Windows Enterprise Desktop

April 17, 2015  10:54 AM

Win10 to Incorporate Biometrics Boost thru Windows Hello

Ed Tittel Ed Tittel Profile: Ed Tittel
Authentication, Biometrics, Windows 10

Back in mid-March, Joe Belfiore (VP of the OS Group at MS) posted about a new biometric authentication technology to Blogging Windows. It’s called “Windows Hello” and although it has yet to make its debut in a Technical Preview build, it’s promised for inclusion in Windows 10 at some point in the as-yet indistinct future. You can read his description of this technology in the 3/17/15 post entitled “Making Windows 10 More Personal and More Secure with Windows Hello,” which also includes this intriguing screencap that apparently reports a successful “hello” experience.


When Hello works in Windows 10, you see the greeting message complete with smileyface on the splash screen.

When Windows 8 came along, part of its new feature set included built-in support for fingerprint readers. And indeed, on most of the laptops and tablets I tried that included fingerprint readers (most were of the AuthenTec variety), fingerprint support (enrollment and subsequent recognition or rejection) worked immediately following installation, and integrated with Windows login so that I could scan a fingerprint instead of typing in a password. As I understand what Windows Hello will do in Windows 10 is to add support for the Intel RealSense 3D camera, and also incorporate facial and iris recognition into its bag of biometric identification/authentication tricks. Thus, in much the same way that it will continue support for fingerprint readers, it will also add enrollment and recognition/rejection features for the aforementioned camera into its built-in capabilities, and integrate them into the Windows 10 login process as well. In addition, MS will also integrate with the Microsoft Passport environment, so that successful Hello recognition will also tie users into any of the various remote sites and/or services that currently require a Microsoft Account login today.

In fact, Microsoft Passport depends on asymmetric key cryptography for authentication. Also known as public key encryption, it endows uses with a private secret key and a related public key as a split form of authentication and proof of identity. Messages encrypted with the public key can only be decrypted using the private key, so successful decryption of a message or inquiry so encrypted constitutes a powerful proof of identity and can even be considered a form of “self-authenticating data” in that the ability to decrypt proves that the recipient possessed the key necessary to access message contents. This means that Passport bypasses any need to store secret keys or passwords online for authentication, and can use your public key to obtain necessary proofs of identity (one simple mechanism might encrypt a randomly-generated URL, for example, that a user would then click to continue  a secured interaction with a system or service). The private key is tied to the system where biometric recognition occurs, and can be related to or based around unique markers association with such recognition.

For a different and more detailed take on Microsoft Hello, check out Greg Shultz’s take on that technology at TechRepublic, in his 4/10/2015 story entitled “Windows Hello brings biometric security to Windows 10” or Mark Hachman’s “Microsoft’s Windows Hello will let you log into Windows 10 with your face, finger, or eye.” I’ll be curious to see how it plays out following a public release, and how much incremental cost the Intel RealSense 3D camera is likely to add to a typical tablet or notebook PC.

April 15, 2015  10:36 AM

Original/Early Win10 Builds Expire Today, Quit Booting after 4/29

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10

Has it really been that long since the first Windows 10 Technical Preview went live? Sure enough: Builds 9841, 9860, and 9879 all expire on April 15, 2015, and will quit booting when the clock ticks over to April 30, 2015, in just over two weeks. Here’s the blurb from the Windows 10 Insider Hub that tells the story, with a warning worth heeding:


Please note what happens if you procrastinate past the “freshness date!”

The current build for Windows 10 is available through Windows Update in the Settings app, and also through a link in the aforementioned update in the Insider Hub app as well. If you are trailing behind on any Windows 10 builds, you’ll want to make sure to catch up before April 30 rolls around, because you’ll be forced to do a bare metal clean install of some OS (Windows 10 current build or otherwise) just to get your machine to boot. You’ve been warned!

And you thought “Tax Day” was just about punishment from the IRS. Now, Microsoft is doing its bit to add to the joy… To complete the information about what expires when, here’s a table of expiration and “stop booting” dates for all major Windows 10 builds, courtesy of RajithR, an MS Support Engineer, over at the Windows Insider Program:



April 13, 2015  12:19 PM

System Refresh Leaves Interesting Items Undone

Ed Tittel Ed Tittel Profile: Ed Tittel
Backup and restore, Disk image, Windows 8.1

In experimenting with a full system recovery recently on my Microsoft Surface Pro 3, I’ve been trying various methods to get from a current bad system state to a current good one. But while a recovery from a system image produces a complete restore of the system at the time of its capture, refreshing that system to roughly the same point in time still falls a wee bit short of what I would call a full and complete recovery. “What’s missing?” you ask. “Mostly passwords, keys, and other security related information” is the answer. Let me provide a detailed list of what I’ve noticed so far in working with a recent custom refresh on my SP3, created using RecImgManager, an excellent bit of free software from SlimWare Utilities that permits users to capture the current system image and use it for a system refresh.


RecImgMgr captures current system snapshots that work with the built-in system refresh capability in Windows 8 and newer versions.

The List of Missing Items and Elements
1. All Wi-Fi authentication information must be re-supplied, after you identify your chosen wi-fi network(s)
2. Had to repair the 8GadgetPack install (also typical when upgrading Windows 8 or 10 versions)
3. Any applications missing from the Refresh image must be re-installed; because MS Office Click-to-Run runtime was deleted following its initial installation, this meant that I had to revert to a standard installation for MS Office Professional 2013 on my test machine simply because the Click-to-Run installer was no longer present on the SP3 when the refresh snapshot was made. Because I couldn’t repair the C2R install, I had to uninstall it, then (re)install from an MS Office 2013 ISO file from MSDN.

Close, But Not Exactly the Same as Restoring a System Image
When you restore a system image (either from the File History’s “System Image Backup” option at lower left in its application window, or from a third-party backup program such as Acronis True Image or Auslogics File Recovery Pro) you don’t have to worry about most of the various items in the preceding list (though an application missing from the snapshot wouldn’t be present, of course, the C2R installer would probably have remained available). Be aware that there are some differences between a system refresh and an image reversion, and you won’t suffer any unpleasant surprises as a consequence.

April 10, 2015  10:39 AM

Problematic SP3 Drivers Identified

Ed Tittel Ed Tittel Profile: Ed Tittel
Device drivers, Surface Pro, Troubleshooting, Windows 8.1

Over the past two weeks, I’ve been engaged in a part-time exercise to rebuild my Surface Pro 3 from a clean re-install of Windows 8.1 Update 1. This has proved to be an interesting exercise for many different reasons, not least of which has been an ongoing trial-and-error effort to determine which of the latest device drivers that are currently available actually work on the platform, and which do not. I have come to the end of this particular trail, and now wish to report on my findings.


After one-at-a-time attempts to match all drivers to the DriverAgent analysis, I determine that 4 drivers must be “held back” to maintain stable, proper operation.

The other three drivers that do not appear in the preceding screen cap, in addition to the Intel HD 5000 graphics driver shown therein (running version, but for which a newer version is available), are as follows:

Driver Name                                 Working                Latest Version
1. Realtek High Definition Audio       
2. Realtek USB 3.0 Card Reader    6.3.9600.31207       6.3.9600.31208
3. Android Composite ADB             6.3.9600.17041

For each of these four drivers, installing the latest version causes the system to misbehave, by which I mean either an inability to shut down properly (usually because of the Pages_Locked_in_Memory error I reported on in earlier blog posts on this topic) or because the “updated” device fails to work properly or at all. Apparently there is some method to Microsoft’s madness in limiting drivers to those it has tested and vetted rather than the “latest and greatest” available, as programs like DriverAgent seek to identify and recommend. I just wish MS would keep a list of this stuff on its Surface Pro 3 pages so that finding out which ones work (and which ones don’t) could proceed from knowledge and insight, rather than the trial-and-error I had to conduct for myself (and which others in the same boat must presumably conduct for themselves as well).

April 8, 2015  10:45 AM

Interesting Benefits of Click-to-Run Office Installation

Ed Tittel Ed Tittel Profile: Ed Tittel
Application virtualization, MS Office

I’ve just recently rebuilt my Surface Pro 3 installation, and am still recovering from that aftermath. Upon discovering a link to “Click-to-Run” installation for MS Office Professional 2013 on my refurbished desktop this morning, I decided to give it a try, and discovered a hidden benefit, or perhaps a cluster of related benefits. C2R, as I like to abbreviate Click-to-Run, is described as “a streaming and virtualization technology that is used to install Office products.” It works with Office 365 subscriptions (Office 365 ProPlus, Visio Pro for Office 365, Project Pro for Office 365, SharePoint Designer 2013, Lync 2013, and Lync 2013 Basic), but also with Office retail products (Office Professional 2013, Office Home and Business 2013, Office Home and Student 2013). Here’s what product information shows up about my brand-new install:


The C2R version of MS Office installs quickly and update automatically.

Imagine my surprise when the install process started and the runtime let me know I could start using Office apps right away, even before the install was complete. Sweet! Imagine my subsequent astonishment when I went to update the MS Office install (usually, this is a multi-step interaction with Windows Update that requires at least half an hour and sometimes as long as an hour to complete) and observed that the installation was already up-to-date. A little additional online research informed me that C2R retail installations, just like their subscription based counterparts, are updated automatically outside the Windows Update environment, and don’t require updates to flow through Windows Update at all. And for those who want or need to run multiple versions of Office side-by-side on the same PC, C2R for 2013 works alongside conventional installations of Office 2007 or 2010.

Good stuff! I’m going to try C2R on my next desktop build (or rebuild) and see how it works there, too. I’m curious to see what happens when, as is sometimes the case, I must run Office on a mobile PC when no Internet is available.

April 6, 2015  10:06 AM

Fixing 2 Win10 Build 10049 Gotchas

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, Windows installation

I’ve got two test machines upon which I’m running the latest Win10 build, namely 10049. In getting those machines up and running, I’ve found myself subject to 2 inadvertent gotchas along the way. Because one prevents the build from activating, and the other sucks up beaucoups disk space (about 2.5 GB) I’m going to share the fixes as well as explain what’s going on in each case.

Gotcha 1: All Language Packs Automatically Install

Through some no doubt accidental configuration setting, downloading Build 10049 from Windows Update automatically installs all available language packs for Windows 10. Although that current list includes “only” 19 languages at the moment, that still represents a lot of data which in turn sucks up substantial disk space. To uninstall unwanted language packs enter the command lpksetup /u at the Windows command line, then pick all the languages you wish to have uninstalled from the “Install or uninstall display languages” window that pops up in response. The whole process takes about 15 minutes to complete if you eliminate everything except your core language (and the base English MUI which is always installed). This also explains why installing Build 10049 seems to take longer to download and install than previous Win10 builds: it includes a whole lot more data!


It takes around a minute for each language to uninstall, so multiply that by 17 for total removal time.

Gotcha 2: Yet Another Hard-to-find Activation Key

If the ISOs are available for a Win10 build, all you generally need to do to grab the activation key for that build is to visit that page. But when the build is only in the “fast-ring” stage, the ISOs aren’t yet available, so one needs to do some hunting and pecking to find that key. This time around, I located an MS Community Wiki article entitled “How to activate the latest Windows 10 build” that provides the key despite also claiming that “By default, Windows 10 builds are pre-keyed, meaning, you do not have to enter a product key and should not be prompted to enter one even after Windows 10 has completed setup.” Alas, I must be either cursed or unlucky, because Windows Activation has demanded a key from me for every Win10 build I’ve installed from Windows Update so far (the ISO versions don’t seem to suffer from this gotcha, either). At any rate, you can find the key needed for a successful activation on that page if you need it, as I did.

April 3, 2015  10:58 AM

USB 3.1 Type-C Comes Closer to Your Desktop

Ed Tittel Ed Tittel Profile: Ed Tittel
USB, USB devices

“Why,” you may be thinking as you read the title of this blog post, “would I care about a high-speed interface on my desktop when it’s most likely to show up first and foremost on notebooks and tablets?” Why, indeed? And now that Asus has produced what looks like the first PCI-E x4 interface card for the Type-C version of USB, their promotional materials provide an interesting figure by way of a potential answer (but a potentially ticklish one, too, as I’ll explain further):


ASUS is apparently first-to-market with an adapter card to bring Type-C USB to older PCs with empty PCI-E x4 slots or better.

As you might expect, this great leap forward comes with at least one catch, and maybe two. Catch 1 is that you need to consume a PCI-E x4 slot to add just one USB 3.1 Type-C port to your PC. I’m going to guess that this may represent an expensive consumption of slot space for many users in the target audience for this hardware. Catch 2 is that exploiting the gains in read/write performance (which are for sequential data, and thus most applicable to laAnrge file reads or writes) requires support for something called “USB 3.1 Boost” that needs to be turned on in the PC’s BIOS to work. Right now, only updated ASUS motherboards using 9-series chipsets can take advantage of this feature. And finally, the only place I can find this item for sale right now is at, where it goes for the princely sum of $95 (by way of comparison, I paid around $70 recently to add 4 USB ports on an x4 card that gave me four discrete ports, each with its own independent USB controller).

Right now, I’d put the USB 3.1 Type-C retrofit technology at the stage of “nice and interesting but by no means must-have.” I guess when it starts taking up significant mindshare with hardware and peripheral device makers and end-users alike, that stage will change. Here’s hoping!

[Note Added 4/7/2015: Found a link to a Sunix USB 3.1 card via Windows 10 Forums that proclaims itself to be “the world’s first USB 3.1 cards” available for delivery this month. The press release itself is undated, but it appeared on Windows 10 Forums on April 1.]

April 1, 2015  9:59 AM

XP Holding Steady While Win8.* Versions Close In

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, Windows 7, Windows 8, Windows 8.1, Windows XP

Gadzooks! Has it really been 32 months since Windows 8 was unleashed on the world? Indeed it has, and supplanted even, with Windows 8.1 in February of 2014. But only now are Windows 8 versions coming up to approach the fading majesty of Windows XP, as shown in this morning’s pie chart from NetMarketShare for Desktop Operating System Marketshare by version:


Windows 7 remains king of the hill, but at 14.07% Win8 versions are closing in on XP’s 16.94%
[Source: NetMarketShare 4/1/15]

I’m guessing we’ll see the numbers for Win8.* versions surpassing those for XP on or before the end of this quarter, at which point increasing interest in Windows 10 will probably put a quick cap on that current desktop OS’s overall growth. The “Vista effect” does indeed seem to be hampering Windows 8.1’s uptake, but hopefully this means that Windows 10 will enjoy an exaggerated bounce in adoption as a result.

While I’ve learned to live with Windows 8.1, thanks in no small part to Stardock’s excellent Start8 software add-on that brings the Win7-style Start menu back to Win8 versions, I’ve been learning to like Windows 10 quite a bit more since the technical previews started flying late last year. MS is doing a much better job of soliciting, listening to, and acting upon beta testers’ feedback with Windows 10, and it shows all over the place in the upcoming desktop OS. Although Stardock does have a Start Menu program for Win10, it’s not really necessary (I’m using it on one test machine to see how it works, but not on another, and am able to do everything I want on the OS easily without it). Applications and apps run seamlessly and even side-by-side in Windows 10, with no painful switches between the old-fashioned desktop UI and the new-fangled Windows Store UI needed or necessary (apps and OS UI elements run in windows on the desktop for those who base their operations in that mode). It will be very interesting to see when Win10 appears in the NetMarketShare pie chart, and how quickly that slice of the pie grows over time. Stay tuned!

March 30, 2015  2:19 PM

Restoring Surface Pro 3 Poses Interesting Challenges

Ed Tittel Ed Tittel Profile: Ed Tittel
Device drivers, Surface Pro, Windows 8.1

In the wake of last week’s firmware updates for the Surface Pro 3, released outside the usual “Update/Patch Tuesday” timeframe, I decided to upgrade the drivers on that machine as well. I shouldn’t have: one of the RealTek drivers I updated (for either RealTek Audio or the unit’s built-in card reader, which handles the microSDXC card I used to extend storage) is apparently hooking pages it won’t release upon shut down. This provokes the “PROCESS_HAS_LOCKED_PAGES” error, and prevents the machine from shutting down properly (error code 0x00000076), and generally describes one of the symptoms of an ill-behaved or improper driver for the hardware it’s running on. Initially, I thought it was the Intel HD 5000 graphics driver, because discussion of the error message online pointed rather firmly in this direction. In fact, Action Center kept reporting an issue with the video driver, even though I had uninstalled the newer version and replaced it using the “Update driver” option on the device’s properties page in Device Manager.


When it’s good it’s very, very good, but when drivers go bad, it’s horrid!

“Fine,” I thought to myself, “I’ll just roll back to an earlier system image or restore point.” Sounds easy, but turns out to be harder than I expected it to be. The issue with a shut down problem quickly led me to understand that I couldn’t use a restore point from inside the OS (it still has to be able to shut down and restart properly for the restore point process to complete successfully, and thus also, deliver the desired outcome — namely a bootable functioning system with the older drivers in place). That’s why I found myself booting from a Windows 8.1 install UFD, and invoking the repair option after getting the installer up and running. Clicking through “Troubleshoot,” “Advanced Options,” and “System Restore” menu options, I was able to select an old enough restore point to precede the day my troubles started and believed I’d be able to resume operation with a known working set of drivers. But alas, Restore reported it was unable to access a file and was therefore unable to restore to the earlier state of things, observing that my anti-virus software might be causing the problem. Of course, this was an installer driven restore attempt, so there was no AV software in the picture. Very interesting!

As it happens, and much to my delight, Paul Thurrott released an article just yesterday (3/29/15) entitled “Tip: Be Prepared to Recover your Surface Pro 3 No Matter What Happens.” It describes where to find the files for a Surface Pro 3 (abbreviated SP3 from here on out for brevity) to creater what he calls an “uber recovery drive,” which requires a 16 GB flash drive (I dedicated a USB 3 Patriot TAB model I had laying around for this purpose). It also describes using the Windows 8.1 built-in “Create a recovery drive” to copy the contents of the recovery partition on the SP3 to a second and separate UFD, which need only be 8 GB in size as well.

Now realizing that I needed to rebuild the OS on the SP3, I decided to first try the factory refresh approach from inside the OS, after creating both of the UFD prescribed in Mr. Thurrott’s article. As I had feared, the results were that as soon as refresh sought to restart, the shut down error preventing the process from proceeding any further. The SP3 refused to start up from the uber recovery UFD, so I used Rufus and the Windows 8.1 with Update ISO to create an install UFD, and was able to get into the Reset Your PC mode where it stayed at 3% complete long enough for me to fear further difficulties. But then it advanced to 5%, 6%, onward and upward until the process completed successfully. Then, all I had to do was re-install all of my applications (which gives me a chance to check out Ninite, as I’ve wanted to for a while), after catching up on updates, to get back to where I started.

The moral of the story is: when it comes to the Surface models, stick to the drivers from Windows Update only. My urge to experiment really got the better of my caution and system savvy this time. I don’t intend to this again any time soon!

March 27, 2015  11:32 AM

Latest Surface Pro 3 Firmware Update Leads to Learning

Ed Tittel Ed Tittel Profile: Ed Tittel
Device drivers, firmware update, Surface Pro

When I saw through the various news outlets that Microsoft had released an out-of-band Firmware update for the Surface Pro 3, I knew it was probably worth jumping onto sooner rather than later. Little did I realize that tinkering with device drivers might cause some heartburn along the way. Whereas other users who hadn’t updated drivers beyond the Microsoft recommended items reported little or no difficulty with applying the firmware update, I found myself unable to do so for some time. The issue stems from one of the “unauthorized” drivers causing an issue upon shut down (which necessarily precedes restart) that prevented the system from achieving a normal and complete shutdown.

This issue is important because the handoff from the OS to the low level boot routines must succeed prior to shutdown, so that the firmware files (which are run after UEFI/BIOS comes up, but before the OS itself boots) can be handed over and scheduled to be run during the next restart. And, without a proper shut down, I found myself unable to achieve the restart that included loading and installing those new firmware updates. Eventually I was able to solve my problem by selecting only the Firmware Update for installation, after which the whole process went through without a hitch, and now the system is running more or less as it should be.


Some filenames here are more helpful than others, but no version info or dates anywhere.

This led me to understand that one ventures beyond the recommended device drivers for the Surface Pro 3 at one’s peril, and also showed me that MS is not doing a stellar job of documenting what the correct set of drivers should be. Instead they provide a pointer to a download page for Surface Drivers, where one can find a list of driver files for download that might (or might not) be relevant to one’s actual driver needs. Searching on the KB numbers in those filenames, where available, helps shed light on some things (such as the type of device for which a driver is included) but no light on others (especially aggravating: no information about version numbers or dates of the drivers included).

Next week, when I have a little more time, I’m going try to rectify that deficiency with a little old-fashioned detective work. In the meantime, I’m replacing drivers one at a time until I can find the one that makes my BSOD upon shut down problem go away once and for all. If anybody has more insight into this issue than I do, or can suggest a better troubleshooting approach, please post a comment here and let me know what’s up. Thanks, and have a great weekend!

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: