Windows Enterprise Desktop

November 18, 2019  3:46 PM

Post Upgrade Windows 10 Update Assistant Cleanup

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, windows 10 upgrade

What with the release of Windows 10 1909 last week (November 12), some may have already used the Update Assistant to apply the upgrade. Once it’s all done, there’s no real reason to keep that program around. Thus, post upgrade Windows 10 Update Assistant cleanup may be warranted. There are several ways to do this, so I’ll mention them in no particular order. Find the Update Assistant on the Download Windows 10 page, right up top:

Post Upgrade Windows 10 Update Assistant Cleanup.get-assistant

When you click “Update now,” the process begins with downloading and installing the Update Assistant to your Windows 10 PC.
[Click image for full-sized view.]

What Makes Post Upgrade Windows 10 Update Assistant Cleanup Necessary?

It’s an application that shows up in a file named Windows10Upgrade9252.exe (for the 1903 to 1909 upgrade, anyway). Right-clicking the download, and selecting “Run” installs it on the target PC. This also launches the update installer. By default, this also creates a folder named Windows10Upgrade on the system/boot drive, like this:Post Upgrade Windows 10 Update Assistant Cleanup.explorer

As soon as you give the go-ahead, the Update Assistant sets up a root-level directory on the C: drive and gets to work.
[Click image for full-sized view.]

Even though they’re no longer needed, the Windows10Upgrade folder and its contents stick around afterward. There’s really no reason for this (you’ll have to download a new one for the next upgrade anyway), so clean-up is a good idea.

Performing the Post Upgrade Windows 10 Update Assistant Cleanup

The easiest way to make this go away is to simply uninstall the Windows 10 Update Assistant. Visit Control Panel → Programs and Features, where it shows up in the list of installed programs. Right-click the program name, and “Uninstall” appears as an option. Select that option, and the uninstall program will remove the Windows10Upgrade folder and its contents at the same time it gets rid of the Update Assistant program itself. It will also remove the shortcut to the program that it leaves on your desktop, too. Alternatively, if you prefer to use a third-party uninstaller (I’m a fan of Revo Uninstaller myself) you can use something like it instead to bid adieu to the Update Assistant.

Other removal methods make the Update Assistant program unable to run through various means. Manually deleting the folder and its contents will do the trick (don’t forget the desktop shortcut, either). Or, remove execution permission on the program (Windows10UpgraderApp.exe in the Windows10Upgrade folder) for all users. That’s handled in File Explorer, where you’ll reset its “Read & execute” security properties. For those details, see Step 4 in this story from TheWindowsClub.

Personally, I think uninstalling is your best bet (it’s safest and easiest, too). When the next upgrade comes along, if you want to use the Assistant again, you’ll download and install another one, anyway. And don’t forget the cleanup!

November 15, 2019  2:04 PM

USB iPhone Link-Up Causes BSOD

Ed Tittel Ed Tittel Profile: Ed Tittel
Blue Screen of Death, PCs and iPhone, Windows 10

Hmmmm. Here’s an odd one for you. I just upgraded my production desktop to 1909 on Wednesday (Build 18363.476). When I plugged my iPhone into that machine this morning to make a backup using iTunes, the PC crashed immediately. Any USB Iphone link-up causes BSOD like this one:

USB iPhone Link-Up Causes BSOD.bsod-photo

Immediate crash/BSOD, as soon as the PC recognizes the USB plug-in. Ouch!
[Click image for full-sized view.]

Further investigation via Nir Sofer’s BlueScreenView utility produces a bug check value of 0X000001A1. This is interesting and a bit maddening because the MS Docs Bug Check Code Reference jumps over this value, going directly from 0X000001A0 to 0X000001A3. Interestingly, there’s an article on the string value SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (I’ll abbreviate this as STENH going forward) that equates it with 0x0000007E, though I didn’t find this value in any of today’s many and varied .dmp files.

USB iPhone Link-Up Causes BSOD-today's-dmp-files

Numerous dump files (5) appeared on my system drive today, in the wake of my repeated, mostly deliberately caused BSODs.
[Click image for full-sized view.]

When USB iPhone Link-Up Causes BSOD, Then What?

Of course, my first move was to report this item to the Feedback Hub. You’ll find that report there under this title “plug in iPhone via USB/Lightning cable, immediate bluescreen” if you want to check it out. The quickest way to find it is to search on “iphone bluescreen” there. So far, nobody else has responded or reacted to this submission.

My next move was to start researching the specific STENH stop code string. Alas the error does not identify a specific driver, as the MS Docs article says it might. It is pretty suggestive, however, that plugging in the iPhone causes an immediate crash each and every time on this PC. Even though correlation isn’t the same as proof of causation, I’m still inclined to think that something is up in the latest build on this particular motherboard with the various iPhone drivers.

In the meantime, because the iPhone mounts fine on my new Lenovo laptops (also running Build 18363.476, albeit as an Insider Release Preview) that’s where I’ll interact with it going forward. I’ll try plugging the iPhone in on my production PC from time to time. When that stops crashing with a BSOD, then I’ll switch back to that connection.

And so it goes here in Windows-World, where surprises never cease, and one must beware of the occasional gotcha.

November 13, 2019  12:01 PM

Windows 10 1909 Is Here

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, windows 10 upgrade

For once, the rumors about 19H2/1903 panned out. With yesterday’s Patch Tuesday, MS let slip the 1909 release. That’s right: Windows 10 1909 is here, and available through normal Windows Update channels. It’s also been integrated into the Windows 10 Update Assistant. And although the Download Windows 10 page still touts “Windows 10 May 2019 Update,” the MCT (Media Creation Tool) is indeed proffering 1909 to visitors. For those who are ready, willing and interested 1909 will serve itself to their PCs. [Warning: seems like the MS WU Servers — that is, Akamai — are pretty swamped right now. Downloads will take some time.]

Windows 10 1909 Is Here.mct-details

Check Details in the Properties window for the MCT exe file to get version info. To clarify, it works every time!

A Kinder, Gentler Windows 10 1909 Is Here

The most interesting thing about upgrading to 1909, in my experience, is the lack of fuss and bother. Download delays aside, it’s incredibly quick and painless to install the upgrade. It really is like a Cumulative Update (CU), rather than the typical Feature Upgrades of the past. In fact, it’s so much like a CU that it doesn’t even reset Reliability Monitor:

Windows 10 1909 Is Here.relimon

Normally, after an upgrade, Reliability Monitor would reset itself and start over. As you see here, the November 13 data (the day I upgraded) carries on from the preceding release.
[Click image for full-sized view.]

In the Windows Blogs, there’s a noteworthy November 12 post, particularly for Windows admins in production, commercial environments. It’s entitled “How to get the Windows 10 November 2019 Update.” (BTW, Windows 10 November 2019 Update is the official name for the 1909/19H2 release.)

What MS Recommends for 1909 Experimentation and Deployment

Here’s a pair of paragraphs from that post that should greatly interest such readers:

With today’s release of the November 2019 Update (Windows 10, version 1909), IT administrators should begin targeted deployments to validate that the apps, devices and infrastructure used by their organizations work as expected with the new release and features. Windows 10, version 1909 is available through Windows Server Update Services (WSUS), Windows Update for Business, and the Volume Licensing Service Center (VLSC)1 for phased deployment using Microsoft Endpoint Manager (the combination of Configuration Manager and Intune plus cloud-powered features into an integrated management solution) or other systems management software. (Note: The next Semi-Annual Channel release of Windows Server—Windows Server, version 1909—is scheduled for general availability later this month via the Azure Portal and the Volume Licensing Servicing Center.)

For information about the latest features for commercial customers, including the 30 months of service support for Enterprise, IoT Enterprise and Education editions, see What’s new for IT pros in Windows 10, version 1909. For specific information on the update mechanics of Windows 10, version 1909, see this blog post.

In fact, my advice is to get 1909 up and running in a test environment ASAP. Then you can do as Microsoft suggests, and get a sense of Windows 10’s new future. It’s actually quite stable and steady, as I blogged at Win10.Guru a couple of days ago. Good stuff! Be sure to check it out.

November 11, 2019  3:34 PM

Nirsoft Releases Windows Update History Viewer

Ed Tittel Ed Tittel Profile: Ed Tittel
System administrator, Windows management, Windows Update

Sure, you can always get Windows Update history from Windows 10 itself. Simply click Settings → Update & Security → Windows Update, then select “View update history” under that heading. But as is sometimes the case with built-in Windows tools, their output doesn’t always tells you everything you’d like to know about info on display. That’s why I jumped all over Nir Sofer’s lastest creation when I read about it today at Learning that Nirsoft releases Windows Update History Viewer, of course I had to see it for myself. I was glad I did. In tabular form, for each update, it provides data under the following headings:

  • Title: Name of the update (same as what shows up in the Microsoft Update Catalog, where applicable)
  • Description: Text info from the KB article blurb describing the update
  • Install date: Date and time the update hit your system
  • Update operation: Usually install, this describes what operation WU ran using the update (uninstall is also an option and will be reported as such)
  • Operation Result: One of Succeeded (green button at far left); Failed (red button at far left); or Aborted (yellow button at far left)
  • Information URL: KB article URL
  • Support URL: Support note for update, when available; otherwise, links to http://support.
  • Uninstall notes: Instructions describing how to uninstall the update
  • Client Application ID: Name of process that initiated the update, usually one of UpdateOrchestrator (WU), Update, Scan for Updates (manual update initiated by user), or Windows Defender (AV update)
  • Service ID: GUID for service that handled the update process
  • Update ID: GUID for update object applied
  • Revision number: update revision number, where applicable
  • Unmapped result code: result code reported if an update fails or aborts (10 digit numeric code)
  • hResult:  error code reported if an update fails or aborts (8 digit hex code, often of the form 0x8024dddd which maps into the class of Windows Update errors)

Alas, the tool is too big (it covers the width of almost 2 27″ monitors if I show all fields fully expanded. Here’s a screen cap that shows fields I believe to be most likely of interest expanded, and those not compresssed. It’s still pretty darn huge (click the image to see a full-sized — and intelligible — view, please).

Nirsoft Releases Windows Update History Viewer

Note the traffic light status indicators at left (RGY), name, date and status info. All good stuff!
[Click image for readable view.]

That’s a whole lot more than you get from the built-in Update History output which tells you:

  • Title
  • KB number
  • Number of attempts (in parentheses)
  • Date
  • Installation status (Successfully installed or failed)

Because Nirsoft Releases Windows Update History Viewer, You Should Grab It NOW

I find Nirsoft tools to be pretty valuable in general. Invaluable even, in some cases. If you need to research updates you’ll find this useful in your admin toolbox. It doesn’t have to be installed, so you can carry it with you on a USB key or portable drive, or run it from cloud storage of some kind. Definitely helpful.

November 8, 2019  5:52 PM

Debugging Win10 Explorer Crashes

Ed Tittel Ed Tittel Profile: Ed Tittel
explorer.exe error, File Explorer, Troubleshooting

Checked Reliability Monitor today, and was surprised to see Explorer.exe threw off 4 crashes in the last few days. Debugging Explorer crashes is an interesting exercise. All of these originate from BEX64, which points to another program hooked into File Explorer. You can learn a lot from reading this TenForums thread: Intermittent BEX64 Explorer.exe crash. Here’s what I saw in Reliability Monitor (summary left, details right).

Debugging Win10 Explorer Crashes.screens

All 4 crashes list BEX64 as the Event name, though some have differing Fault Module Name sources.
[Click image for full-sized view.]

Debugging Win10 Explorer Crashes Is Both Art and Science

My tool of choice for troubleshooting BEX64 Explorer crashes is Nir Sofer’s Shell Extension Viewer. He calls it ShellExView, but its executable is shexview.exe. Blissfully unaware, it took me a while to find it in NirLauncher. Because the error hit on and after November 2, I sorted Shell Extensions chronologically. Thus, I could see what was installed that day. Interestingly, only Microsoft elements fall under that rubric, thanks to what looks like a Windows Office update that day. I see extensions for OneNote, Access, Excel, PowerPoint, Visio and Word. This is weird, because MS extensions seldom, if ever, cause problems. It’s usually third-party stuff that sends Explorer off the rails.

Scanning a bit further down the list I see the latest PowerToy: PowerRename‘s Shell Extension. Then it hits me: I remember clicking the PowerToys icon a few times after the tool came out, not understanding that this shell extension works only from inside File Explorer. I ran it from the desktop without thinking, before I did my homework right around the time of those crashes. I’m pretty sure this was what caused the problem. Worse, it is definitely a self-inflicted wound. MS did nothing to cause it because “operator error” is behind those actions.

I have to laugh, and at myself. But “double-click it and see what happens” remains an experimental strategy I’m unlikely to retire from the Windows desktop. So I’ll just take my lumps and keep on going. Hopefully, those of you who’ve grabbed this latest PowerToy can learn from my mistake. If you look for the PowerRename item in the right-click menu inside File Explorer for file or folder items, you can check it out as it was meant to be used. Sigh.

Debugging Win10 Explorer Crashes.PowerRename

November 6, 2019  11:00 AM

Build 19018 Kills Disk Cleanup Downloads Item

Ed Tittel Ed Tittel Profile: Ed Tittel
Disk cleanup, disk management, Microsoft downloads

Here’s an interesting tidbit of Windows 10 administrivia. Starting with Build 19018 — the latest Fast Insider Preview released November 5 — the Disk Cleanup utility no longer includes Downloads among its selectable items. That’s right: Build 19018 kills Disk Cleanup Downloads item. Here’s visual proof, with a screen cap of the utility from Build 18362.449 at left, and from Build 19018.1 at right. I set up the screen caps to put the preceding item — Device driver packages — at the head of the pick list in each capture. If you look closely at left, Downloads follows Device driver packages. At right, Language Resource Files follows that same item instead. Net result: Downloads is gone.

Build 19018 Kills Disk Cleanup Downloads Item.old-v-new

Now you see Downloads (left), now you don’t (right). Very interesting!
[Click image for full-sized view.]

What Build 19018 Kills Disk Cleanup Downloads Item Really Means

In two words: not much. For one, thing you can still access the Downloads item through Settings → Storage → Configure Storage Sense → set the “Delete files in my Downloads folder” to something other than “Never.” For another, you can always manage the contents of Downloads through Explorer yourself manually. For a third, you could turn to the GitHub Comet project and use Managed Disk Cleanup (mdiskclean.exe) instead. It still includes the Downloads item. For a fourth, Microsoft has itself stated that “The Disk Cleanup experience (“cleanmgr.exe”) is being deprecated,” though they are “…retaining the Disk Cleanup tool for compatibility reasons.”

Makes the whole thing kind of like rearranging deck chairs on the Titanic, eh? But gosh, it sure is interesting to see how the elements of the Windows 10 UI and its utilities continue to change and evolve. At least, it is to me. Enjoy!

November 4, 2019  1:12 PM

RAW Win10 Disk Report Thankfully Transitory

Ed Tittel Ed Tittel Profile: Ed Tittel

OK, then. I was working along merrily yesterday cleaning up my office to get ready for another week’s work. Looking at my Downloads and Documents folders, I saw items as far back as August. Normally, I sweep out these folders every 30-60 days. Given that yesterday was November 3, August 1 was 94 days ago. Thus, it was highest time to make my sweep. I keep an “Archives” folder on my G: drive for just that purpose, with both named sub-folders inside. Normally, I highlight the chunk of stuff I want to move, right-click and select “Cut,” navigate to the target Archives folder, then right-click and select “Paste.” It works nearly every time. But yesterday when I tried that I got a very scary response from Explorer that the target was inaccessible (see below for what chkdsk told me when I started investigating). The RAW Win10 Disk Report, thankfully, turned out be purely transitory. A quick restart, and all my drives reported properly in DISKPART. In the meantime, I was seriously concerned!

RAW Win10 Disk Report.chkdsk

This is information that nobody running Windows wants to see for any drive on which they store data of value or use. Ouch!

With a RAW Win10 Disk Report, Don’t Panic!

The tendency when seeing something like  the foregoing is to jump immediately into repair mode. Sure, I could’ve jumped into DISKPART and used the command
to try to force the drive back into the right file organization. As I tried to access another Archive on the J: drive, the same thing happened again. And when I couldn’t find either drive in Disk Management or Minitool Power Data Recovery (even though they showed up in Diskpart “List vol”), I decided to try a reboot first to see if the problem persisted or not. I’m deliriously happy to report that whatever bug bit my storage subsystems and the file systems it handles, it disappeared. Nor did I find any error reports in Reliability Monitor, either. And a complete chkdsk investigation into all drives showed nothing amiss. Here’s what DISKPART says about my production PC drives right now, in fact:

RAW Win10 Disk Report.diskpart

The basic take-away from this DISKPART “list vol” output is “Nothing to see here.” What a relief!
[Click image for full-sized view.]

Should Murphy Strike with a Real RAW Win10 Disk Report, Then What?

If an initial report of a RAW disk persists through a reboot, the problem is real rather than transitory. Numerous repair operations are possible. Data loss may be inevitable on an affected drive, unless (a) those repairs succeed or (b) you have a recent backup from which to restore drive contents. There are lots of file recovery tools out there. I’ve personally used Piriform Recuva (free) and MiniTool Power Data Recovery ($$$) to good effect in recovering from file and or partition loss (a RAW report is most likely some kind of partitioning or disk organization problem). There’s a September story on TechRadar entitled “Best free file recovery software of 2019…” that’s probably worth looking into. Ditto for the October 2019 Lifewire story “20 Best Free Data Recovery Software Tools.”

If none of these repair tools does the trick, you may have to pony up big bucks (fees of US$200 and up are not uncommon) for a commercial data recovery service to try and get what it can from your drive. Otherwise, you’ll have to walk away from that data. Moral of the story: always good to have a some-what current backup around. I backup my production PC’s OS and data drive daily, and back up all other drives monthly, with both local copies and into the cloud. It’s the only way to be sure drive failure — and even persistent Windows weirdness sometimes — doesn’t render that data forever lost and inaccessible.

November 1, 2019  12:55 PM

Recycle Bin Explorer Use

Ed Tittel Ed Tittel Profile: Ed Tittel
File Explorer, Recycle Bin, tips and tricks

It’s safe to say that there’s more to Windows 10 than any single user can know. I keep learning new stuff all the time. Case in point: Recycle Bin Explorer use. Until yesterday, I didn’t know that typing “Recycle Bin” into the Explorer’s address bar opens that built-in folder. At the same time it also brings up access to a set of Recycle Bin Tools. Here’s a screen cap of what you’d see in your explorer if you (a) typed “Recycle Bin” into the address bar, and (b) clicked on the Recycle Bin Tools ribbon entry. It’s highlighted in the following screenshot, in fact:

Recycle Bin Explorer Use.RBTools

This technique displays the Recycle Bin’s contents, and shows available Explorer tools for working on same.
[Click image for full-sized view.]

What Does Recycle Bin Explorer Use Buy You?

It’s an easy way to see what’s inside the recycle bin. You will typically see ordinary files, like the ones shows above (cleaned out of Downloads on that test machine). You may also see objects that use Windows Security Identifiers (SIDs) as part of their names. (Learn more about SIDs in this Window Support article: Well-known security identifiers in Windows operating systems.) Account-based SIDs usually start with the string “S-1-5-21-nnnnnnnnnn …” (where n is a digit from 0 through 9). This happens from time to time and indicates deletion of certain system objects or items through various OS facilities (such as disk defragementation).

The tools can be helpful, particularly those related to restoring accidentally deleted files. “Restore all items” puts everything in the Recycle Bin back where it came from. To use “Restore selected items,”  you must first select the items you wish to restore, then click that tool (otherwise, it won’t do anything). Both can be handy when things that you really wish to keep make their way  into the Recycle Bin. Also, if you mount a backup (using something like Macrium’s viboot facility), you can use these tools on a backed-up version of the recycle bin as well.

Getting into Recycle Bin in Explorer Many Ways

Me personally, I tend to rely on third-party tools like CCleaner or UnCleaner to take care of the recycle bin for me. That’s probably why I never learned this stuff before. But who knows? It could come in handy some day. But as far as I can determine the easiest way to access this beast is to type Recycle Bin into the address bar to call it up in Explorer (see below). There are numerous other ways to get there, as shown in this Password Recovery article “7 Ways to Open Recycle Bin in Windows 10.” If you don’t like my approach, check out that article and pick a different way you like better. It’s not like there aren’t lots of other options — at least 6 of them, in fact!

My preferred method for accessing Recycle Bin in Explorer involves typing “Rec” in the address bar, as shown here

October 30, 2019  11:29 AM

Autopilot Gets Oct 22 False Alarm Update

Ed Tittel Ed Tittel Profile: Ed Tittel

As the upcoming release of 1909/19H2 draws ever nearer, Windows updates come with increased frequency. Occasionally, something unintended may slip through the net. I’d wondered why an Autopilot update showed up on my production PC (KB4523786). But an article I saw in Windows Latest this morning, cleared things up. I now understand that on many PCs, Autopilot gets Oct 22 false alarm update. A Microsoft tweet addresses this, but limits the mistake to Windows Home users. That leaves me wondering why I see this on a Windows Enterprise based PC:
Autopilot Gets Oct 22 False Alarm Update.history

It’s hard to update Autopilot when it’s not installed on your PC in the first place (bottom item). I imagine that’s why that update failed.
[Click image for full-sized view.]

Wondering Why Autopilot Gets Oct 22 False Alarm Update

The aforementioned WL story Microsoft pushes and pulls wrong Windows 10 update explains the occurrence as an accident. It also references a tweet from the Intune Support Team. It asserts that the Autopilot update “was incorrectly offered to customers running Windows Home edition during a regularly scheduled Windows update scan.” Alas, the scope of the mistake seems to have reached further than that. I don’t see any evidence of this on Windows 10 Pro machines running 1903. Nor the Release Preview, Slow or Fast Ring releases for 20H1 through the lens of the other 8 PCs here at Chez Tittel. But it did hit at least one Enterprise machine — namely, the one I run on my desktop. (For the curious, it’s an MSDN/Visual Studio Subscription license).

MS has since stopped distribution of this update. So if it’s not already in your update history you won’t see it, period — that is, unless you actually USE Autopilot in your environment. And in that case, of course, the update should be there, successfully applied. One wit opined about this mistaken item “…for once, there’s an update that actually doesn’t break Windows.” I had to laugh when I saw that, while also reflecting on its somber truth. Reminds me of that old saying “Advice, like alcohol, only affects you if you swallow it.” And so it goes, here in Windows-World.

October 28, 2019  1:12 PM

More Odd USB-C Symptoms

Ed Tittel Ed Tittel Profile: Ed Tittel
Troubleshooting, usb storage device, USB-C

Call me hard-headed, or perhaps stupid and irresponsible. I’ve kept using a Sabrent NVMe enclosure with Samsung 970 EVO 1 TB SSD on my Lenovo X380 Yoga. This, despite an error message indicating that it draws more voltage from the USB-C port than the port can provide. (See my October 21 post Multiple ISO Mount Strategies Prove Helpful for more details.) As you might expect, I have been reaping the not-so-happy results of such activity. It has taken the form of more odd USB-C Symptoms on that machine. I’m talking about regular and frequent dwm.exe crashes (the Windows desktop windows manager). Take a look at this Reliability Monitor snapshot:

More Odd USB-C Symptoms.relimon

All of the critical events shown represent APPCRASH for dwm.exe, 36 total. Happens only when a USB-C/Thunderbolt attached NVMe SSD is present.
[Click image for full-sized view.]

Trial-and-Erroring Diagnosis for More Odd USB-C Symptoms

I noticed this behavior while leaving an RDP session open on the X380 Yoga laptop. After about an hour, the connection would fail, and I’d find exactly 9 repeated instances of wdm.appcrash at the same time. Remembering the error message, I’d observed and reported in the afore-cited Mount Strategies post, I unplugged the USB-C SSD. Since that time, the error has not recurred. I can also leave RDP up and running into my desktop overnight without issue, either. It’s weird that this would manifest as a desktop window management issue in Windows 10, but the relationship between having the device plugged in and causing the error is too strong to overlook.

Of course, the old troubleshooting (and data science) saying goes “Correlation is not causation.” Now that I’ve unplugged the USB-C NVMe device, I’ll still keep watching that test machine to see if more odd USB-C symptoms recur anyway. So far, it’s been less than 24 hours since I unplugged the device. It may be too early to tell, but I am encouraged that the dwm.exe crashes have not recurred since, despite numerous — and some extended (4 hours or more) — RDP sessions into the test machine. We’ll see if this stacks up to something . . . or perhaps nothing.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: