Windows Enterprise Desktop


January 5, 2018  12:38 PM

KB4056892 Fixes Critical Win10 Security Bugs

Ed Tittel Ed Tittel Profile: Ed Tittel
cybersecurity, Security management, Windows 10

Over the holidays, news emerged about a horrible flaw in x86 processors. Alas, it affects Intel and AMD hardware alike. This is hardware level stuff that will change layouts for future processors, because it exposes PCs to deep security vulnerabilities. In the meantime, users must accept performance hits on Intel processors from 5 to 30 percent! See this story at The Register for more details on what’s being called the “kernel memory leaking” Intel processor design flaw. Upgrade all Win10 PCs under your control to Build 16299.192 or higher ASAP.

KB4056892 Fixes Critical Win10 Security Bugs

You want Winver to report 16299.192 or a higher-numbered version to make sure the fix is installed.

Install Now: KB4056892 Fixes Critical Win10 Security Bugs!!

By default, Windows Update should happily install the afore-named update. Or, you can grab it from the Microsoft Update Catalog, and install it manually. Companies and organizations should rush it into compatibility testing ASAP. The same urgency applies to its deployment, too. This one is worth jumping the usual queue to accommodate, as admonitions from many security experts and recent calls to action will demonstrate.

Ultimately, PC vendors will also have to publish firmware updates to help address this issue. In fact, MS has already published firmware updates for its Surface family of products. Other motherboard and system vendors should soon follow suit. Be sure to check related websites for those updates, too!

On Another Subject Altogether…

I was surprised and pleased to have received an email from Microsoft on January 2, informing me that I’ve been chosen as a Windows Insider MVP for 2018. That means I’ll get more exposure to information about Windows 10 and related products and platforms directly from the source. Hopefully, I’ll be able to share some of that news with my readers and add to the flow of news and info on this blog and elsewhere. I’m still figuring out what all this means, but I’ll happily share what I can with all of you going forward.

[Shout out to Shawn Brink at TenForums.com whose 1/3 “Kernel memory leaking Intel processor design flaw” Windows 10 News post alerted me to this issue. Thanks!]

December 29, 2017  10:38 AM

Windows 10 for 2017

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10

This is my last post for 2017, so it’s apt to reflect on the reigning desktop OS this year. We’ve worked our way through two Creators updates (Versions 1703 and 1709), each of which brought changes. Some of the big improvements have included mixed reality, OneDrive files on demand, and fluent design. It’s been strange to see PowerShell supplant Cmd.exe on the Winkey-X menu. (However,  it’s easy enough to reverse this change in the Settings menus.) All in all, it’s been a big year for changes. In my own opinion, most of those changes have been for the better. But Windows 10 for 2017 has also seen its share of controversy and slams.

Plusses and Minuses Aplenty in Windows 10 for 2017

I follows the user forums at TenForums.com reasonably closely. I have probably read more than five thousand threads over the past year. People have found plenty of reasons to like Win10, but also many reasons to dislike or denigrate Microsoft’s current desktop OS. On the whole, I think that the plusses probably outweigh the minuses. The  inescapable reality, however, is that for good or ill Windows 10 is the desktop OS that the vast majority of users must work with day-in and day-out.

Lord knows, I’ve had my share of mystery issues and frustrating gotchas with Win10 in 2017. But the OS keeps working, and I remain able to get my work done, obstacles and impediments notwithstanding. To those who get seriously worked up about such things I say: “My sympathies. Let’s find a workaround, or some kind of solution.” Yes, Win10 can be difficult and frustrating. But with relatively new capabilities like the in-place upgrade install (which replaces a hinky or questionable OS but leaves files and applications alone), there isn’t much that such a fix can’t address on most Windows PCs.

What to Make of Changes, Problems, and More

There’s still a lot to learn, and a lot to like, about Windows 10 for workday and personal use. Thus, as 2017 draws to a close, I’ll quote the memorable words of my old friend and CAD engineer George Osborne who would always say goodbye on Fridays with the same words. “I’ll see you here next Monday, unless a better offer comes along!” In this case, swap 2018 for next Monday because I’m pretty sure that Windows 10 will still be the market leading desktop OS once the New Year has rung in.

In the meantime, have a happy New Year, and enjoy the last few days of this one. I’ll be tackling problems and issues, reporting on new tools and technologies, and in general chasing down Windows 10 news once again on January 5, when we return from our family vacation.


December 23, 2017  12:08 PM

Undoing 7Zip ISO Association

Ed Tittel Ed Tittel Profile: Ed Tittel
File Explorer, Windows 10

Huh! I learned something interesting yesterday, thanks to some nice sleuthing work from my frequent Win10 collaborator, Kari Finn. We’d been chatting earlier in the week, and he’d asked me to open an ISO file to examine its contents. When I right-clicked on it, the “Mount” entry in the context menu had gone missing. Then when I double-clicked the file, and 7-Zip opened, we both knew that I’d allowed that program to over-ride the default file association when it had been installed last year. Undoing 7Zip ISO association forced me to dig into the new UWP way of doing things in Win10, so I thought I’d share that here for the benefit of other old-timers like me who might not have done it that way just yet themselves.

Undoing 7Zip ISO Association: Here’s How…

Basically, there are two ways to do this. The first one simply relies on using the Open with… element from the context menu in File Explorer. Launch this by right-clicking any ISO file, and then something like this window will pop up:

Undoing 7Zip ISO Association

If you click the checkbox in this window, you’ll change the file association, too.

The second way to make this change is a bit more convoluted. Nevertheless,  I wanted to learn how to do it the UWP way in Windows 10. This takes you through a four-item sequence of selections. Settings → Apps → Default Apps → Set defaults by app → Windows Disc Image Burner (!). Finally, you’ll see associations for the .img and .iso (Disc Image File) file types. This is where you can make sure that, as shown, Windows Explorer appears as the default (I manually switched it from 7Zip, in my case).

Undoing 7Zip ISO Association

I prefer the preceding method, because it involves half the clicks.

And now, much to my relief, when I double-click on an .iso file in File Explorer, it simply mounts the file and opens a virtual drive to display its contents. Sweet!


December 22, 2017  11:48 AM

Win10 Settings System Storage Sense File Clean-up

Ed Tittel Ed Tittel Profile: Ed Tittel
Disk cleanup, Windows 10

I’m something of a compulsive on the subject of conserving and cleaning Windows disk space. That’s why I’ve blogged many times here on various techniques for space recovery in Windows 10 (and earlier OSes). I was both surprised and pleased to realize that MS had slipped a new cleanup into Win10. Access it through Settings → System → Storage Sense → Change how we free up space. When you perform this Win10 Settings System Storage Sense file clean-up, you’ll see a screen like this one:
Win10 Settings System Storage Sense File Clean-up

You must turn Storage Sense on for this to work, and force the clean-up by clicking the “Clean now” button at bottom.

Running the Win10 Settings System Storage Sense File Clean-up

As the image caption relates, you must first enable Storage Sense to use this tool. Then, it will run automatically whenever a drive gets low on storage space. Alternatively, you can force the clean-up to run any time you like. Simply visit this window, then click the “Clean now” button and off it goes. Note also the checkboxes for:

  • temporary files
  • recycle bin files over 30 days old
  • Downloads contents over 30 days old

Only the first two are checked by default, but you can grab some disk space back by clicking the third checkbox, too. I just ran it on a few systems to check it out. It reclaimed anywhere from 179 MB to as much as 24.9 GB on a system I upgraded yesterday to Insider Preview Build 17063. Note the additional information that shows up about the clean-up in that Redstone 4 code base. This may become generally available after MS releases the Spring update. Notice that it skips empty items (unlike Disk Cleanup) and shows only items from which space may be reclaimed. As far as I can tell, though, this is just another way to do what Disk Cleanup already did. Does this spell immanent retirement for Disk Cleanup? Could be!

Win10 Settings System Storage Sense File Clean-up

Thanks and happy holidays to Sergey Tkachenko, whose recent article “How to Free Up Drive Space in Windows 10” alerted me to this feature. He’s something of a Windows space hound, too!


December 20, 2017  3:53 PM

KB4057291 Fixes Win10 AMD GPU Issues

Ed Tittel Ed Tittel Profile: Ed Tittel
Device drivers, Windows 10

Life has been rough for owners of PCs running (slightly) vintage AMD graphics cards. When used along with the Fall Creators Update, those with Radeon HD 2000, 3000 or 4000 graphic cards have troubles. They recently received AMD driver version 22.19.128.0 through Windows Update. Normally, that’s a good thing. But this time, users found themselves unable to use favorite screen resolutions, or facing a black screen instead of a GUI interface. Released on 12/19/2017, KB4057291 fixes Win10 AMD GPU issues like these, and lets users return to life and work. This item should be readily available to those affected through Windows Update. It may also be downloaded from the Microsoft Update Catalog and installed manually.

KB4057291 Fixes Win10 AMD GPU Issues

This update is available through WU or, as shown here, from the Update Catalog.
[Click image to see full-sized view.]

When KB4057291 Fixes Win10 AMD GPU Issues, What Happens?

The workaround discovered while others were sussing out this problem and learning how to cope illuminates MS’ own solution. Savvy hardware troubleshooters quickly figured out that rolling back to older driver versions would restore normal operations. Alas, MS would then erroneously detect the driver as out-of-date, unless users instructed WU not to download drivers. (Available using the “Exclude drivers from quality updates” policy option in the Group Policy editor.) Unless overridden, WU overwrites the fix with the wrong update again, and puts users back to square one.

Needless to say, this situation needed an immediate fix. Hence, the out-of-cycle release in which KB4057291 fixes Win10 AMD GPU issues, as now explained. The new KB provides updated intelligence regarding AMD graphics cards, so that systems with older cards don’t download and try to use a newer driver that doesn’t work properly (or provide the expected screen resolutions). Multi-monitor support issues are also fixed, according to Ghacks.net.


December 18, 2017  3:44 PM

Net User Command Controls User Access Hours

Ed Tittel Ed Tittel Profile: Ed Tittel
Command line, Powershell, Windows 10

Today, the GUI stuff gets most of the glory in Windows 10. Even so, friend and occasional guest blogger Kari Finn reminded me this morning that “real nerds do it at the command line!” I’ve been a user of the myriad of net commands there since first getting to know Windows back in the 3.x days. But I’d totally forgotten that the Net User command controls user access hours. He reminded me of this in a TenForums.com post this morning that includes some peachy examples, too. Here they are, captured in graphic form (to grab the text to play with, visit the original):

Net User Command Controls User Access Hours

You can get fancy with the time controls in NET USER if you like!

How the Net User Command Controls User Access Hours

Some of the niggling syntax details aside, it’s simply a matter of specifying day of week and time window to limit user hours with this command. You can use either 24 hour values for time ( from 0-24, with 01 for 1) or 12 hour values to which you must add AM or PM (1AM, 6PM. The days of the week may be spelled out, or abbreviated as M (Monday), T (Tuesday), W (Wednesday), Th (Thursday), F (Friday), Sa (Saturday) and Su (Sunday). For the complete skinny on this command, check out the Command Line Reference entry for “Net user” online.

The original blog post observes, quite correctly, that this approach works best for ordinary user accounts that lack administrative privileges. Why? Because anyone with such privileges need only wait for their time window to open up, at which point they can exercise those privileges to change the hours associated with their own account. I like to think of it as a variation on the old lyric: “Who’s keeping time with the time-keeper’s daughter while the time keeper’s out keeping time?”

Levity aside, there’s a lot of power and capability in the Net commands for Windows. Thus, I will probably find myself returning to them from time to time. Next up, in fact, will probably be the network shell, aka Netsh. Stay tuned!


December 15, 2017  10:54 AM

CapsLock Indicator Shows Key States

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10

Here’s a nifty utility you may want to add to your Win10 desktops. It’s called CapsLock Indicator, and it shows persistent visual cues in the Notification area of the Win10 taskbar. To be more specific, it shows the state of three keys: Caps Lock (C), Num Lock (N), and Scroll Lock (S). Simply put: CapsLock Indicator shows key states for those three keys. It’s a petite (119 KB) little utility that does the job quite nicely, from German developer Jonas Kohl. Here’s what the UI looks like:

CapsLock Indicator Shows Key States

You can decide which of the three keys you want shown, then manage their appearance and status change behavior.

When CapsLock Indicator Shows Key States, What Happens?

By default the key indicators show up as white text against a purple background. (The program provides controls for most of these things.) When you click a lock key,  it changes background from purple to green with a white outline. This makes it easy to tell with a glance if the key is on or off. I don’t use the Scroll lock key myself, so I turned it off in the UI. In other words, I unchecked the box next to “Scroll lock” in the upper left UI pane. Other than that, I only had to drag the C and N icons from the pop-up notification area onto the static notification area on the toolbar to keep them visible all the time.

This ia great tool, especially for touch typists like me who get discombobulated when Caps Lock or Num Lock get turned on unintentionally, or get left on longer than I need them activated. It’s nice to know what’s what, and this tool helps provide that info without forcing me to check lights on the keyboard. If you like this behavior as much as I do, grab yourself a copy today. It’s free.


December 13, 2017  4:51 PM

When Updating Drivers Check Vendor Support

Ed Tittel Ed Tittel Profile: Ed Tittel
Drivers, Troubleshooting, Windows 10

I’ve been switching over from a test desktop to a Dell All-in-One for Insider Preview testing and experimentation. We’ve moved the Asrock Z97 Killer with i7 4770K CPU, 32 GB RAM, and 500 GB mSATA SSD, upstairs. In return, I’ve picked up and fixed his Dell XPS 2720 All-in-One touchscreen PC for use in my office. In whipping the Dell into shape, I’ve recalled one plus from buying a PC or laptop from a big-name vendor. (At my house that means Dell, Lenovo and Microsoft right now.) Those big outfits can afford to automate and simplify device maintenance and upkeep. That’s why I say “When updating drivers check vendor support.”

When Updating Drivers Check Vendor Support Gets You Tailored Advice

On the Dell machine, I can check drivers quite simply. I just right-click the Dell Update icon in the toolbar, then select “Dell Online Support” from the pop-up menu. It works with a utility called Dell System Detect to read the PC’s asset code from firmware, to look up its purported hardware configuration. When I go to its Drivers & Downloads page, I only need click on a button labeled “Detect Drivers” to have it scan for and recommend any pending updates.

When Updating Drivers Check Vendor Support

Once the wireless adapter is put to work, the apparent device discrepancy is resolved.

This time around, Dell found that I needed a new AHCI driver for storage, and it said I also needed a Wireless 1703 WiFi + Bluetooth driver. The AHCI driver install went without a hitch, but the wireless networking drivers failed to install. As it happens, that machine has a Killer (Atheros) N-1202 WiFi+Bluetooth adapter. I was using a wired connection, which turns off the wireless adapter. As soon as I disconnected the wired link and switched over to wireless, the scan correctly identified the networking hardware in use and reported all drivers up-to-date.

This goes to show several important things about such driver scans:

  1. They usually work reasonably well, but they’re not perfect.
  2. The user must still understand certain basics of hardware operation on the target PC for best results.
  3. Vendors don’t always keep up with the most current or latest and greatest drivers. They favor stability over currency, for very good reason (fewer support calls that way).

That’s why I also use the Windows Update MiniTool (aka WUMT) to check drivers on the PCs I maintain. On a follow-up check, thankfully, WUMT found nothing pending that Dell’s facility missed.

Outside the Dell Umbrella

On my Surface Pro 3, drivers come from the OS source itself, because Microsoft made that hardware as well as the OS. That’s usually right on the money in terms of driver currency and distribution. For my two Lenovo laptops, the company’s System Update utility does a pretty good job of keeping up with their drivers, too. Even on two of my desktops, both of which feature Asrock motherboards, that company’s App Shop app does a good job of keeping up with drivers plus BIOS and firmware updates. I might also observe that turning to the device maker is always a good strategy for chasing down drivers. That makes my assertion “When updating drivers check vendor support” true, even for homebrew or no-name systems and components.


December 11, 2017  6:26 PM

Adguard Offers Win10 ISO Alternative

Ed Tittel Ed Tittel Profile: Ed Tittel
download, Windows 10

Sometimes, one needs a Windows image file for research or repair purposes. It’s easy to grab current Windows ISO files from the Download Windows 10 page at Microsoft. But when it comes to older images, some improvisation may be necessary. In February of this year, I blogged about one such tool — namely, the HeiDoc.net MS ISO Downloader. In this blog post, I describe how Adguard offers a Win10 ISO alternative download source. It ties itself to Microsoft TechBench (itself no longer directly available). Thus, Adguard grabs all its downloads from MS servers.

Adguard Offers Win10 ISO Alternative

This web-based download tool requires you to pick release type, version, edition, language, and bittedness to select a specific download.

If Adguard Offers Win10 ISO Alternative, Is It Worth Using?

The options that Adguard offers are many. Beyond production and Insider images, it also covers MS Office, TechNet evaluations, ESD versions, language packs, and Microsoft’s pre-fabbed VMs. Versions vary by product, but for Windows 10 you’ll find production versions all the way back to Threshold 1, Version 1507, Build 10240. Insider versions go back to Build  14295. Languages covered include all the majors and a suprising number of minors (24 in all). General reports about Adguard give it high marks for download speed (they should be fast, coming directly from MS). My own experiences in using the site maxed out my Internet link at rated speeds. (My Spectrum link is supposedly 300 Mbps, for the 1709 Education ISO download I averaged 345+ Mbps.)

Why Avoid Adguard?

Adguard comes from the shadowy WZOR organization, and is based in Moscow. Check out their Whois data to see what’s up here. This may give some pause when turning to a source for Windows image files, but I’m not unduly bothered by it. That’s because even though the download instructions come from Russia, the download files themselves come from Microsoft (and come up clean when checking for malware, or for changes to hash values). I still prefer the HeiDoc ISO downloader myself, but I’ve added this to my favorites, and will use it should I need a specific (older) image and be unable to find it elsewhere.


December 8, 2017  11:27 AM

More MEI Weirdness

Ed Tittel Ed Tittel Profile: Ed Tittel
cybersecurity, Windows 10

On November 22, I reported a security flaw for the Intel Management Engine interface (aka MEI). On Wednesday afternoon, my motherboard vendor, Asrock, posted an MEI update for the affected system’s motherboard. After I downloaded and applied that fix, it was unclear if that fix did the trick. That’s why I entitled this blog post “More MEI Weirdness.” Even after Asrock’s APP Shop auto-update applied, Intel still reported the system vulnerable.

How More MEI Weirdness Manifests, Then Gets Fixed

Here’s what makes the situation weird. Device Manager says my MEI driver version is 11.7.0.1045, dated 10/3/17. The Intel scanning tool says I’m still vulnerable, but reports the version as 11.6.0.1126, dated 9/1/16. I’m not sure if that report is valid, given that the update presumably patches this vulnerability. However, when I check around online I find an Asrock web page named “Intel Firmware Vulnerability Intel-SA-00086.” It not only matches the ID for Intel’s security advisory, it also includes a firmware update tool to a different MEI version — namely 11.8.50.3425.

This installs on my production system like a champ. And when I run the Intel detection tool again, Intel-SA-00086-GUI.exe, it says the vulnerability is patched. Asrock may have issued the initial fix to address some other kind of problem. OTOH, the fix it issued through APP Shop may be the wrong one, or not working properly. I can’t tell.

Whatever the cause of the initial weirdness, the system is no longer vulnerable to this exploit. Interestingly, the Intel SA86 error check tool  still reports the Intel Management Engine at version 11.6.0.1126. Device Manager still shows it as 11.7.0.1045. I’m wondering if that means the Intel tool is reading firmware that’s different from the driver info that Windows 10 maintains. I just don’t know what’s up with that.

Thus, some degree of weirdness continues. But because the Intel tool gives my system a clean bill of health, I’m content to let it ride without trying to fix things further. I may try to figure out how to clear the error message about the Capability Licensing Service Client, though…

More MEI Weirdness


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: