Although Windows 10 has been around since October 2014, and publicly available since July 29, 2015, it wasn’t until June 16, 2016, that this OS picked up support in Microsoft’s Advanced Group Policy Management facility, aka AGPM. New version AGPM 40SP3 supports Win10 all right, and brings the same features to Windows Admins that previous versions brought to Windows 8.1, 8, 7, and even Vista. But wait, there’s a catch: only customers with an active Software Assurance agreement with Microsoft can use this cool tool. That’s because AGPM is part of the Microsoft Desktop Optimization Pack (aka MDOP), and only customers who sign up for Software Assurance get access to MDOP and its warehouse of tools and consoles.
AGPM brings formal change control and workflow mechanisms to GPO creation and maintenance.
[Source: MS Step-by-Step Guide for AGPM 4.0]
If AGPM 40SP3 Supports Win10, What Else Can It Do?
Besides bringing Windows 10 under the AGPM umbrella, Service Pack 3 (SP3) for the tool also adds the following capabilities:
- Support for PowerShell cmdlets, as documented in the TechNet Library pages entitled Microsoft Desktop Optimization Pack Automation with Windows PowerShell. These include tools to add, get, lock, publish, remove, and unlock controlled GPOs to/from an APGM archive.
- Hotfix and update rollup: the service pack includes a rollup of all fixes to APGM up to and including APGM 4.0 SP2, along with fixes for any issues provided since the release of that prior service pack.
- APGM Client and Server may now be upgraded without having to re-enter configuration parameters. This is called a Smart Upgrade and can save time and effort (re-entry is called a Classic Upgrade). However, only some versions can handle the Smart Upgrade (4.0, 4.0 SP1, 4.0 SP2, and 4.0 SP3 to be specific; see the Table labeled AGPM 4.0 SP3 Supported Upgrades for details).
APGM also comes with a pretty hefty set of components, including .NET Framework 4.5.1, PowerShell 3.0, and the Global Policy Management Console (GPMC). If any of these components is missing, you can’t install APGM on Windows 10 (GPMC and .NET 3.5.1 must also be enabled as well). There’s a lot of great functionality for managing and maintaining Group Policy Objects in the APGM, though, so enterprises or organizations moving toward or using Windows 10 will want to investigate further. Those unfamiliar with the APGM will also want to consult its Step-by-Step Guide at TechNet.
I’m still running two older Lenovo laptops, both with i7 2640M CPUs that date back to 2011. I purchased those machines in early 2012 to work on a book about Windows 8, especially because the X220 Tablet was one of the few compatible touch displays available at the time that was also fairly affordable. However, these devices are old enough to lack built-in support for USB 3.0. I remedied that lack by purchasing a 2-port USB 3.0 PCIe card. But it poses an interesting conundrum: while Windows 10 sees devices plugged into the card perfectly, it seems that the PC’s built-in UEFI environment does not. I can only imagine that’s because Windows recognizes the PCIe device and loads an appropriate device driver, where the basic boot-up run-time either cannot or simply does not do likewise. That’s where the (or Not) comes from in the title for this blog: Win10 USB 3.0 Boot (or Not). I’ve also read about others encountering similar problems on other laptops and desktops over at TenForums.com (Asus, Gigabyte H67A-UD3H-B3 mobo, Lenovo, and more).
With USB 3.0, more leads means more speed.
[Source: Tom’s Hardware]
Why Does Win10 USB 3.0 Boot Ability Matter?
Why indeed? The answer, simply put, is “Speed.” USB 3.0 runs two to three times faster than USB 2.0, so booting up and/or installing an OS from a USB Flash Drive (UFD) is much faster with devices that support the newer USB version. I observed this at work when trying to reinstall the OS, but being unable to access a USB 3.0 flash drive in these computers’ F12 boot selection menu. In fact, those devices don’t appear at all on either of my Lenovo machines, though they work fine on newer PCs, hybrid laptops (Dell Venue Pro 11 7139), and tablets (Surface Pro 3), with USB 3.0 support baked into the UEFI.
There are a couple of take-aways from these observations:
- If your Windows responsibilities include care and feeding of older PCs or laptops, though they may be perfectly capable of running Windows 10, they may not be able to recognize or boot from USB 3.0 flash drives.
- That’s why it’s a good idea to keep some USB 2.0 flash drives around, and to use them to create bootable install environments for Windows 10. They will come in handy for repair and recovery scenarios, as well as should a clean reinstall of Windows 10 ever be called for on such older gear.
So remember, if you find yourself in a situation where Win10 USB 3.0 Boot media are not working, the next thing to try is their USB 2.0 counterpart. More often than not, that will solve your boot problems.
Commencing with Windows 10 Insider Preview build 14371 or later, the OS gains some potentially helpful activation capabilities. Users are permitted to link their Microsoft accounts (usually, e-mail addresses used to log into PCs and other Windows devices) to their digital licenses for the OS. These had been called “digital entitlements” until that release, issued when upgrading to Windows 10 from either Windows 7 or 8.1 during the free upgrade period that is about to expire on July 29, 2016. The latest versions include a facility that explains what’s involved in Reactivating Win10/Activation Troubleshooter that adds to Windows 10’s collection of troubleshooting tools.
Here’s what activation info used to look like in older Windows versions (including the Current Branch release, which is Version 1511 Build 10586.420 at the moment):
If you install Windows 10 using an actual key, this is what you see in the Current Branch.
If you upgraded to Windows 10 on a PC instead, this is what you see in the Current Branch.
For newer Windows releases (1607 or 1608 depending on how MS decides to version the upcoming Anniversary release), starting with Build 14371, the nomenclature changes from digital entitlement to digital license, and the Settings output for Update & Security/Activation looks like this instead:
If you upgraded to Windows 10, or obtained a license through the Insider Preview program, this is what you see in newer OS versions.
Invoking the Reactivating Win10/Activation Troubleshooter Facility
If you want to read all the details on this new approach to activation it’s covered in the Windows 10 Insider Hub on newer OS builds. [Note: the preceding link only works on Windows 10, which knows how to access and present Insider Hub information!] The high points consist of linking a digital license (aka entitlement) to a Microsoft Account (which you’ll sometimes see abbreviated as “MSA”), and then various discussions of scenarios under which a digital license might need to be reactivated. This means hardware changes to a Windows 10 PC, and brings access to the newly-minted Activation Troubleshooter into play:
Only when Win10 detects that activation has failed, does the Troubleshooter become available.
[Source: WinBeta “A Closer Look at the Windows 10 Activation Troubleshooter“]
As long as the digital license on the affected PC has been linked to a Microsoft Account prior to the hardware change that causes activation issues to occur, the Troubleshooter can be brought into play. This is how it gets triggered:
When you click the button labeled “I changed hardware…” this triggers the hardware change algorithms.
Next, you’ll be asked to login to your Microsoft Account, and pick the device you’ve updated hardware in under a selection labeled “This is the device I’m using right now,” and selecting “Activate.” This triggers a Reactivate Windows 10 dialog that may (or may not) permit you to restore activated status.
This tool has some limitations, including:
- The Troubleshooter works only for retail Windows licenses — namely, Windows 10 Home and Windows 10 Pro.
- The edition of Windows on the selected device must match the edition linked in the digital license.
- The type of device you’re activating must match the type of device already linked in the digital license.
- The Troubleshooter may be used only a limited number of times (not specified in the Insider Hub article).
The Activation Troubleshooter should make people’s lives easier when they upgrade hardware. Typically this kind of thing triggers when changing motherboards and/or CPUs. But its limitations and restrictions still remain largely unexplored. I’ve pitched one of my editors on writing an article that deliberately tests those limits, and hope to learn more by experimentation after August 2, when the Anniversary Update is currently scheduled to be released.
Tracking Windows 10 adoptions is an interesting proposition. That’s because the widespread Insider Program that launched in October 2014 preceded the official release date of July 29, 2015, by nine months. This makes calculating Windows 10 adoption growth something of a black art. I’ve been thinking about these numbers lately, though, and would like to present a future growth scenario that now has 10 months of post-release figures to draw on, as well as a good baseline from which to calculate month-over-month growth from August, 2015 through June, 2016.
My most current data point comes from the June 29 “Anniversary Update” Windows Experience blog post that announces its release date as August 2, 2016. It declares that “…over 350 million devices [are] now running Windows 10…” My starting data point, which I’ll use to calculate Windows 10’s recent month-over-month growth date comes from August 2015, from the same person (MS Corporate VP for the Windows and Devices Group Yusuf Mehdi) in a tweet quoted in Forbes. It states that “…more than 75 million devices [are] running Windows 10…”
From Windows 10 Adoption Growth to Month-over-Month Rates
That means over the past 10 months, the number has increased by 275 million. Thus, this translates into a monthly growth figure of 27.5 million Windows 10 users per month. With 650 million left to go to hit 1 billion, that means if the growth rate stays the same going forward, it will take almost 24 months to reach that number. This means Microsoft will hit its stated goal at the outside of the range of 2-3 years in which it wanted to reach that “magic number.”
The question now becomes: “Can Microsoft keep month-over-month growth at or over 27.5M once the free upgrade period ends?” To my way of thinking this comes down to three potential factors:
- How many users who didn’t exercise the free upgrade will turn around to buy an upgrade after July 29?
- How many licenses will Microsoft sell through its volume licensing programs into the business/enterprise, government, and higher education programs?
- How many licenses will OEMs buy to pre-install for sales of new desktops, laptops, and tablets?
Taken together, can these three numbers sustain the monthly “nut” of 27.5M or better? I don’t know but it will be interesting to find out!
Where Does Windows 10 Adoption Growth Stand Right Now?
In writing this story, I turned to one of my go-to resources for Windows 10 desktop share. This morning’s figures from NetMarketShare.com reflect status as of June 30, 2015, and paint the following picture:
As Windows 7 drops below majority, Windows 10 share continues to surge.
[Source:NetMarketShare.com/Desktop OS 7/1/16]
This pie chart shows that the Windows 7 slice continues to decrease, and has now dropped below 50% for the first time ever. At the same time, Windows 10’s share now almost matches the combined shares for XP, 8, and 8.1 (19.14% for Win10 vs. 20.24% for the other 3 combined). If 19.14% equates to roughly 350 million Windows 10 users, 49.05% equates to almost 897M Windows 7 users. If Windows 10 is to hit the goal of 1 B in 2018, converting roughly three-quarters of the Windows 7 installed base by that time would do the trick nicely. Maybe MS really can reach this goal: that doesn’t sound impossible to me!
Yesterday a news item hit the Windows blogs that simply offered this headline “Windows 10 Anniversary Update Available August 2,” with no additional content or explanation. This morning, that blog post was revealed in full. Given the timing it suggests that Windows 10 1608 will be the next release number. Here’s the initial statement from that item, which I found through the Microsoft News Center:
Does an August 2, 2016 release date mean the version will be 1608 instead of 1607? Only time will tell.
Why Windows 10 1608, not 1607?
As recently as last week, the version number associated with Insider Preview builds was 1607. However, given an announced release date in August I have to speculate (and believe) that the actual release will be labeled 1608 instead. That’s because version numbering for Windows 10 starts with the last two digits of the year (16) and month (08) in which it gets released.
The afore-cited blog post does more than announce the release date. It also recites the primary features and enhancements to the upcoming Anniversary Update including numerous security items, Windows Ink, a more pervasive Cortana (Windows 10’s digital assistant), Edge power efficiencies and extensions, gaming, and more. The “Set up School PCs” app designed to make Windows 10 setup easy for educators also receives mention.
And, as you would expect given Microsoft’s continued adherence to the expiration of the free upgrade from Windows 7 or 8.1 to Windows 10 on July 29, 2016, there are several mentions of that looming date or deadline in the blog post as well. Given that today is June 29, the deadline for the free update falls in exactly one month. Those who haven’t already exercised this option will want to do so in the next thirty days, even if only to capture a backup image for future use, followed immediately by a rollback to whichever older version of Windows you actually intend to keep on using for a while. That way, you can re-install that image later on to assert your rights to that free upgrade after the deadline has come and gone. Please don’t say I didn’t warn you…
For the last six months or so, I’ve been blogging sparingly about the Insider Preview releases for Windows 10. But a handful of releases have been flying thick and fast over the past three weeks. With all Anniversary Update signs positive, it’s time to let admins know the next major release of Windows 10 is coming. Called Build 1607, it denotes a major release for July, 2016. The smart money says to expect it to hit mid-month, perhaps on Patch Tuesday (July 14).
As the Winver output from the latest Insider Preview indicates, the next version of Win10 is 1607.
What Makes Anniversary Update Signs Positive?
There are lots of great changes coming up in this next release. I’ve got an article coming up for CIO.com that provides more detail. I’ll provide a link here as it goes live, but here are some high points. All of them buttress my observation of Anniversary Update signs positive:
- The Microsoft Edge web browser has been substantially revamped and revised since the 1511 version came along. It now supports extensions. Currently these include Ad Blockers, a password manager, and Office Online, a Web-based interface to Word, Excel, PowerPoint, OneNote, and Sway. Edge also provides improved integration with Windows Hello. This means that users on PCs equipped with compatible fingerprint readers or RealSense cameras can use biometrics for website logins.
- For touch and stylus equipped PCs, Windows Ink adds terrific enhancements to support stylus-based input for handwriting and sketch/drawing capabilities. This comes via integration with built-in OCR and delivery into various apps and applications.
- Cortana, Windows 10’s voice-based digital assistant gets integrated into many more apps and applications. Cortana will even be available through the lock screen on a properly-equipped PC.
- MS has integrated a native Linux Ubuntu-based subsystem within Windows 10 (anybody remember POSIX from the NT 4 days?) Build 1607 supports native access to the Bourne Shell (BASH) in the Command Prompt window.
- Notifications are in for a big makeover, with counts for icons to show how many messages or alerts are waiting for you to check them out. There’s also more visual and direct integration for Universal Windows Platform (UWP) apps.
- Windows Activation supports links to Microsoft accounts. Thus, you’ll be able to go online when (re)installing Windows 10 to obtain verification of license keys. MS is also loosening policies on hardware changes. You’ll be able to replace a motherboard or other key system components without having to get on the phonereactivate the OS when the machine comes back up.
- Windows Update gets more controls to make itself more user-friendly. This includes active hours to prevent restarts during times when users are most likely to be actively engaged in work. It also includes restart options to permit suspended updates to force a machine restart without disturbing users.
- The Start menu continues to get tweaks and new controls to make it more user friendly and customizable. Tablet and fullscreen modes feature a tile-based UWP approach to display. Also, the hamburger button moves to the top left, and the User Profile button to the bottom of the icon column (lower left). Most frequently used apps and applications now show up at the top of the Start Menu, under a “Most Used” heading.
There’s plenty more, but that’sa taste of new and expanded features. The OS is also much more stable, and better at preserving (and finding) device drivers through the upgrade process. It’s reasonably quick to install (even on a mid-range i5 hybrid PC, the whole process took under 20 minutes to complete on my Dell Venue Pro 11 7139). In short, there’s a lot of good stuff to look forward to in the upcoming Anniversary Update. Enterprise/corporate users and admins should find it easier to customize, deploy, maintain and use. What makes these Anniversary Update signs positive in the end is that they’ve held up and steadied through a rapid series of updates since the beginning of June. They’ve also survived an onslaught of user input and feedback through the now-ubiquitous Windows Feedback app as well.
Nir Sofer is a prolific developer of great, free Windows utilities. As I blogged here in December 2014, he bundles his most popular tools into a runtime collection called NirLauncher. Just recently, I noticed that numerous elements in my copy of NirLauncher have been updated, so I started looking into what might be involved in updating them.
In the absence of a built-in update facility for the program (are you listening, Nir?) the best approach to dealing with ongoing updates appears to be something in the “remove and replace” line of system maintenance. That is, the easiest way of handling NirLauncher updates appears to be to overwrite the entire previous version with the most current version. At 23.22 MB, it’s not even a terribly large download to make by modern standards. Best practices would seem to dictate that getting into a monthly cycle with NirLauncher is a good idea, since nary a month goes by when Mr. Sofer doesn’t update at least a couple of its constituent tools.
By checking the Launchpad tool, I discovered that it itself hasn’t been updated since 2014, as the copyright date attests. The utilities it drives get updated all the time, though.
Handling NirLauncher Updates:
Focused Extraction vs. Brute Force
In looking at the underlying file structure, you could indeed grab only updated utilities and extract them into the right directories instead of doing a wholesale remove and replace. This would mean checking the updated item, and determining if it comes in both 32- and 64-bit versions. The 32-bit versions go into the root …\NirSoft directory, along with help files and supporting components such as .inf and .cfg files where applicable. Their 64-bit counterparts go into …\NirSoft\x64 instead.
But the more I look at this and think about the work involved, the better I like the brute force approach. Sofer recommends keeping NirLauncher on its own dedicated UFD (USB Flash Drive) anyway, so what could be easier than blowing the old directories away and replacing them with the latest version? Not much, as it turns out, and that’s the way I do it now. Maybe you should do the same thing, too.
One of my favorite sources for blog fodder here is MajorGeeks.com. This has been a great source for me over the years for Windows tools and utilities. I still visit there once or twice a week to see what’s new and what’s changed. Earlier today, I renewed my acquaintance with a Windows tool I’ve used before but hadn’t thought about for a while. It’s called NTLite and it’s something of a Swiss Army Knife for working with Windows images. There’s even a free version available. Thus, you can download and play around with it to see if you like it or not before considering the Professional ($69) or Business ($249) editions. NTLite provides great ways to slim down Windows images prior to deployment. It can also help to customize the install process that occurs while deployment is underway.
To get started with NTLite, select a Windows image: I chose the Build 1511 64-bit Windows 10 Pro.
[Click image to see full-size screen capture.]
How NTLite Lets You Slim Down Windows Images — and Customize Them, Too
Here’s a small laundry list of the kinds of things NTLite will let you do with Windows images (it works with all modern Windows versions back to and including Vista):
- You can target a running Windows image to modify the Windows you’re currently using. I don’t think this is a particularly good idea, and NTLite’s makers don’t recommend it either. We both agree you should NOT go there without a current image backup and some way to replace your current runtime environment.
- You can visit and remove a whole slew of built-in Windows components to cut down on image size. These include various Accessories, Drivers, Hardware Support, and so forth. Some items are interesting, and some of them indeed worth removing. This includes drivers and device support you’re sure will never be needed on target machines, or accessories like the on-screen keyboard for PCs that lack touch displays. Ditto for Easy Transfer and Embedded Mode support on machines that won’t be allowed to use those facilities, and so forth.
- You can integrate third-party drivers, Microsoft updates and language packs, and make Registry modifications. All of these can be handy when building an image for immediate deployment. That’s because MS may not supply all necessary device drivers or new updates may be needed. Likewise when two or more languages may be desirable in a standardized Windows image.
- Use NTLite to change Windows settings and to incorporate app features. This means pagefile and restore point settings, adding Edge extensions, or altering Internet Explorer settings. You can also pre-configure Windows Features just as you would using the Turn Windows Features on or off facility in Control Panel/Programs and Features, but prior to image deployment.
- You can pre-configure unattended setup for Windows to select options that might normally require interactive input during the installation process. Disk partitioning commands and values can be supplied to establish custom disk layouts during the install process. Multiple choice options may be pre-selected in advance, or may use an auto-fill function which can ready and supply local machine data such as machine names, IP addresses, and so forth. Local accounts may be defined and passwords supplied, with autologon invoked following installation. Network join functions permit PCs to join workgroups or domains following installation.
All in all, this is pretty good stuff, and worth any admin’s time and effort to explore if their job responsibilities include Windows image creation and maintenance. NTLite will let you slim down Windows images and customize them and their settings to make them simpler and faster to deploy.
A familiar lockscreen for Windows 10 appears as the first image in this blog post. It’s an ocean view seen from a tidal cave on the shoreline. Microsoft makes some 170-odd images available right now. Each one comes in two versions: one in portrait, the other in landscape layout. Find this and all the other Win10 lockscreen images in the
folder. The %LocalAppData% variable expands to something like C:\Users\Ed\AppData\Local, where the italic item is replaced by the current logged-in account name. Should you navigate to that directory, you’ll find that image filenames are long and obscure, and lack extensions. You can only view those images if you copy the files elsewhere, then give them a .jpg extension.
This view onto the beach from a tidal cave is familiar to many Win10 users.
Easy Access to Win10 Lockscreen Images
This involves a bit too much work for my taste, so when I read about this folder on Supersite Windows over the weekend, I started poking around to see if there was a better way to dig into this trove of beautiful large format photographs. And yes, it turns out there is indeed a tool available that can grab all the current images, add the extension, and stick them into a directory of its own making. It’s called SpotBright, and it’s available through the Store by searching on that program name. The free version is supported by advertising. I purchased the $0.99 Pro version from the Store to avoid waiting for and watching the free version download ads for each screen.
SpotBright is cheap to buy and dead simple to use.
SpotBright is the work of programmer Timo Partl, and is currently available in version 1.2.0. It provides ready access to all of the current lock screen images available from Microsoft, but stores them in a folder named SpotBright in the Pictures library. Because that left a bunch of files on my boot/system drive (I haven’t reassigned Pictures to another drive on my system), I cut and pasted those images to another drive to reclaim the drive space. Other than that small contortion, no additional effort is needed to browse through the way cool collection of lock screen images that Microsoft has already put on each and every Windows 10 machine. I’m not sure this is actually good for anything (unless you want to use one or more those images for some other purpose) but it’s always interesting to learn and see more of Windows’ inner workings. That’s why I, for one, am tickled to find an easy way to peruse the Win10 lockscreen images using SpotBright.
I’ve more or less stopped covering Insider Preview releases for Windows 10 in this blog. That’s because they’re coming fast and furious now, and admins usually have more to do than track beta OS releases. But yesterday, when MS released its second build this week — namely 14367 — the covering announcement in the Windows Experience Blog mentioned a new Windows 10 Fresh Start Tool:
A new tool to give your PC a fresh start: We’ve heard from many of you that are attempting to perform a clean installation of Windows that it can sometimes be hard to get started. To help, we are providing a new tool that enables an easy and simple way to start fresh with a clean installation of Windows. This tool is now available from the Settings app for Windows Insiders using the latest builds that installs a clean copy of the most recent version of Windows10 and removes apps that were installed on your PC. You can visit this Microsoft Community page (which has been updated) to learn more about the tool and download it.
This new tool provides an alternative to “Reset your PC”
This item had been promised earlier this year, so I was interested to check it out. The download is a file named RefreshWindowsTool.exe that is a miniscule 343 KB in size. It turns around and downloads a copy of a Windows image file (.wim) of its choosing (3.4 GB for the 64-bit version that most PCs use).
Why Testing the Windows 10 Fresh Start Tool May Be Premature
The tool will be included with the public release of the Anniversary Update in July, 2016, but is currently subject to some potential gotchas and limitations:
- The tool performs a clean install of Windows 10. Thus, all applications installed atop the OS must be reinstalled to be available. A working Internet connection must also be available to grab a Windows image.
- According to MS “The build installed by this tool is not guaranteed to be the latest build available to insiders, and at times may install a Windows 10 build that is older that [sic: than] you had previously.”
- The tool supports only three language versions: English (EN-US), Chinese (ZH-CN), and Japanese (JA-JP).
- MS indicates that “digital licenses, digital content associated with applications, or other digital entitlements for applications” may not survive the fresh start process. This would either make those applications unusable, or the content unavailable. MS recommends that the tool be avoided on PCs where such applications or content are in use.
My hope is that all these dangling issues and gotchas will be fixed by the time the Anniversary Update goes out the door in mid-to-late July, 2016. If so, admins and users can put the Windows 10 Fresh Start Tool to work without fear of license or digital entitlement issues.