Windows Enterprise Desktop

October 13, 2017  2:33 PM

Build 1709 Gains Easier Update Log Access

Ed Tittel Ed Tittel Profile: Ed Tittel
Symbol, Windows 10

A nice but subtle improvement will appear in the Fall Creators Update for Windows 10. Otherwise known as Build 1709, this release makes Windows Update log files more readable. Using the Get-WindowsUpdateLog PowerShell cmdlet, admins and power users can translate event trace log (ETL) files into human-readable form quickly and easily. Because Build 1709 gains easier update log access, IT pros can parse and troubleshoot update issues with greater dispatch. I uncovered this enhancement at Redmond Magazine, in a 10/10/17 article entitled “Microsoft Improving Windows 10 Log File Access with Fall Creators Update.”

Explaining How Build 1709 Gains Easier Update Log Access

The MS Support article “How to read Windows Update logs in Windows 10 Version 1607” explains things nicely. Windows 10 stores update logs in a compact binary form using Event Tracing for Windows (ETW). While this generates logs faster and reduces disk space consumption, those logs are not “readable as written.” In fact, the PowerShell Get-WindowsUpdateLog cmdlet translates the ETL logs from binary into human readable form. The following snippet from Notepad shows what the output from the cmdlet looks like:

This snippet shows output from the Download Manager, reporting that it finds no expired update files to expunge, and 14 unexpired updates still in effect.

However, for it to work in Windows 10 versions through 1703, the cmdlet must access the Microsoft Internet Symbol Store. This lets it associate module and service names with binary handles in the Update logs. The newest version no longer requires that users link to the symbol store in advance, nor that the cmdlet commence operations by reading fresh symbols.

The MS Internet symbol store resides at URL One can use the .symfix command on systems with relatively speedy Internet links. Otherwise, MS recommends users install symbol files locally as described in Installing Windows Symbol Files. The syntax for the .symfix command is:

.symfix+ DownstreamStore

But with the Fall Creators Update such contortions will no longer be required. Instead Get-WindowsUpdateLog will handle such things automatically by itself. Perhaps a small step in the direction of usability, but a welcome one nonetheless! This already works like a champ in the Insider Preview, as I confirmed for myself this morning. That’s how I grabbed the preceding text snippet.

October 13, 2017  10:01 AM

Will IT ever untie from legacy systems?

Alyssa Provazza Alyssa Provazza Profile: Alyssa Provazza
Cloud Computing, IT leadership, IT projects, Machine learning, Software

As organizations trumpet their digital transformation strategies, they talk of unifying workspaces, moving to the cloud and simplifying app delivery and management. It’s all very forward thinking.

But at the end of the day, many still rely on legacy hardware, software and processes. As the buzz of conference season wound down, I began to wonder: Will that ever change?

Legacy applications, such as customer relationship management and enterprise resource planning software, persist in IT because they are so critical to the way a business functions. These systems process and store data related to finances, operations, human resources, client transactions and much more. But they weren’t built with virtualization, cloud computing, mobility and machine learning in mind. They were barely built to handle the speed and frameworks of today’s internet.

The problem is, it’s expensive and time-consuming to update or replace legacy systems. Software vendors themselves have only just begun reworking their platforms to meet the demands of digital transformation; some have released tools, for instance, to help companies make their legacy data accessible from mobile applications. And that old mantra of “if it ain’t broke, don’t fix it” continues to sing out among many IT professionals who just don’t want to face complex migration projects.

This month’s cover story explores some of the tools that can help organizations build micro apps, which consolidate common employee workflows and connect to back-end systems. This technology, known as rapid mobile app development, is just one of many in the end-user computing market that touts integration with legacy systems. But is that just a bandage on the problem? Organizations that adopt these types of tools must still run and maintain those old platforms; users simply connect to them differently.

The onus to move beyond legacy is on both sides. Software providers must more rapidly provide IT with mobile-friendly versions of their applications, or at least the right tools to migrate to mobile. And IT departments and businesses themselves must get out of their comfort zones, invest in cloud services and focus on user experience.

If organizations do that, they’ll be better able to deliver the right data to the right users in the long term. Digital transformation shouldn’t just mean loosening ties with old systems. It should mean cutting them altogether.

This post originally appeared in the October 2017 issue of Access Magazine.

October 11, 2017  4:17 PM

Dropped Drive Drops Access

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10

I’ve got a handful of mSATA SSDs sitting around my office. So, rather than barter them off, I’ve been finding ways to put them to work. In April, I purchased a couple of Sabrent USB 3.0 mSATA enclosures from Newegg for about $16 a pop. Until recently, they’ve proved a sweet way to add some speedy, capacious storage to laptops and tablets. But, in prepping for Spiceworld in Austin this week, I learned that a dropped drive drops access, too. Let me explain…

Dropped Drive Drops Access

The issue arises from the clip-on holder that secures the mSATA device inside the enclosure.

How the Dropped Drive Drops Access, Too

I had plugged the unit into one of the front-panel USB3 Connectors on my production PC. Then, I loaded it up with PST files so I could synch Outlook on my Lenovo T520 laptop. The USB cable that’s included with the unit is long enough (30″) for the drive to hang down to the floor atop my PC case. And because I accidentally knocked the unit off my PC, causing it to hit the chair mat under my desk with some force, I suddenly found the drive MIA.

It took me a while to figure out what was going on. It seems that the clamp that Sabrent includes on the circuit board that holds the mSATA device inside the enclosure isn’t lock tight. When the unit hit the floor, it did so with enough force that the mSATA SSD  slid out of its mini-PCIe slot just a little. It was out far enough to render the drive unreadable, but not far enough to keep it from showing up as an empty drive (0 bytes capacity) in Windows File Explorer.

An Easy Fix for Dropped Drive Drops Access

Only by using my other identical enclosure and  another mSATA SSD was I able to confirm this by experimentation. I determined that a drop would indeed cause the device to work its way loose from the connector. I also observed that the drop  could also make the device unreadable. Once diagnosed the problem was trivial to fix, but it wasn’t immediately obvious when the gotcha first came into play. I’m now securing my mSATA devices inside these enclosures using a small piece of paper, folded, between the wire catch and the top of the device’s circuit board. It makes for a tight enough fit to keep the SSD card from moving around. Thus it also prevents it from slipping loose if and when I should drop it again.

October 9, 2017  11:26 AM

New Reflect Needs New Rescue Media

Ed Tittel Ed Tittel Profile: Ed Tittel
Recovery, Windows 10

Recently, Macrium issued a new version of its excellent (and free) Reflect backup and restore utility. The major version number has now incremented from 6 to 7. As I write this blog post, in fact, the most current complete version number is  7.1.2619. In skimming over the TenForums posts this morning, member fdegrove (thanks, Frank! see #917) reminded me that when major versions change for the program, that a new Reflect needs new Rescue Media, too.

Here’s Why New Reflect Needs New Rescue Media

Reflect’s Rescue Media is built upon the Windows Preinstallation Environment, aka WinPE. When the Reflect program goes through a major upgrade, Macrium also recasts the WinPE environment inside which it loads its customized bootable repair tools and utilities. Sure, an older set of Rescue Media will still work, but it won’t be able to take advantage of new capabilities and Windows image updates that have been added since then. And with the addition of a new version, there will always be changes that you’ll want to make sure are available during repair and recovery processes.

Fortunately, the fix is easy. Insert the old rescue media (in my case a USB flash drive) into your PC, and run the Rescue Media Wizard (click Other Tasks, then click Create Rescue Media). When that tool fires up it tells you that an update is available for your WinPE files. Click through the Wizard, target the old rescue media, and it’ll build you a new set on the same device.

New Reflect Needs New Rescue Media

A new backup utility version needs new rescue/recovery media to match!

It would be a shame to update one’s Reflect installations without also building new Rescue Media. Don’t forget! I nearly did, but am now rescued from possible blow-back from that oversight, thanks to careful forum access. Please follow suit so that doesn’t happen to you, if you’re among the legions of Macrium Reflect users…

October 6, 2017  11:11 AM

Win10 Usage Approaches Win7 Levels

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10

OK, the balance of Windows usage is shifting away from Windows 7 toward Windows 10. A WindowsReport story appeared this morning to that effect. From staff writer George Finley, it’s entitled “Windows 10 could overtake Windows 7 by the end of 2017.” But it cites NetMarketShare,  a site whose accuracy has been questioned by Windows pundits. (See Ed Bott’s discussion in this Jan 2017 story at ZDnet for details). That’s why I decided to see if that ratio held at This site reports stats for visitors to all US government websites. And indeed, it too shows that Win10 usage approaches Win7 levels.

Why Say That Win10 Usage Approaches Win7 Levels?

One current bar chart from the site says it all, especially when leavened with a little quick math:

These numbers represent visits over the past 90 days, as of 10/6/17.
[Source: for “All Participating Websites”]

If you calculate the ratio between the “Windows 7” and “Windows 10” entries, it works out to 0.8333. Mathematically, that equals the fraction 5/6. Thus, I feel reasonably confident that there are 5 Windows 10 users for every 6 Windows 7 users who access US government websites. And indeed, that’s a big change in momentum. Also, it lends credibility to the idea that the balance is shifting substantially. I’d say it is possible, or perhaps likely, that more PCs will be running Windows 10 than Windows 7 (at least, among Internet users) by year’s end. It’s actually more convincing than the NetMarketShare numbers, which show a ratio of more like 6 Win10 users for every 10 Win7 users.

For what it’s worth, StatCounter’s Windows Version share numbers also tell a similar story. As of September 30, Win10 gets a 39.3% share, while Win7 shows 43.99%. That’s a ratio of roughly 89.4%, which translates more or less into a ratio of 7 Windows 10 for every 8 Windows 7 users over the sites they monitor. Combined with the US Government ratio already reported, this supports the notion that these population sizes are converging. It also lends credibility to the observation that Win10 usage approaches Win7 levels, and that the balance may shift sometime soon.

October 4, 2017  5:42 PM

Device Cleanup Tool Works

Ed Tittel Ed Tittel Profile: Ed Tittel
Device Manager, Windows 10

Anybody who’s spent time working with Device Manager in Windows knows that drivers stay visible in the OS even when attendant devices are absent. That’s why so many more items show up in DevMgr when you click “Show hidden devices” in its View menu. Sometimes Windows goes wild and lists many copies of the same driver. At other times, on systems where USB or other external peripherals come and go often, spurious or outdated entries may swamp others. Sure, you can uninstall those devices one at a time in DevMgr. But Uwe Sieber’s Device Cleanup Tool works like a charm. It also lets you see — and remove — any or all “non-present devices” on a Windows PC.

When Needed, Device Cleanup Tool Works Well

Here’s a partial listing of the output from Device Cleanup Tool on my Lenovo T520 laptop PC. It’s got some miles on it, and I plug and unplug USB drives and devices on it all the time. I mark several such items with red arrows in the screen shot that follows, by way of example:

Device Cleanup Tool Works

Items with red arrows for ephemeral USB storage. Note the age on the absent “Generic volume shadow copy” items, too.

Here’s what’s up with the red-arrow items:

  • The E: drive comes from an external USB drive I occasionally attach to make an external backup of this laptop.
  • The ESD-USB item is a bootable repair and recovery utility disk I occasionally use.
  • The EVO500 is a USB 3.0 enclosure for mSATA SSD drives that houses a Samsung 512 GB EVO SSD.
  • The H: drive is another external drive I hooked up to play with some while back.

I don’t really need any of these because DevMgr will happily reload drivers when and if I plug any of these devices back in. So I can select any devices I wish to remove to highlight them, then click the Remove selected entry in the Devices menu to make them disappear. Looking at the ages on the 15 “Generic volume shadow copy” entries in the tool (the youngest is 86 days, the oldest 180) I decide to deep-six them, too. And out they go…

One more thing: please remember to run this utility as Administrator, or you won’t be able to remove any of the devices you select. Another nice tool for the Admin toolbox!

October 2, 2017  1:25 PM

Driver Store Explorer Shows Driver File Names

Ed Tittel Ed Tittel Profile: Ed Tittel
Driver, Windows 10

I ran into an interesting problem recently. On one hand, the MS Update Catalog turns out to be a great resource for RealTek High Definition Audio driver updates. On the other hand, they come in .CAB file form. Thus, one must use a tool like 7Zip to unpack the cabinet file’s contents before updating. Then, if you point Device Manager’s update driver function at the unpacked files’  folder, it will do its thing. But not always, apparently. However, because Drive Store Explorer Shows Driver File Names explicitly, it helps target the update process more precisely. Please let me explain…

Why It Matters That Driver Store Explorer Shows Driver File Names

Normally, when you point Device Manager at a folder where new drivers are available, it identifies and applies those drivers on its own. But when I tried that a couple of versions back ( , update returned a familiar and unexpected message:

Driver Store Explorer Shows Driver File Names

If Microsoft can’t identify the new driver, it certainly can’t install it, either.

That’s what happened to me when I clicked “Update driver,” and pointed at the unpacked cab file contents. I knew a newer driver resided somewhere in that folder. I reasoned that targeting the driver file by name might get update to install that driver, too.

That said, driver file names can be hard to run down in Windows without special help. The latest version of the Driver Store Explorer, RAPR.EXE, shows them plainly and explicitly. (Note: if you go searching for this on your own, please grab GitHub version or newer. The older Codeplex version does not show explicit filenames.) Here’s what RAPR.exe shows me after I updated from version …8258 to the latest and greatest …8261:

RAPR told me what filename to look for in the unpacked file folder for the latest CAB file.

Using RAPR Makes Driver Filenames Explicit

When the auto-identify function failed on that previous driver update attempt, I used RAPR to get me the driver filename. Then, I targeted the file with the same name for my next update attempt in Device Manager, using the “Have Disk” option to pinpoint it exactly. Because this worked like a charm for me, I’ll suggest that should you ever find yourself in a similar situation (even if it’s not a Realtek driver) the same technique may work for you. The only gotcha I can see lurking here as a possibility is that the file of same name would no longer be the right driver file. But that possibility seems quite slim, so I merely observe it, and ask you to bear it in mind should problems present.

That’s also why prudence dictates capturing a system snapshot before you make driver changes, so you can easily roll back to your “before” state, should something go awry.

September 29, 2017  8:50 AM

Chocolatey Windows Package Manager

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10

Thanks to my friend and regular co-author, Kari Finn, I’ve been learning about Chocolatey lately. What is this thing? According to its “About” page, “Chocolatey is a package manager for Windows (like apt-get or yum but for Windows). It was designed to be a decentralized framework for quickly installing applications and tools that you need.” In fact, the Chocolatey Windows Package Manager lets you use PowerShell to install any of more than 5,000 Windows applications without having to interact with their usual installer programs. Thus, it’s a terrific way to customize a Windows install without having to follow along with each and every installer it uses.

Chocolatey Windows Package Manager

A candy bar motif pervades Chocolatey, and indeed it is pretty sweet!

Working with the Chocolatey Windows Package Manager

In other blog posts here (as recently as last May) I’ve recommended the Ninite installation utility as a way to grab and add common executables to a Windows installation. Right now, Ninite lists 82 applications from which you can pick to add to a Windows install. Chocolatey, OTH, currently supports package-based install scripts for 5,154 applications as I write this blog post. That number waxes on a daily basis. Thus, you can pretty much count on Chocolatey to handle most, if not all, of the applications you’d want to install on a Windows PC.

A simple illustration will quickly display Chocolatey’s insane powers. Here’s a  line of PowerShell that installs the following applications on a Windows PC:

  • Office 365 Business
  • Adobe Reader
  • VLC
  • 7Zip
  • Notepad++
  • Zoomit
  • Chrome
  • Firefox
  • Opera
  • Malwarebytes
  • TeamViewer

choco install Office365Business, AdobeReader, vlc, 7zip, Notepadplusplus, ZoomIt, GoogleChrome, Firefox, Opera, Malwarebytes, TeamViewer -y

That’s some serious power, combined with great compactness and convenience, folks! Note that while the command string as shown breaks across multiple lines, when entering this into PowerShell it would show up as a single line of text (and thus also, a single directive to Chocolatey).

The next time you’re building or customizing a Windows image, you should give Chocolatey a try. Great stuff, and a nice addition to the admin toolbox for Windows-heads everywhere. Find complete installation instructions for this program on its Install page.

September 27, 2017  12:43 PM

Virtualization Means CPU Microcode Matters

Ed Tittel Ed Tittel Profile: Ed Tittel
Microsoft virtualization, VMware administration, Windows 10

Came across a fascinating thread on TenForums this morning. It could be of significant interest to admins and power users who make heavy or regular use of virtualization. This is especially true for those running some version of VMware. This thread is entitled “How to update the CPU’s microcode” and includes pointers to  a bunch of tools and utilities. The basic concept is that virtualization makes heavy use of specific CPU instructions that work with virtual machines. These instructions are subject to occasional stability and efficiency issues, and microcode updates seek to remedy such things. VMware, in fact, offers a utility called the “VMware CPU Microcode Update Driver” for this very purpose. This lends considerable credence to my assertion that “Virtualization means CPU microcode matters.”


Determining the current installed microcode version requires a special tool. Either SiSoft Sandra or SIW Pro will do the trick (SIW Pro shown).

If Virtualization Means CPU Microcode Matters,
Should It Be Updated?

Microcode works like a device driver for your CPU. That means it should be treated like a device driver: updated if problems present, left alone otherwise. Of course, if you’re running VMware and the company recommends a specific microcode level, you’d be well-advised to pony up. But do you need to update or not?

For most makes of motherboard and PC (to tackle DIY and OEM machines in a single go), the answer is probably “No.” If the BIOS running with the CPU is the same vintage as the recommended microcode, or newer, chances are pretty good that a BIOS update will include the necessary microcode update as well. But, as the TenForums thread indicates, some motherboard makers don’t update their BIOSes very frequently (and some not at all). In those cases, a manual update of the microcode could address virtualization issues that might present themselves.

You can find all the details on how to do this using the VMware tool in the TenForums post and on the VMware utility download page. This isn’t something to do just for grins, but it could be helpful for PCs experiencing virtualization issues. If that describes you (or some of your PCs) you might want to give this a try.

September 25, 2017  4:40 PM

Businesses Should Wait On Fall Creators Update

Ed Tittel Ed Tittel Profile: Ed Tittel
Continuous deployment, Windows 10, Windows Upgrades

Ed Bott at ZDnet dispenses some excellent advice in today’s Bott Report. In an article entitled “Windows 10 tip: Temporarily delay the Fall Creators Update,” he recasts conventional wisdom for business users. In this age of twice-a-year upgrades, practicing due diligence translates to “Businesses should wait on Fall Creators Update.” This adapts the well established business practice of tracking behind MS release dates to meet internal test and deployment cycles anyway. OTOH, businesses might instead prefer to adopt the Current Branch for Business (CBB) for Windows 10. Then, they’ll automatically lag a full release behind the leading edge anyway.

Businesses Should Wait On Fall Creators Update

For the past three Insider Preview releases, the next Win10 release is labeled Version 1709.

Reasons Why Businesses Should Wait On Fall Creators Update

Once upon a time, businesses would wait until the first Service Pack for a new major release emerged before jumping on the upgrade wagon. These days, SPs are history, and a rolling and continuous upgrade cycle makes jumping both more interesting and problematic. I think Bott’s absolutely correct to urge businesses to hang back and exercise caution. And indeed he also recommends deploying the new release into test environments first and foremost. That way, businesses can assess the impact and determine proper remediation strategies as and when they’re needed.

Once businesses get a handle on potential impact, and necessary changes and workarounds that come with them, they can start thinking about deployment. My best guess is that they’d be inclined to wait for the next scheduled upgrade cycle. At that time, they can decide to roll forward and track the latest release, at a discreet remove, or not.

And so it goes for IT pros in Windows-land. It’s time to start getting ready for the next big upgrade cycle. One thing’s for sure: ready or not, here it comes!

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: