Windows Enterprise Desktop

February 24, 2016  10:15 AM

Network Printing Switch Positive

Ed Tittel Ed Tittel Profile: Ed Tittel

On my home network, I’m usually playing host to anywhere from half-a-dozen to a dozen PCs that include desktops, notebooks, tablets, and even an Xbox One. Along with those computing devices, I’ve got a variety of other elements that include my boundary device to Time Warner cable (an Arris box that supports 802.11ac wireless as well as GbE), and a couple of printers. Owing to topology issues — namely, a single GbE wired port upstairs — I had until recently elected to attach my Dell 2155cn color laser printer via USB to my wife’s PC, rather than wiring it up to the in-house Ethernet as a network-attached device. Sure, network printing has all kinds of advantages, but I never felt compelled to extend my topology at the end of the upstairs link until recently.

But in the last month, my wife’s mini-ITX PC (built around a very nice little JetWay JNF9G-QM77 motherboard with an i7-3630QM low-voltage processor) started dropping the USB-attached printer about once a week. I’m not sure if a driver change is responsible, or if the USB circuitry is getting flaky, but something weird was going on. After spending over an hour trying unsuccessfully to troubleshoot the latest glitch on Monday, I dashed over to Fry’s on Tuesday to pick up an el-cheapo GbE switch. That evening, I dropped in said switch, and attached both her PC and the printer to separate ports via Cat6 cables so that the Dell printer could take up independent residence on the network.

Network Printing Works Immediately and Correctly

Immediately, the Dell printer showed up in Devices and Printers in the “Add a printer” selection box, bearing the name DELLCB745E. Upon using Nir Sofer’s excellent Fast Resolver tool to check the printer’s IP address (eventually, I’ll create a static reservation for that address in the Arris routing tables) to learn that the final six characters of the device name are also the last six hexadecimal digits of its MAC address. This is the portion that “uniquely” identifies the specific network interface built into the printer, as compared to all other similar devices from the same maker, which provides a reasonable way to construct a unique device name for network access. Also makes network printing better able to provide easily identifiable and usable device names.

network printing offers advantages

No sooner attached, than network printing starts up, visible in Printers and Devices.

Better still, the printer is now available to the entire network directly and not just to my wife’s PC. That means she can now power it off when she’s not using that PC because it’s no longer necessary to keep it running to provide printer access. Windows 10 is able to see the device for what it is, and able to automagically download the correct drivers on its own without any human intervention. All in all, I’d have to say the change is worth the $35-40 it cost me for the upstairs switch and the two Cat6 cables I had to buy to put all the pieces together. Network printing provides a definite improvement over intermittent availability when attached via USB!

February 22, 2016  10:49 AM

DISM FeatureName Enables OS Features

Ed Tittel Ed Tittel Profile: Ed Tittel
DISM, Windows 10

Thanks to some clever work from Sergey Tkachenko over at, DISM shows off yet another interesting capability. You can use it to install missing Windows features without having to download them from the Internet (that’s because they’re already part of the Windows image baked into the Windows installer, or other environments that include the ubiquitous install.wim or install.esd file). The syntax for the relevant DISM FeatureName command tells the story, to those in the know, namely:
DISM /Online /Enable-Feature /FeatureName:NetFX3 /All /Source:D:\sources\sxs /LimitAccess

Let’s unpack this command string, to elucidate what’s going, item by item:

DISM: the “Swiss Army Knife” of Windows image management, aka the Deployment Image Servicing and Management command (TechNet What Is? Reference)

/online: operate on the current running version of Windows

/enable-feature: turns OS features on

/featurename:  identifies feature name to be turned on, where NetTX3 refers to the current .NET Framework version 3, aka .NET 3.5

/all: turn on all aspects of the feature being enabled

/Source: identifies a file-spec from whence the files should be drawn (\sources\sxs, for install.wim/.esd image)

/LimitAccess: do not download files from the Internet

dism featurename

Here’s the DISM FeatureName command at work (on a pre-release Win10 build).
[Image Credit: Sergey Tkachenko]

What DISM Featurename Values Are Available for Windows 10?

Funny you should ask: DISM can provide that list using the command line DISM /online /Get-Features. By running this command, I was able to interrogate my own running image, and learned that there are 115 such named features, most of which are disabled by default in a standard Windows 10 installation. Any of these that are in a “Disabled” state may be turned on using the same syntax shown above, simply by substituting the desired package name for “NetTX3” in the exploded DISM command already explored and explained.

What Can Go Wrong When Using DISM Featurename Stuff?

In my own experience, and in working with DISM for various other instructions that include the /Source attribute, I’ve learned that this particular attribute can sometimes be finicky. If you try to use the foregoing syntax and get errors related to source locations, you’ll want to dig deep into the TechNet DISM Reference to fully understand its syntax and semantics. In the comments to Tkachenko’s explanatory blog post, for example, half-a-dozen respondents reported trouble with the very nice batch file he provides to automate the process of using DISM to add the .NET 3.5 feature (and one respondent supplies an alternate DISM technique that uses its /Add-Package capability instead of /Enable-Feature).

February 19, 2016  10:45 AM

US DoD Hurry-Up Windows 10 Deployment

Ed Tittel Ed Tittel Profile: Ed Tittel
DOD, Windows 10, Windows Deployment Services

Industry observers have been keen to point out that while consumers have been fairly quick to move to Windows 10, enterprise users have not been quite as aggressive in their uptake. Thus, for example, when Microsoft revealed early in January that the total number of Windows 10 users had exceeded 200 million (including Xbox users), it also indicated that only about 10% of that population (22 million) represented seats in enterprise and education sectors. Enterprise Windows 10 deployment is about to get a major bump. That comes thanks to a memo from Department of Defense CIO, Terry A. Halverson, that is a major news focus this week (even though it’s dated 11/20/2015).

DoD Windows 10 Deployment Memo Excerpts

Here are some key snippets from this memo:

It is important for the Department [of Defense] to rapidly transition to Microsoft Windows 10 in order to improve our cybersecurity posture, lower the cost of IT, and streamline the IT operating environment.

This memo serves as notification that the DoD will direct Combatant Commands, Services, Agencies and Field Activities (CC/S/As) to rapidly deploy the Windows 10 operating system throughout their respective organizations starting in January 2016. This applies to all DoD information systems currently using Microsoft operating systems. The Department’s objective is to complete the deployment by January 2017. …

The Defense Information Systems Agency (DISA) and the National Security Agency (NSA) are co-leading a joint Secure Host Baseline (SHB) working group to prepare a Windows 10 Standard Desktop framework. The WIN 10 SHB will bring consistency to DoD host security configuration management activities and will be available to CC/S/A’s on DISA’s Information Assurance Support Environment Portal site … in January.

DoD Windows 10 deployment memo

The distribution list for the memo covers all the bases: everybody’s migrating to Win10!

How serious is this Windows 10 deployment initiative? Any CC/S/A (Combatant Command, Service, or Agency and Field Activity) that wishes to extend its Windows 10 deployment beyond January 2017 must for waivers on a case-by-case basis. Any waivers that extend into 2018 must obtain approval from the DoD CIO — namely, Mr. Halvorsen himself.

DoD Windows 10 Deployment IS a Pretty Big Deal…

Press reports on the number of devices affected come from Microsoft’s Windows Experience Blog post dated 2/17/2016, entitled “US Department of Defense Commits to Upgrade 4 Million Seats to Windows 10.” The author, Yusuf Mehdi, is the Corporate VP for Microsoft’s Windows and Devices Group. This is an ambitious plan with a short timeline, and should definitely shake any wrinkles out of Microsoft’s staging and deployment tools and platforms. It promises to be something of “make-or-break” for Microsoft’s big plans to hit 1 billion Windows 10 users by 2017. The DoD effort will certainly be the biggest single Windows 10 deployment ever undertaken. If things go well, those plans will have earned a major endorsement; if not, …

February 17, 2016  11:26 AM

“Hidden Cumulative Updates” in Windows 10

Ed Tittel Ed Tittel Profile: Ed Tittel

For the second time in recent experience, word of “hidden cumulative updates” has hit the wires. I’m talking about KB3140742, which is currently available only for download from the Microsoft Update Catalog, where it takes the name “Cumulative Update for Windows 10 Version 1511 (KB3140742).” The previous such item appeared on January 27 as KB3136562 for those running the current branch build, and shared the following characteristics with KB3140742:

  • Not made available via Windows Update (that’s why I call them “hidden”)
  • Only available through the Microsoft Update Catalog
  • Requires manual installation
  • Advertised as a “Critical Update” (…742) or “Security Update” (…173)
  • Some users report occasional problems with manual installation, but most such installs complete successfully

What’s interesting about these hidden cumulative updates is that neither appears in the new, much-ballyhooed Windows 10 Update History listings, in addition to remaining unavailable via the Windows Update service. Thus, it’s not unfair to reason that MS is restricting access to these updates on the one hand, yet permitting them to be (manually) installed on the other. Many Windows watchers have concluded that these items represent a kind of “technical preview” for upcoming updates to the Current Branch release. There may be something to this conclusion, in that the build number that resulted from KB3136562 update was 10586.79, which falls between the previous Patch Tuesday build number of 10586.63 and the following Patch Tuesday build number of 10586.104.

Are Hidden Cumulative Updates Just for Testing or Real Interim Updates?

I’m more than mildly curious to know what’s up with these interim Cumulative Updates to Windows 10. It would be nice to get a statement from Microsoft as to their intended audience and to understand whether their intent in making them somewhat available is to test them or to make new fixes and functions available prior to the next upcoming Patch Tuesday. For those who are likewise curious, I’d suggest staying tuned to either (the “Windows 10 News” forum does a good job of keeping up with these items as they appear), or, which follows these items’ releases as part of its regular news coverage.

catalog listing for today's hidden cumulative updates

It’s hard to say if two in a row represents a trend, or a pair of one-off experiments.

February 15, 2016  6:25 PM

The enterprise and Microsoft Office: Till death do us part?

Margaret Jones Margaret Jones Profile: Margaret Jones

When you think of productivity suites, Microsoft Office most likely springs to mind. The applications in Office are some of the most ubiquitous in the enterprise, and for good reason. Office has tons of features and applications, and it’s relatively easy to use. This guide was even written and edited in Word.

But Office isn’t the only suite of productivity applications out there, and it’s not the right option for every company. Some businesses might want a more cloud-focused approach, in which case Office 365 or Google Apps might be the way to go. Companies looking for free access to word processing, spreadsheet and other applications can look to open-source alternatives such as OpenOffice and LibreOffice. Apple has its own suite for Mac users. And there are plenty of mobile productivity applications, some of which are free — even those from Microsoft, although they’re very limited without an Office 365 subscription.

It’s worth it to look at both desktop and mobile alternatives to Office, because the options are so competitive these days. Consider features, support, user needs and, of course, pricing. For many companies, Office could still be the best option. Volume licensing can help with cost concerns, and the continued updates and support Microsoft provides are a draw for businesses. Additionally, it’s important to think about the learning curve, help desk tickets and user frustration that can come from moving users to a completely new and potentially very different interface.

Still, taking another look at the productivity suite market can’t hurt. Begin with our new three-part guide, Alternative Productivity Suites Can Rock as Hard as Office.

February 15, 2016  10:57 AM

Tackling Windows Update Problems

Ed Tittel Ed Tittel Profile: Ed Tittel
Troubleshooting, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Update Management

Every now and then, one of my test machines will balk when the time comes to install a new update for testing and evaluation. Figuring that other readers may occasionally find themselves in the same circumstances, I wanted to share some potential fixes and techniques for dealing with this when and as it happens:

Windows Fixit: Automatically Reset Windows Update Components

Even though this Windows Support tool mentions only Windows 8.1, 8, and 7, it also works for Windows 10. It automates the process described in the afore-linked Fixit documentation, which includes stopping various services (BITS, Windows Update, and the Cryptographic service), deleting update queue management files, re-registering BITS and Windows Update files, resetting WinSock, restarting already mentioned services, and installing the most current Windows Update Agent. Nice explains why the Fixit is so handy, no?

Using DISM to Fix Windows Update Problems

This KB article (947821) explains how to use DISM (Deployment Image Servicing and Management) and the System File Checker at the command line to repair damaged Windows System files as a roundabout way to address Windows Update problems. Note that SFC /scannow currently returns spurious errors related to Nvidia drivers for current builds on the current branch (this is fixed in the current technical preview builds, however).

Research Specific Windows Update Problems Online

For my particular problem, I encountered error message 0x80070BC9. Searching on that error code online, I was able to find numerous helpful forum posts and information suggesting fixes. Most notably, posting to led me to a Microsoft Community post (February 2012) that mentioned that error code which contained much of the foregoing information. Direct research on specific symptoms are good, and error codes even better (if available) because they will often provide pointers to the most relevant and potentially useful information. A certain amount of spelunking and experimentation is usually required to adapt other people’s fixes to one’s own current situation, so be prepared to learn from such information as much from trial and error as anything else!


The Windows Update Fixit is a great place to start when seeking to remedy problems applying updates.

[Note: many thanks to Cluster Head at TenForums for pointing me in the right direction on this issue. It’s a great place to seek and find useful Windows troubleshooting information.]

February 12, 2016  10:38 AM

Clean Win10 Install: Few Updates Needed

Ed Tittel Ed Tittel Profile: Ed Tittel
Clean install, Windows 10

With the introduction of a new Windows 10 Cumulative Update on a “once-a-month-or-better” frequency, it’s been said that clean installs should require only a few updates to bring a brand-new Windows 10 install completely up to date. After performing a bare-metal install yesterday on a new PC, I can confirm this is correct. After getting Windows 10 running on that machine, I visited Windows Update to see what was missing. I  got a list of only 4 items, to wit:

  • The latest Cumulative Update (KB3135173)
  • A just-hatched security update to Adobe Flash (KB3135782)
  • This month’s “Patch Tuesday” version of the Malicious software Removal Tool (KB890830)
  • The current set of Windows Defender updates

That’s a list I would have to call minimal. It compares favorably to the dozens to hundreds of updates I’ve downloaded after performing clean installs of Windows Vista, 7, 8, and 8.1 over the past 9 years. (Vista went public on 1/30/2007, in case you can’t remember.) Cumulative Updates absolutely short-circuit the usual post install update drill, which often took an hour or longer on earlier Windows versions.

The new machine will replace my current production desktop PC. But first, I must transfer all of its hard drives over the weekend, and finish installing the usual work-oriented applications.  Here are some other observations about my experience so far:

  • Windows 10 did an ACE job of getting the drivers (mostly) right. According to DriverUpdate, it missed only 3 drivers on a configuration that included an Asrock Z170 Extreme 7+ motherboard, a Skylake i7-6700K CPU, 32 GB RAM, and the awesome Samsung 950 Pro NVMe SSD (512 GB). All were chipset specific items for system devices, all addressed by installing the latest Intel chipset driver.
  • The process from bare metal to a fully-updated OS took less than 40 minutes. Some of that included idle time when the machine was waiting for input from me. It really is getting faster and easier to install Windows, and Windows 10 makes the process simple and straightforward.
  • An NVMe SSD makes a BIG difference in system performance. Crystal DiskMark reported some startling performance figures. My results were consistent with Les Tokar’s discussion at The SSD Review in October, 2015. Here’s one snapshot of the performance data (his test machine configuration is nearly identical to my new rig: a deliberate purchase choice on my part):

cumulative update goes faster with NVMe drive

The Samsung 950 Pro NVMe SSD is 3-6 times faster than the 840 EVO mSATA SSD in my current production PC.

Bottom line: the new regular cumulative update strategy for Windows 10 really does short-circuit most of the post-install catchup process for clean installs. Only those updates that appeared along with, or after, the most recent cumulative update will need to be applied, for any new Windows 10 installation. Bravo!

February 10, 2016  9:43 AM

MS Starts Providing Update Details for Windows 10

Ed Tittel Ed Tittel Profile: Ed Tittel
history, Windows 10

Sure, there’s a lot that’s new about Windows 10, and there have been a lot of changes introduced with the new OS. While some are positive, and some negative, nearly everyone has been unhappy about the lack of information on Windows Updates that MS has provided since Windows 10 went into full rotation in July 2015. Until yesterday, the most anyone could get out of MS about updates was boilerplate language along the lines of “Changes made to add stability…,”quality improvements, security fixes, and so forth.

Starting with the latest “Patch Tuesday” (2/9/16), MS has introduced a new Web page entitled “Windows 10 Update History,” that goes back to the old changelog approach of documenting new updates. Not coincidentally, yesterday’s updates also included a new Cumulative Update — namely, KB3135173. Here’s what that page has to say about it, as an illustration of the kind of information once again being made available:

February 9, 2016 — KB3135173 (brings system to 10586.104)

This update includes quality improvements and security fixes. No new operating system features are being introduced this month. Key changes in this update include:

  • Improved installation time of updates.

  • Fixed issue with Microsoft Edge browser caching visited URLs while using InPrivate browsing.

  • Improved Silverlight performance.

  • Fixed issue that didn’t allow a Windows 10 PC to remotely configure a server.

  • Fixed issue with pictures and tables not displaying in Windows Journal.

  • Fixed security issues that could allow remote code execution when malware is run on a target system.

  • Fixed security issues in Microsoft Edge and Internet Explorer 11 that could allow code from a malicious website to be installed and run on a device.

  • Fixed additional issues with Input Method Editors (IMEs), Direct Access, assigned access, peripheral device detection, barcode scanning, Windows Explorer, Internet Explorer 11, Microsoft Edge, and scripting.

  • Fixed additional security issues with .NET Framework, PDF library, Windows Journal, kernel-mode drivers, Remote Desktop, and WebDAV.

For more info about the security fixes in this update and a complete list of affected files, see KB3135174.

For an audience that’s been half-frustrated, and half-appalled with the lack of information about Windows Updates for Windows 10 until now, this comes as very welcome relief. I must say I liked it better when you could simply click on entries in the Update History on a specific PC and get this kind of information, but the new approach is much, much better than the total lack of detail provided up until now. For the incurably curious, the information available within Update History remains pretty generic, though. Here’s the “detail” provided for the foregoing KB3135174 therein:

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

My best guess as to why MS has made this change, and introduced the Web page instead of returning to detail in Update History is that with multiple release branches now in place, it’s easier for them to manage all the data online. They don’t have to package that information for distribution with the updates any more, either.

February 8, 2016  11:21 AM

Windows 10 Desktop Share Passes XP

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, Windows 7, Windows XP

As of the latest figures from, Windows 10’s desktop operating system marketshare has just surpassed that for Windows XP, that venerable, creaky and insecure OS whose support went bye-bye when it hit end-of-life status on April 8, 2014. Almost two years later, it’s still kicking after a fashion, with various arms of governments world-wide (including branches of the US military) still paying for extended support contracts into 2016.

In fact, XP’s 11.42% marketshare still beats that for everything except Windows 7 (52.47%) and 10 (11.85%), including

  • Windows 8.1: 10.4%
  • Mac OS X 10.11 3.44%
  • Windows 8: 2.68%
  • Mac OS X 10.10: 2.33%
  • Everything else: 5.4%

On the one hand, I’m amazed that XP has persisted as long as it has in “zombie status” (still in use after end-of-life has been reached). It’s a testament to various aspects of human organizational behavior, including inertia, parsimony, and sheer cussedness, none of which are especially flattering, but all of which are too apt to be denied.

On the other hand, it’s cool that Windows 10 has now jumped into second place overall. Now, it can start whittling away at Windows 7’s still unbeatable majority market share of 52.47%. Shawn Brink of observes that XP has been losing a fairly steady 0.5% in marketshare over the past year, which would indicate that it could vanish as soon as two years from now, or fade into the “other” category (less than 2.5%) in as little as eighteen months. We’ll see!

What I’m interested in watching going forward, is how well the dip in Windows 7 usage corresponds to the rise in Windows 10 usage. My guess is that Windows 10 will grow mostly by stealing from Windows 7 marketshare. I’ll keep an eye on this and report back in a few months.

nms-os-160208 Desktop Operating System Market Share for 2/8/16 shows Windows 10 finally ahead of Windows XP. ‘Bout time!

February 5, 2016  10:54 AM

Customize and Provision Windows 10 Images with Windows ICD

Ed Tittel Ed Tittel Profile: Ed Tittel
Deployment tools, Image management, Windows 10

There’s an interesting tool available in the Hardware Dev Center portion of MSDN: it’s called the Windows Imaging and Configuration Designer, aka Windows ICD. It’s designed to streamline the process of customizing and provisioning a Windows image. The home page for this tool states that it is designed to handle these tasks:

  • View all of the configurable settings and policies for a Windows 10 image or provisioning package.
  • Create Windows provisioning answer files.
  • Add third-party drivers, apps, or other assets to an answer file.
  • Create variants and specify the settings that apply to each variant.
  • Build and flash a Windows image.
  • Build a provisioning package.

Here’s the Table of Contents for digging further into this documentation (and the related tool). Note that you must first install the Windows ADK for Windows 10 before you can use this facility, and elect a specific set of options (all of which is covered in details in the “Getting Started” item below).


ICD uses a tile-based interface, and is both powerful and easy to use.
[Click image to see larger version]

Topic Description
Getting started with Windows ICD Read this topic to find out how to install and run the Windows ICD. Once you have Windows ICD running, check out the supported Windows ICD project workflows to learn about some of the things you can do using the tool.
Supported platforms for Windows ICD Provides information about:

  • Supported target images – Windows images that can be configured using Windows ICD
  • Supported host platforms – Versions of Windows 10 that can run Windows ICD
Build and apply a provisioning package You can use Windows ICD to create a provisioning package (.ppkg), which contains customizations that you can include for a particular Windows image. You can either apply the provisioning package to an image or share it as a standalone package that can be applied to a running system using the Provisioning Engine. For more information about PPKGs and how they are generated and applied, seeProvisioning packages.
Build a provisioning package with classic Windows applications Create a provisioning package that includes Classic Windows applications and other files with your Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) devices. Uses:
Export a provisioning package Export a provisioning package if you want to reuse the customizations already configured in a different project or to share it as a standalone package that can be applied to a running system during initial device setup or later.
Create a provisioning package with multivariant settings Multivariant provides a generic mechanism for creating a single image that can work for multiple markets and reduce the number of images that OEMs need to create and test. It enables OEMs to dynamically configure language, branding, apps, and network settings during runtime based on the mobile operator and locale/country.

Windows 10 provisioning is an updated and enriched version of the runtime configuration or multivariant feature supported in Windows Phone 8.1. In Windows 10, multivariant is available for all Windows editions.

To provision multivariant settings, you must create a provisioning package with defined Conditions and Settings that are tied to these conditions. When you install this package on a Windows 10 device, the provisioning engine applies the matching condition settings at every event and triggers provisioning.

Build and deploy an image for Windows 10 Desktop You can use Windows ICD to create a new Windows 10 for desktop editions image and customize it by adding drivers, apps, language packs, settings, and more. You can also build the deployment media either to a folder or to a USB key.
Build and deploy an image for Windows 10 Mobile You can use Windows ICD to create a new Windows 10 Mobile image and customize it by adding settings and some assets.
Build and deploy a Windows 10 IoT Core image You can use Windows ICD to customize and create a new Windows 10 IoT Core (IoT Core) image.
Configure customizations using Windows ICD You can use Windows ICD to configure the Windows device UI, connectivity settings, and user experience to better reflect your brand, to meet mobile network requirements, to comply with IT department security requirements, or to fit market segments or regions where the device will ship.
Use the Windows ICD command-line interface You can use the Windows ICD command-line interface (CLI) to automate the building of provisioning packages and Windows 10 for desktop editions and Windows 10 Mobile or IoT Core images.

  • For OEMs who already have an established manufacturing process or for enterprise IT Pros who also have established IT management infrastructures, you can use the Windows ICD CLI to require less re-tooling of your existing processes. You must run the Windows ICD CLI from a command window with administrator privileges.
  • For OEMs that want to create an image and/or provisioning package with multivariant support, you must use the Windows ICD CLI and edit the customizations.xml sources. For more information on how to do this, see Create a provisioning package with multivariant settings. For more information about the customization XML, see Windows provisioning answer file.
Use the package splitter tool Enterprise IT professionals who want to use a barcode to provision mobile devices during OOBE can use the package splitter tool, ppkgtobase64.exe, which is a command-line tool to split the provisioning package into smaller files.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: