Windows Enterprise Desktop

April 6, 2018  12:47 PM

Intel Excludes Older CPUs from Spectre Updates

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, Windows Security

Well, we always knew that Intel wasn’t going to go back to the beginning of time in crafting microcode updates to address Spectre Variant 2. Now we know more about what’s in and what’s out, where such coverage is concerned. On April 2, Intel updated its “Microcode Update Guidance” document (PDF). This spells things out pretty clearly (look for changes on those charts in yellow). That why saying “Intel excludes older CPUs from Spectre updates” sums things up nicely.

When Intel Excludes Older CPUs from Spectre Updates, What’s Out?

According to the afore-linked charts, newly-added Spectre v2 updates include:

  • Lynnfield (Core and Xeon: CPUID 106E5)
  • Nehalem EP, WS & EX (Xeon: CPUIDs 106A5 & 206E6)
  • Arrandale (Core and Celeron: CPUIDs 20652 & 20655 )
  • Clarkdale (Core, Pentium and Xeon: CPUID 20652 & 20655)
  • Westmere (Xeon processors: CPUIDs 206C2 & 206F2)

And per those same charts, update work on the following processors has been stopped:

  • Bloomfield (Core & Xeon: CPUIDs 106A4 & 106A5)
  • Jasper Forest (Celeron and Xeon: CPUID 106E4)
  • Clarksfield (Core: CPUID 106E5)
  • Harpertown (Xeon: CPUIDs 10676 & 1067A)
  • Penryn/QC (Core 2, Pentium, and Celeron: CPUID 1067A)
  • Sofia 3GR (Atom processor: CPUID 506D1)
  • Wolfdale CO, EO, MO, RO (Core 2 Duo, Pentium, Celeron and Xeon: CPUIDs 10676 & 1067A)
  • Yorkfield (Core 2 and Xeon: CPUID 10677)
  • Gulftown (Core and Xeon: 206C2)

Making Sense of the Data Using Code Names

There are tools abounding that will tell you about your CPUs. My two favorites are Franck DeLattre’s CPU-Z and the Intel Processor Identification Utility. CPU-Z provides code names explicitly, like so:

Intel Excludes Older CPUs from Spectre Updates.cpuz

CPU-Z offers up a field named Code Name that identifies the CPU as Skylake directly

The Intel utility doesn’t map processor names to the code names for matching what you’ve got up with the preceding data (and Intel’s charts). You’ll have to go from the make and model information to figure things out. Thus for example, the Intel tool reveals that my machine has an i7-6700 installed.

Intel Excludes Older CPUs from Spectre Updates.ipiu

The key information appears in bold near the top of this display: i7-6700.

Next, I can search on “i7-6700” for its page, which tells me its code name is Skylake.

The code name shows up in the first column of the Intel charts. This is the key, and how you reconcile what’s in your machines with that coverage information.

April 4, 2018  5:53 PM

MPP IT Support Track Offers Interesting Insights

Ed Tittel Ed Tittel Profile: Ed Tittel
IT jobs, Windows 10

In looking over the release notes for Insider Preview Skip Ahead Build 17639, I saw an interesting teaser. It led me to revisit the Microsoft Professional Program (MPP) of online training. In fact, it led me further than that. Right now, I’m about one-fourth of the way through a course meant to train up IT tech support support agents. That’s why I assert that the MPP IT Support Track offers interesting insights. It’s actually called the Microsoft Professional Program for IT Support track, for those who might wish to check it out for themselves. Here’s the snippet from the release notes that caught my eye:

MPP IT Support Track Offers Interesting Insights

You can audit the IT track’s courses for free or pay US$99 per course (4 total) for credit.
[Click image for full-sized view. Links to AI track and GeekWire article.]

How MPP IT Support Track Offers Interesting Insights

If you want to understand how Microsoft views tech support, you couldn’t find a better source of information than this course. It explains that the role of tech support pretty thoroughly. That role is not just to answer questions and deliver support though these things are important. It’s also equally important to champion consumption and help the organization achieve its business goals. Pretty lofty stuff for entry level tech support staff to dig into.

I found myself most impressed with the course’s emphasis on continuous learning, self-improvement, and staying ahead of the technology curve for Tech Support workers. It’s pretty good information and also inspiring for those in need of motivation to excel at and enjoy what they do for a living. I plan to work my way through all four courses in this curriculum over the next few days. If other gems emerge from this prospecting work, look for more of them to appear here in this blog. In the meantime, you could do worse than to check this resource out for yourself.

April 2, 2018  11:36 AM

Myerson’s Farewell Reveals Interesting Win10 Stats

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10

Last Thursday (March 29), word emerged from Terry Myerson, EVP for the Microsoft Windows and Devices Group. He announced he would be leaving the company in April.  In a companion blog post on LinkedIn, Myerson’s farewell reveals interesting Windows 10 stats. He also shared some highlights from his 21-year tenure at Microsoft, including important bookends with Mr. Bill Gates himself. But to me, the stats he let slip are quite interesting.

How Myerson’s Farewell Reveals Interesting Win10 Stats

Here are some key snippets from Myerson’s farewell address that reveal interesting elements of the Windows 10 empire over which he presided (all are verbatim quotes):

  •  I was honored, and humbled to now be leading over 17,000 engineers and accountable for over $40B in revenue and $5B in operating income…
  • … that’s why we created the Windows Insider Program so we could build Windows 10 led by your feedback. Now with 15 million members, …
  • Today, we are now approaching 700 million active Windows 10 users, commercial usage is growing 84% year over year, Xbox One is running a Windows 10 core, Surface is leading PC innovation, HoloLens is bringing breakthroughs to computer vision, our universal Microsoft store enables Xbox GamePass, Azure reserved instances, and Office distribution, and the OEM ecosystem is revitalized with profitable growth. Last year, we finished the year with over $8B in operating income from our segment.
  • I’m sitting down next to Bill Gates for my last scheduled meeting as leader of Windows and Devices at Microsoft. My team is debating with him the future of Project Rome and Windows Timeline.

What These Snippets Tell Us Is…

The size and scope of the Windows effort at Microsoft is huge, but no longer represents the overwhelming focus or revenue center for the company. In fact, as of the end of January (see this VentureBeat analysis) Azure hit a $20B annual run rate and is growing more than 3 times faster than Windows. Some long-time MS followers see Myerson’s departure as a sign that Windows has lost its status as Microsoft’s primary focus, in fact. (See this fascinating blog post from Tim Sneath entitled “From Windows to the Cloud.”)

Beyond financials, the interesting numbers in the preceding quotes deal with the size of two important Windows populations. For the first time, an official MS source tells us that the count of Win10 users is “approaching 700 million.” I don’t have to go out on much of a limb to hypothesize that the count will meet and exceed that level this year, possibly sometime soon. It’s also fascinating to understand that the Windows Insider program includes 15 M participants. As beta programs go, this is mind-bogglingly enormous.

The mention of Project Rome is also quite tantalizing. There’s  more that one way to read this, though. Based on reading between the lines in Sneath’s afore-cited blog post, it’s possible that the future of the project may itself be in jeopardy. However, I think not. I actually think MS is hard at work figuring out how to create consistent development and runtime environments for a broad range of devices. That means computers, tablets, embedded and IoT devices, and even servers. I read Myerson’s concluding remarks as intended to hint at a continuing and brighter future for Windows going forward.

March 28, 2018  4:02 PM

Microsoft Edge web browser has a long way to go against Chrome

Alyssa Provazza Alyssa Provazza Profile: Alyssa Provazza
Google Chrome, Microsoft Edge, Windows 10

Google Chrome has seen numerous security enhancements over the past few months, and even a potential change in Windows 10 might not help Microsoft edge out the browser leader.

The Edge web browser debuted as the default with the release of Windows 10 in 2015, replacing Internet Explorer. With the latest build in the Windows 10 Insiders Program, Microsoft said it will test a feature that could force some users into using Edge. The browser’s integration with Windows and overall security capabilities are a draw for Windows 10 shops, but with Google ramping up enterprise security features in Chrome, Microsoft has its work cut out.

“Right now while not a lot of websites — comparatively speaking [to other browsers] — have full support for Edge, this is going to grow, and rapidly,” said Willem Bagchus, a messaging and collaboration specialist at United Bank, based in Parkersburg, W.Va. “It takes a while for manufacturers to retool their applications.”

It’s unknown how many web applications are currently incompatible or don’t work well on the Edge web browser, although organizations can use Enterprise Mode to open sites that are more compatible with Internet Explorer (IE). United Bank relies mostly on IE because workers use legacy apps that won’t function on other browsers, but as the company begins rolling out Windows 10 this year, IT will consider whether or not to default to the Edge web browser, Bagchus said.

Chrome vs. Microsoft Edge

If users have a choice, they’ll often pick Chrome for its fast web data processing and an extensive library of add-ons. Google Chrome holds a big lead in worldwide desktop browser market share at 67.45%, compared to Edge’s 4.05%, according to StatCounter.

That data includes both consumer and enterprise counts, however, so it’s possible that Edge sees more than just 4.05% in businesses specifically. Windows 10 shops may choose the Edge web browser because it’s built into the OS, meaning admins can manage it through Group Policy and have more control over updates, depending on the Windows update channel they subscribe to.

“Edge is just a manifestation of a huge amount of infrastructure that Microsoft built on their back end,” Bagchus said. “It’s far better security models, far better certificate models.”

Managing policies and updates to Chrome requires IT to use a separate application called Google Update. Plus, the ability to take advantage of other Microsoft features, such as integration with Cortana, makes Edge easier to use because they’re purpose-built for enabling productivity on Windows.

Reading Mode on Microsoft Edge

The latest in Edge, Chrome

Microsoft could be trying to fight back against Chrome with its testing of a new feature in Windows 10, which forces links that users click on in the Windows Mail app to open in Edge, even if the user has set a different browser as their device’s default. But Windows Mail — which allows users to access email services such as Exchange and Gmail — is not a common enterprise client, because it lacks advanced features such as integration with a calendar. So this feature likely won’t make a dent in the enterprise, where Windows shops typically rely on Outlook.

To make matters worse for Microsoft, the latest version of Chrome in December came with a few new enterprise features. Site Isolation, which IT can choose to enable or not, keeps separate the renderings of each website a user opens, so an infected site could not potentially infect something in another tab. Chrome also added more advanced policies for blocking unapproved browser extensions.

Google last week added the ability to require that users sign into Chrome before accessing any websites, by simply activating two new group policies — a way of preventing users from opening any corporate links on unapproved devices. The company said it will add a reporting feature in the future that allows IT to view information about users’ extensions and more. Google also upped its game with the release of the Chrome Enterprise Bundle last May.

But with Windows 10 adoption on the rise, the Edge web browser may see soon see its day in the sun.

“I know Edge is going to be the future,” Bagchus said. “You want to use the tools the way they were meant to be used. Microsoft is making tools that work better together.”

March 28, 2018  11:49 AM

Macrium Reflect Upgrade Cancels Backup Schedules

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, Windows Backup

Whoa! I got an unexpected shock in checking over my production desktop this weekend. Turns out that my recent upgrade from version 6 to 7 for Macrium Reflect Free came with certain consequences. That’s right: that Macrium Reflect upgrade apparently canceled my regular backup schedules. It left my primary machine, which I back up daily, without coverage for several weeks before I noticed that change. In fact, I only figured out updates weren’t happening by inference. I clean out backups every two weeks or so to keep the target drive from filling up. This time, I noticed the drive space hadn’t decreased much, if at all. And indeed, that’s how I learned that Macrium Reflect upgrade cancels backup schedules. Ouch!

Macrium Reflect Upgrade Cancels Backup Schedules

Disabled is the last thing you want to see when checking Reflect backup schedules’ status. Sigh.

Fixing Macrium Reflect Upgrade Cancels Backup Schedules

Of course, the fix is absolutely trivial.  I could have simply re-enabled my existing backup schedules, and they would have resumed that night on their regular schedules. But while I was at it, I created a new backup definition and lumped the imaging of my boot/system drive together with my primary data drive. That way my target drive won’t fill up as quickly and I’ll have ready access to my two most important storage assets. I also set up a weekly cloud backup so I can capture my entire production system off-site with less frequency.

The old saying goes: The only good backup is the one that restores successfully. I’m somewhat embarassed that it took me a couple of weeks to realize that a software change had disabled my backup environment. I offer my experience as a cautionary reminder to all IT professionals that regular checks on backups may be as important as making those backups. I am profoundly grateful, in fact, that I didn’t learn that my backups were disabled by needing one, and not having it at my disposal. Sigh.

March 26, 2018  10:24 AM

KB4089848 Poses Widely Reported Win10 Problems

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, Windows Update

On 3/22/18 Microsoft unleashed KB4089848. It upgrades build 1709 to 16299.334 and addresses a list of some 25 issues. This is documented in its MS Support KB article. But numerous sources indicate that KB4089848 poses widely reported Win10 problems, too. These cover a wide litany of woes that include the following (source:

  • Failed installs (either the download or the install processing for KB4089848 doesn’t complete successfully).
  • Post-installation, printing problems occur. HP printers seem particularly prone to such issues.
  • With KB4089848, some users report PC freeze-ups or performance hiccups.
  • Other issues also show up less frequently. Some users report issues with Outlook search, taskbar troubles, or homegroup failures.

KB4089848 Poses Widely Reported Win10 Problems

WU reports my production desktop Win10 is current, with confirmation from WUMT checks. Even so, here’s how KB4089848 shows up in my Update History. Sigh.

On one of my machines, despite a successful install of the update and multiple subsequent reboots, the update history still reports that a restart is needed. Reading through and social and answers forums at Microsoft this weekend, I saw these items pop up dozens, if not hundreds, of times from users around the globe.

If KB4089848 Poses Widely Reported Win10 Problems, What to Do?

This is a case where waiting before installing appears to have strong merits. How one might go about this is the subject of numerous tutorials including these items:

Turn On or Off Pause Updates for Windows Update in Windows 10

Enable or Disable Windows Update Automatic Updates in Windows 10

The Windows Update MiniTool (WUMT) along with a “wrapper script”  can also disable Windows Updates unless and and until this alternative access tool is used. It lets users pick only the updates they want to install, and provides complete control over Windows Update access and activity. I provided a pointer to this tool in a 2/26/18 post to entitled “Stop Windows 10 Updates Properly and Completely.” Subsequent discussion items in that thread makes mention of a MyDigitalLife item that covers this script in more detail “WUMT Wrapper Script — controls Windows Update Service.” It’s definitely worth reading — and for many users, it’s worth using, too.

March 23, 2018  5:15 PM

Script Out Your Win10 Build History Using PowerShell

Ed Tittel Ed Tittel Profile: Ed Tittel
history, Windows 10

I just came across a fascinating pair of PowerShell commands. Run in an administrative PowerShell session, they’ll tell you every build your system has had installed on it since the last clean install was performed. That’s why I say you can use these items to script out your Win10 Build History using PowerShell.

These commands come to you through an interestingly circuitous route around the Northern Hemisphere of Planet Earth. I got them from Russian blogger Sergey Tkachenko at He got them from somebody named (whose domain name, at least is in Germany and post was in German). Originally they came from user sizzlr at Reddit (location unknown, but who writes American English like a native speaker).

How to Script Out Your Win10 Build History Using PowerShell

All you need to do is cut and paste the content for each line item below from this blog post into an administrative PowerShell session. Copy Line 1 first, then paste it, then hit enter (only the monospaced text, please). Repeat that same process for Line 2 (ditto).

Line 1:cls

$AllBuilds = $(gci "HKLM:\System\Setup" | ? {$_.Name -match "\\Source\s"}) | % { $_ | Select @{n="UpdateTime";e={if ($_.Name -match "Updated\son\s(\d{1,2}\/\d{1,2}\/\d{4}\s\d{2}:\d{2}:\d{2})\)$") {[dateTime]::Parse($Matches[1],([Globalization.CultureInfo]::CreateSpecificCulture('en-US')))}}}, @{n="ReleaseID";e={$_.GetValue("ReleaseID")}},@{n="Branch";e={$_.GetValue("BuildBranch")}},@{n="Build";e={$_.GetValue("CurrentBuild")}},@{n="ProductName";e={$_.GetValue("ProductName")}},@{n="InstallTime";e={[datetime]::FromFileTime($_.GetValue("InstallTime"))}} };

Line 2:
$AllBuilds | Sort UpdateTime | ft UpdateTime, ReleaseID, Branch, Build, ProductName

Sampling a Win10 Build History

Here’s what the output from my production desktop looks like in PowerShell:

Script Out Your Win10 Build History Using PowerShell

The sequence captures my journey from Win 10 Pro to Enterprise Insider to Enterprise current branch.
[Click image to see full-sized view.]

I’m not sure that anybody really NEEDS this capability. But it is very interesting to look at the sequence of builds that have come and gone on most PCs. My fast ring PCs produce listings with 93(!) entries in that list, starting with Build 10547 on 10/17/2015 and ending with Build 17123 on 3/20/2018 (and that’s because I haven’t rebooted that machine to upgrade it 17128 just released this afternoon). Great stuff!

Here’s that lengthy list in all its glory:

March 21, 2018  11:14 AM

Reducing Win10 Upgrade Offline Time

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, Windows Update

Last week, the Windows Insider blog featured a notable bit of information. Under the somewhat bland heading of “feature update improvements” Joseph Conway (Sr. Program Manager, Windows Fundamentals (Deployment)) dropped some fascinating information. Talking about feature update installation, he reported that a new and improved model comes built-in when 1803 goes public in the near future. In fact, reducing Win10 upgrade offline time remains a major design goal for that release.

What’s Up with Reducing Win10 Upgrade Offline Time?

FYI, offline time means that a PC is unavailable/unusable. Simply put, reducing offline time during an upgrade means more time for the user do something while the upgrade is underway. The blog post includes a peachy table that shows old vs. new feature update models, so I reproduce it here:

Reducing Win10 Upgrade Offline Time

Items on upper right in dark black moved from offline into online processing explain a huge time difference.
[Click on image to see full-sized view; Source: Windows Insider Blog 3/16]

Offline Time Savings?

The numbers are pretty interesting. Under the old model offline time averaged 82 minutes for a Windows feature upgrade. The post explains that this number is based on telemetry during the millions of upgrades to version 1709 (aka the Fall Creators Update) late last year. For the upcoming 1803 release, which uses the new model, average offline time has dropped to 30 minutes. As the blog post proclaims: “That’s a reduction of 63% from the Creator’s Update!” I notice that the blog post fails to address whether or not the overall install time has changed, either for the worse or the better. Having been through dozens of such Insider installs for the forthcoming 1803 release, my personal impression is “Not much.” I don’t mean to diminish this accomplishment, but I must observe that for corporate/enterprise users, they probably won’t be using their PCs while they’re upgrading anyway.

The Real Value of These Process Models

To me, the real value of these process models comes from the details about what goes on during the feature upgrade installation process. By extension, in fact, this provides a pretty good model for Windows installation in general. Thus, either list of steps is a good one. I reproduce the NEW list verbatim, in numered form because it’s what Windows users face looking foward. For this list, I don’t much care which parts are online and which parts offline, either.

  1. PC checks for available feature updates (manually or automatically)
  2. Feature update payload is downloaded
  3. User content is prepared for migration
  4. New operating system is placed into a temporary working directory
  5. PC waits for a required reboot to begin update installation
  6. PC reboots to begin update installation process
  7. Drivers and other required operating system files are migrated
  8. User content is migrated
  9. PC reboots and completes the update
  10. OOBE begins

This new model gives us a nice timeline against which to plot errors. It also means when errors occur, one can make a good guess about the issue involved based on the current active phase. I’ll make ongoing, detailed observations over the next few months. Then, I’ll build and populate that map as best I can. Stay tuned: I’ll write this up when I have enough data to make it worth sharing.

March 21, 2018  8:11 AM

VMware Workspace One gets intelligent

Colin Steele Colin Steele Profile: Colin Steele
AirWatch, VMware, VMworld

Details have emerged about several new VMware Workspace One capabilities that IT pros got a preview of last year.

VMware Workspace One Intelligence, Mobile Flows and support for the Microsoft Graph API for Intune are now all generally available, VMware said today. The company originally announced the features at its VMworld conference last August.

Let’s take a look at the three components:

Workspace One Intelligence monitors and analyzes data from users’ devices and applications and enables IT to automate responses to security threats, application crashes and other issues. It uses technologies from VMware’s AirWatch compliance engine and Apteligent, an app analytics vendor VMware acquired last year. Applications must integrate with Apteligent’s APIs to provide performance and user behavior data to VMware Workspace One Intelligence, but the product can provide insights around user adoption, software licenses and more natively, VMware said.

Mobile Flows build common business processes directly into VMware’s mobile email app, Boxer. If a sales rep receives a request for a quote from a new customer, for example, he can create a new contact in Salesforce by pressing just one button in Boxer — instead of having to open the Salesforce app, sign in and then create a new contact. VMware plans to expand Mobile Flows into other apps besides Boxer, but those capabilities are not available at this time.

Support for the Microsoft Graph API for Intune enables IT to manage Office 365 mobile apps directly through AirWatch. But organizations must have both AirWatch and Intune licenses to use this feature.

Coming soon in VMware Workspace One

VMware also announced some additional capabilities that will be available later this year. The Workspace One Trust Network will allow third-party security vendors to feed data into Workspace One Intelligence, providing IT with even more insights into their users’ devices and applications to detect threats. Participating vendors today include Carbon Black, CrowdStrike, Cylance, Lookout, McAfee, Netskope and Symantec.

Another upcoming offering, AirLift aims to help IT more easily manage Windows 10 devices with VMware Workspace One and Microsoft System Center Configuration Manager (SCCM). Those co-management capabilities already exist, but AirLift will provide a console for administrators to select which tasks to perform with Workspace One and which tasks to leave to SCCM. The console will be available in April, VMware said.

March 19, 2018  3:28 PM

Logon times play key role in virtual desktop UX monitoring

Eddie Lockhart Eddie Lockhart Profile: Eddie Lockhart
published applications, VDI

Almost everyone who’s ever used a computer has sat, head in hand, frustratingly waiting for the desktop to start up. If this productivity loss runs rampant in a VDI deployment, it can have a real cost, so it’s important for IT to get a handle on logon times.

If users detect a decline in virtual desktop performance from what they were used to with physical desktops, they are likely to revolt against the technology. To quantify the effect bloated logon times can have, ControlUp, a monitoring software provider in San Jose, Calif., conducted a study on logon performance for virtual desktops and published applications. The results showed the importance of shorter logon times and consistency.

Gone in 31.9 seconds

The average logon time for virtual desktops was 31.9 seconds with a median of 23 seconds, according to the ControlUp study, presented in a webinar last week. The study, which tracked logons over almost two years across 876 organizations, defined desktop logons as the length of time from the instant a user enters his correct credentials to the moment the Start button becomes clickable.

The median indicates that half of the logons took 23 seconds or less, while the much higher average shows that there are significant outliers pulling the mean up — suggesting that many organizations have problems with logon consistency.

If logon times fluctuate significantly, users may be unhappy because they cannot rely on their desktops to start the same way every time. Time of day can be a key factor, as logons may take longer when more users within an organization are active at once. IT must allocate resources correctly throughout the VDI deployment to deal with peak usage times.

The discrepancy between the average and the median was not as significant for published apps, because they are less complex. The average time was 16.44 seconds, and the median was 12. Published app monitoring is important, because apps are the lifeblood of most users’ productivity.

Longer logon times for desktops and apps can be caused by oversized user profiles, resource contention issues, or misconfigurations after a storage array or network drive relocation. One way to reduce logon times is to use monitoring tools that can help pinpoint the source of slowdowns. In addition to ControlUp, products include VMware vRealize Operations for Horizon, Login PI from Login VSI, Goliath Technologies’ Logon Simulator and the Comtrade management packs for Citrix.

Quantifying the results

Organizations can get time and cost savings by reducing logon times.

OneWorld Community Health Centers in Omaha, Neb., used ControlUp’s monitoring tool to gather and analyze logon data, which revealed that the infrastructure had a VM sizing issue, said IT director Steve Elgan, in the webinar. His team added more processors with more RAM and changed the ratio of virtual CPU to physical CPU to one-to-one — reducing desktop logon times by 14 seconds. The company calculated that it saves about $10,000 per year because of time saved, and allows each doctor to see about seven extra patients each year.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: