions in dealing with them…


August 1, 2017  12:11 PM

Using MS Search Effectively

Ed Tittel Ed Tittel Profile: Ed Tittel
Search Indexing, Windows 10, Windows Search

Because I work as a writer, I often find myself looking for specific references in my previous work. This means I appreciate search tools that offer fast, easy access to document contents, not just filenames. In perusing a TenForums post recently, I learned that Win10’s built-in search function offers content indexing and search. This comes as welcome news to me, because other text search tools I’ve tried out have been none of the following: cheap, fast, and decent performers. But by using MS search effectively, these hurdles may be overcome.

The Secret to Using MS Search Effectively

Turns out you can index file contents as well as filenames in the MS search tool. This requires using the Advanced Options window available in the Control Panel widget named Indexing Options. The keys to success require two things:

  1. Making sure that all relevant file extensions are checked (all are checked by default, so you may decide to prune a bit to speed indexing time if you wish to search content as well as filenames)
  2. Clicking the radio button that reads “Index Properties and File Contents” near the bottom of this window.

You can see this at work in this screen capture of my Advanced Options window here:

Using MS Search Effectively

Click the “file contents” radio button to instruct the built-in search command to report on file and document contents.

The Downside of Using MS Search Effectively

You knew there had to be a gotcha, right? Perhaps there is more than one, in fact. First, you need to review the “Included Locations” list in the Indexing Options window to make sure all volumes and folders in need of indexing appear therein. Second, you must be prepared to pay the time and space penalties involved in creating and maintaining MUCH BIGGER indexes.

Thus, if you decide to index content as well as so-called “index properties” (basically, this means file names and other file meta-data only) you’ll see some big changes. After indexing for content in the Users folder and my “work drive” (where I keep current or recent writing work), the index file jumped from under 33 MB to 2.4 GB. That file is named Windows.edb; its default location is

 C:\ProgramData\Microsoft\Search\Data\Applications\Windows.

Obviously, the bigger file takes more time to create and maintain as well as more storage space. But if you’re willing to bear that burden, you’ll find the built-in search function to be both speedy and useful in chasing down local content references and the files in which they reside. Note: you may also decide to scope your searches by clicking the “Filters” item to focus in on specific volumes or folders (on the C: drive) once your new index is built. I found this to be a great way to search my Documents folder, or my work drive, for example. You may find the same to be true for you, too!


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: