Windows Enterprise Desktop

January 21, 2013  4:55 PM

What Gets Lost When Using Win8 Refresh

Ed Tittel Ed Tittel Profile: Ed Tittel

I’ve frequently looked at and pondered the meaning of the following “warning display” that precedes the use of Windows 8’s much-vaunted “Refresh your PC” maneuver. Last week, I actually launched this tool to truly understand what it would do to a PC if put to work. Going through those motions illuminated this warning with some interesting and — at least, for me — unforeseen implications of what’s really involved in the kind of refresh that returns Windows 8 to “factory fresh” settings.

There are some interesting implications in the warning that may not be immediately apparent.

There are some interesting implications in the warning that may not be immediately apparent.

As it turns out the promised list of apps removed is quite illuminating. Too bad it comes only after you’ve committed to performing a refresh. I’d recommend that MS consider performing a preliminary scan, and report this information before actually doing the refresh, so as to permit potential users of the utility to better assess the impact on their Windows 8 PCs. A quick look at this list gives me the opportunity to explain where I’m going with this and one great big honkin major gotcha that lurks therein:

Take a close look at the Intel and Nvidia items in this list...

Take a close look at the Intel and Nvidia items in this list…

Indeed, I expected my applications to be gone when I restarted my PC after doing the refresh. The warning is quite clear in that regard. But I didn’t realize that because installing Windows drivers often occurs in the content of running some kind of install utility, that the same thing would happen to the bulk of the device drivers installed on that PC as well. According to a favorite driver maintenance tool I use regularly — namely, DriverAgent — I had zero drivers out of date before I ran PC refresh. After running the refresh, I found myself with 21 (out of 69 total) drivers out of date, with all the lovely headache and aggravation that comes along with running down, obtaining, and installing Windows drivers these days. It wasn’t terribly difficult, but it did take more than half a day for me to figure out how to get those drivers installed and working after I’d laid hands on the most recent versions of the files involved. Now, my number of out of date drivers is down to one (it’s for an Intel 82579LM Gigabit Network Connection network interface I’m not actually using on that motherboard; though I’ve found the most current driver, I haven’t yet figured out how to install it on this particular unused device — that is, I can install it, but the install doesn’t seem to “take”).

7Zip Comes to a Partial, but Much-Appreciated Rescue

Along the way, I also learned an extremely valuable driver update technique. Entirely by accident (I picked the wrong right-button menu entry when opening  a file) I discovered that 7Zip will open executable files and extract all their embedded contents where you tell it to put them. Because many driver updates come in installable packages (some of whose contents you may not want or be unable to install on your machine, as for example when seeking to apply a custom update for motherboard x against a completely different model y from a different manufacturer) this turns out to be a great way to grab the .inf, .cat, and .dll files that so often make up the actual drivers themselves, without having to work through an installer that might also want to load your machine down with unwanted management and supporting utilities along the way. The most extreme case of this comes from some Marvell disk controllers, which insist upon installing an outdated version of Apache server as part of their management infrastructure when run as-is. I don’t want or need that stuff (as I suspect many others also do not) but until I found this technique to get to the good stuff without also taking on (and then later manually deleting) unwanted elements, I never found an expeditious way to deal with this common driver issue. Even Legroom Software’s Universal Extractor (which has in the past proved incredibly useful in doing the same kind of thing) isn’t as quick or easy to use as 7Zip for this particular application. At the same time, 7Zip has shown itself able to unpack every .exe driver installer I’ve thrown at it, while Universal Extractor fails to do that job on about half of those same files nowadays.

The Real Value of the Windows 8 recimg Command

On December 7, 2012, I wrote a blog post here entitled “Create Your Own Refresh Image for Windows 8,” which explains how to use this command-line utility to capture a Windows image (.wim) file that the refresh command can later use as a “restore point” (or should that be “refresh point?”) in the future. I now understand that the real value of this approach is its ability to preserve all the drivers on a PC as well as the apps installed following system installation. One interesting side effect of my manual refresh of the system is that now that I’ve done this, the recimg command is working (I had been working under the impression that the EFI partition on its system disk was preventing recimg from working, but it’s running on that system as I write these words) to capture my cleaned-up image for me. Should I need to refresh my PC again in the future, I no longer have to go back to ground zero! Now, if I could only figure out what screwed up in my original install in the first place… Sigh. Windows!

January 18, 2013  4:53 PM

What to do about Java in Windows (and elsewhere)?

Ed Tittel Ed Tittel Profile: Ed Tittel
Header for the CERT/SEI vulnerability note on Java.

Header for the CERT/SEI vulnerability note on Java.

OK, by now everybody’s heard about the Department of Homeland Security’s Advisory (originally released on 1/10/2013, most recently updated yesterday, 1/17/2013). Here’s the meatiest part of that document’s recommendations:

Unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11. This will help mitigate other Java vulnerabilities that may be discovered in the future. [The advisory includes pointers to descriptions for how to disable Java in most major modern browsers, and there are plenty of other articles on the Web that explain how to do this for less popular ones, too.]

The guiding principle behind the DHS recommendation is risk avoidance — namely, that the only way to avoid future zero-day vulnerabilities in Java is to turn it off, since there appears to be no way to guarantee these can’t happen again. In fact, the very day after Oracle posted update version 11 (1/15/2013), a cybercrime forum posted a message that a new zero-day exploit kit for Java would be sold off to the two highest bidders at a starting price of $5K (source: InformationWeek Security). In fact, InformationWeek security maven Mathew J. Schwartz quite accurately labels Java an “attack magnet” in a recent story entitled “10 Facts: Secure Java For Business Use.” Among his recommendations that fall shy of what the DHS Advisory implores (“disable Java”), he mentions use of management tools like PolicyPak to restrict access to questionable or unauthorized Java code (and can even disable Java completely by policy, should that prove necessary). He also mentions use of white-listing tools such as NoScript for Firefox or Adblock Plus (for Chrome, Firefox, and Opera), both of which permit whitelisting of specific sites for active content while denying runtime access to all other active content.

No sooner released than it becomes subject to a zero-day attack of its own!

No sooner released than it becomes subject to a zero-day attack of its own!

My favorite among his recommendations is to maintain one browser to use for everyday surfing and Web access with Java disabled, and another, different browser to use only when accessing known good Java-based active content that must be used for legitimate business reasons. One would turn only to the Java-enable browser when circumstances compelled its use, and avoid using it otherwise. Schwartz also suggests that Oracle should patch faster, perhaps by devoting more resources to its upkeep and maintenance. The company’s planned two-year release cycle for Java, scheduled to begin with version 8 later in September, 2013, may or may not help to improve security. What would help, however, is to decouple the primary Java runtime environment from the Java browser extension, which means that end users often install and expose that extension to attack without even being aware of the exposure that creates, and the vulnerabilities to attack it presents. Schwartz quotes an expert from Stach & Liu as saying “Since so few websites legitimately use the Java browser extension, it is most prudent to disable it entirely” or perhaps to “only re-enable it for specific sites determined to be trustworthy.”

These days the rule of thumb for Java use seems to be “Use only when nothing else will work, and only when what’s used it known to be safe from potential vulnerability and attack.” Because it’s so hard to be sure, the DHS recommendation to disable first, and ask questions later, makes a depressing amount of sense. I still have to visit enough Java-based websites to write about them, that I’ve set up a special VM (snapshotted daily) where I keep a browser with Java enabled, and only work on that VM when I absolutely must use Java. If the worst happens, I can always toss an infected or exploited VM, and revert to the previous snapshot. It’s not completely foolproof or totally secure, but it does work, and it will protect my primary production runtime environment from attack and potential compromise.

January 16, 2013  8:15 PM

Windows Intune Gets Major Upgrade–Now Also Handles iOS and Android devices

Ed Tittel Ed Tittel Profile: Ed Tittel

Thanks to Mary Jo Foley’s ZDNet post from yesterday (“Microsoft goes public with its plan to manage Windows, iOS, and Android devices“) I found myself poking around on the MS Windows Intune pages this morning. As with much of the rest of Microsoft’s web presence, these pages are now built on HTML5 and CSS3, and carry a distinct flavor of the “Windows Store UI” (or what I call TIFKAM, short for “The Interface Formerly Known As Metro”).

Here’s a sample of some graphical elements from the Windows Intune page

The newly-upgraded offering works with Microsoft’s own Windows Intune cloud management service, with System Center 2012 Service Pack 1, and Windows Azure Services for Windows Server. This latter item supports what MS is calling a “Cloud OS” to provide “…a consistent platform across customer datacenters, service provider datacenters, and the Microsoft public cloud” (quote from MS press release entitled “Microsoft Advances the Cloud OS With New Management Solutions“). This latest release of the Windows Intune server when combined with SCCM 2012 SP1, permits IT organizations to “…crack the bring-your-own-device challenge.” According to Mary Jo Foley, the latest release provides capabilities for managing iOS (iPad, iPhone, and network-enabled iPods)  and Android (smartphones and tablets) devices, along with Windows PCs, tablets, and so forth (including Windows 8 RT tablets), and with certain Windows Phone devices as well.

This sounds pretty intriguing but also potentially troublesome and time-consuming. I’m going to grab hold of this technology and see how it works with my collection of iOS devices (we have 4 in the household right now: 2 iPhones, an one each iPad and iPod) and Windows desktop, notebook, and tablet PCs (8 of them, including 4 machines running Windows 8 [1 tablet, 1 desktop, 2 notebooks], and another 4 running Windows 7 [2 notebooks and 2 desktops]). If Intune can help me manage and control all of these machines it could be a huge boon, and might also portend well for businesses at all scales. Stay tuned!

January 14, 2013  5:54 PM

John Savill Offers Nifty Win8 Cheat Sheet

Ed Tittel Ed Tittel Profile: Ed Tittel

John Savill has been a player in the Windows world since the late 1990s, when his Windows NT FAQ became a go-to resource for IT professionals looking for Windows NT tips, tricks, and details that was both accurate and reliable. He’s continued to play a positive role in that world ever since, as a Microsoft MVP and a regular contributor to Windows publications and Websites of all kinds. These days, he works for Microsoft as a virtualization expert (his most recent book Microsoft Virtualization Secrets, provides lots of great info about Windows Server 2012, Hyper-V v3, and a panoply of uses for MS virtualization technologies). When he’s not busy doing his job, he’s still digging into new MS technologies, and building better tools to help ordinary users be productive. His Windows 8 Cheat Sheet for Keyboard and Touch compiled recently for Windows IT Pro, makes a great case in point:

Visit the original to grab the full-size version for printing and distribution.

Visit the original to grab the full-size version for printing and distribution.

Two weeks ago, my eight-year-old son begged me to update his Acer 5222 notebook from Windows 7 to Windows 8, so we performed the upgrade together. He dived right in, and has been surfing the web, playing games, and fooling around happily with the system ever since. I handed him a print-out of this cheat sheet yesterday, upon which he asked me “Why didn’t you give this to me sooner?” Fortunately, I had a good answer: the cheat sheet didn’t post until 1/13/2013 (yesterday), so I couldn’t have given it to him any sooner, even if I’d wanted to! This is a nice little helper that any Windows 8 newbie will find useful.

January 11, 2013  6:39 PM

MS Word Autosave/Autorecover Saves My Bacon, Gets My Kudos

Ed Tittel Ed Tittel Profile: Ed Tittel

As a writer, I spend what time I’m not reading and researching various technical subject matters writing about those same things. My tool of choice (or mandate, for most of the publishers for whom I work) is Microsoft Word. My current version of Word comes from MS Office Professional Plus 2010 and is designated Version: 14.0.6129.5000 (64-bit) in the Help/About display. A couple of days ago I was working on a story for Tom’s IT Pro and had put about 6 hours’ worth of work in without saving the file. Through some crazy accidental combination of right-hand keystrokes (I still can’t reconstruct exactly what they were) I got shown a Word Window with a single character at the lower right-hand side of the screen, and the rest of the page blank. This caused me to think I’d opened a new window by mistake, so I closed it. When I got a save dialog, I declined to save, thinking I would find my open work window underneath. Alas, I was sadly mistaken and quickly realized I’d saved nothing of my previous work.

The file menu provides several methods to recover unsaved documents.

The file menu provides several methods to recover unsaved documents.

Rather than give up and start over, I started poking into the Word Autosave and Autorecover features. By clicking File, then Recent, then clicking Recover Unsaved Files, I was able to find and restore my work file as of the most recent Autosave (which is set by default in Word 2010 at ten-minute intervals, so you never lose more than 10 minutes’ work — a much more palatable concept than losing 6 hours’ worth). Although I had never before been forced to learn this recovery technique, because it saved me more than half a day of what would otherwise have been wasted work, I’m delighted to share this tip with you, in case you too were unaware of its presence and capabilities.

Though the old saying is “If you build idiot-proof systems, only idiots will use them” I’m very glad that Microsoft took the steps necessary to protect me from my own idiocy in this particular case.

January 9, 2013  8:07 PM

Windows 8 Sales Top 60M Mark by 1/4/2013

Ed Tittel Ed Tittel Profile: Ed Tittel

Yesterday, Microsoft disclosed at CES that Windows 8 sales had hit 60 million in 10 weeks (70 days, which makes the benchmark date January 4, 2013) after its launch (source: NBC News Blog 1/8/2013). At roughly the same time in the Windows 7 sales cycle, Microsoft reported crossing 60 million at around 74 days out, saying further that this 60M number represented “more than have ever been sold in any other single quarter” (attributed to Bill Koefoed, MS GM of investor relations on 1/29/2010).

By my reckoning, this means that Windows 8 is selling roughly on par with Windows 7 after its release. Though pundits and analysts have been sounding notes of doom and gloom regularly on Windows 8 for the past year or longer, perhaps the new OS and its much-maligned touch-oriented interface is doing better than many had thought or hoped. Certainly, matching the Windows 7 sales track is nothing to sneeze at, especially since so many have speculated that Windows 8 could sell even better if more touch-enabled hardware were available to let it really do its thing best. If what we’re seeing at CES in Las  Vegas this week is any indication, OEMs and peripheral vendors are working overtime to deliver touch-friendly PCs, platforms, peripherals, and add-ons galore.

That said, some of these sales don’t yet translate into “Windows 8 running on user desktops” because many Windows licenses are sold to OEMs so they can install them on desktops, notebooks, tablets, and so forth. Microsoft gets to book their purchases as sales, even though those same OEMs might not yet have passed those licenses onto actual buyers at any given moment in time. Market research firm NPD also reported on 1/4/2013 that “…the new [Win8] operating system did little to boost holiday sales or improve the year-long Windows notebook sales decline…” but also that “sales of Windows notebooks under $500 fell by 16 percent while notebooks priced above $500 increased 4 percent.”

My gut feel is that the Windows 8 phenomenon has yet to hit its full stride, and that it will take until mid-year — with broader more affordable access to touch-enable Windows 8 tablets, ultrabooks, and notebooks — before the real shape, market share, and momentum of the Windows 8 market is more fully understood. Sales will continue, but I suspect they’ll remain flat or without much added slope until July or August. After that, it will be extremely interesting to see if the sales curve spikes sharply upward, or if it continues its current modest trajectory.

January 9, 2013  5:22 PM

Windows 8 hits 60 million ‘sold’

Stuart Johnston Profile: Stuart Johnston

Windows 8 hits 60 million ‘sold’

Sales of Windows 8 have now passed the 60 million mark in the two months since it officially launched, according to Microsoft. No matter how you slice it, that’s an impressive number – but it brings up all kinds of questions.

The company claimed four million licenses had been sold after its first weekend on sale. Then, after a month, those numbers jumped to 40 million licenses. Interestingly, by the time that Windows 7 had reached two months’ , it  also reached 60 million units.

This week during the Consumer Electronics Show, however, Microsoft released some metadata that providesclues about what those raw numbers may really mean. It’s unique, given that the company is famous for playing such numbers close to its chest. The numbers include “both upgrades and sales to OEMs for new devices.”

Likely, most of those licenses come from sales to OEMs for new devices. So how many of those 60 million units out there are still sitting on hard drives installed on PCs and laptops, waiting for people to buy them and take them home?

Upgrades at one time were a vital source of sales for new Windows versions, but over the decades, the market has shifted to where today many, if not most, users get an operating system upgrade by buying a new computer.

Additionally, not a large percentage of those 60 million licenses have begun to penetrate enterprises yet. “Twas the season” for consumer PC and device sales after all. Besides, corporate IT is historically slow to move to new operating systems — and even then, typically not without rigorous testing and subsequent deployment planning first.

However, after talking with a lot of IT professionals and hearing them say they’re not currently considering Windows 8, a number have added that they don’t know anyone else who’s doing more than dabbling, either.

It’s clear that Windows 8 still has a lot of inertia to overcome if it’s going to be as successful in the enterprise as Windows 7 has been. It’s different when the new version has to challenge the most popular operating system in history.

Microsoft may have more data to share on January 24 when it reports sales and earnings for its second fiscal quarter ended December 31. Perhaps by then the tea leaves will be clear.

January 7, 2013  4:43 PM

CES Offers Interesting Windows 8 Add-ons and Platforms

Ed Tittel Ed Tittel Profile: Ed Tittel
Adding touch to Win8 remains a key (and often missing) ingredient.

Adding touch to Win8 remains a key (and often missing) ingredient.
Image credit: Vectorform Labs

With the annual Consumer Electronics Show (CES) now underway in Las Vegas, all kinds of vendors are offering up interesting Windows 8 add-ons and platforms. Though this exposition clearly aims at consumers, interesting items that could also be of interest to corporate or enterprise technology buyers (and users) are popping up, and will probably continue to do so all week long (CES runs through Friday, January 11). In perusing announcements and debuts already streaming out of this year’s CES, I’ve already seen these following items of potential interest:

  • A 13.3″ mobile add-on touch monitor from Lenovo called the ThinkVision LT1423p with 10-point touch ($349 for a wired version, $449 wireless) that includes a stylus, designed to bring touch access to Win8 for portable PCs that lack such capability.
  • A notebook/laptop/ultrabook add-on called the Targus Touch Pen that attaches a small receiver via USB to the side of a portable display and communicates with a soft-tipped stylus/pen to bring touch control to a non-touch display (works with displays up to 17″, and is said to cost “about $100“).
  • New touch-enabled notebook, ultrabook, and tablet PCs for Win 8 from lots of well-known players (such as Dell, Acer, Lenovo, Samsung, and others) and some lesser luminaries in that market space (Vizio has announced an 11.6″ tablet, LG also has one, and others are no doubt on the way) are sure to follow suit soon.

So far, I find the Targus Touch Pen to be extremely interesting because it essentially provides an easy and affordable way to retrofit touch onto existing notebook, laptop, and ultrabook PCs. Therefore, I wouldn’t be at all surprised to see Microsoft itself venture into this particular product space, because it’s clear they understand the benefits of adding touch to existing platforms (and already have two touch-sensitive mouse models, as well as a medium-sized trackpad, all of which work with Win8 to support gestures and its touch interface).

January 4, 2013  4:40 PM

What’s Really Stopping Win8 from Achieving World Domination? It’s a Value Proposition…

Ed Tittel Ed Tittel Profile: Ed Tittel

To put the computing world back into Microsoft's hands, a few things must change...

To put the computing world back into Microsoft’s hands, a few things must change…
Image credit: Shutterstock 83143285.

I just read a fascinating Windows 8 analysis from Larry Dignan over at ZDNet entitled “Windows 8’s problem: It’s the hardware.” I kinda sorta agree with him that various hardware aspects of Windows 8 have contributed to slow uptake, lower-than-expected consumer and corporate interest levels, and consequently slow sales of systems with Microsoft’s new flagship desktop already installed. But I think the real reason the various native Windows 8 offerings such as Microsoft’s Surface in both Windows 8 RT and Pro flavors, various convertibles from Dell, Asus, Acer, Samsung and Lenovo, and the handful of non-MS “mainly tablet” PCs from Samsung, Asus, and Acer haven’t jumped off of the Web or store shelves is because of two primary factors:

  • Price: for all forms of Windows 8, the perceived price/performance level is discouraging purchases all over the place. At similar prices to iPads, RT Surface (and similar products from third parties) don’t offer enough capability, apps, or wow factor to be taken seriously. And there’s not enough oomph in higher-end offerings to persuade buyers that Win7 is passe, and Windows 8 (with touch hardware of some kind) the only way to go.
  • Battery Life: Especially for non-Atom Intel processor based tablets, convertibles, and touch-screen ultrabooks and notebooks, there’s not enough juice available from the smaller batteries necessary to meet general needs for “small, light, and portable” to which all of these devices are subject, to get a full day’s use out of them before it’s necessary to make a connection with a wall socket.

Dignan goes on to make some predictions he thinks will start turning things around in the middle of 2013:

1.  Microsoft will roll out an update that will smooth out Windows 8.
2.  Some hardware vendor will come up with a winning Windows 8 design.
3.  Consumers will react positively to this device.
4.  Microsoft will get enough app momentum.

Again, I can’t find too much fault with any of this, considering especially Microsoft’s professed intent to start getting on an annual update cycle for its various OSes (the so-called “Windows Blue” phenomenon). But I have a different set of ingredients to add to this mix, courtesy of Intel. First is the remake to the low-power end of the Ivy Bridge processor line called “Y” that the company plans to announce later this month at CES in Las Vegas, with various CPUs available at or under a 10-Watt TDP rating. The second is the planned introduction of the Haswell processor family, whose ultra-low voltage (ULV) components — which is what tablets and ultrabooks invariably depend on for the best combination of processing power and battery life — are rumored to sit in a TDP range between 7.5 and 11.5 Watts.

Once Microsoft and the OEMs get their hands on these kinds of building blocks, I predict that Windows 8 tablets, convertibles, and touch-enabled ultrabooks will become more attractive to buyers. Hopefully, overall prices can fall at least a bit to enable the Windows platform to regain a postive price/performance edge against competing Apple products, which have currently taken over the high end of the market for ultrabooks and notebooks, and completely dominate the tablet space. It’s still a pretty tall order even so for MS to “achieve world domination” any more, but it should help to put some momentum onto Windows 8’s marketshare, and provide more and better reasons for corporate adoptions to occur, on their typical “2-3 years after commercial release” timetable.

All this remains speculation, but hopefully not idle speculation. We’ll see what happens when the new Ivy Bridge Y finds its way into Windows 8 tablets, convertibles, and ultrabooks, and what impact Haswell has after that. If the results still don’t impress, there could be a world of hurt in store, not just for Microsoft, but for Intel as well. Stay tuned!

January 2, 2013  6:31 PM

Two Important Win8 Expiration Dates for January 2013

Ed Tittel Ed Tittel Profile: Ed Tittel

Thanks to Martin Brinkman over at, I was reminded of two important Windows 8 related expiration dates for this month. First, and probably foremost for most readers, the $40 to Windows 8 Pro upgrade offer expires on January 31, 2013. This is a great deal for machines with a valid Windows OS already installed, where you can exercise it directly from the PC you wish to upgrade on as many PCs as you like, all for the same charge. You can even download the upgrade and wait to install it after the deadline, if you like. One potential gotcha to be aware of: if you download the upgrade from a 32-bit Windows install, you’ll get a 32-bit install image for Windows 8. Since most people will want to download and install the 64-bit version, no matter what version they’re currently running, be sure to run your download from a 64-bit machine!

Win 8 Pro upgrade offer page snippet.

Win 8 Pro upgrade offer page snippet.

The other expiration date hits in mid-January — the 15th of the month to be precise — and it’s for any and all of the Windows 8 Preview versions (Developer/Build 8102, Consumer/Build 8250, and Release/Build 8400). My guess is that if you grabbed any other builds through “alternate channels” (such as BitTorrent) they will also go bye-bye at the same time. Just for the record, a legit copy of Windows 8 shows a build version of 9200, so anything less than that number is probably subject to the turn-off by the middle of this month.

Build info for commercial Windows 8 versions.
Build info for commercial Windows 8 versions.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: