Windows Enterprise Desktop

January 17, 2020  3:45 PM

Self-Inflicted Spurious $SysReset Folder

Ed Tittel Ed Tittel Profile: Ed Tittel
Disk cleanup, Reset issues, Windows 10, Windows management

Ah, the many wrinkles of Windows 10. I just learned about one (wrinkle, that is) that users can foist upon themselves. Occasionally, I run the Settings → Update & Security → Recovery → Reset this PC → Get Started button, to see if a cloud-based reset option appears. Most of the time the resulting Window does NOT show such an option, at least on my PCs. But you must click the “Cancel” button that appears at the lower right of the “Reset this PC” window (see below) to get out of the reset process. This leaves certain leftovers behind, including the self-inflicted spurious $SysReset folder in the title of this blog post.

Self-Inflicted Spurious $SysReset Folder.reset-window

If you open this windows, you must either reset your system or click “Cancel” at lower right. When I’m just checking things, that’s the only option I really want.
[Click image for full-sized view.]

How I Know It’s a Self-Inflicted Spurious $SysReset Folder

After canceling a reset, I then examined the contents of the $SysReset\Logs folder named setupact.log. I checked its interior timestamps, to prove to myself that the $SysReset folder can result from an aborted reset operation. On one of my test machines, with no such folder present, I ran the described operation (open Reset this PC window, cancel operation). Bingo! The $SysReset folder appears thereafter, with corroborating timestamps to show it happened recently. Here’s the stuff (from the very tail end of that logfile):

2020-01-17 14:25:46, Info     OnlineUI: User cancelled reset
2020-01-17 14:25:46, Info     ResetNotifyCancel: User canceled on page [OnlineResetTypeSelection]
2020-01-17 14:25:47, Info     OnlineUI: Releasing reset session
2020-01-17 14:25:47, Info     ResetReleaseSession: Releasing session

It’s 2:31 PM as I write this text, so 14:25 was six minutes ago. Proof enough for me, anyway.

More About $SysReset

It’s eminently safe to delete the folder and its contents, once a reset operation has been cancelled. If one persists after a reset operation has concluded successfully — it shouldn’t — it’s safe to delete that, too. Back in 2017, I wrote about $SysReset for this same blog. That post was entitled Bid $SysReset Goodbye in Win10. In that post, I asserted that “This folder bears often bears testimony to a failed reset or refresh operation in Windows versions from 8.0 forward.” This is true, but I didn’t realize at the time that canceling a Windows Reset counts, too, where leaving this folder behind is concerned. Now I’ve learned (and demonstrated) that this happens each and every time you decide to cancel the Reset operation. Consider this blog post fair warning, then, that such cancellations also require cleanups. Delete that leftover $SysReset at your convenience.

[Note added 25 minutes later]

Following my own advice, I just attempted to delete $SysReset on the test machine that hosted my experiment. Windows refused to do so, saying the file was in use in another application. My best guess is the Reset process hangs onto $SysReset files and folders until the next reboot. I was able to delete it on another machine (on which I hadn’t run the experiment recently) without issue. My guess got some validation when I rebooted the test machine, and was then able to delete $SysReset without further issue (though I did have to grant admin permission to complete the operation). Thus, you’ll either want to use a forced deletion tool (like Unlocker) or wait until after your next reboot, if you conduct the experiment, too.

January 15, 2020  9:32 AM

Odd KB4528760 Error 0X80073712 Gets Easy Fix

Ed Tittel Ed Tittel Profile: Ed Tittel
Troubleshooting, Windows 10, Windows Update, Windows Update Management

Yesterday was Patch Tuesday, so I had updates arrive for a slew of PCs running 1909 (6 in all). One of them failed to install for KB4528760: the aging Lenovo T520 laptop. “Uh oh,” I thought, “does this mean full-blown WU troubleshooting is needed?” Not really. It turns out the error code means “a file needed by Windows Update is damaged or missing.” Microsoft Answers lays it out, and presents a repair strategy for 0x80073712. It’s based on DISM image repair, and is no big deal. My Update History from that PC tells a kinder, gentler story: the KB4528760 error 0X80073712 gets easy fix.

KB4528760 Error 0X80073712 Gets Easy Fix.update-history

The red arrow (lower) points to the initial failed attempt; the green arrow (upper) shows it worked on a second try.
[Click image for full-sized view.]

How KB4528760 Error 0X80073712 Gets Easy Fix

The .NET CU (KB4532938) and the month’s MSRT (Malicious Software Removal Tool) installed correctly on the first try, though. So I restarted that PC, then ran WU again. “What the heck,” I mused. “Let’s try it again and see what happens.” To my surprise and delight, KB4528760 installed correctly on a second try. No hiccups, no missing files reported. Another restart completed successfully, too. This sequence of events produced the Update History shown in the preceding screencap.

I can only speculate that some kind of wireless communication glitch occurred while the T520 downloaded KB4528760 itself. Obviously, no other Windows files were damaged or missing, or that error would have persisted. The old saying “If at first you don’t succeed, try again” turned out to be just what the doctor ordered for this temporary gotcha. I only wish all my Windows problems — or perhaps even just all my WU problems — were this easy to fix. Sometimes, you get lucky here in Windows World. This must have been one of those times. FWIW, I’m glad.

January 13, 2020  3:20 PM

Microsoft Changes WU Driver Inclusion Rules

Ed Tittel Ed Tittel Profile: Ed Tittel
Device drivers, Windows Update Management, Windows Updates

I got wind of a new “Driver Shiproom Schedule for 2020” this morning, first from Liam Tung at ZDNet. Unfortunately, by the time I got to the Microsoft source link, it no longer worked. Nor did any amount of creative searching produce that info. Luckily for me, I found a copy of this elusive document at, where the always-vigilant and eagle-eyed Shawn Brink posted a cut-n-paste copy this morning. (Just for the record, he references the same now-dead link that Liam Tung also did.) By now you’re probably ready for some info, instead of the backstory. Please keep reading so you can understand how Microsoft changes WU driver inclusion rules.

Microsoft Changes WU Driver Inclusion Rules.shiproom2020

MS controls the time window around updates to keep driver issues from scotching successful CUs and Feature Updates.
[Click image for full-sized view.]

If Microsoft Changes WU Driver Inclusion Rules, What Gives?

In MS release jargon, the “Driver Shiproom” states the times when drivers may be included in Windows Updates, and when they may be included. This image from the Microsoft Tech Community, from Kevin Tremblay, Senior Program Manager for Windows OneCore and Device Enablement, shows what that looked like for 2019:

The 2019 Driver Shiproom Schedule shows blackout dates in colored blocks. Only open, white dates are eligible for driver delivery to MS.
[Click image for full-sized view.]

The equivalent schedule and related commentary for 2020 is apparently what came up and then disappeared earlier this morning. Enough people managed to see it that I can still recap its most important elements anyway:

  1. Neither Patch Tuesday nor Feature Updates will include drivers still in need of approval. This means flighted  and optional drivers.  Flighted drivers are those marked Automatic = Critical Update (DU), Dynamic Update (DU), or both (CUDU). Optional drivers must always obtain  Shiproom approval from Microsoft.
  2. This decision arises from 2019 updates with problem drivers. These caused devices to go missing, device drivers to crash, security issues, connectivity losses, or updates to hang or fail. In addition, MS partners can request Microsoft to block device updates with known compatibility issues. This means driver updates don’t show up in WU until the block clears. Tung provides this quote from the document “Recently when a driver update is released alongside OS updates, it has resulted in a poor experience and significantly impacted end users.”
  3. Partners can request a temporary Windows Update offer block from 30 to 60 days to prevent WU from offering feature updates or CUs to devices with known incompatibilities.
  4. By examining the blackout dates on the preceding Shiproom Schedule for 2019 you can also see that MS doesn’t allow new drivers to release on weekends, around holidays, and during other scheduled update activities. This helps ensure that MS workers are around to field questions and address issues if and when they should arise.

Driver Blocks Can Be Good…

“Good on them!” is my response to this change in policy.  It’s too bad things had to go seriously sideways last year to bring about such a change, but it’s all to the good. Hopefully, we’ll get a chance to see the Shiproom Schedule for 2020 and its supporting documentation again. Sometime soon would be better than sometime later on. But only time will tell!

January 10, 2020  10:36 AM

Notepad RTL Reading Order Gotcha Has Easy Fix

Ed Tittel Ed Tittel Profile: Ed Tittel
Notepad, text editor

Notepad is one of those built-in Windows applications that seldom requires much thought or attention. It’s been around since the earliest days of Windows. (I remember it from the 3.0/3.1 days, which is when my Windows exposure began in earnest, circa 1990-1992.) Last night, I ran into something using Notepad I’d never seen before. It left me momentarily stumped: text appeared right-justified, but new text entry still went left-to-right. A quick Google search on “Windows 10 notepad opens with text at right” showed me that a built-in setting had somehow been changed. Notepad supports both left-to-right and right-to-left text alignment. A quick hop to an MS Community post entitled “Text Alignment in Notepad” also provided the fix. It’s a right-click menu option, which lets me say Notepad RTL reading order gotcha has easy fix.

Notepad RTL Reading Order Gotcha Has Easy Fix.screencap

Notice the right-click menu item “Right to left reading order” is checked. Uncheck this item, and all goes back to left-to-right normal.
[Click image for full-sized view.]

If Notepad RTL Reading Order Gotcha Has Easy Fix, What Is It?

Somehow, the normal left-to-right (LTR) text alignment in Notepad got reset to right-to-left (RTL). Simply unchecking the corresponding right-click item set things back to rights, so to speak. I was initially flummoxed when I saw this, because I’d never run into it before. Thus, I had no idea what was going on. But, as usual when Windows gets weird, a quick Google search showed me the way back to what’s normal for English (LTR). I’m sure users in other languages that run RTL will also benefit from this insight, though it will work for them in reverse.

I’m amazed that I ran into this for the first time nearly 30 years after my initial exposure to Windows. But it’s a big and wonderful world unto itself. And obviously, this won’t be the last such revelation for me (and my readers) as our Windows adventures continue. Cheers!

January 8, 2020  3:25 PM

NirSoft DriveLetterView Shows Assigned Win10 Drive Letters

Ed Tittel Ed Tittel Profile: Ed Tittel
Disk drive, disk management, Windows 10

This morning, as I was reading through new or changed posts at, I saw mention of another great Nir Sofer tool. This one’s called DriveLetterView. That is, NirSoft DriveLetterView shows assigned Win10 drive letters. This applies to letters for drives actively mounted and accessible on a Win10 system right now. It also applies to letters assigned to drives previously mounted but neither present nor active. That status (Connected = “No”) usually applies to USB drives of some kind, often UFDs (USB Flash Drives). Here’s what the program’s output looks like on my production PC. It currently shows 10 (ten!) connected drives, and 5 disconnected ones.

NirSoft DriveLetterView Shows Assigned Win10 Drive Letters.prodPC

I sorted the listings on the “Connected” column, so you see all ten connected drives at the top of the listing.
[Click image for full-sized view.]

What NirSoft DriveLetterView Shows Assigned Win10 Drive Letters Really Tells You

The disconnected drives appear with a question mark (?) at the upper right of their drive icons. If you look at their “Instance ID” fields, some are blank and some are occupied. The blank ones usually correspond to UFD drives, while the non-blank ones represent specific peripherals. The item for the A: drive clearly shows a floppy disk assignment: “USBSTOR\SFloppy…” The one that starts with “SCSI/CdRom…” shows that I attached my USB Blu-ray/DVD/CD player to this PC some time ago (P:). The item that starts with “USBSTOR…USB_DISK_3.0” is for one of my USB 3.0 SSD drive enclosures or caddies (Q:).

To check this assertion, I plugged in a UFD. Immediately the listing for Drive M changed to connected. The Instance ID string now reads
That tells me it recognizes the 16GB Mushkin Atom UFD I just plugged in. Good-oh!

What DriveLetterView Is Good For

I like this tool because it shows me which drive letters are occupied. I can also click on any drive letter, then click the red X delete symbol in the toolbar at top left, and delete that drive letter assignment. This makes it suitable for cleaning up after UFDs or removable drives I may no longer have or use. But the program is also pretty informative in and of itself. It provides device IDs normally accessible only through Device Manager, along with all kinds of other descriptive drive info. Check it out! I predict you’ll like — and use — it.

January 6, 2020  3:48 PM

NirSoft ShellExView Pinpoints Explorer Context Menu Problems

Ed Tittel Ed Tittel Profile: Ed Tittel
Context menu, explorer.exe error, Internet Explorer error messages, Troubleshooting, Windows 10

OK then, I got back from 8 days in the Washington, DC, area on Saturday (January 5). Upon inspecting my production PC I was stunned to see a series of 17 BEX64/CompatTelRunner.exe application faults. Normally, when I leave the machine alone, it runs at a steady “10” Reliability Index. That’s because I’m not messing around with things constantly, as is my usual practice when working on that PC. I wrote a post here on November 8 about this very kind of thing. It’s entitled “Debugging Win10 Explorer Crashes,” and prescribes looking at the most recently installed context menu items to identify the culprit. NirSoft ShellExView pinpoints Explorer context menu problems quite nicely. Here’s what the program showed me about recent shell extension items.

NirSoft ShellExView Pinpoints Explorer Context Menu

Of the four newest items only one says “Context menu.” Seems pretty obvious, eh?
[Click image for full-sized view.]

When NirSoft ShellExView Pinpoints Explorer Context Menu Problems, Then What?

Troubleshooting Context Menu shell extensions can be difficult when there are lots of potential culprits to deal with. In such cases, one must disable them one at a time, and see which one makes the crashing stop. In this particular case, fortune smiled upon me. There was only one Context Menu item in the batch of new items (all dated Christmas Eve, ironically enough). And indeed, disabling that shell extension seems to have stopped the crashing. My Reliability Index has been steadily climbing since late in the evening of December 4, when my “WTF” moment immediately led to disabling the otherwise excellent 8GadgetPack’s Content Menu extension as shown above.

Windows 10 has its foibles, to be sure. Sometimes, fixing them can be an ordeal. This time, luck prevailed and it was a snap! May it be likewise for you, so you can do as I did with the same good effects.

December 26, 2019  11:06 AM

2004 Gets New Network Status

Ed Tittel Ed Tittel Profile: Ed Tittel
Control panel, Network Adapters, Settings, Windows 10

In reading Windows 10-related news, I found a nice summary of new features for Windows 10 2004 at BleepingComputer. Amidst that summary, I was reminded that Network Status now shows multiple networks. (Settings → Network & Internet → Status) That said, on laptops with both wireless and wired Ethernet, plug in the wired connection so it shows up. Thus as 2004 gets new Network Status, you must understand its workings to get the most of its capabilities. Here’s what it looks like, on my Fast Ring Lenovo X380 Yoga:

2004 Gets New Network Status.settings

You won’t see the (wired) Ethernet item unless that interface is active. But when it is, you see both.

If 2004 Gets New Network Status, What Does That Bring?

Beyond showing both interfaces (under the right circumstances), Network Status shows data consumption over the last 30 days. Click the Properties button to access network profile, metered connection, and IP settings info. It also summarizes key adapter properties (see below) . The Data Usage button provides a breakdown by application. It brings the ability to set a data limit on a per-interface basis.

2004 Gets New Network Status.eth-props

A decent summary of Ethernet characteristics for the Lenovo’s built-in I219-LM module, including driver version and important IPv4/v6 addresses.

In general, the Settings sub-windows continue to usurp what has formerly been the sole responsibility of the Control Panel widgets (in this case, Network and Sharing Center, and its subsidiaries). I expect we’ll continue to see this kind of evolution with new Windows 10 major versions, as Settings gradually provides visibility into all of Control Panel’s capabilities.

December 24, 2019  12:09 PM

Missing Secunia PSI

Ed Tittel Ed Tittel Profile: Ed Tittel
software updates, Windows 10, Windows Update Management

In the period from 2010 to 2016, I blogged about a product named Secunia PSI no less than 28 times. PSI used to be (but is no longer) a PC application that would scan all the third-party software on your PC, check release info, and update everything it could. It did so automatically, and the software was free. It worked like a champ, too. But it was withdrawn from the market by its new owners (Flexera) in mid-to-late 2016. I’ve been missing Secunia PSI ever since.

Back in the day, I kept Secunia PSI updated regularly and used it at least weekly.

Why Am I Missing Secunia PSI?

There are two answers to this question. The first shorter answer is because I learned to lean on it, and depended on its help to keep my systems up-to-date. The second longer answer is that I’ve simply been unable to find a worthwhile replacement. That said, I’ve had decent results with two programs. Both come in free versions. First and best (but most limited) is ITarian Patch My PC Updater. It does pretty much what Secunia PSI did, but it covers only 300 Apps, of which I use less than 50.  Second and more informative but less capable is KC Softwares Software Update Monitor (aka SUMo). On my production PC it finds 76 products, of which 25 still need updates. I used Patch My PC Updater (PMPU) because it is so much less work to use than SUMo is.

Let me explain. In PMPU, there’s a button that says “Update all apps.” You push that button, and it goes off to update everything it finds that needs it. In SUMo, there’s a list of all apps, from which you must pick those that need updates one at a time. This takes you to the maker’s website (or to MajorGeeks and a few other reputable alternatives). Then you must download the update file, run the installer, and work through installation on your own. Also, I disagree with some of SUMo’s findings, which include the Intel ProSet software and some motherboard utilities. The program says they need updates, but Intel and the board maker says they’re fine. When in such contention, I follow the path of least resistance and do nothing!

Causes for Nostalgia

So while the two programs are good, and cover my systems reasonably well, PMPU is not comprehensive enough, and SUMo is too much work to use quickly and easily. And that, dear readers, is why I am still missing Secunia PSI, gone now for nearly four years. Sigh.

December 23, 2019  12:20 PM

Windows 10 2004 Gets View Optional Updates

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, Windows Update, Windows Update Management

MS continues to refine its update download options. Starting with Build 19536, Insiders on the Fast Ring have a new Windows Update download option. That is, Windows 10 2004 gets “view optional updates” as a selectable link in Settings → Update & Security → Windows Update. Here’s what that looks like on my Lenovo X220 Tablet (which fortunately needed some USB driver updates, as you’ll see):

Windows 10 2004 Gets View Optional Updates.offer

Note the blue text at the bottom of this snippet. It reads “View optional updates.” When it appears, you can click it to see what’s available, optionally.

When Windows 10 2004 Gets View Optional Updates, Then What?

If may click the link that reads “View optional updates.” If you do, a list of one or more available items appears on an “Optional Updates” Setting page.

Here’s what just showed up on my Lenovo X220 Tablet, with the Driver Update category expanded. As you can see, I’ve got a couple of apparently identical USB drivers waiting for this PC. Apparently, a separate install is needed for each of the two built-in USB hubs on this machine. You must check the boxes to the left of any item, after which the “Download and install” button goes live. Then you can click it to start that process on its way.

Windows 10 2004 Gets View Optional Updates.list

Both of my USB hubs apparently need a “new” driver dated 2016!
[Click image for full-sized view.]

What Else Might Appear as an “Optional Update?”

According to the 19536 announcement, in addition to device drivers, optional updates can also include “feature updates, and monthly non-security quality updates” as well. The goal here, according to MS, is to bring all this kind of update information together “in one place.” The hope is to make such updates easier to see, manage, and control. It looks like the ire of many users of earlier Windows 10 versions about having updates forced upon them with no opportunity to decline or defer might finally be assuaged. Good stuff!

December 20, 2019  3:27 PM

Nirsoft USBLogView Monitors USB Events

Ed Tittel Ed Tittel Profile: Ed Tittel
Troubleshooting, usb not working, Windows 10

Nir Sofer strikes again! Nirsoft USBLogView monitors USB events on Windows, so you can see what’s happening on PCs when the USB mount and dismount tones are sounded. I have a Lenovo X380 Yoga laptop that keeps belling those tones repeatedly, so I wanted to figure out what caused this. Turns out these events don’t register with Reliability Monitor. Also, they’re difficult to catch inside Event Viewer. Of course, now that I’ve found this excellent tool, the errant laptop hasn’t acted up yet. So I’m leaving the tool running constantly, in hopes it will catch something when it (and if) it happens again.

Nirsoft USBLogView Monitors USB Events.x380

As I plug in and unplug a USB flash drive, USBLogView catches each action. It does likewise for all USB bus events.
[Click image for full-sized view.]

When Nirsoft USBLogView Monitors USB Events, What Does It See?

As you can see in the preceding screen capture, USBLogView catches plug and unplug events. On another X380, it sees my dual-drive dock as a USB Attached SCSI (UAS) Mass Storage Device. Interestingly, though, when I plug in a USB-C/Thunderbolt hub, it does not see USB devices attached via that device. It does, however, see the hub itself as a USB Root Hub (USB 3.0). And, as soon as that hub is connected, it automatically gets disconnected one second later. I’m trying a powered USB-C/Thunderbolt hub next, and starting to believe there may be an issue with the USB-C/Thunderbolt port itself. But no: the powered USB-C/Thunderbolt port keeps on ticking.

And I learn something new: I have to grant explicit permission through the Thunderbolt app to allow this device chain to access the X380. When I do that, I can see the USB devices I plug into the Thunderbolt hub show up in USBLogView. Here, you see it all, courtesy of USBLogView:

Nirsoft USBLogView Monitors USB Events.x380.2

Here, you also see the unpowered hub fail to stay plugged in, then the powered hub goes in, and the Mushkin UFD gets unplugged from its USB 3.0 port into a similar port on the powered hub. Good stuff!
[Click image for full-sized view.]

Hopefully, the tool will help me diagnose my strange and still-mysterious USB issues sometime soon. Stay tuned!

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: