Thanks to some clever work from Sergey Tkachenko over at Winaero.com, DISM shows off yet another interesting capability. You can use it to install missing Windows features without having to download them from the Internet (that’s because they’re already part of the Windows image baked into the Windows installer, or other environments that include the ubiquitous install.wim or install.esd file). The syntax for the relevant DISM FeatureName command tells the story, to those in the know, namely:
DISM /Online /Enable-Feature /FeatureName:NetFX3 /All /Source:D:\sources\sxs /LimitAccess
Let’s unpack this command string, to elucidate what’s going, item by item:
/online: operate on the current running version of Windows
/enable-feature: turns OS features on
/featurename: identifies feature name to be turned on, where NetTX3 refers to the current .NET Framework version 3, aka .NET 3.5
/all: turn on all aspects of the feature being enabled
/Source: identifies a file-spec from whence the files should be drawn (\sources\sxs, for install.wim/.esd image)
/LimitAccess: do not download files from the Internet
Here’s the DISM FeatureName command at work (on a pre-release Win10 build).
[Image Credit: Sergey Tkachenko Winaero.com]
What DISM Featurename Values Are Available for Windows 10?
Funny you should ask: DISM can provide that list using the command line DISM /online /Get-Features. By running this command, I was able to interrogate my own running image, and learned that there are 115 such named features, most of which are disabled by default in a standard Windows 10 installation. Any of these that are in a “Disabled” state may be turned on using the same syntax shown above, simply by substituting the desired package name for “NetTX3” in the exploded DISM command already explored and explained.
What Can Go Wrong When Using DISM Featurename Stuff?
In my own experience, and in working with DISM for various other instructions that include the /Source attribute, I’ve learned that this particular attribute can sometimes be finicky. If you try to use the foregoing syntax and get errors related to source locations, you’ll want to dig deep into the TechNet DISM Reference to fully understand its syntax and semantics. In the comments to Tkachenko’s explanatory blog post, for example, half-a-dozen respondents reported trouble with the very nice batch file he provides to automate the process of using DISM to add the .NET 3.5 feature (and one respondent supplies an alternate DISM technique that uses its /Add-Package capability instead of /Enable-Feature).
Industry observers have been keen to point out that while consumers have been fairly quick to move to Windows 10, enterprise users have not been quite as aggressive in their uptake. Thus, for example, when Microsoft revealed early in January that the total number of Windows 10 users had exceeded 200 million (including Xbox users), it also indicated that only about 10% of that population (22 million) represented seats in enterprise and education sectors. Enterprise Windows 10 deployment is about to get a major bump. That comes thanks to a memo from Department of Defense CIO, Terry A. Halverson, that is a major news focus this week (even though it’s dated 11/20/2015).
DoD Windows 10 Deployment Memo Excerpts
Here are some key snippets from this memo:
It is important for the Department [of Defense] to rapidly transition to Microsoft Windows 10 in order to improve our cybersecurity posture, lower the cost of IT, and streamline the IT operating environment.
This memo serves as notification that the DoD will direct Combatant Commands, Services, Agencies and Field Activities (CC/S/As) to rapidly deploy the Windows 10 operating system throughout their respective organizations starting in January 2016. This applies to all DoD information systems currently using Microsoft operating systems. The Department’s objective is to complete the deployment by January 2017. …
The Defense Information Systems Agency (DISA) and the National Security Agency (NSA) are co-leading a joint Secure Host Baseline (SHB) working group to prepare a Windows 10 Standard Desktop framework. The WIN 10 SHB will bring consistency to DoD host security configuration management activities and will be available to CC/S/A’s on DISA’s Information Assurance Support Environment Portal site … in January.
The distribution list for the memo covers all the bases: everybody’s migrating to Win10!
How serious is this Windows 10 deployment initiative? Any CC/S/A (Combatant Command, Service, or Agency and Field Activity) that wishes to extend its Windows 10 deployment beyond January 2017 must for waivers on a case-by-case basis. Any waivers that extend into 2018 must obtain approval from the DoD CIO — namely, Mr. Halvorsen himself.
DoD Windows 10 Deployment IS a Pretty Big Deal…
Press reports on the number of devices affected come from Microsoft’s Windows Experience Blog post dated 2/17/2016, entitled “US Department of Defense Commits to Upgrade 4 Million Seats to Windows 10.” The author, Yusuf Mehdi, is the Corporate VP for Microsoft’s Windows and Devices Group. This is an ambitious plan with a short timeline, and should definitely shake any wrinkles out of Microsoft’s staging and deployment tools and platforms. It promises to be something of “make-or-break” for Microsoft’s big plans to hit 1 billion Windows 10 users by 2017. The DoD effort will certainly be the biggest single Windows 10 deployment ever undertaken. If things go well, those plans will have earned a major endorsement; if not, …
For the second time in recent experience, word of “hidden cumulative updates” has hit the wires. I’m talking about KB3140742, which is currently available only for download from the Microsoft Update Catalog, where it takes the name “Cumulative Update for Windows 10 Version 1511 (KB3140742).” The previous such item appeared on January 27 as KB3136562 for those running the current branch build, and shared the following characteristics with KB3140742:
- Not made available via Windows Update (that’s why I call them “hidden”)
- Only available through the Microsoft Update Catalog
- Requires manual installation
- Advertised as a “Critical Update” (…742) or “Security Update” (…173)
- Some users report occasional problems with manual installation, but most such installs complete successfully
What’s interesting about these hidden cumulative updates is that neither appears in the new, much-ballyhooed Windows 10 Update History listings, in addition to remaining unavailable via the Windows Update service. Thus, it’s not unfair to reason that MS is restricting access to these updates on the one hand, yet permitting them to be (manually) installed on the other. Many Windows watchers have concluded that these items represent a kind of “technical preview” for upcoming updates to the Current Branch release. There may be something to this conclusion, in that the build number that resulted from KB3136562 update was 10586.79, which falls between the previous Patch Tuesday build number of 10586.63 and the following Patch Tuesday build number of 10586.104.
Are Hidden Cumulative Updates Just for Testing or Real Interim Updates?
I’m more than mildly curious to know what’s up with these interim Cumulative Updates to Windows 10. It would be nice to get a statement from Microsoft as to their intended audience and to understand whether their intent in making them somewhat available is to test them or to make new fixes and functions available prior to the next upcoming Patch Tuesday. For those who are likewise curious, I’d suggest staying tuned to either TenForums.com (the “Windows 10 News” forum does a good job of keeping up with these items as they appear), or WindowsReport.com, which follows these items’ releases as part of its regular news coverage.
It’s hard to say if two in a row represents a trend, or a pair of one-off experiments.
When you think of productivity suites, Microsoft Office most likely springs to mind. The applications in Office are some of the most ubiquitous in the enterprise, and for good reason. Office has tons of features and applications, and it’s relatively easy to use. This guide was even written and edited in Word.
But Office isn’t the only suite of productivity applications out there, and it’s not the right option for every company. Some businesses might want a more cloud-focused approach, in which case Office 365 or Google Apps might be the way to go. Companies looking for free access to word processing, spreadsheet and other applications can look to open-source alternatives such as OpenOffice and LibreOffice. Apple has its own suite for Mac users. And there are plenty of mobile productivity applications, some of which are free — even those from Microsoft, although they’re very limited without an Office 365 subscription.
It’s worth it to look at both desktop and mobile alternatives to Office, because the options are so competitive these days. Consider features, support, user needs and, of course, pricing. For many companies, Office could still be the best option. Volume licensing can help with cost concerns, and the continued updates and support Microsoft provides are a draw for businesses. Additionally, it’s important to think about the learning curve, help desk tickets and user frustration that can come from moving users to a completely new and potentially very different interface.
Still, taking another look at the productivity suite market can’t hurt. Begin with our new three-part guide, Alternative Productivity Suites Can Rock as Hard as Office.
Every now and then, one of my test machines will balk when the time comes to install a new update for testing and evaluation. Figuring that other readers may occasionally find themselves in the same circumstances, I wanted to share some potential fixes and techniques for dealing with this when and as it happens:
Windows Fixit: Automatically Reset Windows Update Components
Even though this Windows Support tool mentions only Windows 8.1, 8, and 7, it also works for Windows 10. It automates the process described in the afore-linked Fixit documentation, which includes stopping various services (BITS, Windows Update, and the Cryptographic service), deleting update queue management files, re-registering BITS and Windows Update files, resetting WinSock, restarting already mentioned services, and installing the most current Windows Update Agent. Nice explains why the Fixit is so handy, no?
This KB article (947821) explains how to use DISM (Deployment Image Servicing and Management) and the System File Checker at the command line to repair damaged Windows System files as a roundabout way to address Windows Update problems. Note that SFC /scannow currently returns spurious errors related to Nvidia drivers for current builds on the current branch (this is fixed in the current technical preview builds, however).
Research Specific Windows Update Problems Online
For my particular problem, I encountered error message 0x80070BC9. Searching on that error code online, I was able to find numerous helpful forum posts and information suggesting fixes. Most notably, posting to TenForums.com led me to a Microsoft Community post (February 2012) that mentioned that error code which contained much of the foregoing information. Direct research on specific symptoms are good, and error codes even better (if available) because they will often provide pointers to the most relevant and potentially useful information. A certain amount of spelunking and experimentation is usually required to adapt other people’s fixes to one’s own current situation, so be prepared to learn from such information as much from trial and error as anything else!
The Windows Update Fixit is a great place to start when seeking to remedy problems applying updates.
[Note: many thanks to Cluster Head at TenForums for pointing me in the right direction on this issue. It’s a great place to seek and find useful Windows troubleshooting information.]
With the introduction of a new Windows 10 Cumulative Update on a “once-a-month-or-better” frequency, it’s been said that clean installs should require only a few updates to bring a brand-new Windows 10 install completely up to date. After performing a bare-metal install yesterday on a new PC, I can confirm this is correct. After getting Windows 10 running on that machine, I visited Windows Update to see what was missing. I got a list of only 4 items, to wit:
- The latest Cumulative Update (KB3135173)
- A just-hatched security update to Adobe Flash (KB3135782)
- This month’s “Patch Tuesday” version of the Malicious software Removal Tool (KB890830)
- The current set of Windows Defender updates
That’s a list I would have to call minimal. It compares favorably to the dozens to hundreds of updates I’ve downloaded after performing clean installs of Windows Vista, 7, 8, and 8.1 over the past 9 years. (Vista went public on 1/30/2007, in case you can’t remember.) Cumulative Updates absolutely short-circuit the usual post install update drill, which often took an hour or longer on earlier Windows versions.
The new machine will replace my current production desktop PC. But first, I must transfer all of its hard drives over the weekend, and finish installing the usual work-oriented applications. Here are some other observations about my experience so far:
- Windows 10 did an ACE job of getting the drivers (mostly) right. According to DriverUpdate, it missed only 3 drivers on a configuration that included an Asrock Z170 Extreme 7+ motherboard, a Skylake i7-6700K CPU, 32 GB RAM, and the awesome Samsung 950 Pro NVMe SSD (512 GB). All were chipset specific items for system devices, all addressed by installing the latest Intel chipset driver.
- The process from bare metal to a fully-updated OS took less than 40 minutes. Some of that included idle time when the machine was waiting for input from me. It really is getting faster and easier to install Windows, and Windows 10 makes the process simple and straightforward.
- An NVMe SSD makes a BIG difference in system performance. Crystal DiskMark reported some startling performance figures. My results were consistent with Les Tokar’s discussion at The SSD Review in October, 2015. Here’s one snapshot of the performance data (his test machine configuration is nearly identical to my new rig: a deliberate purchase choice on my part):
The Samsung 950 Pro NVMe SSD is 3-6 times faster than the 840 EVO mSATA SSD in my current production PC.
Bottom line: the new regular cumulative update strategy for Windows 10 really does short-circuit most of the post-install catchup process for clean installs. Only those updates that appeared along with, or after, the most recent cumulative update will need to be applied, for any new Windows 10 installation. Bravo!
Sure, there’s a lot that’s new about Windows 10, and there have been a lot of changes introduced with the new OS. While some are positive, and some negative, nearly everyone has been unhappy about the lack of information on Windows Updates that MS has provided since Windows 10 went into full rotation in July 2015. Until yesterday, the most anyone could get out of MS about updates was boilerplate language along the lines of “Changes made to add stability…,”quality improvements, security fixes, and so forth.
Starting with the latest “Patch Tuesday” (2/9/16), MS has introduced a new Web page entitled “Windows 10 Update History,” that goes back to the old changelog approach of documenting new updates. Not coincidentally, yesterday’s updates also included a new Cumulative Update — namely, KB3135173. Here’s what that page has to say about it, as an illustration of the kind of information once again being made available:
This update includes quality improvements and security fixes. No new operating system features are being introduced this month. Key changes in this update include:
Improved installation time of updates.
Fixed issue with Microsoft Edge browser caching visited URLs while using InPrivate browsing.
Improved Silverlight performance.
Fixed issue that didn’t allow a Windows 10 PC to remotely configure a server.
Fixed issue with pictures and tables not displaying in Windows Journal.
Fixed security issues that could allow remote code execution when malware is run on a target system.
Fixed security issues in Microsoft Edge and Internet Explorer 11 that could allow code from a malicious website to be installed and run on a device.
Fixed additional issues with Input Method Editors (IMEs), Direct Access, assigned access, peripheral device detection, barcode scanning, Windows Explorer, Internet Explorer 11, Microsoft Edge, and scripting.
Fixed additional security issues with .NET Framework, PDF library, Windows Journal, kernel-mode drivers, Remote Desktop, and WebDAV.
For more info about the security fixes in this update and a complete list of affected files, see KB3135174.
For an audience that’s been half-frustrated, and half-appalled with the lack of information about Windows Updates for Windows 10 until now, this comes as very welcome relief. I must say I liked it better when you could simply click on entries in the Update History on a specific PC and get this kind of information, but the new approach is much, much better than the total lack of detail provided up until now. For the incurably curious, the information available within Update History remains pretty generic, though. Here’s the “detail” provided for the foregoing KB3135174 therein:
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
My best guess as to why MS has made this change, and introduced the Web page instead of returning to detail in Update History is that with multiple release branches now in place, it’s easier for them to manage all the data online. They don’t have to package that information for distribution with the updates any more, either.
As of the latest figures from NetMarketShare.com, Windows 10’s desktop operating system marketshare has just surpassed that for Windows XP, that venerable, creaky and insecure OS whose support went bye-bye when it hit end-of-life status on April 8, 2014. Almost two years later, it’s still kicking after a fashion, with various arms of governments world-wide (including branches of the US military) still paying for extended support contracts into 2016.
In fact, XP’s 11.42% marketshare still beats that for everything except Windows 7 (52.47%) and 10 (11.85%), including
- Windows 8.1: 10.4%
- Mac OS X 10.11 3.44%
- Windows 8: 2.68%
- Mac OS X 10.10: 2.33%
- Everything else: 5.4%
On the one hand, I’m amazed that XP has persisted as long as it has in “zombie status” (still in use after end-of-life has been reached). It’s a testament to various aspects of human organizational behavior, including inertia, parsimony, and sheer cussedness, none of which are especially flattering, but all of which are too apt to be denied.
On the other hand, it’s cool that Windows 10 has now jumped into second place overall. Now, it can start whittling away at Windows 7’s still unbeatable majority market share of 52.47%. Shawn Brink of TenForums.com observes that XP has been losing a fairly steady 0.5% in marketshare over the past year, which would indicate that it could vanish as soon as two years from now, or fade into the “other” category (less than 2.5%) in as little as eighteen months. We’ll see!
What I’m interested in watching going forward, is how well the dip in Windows 7 usage corresponds to the rise in Windows 10 usage. My guess is that Windows 10 will grow mostly by stealing from Windows 7 marketshare. I’ll keep an eye on this and report back in a few months.
NetMarketShare.com Desktop Operating System Market Share for 2/8/16 shows Windows 10 finally ahead of Windows XP. ‘Bout time!
There’s an interesting tool available in the Hardware Dev Center portion of MSDN: it’s called the Windows Imaging and Configuration Designer, aka Windows ICD. It’s designed to streamline the process of customizing and provisioning a Windows image. The home page for this tool states that it is designed to handle these tasks:
- View all of the configurable settings and policies for a Windows 10 image or provisioning package.
- Create Windows provisioning answer files.
- Add third-party drivers, apps, or other assets to an answer file.
- Create variants and specify the settings that apply to each variant.
- Build and flash a Windows image.
- Build a provisioning package.
Here’s the Table of Contents for digging further into this documentation (and the related tool). Note that you must first install the Windows ADK for Windows 10 before you can use this facility, and elect a specific set of options (all of which is covered in details in the “Getting Started” item below).
ICD uses a tile-based interface, and is both powerful and easy to use.
[Click image to see larger version]
|Getting started with Windows ICD||Read this topic to find out how to install and run the Windows ICD. Once you have Windows ICD running, check out the supported Windows ICD project workflows to learn about some of the things you can do using the tool.|
|Supported platforms for Windows ICD||Provides information about:
|Build and apply a provisioning package||You can use Windows ICD to create a provisioning package (.ppkg), which contains customizations that you can include for a particular Windows image. You can either apply the provisioning package to an image or share it as a standalone package that can be applied to a running system using the Provisioning Engine. For more information about PPKGs and how they are generated and applied, seeProvisioning packages.|
|Build a provisioning package with classic Windows applications||Create a provisioning package that includes Classic Windows applications and other files with your Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) devices. Uses:|
|Export a provisioning package||Export a provisioning package if you want to reuse the customizations already configured in a different project or to share it as a standalone package that can be applied to a running system during initial device setup or later.|
|Create a provisioning package with multivariant settings||Multivariant provides a generic mechanism for creating a single image that can work for multiple markets and reduce the number of images that OEMs need to create and test. It enables OEMs to dynamically configure language, branding, apps, and network settings during runtime based on the mobile operator and locale/country.
Windows 10 provisioning is an updated and enriched version of the runtime configuration or multivariant feature supported in Windows Phone 8.1. In Windows 10, multivariant is available for all Windows editions.
To provision multivariant settings, you must create a provisioning package with defined Conditions and Settings that are tied to these conditions. When you install this package on a Windows 10 device, the provisioning engine applies the matching condition settings at every event and triggers provisioning.
|Build and deploy an image for Windows 10 Desktop||You can use Windows ICD to create a new Windows 10 for desktop editions image and customize it by adding drivers, apps, language packs, settings, and more. You can also build the deployment media either to a folder or to a USB key.|
|Build and deploy an image for Windows 10 Mobile||You can use Windows ICD to create a new Windows 10 Mobile image and customize it by adding settings and some assets.|
|Build and deploy a Windows 10 IoT Core image||You can use Windows ICD to customize and create a new Windows 10 IoT Core (IoT Core) image.|
|Configure customizations using Windows ICD||You can use Windows ICD to configure the Windows device UI, connectivity settings, and user experience to better reflect your brand, to meet mobile network requirements, to comply with IT department security requirements, or to fit market segments or regions where the device will ship.|
|Use the Windows ICD command-line interface||You can use the Windows ICD command-line interface (CLI) to automate the building of provisioning packages and Windows 10 for desktop editions and Windows 10 Mobile or IoT Core images.
|Use the package splitter tool||Enterprise IT professionals who want to use a barcode to provision mobile devices during OOBE can use the package splitter tool, ppkgtobase64.exe, which is a command-line tool to split the provisioning package into smaller files.|
Just when I thought I’d seen just about everything Microsoft could do with Windows updates, the company pulled a fascinating rabbit out of its hat. I’m talking about KB3136562, a purportedly Cumulative Update to Windows 10 that bumps the build number from 10586.71 to 10586.79 but that shows up in Update History only as “Update for Windows (KB3136562). Here’s what’s interesting about this item:
- It is not yet available through normal Windows Update automatic download
- It requires manual download and installation, via the Windows Update Standalone Installer (x86 download/x64 download). This explains why those files end with the .msu file extension.
- There’s been no official word from MS about this update just yet, though numerous sources have provided coverage, including my personal fave TenForums.com and reddit.
- Most everyone who’s tried this update has reported successful installation, and it’s succeeded on 2 of the three systems I’ve tried it out on. It took some digging, but found the 0x80070BC9 error code for both failed install attempts on the affected machine.
At first, I believed that the affected machine’s use of the [en-GB] (British English) language pack, instead of [en-US] (American English) might have been at fault, but a question and reply sequence to fellow community members at TenForums disabused me of that notion. Now, I’m just scratching my head to figure out why it worked on most of my targeted PCs, but not on one of them. I’ll keep working it, of course, but such mysteries are what make working with Windows both extremely interesting and occasionally frustrating as well.
When the update installs, here’s the latest resulting WinVer output.
The big questions about KB3136562 can be stated as follows:
1. Why hasn’t MS released it through normal Windows Update channels?
2. Why is there no document page for KB3136562? (A search at Microsoft.com turns up zilch right now).
3. Why are the manual downloads available with no MS fanfare nor explanation?
If, like me, you’re incurably curious and just want to see what KB3136562 does, go ahead and use the download links provided in the bulleted list above. I’d suggest installing it only on a test machine, however, as it’s by no means a given that this update will ever be released through formal channels. Have fun!