The latest free eBook from Microsoft Press is likely to strike a chord with IT professionals interested in or planning for upcoming Windows 10 deployments. It’s entitled Deploying Windows 10: Automating deployment by using System Center Configuration Manager. The eBook is available for immediate download in a variety of electronic formats (standard PDF, mobile PDF, ePub, and Mobi/Kindle). The author team includes Andre Della Monica, Russ Rimmerman, Alessandro Cesarini, and Victor Silveira. All of these folks work for Microsoft as “premium field engineers,” and all have been involved in larger-scale Windows deployments, including recent and relevant experience with deploying Windows 10.
Though only 95 pages in length, the book offers relevant best practices and deployment advice for deploying Windows 10.
According to the book’s description, over 70 percent of businesses use System Center Configuration Manager (SCCM) to manage PCs. That platform also enjoys increasing market share on a quarter-over-quarter basis. Of its many features and functions, SCCM’s OSD (OS Deployment) functions are among the most popular and frequently used. This book explains and explores those features and functions, and how to use them in real-world situations.
Deploying Windows 10: Contents
The books four chapters are organized as follows:
- Chapter 1 describes what’s new in Windows 10, and what makes it worth using.
- Chapter 2 covers Windows 10 deployment options, and compares and contrasts deployment methods.
- Chapter 3 digs into OSD concepts to prepare for deploying Windows 10 using SCCM.
- Chapter 4 provides a walk-through of the Windows 10 deployment process using SCCM, including implementation details.
How can anyone turn down a free eBook that offers potentially useful and valuable information and implementation advice? Digging in won’t cost you any more than the time it takes to download and start reading. Be sure to follow the links you’ll find in the first paragraph of this blog post, and grab yourself a copy today. Hopefully, it will help get the Windows 10 deployment ball rolling in your organization.
Yesterday, MS released Cumulative Update KB3140743, which promises — and describes in detail — a raft of bug fixes and improvements. Be sure to check the Windows 10 update history page for those details. MS’s actual language is: “improved reliability in numerous areas, including … network connectivity and discovery.” What’s going on here shows up nicely under the Network heading in File Explorer. It now correctly lists all local computers, media devices, network infrastructure elements, and (networked) printers on the LAN. Network discovery has been fixed, and fixed quite well!
Network discovery now catches and displays everything of interest in the Network element in File Explorer.
It’s hard to over-enthuse about this improvement, which captures and displays the network neighborhood quickly and accurately. As an experiment, I withdrew a local PC from my LAN Homegroup. Upon re-establishing its membership, the PC immediately re-appeared in the Computer pane on another PC. It even shows terminal server sessions via RDP. It would eventually display my son’s XboxOne when it booted up later that day.
Reliability Improvements Go Way Beyond Network Discovery…
The improved reliability claim also extends to other items as per the update history for KB3140743:
OS and Windows Update installation, startup, installing and configuring Windows for the first time, authentication, resuming from hibernation, shutdown, kernel, Start menu, storage, Windows Hello, display modes, Miracast, AppLocker, Internet Explorer 11, Microsoft Edge browser, … and File Explorer
I haven’t yet had time to explore these other items in any depth. But if they offer the same accuracy and speed as the networking stuff, Windows 10 has truly taken a big leap forward in reliability. The next few days promise to be more interesting than usual, as I and others explore and learn more about these changes. One thing’s for sure: this is one Windows Update that most users won’t want to miss. Also, enterprise admins will want to start testing this update for deployment sooner rather than later, even those on the Current Branch for Business!
Last weekend, I got my new production PC off the ground with a basic build and OS install. This weekend, I finished the job. This meant installing a raft of SSDs and hard disks, then moving the contents of the old production PC onto the new one. Lots of various applications, services, and so forth needed to move over as well. I put LapLink PCMover to work, and was able to save significant time by doing so. However, I hit a few potholes along the way, and learned a thing or two as I made my PC switchover.
I found myself having to reinstall much of the licensed software that PCMover claimed to have moved. Such items included Office 365, PaintShop Pro, System Information for Windows (SIW), and Nitro Pro 10, but not Paragon Partition Manager. Also, I had to reconfigure e-mail access info in Outlook to get everything working, which took some trial and error to puzzle my way through. Right now, the system appears to be working correctly, and I’m functioning normally on my production PC. It’s something of a relief, I’ll confess, because I hit several snags that had me wondering if I’d be able to get back to work this morning.
PC Switchover Lessons Learned
I don’t know what it is about some hardware manuals, but I’m usually capable of following instructions. I did hit some snags in getting my SSDs and hard disks attached to the Asrock Z170 Extreme 7+ motherboard, and observed that instructions about drives blocked because of SATA ports consumed by the M.2 NVMe SSD didn’t quite match the ports I was able to get working. My reading of the instructions was that the bottom row of SATA connectors at the right on the motherboard block would be unusable, but it turned out that the top ones were unusable instead. I also experienced issues with the ASMedia SATA connectors, not realizing that installing a former boot drive into any of those ports would attempt to pre-empt the NVMe SSD in the boot order.
On another similar front, I attempted to recycle some spare mSATA SSDS into dual RAID 0 configurations using some StarTech circuit boards, but discovered one of them non-functional (it would accept the mSATA devices, but wouldn’t allow me to configure them for storage in Disk Management, producing an “I/O Error” every time I attempted to set up either a GPT or MBR based storage volume). It took some time to sort out all the storage stuff, but eventually I got more than enough working to get the system outfitted with a fair amount of space (about 9 TB worth: 7.5 TB on HDD spinning disks, the remainder on SSDs from 250 GB to 500 GB in size).
A snippet from SIW Pro following the PC Switchover.
PCMover Makes a Quicker PC Switchover Possible
PCMover cost me $60 but proved eminently worth it by automagically moving most of my applications, and all of my files and settings (Documents, Downloads, and so forth) from the old production PC to the new one. I did the migration over my GbE network, and the whole thing took about 35 minutes from start to finish. Though I did have to re-install a handful of applications after the move was completed, it was still quite a bit faster than doing everything over again would have been. The last time I rebuilt my production PC, it took me just over a long day to deal with the aftermath of getting the OS reinstalled, and to put my applications and settings back to where they had been beforehand.
I will say this much for the new rig: it’s the coolest-running PC I’ve ever built. Idle temps are in the low 20s; it runs in a range of 24-29 for ordinary use; and I have yet to see it spike over 37 at the heaviest load I’ve thrown at it (all temps are in Celsius). Throw in a faster CPU, faster memory, and a blazing fast NVMe boot/system drive, and it’s proving to be an entirely satisfactory upgrade.
Over time, Windows PCs can accumulate interesting amounts of clutter and detritus. Especially on machines, like mine, where I install and sometimes use a wide variety of programs, this applies to the items that Windows invokes upon starting up the OS and getting things going. While you can use the Startup tab in Task Manager to do a decent job of policing startup items and elements, nothing beats Sysinternals Autoruns program when it comes to getting serious about startup cleanup.
Just this morning, I stumbled across a nice PC World story from Lincoln Spector entitled “3 ways to speed up Windows 10 without buying new hardware.” His first tip reads “1. Remove unnecessary autostarters” and briefly explains how to manage such items with Task Manager. That got me to thinking about Autoruns, after which I took a look into that program to see just how many items my production PC’s installation had accumulated there. By the time I got to 300 (there’s no easy way to count what’s in Autoruns except by scrolling through its listing AFAIK), I go tired and gave up, but if the ratio of space consumed to total items is any indicator, it probably runs around 1200 or so. Turning to the Logon tab (instead of Everything) produced a much more manageable count of 38.
Startup Cleanup Comes Easy with Autoruns
In looking at entries in Autoruns, you can right-click to look the item you’ve selected online, and occasionally get some insight as to what’s worth keeping and what’s worth disabling/deselecting. What I did for my startup cleanup was to delete elements for applications I use only seldom, if at all, to bring down the overall count. In my case that included:
- numerous entries related to Acronis TrueImage (which I run once a week as a secondary backup facility)
- Skype (which I never use on this PC as it has no readily available microphone unless I plug in a headset)
- some but not all Apple and iTunes stuff (updater, iCloud, etc.) that I use seldom, if ever
- a variety of updaters (Java, Nvidia, SnagIt, and so forth — I use Secunia/Flexera PSI to keep up with updates one or more times weekly)
- various browser plug-ins primarily for Web-based meetings (GoToMeeting, On24, and so forth)
- various downloaders (BITS, Akamai, and more)
- other related or similar items
By the time I was done clicking through the interface (which took the better part of half an hour), I’d unchecked over 50 items in all. This is a reasonably substantial startup cleanup, as such things go.
This isn’t something that needs doing every week or every month, but if you’re in the habit of installing new programs on a work or personal machine on a more-or-less regular basis, it’s probably worth doing every 3 to 6 months or so. Grab a copy of Autoruns, and have at it!
Notice on the screencap that I’ve unchecked 13 of the 24 items showing, or just over half of that total. With some careful inspection (and occasional use of the “Search Online…” right-click menu item) you should be able to trim away quite nicely at the Windows runtime environments you subject to this analysis and action. This can be useful in tweaking and tuning reference Windows images as well, prior to their deployment.
On my home network, I’m usually playing host to anywhere from half-a-dozen to a dozen PCs that include desktops, notebooks, tablets, and even an Xbox One. Along with those computing devices, I’ve got a variety of other elements that include my boundary device to Time Warner cable (an Arris box that supports 802.11ac wireless as well as GbE), and a couple of printers. Owing to topology issues — namely, a single GbE wired port upstairs — I had until recently elected to attach my Dell 2155cn color laser printer via USB to my wife’s PC, rather than wiring it up to the in-house Ethernet as a network-attached device. Sure, network printing has all kinds of advantages, but I never felt compelled to extend my topology at the end of the upstairs link until recently.
But in the last month, my wife’s mini-ITX PC (built around a very nice little JetWay JNF9G-QM77 motherboard with an i7-3630QM low-voltage processor) started dropping the USB-attached printer about once a week. I’m not sure if a driver change is responsible, or if the USB circuitry is getting flaky, but something weird was going on. After spending over an hour trying unsuccessfully to troubleshoot the latest glitch on Monday, I dashed over to Fry’s on Tuesday to pick up an el-cheapo GbE switch. That evening, I dropped in said switch, and attached both her PC and the printer to separate ports via Cat6 cables so that the Dell printer could take up independent residence on the network.
Network Printing Works Immediately and Correctly
Immediately, the Dell printer showed up in Devices and Printers in the “Add a printer” selection box, bearing the name DELLCB745E. Upon using Nir Sofer’s excellent Fast Resolver tool to check the printer’s IP address (eventually, I’ll create a static reservation for that address in the Arris routing tables) to learn that the final six characters of the device name are also the last six hexadecimal digits of its MAC address. This is the portion that “uniquely” identifies the specific network interface built into the printer, as compared to all other similar devices from the same maker, which provides a reasonable way to construct a unique device name for network access. Also makes network printing better able to provide easily identifiable and usable device names.
No sooner attached, than network printing starts up, visible in Printers and Devices.
Better still, the printer is now available to the entire network directly and not just to my wife’s PC. That means she can now power it off when she’s not using that PC because it’s no longer necessary to keep it running to provide printer access. Windows 10 is able to see the device for what it is, and able to automagically download the correct drivers on its own without any human intervention. All in all, I’d have to say the change is worth the $35-40 it cost me for the upstairs switch and the two Cat6 cables I had to buy to put all the pieces together. Network printing provides a definite improvement over intermittent availability when attached via USB!
Thanks to some clever work from Sergey Tkachenko over at Winaero.com, DISM shows off yet another interesting capability. You can use it to install missing Windows features without having to download them from the Internet (that’s because they’re already part of the Windows image baked into the Windows installer, or other environments that include the ubiquitous install.wim or install.esd file). The syntax for the relevant DISM FeatureName command tells the story, to those in the know, namely:
DISM /Online /Enable-Feature /FeatureName:NetFX3 /All /Source:D:\sources\sxs /LimitAccess
Let’s unpack this command string, to elucidate what’s going, item by item:
/online: operate on the current running version of Windows
/enable-feature: turns OS features on
/featurename: identifies feature name to be turned on, where NetTX3 refers to the current .NET Framework version 3, aka .NET 3.5
/all: turn on all aspects of the feature being enabled
/Source: identifies a file-spec from whence the files should be drawn (\sources\sxs, for install.wim/.esd image)
/LimitAccess: do not download files from the Internet
Here’s the DISM FeatureName command at work (on a pre-release Win10 build).
[Image Credit: Sergey Tkachenko Winaero.com]
What DISM Featurename Values Are Available for Windows 10?
Funny you should ask: DISM can provide that list using the command line DISM /online /Get-Features. By running this command, I was able to interrogate my own running image, and learned that there are 115 such named features, most of which are disabled by default in a standard Windows 10 installation. Any of these that are in a “Disabled” state may be turned on using the same syntax shown above, simply by substituting the desired package name for “NetTX3” in the exploded DISM command already explored and explained.
What Can Go Wrong When Using DISM Featurename Stuff?
In my own experience, and in working with DISM for various other instructions that include the /Source attribute, I’ve learned that this particular attribute can sometimes be finicky. If you try to use the foregoing syntax and get errors related to source locations, you’ll want to dig deep into the TechNet DISM Reference to fully understand its syntax and semantics. In the comments to Tkachenko’s explanatory blog post, for example, half-a-dozen respondents reported trouble with the very nice batch file he provides to automate the process of using DISM to add the .NET 3.5 feature (and one respondent supplies an alternate DISM technique that uses its /Add-Package capability instead of /Enable-Feature).
Industry observers have been keen to point out that while consumers have been fairly quick to move to Windows 10, enterprise users have not been quite as aggressive in their uptake. Thus, for example, when Microsoft revealed early in January that the total number of Windows 10 users had exceeded 200 million (including Xbox users), it also indicated that only about 10% of that population (22 million) represented seats in enterprise and education sectors. Enterprise Windows 10 deployment is about to get a major bump. That comes thanks to a memo from Department of Defense CIO, Terry A. Halverson, that is a major news focus this week (even though it’s dated 11/20/2015).
DoD Windows 10 Deployment Memo Excerpts
Here are some key snippets from this memo:
It is important for the Department [of Defense] to rapidly transition to Microsoft Windows 10 in order to improve our cybersecurity posture, lower the cost of IT, and streamline the IT operating environment.
This memo serves as notification that the DoD will direct Combatant Commands, Services, Agencies and Field Activities (CC/S/As) to rapidly deploy the Windows 10 operating system throughout their respective organizations starting in January 2016. This applies to all DoD information systems currently using Microsoft operating systems. The Department’s objective is to complete the deployment by January 2017. …
The Defense Information Systems Agency (DISA) and the National Security Agency (NSA) are co-leading a joint Secure Host Baseline (SHB) working group to prepare a Windows 10 Standard Desktop framework. The WIN 10 SHB will bring consistency to DoD host security configuration management activities and will be available to CC/S/A’s on DISA’s Information Assurance Support Environment Portal site … in January.
The distribution list for the memo covers all the bases: everybody’s migrating to Win10!
How serious is this Windows 10 deployment initiative? Any CC/S/A (Combatant Command, Service, or Agency and Field Activity) that wishes to extend its Windows 10 deployment beyond January 2017 must for waivers on a case-by-case basis. Any waivers that extend into 2018 must obtain approval from the DoD CIO — namely, Mr. Halvorsen himself.
DoD Windows 10 Deployment IS a Pretty Big Deal…
Press reports on the number of devices affected come from Microsoft’s Windows Experience Blog post dated 2/17/2016, entitled “US Department of Defense Commits to Upgrade 4 Million Seats to Windows 10.” The author, Yusuf Mehdi, is the Corporate VP for Microsoft’s Windows and Devices Group. This is an ambitious plan with a short timeline, and should definitely shake any wrinkles out of Microsoft’s staging and deployment tools and platforms. It promises to be something of “make-or-break” for Microsoft’s big plans to hit 1 billion Windows 10 users by 2017. The DoD effort will certainly be the biggest single Windows 10 deployment ever undertaken. If things go well, those plans will have earned a major endorsement; if not, …
For the second time in recent experience, word of “hidden cumulative updates” has hit the wires. I’m talking about KB3140742, which is currently available only for download from the Microsoft Update Catalog, where it takes the name “Cumulative Update for Windows 10 Version 1511 (KB3140742).” The previous such item appeared on January 27 as KB3136562 for those running the current branch build, and shared the following characteristics with KB3140742:
- Not made available via Windows Update (that’s why I call them “hidden”)
- Only available through the Microsoft Update Catalog
- Requires manual installation
- Advertised as a “Critical Update” (…742) or “Security Update” (…173)
- Some users report occasional problems with manual installation, but most such installs complete successfully
What’s interesting about these hidden cumulative updates is that neither appears in the new, much-ballyhooed Windows 10 Update History listings, in addition to remaining unavailable via the Windows Update service. Thus, it’s not unfair to reason that MS is restricting access to these updates on the one hand, yet permitting them to be (manually) installed on the other. Many Windows watchers have concluded that these items represent a kind of “technical preview” for upcoming updates to the Current Branch release. There may be something to this conclusion, in that the build number that resulted from KB3136562 update was 10586.79, which falls between the previous Patch Tuesday build number of 10586.63 and the following Patch Tuesday build number of 10586.104.
Are Hidden Cumulative Updates Just for Testing or Real Interim Updates?
I’m more than mildly curious to know what’s up with these interim Cumulative Updates to Windows 10. It would be nice to get a statement from Microsoft as to their intended audience and to understand whether their intent in making them somewhat available is to test them or to make new fixes and functions available prior to the next upcoming Patch Tuesday. For those who are likewise curious, I’d suggest staying tuned to either TenForums.com (the “Windows 10 News” forum does a good job of keeping up with these items as they appear), or WindowsReport.com, which follows these items’ releases as part of its regular news coverage.
It’s hard to say if two in a row represents a trend, or a pair of one-off experiments.
When you think of productivity suites, Microsoft Office most likely springs to mind. The applications in Office are some of the most ubiquitous in the enterprise, and for good reason. Office has tons of features and applications, and it’s relatively easy to use. This guide was even written and edited in Word.
But Office isn’t the only suite of productivity applications out there, and it’s not the right option for every company. Some businesses might want a more cloud-focused approach, in which case Office 365 or Google Apps might be the way to go. Companies looking for free access to word processing, spreadsheet and other applications can look to open-source alternatives such as OpenOffice and LibreOffice. Apple has its own suite for Mac users. And there are plenty of mobile productivity applications, some of which are free — even those from Microsoft, although they’re very limited without an Office 365 subscription.
It’s worth it to look at both desktop and mobile alternatives to Office, because the options are so competitive these days. Consider features, support, user needs and, of course, pricing. For many companies, Office could still be the best option. Volume licensing can help with cost concerns, and the continued updates and support Microsoft provides are a draw for businesses. Additionally, it’s important to think about the learning curve, help desk tickets and user frustration that can come from moving users to a completely new and potentially very different interface.
Still, taking another look at the productivity suite market can’t hurt. Begin with our new three-part guide, Alternative Productivity Suites Can Rock as Hard as Office.
Every now and then, one of my test machines will balk when the time comes to install a new update for testing and evaluation. Figuring that other readers may occasionally find themselves in the same circumstances, I wanted to share some potential fixes and techniques for dealing with this when and as it happens:
Windows Fixit: Automatically Reset Windows Update Components
Even though this Windows Support tool mentions only Windows 8.1, 8, and 7, it also works for Windows 10. It automates the process described in the afore-linked Fixit documentation, which includes stopping various services (BITS, Windows Update, and the Cryptographic service), deleting update queue management files, re-registering BITS and Windows Update files, resetting WinSock, restarting already mentioned services, and installing the most current Windows Update Agent. Nice explains why the Fixit is so handy, no?
This KB article (947821) explains how to use DISM (Deployment Image Servicing and Management) and the System File Checker at the command line to repair damaged Windows System files as a roundabout way to address Windows Update problems. Note that SFC /scannow currently returns spurious errors related to Nvidia drivers for current builds on the current branch (this is fixed in the current technical preview builds, however).
Research Specific Windows Update Problems Online
For my particular problem, I encountered error message 0x80070BC9. Searching on that error code online, I was able to find numerous helpful forum posts and information suggesting fixes. Most notably, posting to TenForums.com led me to a Microsoft Community post (February 2012) that mentioned that error code which contained much of the foregoing information. Direct research on specific symptoms are good, and error codes even better (if available) because they will often provide pointers to the most relevant and potentially useful information. A certain amount of spelunking and experimentation is usually required to adapt other people’s fixes to one’s own current situation, so be prepared to learn from such information as much from trial and error as anything else!
The Windows Update Fixit is a great place to start when seeking to remedy problems applying updates.
[Note: many thanks to Cluster Head at TenForums for pointing me in the right direction on this issue. It’s a great place to seek and find useful Windows troubleshooting information.]