Windows Enterprise Desktop


July 26, 2016  2:29 PM

Microsoft lets down Windows 10 Pro users

Eddie Lockhart Eddie Lockhart Profile: Eddie Lockhart
Microsoft, Windows 10

In theory, anniversaries are a wonderful opportunity for couples to show each other how much they care about one another. In reality they can easily end in disaster if one side of the relationship forgets the special day or lets their partner down.

Well, if Microsoft were dating its Windows 10 Pro customers, it would be neck deep in some anniversary-based relationship hot water right now because the Windows 10 anniversary update does not include Application Virtualization (App-V) or User Environment Virtualization (UE-V) in Windows 10 Pro.

Organizations that went with Windows 10 Pro’s free upgrade (instead of paying for Windows 10 Enterprise) and rely on Microsoft App-V to deliver remote apps to their users or UE-V to allow users to seamlessly transition from device to device and maintain their app settings, are out of luck.

It is a particularly shady move by Microsoft because companies that upgraded to Windows 10 Pro really can’t go back to Windows 7 or 8.1 now. And, if they still want access to App-V and UE-V, they have to migrate to Windows 10 Enterprise. That means paying for the new OS and taking the time to move once again. Their other option is to integrate a brand new application virtualization product such as VMware ThinApp, but that change is a hassle too.

As frustrating as this trickery is for Windows 10 Pro shops, the anniversary update’s security improvements could help Microsoft patch things up with them. The update includes Windows Defender Advanced Threat Protection. This free antimalware service uses analytics tools to send data on previous attacks back to Microsoft. The company then applies that information to its security updates and patches to make the OS more secure.

In addition, the Windows Information Protection tool allows users to mark any content they create as personal or business related. If it is business related, the content is placed into an encrypted container. IT can take the choice out of users’ hands by designating content created on particular devices as corporate.

It’s not a perfect anniversary present and for many the aggravations of the update probably outweigh the benefits, but most companies probably won’t break up with Microsoft over it just yet.

July 25, 2016  10:38 AM

Win10 Slow-flow Anniversary Update

Ed Tittel Ed Tittel Profile: Ed Tittel

Next week, MS will release the Windows 10 Anniversary Update on Tuesday, August 2. The company has already announced it will be staggering that release for users in the Current Branch. These are the folks who get the latest release via Windows Update. Mary Jo Foley of ZDNet cleverly refers to this it as “Release to Mainstream.” This new decoding for the RTM acronym works well for the world of continuous updates that Windows 10 now inhabits. I myself like to think of the staggered update mechanism as introducing a “slow-flow Anniversary Update.”

Slow-Flow Anniversary Update

Slow-Flow means that not all users will get the Anniversary Update offer from WU at the same time: some will get it sooner, others later.
[Source: Windows Insider Program 6/29/2016 blog post]

Why Is a Slow-flow Anniversary Update in the Cards?

It’s a little early to say how big the Anniversary Update will be, so I turned to a list of ISOs for a recent Insider Preview at WZOR.com. These particular ISOs come from the 14393.0 code base released two weeks ago. Those .esd files vary from a low of 1.93 GB to a high of 3.07 GB. 14393.3 appeared late last week, but should be close to the same size. Many Windows watchers, including me, think that 14393 represents the foundation for the upcoming Anniversary Update.

The reason for the slow-flow release is to keep update requests immediately following the release from swamping the Internet and download servers. Instead, Microsoft staggers its update offer across the current installed base. This helps them to manage huge flows from millions of users downloading multi-gigabyte updates all at once. Alas, it also means that some people will wait weeks before they receive an update offer that they can then exercise.

Working Around a Slow-flow Anniversary Update

For those too impatient to wait for an update offer to come their way, there are workarounds. For one, you can grab ISO files from MSDN (if you’re a member). For another,  they’ll be posted to Tech Bench (as soon as MS decides to put them there). It took two week before my test machines got a previous slow-flow Windows 10 update  to upgrade from 1507 to 1511. I was able to grab ISOs from MSDN within a day of the initial release of 1511. They hit TechBench about a week later.


July 22, 2016  10:41 AM

The Windows 10 SMB Story So Far…

Ed Tittel Ed Tittel Profile: Ed Tittel
adoption, SMBs, Windows 10

Business buy-in remains a key but elusive factor in the success or failure of Windows 10. If end-users migrate, but businesses stick stubbornly to Windows 7, it could retard Windows 10’s eventual desktop dominance. That’s what makes the report from Spiceworks entitled “Windows 10 Adoption: Sprinting out the Gate” an interesting read. It shows business uptake at the lower end of the size spectrum as surprisingly vigorous and likely to stay that way. Spiceworks is uniquely equipped to tell the Windows 10 SMB story, for reasons I will now explain.

Windows 10 SMB story: respondent company size

71% of Spiceworks respondents come from companies under 250 employees in size; 91% from companies under 1,000.

Why and How Spiceworks “Gets” the Windows 10 SMB Story

Essentially, SMB represents Spiceworks core audience. The preceding pie chart shows that, of the 900 IT professionals surveyed, most (71%) work in companies with less than 250 employees. In Europe, SMB means companies with 500 employees or less; in the US, it’s those with 1,000 or less. By either metric, Spiceworks sits heavily in the middle of that range. Thus, respondents work in a sector with a huge number of desktops and devices in use today, likely to continue in the future.

In a nutshell, the study reports that nearly 40% of respondents have adopted Windows 10 already. The actual percentage is 38%. Last year, a similar survey projected this number at 40%. Among those companies, 85% report themselves at least “generally satisfied” with Windows 10. Windows 7 is the only other version in use to get a higher satisfaction rating. That group also reports the top implementation issue turned out to be “compatibility issues with hardware or software.” Another key concern was “time required for the upgrade process.” 30% report experiencing bugs in early Windows 10 releases, which registered number 4 out of the top 9 issues.

Spiceworks’ Take on the Windows 10 SMB Story Timeline

Looking at companies that haven’t yet taken the Windows 10 plunge, one-third plan to adopt in the next 2 years. Of the other two thirds, another 16 percent plan to adopt at some point, and 42 percent have no plans to adopt. This suggests that nearly 30 percent of businesses surveyed (half of the 60 percent that have not yet adopted) are not considering Windows 10 at all. Thus, this identifies a clear target for MS to promote more widespread business use of Windows 10.

Overall, the Spiceworks study is well worth a read. Grab a copy and check it out for yourself today. That goes double if SMB is your home sector and your company isn’t already on the Windows 10 bandwagon.


July 20, 2016  1:02 PM

Hurry-up 11th hour Win8.1 Upgrade

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, Windows 7, Windows 8.1, Windows Upgrades

As of this morning, only nine days remain for the free MS upgrade offer to convert Windows 7 or 8.1 devices into Windows 10. I’d been holding out on a Windows 8.1 installation on one of my test machines until yesterday. But I decided to go ahead and exercise the offer, to preserve the value of its 8.1 license. The process took some time but went quite well — better than I expected, as I’ll explain. Let me walk you through the process for my 11th hour Win8.1 upgrade.

Prepping for an 11th hour Win8.1 Upgrade

I wanted to preserve a Windows 8.1 runtime environment should I ever need to stand it up again. Thus I first updated and cleaned-up the installation to get things underway. This meant applying all updates, updating drivers, and running Secunia PSI to make all applications current. Next, I ran CCleaner to clean up the boot/system drive. Then I captured two kinds of backups. First, I used the Sysinternals Disk2VHD utility to create a VM version of my 8.1 environment. Second, I captured a system image backup using the backup utility from File History in Control Panel. The former will let me run 8.1 as a virtual machine. The latter will let me perform a bare-metal restore to bring the old OS back up on my test machine.

Performing the 11th hour Win 8.1 Upgrade

11th hour Win8.1 upgrade

Click Upgrade Now to download and run the Windows 10 Upgrade advisor, which checks your machine for compatibility, then launches the upgrade installer.

Because I had also installed the GWX Control Panel on that Windows 8.1 install, I couldn’t use Windows Update to fire off the upgrade process. I could have uninstalled that program, and taken that route. Instead, I chose to visit the Get Windows 10 page and use the Windows 10 Upgrade Advisor. It’s downloaded to your PC when you click the “Upgrade now” button. You can also use the Windows 10 Media Creation tool available on that same page. It will download an ISO image of the Win10 install, and build a bootable DVD or UFD from which to perform a clean install, if you like.

The installation process started with a review of the test machine’s hardware and software. I’d already upgraded that same image to the Windows 10 Technical Preview (now known as the Insider Preview) months earlier. That’s why I knew it would breeze through that process. Then the actual installation got underway. The whole thing took less than half an hour to complete. I’m now running Windows 10 Version 1511 (OS Build 10586.494) on the same drive where 8.1 ran yesterday.

A Nice Surprise from my 11th Hour Win8.1 Upgrade

I was a little concerned about this upgrade. That’s because it’s on a dual-boot machine that’s also running the current Technical Preview on another SSD. I actually took the time out to build a Recovery Drive on an external USB-attached hard disk. I figured I could use it for boot repair, just in case the install process munged the dual boot set up. When the installer booted directly into the new image during its reboot phases, I wondered if a boot rebuild would be needed. But as soon as the new OS upgrade install completed, the OS selection option reappeared during initial boot. The previous Windows 8.1 entry was changed to Windows 10. I’d already used EasyBCD to re-label other boot image as “Windows 10 TP” so I could tell them apart. This was a pleasant and welcome surprise indeed.

Furthermore, Windows 10 installation seems to have improved over the initial versions of 1511. I can remember having to find and re-install the Killer NIC driver on that machine, because Windows 10 didn’t recognize that device. I also had to clean up other driver issues. Most notably, this included duplicate installs (perhaps based on install failures during the upgrade process) of the same drivers on that machine. This time, Windows 10 got all the drivers right on the first try. This improves on my experience in performing hundreds of Windows 10 installations over the past couple of years.

Pushing My Luck to Its Limit

As it turns out, I could have waited longer to perform this last-minute upgrade. It worked like a charm and took only a short while to complete. Nevertheless, I’m glad to have it behind me now, along with a new production install of the Windows 10 OS on that test machine. I’m also glad my 11th hour Win8.1 upgrade to Win10 was an unqualified success!


July 18, 2016  12:40 PM

Windows 10 1B Milestone Recedes

Ed Tittel Ed Tittel Profile: Ed Tittel
growth, Windows 10

I’ve been watching the Windows 10 growth curve for some time now. That’s kept me wondering if the company could make its self-assigned deadline of 1 B (one billion) Win10 devices before the close of fiscal year 2018 (FY18). Based purely on numbers reported to date, Windows 10 adoption rates must stay at 27-30 million new adoptions per month to hit that mark. Now, ZDNet Windows mavens Ed Bott and Mary Jo Foley indicate it ain’t gonna happen. While the mark may still be hit, timing for the Windows 10 1B milestone recedes into the future.

What Ed Bott/MJF Learned About the Windows 10 1B Milestone

In a recent blog post Bott observes that his thumbs-up assessment of Terry Myerson’s original projection factored in 50M Windows 10 handsets per year. (See ZDNet, “After One Year, 10 Lessons Learned for Windows 10,” 7/15/2016.) Upgrades to existing Windows 10 handsets encompassed 200M Windows-based phones in the 1B number. The rest of the 800M came from less mobile devices such as desktops, tablets, notebooks, and the like. But Windows Phone is now more or less out of the picture. Likewise, upgrades for existing phones range from problematic to impossible. Thus, that forcibly extends the timeframe to make up for now-missing elements.

As evidence, Bott cites a quote that Mary Jo Foley elicited from MS Senior VP Yusuf Mehdi. He says “…due to the focusing of our phone hardware business, it will take longer than FY18 for us to reach our goal of 1 billion monthly active devices.” If my calculations are correct, monthly addition of 23 million new “active users” dates the 1B milestone at December 2018. I don’t think that’s a realistic or sustainable rate. My guess is that monthly new adoptions could fall in the 15-17M range once the free upgrade expires. At those run rates, the milestone won’t come until mid to late 2019. I’d wondered if this was a realistic goal, and am glad to see MS not just recognize reality, but actually acknowledge the facts.


July 15, 2016  12:12 PM

Forrester Offers Win10 Upgrade Ammo

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, Windows migration

MS has just released a Forrester Consulting report on the Total Economic Impact of Windows 10. Jason Leznek describes it in detail in a Customer Stories blog post. The results offer compelling Win10 upgrade ammo:

Win10 Upgrade Ammo

Forrester finds that Windows 10 is quicker to deploy,consumes fewer IT resources, offers a 13 month payback, and is more secure.

Forrester interviewed four early-adopter enterprise organizations in depth to gather its data. Interviewees included a government health department, a global IT services firm, a professional auto racing team, and a multinational food and beverage conglomerate.

Gimme Some Win10 Upgrade Ammo, Already!

Here are some highlights from that study:

  • It takes less IT admin time and effort to install, manage and support Win10. Win10 offers more user-friendly features and self-serve functions. One organization observed that deploying Windows 10 was up to 50% quicker than their previous OS upgrade. IT staff also spent 15% less management time on Windows 10.
  • Advanced security features could produce significant savings on security remediation. Credential Guard and Device Guard, plus enhancements to BitLocker, boost Win10’s security profile. Using them means organizations can sidestep or reduce security events requiring remediation. According to Forrester, enabling security features in Windows 10 could save businesses as much as $700K per year.
  • Improved productivity. Windows 10 delivers faster boot and shutdown times, easy access to corporate apps, improved security, and enhanced mobility tools. Combined, IT and users can complete work faster and more efficiently. Employees estimate they have 25% more time to get work done than with previous Windows OSes.

For the full contents of the Forrester report, download their TEI Study (PDF format). You can also grab a full-size version of the preceding infographic (PDF format) .


July 13, 2016  1:12 PM

Win10 Business Subscriptions Coming

Ed Tittel Ed Tittel Profile: Ed Tittel
Software as a Service, Subscription models, Windows 10

The Microsoft World Partner Conference (WPC) is underway right now in Toronto. Surprisingly, it’s proving to be a great source of Windows intelligence. Yesterday, the company announced that it will make Windows 10 Enterprise E3 available by subscription. Subscriptions will be available to business users through partners in its Cloud Solution Provider (CSP) program. The cost will be $7 per seat per month ($84 per year). By itself, this is a good deal for the OS. Better yet, it comes in the context of a managed service provider (MSP) offering. Thus, it also includes deployment, updates, and technical support. Win10 business subscriptions are indeed coming, but outside end-user/retail customer channels and needs.

Win10 business subscriptions

This blurb comes from the Windows Insider blog post announcing the offering.

In the announcement’s words, this offering seeks to serve “…businesses who do not have dedicated IT resources or limited IT staff, and want their licensing and IT needs managed by a trusted and experienced partner.” This extends the menu of items that CSPs can offer to customers to what MS calls a “full IT stack.” That now includes Windows 10, Office 365, Dynamics Azure and CRM. All will come on a per-user/per-month basis from a single source. Businesses can even scale up or scale down the number of seats as their needs change.

Benefits of Win10 Business Subscriptions

In discussing the benefits of business subscriptions, MS specifically mentions certain”key features:”

  • Increased security, thanks to enhanced capabilities to manage identity and sensitive data built into Windows 10.
  • Simplified licensing and deployment: built-in auditing, license management, and compliance checks help keep OS and software use up-to-date, documented, and paid for. Business can even “move from Windows 10 Pro to Windows 10 Enterprise E3 without rebooting” per the announcement.
  • Partner-managed IT: partners will provide device configuration and management. They can also help businesses develop device security and management strategies based on Windows 10’s security features. Businesses can check on subscriptions for Windows 10 and other MS cloud-based items online. MS also touts “easier management with one contract, one user account, one support contact, and one simplified bill.”

I believe this could be a huge deal for SMBs. In fact, it could very well provide some much-needed impetus to spur migration to the new OS. Thus, this offer could spur a changeover sooner and in greater numbers than the history for previous Windows versions suggests. That response could even eclipse the uptake of the two most popular prior Windows versions — namely, XP and Windows 7. Bravo, MS: Win10 business subscriptions could be a silver bullet of sorts!


July 11, 2016  12:11 PM

Building Bootable UEFI Media

Ed Tittel Ed Tittel Profile: Ed Tittel
GPT, Master Boot Record (MBR), UEFI, Windows 10

When it comes to a clean Windows 10 install, it’s important to pick the proper low-level disk layout for your target system. For most modern systems this means building bootable UEFI media with GPT partitioning. While I’ve worked with Microsoft’s Windows Media Creation Tool many times, I’ve found Rufus better-suited to this job. This goes double when installing on systems that use GPT disk partitioning, usually in concert with UEFI. GPT stands for GUID Partition Table, and uses globally unique identifiers for qualifying devices. GPT supports more partitions and logical devices per physical device than the older Master Boot Record, or MBR, partitioning scheme. UEFI stands for Unified Extensible Firmware Interface. UEFI serves as a modern alternative boot environment for x86 devices (PCs, tablets, notebooks, etc.) commonly used on most machines built in 2011 or later.

bootable UEFI media

Proper settings in Rufus for a GPT-based UEFI install.

Choosing the Right Settings When Building Bootable UEFI Media with Rufus

In working with Rufus this morning, I stumbled on a gotcha. If you look at the preceding screenshot, it seems natural to work your way through the interface from top to bottom. However,  that’s not how Rufus actually works. When I selected my target ISO using the browse icon for “create a bootable disk…,” Rufus reset the partition scheme from GPT back to MBR. Thus, if  you don’t review the window before clicking the Start button at the bottom the UFD gets formatted for MBR!

I discovered this when I built what I thought was a GPT UFD, then checked results in Rufus. To my surprise, it used an MBR scheme. Only after fooling around with the program and building another UFD did I see what happened. As it turns out, you must make a partition scheme selection after targeting an ISO. That’s how to apply the right partitioning scheme/target system type. Live and learn!


July 8, 2016  2:20 PM

New AGPM 40SP3 Supports Win10

Ed Tittel Ed Tittel Profile: Ed Tittel
GPO, Group Policy management, Windows 10

Although Windows 10 has been around since October 2014, and publicly available since July 29, 2015, it wasn’t until June 16, 2016, that this OS picked up support in Microsoft’s Advanced Group Policy Management facility, aka AGPM. New version AGPM 40SP3 supports Win10 all right, and brings the same features to Windows Admins that previous versions brought to Windows 8.1, 8, 7, and even Vista. But wait, there’s a catch: only customers with an active Software Assurance agreement with Microsoft can use this cool tool. That’s because AGPM is part of the Microsoft Desktop Optimization Pack (aka MDOP), and only customers who sign up for Software Assurance get access to MDOP and its warehouse of tools and consoles.

APGM 4.0SP3 Supports Win10

AGPM brings formal change control and workflow mechanisms to GPO creation and maintenance.
[Source: MS Step-by-Step Guide for AGPM 4.0]

If AGPM 40SP3 Supports Win10, What Else Can It Do?

Besides bringing Windows 10 under the AGPM umbrella, Service Pack 3 (SP3) for the tool also adds the following capabilities:

  • Support for PowerShell cmdlets, as documented in the TechNet Library pages entitled Microsoft Desktop Optimization Pack Automation with Windows PowerShell. These include tools to add, get, lock, publish, remove, and unlock controlled GPOs to/from an APGM archive.
  • Hotfix and update rollup: the service pack includes a rollup of all fixes to APGM up to and including APGM 4.0 SP2, along with fixes for any issues provided since the release of that prior service pack.
  • APGM Client and Server may now be upgraded without having to re-enter configuration parameters. This is called a Smart Upgrade and can save time and effort (re-entry is called a Classic Upgrade). However, only some versions can handle the Smart Upgrade (4.0, 4.0 SP1, 4.0 SP2, and 4.0 SP3 to be specific; see the Table labeled AGPM 4.0 SP3 Supported Upgrades for details).

APGM also comes with a pretty hefty set of components, including .NET Framework 4.5.1, PowerShell 3.0, and the Global Policy Management Console (GPMC). If any of these components is missing, you can’t install APGM on Windows 10 (GPMC and .NET 3.5.1 must also be enabled as well).  There’s a lot of great functionality for managing and maintaining Group Policy Objects in the APGM, though, so enterprises or organizations moving toward or using Windows 10 will want to investigate further. Those unfamiliar with the APGM will also want to consult its Step-by-Step Guide at TechNet.

 


July 6, 2016  11:27 AM

Win10 USB 3.0 Boot (or Not)

Ed Tittel Ed Tittel Profile: Ed Tittel
Boot failure, usb 3 to usb 2, Windows 10

I’m still running two older Lenovo laptops, both with i7 2640M CPUs that date back to 2011. I purchased those machines in early 2012 to work on a book about Windows 8, especially because the X220 Tablet was one of the few compatible touch displays available at the time that was also fairly affordable. However, these devices are old enough to lack built-in support for USB 3.0. I remedied that lack by purchasing a 2-port USB 3.0 PCIe card. But it poses an interesting conundrum: while Windows 10 sees devices plugged into the card perfectly, it seems that the PC’s built-in UEFI environment does not. I can only imagine that’s because Windows recognizes the PCIe device and loads an appropriate device driver, where the basic boot-up run-time either cannot or simply does not do likewise. That’s where the (or Not) comes from in the title for this blog: Win10 USB 3.0 Boot (or Not). I’ve also read about others encountering similar problems on other laptops and desktops over at TenForums.com (Asus, Gigabyte H67A-UD3H-B3 mobo, Lenovo, and more).

Win10 USB 3.0 Boot

With USB 3.0, more leads means more speed.
[Source: Tom’s Hardware]

Why Does Win10 USB 3.0 Boot Ability Matter?

Why indeed? The answer, simply put, is “Speed.” USB 3.0 runs two to three times faster than USB 2.0, so booting up and/or installing an OS from a USB Flash Drive (UFD) is much faster with devices that support the newer USB version. I observed this at work when trying to reinstall the OS, but being unable to access a USB 3.0 flash drive in these computers’ F12 boot selection menu. In fact, those devices don’t appear at all on either of my Lenovo machines, though they work fine on newer PCs, hybrid laptops (Dell Venue Pro 11 7139), and tablets (Surface Pro 3), with USB 3.0 support baked into the UEFI.

There are a couple of take-aways from these observations:

  1. If your Windows responsibilities include care and feeding of older PCs or laptops, though they may be perfectly capable of running Windows 10, they may not be able to recognize or boot from USB 3.0 flash drives.
  2. That’s why it’s a good idea to keep some USB 2.0 flash drives around, and to use them to create bootable install environments for Windows 10. They will come in handy for repair and recovery scenarios, as well as should a clean reinstall of Windows 10 ever be called for on such older gear.

So remember, if you find yourself in a situation where Win10 USB 3.0 Boot media are not working, the next thing to try is their USB 2.0 counterpart. More often than not, that will solve your boot problems.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: