In my never-ending quest for good Windows utilities, I’m always on the prowl for cool tools. In trolling over TenForums recently, I came across mention of a utility called LockHunter. As the blog post title says, LockHunter reports locked Windows files. That is, it identifies the Windows process that is locking a file. It can also schedule such a file for deletion the next time the system reboots. From time to time this sort of thing comes in handy, so I took the tool for an extended spin. I liked what I found, so I’m recommending it here.
When LockHunter Reports Locked Windows Files, What Does It Do?
That turns out to be a pretty good question. If the file really is locked, LockHunter reports something that looks like this:
In Windows, a running process locks files it needs and uses.
In setting up the preceding screenshot, I used the File Explorer shell extension that LockHunter adds to the right click menu for filenames. That menu entry reads “What is locking this file?” and it shows the Lockhunter icon, like so:
If you click on this menu entry, LockHunter launches itself with the selected file as its focus. To produce the first screenshot, I launched Task Manager, then ran LockHunter against the .exe file for the program itself. Because running programs are always locked to keep them working, I knew this would report a locked file. And by no coincidence at all, the Task Manager process is responsible for the lock on its own executable file!
At this point, you could choose to unlock it (not wise for a running .exe file, but something worth trying for a file subject to a “mystery lock”). You can also choose to delete that file (not wise for a Windows OS component). Other options available include:
- Delete at Next System Restart
- Unlock & Rename
- Unlock & Copy
- Terminate Locking Processes
- Delete Locking Processes From Disk
Helpful stuff, all the way around.
What If the File Isn’t Locked, But You Can’t Delete It Anyway?
Sometimes a file may resist deletion even if it isn’t locked by a process. I set up a typical example by creating a file named Test test test.docx in Word, and left it open in that program. Windows won’t let you delete open files, even if they aren’t locked. Thus, I wanted to see what would happen using LockHunter against an open file. When I right-clicked that file and picked the “What is locking…?” option, then tried to delete it, here’s what showed up on my desktop:
Windows won’t let you delete an open file, either. The application that opened it must close it before Explorer can do anything to it.
LockHunter can still work on this file, though it can’t delete it immediately. As the button at the bottom of the screencap states, it can schedule that file for deletion at the next system restart. The remaining “Other” options from the programs bottom control button may also be applied to the file as well. Again: good stuff!
A Bit of Background on LockHunter
LockHunter comes from Crystal Rich Ltd, a software development company based in St. Petersburg, Russian Federation. This might raise an eyebrow or two, or at least, prompt some security concerns. No worries. VirusTotal.com reports that 0 out of the 64 virus check engines it ran against the utility report cause for concern on the downloadable .exe file, LockHunter_v3.2.3.exe. It also comes recommended on TenForums.com and MajorGeeks.com, two sites I’ve found completely reliable. Don’t let its country of origin stop you from using this excellent tool. It’s a great addition to the Windows admin toolkit.
Here’s an interesting and counter-intuitive bit of Windows 10 news for you. As of Build 16273, MS no longer includes known issues in its Insider Preview release info. That was the section I read first and foremost. It helped me decide if I wanted to update my test machines to the latest Fast Ring build. But as this Twitter snippet shows, MS is not planning to document issues at present. Rather, they plan to skip it and report only on “high impact issues for a large portion of Insiders.” Thus, as MS stops Insider Preview issues lists for new builds, we poor beta testers must take the plunge less informed than for past builds.
Thurrott.com’s Rafael Rivera jumps right on top of this missing matter. Glad he did!
[Click on image for full-sized view. Source: MS/Dona Sarkar/Brandon LeBlanc.]
When MS Stops Insider Preview Issues Lists, What Does That Mean?
From a practical perspective, this means that Insiders will be less well-armed with information. This offers no help in making a go/no-go decision on upgrading to the latest build. Some Windows watchers apparently have no issue with that (for example, Sergey Tkachenko of WinAero.com). Others find this somewhere from potentially vexing (ZDnet’s Liam Tung) to downright infuriating (ComputerWorld’s Steven J Vaughan-Nichols). Indeed, I’m willing to grant some credence to MS’s assertion that with the Fall Creators Update weeks away from public release, the software is pretty stable. Nevertheless, I lean toward the latter camp. That’s because I’ve already fallen into enough potholes on the Insider Preview release trail to want to steer around them.
This is one decision I hope is only temporary (until the next major upgrade is set), or that will be reversed as the next release gets going. Where potential problems are present, one can never have too much information to assist in avoiding them.
Those who’ve followed Windows OSes and applications for the past decade know that the 64-bit takeover is history. Circa Windows 7’s July 2009 release date, most new PCs were already 64-bit. Today, you must work to find and buy a 32-bit Windows PC running Windows 10. If you succeed, you’ve probably bought an el-cheapo tablet or super budget laptop with a 32 GB eMMC storage device, and no more than 2 GB of RAM. Otherwise the modern Windows world is entirely 64-bit. Why, then is the default for Microsoft Office installation still 32-bit? Therein lies an interesting tale, as I explore Office 32-bit versus 64-bit versions.
In a 64-bit world, why does Office still default to the 32-bit version?
What’s the Difference? Office 32-bit versus 64-bit…
Here’s a quote from the MS Support site’s “Choose between the 64-bit or 32-bit version of Office” (applies to Office 2016, Office for business, Office 365 Admin, Office 365 Small Business, and so forth):
The 32-bit version of Office is automatically installed unless you select the 64-bit version at the beginning of the installation process. This article explains the reasons to choose either the 64-bit or 32-bit version of Office on a PC.
In fact, you have to seek out and run the version of setup named setup64.exe to force Windows to install the 64-bit version of Office. Otherwise, you’ll wind up with the 32-bit version. With that bit of administrivia in mind, here is what might impel someone to skip the default and force 64-bit installation instead (quoted verbatim from the afore-cited Support article):
- You’re working with large data sets, like enterprise-scale Excel workbooks with complex calculations, many pivot tables, data connections to external databases, Power Pivot, 3D Map, Power View, or Get & Transform. The 64-bit version of Office may perform better in these cases. See, Excel specifications and limits, Data Model specification and limits, and Memory usage in the 32-bit edition of Excel.
- You’re working with extremely large pictures, videos, or animations in PowerPoint. The 64-bit version of Office may be better suited to handle these complex slide decks.
- You’re working with files over 2 GB in Project, especially if the project has many sub-projects.
- You’re developing in-house Office solutions like add-ins or document-level customization. Using the 64-bit version of Office lets you deliver a 64-bit version of those solutions as well as a 32-bit version. In-house Office solution developers should have access to the 64-bit Office 2016 for testing and updating these solutions.
Benefits of Staying 32-bit
MS takes the 32-bit default route because it provides best overall backward compatibility. Thus, it retains the ability to work with 32-COM add-ins or controls. This can be essential when, as sometimes happens, no 64-bit alternatives are available. This also ensures continued support for older Visual Basic, and calls to 32-bit MAPI applications or OLE servers and objects. Ditto for legacy SharePoint, Access, Equation Editor, Word Add-in Libraries, and moire. In business environments where add-ons or macros are used, this keeps things working.
Long-time TenForums poster Bree explains this succinctly and cogently in a recent post (#15). He observes: “There are more disadvantages to the 64-bit versions than advantages.” I have only one (test) system running Office 64-bit myself, and I can’t tell any difference between the two versions whatsoever. That’s why I’m sticking with the default 32-bit install. In the absence of a compelling reason to go 64-bit yourself, you may also do likewise.
The August 2017 Born to Learn MS Press Round-up blog post includes a welcome and valuable freebie. It features a link to a sample chapter from the latest edition of a terrific book. And that book is the 2nd edition of Troubleshooting with the Windows Sysinternals Tools. The sample chapter covers the excellent and always informative Autoruns utility. Thus, MS Press samples Autoruns coverage in great detail for free. This material is well worth glomming onto, because Autoruns is so comprehensive and far-reaching, it can be hard to make sense of its findings without expert help. And here, expert help is at hand!
This book’s been out for a while, but the free chapter on Autoruns is worth grabbing and saving all by itself.
When MS Press Samples Autoruns Coverage, What Does It Get You?
Short answer to the preceding question: “A whole lot.” However, a longer answer comes from listing the topics addressed therein. Here’s the list of topics addressed therein, reproduced verbatim from Sysinternals Autoruns page:
Use Process Explorer to display detailed process and system information
Use Process Monitor to capture low-level system events, and quickly filter the output to narrow down root causes
List, categorize, and manage software that starts when you start or sign in to your computer, or when you run Microsoft Office or Internet Explorer
Verify digital signatures of files, of running programs, and of the modules loaded in those programs
Use Autoruns, Process Explorer, Sigcheck, and Process Monitor features that can identify and clean malware infestations
Inspect permissions on files, keys, services, shares, and other objects
Use Sysmon to monitor security-relevant events across your network
Generate memory dumps when a process meets specified criteria
Execute processes remotely, and close files that were opened remotely
Manage Active Directory objects and trace LDAP API calls
Capture detailed data about processors, memory, and clocks
Troubleshoot unbootable devices, file-in-use errors, unexplained communication, and many other problems
Understand Windows core concepts that aren’t well-documented elsewhere
You’ll also get a peachy overview of how to read the various elements of the Autoruns GUI. In fact, that covers the tool’s organization around registry keys, its use of color coding, and online lookup feature. I’ve always found Autoruns helpful and informative. But after reading over this sample chapter, I’m able to get more out of the program. I’m also more able to make sense of the wealth of information it provides. If it works for me, it should work for you, too. Check it out!
In the latest Win10 versions, PowerShell replaces the command prompt (cmd.exe) in the Winkey-X pop-up menu. And it runs most command-line programs unaltered, including chkdsk. But PowerShell also offers alternative cmdlets (pronounced “command-lets”) as well. In fact, the Win10 PowerShell Chkdsk alternative is the Repair-Volume cmdlet. Here’s what the get-help subsystem in PowerShell has to say about this cmdlet:
Repair-Volume offers most of the same functionality as chkdsk in a form that’s native to PowerShell.
[Click image to see full-sized view]
Exploring the Win10 PowerShell Chkdsk Alternative: Repair-Volume
The most frequently used version of Repair-Volume takes a volume offline for scanning, and attempts fixes on any errors it finds. Thus, the basic syntax for this version of the command is:
Repair-volume -Driveletter <DrvLtr> -OfflineScanAndFix
Where you’d substitute the letter for the drive you wish to scan for the generic <DrvLtr> parameter. I tried this out on my production system yesterday because it currently supports 10 drives. I’m pleased to report it worked on all drives, including the boot/system drive, C:. It was interesting to see the drive information (the bar that shows how much space the drive provides, and how much is used) disappear while this process was underway, as shown here for one of my biggest drives (J: 3TB nominal):
When it’s running for some specific drive, that drive’s disk info disappears (it’s off-line).
[Click image to see full-sized view]
Using Repair-Volume Day-to-Day
Actually, this cmdlet is incredibly easy to use. You’ll find it handy when you need to check drives under most circumstances. Also, because it even works on your boot/system drive you’ll find yourself needing to schedule chkdsk after restart less often. Finally, those who want to create a PowerShell command file (.ps1 extension) can easily put something together to do this for all of their drives, and run it periodically as a scheduled task.
Thanks to Sergey Tkachenko at WinAero.com, whose blog post “How to Check a Drive for Errors in Windows 10” (posted 8/22) brought this cmdlet to my attention.
No matter how much you might know about Windows 10, there’s always something new to learn. I picked up a winner from Ed Bott’s ZDNet column the other day. He explains how to use the pop-up calendar as a general “time navigation tool.” Along the way, he exposes a great Win10 Date/Time Calendar trick I’ve already put to good use. Here’s a step-by-step illustration of what’s involved.
The Great Win10 Date/Time Calendar Trick, Step-by-Step
Step 1: Click the date time widget in the notification area of the taskbar.
Step 2: Check the resulting pop-up calendar centered around today’s day and date. Notice the line that reads August 2017 at the upper left of the display.
Note “August 2107” at upper left, just below the time/date bock at the very top.
Step 3: You can manipulate the month on display directly. Instead of using the arrows at top right, click on August (or whatever month is on display). Here’s what you’ll see:
You get a visual layout of all 12 months of the year and can pick out the one you want immediately.
Step 4: To see a year “map,” click the 2017 at upper left shown in the preceding screen capture. To go further back or forward in time than the window allows (2010-2019), use the arrows.
You get a visual layout of all 12 months of the year and can pick out the one you want immediately.
This makes the built-in, easily accessible calendar on the notification pane a much better calendar tool than I’d thought. I’ve already used it several times since Wednesday to solve scheduling issues. Ditto for picking appropriate days for meetings, and figuring out which days of the week commitments fell upon. Good stuff!
The MS Diagnostics and Recovery Toolset (DaRT) 10 permits admins to diagnose and repair computers that won’t boot, or have problems starting as usual. DaRT 10 can recover unusable end-user PCs. It can also diagnose probable causes for underlying issues, and repair unbootable or locked-out machines. It can restore lost files, or detect and remove malware, even when computers are offline. Indeed, this all makes DaRT an invaluable addition to any admin’s Windows toolbox.
DaRT appears in the boot menu as “Microsoft Diagnostics and Recovery Toolset” from whence you can launch its various recovery tools
Who Qualifies for Access to the Diagnostics and Recovery Toolset?
If DaRT is a great tool, why isn’t it better known and more widely used? Alas, only organizations with a license for Windows that includes Software Assurance qualify. Such organizations are granted access to the Microsoft Desktop Optimization Package, aka MDOP. A Windows 10 Enterprise E3 in CSP Subscription, which includes Software Assurance, costs $84 per user per year with no minimum license commitment. (That said, volume licensing starts at 5 units, and goes up from there.) Higher-level licenses cost more…
The only others granted access to MDOP – which includes DaRT among its components – need a standard Visual Studio Subscription with MSDN or its cloud counterpart. This standard subscription costs US$5,999 for the first year, and $2,569 annually thereafter. Alternatively, the cloud equivalent costs a flat $2,999 yearly. Thus it costs something to access DaRT, no matter how you slice it.
The best point of entry into DaRT appears in the Windows IT Center online. There, you’ll find a DaRT 10 landing page entitled “Diagnostics and Recovery Toolset 10.” This in turn offers up the following Table of Contents (presented here with live links for your surfing pleasure):
To use DaRT, you must download MDOP from the Volume Licensing Center or the Visual Studio/MSDN portal. Then you can grab the DaRT .ISO amidst its various components. Mount that .ISO as a virtual drive, and follow TechNet instructions in “Create a Bootable USB Flash Drive.” Be sure to build both MBR/NTFS and UEFI/FAT32 versions so you can boot either PC type. Finally, copy the contents of the entire mounted .ISO to the UFD’s root. You can then use it to boot problem PCs for access to DaRT’s tools, shown here:
Be sure to check DaRT out, assuming you qualify to download MDOP and start digging in. Good stuff!
About two weeks ago, long-time Windows watcher Ed Bott offered an interesting assessment of Windows 10 at ZDNet. It’s entitled “Windows 10 after two years: Microsoft’s mixed report card,” and appeared on 8/3. Given that Ed Bott issues Win10 report card, what kinds of grades does it include? Just as the OS is a mixed bag, so also his assessments. Here’s what grades he handed out:
- Adoption rate: A-
- Upgrades and updates: C+
- Privacy: B
- Security: A-/B-
- Apps: Incomplete
- Tablets and phones: F
As Ed Bott Issues Win10 Report Card, What Do His Grades Mean?
The Adoption rate grade is easy to explain. It reflects the fastest uptake “for any Windows version ever.” But the company’s failure to hit its 1 billion user target in 2-3 years explains the minus sign. What Bott labels a “frantic first-year push” is over. Now, he sees (and I agree) that “Microsoft adopted a much more relaxed upgrade pace.” It relies on new PC sales to boost Win10 numbers rather than upgrades on existing gear.
The Privacy grade reflects wild-haired responses to Microsoft’s broad-based telemetry (and consequent data acquisition). It figures into many, if not most, of Win10’s subsystems and actions. Bott takes issue with the company’s “dry, legalistic and unconvincing explanations” for this data grab. But he also gives credit for halving such data collection, and publication of telemetry data details.
Security gets two grades, one for enterprise and another for “consumer and small business segments …” The higher enterprise grade reflects “an impressive assortment of security features for its enterprise customers.” The lower grade dings their absence in down-market versions of Windows 10. Baseline security features mentioned include Windows Hello, disk encryption, and built-in antimalware. Enterprise security features mention Defender Advanced Threat Protection, Exploit Guard, and Defender Application Guard.
Onto the Less-than-Stellar Report Card Items
The Upgrades and updates C+ grade comes from “two free feature updates per year.” That gets coupled with an 18-month shelf life for each one. Thus, as Bott so rightly observes, “you can no longer stick with an older version of Windows indefinitely.” He (and I) like the new approach of “cumulative quality updates in place of an endless assortment of individual updates.” But he takes issue with forcing updates on end users and notes certain “hiccups” in CPU support. Most notably, that included a “sudden end of support for relatively young PCs based on Intel’s Clover Trail chips.”
The Apps category gets an Incomplete. That’s because of Microsoft’s ongoing struggle to deliver compelling Store apps. Using the Desktop Bridge hasn’t really fired up the app space, either. Bott finds fault with Office mobile apps as “barely adequate and almost impossible to find …” I agree that apps remain a sore point for Windows 10. Indeed, they haven’t captured user’s hearts or minds.
Finally, Bott gives Tablets and phones an F. That’s because MS has let Windows Mobile wither, even as it continues “cranking out Windows 10 Mobile builds…” He characterizes “the company’s capitulation in this category” as “nearly complete.” He goes on to remind readers about the Nokia sell-off and a massive mobile writedown.
Other Noteworthy Aspects of Windows 10 Outside Bott’s Coverage
As somebody who’s covered Windows 10 since the first Technical Preview was released, I’d like to add a few more subjects to Bott’s report card, with some brief explanations:
- Image construction and management: A-
Microsoft has moved away from monolithic builds for releases and updates. It now uses an approach to providing updates that looks like “survey what’s present, update what’s outdated, and supply what’s missing.” I also like the increasing capability of DISM and related PowerShell equivalents, to operate on and customize Windows image files. I give it a minus because the syntax and structure of this stuff is not terribly friendly, even for seasoned Windows-heads.
- Refresh and Reset Windows: A
The new built-in facilities for performing an upgrade install to refresh OS files while keeping applications and data is nice, as is the reset capability to return a PC to from-the-factory status. Good stuff!
- Task View: A-
The ability to define and manage multiple desktops in Windows has always been a good idea, but it’s only recently been built into the OS. This is a handy feature for power users who need to juggle multiple usage scenarios, especially for multi-monitor set-ups.
I could go on, but I only want to make the point that there’s quite a bit to like about Windows 10 for admins and end users alike.
One thing I sometimes think about is the difference between binary and decimal numbers. This difference can be particularly interesting when it comes to sizing storage like HDs or SSDs. Manufacturers use decimal numbers to count the bytes of storage they provide. Then they describe them using megabytes (MB), gigabytes (GB), terabytes (TB) and so forth. But when it comes to numbering decimal versus binary bytes, using decimal sizes makes drives look bigger than they really area. As the scale of the units involved increases to TB and beyond, the discrepancy gets bigger along with the units.
Table 1: Numbering Decimal Versus Binary Bytes
What this table shows is interesting. For one thing, for each unit (GB, TB, PB, and EB, which correspond to binary numbers 230, 240, 250, and 260) it shows the difference between a putative decimal number (Claimed) and its binary equivalent (Actual). This is also expressed as an absolute difference (Diff) and a percentage difference (%-age). The Delta column shows how the growing percentage difference as we increase the scale of the units actually decreases (that is, from GB to TB, from TB to PB, and from PB to EB, or Exabyte). That’s a good thing because it means the increase is arithmetic rather than geometric or exponential.
There’s an online tool you can use to work other numbers out for disks sized using MB, GB, and TB units. It’s entitled USB Hard Disk Real Capacity. But of course, it works for any kind of binary storage where buyers must convert a less-than-perfect decimal number into its binary counterpart. While you may or may not check it out, you can use the percentage numbers for each unit from Table 1 to reduce claimed disk sizes to the actual numbers you’ll see showing up in Windows Explorer (or its platform equivalent, such as the Finder for MacOS, and file/directory commands for Unix/Linux).
Actual Table Data
WordPress wants images, so I took a snap of the table below in HTML to turn it into a graphic. Here’s the table for those who may want to grab it in actual numeric form for manipulation in a spreadsheet or something…
Game of Thrones fans who want to avoid spoilers are running for cover in light of last week’s HBO ransomware attack. End-user computing administrators should take notice and learn about security measures that can protect their employees’ data from similar attacks.
Hackers stole a variety of data in a ransomware attack, then released episode scripts, plus HBO employees’ phone numbers, emails and other personal information. This week, they threatened to dump further confidential data.
Typically a ransomware attack corrupts endpoints by taking advantage of Windows operating system vulnerabilities. Hackers encrypt stolen data so that users cannot access it and demand payment in exchange for decrypting the data.
Most often, the actual attack vectors are social engineering tactics, in which hackers trick users into clicking on links or opening email attachments that launch an attack that exploits the OS vulnerability. If a hack affects one device, it can spread through the rest of a corporate network. That’s why user education is the most important tool EUC admins have against a ransomware attack.
Organizations can hire security consultants to educate users, or adopt training software that continuously tests users to ensure they keep endpoint security top of mind. Third-party services can also send fake attacks to users, then report results back so IT can provide extra awareness training to employees who need it.
But security training isn’t always successful. Phishing attacks, for example, are becoming more advanced and can easily trick even the most discerning users. Technology such as email and web filtering tools can help, as well as endpoint and network monitoring suites. Or, organizations can require SSL client certificates that specifically authenticate the domain that a request for a user’s credentials come from.
“The underlying issue here is that any protection that relies on a human being making a reasonable decision is going to fail,” said Karla Burnett, security engineer at mobile payments provider Stripe, at last month’s Black Hat conference, SearchSecurity.com reported.
To make matters worse, ransomware attacks have increased dramatically in the past three years. They’re growing at a rate of 350% per year, according to Cisco’s 2017 Annual Cybersecurity Report. And about 40% of spam emails contained links to ransomware in 2016, up from just 1% in 2015, IBM said in a Cybersecurity Ventures research report.
As in the HBO hack, it’s not just corporate data on the line. Employee privacy is also at risk if users store personal information on their devices. IT departments should implement security and training tools to safeguard their organizations before the White Walkers — ahem, hackers — breach the wall.