Windows Enterprise Desktop

June 5, 2017  11:07 AM

IT muses pros and cons of unified endpoint management

Kelly Stewart Profile: Kelly Stewart
Endpoint management, mobile device management, UEM

BOSTON — Long gone are the days when users worked solely from one PC on a desk in the office. Employees today are on the move, and they work from multiple devices as they go.

This trend is great for users, but not so fun for IT. Attempting to manage so many different devices — and their data — has brought migraines to administrators.

One technology that aims to ease the pain is unified endpoint management (UEM), which allows IT to oversee and control any device from the same console. IT can create and enforce policies across desktops, laptops, smartphones and tablets.

Organizations have been slow to pick up UEM, however, because many already have management software in place for existing devices. UEM also only works with Windows 10, which has also delayed enterprise adoption.

“There’s a lot to UEM, and I think that’s what’s confusing,” said Monroe Horn, CTO of Sunstein Kann Murphy and Timbers, a law firm in Boston.

Horn’s business uses BlackBerry Enterprise Mobility Suite for UEM but is looking into other options once the current license is up, he said.

“For us [UEM has] been a pretty big learning curve,” Horn added. “How UEM for … Windows 10 fits in for everything we are already using for managing Windows at the desktop is a big question. Will it add another layer of complexity?”

Horn and other attendees here at the Boston VMware User Group UserCon learned more about one option for unified endpoint management, VMware’s AirWatch, in a session. The product integrates with traditional desktop management software and offers security features such as encryption, patch management and remote wipe, said Brandon Mendonca, an AirWatch sales engineer.

“I was really interested how [AirWatch gives] a wide range of ability of control, from putting a container on a personal phone to locking down corporate assets,” Horn said.

June 2, 2017  10:16 AM

Tip: Access HTML Files Using Edge

Ed Tittel Ed Tittel Profile: Ed Tittel

I hang out on, to keep up with Windows news, technical developments, and troubleshooting tips and techniques. I also do what I can to give back to the community by responding to posts and questions there. This morning, something popped up that I hadn’t faced before. A user asked “How do I access a local HTML file in Edge?” while observing that the program includes no built-in menu tools to open local files. I knew there had to be multiple ways to access HTML files using Edge, so I set about learning how to make this happen.

How to Access HTML Files Using Edge

My first instinct was to try the keyboard combination Ctrl-O to see if that shortcut for file open would work. Nope, no dice.

Next, I turned to the URL used for accessing anything in a web browser. For nearly all browsers, some variation on a URL that starts with the characters “file:” will do the trick. And in fact, that works for Edge too. As with Explorer (and Chrome, Firefox, and others) this general URL structuring technique provides immediate access to local files:


Where the following observations and substitutions apply:

  • file: is a protocol label (like http: for HTML documents) and must appear to access the local file system and structures
  • /// is a mandatory separator between the protocol label and the following file specification
  • C: is the drive specification for the volume in which the local file resides
  • /directory/ is the directory specification within which the local file may be found
  • filename.html is the filename for the HTML document (or other markup language file, such as XML, CSS, and so forth) that you wish to open in Edge

Access HTML Files Using Edge

This real-world example actually reads file:///C:/Users/etitt/documents/02fig01.html fully expanded.

Of course, this also led me to think of another, perhaps faster or easier way to open such a document in Edge. One need only navigate to the file in File Explorer, right-click its listing entry, select “Open with…” from the resulting pop-up menu, and pick Edge as the application to use for that purpose. Done!

Another more permanent way to do this — unlikely in my case, because I don’t use Edge for everything on the Web — would be to change the application associated with HTML (.htm, .html, .mht, and other related file extensions) to Edge. You can do this using the Default Programs widget in Control Panel, if you were so inclined. My biggest issue with this is that there are a LOT of file extensions for which you’d need to make that association.

And finally, there are even more techniques for opening HTML files in Edge at the command line, or using C++. I’ll let the preceding links speak to those topics because those approaches don’t appeal to me much, if at all. (And the first of these other options is just a variation on the file: syntax item anyway). But as always, there are many ways to accomplish specific tasks in Windows, including opening web documents in the Edge browser. Enjoy!

May 26, 2017  10:27 AM

Hyper-V vSwitch Set-up Snafu

Ed Tittel Ed Tittel Profile: Ed Tittel
Hyper-V, virtual switch, Windows 10

I’ve been struggling on and off with what I thought was a bug in Hyper-V on my production desktop since the end of February. That’s when I cut over from my old production PC to a new one, built around an Asrock Extreme7+ mobo. So far, that system’s been great. It’s faster, more stable, and runs significantly cooler than the system it replaced. There has been one chronic issue, however. Until yesterday, I’d been unable to get a virtual switch set up and working with Hyper-V on that machine. All along, I was convinced I was fighting a Hyper-V bug of some kind. But now I know that this apparent Hyper-V vSwitch set-up snafu was entirely of my own making. Let me explain…

Symptoms for My Hyper-V vSwitch Set-up Snafu

Now that I understand what I was doing wrong, I can see everything I always needed to know in the Network Connections screen from Control Panel. It shows that Ethernet2 is unplugged. That’s absolutely accurate and correct, because the Asrock Extreme7+ includes not one, but two built-in GbE Ethernet ports. One is for an Intel I211 devices, the other is for an Intel I219-V device. On my PC, I’ve only got one port connected to my office (physical) switch — namely, the I211.


The red X’s indicate that the I219 is unplugged, and so is the “Broken Switch.” Turns out they’re directly connected…or not!

Until I tackled the excellent Hyper-V Tutorial by my co-author and occasional collaborator Kari the Finn at TenForums, I didn’t snap to what was going on with my vSwitch set-up. It seems that virtual switch set-up in Hyper-V Manager picks the network interface to use for the “External Network” setting according to some logic of its own. I can tell that logic is neither the ASCII collating sequence (where I211 comes ahead of I219) or “connected vs. disconnected” (where I211 is attached to a network, and I219 is not).

For whatever reason, the “wrong” — that is, disconnected — NIC shows up in the top position in the pick list for the external network connection. I simply hadn’t paid close enough attention to realize I needed to scroll down to the second (but invisible) entry in the two-item pick list to make the proper selection. And of course, any virtual switch that gets bound to a disconnected NIC can’t help but be disconnected as well. Doh!

Fixing My Hyper-V vSwitch Set-up Snafu

And of course, once I systematically worked through the tutorial, I also looked more closely at all the set-up and configuration screens. That’s when I saw that my problem stemmed from my erroneous selection of the disconnected NIC instead of the other, connected one. As soon as I made the proper selection, everything worked like a charm. Ever since, I’ve been setting up and using a couple of new Windows 10 CU VMs. One is for playing with and experimenting, so I can protect myself from unwanted side-effects of grabbing and using all kinds of random software and utilities. The other is a licensed Windows 10 development environment VM that includes a raft of features documented in the Windows Dev Center’s “VM Downloads” page.

It just goes to show you that little things, like my oversight, can stymie progress just as effectively as problems that genuinely come from bugs. I now understand that my earlier experience with Hyper-V had always been on PCs with a single Ethernet NIC, so I was insulated from paying attention to picking the right one. When there’s only one NIC, it can’t help but be the right NIC to get you to your LAN. But when there’s more than one to choose from, you MUST pick one that’s connected. Sigh.

May 24, 2017  6:11 PM

Bid $SysReset Goodbye in Win10

Ed Tittel Ed Tittel Profile: Ed Tittel
Disk cleanup, Hidden files, Windows 10

In poking around on some of my Windows 10 systems, I occasionally encounter the $SysReset folder on the OS drive. The dollar sign at the start identifies it as a hidden system folder. Thus, astute readers already know I routinely check the radio button in File Explorer Options that reads “Show hidden files, folders, or drives.” Unlike many other hidden folders, $SysReset is easy to delete. Even better, it’s usually free from ensuing complications when deleted. Hence, the title of this blog post. Here, I explain how to bid $SysReset goodbye in Windows 10.

Bid $SysReset Goodbye

Because $ is ahead of the alphabetic characters in the collating sequence, hidden folders show up at the top of the File Explorer list.

Make It Happen: Bid $SysReset Goodbye!

Before we chase the $SysReset folder into oblivion, a bit of explanation may be helpful. This folder bears often bears testimony to a failed reset or refresh operation in Windows versions from 8.0 forward. Inside this folder, one finds a Logs folder with traces of prior activity. In my case, this was a file named SetupAct_offline.log. That file provided information about the presence or absence of a factory reset image on my PC. I can tell from the date it ran that it coincided with using the Macrium boot repair tool on this PC. I ran that tool deliberately, in connection with a story on boot repair tools I was writing for The log simply reports that my boot/sys drive includes no factory reset partition (no surprise, because I clean-installed the OS to it myself in April).

Thus, it’s no problem for me to remove the folder and its contents from the drive. Accordingly, I right-click the $SysReset folder entry in the right-hand pane. I select “Delete” from the pop-up menu, and BAM! it’s gone. Just that easy, for once in the sometimes-frustrating contortions necessary to achieve Windows cleanup. No turning to tools like Unlocker, nor any need to boot to a rescue or repair disk to root out files the OS doesn’t want to relinquish. An occasional triumph over Windows is worth savoring, so I hope you’ll savor it with me.

May 22, 2017  10:57 AM

KB4016871 Fixes Spurious Win10 DISM Issue

Ed Tittel Ed Tittel Profile: Ed Tittel
DISM, Image management, Troubleshooting, Windows 10

For the past five months, the Current Branch for Windows 10 (Builds 1604 and 1703) has been subject to a spurious DISM issue. (I blogged about this as far back as December, 2016.) That is, running DISM with the /checkhealth option returns a “healthy” verdict. OTOH, the /scanhealth option indicates the component store is corrupted but “repairable.” It turns out the cause of the issue is a version staging file that’s associated with the Win10 image, but not included in the .wim file itself. That’s why I’m pleased to report that the recent cumulative update KB4016871 fixes spurious Win10 DISM issue. There’s a small bit of user/admin effort required to effect the fix, as this sequence of PowerShell cmdlets shows:

KB4016871 Fixes Spurious Win10 DISM Issue

This sequence of cmdlets shows a contradiction between items 1 and 2, and the fix in item 3.

How KB4016871 Fixes Spurious Win10 DISM Issue

I’ll explain the what and how. But first, let’s review what the preceding screencap shows:

The first cmdlet corresponds to dism /online /cleanup-image /checkhealth. Note: it returns a positive result for “ImageHealthState” (“Healthy“).

The second cmdlet corresponds to dism /online /cleanup-image /scanhealth. Although it’s run on the same image as the preceding cmdlet it returns a negative result for “ImageHealthState.” (“Repairable” means that it has discovered potential corruption that can be repaired.) The CBS.log file shows the culprit is a missing file named (its name is loooong, so it wraps across two lines):


Once the afore-cited cumulative update is applied to the online image, however, the third cmdlet now works! It corresponds to dism /online /cleanup-image /restorehealth. This clears the error condition, and shows that KB4016871 fixes spurious Win10 DISM issue at long last. We know this because ImageHealthState shows as “Healthy” upon completion.

Apparently, the cause of this issue is that the TestRoot and FlightSigning Package file identifies a specific bit of staging and version identification data. In fact, Windows Update uses it when running the Unified Update Platform (UUP) to decide what updates to download. Thus, it’s not really part of the Windows Image file itself and, though referenced, doesn’t turn up when a deep health analysis runs against a targeted Windows image. This produced some kind of error in an earlier release of Windows 10 Current Branch, but is now rectified with Version 1703 (Build 15063.296). One must still run the final cmdlet or its native DISM counterpart to finalize that fix, though.

[Note added later on 5/22, thanks to posters Bree and s0urce at] It looks like the repair actually comes from Microsoft, courtesy of the online image checks that are part and parcel of the way DISM works. Here’s a quote from Bree’s post on the subject:

It would seem that the ‘source not found’ error was not just referring to finding the source on the local PC, but also to a failure to find a valid download for the package on MS’s servers. This would appear to be what @s0urce says MS have fixed ‘internally’.

Whether or not KB4016871 is a prerequisite is a moot point (I suspect not). What is essential is to run DISM once more now that MS have fixed things at their server end so that the working packages can be downloaded and the repair completed to 100%.

Here’s a snippet from the CBS file that shows this fixed functionality at work

2017-05-20 10:08:53, Info                  CBS    DWLD: Windows update server URL:
2017-05-20 10:08:53, Info                  CBS    DWLD:Content is Full-Cab package.
2017-05-20 10:08:53, Info                  CBS    DWLD: Windows update server URL:
2017-05-20 10:08:53, Info                  CBS    DWLD:Content is Express package.
2017-05-20 10:08:53, Info                  CBS    DWLD: Windows update server URL:
2017-05-20 10:08:53, Info                  CBS    DWLD:Content is Express package.

May 19, 2017  11:10 AM

Manage Win10 Drivers Using DISM

Ed Tittel Ed Tittel Profile: Ed Tittel
Device drivers, DISM, Windows 10

Insider Preview Build 16199 was released for Windows 10 a couple of days ago (5/17). In the wake of its install, I checked on Windows 10 drive handling. To that end, I consulted the Reliability Monitor, which shows driver installs as it tracks system changes and errors. Sure enough, Relimon reports that drivers for all devices on a PC get installed during the upgrade process (see screen capture). This spurred today’s blog post, as I explain how to manage Win10 drivers using DISM. In fact, this tool can back up and restore drivers associated with any given Windows image.

Manage Win10 Drivers Using DISM

A quick peek at “Informational Events” on upgrade day (5/17) shows installs for all device drivers on each upgraded PC.

Why Manage Win10 Drivers Using DISM?

Any time you run the Windows installer, you run the risk that it won’t find one or more drivers. Some of these can be critical, as my long-time experience with pre-release technical previews of Windows 10 taught me. On my test PCs, I sometimes had to supply a driver for Killer NIC adapters (fixed since the 1607 version last year) after an upgrade install. Ditto for a Dell/Atheros 1537 wireless adapter on my test tablet. YMMV as far as driver coverage goes in Windows 10. Thus, it’s best to be prepared to fill in where MS fails to find everything driver-wise.

Simply put, the answer to the question posed in this section’s heading — namely: “Why manage Win10 drivers using DISM?” — is “Because it’s easy and fast.” If a PC’s drivers are all current and correct before you perform a Win10 upgrade, you can use DISM to back them up in under two minutes. After an upgrade, you can use that backup to restore individual drivers via Device Manager/Update driver, or perform a wholesale replacement of all drivers using DISM.

How to Manage Win10 Drivers Using DISM

At the command line, DISM backs up drivers using this syntax:

 Dism /Online /Export-Driver /Destination:{DL}:{FS}

 Here {DL} stands for drive-letter, and {FS} for folder specification, so that you’d enter /Destination:D:\DriverBk if you wanted to create the driver backup in a folder named “DriverBk” on the D drive.

The corresponding command for grabbing all drives from such a backed-up folder is:

 Dism /Online /Add-Driver /Driver:{DL}:{FS} /Recurse

Please note that this latter approach simply adds those drivers to the DriverStore in Windows 10. DISM doesn’t remove drivers already present after an upgrade install. That’s why most experts, and yours truly, recommend that you use Device Manager to identify devices that need drivers. Instead, you can right-click those devices one at a time, then use the Update driver capabilities to point at your driver folder as the update source instead.

May 17, 2017  11:35 AM

Current MS Drivers Show Vista 2006 Date

Ed Tittel Ed Tittel Profile: Ed Tittel
Device drivers, UPnP technologies, Windows 10

Take a look around inside Device Manager. If you do, chances are nearly certain you’ll find one or more drivers dated 6/21/2006. That date is no accident, but could be a calculated distortion of its true vintage. 6/21/2006 is the release date for Windows Vista. Microsoft development engineer “zac_I” explains what’s up, in a in a Reddit post from January 2017. Here’s proof that current MS drivers show Vista 2006 date from Device Manager on my production PC:

Current MS Drivers Show Vista 2006 Date

Chances are pretty good you’ll see this date popping up on most MS-supplied drivers for generic or non-OEM devices like this human interface (HID) item.

OK, So Why Do Current MS Drivers Show Vista 2006 Date?

To answer this question, zac_I’s explanation is worth reproducing verbatim:

There’s a very good reason for that, and it has nothing to do with the age of the driver or anything.

When PNP ranks drivers, it first looks at the hardware ID that the driver matches. If any two drivers match identical hardware, the first tiebreaker is the date of the driver. So if you had a device that could use a built-in driver, but you had installed some custom/OEM driver on your device, every time MS updates our driver, it would overwrite your custom driver because the date is newer than the one you wanted. How do we avoid this? Every driver we ship has the Vista RTM date, regardless of when it was last updated (we update the version number, which is the next tiebreaker if the date is the same). Since only drivers as far back as Vista are compatible with new versions of Windows, every driver should have a date newer than Vista RTM, preserving the driver you installed as the best ranked driver.

That means the real clue to the age for Microsoft-supplied drivers appears in the Driver Version field just below the date. In the preceding screen cap, this shows 10.0.15063.0. This indicates it comes from Windows 10 Creators Update. That version of Windows 10 made its public debut on 4/11/2017, so that provides a “no-later than” timeframe for such drivers. Of course, MS grabs and uses whatever driver is current at the time of the release, so it’s nearly certain that the actual date is somewhat older. But this is one case where just because the date says 2006, it doesn’t actually hearken back 11 years. In fact, it’s probably not even close…

Fascinating stuff, eh?

[Shoutout to Kavia Digdarshan at The Windows Club, whose 5/16/17 article “Why are Windows 10 Device Drivers still dated back to 2006?” brought this tantalizing bit of administrivia to my attention. Thanks!]

May 15, 2017  11:42 AM

MiniTool Power Data Recovery Rocks

Ed Tittel Ed Tittel Profile: Ed Tittel
Data Recovery Software, Troubleshooting, Windows 10

In January of this year, I blogged about the MiniTool Partition Wizard. In response to my post, the software’s maker asked me to take a look at their sister product: MiniTool Power Data Recovery. I get a lot of requests like this, so I don’t always get around to using or writing about such products. In this case, I was headed in the same direction but then I shot myself in the foot. And indeed, that’s also what gave me cause to learn that MiniTool Power Data Recovery rocks at its appointed task. Let me explain…

Why say “MiniTool Power Data Recovery Rocks?”

Good question! Thereby hangs a tale: Because of research into mSATA SSDs about three years ago, I have half-a-dozen Samsung EVO 840 256 GB SSDs hanging around my hardware collection. In finding tools to put these drives to work, I’ve purchased a couple of Syba SD-ADA40107 2.5″ SATA 6G/USB 3.0 to Dual mSATA RAID Adapters ($26 from Newegg). Basically, these devices let you drop in a pair of mSATA SSDs and use them as a RAID 0 or RAID 1 array, or as JBOD (just a bunch of disks).

MiniTool Power Data Recovery Rocks

Pop a couple of mSATA SSDs into this card, and plug it in using SATA, and you’ve got a fast and capable 2X capacity RAID0 hard disk (500 GB my case).

My “shot to the foot” came from confusing my primary data drive (!) with my experimental drive. And alas, I ended up wiping the partitions on the data drive thinking I was working on the other drive. Ouch! I found a three-month-old backup that I was able to use to restore about 90% of the contents of the original drive, but I couldn’t find copies of the other 10%, some of which was important stuff I didn’t want to lose. Thus, if ever I was faced with a need for data recovery, this was it.

Recovery is not free, but it works well

That’s when I learned that the free version of MiniTool Power Data Recovery comes with a 1 GB data recovery limit. I needed to restore about 21 GB of data, so there was nothing to do except pony up the $69 fee for a personal license. The expenditure proved worth every penny, because the tool’s “Lost Partition Recovery” facility resuscitated about 99% of the data on the affected drive. Recovery coverage depends on how much data has been overwritten onto new partitions in finding and saving files and folders from previous “lost” partitions. In my case I was luck enough to recognize my mistake quickly, and did no writing to the drive other than what occurred when setting up the partitions and writing the entries necessary to set up NTFS on the volume.

The process was fairly slow, because over 210 GB worth of files were recovered. It ended up taking 2.7 hours to complete, on a fairly fast PC (i7 4770K on a Z97 chipset motherboard), but that’s probably because I had the drive plugged into a USB 3.0 drive caddy rather than a 6 Gbps SATA port. But MiniTool Power Data Recovery proved equal to the task, and paid for itself, IMHO, on its first use.

I’d learned about the program from, where the program gets accolades from many members. See, for example MiniTool Power Data Recovery to the Rescue and Good data recovery tool for deleted files?, among many others. It definitely did the job for me, and may come in handy for admins and power users in need of a capable first line of file/disk recovery software defense. That’s why I assert with some confidence that “MiniTool Power Data Recovery rocks!”

May 12, 2017  10:18 AM

Clean Up Old Wireless Profiles in Windows 10

Ed Tittel Ed Tittel Profile: Ed Tittel

I have five mobile PCs at my disposal. At various times, I’ve taken all of them on the road with me. Earlier this week, I took at look at the various wireless profiles defined on each of those machines. I found no less than 18 entries on any given machine. My trusty Lenovo T520 — the machine I take with me most often, thanks to its 15.6″ display, comfortable keyboard, and capacious storage (3 drives for 2.75 TB) — had 25! Looking at what I found when running netsh wlan show profiles quickly led me to clean up old wireless profiles on all of those machines. PowerShell makes that pretty easy, so I’ll show what I found, then explain how I cleaned it up.

Clean Up Old Wireless Profiles

Aside from numerous client office networks and my home WAPs, this list features lots of hotels and miscellany (25 entries!).

How to Clean Up Old Wireless Profiles in Windows 10

PowerShell happily fields 99.9% of the commands that cmd.exe accommodates, and thousands of cmdlets besides that. I turned to the standard network management command netsh to get my work done in this case. The basic sequence of activities flowed like this:

  1. netsh wlan show profiles produced the list of profiles shown in the preceding screen capture. These include numerous client locations, my iPhone and home WAP networks, plus lots of hotels and other remote networks, many of whose generic names ring no bells with me at all.
  2. netsh wlan delete profile name=”<name>” is the syntax for removing old, obsolete or unwanted profiles from that list, where one must substitute <name> with an actual profile name (e.g. TSI or Ft.Marcy Wifi, both of which were among the 15 targets I removed). [Note: the quotation marks enclosing the value of the name attribute are mandatory.]
  3. PowerShell lets you use cut-n-paste operations with commands, so I used the output from netsh wlan show profiles to capture the strings I used in the subsequent delete commands to clean up the entries I didn’t want or need any longer. Took me less than two minutes on any given PC to clean up my list.

For those of us who take their PCs with them on the road, and who tie into lots of  “away” wireless LANs, this kind of clean-up is worth doing at least once a year, if not more often than that. Good thing that PowerShell makes it fast and dead simple!

May 10, 2017  3:56 PM

Intel AMT Exploit Needs Attention

Ed Tittel Ed Tittel Profile: Ed Tittel

On Monday, a piece in ZDNet attracted my attention and interest. Shortly thereafter, it also generated some local alarms on four of my systems. The title of that piece says it all “Intel chip vulnerability lets hackers easily hijack fleets of PCs” (emphasis mine). Alas, it seems an Intel AMT exploit needs attention in businesses of all sizes that run Intel-based PCs of  “a certain age.” In this case, AMT stands for Active Management Technology. As it happens, AMT lets IT admins perform remote maintenance/update tasks, including wiping hard disks.

AMT can, in the words of the ZDNet story, allow an administrator “to remotely control the computer’s keyboard and mouse, even if the PC is powered off.” Such godlike powers need strong controls that turn out to be MIA. In fact, security researchers discovered that a blank password gets anybody into the Web interface for AMT. That gives them the ability to do whatever they want to entire fleets of PCs. The best fix turns out to be disabling AMT altogether. Admins must thus forgo its administrative conveniences to avoid potentially catastrophic compromises. Find all the details in this Intel security advisory on Exploit Intel-SA-00075.

How to tell if the Intel AMT exploit needs attention on your PCs

Fortunately, Intel has also released a detection tool to tell you if your PCs are vulnerable to this exploit or not. That said, only operations that use AMT are subject to this vulnerability. Thus if your business hasn’t turned on AMT, it can’t be compromised through AMT, either. Download the Detection Guide from the Intel Download Center and you’ll be able to tell if your PCs are vulnerable or not. I ran it on my 8 PCs here at the house, and learned that half of them are potentially vulnerable to this exploit. But I don’t run AMT, so that vulnerability cannot currently be exploited.

If a PC is vulnerable, here’s what the output from that Detection tool looks like:

Intel AMT Exploit Needs Attention

To check your systems, run the detection tool and see if the word Vulnerable pops up in RED.
Unaffected systems will report Not Vulnerable in GREEN

From what I can glean from the Intel advisory, other coverage, and my own experience, Intel PCs built from 2010 through 2014 are likely to be affected. Thus all of my older systems were affected. These included:

  • my wife’s Ivy Bridge dual core i7 mini-itx box
  •  my son’s Haswell quad core i7 Dell XPS27 All-in-one
  •  my two Lenovo Sandy Bridge dual core i7s laptops

None of my newer systems fell prey, however:

  •  the Surface Pro 3 i7 (Haswell i7-4650U)
  •  my Dell Venue Pro 11 7139 (i5-4210Y)
  • my production desktop PC (i7 6700)
  • my Insider test desktop (i7 4770K)

I suspect many business PCs will be subject to the AMT vulnerability. For those organizations using AMT, turning it off for the time being is an essential step to regaining control over their PC fleets. Don’t delay in taking that step, please!

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: