One week ago, I posted a blog here entitled “Windows 8.1: More Than an Update, More than an SP.” The point I was trying to make therein was that upgrading to Windows 8.1 involves some interesting and unexpected changes, especially where device drivers are concerned (many of which get replaced as a consequence of the upgrade, sometimes even involving over-writing newer already-installed drivers with older ones, sometimes involving driver replacement when 8.1-specific items are known to the Windows 8.1 installer). This post provoked an interesting comment from user “Branestawm” (Richard) who warned against upgrading to 8.1 on a Lenovo laptop:
My advice would be not to update to 8.1 if you have a Lenovo laptop. Their website lists a large number of incompatible models. I have an Ideapad U330 Touch (which is supposed to be OK) and have just reinstalled 8 after my problems.Many people share this problem, as can be seen on the Lenovo forum:http://forums.lenovo.com/t5/IdeaPad-Y-U-V-Z-and-P-series/Windows-8-1-on-Ideapad-U330-sleep-problems-etc/m-p/1313499/highlight/false#M105920Other models have similar tales of woe. Lenovo support say that they are working on the problems, but I can’t understand why they were not sorted out before launch.DON’T UPGRADE YOUR LENOVO!Richard
Yes, that’s right: I was able to update ALL drivers for the T520 to most current status for 8 and 8.1!
Interestingly, DriverAgent showed 4 drivers as behind the curve on Windows 7 SP1 before I started the adventure, and that represented the best I was able to do in terms of getting those drivers completely up-to-date. Yet after each upgrade (first to 8, then to 8.1) I started out with only two drivers behind the times on either of those releases. In other words, my driver status right after the upgrade was already better for either of the two Windows 8 versions I worked through than it had been for Windows 7 to begin with. That was a real surprise, and differs dramatically from my experiences on other systems from Dell (an XPS12 convertible notebook and my son’s XPS2710 touchscreen All-in-One) and on home-built systems, both of which include Asus motherboards (a P6X68D-E on one, and a P8Z68-V on the other), and an Acer 5552 notebook with an AMD dual-core CPU.
As always, the devil is in the details. I don’t think it’s necessary to warn any and all Lenovo notebook owners off of the Windows 8.1 upgrade process completely, but that doesn’t mean every upgrade will go as smoothly as mine just did, either. YMMV, indeed.
I’ve blogged many times here about the excellent Secunia Personal Software Inspector (PSI) tool, which checks all the installed programs on a PC and compares them to its database of current (and fully patched, as in the case of the Windows OS itself) software programs and systems. Recent PSI versions have, however, been subject to a variety of “issues” with Windows 8 and 8.1, especially on PCs running Internet Explorer version 11, which primarily manifest in one of two forms:
1. The software scan hangs prior to completion, and never appears to complete
2. As a Windows (8.1) system freezes, a message that reads “Stop running this script” appears on-screen.
In another recent (11/22/2013) InfoWorld article (“Secunia fixes PSI…“), Woody Leonhard explains that the easiest fix for these problems was to roll back from the most current version (126.96.36.19913) to its predecessor, 188.8.131.5211. With the release of a new version (184.108.40.20615) all of these problems have apparently been solved.
When I went looking to figure out which versions of PSI I had installed on my various notebook, tablet, and desktop PCs, I quickly learned two interesting things. First, there’s no easy way to get version information about your PSI install unless you run a scan, and then check the details on the listing for PSI inside of the “Show Programs” view from PSI itself. If you find the program icon, right-click it, and select “Show details” you’ll see something like this:
Interestingly, the easiest way to get information about which version of PSI you have installed is from examining details about the program compiled in a PSI scan.
Second, it’s clear from looking at my various PCs with version 3 of PSI installed that PSI doesn’t update itself, either. I found versions ranging back to 220.127.116.11xxx, depending on how long ago I had installed the program on the particular machine I was checking. I also learned that if you download and reinstall a newer version, PSI will automatically uninstall the older one before installing the newer, and migrate scan results, settings, and other data into the new version more or less seamlessly.
The bottom line here is that Windows 8 and 8.1 users with Internet Explorer 11 installed (voluntary on 8, automatic on 8.1) should immediately download the latest PSI version and install it on their PCs.
The Enhanced Mitigation Experience Toolkit (EMET) is a collection of Microsoft security tools and software designed to protect Windows users from zero-day exploits. I first blogged about it in September, 2012, and its general content and coverage remains current even today. A recent update to this toolkit (dated November 12) is now available, and even though Windows 8.1 doesn’t appear on the list the Windows versions it supports, it works fine on the half-dozen or so test and production systems upon which I’ve now deployed it.
Not only does EMET 4.1 work with Windows 8.1, it also offers some nice updates and improvements to the previous version (I was still running version 3.0 until I found this).
EMET 4.1 is smart enough to recognize when it gets installed on a PC running an earlier version, and to remove the older version of the program before installing itself. Those already familiar with earlier versions will notice some interesting changes as they explore the new GUI interface for the 4.1 version. There’s also a helpful 42-page User Guide that comes bundled with the application. Security aficionados will find the explanations of the program’s various mitigation techniques (Section 1.2), application mitigations, and its built-in protection profiles particularly interesting. There’s also a section on deployment that aims primarily at System Center that will speak to anyone who’s using some form of centralized management to push the latest EMET version out to a user base.
One word of warning, straight from the User Guide: “As of EMET 4.1, we no longer support EMET 1.x or EMET 2.x. We will continue to support EMET 3.0 until June 2014, 12 months after EMET 4.0 release.” Also, there’s a 5.0 version planned for November, 2014, twelve months after 4.1’s release.
I’m approaching a ten count on applying the Windows 8.1 update/upgrade to Windows 8 systems, many of which I had first to upgrade to Windows 8 to take advantage of that free upgrade from the Windows Store. As my count has crept up, I’ve begun to notice more interesting aspects of the process that really didn’t impress themselves on me sufficiently on my first two or three such efforts. At this point, I feel better equipped to pause and reflect about what I do and don’t like about the Windows 8 to Windows 8.1 update/upgrade process.
MS Support explains the various steps and potential stumbling blocks to a successful Windows 8 to 8.1 upgrade.
1. Aside from the half-hour plus needed to download the upgrade file (which the MS store lists at 3.6 GB) the application process is pretty fast and mostly straightforward, especially on PCs already linked to Microsoft accounts.
2. On machines with Intel Rapid Start Technology, UEFI, and SSDs, the technology truly lives up to the name. My various qualifying PCs and laptops all boot in under 25 seconds, and shut down in 5-10 seconds. Wow!
3. Even aside from technological sleight of hand like Intel RST, 8.1 seems a bit zippier in everyday activity than did 8. The overall user experience is also more consistent and predictable, too.
1. You’ll need to reinstall certain elements after the upgrade — most notably, start menu replacements like Start8 or Classic Shell.
2. Surprisingly, lots of settings and preferences (such as those made in Task Manager, for example) get reset to their defaults after the upgrade is over.
3. Even more surprising, Windows 8.1 overwrites up-to-date drivers on Windows 8 with out-dated drivers in Windows 8.1 (not even Service Packs do this across the board, as does Windows 8.1). On several machines I went from one or two (erroneously identified) bad or out-of-date drivers in DriverAgent on Windows 8 prior to the upgrade to eight to ten (mostly correctly identified) bad or out-of-date drivers for Windows 8.1 post-upgrade.
4. Lots of people have already written about the issues involved in upgrading on a machine without a linked MS account; on my wife’s PC she got badly bitten because her account is purely local (who knew before researching that “Create a new account” would lead to an account bypass opportunity?).
I’ve also read some interesting horror stories about incompatibilities in Windows 8.1 that prevent it from running on systems that would happily run 8.0, and I’ve seen enough bits and pieces of software (and drivers) that didn’t gracefully transition from 8 to 8.1 that I wish MS had included a standalone compatibility checker for the upgrade (the MS “Update to Windows 8.1 from Windows 8” page claims that “…we check your current desktop apps and connected devices, and let you know what you’ll need to do to get them ready for the update, or to get them working again after the update”), because I’ve heard of enough missed items, and encountered a few myself — e.g. Start8 — to know that this works better in the literature than on various specific PC configurations.
All in all, it is really more like a major OS upgrade along the lines of Vista to 7, or 7 to 8, than it is like applying an SP to an existing OS. If you proceed from that understanding, you’ll have less cause for concern or alarm as you work your way through the “update” process!
I found myself on the phone this morning, talking to my former MCSE trainer, Herb Martin, who also happens to be something of a PowerShell and .NET programming whiz as well. I’ve gotten far enough into my Powershell script to know I’ve got something potentially useful. Now it’s time to bring in a real professional to turn it into something ACTUALLY useful instead. So that’s what I’m doing. Here’s what the output from the script looks like at the moment:
It’s the same info as reported in earlier WEI versions, with the same general layout, and a “close enough” format to be instantly intelligible.
In the course of our discussion, I found myself explaining to Herb why I’m doing this, and taking a “next step” beyond my own abilities to turn the work into something worth sharing with the world at large. Here’s how I justified the extra effort and expense involved in doing things right: I told Herb that anybody can complain or whine about Microsoft, or point out how something that MS is doing (or not doing, as seems to be the case here) isn’t right, fair, of sufficient merit or quality, or whatever other stimulus may be causing the complainer to hold forth. But once I understood that anybody could grab and use this information I realized that given my knowledge of HTML, XML, and PowerShell, I could put something together that anyone could use. So rather than rail at Microsoft for leaving WEI out of Win8.1, I’m simply going to offer a simple, straightforward tool to remedy that lack.
Herb made some great suggestions about this tool in our initial discussion, which we’ll follow up on next week. Independently, he also suggested converting the code to a small C# program that could then be compiled into an .exe file to make it into a “real program.” That sounds like absolutely the right ticket to me. But whether it stays a script, or turns into a program, I hope readers will find the approach of building something that’s missing better than waxing wroth because MS didn’t include it in the 8.1 System control panel applet. If you’re really dying to play with this before I’m ready to set it free on the Internet, drop me an email at ed at edtittel dot come with “Send WEI Script” as your subject line. You can play with it before it’s finished, too, if you like.
Stay tuned for further news on this software development. I’ll let everybody know when the final version is completed, and the resulting tool becomes freely available to any and all interested parties.
[Note added 11/15/2013 2:20 PM: A near-final version of the build-wei.ps1 script is now complete, and apparently working, so I can provide that file and operating instructions to those who send e-mail requests for same. Don’t forget to put “Send WEI script” in the subject line, and send it to ed at edtittel dot com, please!]
Woody Leonhard has been one of my ongoing sources for tips, tricks, and inside Windows (and MS Office) information for over 20 years now. That’s why I was delighted to find an unusually tasty nugget of Windows insight and information in a recent Slideshow he put together for InfoWorld. Entitled “The hidden fangs of Windows 8.1 — and how to avoid them,” he includes an item on how to obtain the information that recent versions of Windows up through Windows 8 (source of the following screencap, in fact) have presented under the heading of the “Windows Experience Index,” often abbreviated as WEI.
Widely reported as no longer available in Windows 8.1, MS simply chooses not to report data that it still gathers.
As it happens, reports to the contrary notwithstanding (namely, that Windows 8.1 no longer compiles data to calculate the WEI), Woody points out that you can indeed obtain this data from Windows 8.1 if you’re willing to jump through some command line action and inspired data access to do so. Here’s how, in step-by-step form
1. Launch a command window in Windows 8.1: A search on cmd.exe will do nicely for this task; right-click the item and select “Run as administrator” from the resulting pop-up menu. On an unaltered Win 8.1 desktop, right-click the Start menu button and select “Command Prompt (Admin)” from the resulting pop-up menu instead.
2. Enter the command string winsat formal at the command line.
3. Use File Explorer to navigate to C:\Windows\Performance\WinSAT\DataStore
4. Right click the first Formal.Assessment file you see (or the most recent such file, if your file listing criteria don’t show most recent files first), click Open with, then use Internet Explorer to view the contents of this XML file (the full name of this file on my PC was 2013-11-12 18.06.44.438 Formal.Assessment (Recent).WinSAT.xml)
5. Look for the section in the XML document labeled <WinSPR>; everything inside that block up to the closing </WinSPR> tag provides the data that used to appear in the old Windows Experience Index display shown earlier (and then some).
If know what to do, and where to look, Windows 8.1 continues to provide WEI data as shown right here.
WEI is a rough-and-ready tool for assessing Windows performance and system capability. It’s not on a par with more serious performance evaluation suites like SiSoftware Sandra, PCMark, Passmark Performance, and so forth (see this great slideshow from Tom’s Guide for a list of 15 PC benchmarking programs including commercial and freeware offerings). But WEI is something familiar and comfortable that Windows users have had at their disposal since the XP days. By following these simple steps, you can see how a Windows 8.1 PC ranks on this rating scale, too.
Thanks to old friend, occasional co-author, and MS Security MVP Deb Shinder, I’m now aware of a snazzy little utility named 8GadgetPack that restores those ever-so-handy-and-informative desktop gadgets to Windows 8. For those who don’t recall, gadgets were stripped out of Windows just over a year ago because of security concerns, more or less in synch with the release of Windows 8 (here’s an undated MSDN article entitled “Desktop gadgets removed” that provides MS’s official rationale for that decision). Given that Ms. Shinder is a ten-year recipient of the MVP with a focus on Enterprise security — see her bio for more details — I feel even more comfortable adding back Gadgets to Windows 8 than I did before, in stubbornly refusing to give them up on Windows 7 (all of my surviving Windows 7 machines still run them).
The screen capture you see to the left of this text material shows what the default install of 8GadgetPack looks like on my production Windows 8.1 PC. It appears in the old-fashioned (but very handy) fenced-in sidebar area reserved on the right-hand edge of the screen that was introduced with Windows Vista, and removed in Windows 7. Those who elect to put their gadgets elsewhere, or do away with the fenced in area completely, need only right-click inside the sidebar and manipulate the program’s Options settings to arrange things more to their liking. I like these defaults (at least for now: it’s still only my second day with the program installed on my Windows 8.1 deskop) so I’m going to leave them alone for a while.
I’d more or less resigned myself to living without gadgets on Windows 8, resorting instead to a handful of other favorite tools to glean similar information from the OS to what’s show to the left of this text. But with the ability to regain access to both Network Meter and CPU Usage (both from AddGadget.com, and my two very favorite Windows gadgets because they show me what my PC is doing locally and on the network at all times with only a quick glance) I’m happy to put those items back on my Windows 8 and 8.1 desktops. The information they provide is simply too useful and informative to live without, when I don’t have to. And with dual layers of firewalls around my local network, and reasonably strong endpoint security software on all of those machines in addition, I’m willing to shoulder the security risks of compromise through those gadgets, given that my understanding is that it’s pretty minimal under these conditions.
I still need to find a reliable source for one more old favorite gadget, simply known in its own information block as the “Shutdown Gadget.” It provides a simple control bar with three icons: shutdown, restart, and logout current user. Like the other gadgets I use, it offers great convenience and easy access to functions I like to keep immediately at my fingertips (that goes double on those Windows 8 systems I own with touchscreens, where a fingertip is all that’s needed to activate those controls). By tracing it back to the name of the gadget file itself on one of my Windows 7 machines, I learned that it is named shutdown_v2.gadget, and remains available for download from Microsoft. The last time I went looking for this, I found several sites that purported to offer this item were in fact offering malware-infected payloads. The original from Microsoft remains entirely safe, so feel free to use the foregoing download link yourself, if you like.
To those who never really got into gadgets, I apologize for the “happy dance” tone of this blog post. Personally, I have always found some of these simple and tightly focused programs quite helpful, so I am delighted to see them return to my Windows 8 and 8.1 desktops. If this has been nothing more than a big ho-hum for you, after asking “Why are you still reading this?” I can add “So sorry for going off about something so apparently insignificant.” In my own case, however, the information the foregoing items provide to me (especially as I have to ponder whether or not to restart an apparently hung PC, or wait for some oddball resource consumption spike to work its way through my system) makes a certain amount of celebration entirely worthwhile. Woohoo!
Yesterday, I got on the phone with Jim Thomas and Anna Pankratova of Paragon Software, to dig a bit more deeply into the issues inherent in creating images for GPT boot drives on Windows 8 (and 8.1) UEFI systems. Thanks to their explanations, and a Paragon white paper they pointed me to (“Significant Booting Challenges on EFI Systems when Upgrading to Windows 8“) I now understand that when the Windows Boot Manager sets up a boot volume in a UEFI-GPT environment, it creates a unique ID for that volume that incorporates the following data that is then stored in EFI NVRAM (firmware, basically) as part of the boot-up configuration:
1. A GUID that maps to Boot Configuration Data (BCD), and contains unique data about a specific Windows installation on a specific host device (HD or SSD)
2. An ID for the storage device upon which the volume resides that includes the SATA port number to which the drive is attached
When you move a boot device to a different SATA port, the device ID is no longer correct, and the Windows Boot Manager will not boot from wherever that drive may actually be attached (essentially, it’s looking for that device only on its original port address). This explains why you see an entry in the UEFI BIOS under boot control for “Windows Boot Manager,” rather than a specific drive name or ID. This drove me wild in trying to change boot order to fix my problems, until I understood that “you can’t get there from here” is a natural consequence of this kind of boot organization and structure. Changing this requires editing BCD data, and may be accomplished at the command line when booting from Windows PE but is neither easy nor terribly straightforward (see the Windows and GPT FAQ on MSDN for more information).
When you migrate an image from one drive to another drive, be it HD or SSD, the GUID information that corresponds to BCD data for Windows boot-up stored in the EFI NVRAM cannot match the BCD information on the new target drive, because it incorporates device identifiers from the old device while the target drive incorporates different device identifier data from the new one. The Windows Boot Manager keeps looking for the old drive, even if you plug the new one into the same SATA port that the old one previously occupied. The boot record in Windows Boot Manager needs to be changed to fix this problem.
The brute force method for making such changes is simply to reinstall Windows to the new target drive. This creates a whole new (and correct) set of BCD information that points the Windows Boot Manager where you want it to go. But this technique requires a new OS install, a complete set of updates to make that OS current, then installation of whatever applications are needed to create the desired user configuration. A search on “BCD edit to change boot drive” reveals that partition labeling (using Diskpart or some equivalent partition management tool) is important, as is the bcdedit command line utility. Those interested in following this route are advised to check into Bo Yans’ very nice Visual BCD Editor instead, because it makes working with boot configuration data so much easier, and shields users from all the tricksy details of using bcdedit at the command line.
The Paragon tool knows how to create the proper BCD entries to make the Windows Boot Manager keep working after a drive swap.
I have now confirmed that the latest version of the $20 Migrate OS to SSD 3.0 utility from Paragon Software automates this task completely, and does a bang-up job of addressing potential partition alignment issues on SSDs that might affect IO performance on Windows OSes in certain situations. I actually prefer to think of this as a more general-purpose tool for migrating a UEFI-GPT Windows boot image from one drive to another, in fact, because the tool works well with HD or SSD drives as either source or target for such moves. To my way of thinking, $20 is a small price to pay for a quick, easy, and painless move from an old Windows 8 UEFI-GPT drive to a new one. Note: you must still retarget the new boot drive at the BIOS/UEFI level when you reboot from the replacement drive, but selecting “Windows Boot Manager” will indeed behave as you expect (and want) it to. If you try it for yourself, I think you’ll concur.
Microsoft CEO Steve Ballmer believes the cloud is going to change the way IT professionals work – like it or not.
Ballmer addressed IT professionals this week in a fireside chat session in the U.K. during Microsoft’s three-day Tech Days Online event.
“New skills will add more value to businesses and the world economy rather than putting together OS stacks,” said Ballmer. With application deployment in the data center and the ability for IT pros to tailor their jobs and solve enterprise problems, he thinks IT professionals can add more value to a company as technology helps transform the way businesses work.
But when you talk to the IT pros, they may be a little bit more skeptical about Ballmer’s view on how the cloud will change their job description.
The data is just being stored virtually in the cloud, said Mike Drips, an IT consultant based in Houston. “How will it make people think more strategically?” he wondered.
Ballmer believes the cloud can impact jobs like software development, too. He wants those developers to think 10 years into the future and write applications that run on top of Microsoft’s Azure.
Perhaps Ballmer shouldn’t think about how the cloud will evolve IT’s role but rather how IT can be a leading proponent toward putting into place the ability for changing a worker’s life style with mobile technology. It’s not just about taking a notebook and accessing a file to work from at home. It’s about being able to do work anytime, anywhere on any device. It’s about how to incorporate mobile technology into an enterprise and the cloud just becomes an enabler.
In this respect, IT can now play a strategic role in studying the way end users work and how their work behavior has changed over time. Ballmer even said as much during the chat, noting that IT can focus more on a solving an enterprise’s workflow and application needs to provide more value to the company.
As Ballmer makes his rounds on his way out as the retiring CEO, he offered three lessons for IT pros– ideas matter, passion matters, and remain tenacious.
“You need to remake yourself and this is what people need to do,” he said.
It’s sound advice for someone who will need to find his next role after running a $78 billion company.
In getting several (5) systems up and running on Windows 8 and 8.1 recently, I’ve had the chance to learn a great deal more recently about the way that UEFI systems work and behave, particularly when it comes to moving SATA drives around, and when seeking to switch a system over from a conventional spinning hard disk to a faster purely digital SSD equivalent. This learning has been surprising, occasionally painful, and quite illuminating.
I got my first clue that something was up when I used Acronis True Image Home 2014’s “Clone Drive” utility to create a bit-for-bit copy of a WD Scorpio Blue 750 GB conventional disk onto a Samsung 840 EVO SSD this weekend. As I ran the program, it informed me that I would not be able to use the resulting drive image to boot a system. “Hmmmm,” I said to myself upon seeing this, “I wonder what’s up with this? I hope I can find a way to work around it.”
My search for enlightenment led me to the following pithy and dense paragraph of information on Paragon Software’s “Migrate OS to SSD 3.0” web page (I reproduce it verbatim here, because it makes numerous points I need to unpack and explain a little further, fractured English notwithstanding):
Introduced back in 2005 by Intel to lift restrictions of the old MBR (Master Boot Record) and PC BIOS (Basic Input/Output System), uEFI (Unified Extensible Firmware Interface) is now a recommended platform for new 64-bit Windows 8 computers. And the reason is easy to catch – besides other unique features impossible for the traditional tandem of BIOS+MBR, only a uEFI-based platform enables to accommodate Windows OS on a partition larger than 2.2TB. Despite all uEFI advantages however, it has one quite naughty issue: A pretty standard operation with a bootable device for instance involving its connection to another SATA port results in unbootable Windows. You’ll get the same result if trying to boot from a cloned system hard disk. All these problems originate from the way uEFI+GPT bundle is organized. Microsoft provides how-to guides to tackle this type of problems, but they demand a great deal of experience from the user, involving the use of the cmd, diskpart and bcdedit tools. [Emphasis mine; content Paragon Software’s.]
Here’s what I’ve learned that this really means, thanks to some initially puzzling trial and error, and subsequent more deliberate experimentation
1. You can’t move the boot drive from one SATA connector to any other connector on the motherboard on a UEFI-based install. Once it’s plugged into a port, it has to stay there forever, workarounds and shenanigans nothwithstanding. I learned this the hard way when I took my wife’s new mini-ITX machine apart a couple of times to play with an mSATA drive in that machine. As I plugged the HD and DVD SATA connectors back into the motherboard, the only thing that produced a bootable configuration was when placing those two plugs into the very same receptacles they’d occupied when I performed the initial OS install.
2. You can’t boot from a cloned system disk (this applies equally to targeted hard disks or SSDs). Apparently, some kind of unique ID is created when the initial install occurs, with a pointer to a unique and specific drive/deviced ID. That information does not work if any hardware (such as the system/boot drive) or connections (home SATA port) change for any reason.
3. All these problems originate from the way the UEFI + GPT bundle is organized. I’m still in process of digesting and understanding this, to the point where I’m talking to a senior support specialist and a development engineer from Paragon tomorrow morning so they can explain this to me further. I though I understood the basics of the GUID partition table (GPT) an dhow partitions are handled in this kind of environment, but in looking over the kind of problems that people have reported in integrating MBR disks into a UEFI environment (superuser.com) or when upgrading to Windows 8 (EDNnetwork), I quickly realized the situation is more complicated than it used to be in the BIOS/MBR 32- or 64-bit era of computing, now largely supplanted by UEFI/GPT 64-bit computing. See the EDNnetwork article for some highly informative diagrams that explain where the problems come from, and why they can be vexing to fix. Paragon offers a “Boot Correction Wizard” to deal with these issues, which is why I’ll be talking to them further about this tomorrow.
All I can say is that certain issues in working with UEFI and GPT are now somewhat clearer to me, and I think I understand what went south on my various migration shenanigans this weekend. I’ll follow up later with more information, and no doubt clearer explanations, after I have a chance to review this with the folks from Paragon.