Windows Enterprise Desktop

June 19, 2017  12:51 PM

Exploring Win10 Clean Install Default Disk Layout

Ed Tittel Ed Tittel Profile: Ed Tittel
Disk partitioning, Windows 10, windows installer

Last week, I posted a blog here about a sequence of DISKPART and other commands users can run to manually override Win10 default disk layout when performing a clean install. Like the material that follows here, it originated from friend and collaborator, Kari the Finn. I provide editing, color commentary, and additional background. In this follow-on post, you’ll find us exploring Win10 clean install default disk layout. We’ll show how it looks, and explain why it’s sub-optimal. In a follow-on post, we’ll provide the script one can use to automate this process.

Let’s Go Exploring Win10 Clean Install Default Disk Layout

As it’s installed on any UEFI / GPT machine, Windows 10 can automatically partition the disk. In that case, Win10 creates 4 partitions: recovery, EFI, Microsoft Reserved (MSR) and Windows partitions. No user activity is needed. One simply selects the target disk, and clicks Next. Windows automatically partitions the disk (assuming it’s blank and contains a single block of unallocated space).

However, we believe this automatic partitioning for a GPT disk is a bit off. Microsoft itself recommends the recovery partition be located after the C: partition in last place. Yet the company’s own automated Windows setup places it at the head of the disk as partition 1. This appears in yellow in the following screenshot. After that, three more partitions appear:

  • the EFI system partition (green)
  • MSR partition (not shown in Windows Disk Management and screenshot because it is hidden and unallocated
  • Windows partition (blue)

Exploring Win10 Clean Install Default Disk Layout

By default, the Recovery partition appears at the head of the boot/system disk. Even MS says it should take up last position at its tail.

Upgrades Pose Problems for the Default Layout

This default disk layout poses a problem any time you upgrade the machine. With each major upgrade from Vista to Windows 10, the recovery partition has increased in size. But when the default recovery partition needs more space it can’t take space from the EFI partition. That’s why a second recovery partition gets created after the Windows partition. This new recovery partition steals the necessary space from the Windows partition, reducing the OS partition to create the room it needs.

When you later add another Windows installation for dual boot you might end up with yet another recovery partition. Even so, this doesn’t ffect Windows functionality. It’s mostly an OCD kind of issue. But as old-school geeks, we prefer doing things right from the get-go.

This why we never let Windows setup partition our GPT disks. Instead, we partitioning those disk ourselves using a DISKPART script. That script places the recovery partition where it belongs, immediately following the C: partition. It adds less than a minute to total installation time yet provides this eminently preferable disk layout:

Exploring Win10 Clean Install Default Disk Layout

A sequence of DISKPART and other commands puts things in the proper order, with Recovery at the tail end of the boot/system disk.

What Makes the Recovery Partition Special?

The Windows Recovery partition on a GPT disk has a trait unique among all Windows partition types. Unlike all other types, a Recovery partition can expand “backwards.” That is, it can take additional space from the preceding partition. All other Windows partition types can only expand “forward.” That is, they can grab free unallocated space after them (shows up to the right in Disk Management and other partitioning programs such as MiniTool Partition Wizard). In sharp contrast, if the recovery partition is placed directly following the C: partition it shrinks C: when it needs more space for itself.

Here the same disk shown in the previous screenshot after uprading that PC to the latest Windows Insider build:

Exploring Win10 Clean Install Default Disk Layout

Placed properly the Recovery partition can grow itself as needed during the upgrade process.

As you can see, instead of creating an additional partition, the recovery partition grew 58 MB. The installer grabbed the space it needed for the upgrade (allowing a roll-back to the previous build) by shrinking C: and allocating that space to itself. This affords the additional benefit of maintaining the original disk layout, without having to switch to a new recovery partition and kiss off the space reserved for the original. Good stuff!

June 16, 2017  10:51 AM

Partition UEFI/GPT HDD Using Diskpart

Ed Tittel Ed Tittel Profile: Ed Tittel
Disk partitioning, System Partition, Windows 10, Windows installation, windows installer

The most common way to set up a hard disk for Windows installation is by default. That is, users present the installer with a clean or wiped disk drive, and let the Windows Installer take things from there. While this works perfectly well, this comes with certain consequences. In this guest blog post from Kari the Finn,  he describes a series of diskpart commands one can enter while booted into the Windows Recovery Environment to do the job manually. These commands show how to partition UEFI/GPT HDD using Diskpart. For those smart or informed enough to understand that the Recovery Partition works best as the final partition on a boot/system drive, this technique lets them set things up “properly.” The rest of this post is straight from Kari himself. Here goes:

How to Partition UEFI/GPT HDD Using Diskpart

Let’s do this once manually to see how it works in this blog post. In the next post that follows this one, we’ll collect all these commands into a script so it can run in a single step.

To start, boot the target PC from your install media. Instead of selecting region and keyboard layout, press SHIFT + F10 to open Command Prompt. Type diskpart and press Enter to start Disk Partitioning Utility.

First, you need to select the correct disk (that’s Disk 0 in my case). Type the following commands one at a time, pressing Enter after each of them (three commands):

select disk 0
convert gpt

OK, now let’s create partition 1, the 100 MB EFI System partition, format it using the FAT32 file system and label it as System (in two commands):

create partition efi size=100
format quick fs=fat32 label=”System”

The hidden 16 MB MSR partition comes next. It will neither be formatted nor will it get a label:

create partition msr size=16

Next comes the Windows partition, the proverbial C: drive. Because we want all available space on Disk 0 to be used for this partition, we do not use the size=XXX option at the end of the create partition command. Instead, we create this partition using all available free space, then shrink it by 450 MB, which is the recommended size for the Windows 10 WinRE (recovery) partition. We format this partition using NTFS and label it as Windows, where this partition’s type is Primary. No drive letter need be assigned: Windows setup assigns C: to this partition automatically (two commands):

create partition primary shrink minimum=450
format quick fs=ntfs label=”Windows”

Last but not least comes the recovery partition. It must be an NTFS formatted primary partition, it should have a specific label, and it requires a specific ID. Because no size=xxx option is used, it consumes all available disk space. Because of the setup for the Windows partition in the preceding step, this is 450 MB. (That’s what we took away from C: partition using the shrink minimum=450 item; three commands follow.)

create partition primary
format quick fs=ntfs label=”WinRE”
set id=”de94bba4-06d1-4d40-a16a-bfd50179d6ac”

That’s it! Now, the boot/system disk is configured just the way we like it. Type Exit to quit DISKPART, then close the Command Prompt. You are now free to continue installing Windows. When you get to disk configuration screen you will see that the boot/system drive is partitioned exactly as we wanted it:

Partition UEFI/GPT HDD Using Diskpart

The sequence of Diskpart commands shown in this post creates this disk layout captured running the Windows Installer in a VM.

In the next blog post, we’ll show how to automate this process as a script you can run during the install process. Stay tuned!

June 15, 2017  9:24 AM

What’s in store for enterprise apps

Alyssa Provazza Alyssa Provazza Profile: Alyssa Provazza
App store, Apple, Enterprise app store, Google

As consumer-focused public app stores become more secure and easier to use, they could become viable enterprise tools.

This month’s Deep Dive article explores the pros and cons of enterprise app stores. These portals let IT control which apps to make available to users, and they’re included in many mobility management products today.

But that’s not the only way to take advantage of an app store. Public app stores—including Google Play, Apple’s App Store and the Windows Store—are another option for deploying business software. Organizations can instruct users to access third-party apps from these stores; mobile apps for enterprise file-sharing services such as Box, for instance, are common for users to access in this fashion. (Read more about Box in this month’s App Spotlight.)

Organizations can also make their custom corporate apps available through public stores. This approach requires some additional steps. Developers must submit apps for beta testing and approval by the operating system manufacturer, which can take months depending on the store. Plus, there often isn’t an easy way for users to provide feedback to developers within the apps themselves. And once the app is available to users, IT must deal with the fact that it has less control over its update process. If users download apps from public app stores that aren’t IT-approved, they have little oversight into manageability and security as well.

Public app stores have made changes to alleviate some of those challenges and concerns. Apple iOS 10.3 allows developers to build automatic requests for reviews into their apps. That means organizations can get continuous, direct feedback. In addition, Apple in March added the ability for developers to respond to reviews, letting them engage even better with users.

Apple also said it would enforce an old rule that restricts developers from coding apps to be able to update outside of the App Store. Developers can no longer make configuration changes or deploy patches that bypass the App Store approval process. For its part, Google in April updated the Play Store interface to make it easier for users to find lesser-used apps and update all apps.

If IT departments don’t want to manage a private app store, there are plenty of ways to use public stores to deliver the apps users need.

This post originally appeared in the June 2017 issue of Access Magazine.

June 14, 2017  12:27 PM

Pondering Build 16215 Plus Good Backup

Ed Tittel Ed Tittel Profile: Ed Tittel
Beta Testing, Windows 10, windows installer

Late on June 8, 2017, Dona Sarkar announced Build 16215 for Windows 10 Insider Preview. It introduces a raft of improvements, changes, and new features. But alas, its gotchas made it fail completely on one of my two test machines. That PC’s customized boot environment supports AOMEI OneKey Recovery (an anecdotal source for issues). It also makes heavy use of older .NET framework 2.x and 3.x versions (a documented source of issues in the release notes). Thus, for some reason, I couldn’t upgrade my Dell Venue Pro 11 through WU. A manual upgrade failed using a 16215 ISO from Kari the Finn. Nor could it run a clean install of that ISO, either. It installed OK, but showed severe driver difficulties, runtime problems and profound .NET issues. All this found me pondering Build 16215 plus good backup as key to that PC’s continued operation.

Pondering Build 16215 Plus Good Backup

Once I realized 16215 wouldn’t work on the Dell, I promptly rolled back to Slow release pace.

How Is It I’m Pondering Build 16215 Plus Good Backup?

Good question! Before I upgrade or install any new Insider Preview build on a test machine, or do likewise for production PCs, I always make an image snapshot of the boot/system drive. That way, I can always roll back to the “before” state, if the “after” has problems or leaves me unsatisfied. I ended up booting to Kyhi’s Windows 10 Recovery Tools on the Dell, once I understood that the clean 16215 install simply wasn’t working properly. It includes a runnable version of Macrium Reflect Free, my tool of choice these days for image backup and recovery.

I used Reflect to revert to the image of the 16193 system I’d captured on the Dell on May 11. The whole process took about 11 minutes to complete. That was far less time than the 7 or so hours I’d spent trying and failing three 16215 upgrades and the clean install. I also promptly dropped down from the Fast to the Slow Insider Preview ring, to prevent WU from re-inflicting the same process on me. So, while my desktop test machine purrs along happily running 16215, the Dell is now holding at 16193. It’s waiting for MS to push a new version out to the Slow ring. At that point I’ll see how it goes, and consider pushing that PC back up to the Fast ring.

My experience does go to show, however, that a good backup (with the right tools at hand to restore it) helps keep things running. That’s true, even when new releases pose powerful or insurmountable problems.

June 12, 2017  11:00 AM

DMT Helps Manage Multiple Monitors

Ed Tittel Ed Tittel Profile: Ed Tittel

The acronym DMT stands for Dual Monitor Tools. But this freeware Windows package handily manages PCs with two or more monitors installed. It’s the brainchild of developer Gerald Evans, and available for free from Sourceforge. Once its 644 KB download is installed, DMT helps manage multiple monitors for modern Windows versions (7 and up). DMT manifests as an icon in the notification area, from which its various features and functions may be invoked.

Exactly How DMT Helps Manage Multiple Monitors

DMT Helps Manage Multiple Monitors

True to its name, the program icon for DMT is … you guessed it … two monitors, overlapping on another. When you open the general controls for DMT, you will immediately see its various features and functions on display. These include general settings and monitor controls under the “Dual Monitor Tools” heading, plus a handful of more specialized tools, including:

  • Cursor: a variety of controls on cursor movement, including degrees of freedom for movement between screens, cursor locks, jump to next screen, and so forth. By default all options are disabled, so the cursor moves freely among or across all screens.
  • Launcher: the hidden gem of DMT, this tool lets users establish the position on a specific screen where applications appear when launched. It’s sophisticated enough to permits users to establish up to four screen/position combinations for any given app.

DMT Helps Manage Multiple Monitors

DMT uses Magic Words to identify specific actions, including app launch or control settings, and hotkeys to apply them.

  • Snap A tool to make snapshots of primary screens and active windows. Snap also manages where and how snapshots appear.
  • Swap Screen: Allows DMT to manage and position active windows. Also labels and identifies user-defined areas on screen, and control other open windows as well (minimize all, rotate screen order, show desktop, etc.).
  • Wallpaper Changer: Provides multi-monitor sensitive wallpaper controls, including image sources, selection and management, image fit controls, background colors, and more.

The Big Benefit When DMT Helps Manage Multiple Monitors

Although Windows has been able to accommodate dual (or multiple) monitors back to XP, its abilities to manage them precisely have always been iffy. DMT’s biggest boon comes from its Launcher utility, which lets users decide upon which monitor (and where) an application appears when launched. Windows always uses on of two methods itself. First, it launches applications on the primary monitor when launched for the first time. Second, it remembers where applications were positioned the last time they were launched (if run before) and launches them there. That’s it. DMT Launcher lets users create hotkeys and “Magic Words” instead. Users identify apps using magic words, then provide hotkeys to indicate a screen choice/screen position combination where the app should open itself. Good stuff!

June 9, 2017  3:41 PM

TreeSize Shows Oft-Missing Win10 Disk Details

Ed Tittel Ed Tittel Profile: Ed Tittel
disk management, Utility, Windows 10

One the many interesting things about Windows is the way the OS manages on-disk storage. This applies most particularly to the volume upon which the OS itself resides. In previous blog posts, I’ve recommended a SourceForge program named WinDirStat. It’s sheds considerable light on disk layout and space consumption, especially if you use “Run as administrator.” But lately, I’ve been reading quite a bit about another product: TreeSize Free from JAM Software. That program includes a built-in “Run as administrator” option. It also sheds more light on the sometimes-mysterious System Volume Information folder. Thus, TreeSize shows oft-missing Win10 disk details you may not find anywhere else.

TreeSize Shows Oft-Missing Win10 Disk Details

Using TreeSize you can see 99.9% of what’s on any Windows disk, including the often-obscured System Volume Information folder, as shown here.
[Please click item to see full-size view]

When TreeSize Shows Oft-Missing Win10 Disk Details, What Do You See?

As the preceding screen cap shows, you get a file list layout plus a graphical layout of disk contents that maps file size to display area. Not surprisingly, this kind of diagram is called a “treemap.” It gives the TreeSize program its name and is built into WinDirStat, too. But while WinDirStat’s treemaps look nicer, those from Treesize (and supporting listings) are more detailed.

The version of TreeSize on display here is theFree version. For-a-fee Professional ($54.95) and Personal ($24.95) versions of the program are also available. Differences among the product versions center around analysis and reporting, along with “fully configurable file search.” The latter is present in the Pro, absent in the Free, and less capable in the Personal edition.

The System Volume Information folder appears in the treemap at the upper right in dark blue. The left-hand detailed listing shows that most of its contents are “system files.” The first 8 items are over 1 GB in size. The next 9 items are over 0.5 GB. Combined, they account for about 80% of the 18.5 GB that this folder consumes on disk. Here’s a zoomed-in view of that folder’s contents.

TreeSize Shows Oft-Missing Win10 Disk Details

TreeSize is intuitive and informative. It’s also easy to learn and use. I’ve already added it to my admin toolbox. You may wish to do likewise!

June 7, 2017  4:32 PM

Surface Pro Firmware Gets Previews Too

Ed Tittel Ed Tittel Profile: Ed Tittel
firmware update, Windows 10

In trolling my go-to Windows sites this morning, I found news on a Firmware update for the Surface Pro 3 (SP3). Because I have one myself, I jumped into Windows Update to see if I could install same. Nothing doing. But on closer inspection, I saw the updates released yesterday already present on that PC. The two items are Surface-Firmware updates and 3.11.2150.0. The former aims to boost battery life during sleep, while the latter UEFI update improves PXE performance over IPv6. This is documented on the SP3 update history page, with a June 6 release date for those items. But then I checked Update History on my SP3. There, I saw those selfsame items with release dates of 4/27 and 4/28, and an install date of 5/23. That’s when I realized that Surface Pro firmware gets previews, too. Let me explain…

Surface Pro Firmware Gets Previews

It turns out there’s a very good reason why my SP3 shows dates different from the MS general release.

Why Say “Surface Pro Firmware Gets Previews?”

It just so happens that my SP3 is on the Microsoft “Release Preview” update schedule. Thus, it gets new releases that target the Current Branch version of Windows 10 before other PCs on the same branch that stick to the public release schedule. I never realized that Microsoft floated firmware releases on a lookahead schedule in this program, along with more typical security updates, patches, and fixes. But now I know for sure that they do with firmware as they do with other stuff. The proof’s in the dates shown in the preceding screen capture.

I’m not sure why this surprised me. I guess it makes sense to try out new firmware on self-selected beta testers before unleashing it on the general public. It just didn’t occur to me that signing up for the Release Preview program meant my SP3 would see firmware updates in advance of those sent out in general release. Kind of makes me wonder if MS has ever decided not to propagate firmware updates to the general public, based on issues uncovered in the Release Preview program. I’m not sure I’d want to be that kind of guinea pig, but I guess I am already. You’ve been warned!

June 5, 2017  12:38 PM

MS Leaks MORE Win10 Versions?

Ed Tittel Ed Tittel Profile: Ed Tittel
versioning, Windows 10

Last Thursday, June 1, MS watchers noticed a strange new release of Windows 10 hit Insider Preview. According to some reports at, it may even have hit other Windows Update channels. Soon thereafter, Dona Sarkar posted a blog entitled “A note about the unintentional release of builds today.” She explained this as “an inadvertent deployment to the engineering system that controls which builds/which rings to push out to insiders.” The release showed up as Insider Preview Build 16212, and also as 15063.2.rs2_release_svc_d.170531-1743 (UUP-CTv2). But subsequent analysis of the code itself later turned up telltale signs of more Win10 versions in the offing.

What This About MORE Win10 Versions?

You can find reports on those findings from numerous sources, including and The latter quotes an interesting tweet from user AndItsTito that depicts three new such versions, while Thurrott talks about only one. Here’s a screen capture of some content that AndItsTito reports finding in the 16212 pkeyconfig file:

more win10 versions

Here, you see mention of Windows 10 Pro for Advanced PCs twice, plus a “ServerRdsh” version of Windows Server 2016.

Neowin speculates that the Advanced PCs versions are for high-end workstations, probably with two or more CPUs. The N version is for Europe in keeping with a decade-old settlement between the EU and MS. The other non-N version is for the rest of the world, and probably includes legacy media player support. Also, the ServerRdsh version strongly suggests something designed to work with the Remote Desktop Services Host. It is probably intended to provide remote Windows 10 client OS access and support, either for one-off applications or for full-blown, fully-equipped Windows OSes.

Only time will tell if these speculations are warranted, or if in fact more Win10 versions materialize. The data is suggestive, and may point to more rather than fewer Windows 10 versions to come. I find myself in agreement with Paul Thurrott’s counter-suggestion that there should be only one Windows 10 where advanced features come from the particular license applied to the code base. Making things simpler rather than more complex is one way to stem the tide of desertions and defections from the desktop/PC world that Windows serves best. Is MS open to such input? Again, only time will tell!

June 5, 2017  11:07 AM

IT muses pros and cons of unified endpoint management

Kelly Stewart Profile: Kelly Stewart
Endpoint management, mobile device management, UEM

BOSTON — Long gone are the days when users worked solely from one PC on a desk in the office. Employees today are on the move, and they work from multiple devices as they go.

This trend is great for users, but not so fun for IT. Attempting to manage so many different devices — and their data — has brought migraines to administrators.

One technology that aims to ease the pain is unified endpoint management (UEM), which allows IT to oversee and control any device from the same console. IT can create and enforce policies across desktops, laptops, smartphones and tablets.

Organizations have been slow to pick up UEM, however, because many already have management software in place for existing devices. UEM also only works with Windows 10, which has also delayed enterprise adoption.

“There’s a lot to UEM, and I think that’s what’s confusing,” said Monroe Horn, CTO of Sunstein Kann Murphy and Timbers, a law firm in Boston.

Horn’s business uses BlackBerry Enterprise Mobility Suite for UEM but is looking into other options once the current license is up, he said.

“For us [UEM has] been a pretty big learning curve,” Horn added. “How UEM for … Windows 10 fits in for everything we are already using for managing Windows at the desktop is a big question. Will it add another layer of complexity?”

Horn and other attendees here at the Boston VMware User Group UserCon learned more about one option for unified endpoint management, VMware’s AirWatch, in a session. The product integrates with traditional desktop management software and offers security features such as encryption, patch management and remote wipe, said Brandon Mendonca, an AirWatch sales engineer.

“I was really interested how [AirWatch gives] a wide range of ability of control, from putting a container on a personal phone to locking down corporate assets,” Horn said.

June 2, 2017  10:16 AM

Tip: Access HTML Files Using Edge

Ed Tittel Ed Tittel Profile: Ed Tittel

I hang out on, to keep up with Windows news, technical developments, and troubleshooting tips and techniques. I also do what I can to give back to the community by responding to posts and questions there. This morning, something popped up that I hadn’t faced before. A user asked “How do I access a local HTML file in Edge?” while observing that the program includes no built-in menu tools to open local files. I knew there had to be multiple ways to access HTML files using Edge, so I set about learning how to make this happen.

How to Access HTML Files Using Edge

My first instinct was to try the keyboard combination Ctrl-O to see if that shortcut for file open would work. Nope, no dice.

Next, I turned to the URL used for accessing anything in a web browser. For nearly all browsers, some variation on a URL that starts with the characters “file:” will do the trick. And in fact, that works for Edge too. As with Explorer (and Chrome, Firefox, and others) this general URL structuring technique provides immediate access to local files:


Where the following observations and substitutions apply:

  • file: is a protocol label (like http: for HTML documents) and must appear to access the local file system and structures
  • /// is a mandatory separator between the protocol label and the following file specification
  • C: is the drive specification for the volume in which the local file resides
  • /directory/ is the directory specification within which the local file may be found
  • filename.html is the filename for the HTML document (or other markup language file, such as XML, CSS, and so forth) that you wish to open in Edge

Access HTML Files Using Edge

This real-world example actually reads file:///C:/Users/etitt/documents/02fig01.html fully expanded.

Of course, this also led me to think of another, perhaps faster or easier way to open such a document in Edge. One need only navigate to the file in File Explorer, right-click its listing entry, select “Open with…” from the resulting pop-up menu, and pick Edge as the application to use for that purpose. Done!

Another more permanent way to do this — unlikely in my case, because I don’t use Edge for everything on the Web — would be to change the application associated with HTML (.htm, .html, .mht, and other related file extensions) to Edge. You can do this using the Default Programs widget in Control Panel, if you were so inclined. My biggest issue with this is that there are a LOT of file extensions for which you’d need to make that association.

And finally, there are even more techniques for opening HTML files in Edge at the command line, or using C++. I’ll let the preceding links speak to those topics because those approaches don’t appeal to me much, if at all. (And the first of these other options is just a variation on the file: syntax item anyway). But as always, there are many ways to accomplish specific tasks in Windows, including opening web documents in the Edge browser. Enjoy!

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: