When I started working on SearchEnterpriseDesktop, I thought it would be easy. I was wrong.
The information that IT administrators need about Windows isn’t always easy to find—and it’s often difficult to digest. There are so many versions and editions of the OS, each with its own quirks, and every organization’s deployment is unique. As a result, Windows admins have some really important questions, especially when it comes to Windows 10: Is it really free? How do I get it? Should I upgrade? What do I need to know before I migrate? And how the heck do I get off Windows XP?
For starters, only some versions of Windows 7 and 8.1 are eligible for the free upgrade, and there are a few steps in the download process that might seem a little foreign. Getting continued updates from Microsoft is different in Windows 10, too. Instead of the monthly Patch Tuesdays of the past, smaller and more frequent fixes and feature updates will come down the pike. And as for the question of getting off Windows XP, the answer is simple, but it’s not one admins will necessarily want to hear: Get ready for a clean install.
Download this three-part handbook to get even more answers and learn about the shiny new Windows 10 operating system.
Reading over the recent forum posts at Spiceworks this morning, a thread entitled “Windows 10 reinstalls after July 2016?” caught my eye. Inquiring readers want to know when the automatic key recognition from an earlier Windows 7 or Windows 8 installation on revamped Windows 10 hardware will quit working. In other words, how much does the hardware in a system have to change before it is no longer recognized as the same computer that was upgraded? In post 17 in the thread, an MS employee named Chris Le Texier provides a pretty definitive answer.
Anything up to, but not including, a motherboard change should still permit Windows 10 to be reinstalled on an upgrade key.
Le Texier goes on to cite a passage from the Windows OEM licensing FAQ to support his position, including the kind of argument someone will have to make with Microsoft (namely, that the mobo was replaced to repair a defect if it is not identical to the original, as provided in the manufacturer’s warranty) to re-activate that key, if necessary. Interestingly enough, this appears to indicate that when the warranty period ends, subsequent motherboard replacement will indeed require obtaining a new license, or burning another license from an organization’s supply under some kind of volume licensing agreement.
Now we know!
As of tomorrow, January 12, Windows 8.0 support comes to a close. Those who exam the Windows Product Lifecycle table might be inclined to think they have longer, based on this snapshot from that resource:
Dude! Table sez “Mainstream Support End Date is 1/9/2018?!?
There is, however, some applicable “fine print” that actually supersedes the date information shown in the table. The Windows 8.1 Support Lifecycle Policy FAQ includes this unambiguous counter-claim in its first paragraph: “With the General Availability of Windows 8.1, customers on Windows 8 have 2 years, until January 12, 2016, to move to Windows 8.1 in order to remain supported.” As you can see from the “Notes” field in the Windows 8 entries above, MS is pretty clear about warning users on the need to move onto Windows 8.1 by 1/12/2016.
Yep, that’s tomorrow, as Paul Thurrott stated in the recent article that reminded me of this little gotcha. What surprised me most in his story is that “over 41 million people [are] still using Windows 8.0 for some reason, as it’s installed on about 2.75 percent of all PCs currently in use” (based on stats from a familiar source: NetMarketShare.com). Thus, those who haven’t moved some of their users from 8.0 to 8.1 (or 10) should probably get going on that process, so as to minimize the window during which support is absent and security risks escalated thereby. Time to get a move on!
What many IT admins don’t know is that Microsoft has a strong play to offer in the area of BYOD — namely, Microsoft Intune, which is now included as part of that company’s Mobile Device Management (MDM) offering. Though Intune, enterprise IT can deliver application and device management via the cloud, or on-premises through integration with System Center Configuration Manager, using a single, coherent management console.
Intune lets businesses manage end-user devices including smartphones, tablets, and PCs (Android, iOS, and Windows included).
What’s coming sometime this month? According to a recent NeoWin story, the upcoming optimizations will provide enhanced management capabilities for Windows 10, including improvements to support new native features such as the Health Attestation Service and Microsoft Passport. Perhaps equally significant, the update will enable admins to remotely wipe all data on Windows 10 desktops enrolled with the Intune service. Health Attestation relies on Trusted Platform Module (TPM) capabilities in laptops and PCs, and allows admins to check configuration trustworthiness (BitLocker status, malware check results, and so forth) before permitting users to access in-house resources. The upcoming update makes it possible for admins to enforce Attestation Service compliance on applicable devices, and to view data from Intune as part of its ongoing service delivery.
In the same vein, the upcoming update also permits administrators to define and enforce policies for Microsoft’s so-called “Passport for Work” feature, whereby admins can configure specific authentication methods that users must then employ to log into devices enrolled with Intune. Likewise, Android and iOS devices will get some Intune improvements, too — namely, the ability to configure the Smart Lock feature in Android 5 (Lollipop), and the ability of iOS users to select their own e-mail app, while continuing to send diagnostic reports via Intune (only the default app is currently supported).
According to MS, this update should be released sometime on or before January 14. See the Intune blog post (1/6/16) entitled “Coming Soon: Support for new Windows 10 features, Apple VPP for business, and more” for further information.
On Monday, January 4, Yusuf Mehdi posted that “Windows 10 [is] Now Active on over 200 Million Devices” to the Windows Experience blog. This not only ups the official count for Windows 10 installations, it also changes the basis upon which Microsoft publishes such counts. The last official count that MS announced was 110 million, and it occurred on October 6, at the Windows 10 Devices Event. But this count was based on the number of copies of the OS that had been downloaded by that date, and included technical previews downloaded through the Windows Insider program, as well as upgrades to Windows 7 and 8.1, as well as new licenses issued via OEM, enterprise (volume licensing), and retail sales.
Here’s the headline from the “new count” post to the Windows Experience Blog on 1/4.
Now the basis for counting is somewhat different. The latest count is based on “active users,” which means it counts only unique instances of Windows 10 encountered as running and in use via MS telemetry. This is indeed a much more accurate and rational basis for counting, because it’s based on running instances of the OS rather than a count of downloads of that same OS (which may or may not actually be running anywhere, and may instead be sitting on a drive somewhere not yet installed or in use).
In the same blog post, Mehdi also shared some other interesting usage and uptake statistics about Windows 10, including the following items (summarized from that content, see original for his precise wording):
- More than 40% of new Windows 10 devices have become active since Black Friday (11/27/2015).
- According to MS, Win10 is “on the fastest growth trajectory of Windows … ever” and is at 140% of Windows 7 and 400% of Windows 8 at the same point in time (3 months) after RTM.
- Customers are showing an increasing preference for Win10 on the PCs they’re buying.
- Enterprise and education customers are also starting to get involved with Win10, with 22 million devices running Win10 among enterprise and education customers, and 76% of enterprises now actively piloting Win10 deployments.
According to other sources (Neowin) this latest number also includes some 30 million Xbox One consoles, now also running Windows 10 since a major update in late November 2015. I wish the company had provided more information to understand the faster uptake claims for Windows 10 vis-à-vis Windows 7 and 8 as well. Other sources (PCWorld) have recently reported that Windows 10 uptake has fallen behind that for Windows 7 at about five months past RTM, based on reported usage statistics from NetApplications. However, given the new basis for Microsoft’s counts on telemetry pick-ups, the company may very well have an effective counter to such numbers, though the inclusion of Xbox One consoles makes the whole thing somewhat tricky. This should be an interesting development to follow throughout 2016 — especially in light of Mark Twain’s famous epigram (“There are three kinds of lies: lies, damn lies, and statistics”).
Thanks to the magic of Web analytics, and the generosity of TechTarget for sharing its data with me, I can report on — and link to — the ten most popular blog posts right here at Windows Enterprise Desktop for 2015. This data was provided to me in November, so it really only covers the first 11 months of the year, but is highly interesting nonetheless. Check it out (publication dates appear in monospaced font to the right of or below each linked page title):
|Page Title||Page Views|
|Windows 8.1 Administrivia: Accessing .mobi files with Kindle 3.24.14||3,652|
|KB 3001652 Goes Bad on Update Tuesday 2.11.15||3,308|
|Windows Enterprise Desktop (blog landing page: no date)||2,941|
|Refresh/Recimg.exe Gone Missing in Win10 6.1.15||2,426|
|Auto-Update for KB2310138 Spreads Consternation for MSE Users 7.27.11||2,304|
|Seismic Shift in Windows Punditsphere 1.17.15||1,936|
|Factory Reset Offers Way Out for Surface Pro 3 Catch-22 8.10.15||1,593|
|Windows ADK for 8.1 Now Available 9.25.13||1,544|
|Windows 10 Free Upgrade for Win7, 8.1, Phone 8.1 Users for One Year After GA 1.21.15||1,519|
|Goodbye CCleaner, Hello Wise Disk Cleaner? 8.27.14||1,348|
There are lots of interesting things to note about this table, that speak to apparent uses for this blog’s content, including:
- Dates in red above indicate items dated from years prior to 2015. I have to presume that the only way people would get to this content would be via search engine. Given that 4 of the 10 items fall into this category, that says people read such items to solve current problems or address current topics despite their age (one dates as far back as 2011, much to my surprise).
- Some of the biggest hits were what I’d call news items rather than tech items, including the KB item (number 3), the seismic shift item (which explains that Paul Thurrott has left WinSuperSite.com to start Thurrott.com), and the free upgrade item. I would have to guess these items’ visit counts spiked close to their publication dates, as old news is usually not very interesting news.
- I can help but be amazed that the top-ranked item is a brief explanation of where to put .mobi files in the Windows 8.1 file hierarchy (also works for Windows 7 and 10) so as to make them accessible to Kindle. Even though that item was 17 months old when the data was compiled, it still comes out on top. That tells me this is a subject that isn’t explained well elsewhere, though perhaps it should be.
It’s nice to know that this blog apparently has a greater impact than simply providing current information about Windows desktop topics. To me, these results also speak eloquently to how modern workers consume information, and how important search engines remain to finding useful and/or interesting information.
Over the past couple of days, I’ve reinstalled Windows 10 on my colleague Kim’s Lenovo T530 laptop. I also installed a Samsung EVO 840 mSATA SSD as the unit’s new boot drive. The prior occupant of that role was a three-year-old HGST 500 GB HDD (probably still a Hitachi hard disk at the time it was manufactured, though the brand is now part of the Western Digital family). I’m pretty sure most of the resulting performance improvement comes from switching from a spinning disk to an SSD, but the results of this switchover are nothing short of amazing. Where the laptop used to take almost a minute to boot, it now takes less than 10 seconds. Where it used to take almost 30 seconds to shut down, it now finishes that task in about 7 seconds.
The old partition scheme featured 5 partitions.
The real benefits from the clean install include more than just a speed boost, they also encompass the following improvements as well:
- Vastly increased system stability: even though the previous install reported back from DISM /online /cleanup-image /checkhealth with no component store corruption, it suffered from numerous quirks and instabilities. Not the least of these was recurring issues with the Start menu (subsequent research lays responsibility for these faults on Dropbox, BTW, not MS).
- Reduced system clutter: a clean install sweeps away all updates and applications that are outdated and/or unused. That’s because (a) they don’t get applied or (b) because they don’t get re-installed. Once again, Ninite proved invaluable in making it easy-peasey for me to reinstall the apps that Kim wanted on her machine. The only to-dos left were for-a-fee subscription suites such as MS Office 365 and Adobe Creative Cloud.
- Driver sanity: I used SlimWare’s excellent DriverUpdate to bring the T530 drivers up to snuff. Despite Win10’s generally great driver handling abilities, I ended up adding or updating 14 drivers after the clean install completed. Several items, such as Intel’s Rapid Storage Technology, are not included in the base install from MS and need to be added if one wishes to use their facilities. Thanks to DriverUpdate’s outstanding automation, all I had to do was to reboot, reboot, reboot while those installs kept completing to make sure they altered system state and configuration as they were supposed to.
I did encounter a couple of gotchas on my way to completing the add SSD/clean install task list. They included an unwillingness for the OS (diskmgmt.msc, actually) to “see” the Samsung mSATA SSD until after rebooting twice following physical installation, and the unwillingness of the HGST drive to surrender its priority position in the BIOS boot order, no matter what contortions I went through with BCD editing, startup repair, and so forth. I eventually had to delete all of that drive’s partitions in DISKPART, then restore the files from a backup to the reformatted, single-partition I created to replace the original five-partition disk structure that reflected upgrades from Windows 7 to 8 to 8.1 to 10 (depicted in the DISKPART screen cap earlier in this post).
For once, the story has a happy ending. The Samsung EVO 840 250 GB drive retails for about $150-165 right now, but remains well worth the money. Even though it’s (relatively) loafing along in the SATA-2 equivalent PCIe slot it currently occupies in Kim’s laptop, it’s so much faster than the HDD it supersedes that the system performance is noticeably and pleasingly faster. Happy New Year!
On December 4, I reported a mismatch between DISM and SFC for Windows 10 in Build 10586.17. It is apparently related to conflicting versions of the opencl.dll driver file associated with Nvidia graphics adapters, where the OS is looking for a smaller Microsoft-supplied version and the runtime environment generally also comes equipped with a larger, OEM-provided version from Nvidia itself (file sizes are 30K vs. 110-120K). Since that time, a new version of the Nvidia driver has been released (361.43) and the build number for Windows 10 has incremented to 10586.36 on the Current Branch. This morning, I tried the combination of DISM and SFC commands shown in the following screenshot, only to observe that the mismatch has not yet been fixed:
Despite changes to both sides of this mismatch since 12/4, the opencl.dll issue persists.
For the time being, unless CBS.log from SFC reports corruption in files other than opencl.dll, it’s probably best to rely on DISM to check for potential file corruption issues in Windows 10. I’ll keep checking this issue as new Nvidia drivers and new Windows 10 cumulative builds become available, and let you know if and when this mismatch disappears.
One more thing: as the foregoing screencap shows — it come from my Surface Pro 3 which hosts only Intel HD 5000 graphics from the unit’s i7-4650U CPU — this problem is not limited to PCs that host Nvidia graphics adapters, as I had originally believed. It apparently affects all Windows 10 PCs (like my Surface Pro 3) whether or not they have Nvidia graphics installed. Given this breadth of impact, I’m a little surprised that MS hasn’t yet fixed this problem.
TechNet describes Windows’ built-in REAgentC.exe command as able to “configure a Windows Recovery Environment (Windows RE) boot image and a push-button reset recovery image, and to administer recovery options and customizations.” The same reference goes onto observe that “You can run the command on an offline Windows image or on a running Windows operating system.” As one should expect with a command that operates on the way the OS recovers from problems with booting or running, this command must be run from an elevated command prompt (easily accessible through the Command Prompt (Admin) option in the pop-up menu that results from striking Windows Key-X in Windows 8 or 10).
Here’s a bit of syntax by way of example that grabs information from REAgentC for use in the disk partition (diskpart) command that provides some powerful illustration of what this command can do, and why one might want to do it. The screen capture comes from my Surface Pro 3, originally purchased running Windows 8.1, and then to 10 (it’s currently running Build 10586.36).
This SP3 tablet shows the remains of two previous OSes in its listing of recovery partitions.
[Click on image to see full-size screencap]
The preceding screenshot shows how you can combine the info option for REAgentC with the diskpart command to figure out which WinRE partition your current OS is using, to see where it fits into your current disk layout. What this information tells me is that a WinRE partition for Windows 8.1 may still be hanging around (probably in partition 1) even though it’s no longer in use, that partition 5 is where the WinRE partition boots from, and that it gets its boot image from partition 6. Were one in need of extra disk space, one could use a tool like Paragon’s Hard Disk Manager Suite to recover the space that unused partitions consume, though I’d recommend a complete image backup and a known working image restore capability (which the Paragon utility also provides) before mucking about with recovery partitions of any kind. In my case, that’s only 350 MB of disk space, so it’s not worth the effort to me to get less than 0.1% of my drive space back (the drive has 230 GB of usable storage space in all).
This is a useful tool for inspecting recovery partitions to see what’s on machines under one’s management, but REAgentC.exe also supports setting the location of a WinRE boot image of one’s construction and/or choosing. It’s also suitable for working on images offline, for admins who must manage libraries or collections of such things. You can also use the command “REAgentC.exe /BootToRE” to force Windows to boot into the Recovery Environment the next time a target machine reboots.
Good stuff, and worth getting to know!
From pocket desktops to virtual reality devices to tablets and more, expect tech presents galore stuffed in stockings and nestled neatly under trees everywhere this holiday season.
While Santa is making his list and checking it twice up at the North Pole you might want to do the same thing to find out what new devices might enter your network after the new year.
Take a look at a few of the top items tech enthusiasts are asking for this holiday season and find out what security lessons you can learn from a Barbie doll.
Have yourself a merry little mobile desktop
The Kangaroo Mobile Desktop delivers a desktop that fits in a user’s pocket. At only 14 millimeters thick, the Kangaroo works on any monitor and can easily make like a joey and hop into users’ pockets when they’re on the move. It was built for Windows 10 and runs the full 64-bit version of Microsoft’s newest OS. It even runs Windows 10 on Apple iOS devices with its OS Linx feature. In addition users can access documents, photos and OneDrive through the Kangaroo Mobile Desktop.
The big drawback, particularly in the enterprise, is the Kangaroo’s limited storage capacity. With just 2 GB of RAM and 32 GB of storage, it simply can’t replace a full desktop and should really only be used for a limited number of apps and Web browsing.
What tablet is this?
Microsoft’s Surface Pro 3 was the standard by which other tablets and notebooks were judged. Now the Surface Pro 4 is out, and although it doesn’t feature any revolutionary changes, it tweaks the formula slightly to make improvements over the Surface Pro 3. Among the changes are the addition of the Surface Pen and its magnetic dock, Windows 10 integration, and the Type Cover with its Chiclet keys, glass trackpad and fingerprint sensor.
Simply put, the Surface Pro 4 is the best Windows tablet or notebook hardware available. However, if users already have the Surface Pro 3 they don’t really need the Pro 4. Both devices have the exact same ports and users can buy the Surface Pen and Type Cover for the Surface Pro 3.
Virtual reality is comin’ to town
Smartphones make the virtual reality of today far more practical than the absurd contraptions of the past. Nowadays users just place goggle-like devices such as Samsung’s Gear VR on their heads and slide their phones into the viewers to enter the virtual world.
The Gear VR improves upon previous models by charging users’ phones while they use the virtual reality tool and rectifying the overheating issues of the past. It also includes a Super AMOLED display, wide field of view and head tracking.
Although virtual reality devices are mostly for playing games and watching videos, they could easily make their way in to the enterprise as ways for workers to look at 3D models or simulations for example.
Barbie its cold outside
As great as these tech presents are, it’s important to remember that while you’re putting up the tree, stringing the lights and in the words of Paul McCartney, simply having a wonderful Christmastime, hackers are still trying to access your corporate data. Even when you sit down for a well-deserved glass of eggnog you have to keep security at the top of your mind, especially as more and more devices enter your network.
Even Barbie isn’t safe these days. One of the hottest toys for kids this Christmas is Hello Barbie, a Barbie doll that connects to the Internet to answer children’s questions and interact with them much in the same way that Siri or Cortana work on a smartphone. It sounds innocent enough, but a security expert was able to hack into the Barbie doll and access user information, audio files and photos. He also believes hackers could access the microphone and make the doll say anything the hacker wants.
Obviously this is scary for parents, and while most workers (probably) don’t bring Barbie dolls to work, it should also be scary for you. As Internet of Things devices — which Hello Barbie is — become more popular and employees bring them to work, hackers can access your network through one of these potentially less-protected devices. They could also unearth valuable information the device picked up through video, photo or audio files. The lesson is that the more internet-connected devices you have in your organization, the more gateways there are into your corporate data.
So as your employees make merry this December and try to simplify their lives with nifty gadgets, remember the Grinch is always lurking around the corner and those gadgets could be an entry way for disaster. Happy Holidays!