Windows Enterprise Desktop

June 9, 2017  3:41 PM

TreeSize Shows Oft-Missing Win10 Disk Details

Ed Tittel Ed Tittel Profile: Ed Tittel
disk management, Utility, Windows 10

One the many interesting things about Windows is the way the OS manages on-disk storage. This applies most particularly to the volume upon which the OS itself resides. In previous blog posts, I’ve recommended a SourceForge program named WinDirStat. It’s sheds considerable light on disk layout and space consumption, especially if you use “Run as administrator.” But lately, I’ve been reading quite a bit about another product: TreeSize Free from JAM Software. That program includes a built-in “Run as administrator” option. It also sheds more light on the sometimes-mysterious System Volume Information folder. Thus, TreeSize shows oft-missing Win10 disk details you may not find anywhere else.

TreeSize Shows Oft-Missing Win10 Disk Details

Using TreeSize you can see 99.9% of what’s on any Windows disk, including the often-obscured System Volume Information folder, as shown here.
[Please click item to see full-size view]

When TreeSize Shows Oft-Missing Win10 Disk Details, What Do You See?

As the preceding screen cap shows, you get a file list layout plus a graphical layout of disk contents that maps file size to display area. Not surprisingly, this kind of diagram is called a “treemap.” It gives the TreeSize program its name and is built into WinDirStat, too. But while WinDirStat’s treemaps look nicer, those from Treesize (and supporting listings) are more detailed.

The version of TreeSize on display here is theFree version. For-a-fee Professional ($54.95) and Personal ($24.95) versions of the program are also available. Differences among the product versions center around analysis and reporting, along with “fully configurable file search.” The latter is present in the Pro, absent in the Free, and less capable in the Personal edition.

The System Volume Information folder appears in the treemap at the upper right in dark blue. The left-hand detailed listing shows that most of its contents are “system files.” The first 8 items are over 1 GB in size. The next 9 items are over 0.5 GB. Combined, they account for about 80% of the 18.5 GB that this folder consumes on disk. Here’s a zoomed-in view of that folder’s contents.

TreeSize Shows Oft-Missing Win10 Disk Details

TreeSize is intuitive and informative. It’s also easy to learn and use. I’ve already added it to my admin toolbox. You may wish to do likewise!

June 7, 2017  4:32 PM

Surface Pro Firmware Gets Previews Too

Ed Tittel Ed Tittel Profile: Ed Tittel
firmware update, Windows 10

In trolling my go-to Windows sites this morning, I found news on a Firmware update for the Surface Pro 3 (SP3). Because I have one myself, I jumped into Windows Update to see if I could install same. Nothing doing. But on closer inspection, I saw the updates released yesterday already present on that PC. The two items are Surface-Firmware updates and 3.11.2150.0. The former aims to boost battery life during sleep, while the latter UEFI update improves PXE performance over IPv6. This is documented on the SP3 update history page, with a June 6 release date for those items. But then I checked Update History on my SP3. There, I saw those selfsame items with release dates of 4/27 and 4/28, and an install date of 5/23. That’s when I realized that Surface Pro firmware gets previews, too. Let me explain…

Surface Pro Firmware Gets Previews

It turns out there’s a very good reason why my SP3 shows dates different from the MS general release.

Why Say “Surface Pro Firmware Gets Previews?”

It just so happens that my SP3 is on the Microsoft “Release Preview” update schedule. Thus, it gets new releases that target the Current Branch version of Windows 10 before other PCs on the same branch that stick to the public release schedule. I never realized that Microsoft floated firmware releases on a lookahead schedule in this program, along with more typical security updates, patches, and fixes. But now I know for sure that they do with firmware as they do with other stuff. The proof’s in the dates shown in the preceding screen capture.

I’m not sure why this surprised me. I guess it makes sense to try out new firmware on self-selected beta testers before unleashing it on the general public. It just didn’t occur to me that signing up for the Release Preview program meant my SP3 would see firmware updates in advance of those sent out in general release. Kind of makes me wonder if MS has ever decided not to propagate firmware updates to the general public, based on issues uncovered in the Release Preview program. I’m not sure I’d want to be that kind of guinea pig, but I guess I am already. You’ve been warned!

June 5, 2017  12:38 PM

MS Leaks MORE Win10 Versions?

Ed Tittel Ed Tittel Profile: Ed Tittel
versioning, Windows 10

Last Thursday, June 1, MS watchers noticed a strange new release of Windows 10 hit Insider Preview. According to some reports at, it may even have hit other Windows Update channels. Soon thereafter, Dona Sarkar posted a blog entitled “A note about the unintentional release of builds today.” She explained this as “an inadvertent deployment to the engineering system that controls which builds/which rings to push out to insiders.” The release showed up as Insider Preview Build 16212, and also as 15063.2.rs2_release_svc_d.170531-1743 (UUP-CTv2). But subsequent analysis of the code itself later turned up telltale signs of more Win10 versions in the offing.

What This About MORE Win10 Versions?

You can find reports on those findings from numerous sources, including and The latter quotes an interesting tweet from user AndItsTito that depicts three new such versions, while Thurrott talks about only one. Here’s a screen capture of some content that AndItsTito reports finding in the 16212 pkeyconfig file:

more win10 versions

Here, you see mention of Windows 10 Pro for Advanced PCs twice, plus a “ServerRdsh” version of Windows Server 2016.

Neowin speculates that the Advanced PCs versions are for high-end workstations, probably with two or more CPUs. The N version is for Europe in keeping with a decade-old settlement between the EU and MS. The other non-N version is for the rest of the world, and probably includes legacy media player support. Also, the ServerRdsh version strongly suggests something designed to work with the Remote Desktop Services Host. It is probably intended to provide remote Windows 10 client OS access and support, either for one-off applications or for full-blown, fully-equipped Windows OSes.

Only time will tell if these speculations are warranted, or if in fact more Win10 versions materialize. The data is suggestive, and may point to more rather than fewer Windows 10 versions to come. I find myself in agreement with Paul Thurrott’s counter-suggestion that there should be only one Windows 10 where advanced features come from the particular license applied to the code base. Making things simpler rather than more complex is one way to stem the tide of desertions and defections from the desktop/PC world that Windows serves best. Is MS open to such input? Again, only time will tell!

June 5, 2017  11:07 AM

IT muses pros and cons of unified endpoint management

Kelly Stewart Profile: Kelly Stewart
Endpoint management, mobile device management, UEM

BOSTON — Long gone are the days when users worked solely from one PC on a desk in the office. Employees today are on the move, and they work from multiple devices as they go.

This trend is great for users, but not so fun for IT. Attempting to manage so many different devices — and their data — has brought migraines to administrators.

One technology that aims to ease the pain is unified endpoint management (UEM), which allows IT to oversee and control any device from the same console. IT can create and enforce policies across desktops, laptops, smartphones and tablets.

Organizations have been slow to pick up UEM, however, because many already have management software in place for existing devices. UEM also only works with Windows 10, which has also delayed enterprise adoption.

“There’s a lot to UEM, and I think that’s what’s confusing,” said Monroe Horn, CTO of Sunstein Kann Murphy and Timbers, a law firm in Boston.

Horn’s business uses BlackBerry Enterprise Mobility Suite for UEM but is looking into other options once the current license is up, he said.

“For us [UEM has] been a pretty big learning curve,” Horn added. “How UEM for … Windows 10 fits in for everything we are already using for managing Windows at the desktop is a big question. Will it add another layer of complexity?”

Horn and other attendees here at the Boston VMware User Group UserCon learned more about one option for unified endpoint management, VMware’s AirWatch, in a session. The product integrates with traditional desktop management software and offers security features such as encryption, patch management and remote wipe, said Brandon Mendonca, an AirWatch sales engineer.

“I was really interested how [AirWatch gives] a wide range of ability of control, from putting a container on a personal phone to locking down corporate assets,” Horn said.

June 2, 2017  10:16 AM

Tip: Access HTML Files Using Edge

Ed Tittel Ed Tittel Profile: Ed Tittel

I hang out on, to keep up with Windows news, technical developments, and troubleshooting tips and techniques. I also do what I can to give back to the community by responding to posts and questions there. This morning, something popped up that I hadn’t faced before. A user asked “How do I access a local HTML file in Edge?” while observing that the program includes no built-in menu tools to open local files. I knew there had to be multiple ways to access HTML files using Edge, so I set about learning how to make this happen.

How to Access HTML Files Using Edge

My first instinct was to try the keyboard combination Ctrl-O to see if that shortcut for file open would work. Nope, no dice.

Next, I turned to the URL used for accessing anything in a web browser. For nearly all browsers, some variation on a URL that starts with the characters “file:” will do the trick. And in fact, that works for Edge too. As with Explorer (and Chrome, Firefox, and others) this general URL structuring technique provides immediate access to local files:


Where the following observations and substitutions apply:

  • file: is a protocol label (like http: for HTML documents) and must appear to access the local file system and structures
  • /// is a mandatory separator between the protocol label and the following file specification
  • C: is the drive specification for the volume in which the local file resides
  • /directory/ is the directory specification within which the local file may be found
  • filename.html is the filename for the HTML document (or other markup language file, such as XML, CSS, and so forth) that you wish to open in Edge

Access HTML Files Using Edge

This real-world example actually reads file:///C:/Users/etitt/documents/02fig01.html fully expanded.

Of course, this also led me to think of another, perhaps faster or easier way to open such a document in Edge. One need only navigate to the file in File Explorer, right-click its listing entry, select “Open with…” from the resulting pop-up menu, and pick Edge as the application to use for that purpose. Done!

Another more permanent way to do this — unlikely in my case, because I don’t use Edge for everything on the Web — would be to change the application associated with HTML (.htm, .html, .mht, and other related file extensions) to Edge. You can do this using the Default Programs widget in Control Panel, if you were so inclined. My biggest issue with this is that there are a LOT of file extensions for which you’d need to make that association.

And finally, there are even more techniques for opening HTML files in Edge at the command line, or using C++. I’ll let the preceding links speak to those topics because those approaches don’t appeal to me much, if at all. (And the first of these other options is just a variation on the file: syntax item anyway). But as always, there are many ways to accomplish specific tasks in Windows, including opening web documents in the Edge browser. Enjoy!

May 26, 2017  10:27 AM

Hyper-V vSwitch Set-up Snafu

Ed Tittel Ed Tittel Profile: Ed Tittel
Hyper-V, virtual switch, Windows 10

I’ve been struggling on and off with what I thought was a bug in Hyper-V on my production desktop since the end of February. That’s when I cut over from my old production PC to a new one, built around an Asrock Extreme7+ mobo. So far, that system’s been great. It’s faster, more stable, and runs significantly cooler than the system it replaced. There has been one chronic issue, however. Until yesterday, I’d been unable to get a virtual switch set up and working with Hyper-V on that machine. All along, I was convinced I was fighting a Hyper-V bug of some kind. But now I know that this apparent Hyper-V vSwitch set-up snafu was entirely of my own making. Let me explain…

Symptoms for My Hyper-V vSwitch Set-up Snafu

Now that I understand what I was doing wrong, I can see everything I always needed to know in the Network Connections screen from Control Panel. It shows that Ethernet2 is unplugged. That’s absolutely accurate and correct, because the Asrock Extreme7+ includes not one, but two built-in GbE Ethernet ports. One is for an Intel I211 devices, the other is for an Intel I219-V device. On my PC, I’ve only got one port connected to my office (physical) switch — namely, the I211.


The red X’s indicate that the I219 is unplugged, and so is the “Broken Switch.” Turns out they’re directly connected…or not!

Until I tackled the excellent Hyper-V Tutorial by my co-author and occasional collaborator Kari the Finn at TenForums, I didn’t snap to what was going on with my vSwitch set-up. It seems that virtual switch set-up in Hyper-V Manager picks the network interface to use for the “External Network” setting according to some logic of its own. I can tell that logic is neither the ASCII collating sequence (where I211 comes ahead of I219) or “connected vs. disconnected” (where I211 is attached to a network, and I219 is not).

For whatever reason, the “wrong” — that is, disconnected — NIC shows up in the top position in the pick list for the external network connection. I simply hadn’t paid close enough attention to realize I needed to scroll down to the second (but invisible) entry in the two-item pick list to make the proper selection. And of course, any virtual switch that gets bound to a disconnected NIC can’t help but be disconnected as well. Doh!

Fixing My Hyper-V vSwitch Set-up Snafu

And of course, once I systematically worked through the tutorial, I also looked more closely at all the set-up and configuration screens. That’s when I saw that my problem stemmed from my erroneous selection of the disconnected NIC instead of the other, connected one. As soon as I made the proper selection, everything worked like a charm. Ever since, I’ve been setting up and using a couple of new Windows 10 CU VMs. One is for playing with and experimenting, so I can protect myself from unwanted side-effects of grabbing and using all kinds of random software and utilities. The other is a licensed Windows 10 development environment VM that includes a raft of features documented in the Windows Dev Center’s “VM Downloads” page.

It just goes to show you that little things, like my oversight, can stymie progress just as effectively as problems that genuinely come from bugs. I now understand that my earlier experience with Hyper-V had always been on PCs with a single Ethernet NIC, so I was insulated from paying attention to picking the right one. When there’s only one NIC, it can’t help but be the right NIC to get you to your LAN. But when there’s more than one to choose from, you MUST pick one that’s connected. Sigh.

May 24, 2017  6:11 PM

Bid $SysReset Goodbye in Win10

Ed Tittel Ed Tittel Profile: Ed Tittel
Disk cleanup, Hidden files, Windows 10

In poking around on some of my Windows 10 systems, I occasionally encounter the $SysReset folder on the OS drive. The dollar sign at the start identifies it as a hidden system folder. Thus, astute readers already know I routinely check the radio button in File Explorer Options that reads “Show hidden files, folders, or drives.” Unlike many other hidden folders, $SysReset is easy to delete. Even better, it’s usually free from ensuing complications when deleted. Hence, the title of this blog post. Here, I explain how to bid $SysReset goodbye in Windows 10.

Bid $SysReset Goodbye

Because $ is ahead of the alphabetic characters in the collating sequence, hidden folders show up at the top of the File Explorer list.

Make It Happen: Bid $SysReset Goodbye!

Before we chase the $SysReset folder into oblivion, a bit of explanation may be helpful. This folder bears often bears testimony to a failed reset or refresh operation in Windows versions from 8.0 forward. Inside this folder, one finds a Logs folder with traces of prior activity. In my case, this was a file named SetupAct_offline.log. That file provided information about the presence or absence of a factory reset image on my PC. I can tell from the date it ran that it coincided with using the Macrium boot repair tool on this PC. I ran that tool deliberately, in connection with a story on boot repair tools I was writing for The log simply reports that my boot/sys drive includes no factory reset partition (no surprise, because I clean-installed the OS to it myself in April).

Thus, it’s no problem for me to remove the folder and its contents from the drive. Accordingly, I right-click the $SysReset folder entry in the right-hand pane. I select “Delete” from the pop-up menu, and BAM! it’s gone. Just that easy, for once in the sometimes-frustrating contortions necessary to achieve Windows cleanup. No turning to tools like Unlocker, nor any need to boot to a rescue or repair disk to root out files the OS doesn’t want to relinquish. An occasional triumph over Windows is worth savoring, so I hope you’ll savor it with me.

May 22, 2017  10:57 AM

KB4016871 Fixes Spurious Win10 DISM Issue

Ed Tittel Ed Tittel Profile: Ed Tittel
DISM, Image management, Troubleshooting, Windows 10

For the past five months, the Current Branch for Windows 10 (Builds 1604 and 1703) has been subject to a spurious DISM issue. (I blogged about this as far back as December, 2016.) That is, running DISM with the /checkhealth option returns a “healthy” verdict. OTOH, the /scanhealth option indicates the component store is corrupted but “repairable.” It turns out the cause of the issue is a version staging file that’s associated with the Win10 image, but not included in the .wim file itself. That’s why I’m pleased to report that the recent cumulative update KB4016871 fixes spurious Win10 DISM issue. There’s a small bit of user/admin effort required to effect the fix, as this sequence of PowerShell cmdlets shows:

KB4016871 Fixes Spurious Win10 DISM Issue

This sequence of cmdlets shows a contradiction between items 1 and 2, and the fix in item 3.

How KB4016871 Fixes Spurious Win10 DISM Issue

I’ll explain the what and how. But first, let’s review what the preceding screencap shows:

The first cmdlet corresponds to dism /online /cleanup-image /checkhealth. Note: it returns a positive result for “ImageHealthState” (“Healthy“).

The second cmdlet corresponds to dism /online /cleanup-image /scanhealth. Although it’s run on the same image as the preceding cmdlet it returns a negative result for “ImageHealthState.” (“Repairable” means that it has discovered potential corruption that can be repaired.) The CBS.log file shows the culprit is a missing file named (its name is loooong, so it wraps across two lines):


Once the afore-cited cumulative update is applied to the online image, however, the third cmdlet now works! It corresponds to dism /online /cleanup-image /restorehealth. This clears the error condition, and shows that KB4016871 fixes spurious Win10 DISM issue at long last. We know this because ImageHealthState shows as “Healthy” upon completion.

Apparently, the cause of this issue is that the TestRoot and FlightSigning Package file identifies a specific bit of staging and version identification data. In fact, Windows Update uses it when running the Unified Update Platform (UUP) to decide what updates to download. Thus, it’s not really part of the Windows Image file itself and, though referenced, doesn’t turn up when a deep health analysis runs against a targeted Windows image. This produced some kind of error in an earlier release of Windows 10 Current Branch, but is now rectified with Version 1703 (Build 15063.296). One must still run the final cmdlet or its native DISM counterpart to finalize that fix, though.

[Note added later on 5/22, thanks to posters Bree and s0urce at] It looks like the repair actually comes from Microsoft, courtesy of the online image checks that are part and parcel of the way DISM works. Here’s a quote from Bree’s post on the subject:

It would seem that the ‘source not found’ error was not just referring to finding the source on the local PC, but also to a failure to find a valid download for the package on MS’s servers. This would appear to be what @s0urce says MS have fixed ‘internally’.

Whether or not KB4016871 is a prerequisite is a moot point (I suspect not). What is essential is to run DISM once more now that MS have fixed things at their server end so that the working packages can be downloaded and the repair completed to 100%.

Here’s a snippet from the CBS file that shows this fixed functionality at work

2017-05-20 10:08:53, Info                  CBS    DWLD: Windows update server URL:
2017-05-20 10:08:53, Info                  CBS    DWLD:Content is Full-Cab package.
2017-05-20 10:08:53, Info                  CBS    DWLD: Windows update server URL:
2017-05-20 10:08:53, Info                  CBS    DWLD:Content is Express package.
2017-05-20 10:08:53, Info                  CBS    DWLD: Windows update server URL:
2017-05-20 10:08:53, Info                  CBS    DWLD:Content is Express package.

May 19, 2017  11:10 AM

Manage Win10 Drivers Using DISM

Ed Tittel Ed Tittel Profile: Ed Tittel
Device drivers, DISM, Windows 10

Insider Preview Build 16199 was released for Windows 10 a couple of days ago (5/17). In the wake of its install, I checked on Windows 10 drive handling. To that end, I consulted the Reliability Monitor, which shows driver installs as it tracks system changes and errors. Sure enough, Relimon reports that drivers for all devices on a PC get installed during the upgrade process (see screen capture). This spurred today’s blog post, as I explain how to manage Win10 drivers using DISM. In fact, this tool can back up and restore drivers associated with any given Windows image.

Manage Win10 Drivers Using DISM

A quick peek at “Informational Events” on upgrade day (5/17) shows installs for all device drivers on each upgraded PC.

Why Manage Win10 Drivers Using DISM?

Any time you run the Windows installer, you run the risk that it won’t find one or more drivers. Some of these can be critical, as my long-time experience with pre-release technical previews of Windows 10 taught me. On my test PCs, I sometimes had to supply a driver for Killer NIC adapters (fixed since the 1607 version last year) after an upgrade install. Ditto for a Dell/Atheros 1537 wireless adapter on my test tablet. YMMV as far as driver coverage goes in Windows 10. Thus, it’s best to be prepared to fill in where MS fails to find everything driver-wise.

Simply put, the answer to the question posed in this section’s heading — namely: “Why manage Win10 drivers using DISM?” — is “Because it’s easy and fast.” If a PC’s drivers are all current and correct before you perform a Win10 upgrade, you can use DISM to back them up in under two minutes. After an upgrade, you can use that backup to restore individual drivers via Device Manager/Update driver, or perform a wholesale replacement of all drivers using DISM.

How to Manage Win10 Drivers Using DISM

At the command line, DISM backs up drivers using this syntax:

 Dism /Online /Export-Driver /Destination:{DL}:{FS}

 Here {DL} stands for drive-letter, and {FS} for folder specification, so that you’d enter /Destination:D:\DriverBk if you wanted to create the driver backup in a folder named “DriverBk” on the D drive.

The corresponding command for grabbing all drives from such a backed-up folder is:

 Dism /Online /Add-Driver /Driver:{DL}:{FS} /Recurse

Please note that this latter approach simply adds those drivers to the DriverStore in Windows 10. DISM doesn’t remove drivers already present after an upgrade install. That’s why most experts, and yours truly, recommend that you use Device Manager to identify devices that need drivers. Instead, you can right-click those devices one at a time, then use the Update driver capabilities to point at your driver folder as the update source instead.

May 17, 2017  11:35 AM

Current MS Drivers Show Vista 2006 Date

Ed Tittel Ed Tittel Profile: Ed Tittel
Device drivers, UPnP technologies, Windows 10

Take a look around inside Device Manager. If you do, chances are nearly certain you’ll find one or more drivers dated 6/21/2006. That date is no accident, but could be a calculated distortion of its true vintage. 6/21/2006 is the release date for Windows Vista. Microsoft development engineer “zac_I” explains what’s up, in a in a Reddit post from January 2017. Here’s proof that current MS drivers show Vista 2006 date from Device Manager on my production PC:

Current MS Drivers Show Vista 2006 Date

Chances are pretty good you’ll see this date popping up on most MS-supplied drivers for generic or non-OEM devices like this human interface (HID) item.

OK, So Why Do Current MS Drivers Show Vista 2006 Date?

To answer this question, zac_I’s explanation is worth reproducing verbatim:

There’s a very good reason for that, and it has nothing to do with the age of the driver or anything.

When PNP ranks drivers, it first looks at the hardware ID that the driver matches. If any two drivers match identical hardware, the first tiebreaker is the date of the driver. So if you had a device that could use a built-in driver, but you had installed some custom/OEM driver on your device, every time MS updates our driver, it would overwrite your custom driver because the date is newer than the one you wanted. How do we avoid this? Every driver we ship has the Vista RTM date, regardless of when it was last updated (we update the version number, which is the next tiebreaker if the date is the same). Since only drivers as far back as Vista are compatible with new versions of Windows, every driver should have a date newer than Vista RTM, preserving the driver you installed as the best ranked driver.

That means the real clue to the age for Microsoft-supplied drivers appears in the Driver Version field just below the date. In the preceding screen cap, this shows 10.0.15063.0. This indicates it comes from Windows 10 Creators Update. That version of Windows 10 made its public debut on 4/11/2017, so that provides a “no-later than” timeframe for such drivers. Of course, MS grabs and uses whatever driver is current at the time of the release, so it’s nearly certain that the actual date is somewhat older. But this is one case where just because the date says 2006, it doesn’t actually hearken back 11 years. In fact, it’s probably not even close…

Fascinating stuff, eh?

[Shoutout to Kavia Digdarshan at The Windows Club, whose 5/16/17 article “Why are Windows 10 Device Drivers still dated back to 2006?” brought this tantalizing bit of administrivia to my attention. Thanks!]

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: