Windows Enterprise Desktop

June 10, 2016  2:48 PM

Win10 OEM Keyfinder

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10

Some tools have lots of capabilities, others have a few, or only one. Here’s a tool that Windows Admins will appreciate, especially those tasked with upgrading PCs from Windows 7 or 8.1 to 10. The name of the tool is the Windows OEM Product Key Tool from NeoSmart Technologies, and it’s free. It does one thing, and one thing only: on newer PCs with UEFI, it reads the OEM Windows key burned into UEFI storage at the factory when the OS gets installed. That’s why I call it a Win10 OEM keyfinder. Here’s what that output looks like under two circumstances:

win10 OEM keyfinder

You will see a key on a PC that does have it stored in UEFI (above); you’ll be informed that there is no OEM key if you don’t have one (below).

When do you need a Win10 OEM Keyfinder?

In most cases, Windows will read the OEM key from UEFI on its own but that presupposes Windows is up and running. In situations where Windows is not available or driver issues impede an installation, it can be helpful to have the key around “just in case” (it can’t be accessed). That’s why I recommend running this tool before attempting any upgrades (if it won’t help you, the software will tell you) and recording the OEM key you find (where applicable). If you need, you’ll be glad; if you don’t, it won’t cost you much (nothing for the software and a very small amount of time). The utility is 1.38 MB in size and runs straight from the .exe so you can run it from your admin UFD (USB flash drive) without having to copy or install anything.

This is another useful item for the Windows admin toolkit. True, it’s a one-trick pony. But it’s a really nice trick! Good stuff…

June 8, 2016  10:37 AM

WUDO Backfire on Narrow WAN Pipes

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, Windows Update Management, Windows Updates

Found a fascinating story on The Register (UK) this morning, entitled “Is Windows 10 Ignoring Sysadmins’ network QoS settings?” It explains how an Australian sysadmin observed a sudden drop in Internet connection performance that ties into Windows 10. Specifically, it shows how a Microsoft default setting (see figure below) can impact overall Internet performance especially on networks with narrow-bandwidth connections. In reader comments, ADSL (usually limited to T-1 or fractions thereof, at or under 1.544 Mbps) gets particular mention. For such users a WUDO backfire on narrow WAN pipes seems likely, if not inevitable.

wudo backfire on narrow wan pipes

By default, this control is turned on, and the option to get updates from and send updates to both local PCs and the Internet is enabled! Here, it’s turned off, as it properly should be.

This update control is called Windows Update Delivery Optimization, aka WUDO. It’s intended to allow Windows users to obtain (and share) updates from sources other than Microsoft’s Windows Update service. Alas, the process of sharing or obtaining updates with other PCs on the Internet may cause a WUDO backfire on narrow WAN pipes.

How Does WUDO Backfire on Narrow WAN Pipes?

Apparently, the TCP connection used for update transfer can be ill-behaved between sender and receiver when WUDO comes into play. The admin who reported the problem used Wireshark to confirm that network congestion came from large numbers of out-of-order TCP packets. Apparently, connection negotiation failed to downsize packets moving from sender to receiver. Instead of reducing packet size and traffic volumes, it caused added retransmissions  and swamped the connection.

Fortunately, the fix is easy. Turning off WUDO makes the issue moot. On most networks of scale, this shouldn’t be a problem: internal update mechanisms prevent WUDO from coming into play. But for BYOD user machines, admins would be well-advised to turn it off. Who wants users to get Windows updates from an unknown source? The whole thing is a foulup, if you ask me.

June 6, 2016  10:23 AM

Built-in Malware Scanning via MRT.exe

Ed Tittel Ed Tittel Profile: Ed Tittel
anti-malware, Windows 10

There are times on Windows PCs when a malware scan is a good idea, even if some kind of anti-malware program is resident. That’s probably why Microsoft updates its own malware scanning tool, known as the Malicious Software Removal Tool aka MRT.exe, on a monthly basis. It also runs that tool at the same frequency in the background (when the updates for Patch Tuesday get run). Although you can turn to excellent and free third-party tools such as Trend Micro’s HouseCall or MalwareBytes Anti-Malware (aka MBAM) instead, you can also run built-in malware scanning via MRT.exe any time you like (it resides in the %Windir%\System32 directory).

built-in malware scanning via MRT.exe

Type MRT.exe into the Win10 search box, and presto! you can run it directly and immediately.

Any Downsides to Built-In Malware Scanning via MRT.exe?

The foregoing section head poses a reasonable question regarding a tool updated once a month. Certainly, you should understand why Microsoft states that MRT is not, and can never be, a replacement or substitute for anti-malware software. It offer no real-time protection as such software invariably does, and its infrequent update cycle means it can’t keep up with the most current (or zero-day) threats. But if you should ever find yourself in urgent need of a quick malware scan — especially in a situation where you have no Internet acccess, or have deliberately disabled such access to prevent a presumed infection from propagating — MRT.exe should almost always be available for immediate and direct use on any modern Windows PC (versions 7, 8, 8.1 or 10, in other words).

Check-ups/Clean-ups for Malware Scanning via MRT.exe

Because the tool goes poking around amidst sensitive and critical system files — and may even attempt deletions and clean-up in the %windir% folder hierarchy — you must run the program from an administrative account (usually, an account that’s a member of a local or domain administrators’ group for the target PC). Otherwise, the tool won’t have sufficient permissions to do its job properly. It runs pretty much on its own and doesn’t require user input once launched. The tool does take some while to run (and explains why Windows Update often takes as long as half an hour to complete). Even on my way-fast production PC with its Samsung 950 NVMe SSD, the program took more than 10 minutes to run to completion.

June 3, 2016  11:26 AM

Admin toolbox item: Uncleaner

Ed Tittel Ed Tittel Profile: Ed Tittel
Disk cleanup, Windows 10, Windows utility

In my never-ending quest for good Windows admin tools, I occasionally post mini-reviews and pointers here in this blog. My latest find is a narrowly focused cleanup tool called UnCleaner. It comes from utility maker Josh Cell Softwares (their name, not mine). They also offer tools to manage Windows startup, bootable USB media, and other file facilities. Based in Quebec, Canada, the company offers interesting Windows tools with a somewhat fractured command of English that adds to their charm. This provides another Admin toolbox item: Uncleaner to add to my open-ended collection.

Admin toolbox item: Uncleaner

The spare and Spartan interface shows how simple and focused Uncleaner really is.

What Does Admin Toolbox item: Uncleaner Actually Clean?

Simply put, Uncleaner finds and removes unneeded files on Windows PCs where it’s run. The items it identifies for clean-up are log files and items from the Temp directory inside individual user accounts. This is shown in the following partial list from my Surface Pro 3 running Windows 10 1511 Build 14352.1002 (Current Branch release, preview version):

Admin toolbox item: Uncleaner files list

Check through the files list of items to be cleaned, and you see a sharp focus on temp and log files.

I’ve tried the utility on numerous systems, and have never noticed — or seen reported — errors or problems related to removing supposedly unneeded files that turn out to be needed after all. That’s always a concern for file clean-up utilities in general, but apparently not a concern for Uncleaner.

If you’re single-minded in wishing to be rid of all the dross that Windows can deposit in its file systems, Uncleaner is a tool worth downloading and installing. If you give it a try, and decide you like it, you might also want to make a small donation to its makers. They’ve got a link for that purpose on their Website. I gave them $5 for this nice piece of work; you may wish to do likewise. Admin toolbox item: Uncleaner is now part of my Windows collection, and perhaps should be part of yours as well.

June 2, 2016  12:30 PM

Win10 Desktopshare 17-23% for May

Ed Tittel Ed Tittel Profile: Ed Tittel
market research, Windows 10

The proportion of Windows users running Windows 10 varies, according to the source for such data. But as a rising tide floats all boats, so recently do several metrics show the Windows 10 share of desktops going up, up, up. The current numbers from put Windows 10 solidly in the number 2 slot at 17.43% behind Windows 7 at 48.57%. XP remains in third place at 10.09%, though adding both Windows 8 versions (8 and 8.1) edges ahead at 11.38% (at 8.77% for 8.1 and 2.62% for 8). That puts the range for Win10 desktopshare 17-23% in May 2016.

The US Government is another major source for this kind of information, through its website. It reports only on visitors to its own websites for a more USA-centric view of the online world. Its numbers put Windows 10 at 23.5% of visitors running Windows versions, or at 19.6% of visitors not running either iOS or Android (a different way to get to a desktop focus). This means that Windows 10 is running on 12.1% of all devices accessing those websites, FWIW. The government numbers come in at the top of the Win10 desktopshare 17-23% range.

I’m surprised to see XP still so strongly represented in the NetMarketShare numbers at 10.09% when reports only 1.4% of its visitors running the same OS. Possibly, this reflects a larger base of hangers-on outside the USA that shows up in NetMarketShare’s more global population. That’s ironic, because various agencies and arms of the US Government have some of the largest continuing support contracts for XP still running to this day, to the tune of millions of dollars per year.

The last figures for active devices running Windows 10 came from Microsoft on May 5 at 300 million. Given current run rates between 23 and 30 million new devices per month, that means the current total is probably in the neighborhood of 320-300 million as of the beginning of June. Take a look at how this graphs out in terms of getting to the 1 billion mark, extrapolating with growth rates in those two increments:

Win10 Desktopshare 17-23%

Looks like 2018 is a more likely year for Microsoft to hit the “one billion served” mark for Win10!

The way I read these chart lines, I see the 1 billion mark occurring sometime between April and December in 2018 if those monthly growth rates continue unabated. But who knows if the numbers will keep going so strong once the free upgrade deadline comes and goes at the end of July? If I were forced to bet on the trend, I’d be inclined to bet against that proposition. Microsoft’s goal is probably not a dream deferred at this point, but it could easily become a dream delayed.

May 25, 2016  9:20 AM

Avoid Win10 Upgrade Tricks

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, windows 10 upgrade, Windows Updates

Ever since Windows 10 arrived, Microsoft has been attempting what some might call Win10 upgrade tricks to get Windows 7 and 8.1 users to install that free upgrade. Over time, their approach has varied. Here’s a litany of the various Windows Update offers MS has tried to move users up the OS ladder.

Older Win10 Upgrade Tricks

The “Get Windows 10” offer (usually abbreviated as GWX, where the X is actually the Roman numeral 10) first appeared late last year. Two good fixes include the GXW Control Panel and Steve Gibson’s Never10. Install either of these programs and the offers will disappear forever (or until after July 29, if indeed the free upgrade expires on that date).

gwx-offer win10 upgrade tricks

The automatically ticked selection for Windows 10 upgrade in the host OS’s optional update list. Those who find this item checked need to uncheck it to prevent an unwanted or unintended Windows 10 upgrade adventure.

win10-ticked win10 upgrade tricks

The migration of the Upgrade to Windows 10 from Optional to Recommended in Windows Update. You can always click the navigation arrow at the upper left to return to the Windows Update home page, or again: close the WU window with the X at the upper right.

win10-recommended win10 upgrade tricks

Here’s the latest of the Win10 Upgrade Tricks

And as of last week, the reworking of the GWX offer in a new format to persuade users to take the Win10 plunge. GWX Control Panel and Never10 (links provided earlier in this blog post) will also defeat this offer screen as well.

newwin10prompt win10 upgrade tricks

Source: Tom’s Hardware, 5/14/2016

The key to avoiding an automatic or unwanted upgrade is to remember that upgrades, like insults and alcohol only affect those who internalize them. If you refuse the upgrade it won’t be installed on your machine. That said, MS has made an important change to the Window’s behavior with this latest version. Before, you could always close the Windows Update window to bail out by clicking the X in the upper right corner (the navigation gives you no other option to escape its clutches, unless you click on the link labeled “here” which does give you the option to reset the time or to cancel the upgrade schedule completely). In this latest GWX offer, clicking the X is interpreted as granting consent to perform the upgrade, and that’s just what Windows Update will do. You MUST click the small blue-ish here to avoid this unwanted outcome!! And if the upgrade does show up on your machine uninvited by some unhappy chance, you can elect to roll back to the previous version of Windows instead of keeping the new OS install. Sigh.

[Note added 5/25/2016 3:40 PM] Check out this article from entitled “Microsoft provides some hints on how to manage when and how you upgrade to Windows 10” by Vu Anh Nguyen. It shows all of the bail-out opportunities that MS provides to skip the upgrade at each step along that path. The main takeaway is that “You can avoid the upgrade if you want to.” The corollary is “Turn off auto-pilot and don’t simply close the offer window. Follow the prompts instead.” Sigh again.

May 23, 2016  10:41 AM

Windows 10 free upgrade clock is running out

Eddie Lockhart Eddie Lockhart Profile: Eddie Lockhart

IT administrators that don’t have the ball rolling on a Windows 10 upgrade for their companies might be haunted by Will Smith’s voice reading Raphael de la Ghetto’s poem in The Fresh Prince of Bel Air: “Tick tock clock, the clock is ticking for you.”

Why is the clock ticking? Well, believe it or not, Windows 10 celebrates its first birthday on July 29. While most birthday parties are celebrations with cake and presents, this anniversary is more like a deadline; it signals the end of the free upgrade period. Any company that hesitates much longer will be forced to purchase a Windows 10 license with its upgrade, which can be pricey. The Windows 10 Pro license, for example, costs $199. And because Windows 10 is the last new OS Microsoft plans to release, most organizations will make the move to it eventually so why not do it while it’s free?

Hesitation is particularly costly for Windows 7 customers because the OS is already in extended support, which means companies have to pay Microsoft for any traditional support needs on the OS. Extended support won’t last forever either. It is scheduled to end in January 2020.

So with the clock ticking on the free upgrade period, the IT procrastinators are probably wondering how they can get a free upgrade before it’s too late and how the upgrade process works in general. First of all, the free upgrade is only available on qualified version of Windows 7 and 8.1. The qualified versions include:

  • Windows 8.1
  • Windows 8.1 with Bing
  • Windows 7 Starter
  • Windows 7 Home Basic
  • Windows 7 Home Premium
  • Windows 7 Professional
  • Windows 7 Ultimate

Once admins have determined if their users qualify for the free upgrade, they must take a few considerations very seriously. Their hardware must be compatible with the new operating system. To run the 32-bit version of Windows 10, for example, the minimum requirements include 1 GHZ or faster CPU, 1 GB of RAM, 16 GB free disk space and a display that supports 1024×600 resolution.

Application compatibility is also something to keep in mind. Yes, most Windows 7 and 8 apps do work on Windows 10, but they might need patches to function properly. Before making the move to Windows 10 admins should take stock of their app inventory and research any apps that might have issues. Admins should not overlook infrastructure apps either. Some older apps, such as aging antivirus software, might run into problems with the new OS.

Clearly the time is now to make the move to Windows 10. Take stock of hardware and apps and get a plan in place before it’s too late.

May 23, 2016  9:48 AM

Why Upgrade Windows 7 to 10: Updates

Ed Tittel Ed Tittel Profile: Ed Tittel
Clean Install 7, Windows 10, Windows 7, Windows Updates

Last week, Microsoft released the so-called “Convenience Rollup” for Windows 7 Service Pack 1. It’s described in a 5/17/2016 Microsoft KB article entitled “Convenience rollup update for Windows 7 SP1 and Windows Server 2008 R2 SP1.” Hidden amidst the reason it was created and some gotchas inherent in its application is a killer reason to upgrade Windows 7 to 10 instead.

kb3125574 suggests why it's important to upgrade Windows 7 to 10

The Intro to KB3125574 explains the convenience rollup quite nicely.

According to the article’s Introduction:

“This rollup package includes almost all the updates that were released after the release of SP1 for Windows 7 and Windows Server 2008 R2, through April 2016. This convenience rollup is intended to make it easy to integrate fixes that were released after SP1 for Windows 7 and Windows Server 2008 R2. We recommend that you include this rollup package in the image creation process to make it easier to quickly set up a computer.”

Long WU Waits Explain Why It’s Smart to Upgrade Windows 7 to 10

Paul Thurrott took the bait on this suggestion, and decided to see how long it would take to clean install Windows 7 on a PC, using both Windows Update from the installation media (avoiding the convenience roll-up), and using that roll-up to try to expedite the process. His results range from scary to downright horrifying, as recounted in his 5/21/2016 story entitled “The Convenience Rollup Makes a Big Difference, But Windows 7 Updating is Still Broken.” His investigation highlights what’s I’m calling the killer reason to upgrade Windows 7 to 10: time!

When boiled down to time required to complete a clean install, those results boil down to 9.5 hours for a clean install without the convenience rollup, over three hours (he declines to provide an exact time figure) using the rollup. Each approach involves very slow download times from Windows Update, but with fewer updates required when using the rollup the amount of time spent waiting for downloads to complete declines substantially. His overall time estimates also include troubleshooting drivers, and downloading and installing Optional Updates as per usual Windows 7 Update practice. Reading his account carefully, however, it’s obvious that much of the time involved is spent waiting for Windows Update to complete!

I performed a clean install of the current Windows 10 Technical Preview last week on a test PC (Version 1511, Build 14342.1000, subsequently  upgraded to 14342.1001). The whole effort, including both initial installation and subsequent upgrade, took 25 minutes. All the drivers came out correctly (first time ever for Windows 10 to supply the right driver for my Killer 2200 GbE NIC) so no further post-install cleanup was needed.

I think Thurrott is onto something important in his story, and it represents the “killer reason” to upgrade Windows 7 to 10: time. Who wants to spend half a day to a long day just to perform a clean OS install? or to build a curated image of the OS for multiple such installs? Too much time, too little reward methinks.

May 20, 2016  11:32 AM

Volsnap Error Signals Failing Disk

Ed Tittel Ed Tittel Profile: Ed Tittel
Disk Drive failure, Troubleshooting, Windows 10

As fate would have it, I was on the phone yesterday when my production desktop starting dinging madly, ringing the USB device added (or removed) sound on and off repeatedly. “What in the world?” I thought to myself as I continued on with my call resolving to check things out ASAP once it ended. Sure enough, upon jumping into Event Viewer, I saw the following error events in my event log that flagged a Volsnap error (from the Volume Shadow Copy service, aka VSS):

volsnap error event log info

The phrase “IO failure” tells me exactly what I needed to know.

The drive in question is attached via USB 2.0 to my production PC, and I use it primarily to store my weekly image and nightly incremental backups, so it is kind of important to my system’s overall health and well being. Some quick online research informed me that this means my drive is probably failing, because bad sectors (and attempts to write to them) are what usually triggers this error to be reported.

What This Volsnap Error Means Is…

Apparently, it’s time for me to replace my backup drive. Looking back at my records, I see I bought this drive in 2010, so it is out of warranty. It’s also given me almost 6 years of solid dependable service, so I’m OK with having to rotate it out. The only downside is that it’s home to 1.52 TB of data (it’s a backup drive, remember?) and that’s going to take hours to copy from the old drive to the new one. In the meantime, I’m going to retarget my backup utilities (I use Acronis for nightly incrementals and weekly full backups, and the built-in Windows Backup utility for weekly image snapshots) to a different drive until I can bring in and set up its replacement. Based on the recent Backblaze report, it looks like I should buy a 4TB HGST drive. Looks like I can pick up an HGST Ultrastar from Newegg for about $225. Sure I could spend $75 less and get the Deskstar of the same 4TB capacity, but given that I’m using this drive for backup, I want something that will hopefully last as long as the drive it’s replacing, if not longer.

May 18, 2016  2:54 PM

Fingerprint Reader Requires PIN

Ed Tittel Ed Tittel Profile: Ed Tittel
Fingerprint authentication, Windows 10

Here’s an odd fact of Windows 10 life: MS has made much of Windows Hello for biometric identification including support for fingerprint readers at login. But if you try to set up Windows Hello on a properly equipped PC, you must first define a personal identification number (PIN) as an alternate login technique to supplement your password, before you can access the Windows Hello capabilities (including fingerprint set-up). That’s right: using a fingerprint reader requires PIN login in Windows 10! Otherwise, you may beat your head against the wall for some time before figuring out that something is missing from the PC local set-up. Here’s an illustrative screen cap from Settings –> Accounts –> Sign-in options from my Surface Pro 3 tablet, equipped with a Type Cover with Fingerprint Reader.

fingerprint reader requires PIN

The proximity of PIN and Windows Hello is apparently no accident here!

No PIN, No Hello: Yes, Fingerprint reader requires PIN login!

In reading over a variety of forum posts at TenForums and recently, this point was forcefully brought home to me. I had dithered about with the new Type Cover when I purchased it late last year, but it didn’t dawn on me until seeing those posts that it is apparently impossible to take advantage of Windows Hello (whatever biometric device you might choose to use) without first creating a PIN as an alternate login method.

Fortunately, this is easy to do. Click your way through the Settings –> Accounts –> Sign-in sequence in Windows 10. If you haven’t defined a PIN on the current PC, you’ll see a portion of the UI that looks like this:


A PIN is a string of numbers (usually 4 in count).

Once a PIN has been defined, the fingerprint or other biometric devices will show up and you can start configuring and using them. Go ahead, knock yourself out!

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: