Those who’ve followed Windows OSes and applications for the past decade know that the 64-bit takeover is history. Circa Windows 7’s July 2009 release date, most new PCs were already 64-bit. Today, you must work to find and buy a 32-bit Windows PC running Windows 10. If you succeed, you’ve probably bought an el-cheapo tablet or super budget laptop with a 32 GB eMMC storage device, and no more than 2 GB of RAM. Otherwise the modern Windows world is entirely 64-bit. Why, then is the default for Microsoft Office installation still 32-bit? Therein lies an interesting tale, as I explore Office 32-bit versus 64-bit versions.
In a 64-bit world, why does Office still default to the 32-bit version?
What’s the Difference? Office 32-bit versus 64-bit…
Here’s a quote from the MS Support site’s “Choose between the 64-bit or 32-bit version of Office” (applies to Office 2016, Office for business, Office 365 Admin, Office 365 Small Business, and so forth):
The 32-bit version of Office is automatically installed unless you select the 64-bit version at the beginning of the installation process. This article explains the reasons to choose either the 64-bit or 32-bit version of Office on a PC.
In fact, you have to seek out and run the version of setup named setup64.exe to force Windows to install the 64-bit version of Office. Otherwise, you’ll wind up with the 32-bit version. With that bit of administrivia in mind, here is what might impel someone to skip the default and force 64-bit installation instead (quoted verbatim from the afore-cited Support article):
- You’re working with large data sets, like enterprise-scale Excel workbooks with complex calculations, many pivot tables, data connections to external databases, Power Pivot, 3D Map, Power View, or Get & Transform. The 64-bit version of Office may perform better in these cases. See, Excel specifications and limits, Data Model specification and limits, and Memory usage in the 32-bit edition of Excel.
- You’re working with extremely large pictures, videos, or animations in PowerPoint. The 64-bit version of Office may be better suited to handle these complex slide decks.
- You’re working with files over 2 GB in Project, especially if the project has many sub-projects.
- You’re developing in-house Office solutions like add-ins or document-level customization. Using the 64-bit version of Office lets you deliver a 64-bit version of those solutions as well as a 32-bit version. In-house Office solution developers should have access to the 64-bit Office 2016 for testing and updating these solutions.
Benefits of Staying 32-bit
MS takes the 32-bit default route because it provides best overall backward compatibility. Thus, it retains the ability to work with 32-COM add-ins or controls. This can be essential when, as sometimes happens, no 64-bit alternatives are available. This also ensures continued support for older Visual Basic, and calls to 32-bit MAPI applications or OLE servers and objects. Ditto for legacy SharePoint, Access, Equation Editor, Word Add-in Libraries, and moire. In business environments where add-ons or macros are used, this keeps things working.
Long-time TenForums poster Bree explains this succinctly and cogently in a recent post (#15). He observes: “There are more disadvantages to the 64-bit versions than advantages.” I have only one (test) system running Office 64-bit myself, and I can’t tell any difference between the two versions whatsoever. That’s why I’m sticking with the default 32-bit install. In the absence of a compelling reason to go 64-bit yourself, you may also do likewise.
The August 2017 Born to Learn MS Press Round-up blog post includes a welcome and valuable freebie. It features a link to a sample chapter from the latest edition of a terrific book. And that book is the 2nd edition of Troubleshooting with the Windows Sysinternals Tools. The sample chapter covers the excellent and always informative Autoruns utility. Thus, MS Press samples Autoruns coverage in great detail for free. This material is well worth glomming onto, because Autoruns is so comprehensive and far-reaching, it can be hard to make sense of its findings without expert help. And here, expert help is at hand!
This book’s been out for a while, but the free chapter on Autoruns is worth grabbing and saving all by itself.
When MS Press Samples Autoruns Coverage, What Does It Get You?
Short answer to the preceding question: “A whole lot.” However, a longer answer comes from listing the topics addressed therein. Here’s the list of topics addressed therein, reproduced verbatim from Sysinternals Autoruns page:
Use Process Explorer to display detailed process and system information
Use Process Monitor to capture low-level system events, and quickly filter the output to narrow down root causes
List, categorize, and manage software that starts when you start or sign in to your computer, or when you run Microsoft Office or Internet Explorer
Verify digital signatures of files, of running programs, and of the modules loaded in those programs
Use Autoruns, Process Explorer, Sigcheck, and Process Monitor features that can identify and clean malware infestations
Inspect permissions on files, keys, services, shares, and other objects
Use Sysmon to monitor security-relevant events across your network
Generate memory dumps when a process meets specified criteria
Execute processes remotely, and close files that were opened remotely
Manage Active Directory objects and trace LDAP API calls
Capture detailed data about processors, memory, and clocks
Troubleshoot unbootable devices, file-in-use errors, unexplained communication, and many other problems
Understand Windows core concepts that aren’t well-documented elsewhere
You’ll also get a peachy overview of how to read the various elements of the Autoruns GUI. In fact, that covers the tool’s organization around registry keys, its use of color coding, and online lookup feature. I’ve always found Autoruns helpful and informative. But after reading over this sample chapter, I’m able to get more out of the program. I’m also more able to make sense of the wealth of information it provides. If it works for me, it should work for you, too. Check it out!
In the latest Win10 versions, PowerShell replaces the command prompt (cmd.exe) in the Winkey-X pop-up menu. And it runs most command-line programs unaltered, including chkdsk. But PowerShell also offers alternative cmdlets (pronounced “command-lets”) as well. In fact, the Win10 PowerShell Chkdsk alternative is the Repair-Volume cmdlet. Here’s what the get-help subsystem in PowerShell has to say about this cmdlet:
Repair-Volume offers most of the same functionality as chkdsk in a form that’s native to PowerShell.
[Click image to see full-sized view]
Exploring the Win10 PowerShell Chkdsk Alternative: Repair-Volume
The most frequently used version of Repair-Volume takes a volume offline for scanning, and attempts fixes on any errors it finds. Thus, the basic syntax for this version of the command is:
Repair-volume -Driveletter <DrvLtr> -OfflineScanAndFix
Where you’d substitute the letter for the drive you wish to scan for the generic <DrvLtr> parameter. I tried this out on my production system yesterday because it currently supports 10 drives. I’m pleased to report it worked on all drives, including the boot/system drive, C:. It was interesting to see the drive information (the bar that shows how much space the drive provides, and how much is used) disappear while this process was underway, as shown here for one of my biggest drives (J: 3TB nominal):
When it’s running for some specific drive, that drive’s disk info disappears (it’s off-line).
[Click image to see full-sized view]
Using Repair-Volume Day-to-Day
Actually, this cmdlet is incredibly easy to use. You’ll find it handy when you need to check drives under most circumstances. Also, because it even works on your boot/system drive you’ll find yourself needing to schedule chkdsk after restart less often. Finally, those who want to create a PowerShell command file (.ps1 extension) can easily put something together to do this for all of their drives, and run it periodically as a scheduled task.
Thanks to Sergey Tkachenko at WinAero.com, whose blog post “How to Check a Drive for Errors in Windows 10” (posted 8/22) brought this cmdlet to my attention.
No matter how much you might know about Windows 10, there’s always something new to learn. I picked up a winner from Ed Bott’s ZDNet column the other day. He explains how to use the pop-up calendar as a general “time navigation tool.” Along the way, he exposes a great Win10 Date/Time Calendar trick I’ve already put to good use. Here’s a step-by-step illustration of what’s involved.
The Great Win10 Date/Time Calendar Trick, Step-by-Step
Step 1: Click the date time widget in the notification area of the taskbar.
Step 2: Check the resulting pop-up calendar centered around today’s day and date. Notice the line that reads August 2017 at the upper left of the display.
Note “August 2107” at upper left, just below the time/date bock at the very top.
Step 3: You can manipulate the month on display directly. Instead of using the arrows at top right, click on August (or whatever month is on display). Here’s what you’ll see:
You get a visual layout of all 12 months of the year and can pick out the one you want immediately.
Step 4: To see a year “map,” click the 2017 at upper left shown in the preceding screen capture. To go further back or forward in time than the window allows (2010-2019), use the arrows.
You get a visual layout of all 12 months of the year and can pick out the one you want immediately.
This makes the built-in, easily accessible calendar on the notification pane a much better calendar tool than I’d thought. I’ve already used it several times since Wednesday to solve scheduling issues. Ditto for picking appropriate days for meetings, and figuring out which days of the week commitments fell upon. Good stuff!
The MS Diagnostics and Recovery Toolset (DaRT) 10 permits admins to diagnose and repair computers that won’t boot, or have problems starting as usual. DaRT 10 can recover unusable end-user PCs. It can also diagnose probable causes for underlying issues, and repair unbootable or locked-out machines. It can restore lost files, or detect and remove malware, even when computers are offline. Indeed, this all makes DaRT an invaluable addition to any admin’s Windows toolbox.
DaRT appears in the boot menu as “Microsoft Diagnostics and Recovery Toolset” from whence you can launch its various recovery tools
Who Qualifies for Access to the Diagnostics and Recovery Toolset?
If DaRT is a great tool, why isn’t it better known and more widely used? Alas, only organizations with a license for Windows that includes Software Assurance qualify. Such organizations are granted access to the Microsoft Desktop Optimization Package, aka MDOP. A Windows 10 Enterprise E3 in CSP Subscription, which includes Software Assurance, costs $84 per user per year with no minimum license commitment. (That said, volume licensing starts at 5 units, and goes up from there.) Higher-level licenses cost more…
The only others granted access to MDOP – which includes DaRT among its components – need a standard Visual Studio Subscription with MSDN or its cloud counterpart. This standard subscription costs US$5,999 for the first year, and $2,569 annually thereafter. Alternatively, the cloud equivalent costs a flat $2,999 yearly. Thus it costs something to access DaRT, no matter how you slice it.
The best point of entry into DaRT appears in the Windows IT Center online. There, you’ll find a DaRT 10 landing page entitled “Diagnostics and Recovery Toolset 10.” This in turn offers up the following Table of Contents (presented here with live links for your surfing pleasure):
To use DaRT, you must download MDOP from the Volume Licensing Center or the Visual Studio/MSDN portal. Then you can grab the DaRT .ISO amidst its various components. Mount that .ISO as a virtual drive, and follow TechNet instructions in “Create a Bootable USB Flash Drive.” Be sure to build both MBR/NTFS and UEFI/FAT32 versions so you can boot either PC type. Finally, copy the contents of the entire mounted .ISO to the UFD’s root. You can then use it to boot problem PCs for access to DaRT’s tools, shown here:
Be sure to check DaRT out, assuming you qualify to download MDOP and start digging in. Good stuff!
About two weeks ago, long-time Windows watcher Ed Bott offered an interesting assessment of Windows 10 at ZDNet. It’s entitled “Windows 10 after two years: Microsoft’s mixed report card,” and appeared on 8/3. Given that Ed Bott issues Win10 report card, what kinds of grades does it include? Just as the OS is a mixed bag, so also his assessments. Here’s what grades he handed out:
- Adoption rate: A-
- Upgrades and updates: C+
- Privacy: B
- Security: A-/B-
- Apps: Incomplete
- Tablets and phones: F
As Ed Bott Issues Win10 Report Card, What Do His Grades Mean?
The Adoption rate grade is easy to explain. It reflects the fastest uptake “for any Windows version ever.” But the company’s failure to hit its 1 billion user target in 2-3 years explains the minus sign. What Bott labels a “frantic first-year push” is over. Now, he sees (and I agree) that “Microsoft adopted a much more relaxed upgrade pace.” It relies on new PC sales to boost Win10 numbers rather than upgrades on existing gear.
The Privacy grade reflects wild-haired responses to Microsoft’s broad-based telemetry (and consequent data acquisition). It figures into many, if not most, of Win10’s subsystems and actions. Bott takes issue with the company’s “dry, legalistic and unconvincing explanations” for this data grab. But he also gives credit for halving such data collection, and publication of telemetry data details.
Security gets two grades, one for enterprise and another for “consumer and small business segments …” The higher enterprise grade reflects “an impressive assortment of security features for its enterprise customers.” The lower grade dings their absence in down-market versions of Windows 10. Baseline security features mentioned include Windows Hello, disk encryption, and built-in antimalware. Enterprise security features mention Defender Advanced Threat Protection, Exploit Guard, and Defender Application Guard.
Onto the Less-than-Stellar Report Card Items
The Upgrades and updates C+ grade comes from “two free feature updates per year.” That gets coupled with an 18-month shelf life for each one. Thus, as Bott so rightly observes, “you can no longer stick with an older version of Windows indefinitely.” He (and I) like the new approach of “cumulative quality updates in place of an endless assortment of individual updates.” But he takes issue with forcing updates on end users and notes certain “hiccups” in CPU support. Most notably, that included a “sudden end of support for relatively young PCs based on Intel’s Clover Trail chips.”
The Apps category gets an Incomplete. That’s because of Microsoft’s ongoing struggle to deliver compelling Store apps. Using the Desktop Bridge hasn’t really fired up the app space, either. Bott finds fault with Office mobile apps as “barely adequate and almost impossible to find …” I agree that apps remain a sore point for Windows 10. Indeed, they haven’t captured user’s hearts or minds.
Finally, Bott gives Tablets and phones an F. That’s because MS has let Windows Mobile wither, even as it continues “cranking out Windows 10 Mobile builds…” He characterizes “the company’s capitulation in this category” as “nearly complete.” He goes on to remind readers about the Nokia sell-off and a massive mobile writedown.
Other Noteworthy Aspects of Windows 10 Outside Bott’s Coverage
As somebody who’s covered Windows 10 since the first Technical Preview was released, I’d like to add a few more subjects to Bott’s report card, with some brief explanations:
- Image construction and management: A-
Microsoft has moved away from monolithic builds for releases and updates. It now uses an approach to providing updates that looks like “survey what’s present, update what’s outdated, and supply what’s missing.” I also like the increasing capability of DISM and related PowerShell equivalents, to operate on and customize Windows image files. I give it a minus because the syntax and structure of this stuff is not terribly friendly, even for seasoned Windows-heads.
- Refresh and Reset Windows: A
The new built-in facilities for performing an upgrade install to refresh OS files while keeping applications and data is nice, as is the reset capability to return a PC to from-the-factory status. Good stuff!
- Task View: A-
The ability to define and manage multiple desktops in Windows has always been a good idea, but it’s only recently been built into the OS. This is a handy feature for power users who need to juggle multiple usage scenarios, especially for multi-monitor set-ups.
I could go on, but I only want to make the point that there’s quite a bit to like about Windows 10 for admins and end users alike.
One thing I sometimes think about is the difference between binary and decimal numbers. This difference can be particularly interesting when it comes to sizing storage like HDs or SSDs. Manufacturers use decimal numbers to count the bytes of storage they provide. Then they describe them using megabytes (MB), gigabytes (GB), terabytes (TB) and so forth. But when it comes to numbering decimal versus binary bytes, using decimal sizes makes drives look bigger than they really area. As the scale of the units involved increases to TB and beyond, the discrepancy gets bigger along with the units.
Table 1: Numbering Decimal Versus Binary Bytes
What this table shows is interesting. For one thing, for each unit (GB, TB, PB, and EB, which correspond to binary numbers 230, 240, 250, and 260) it shows the difference between a putative decimal number (Claimed) and its binary equivalent (Actual). This is also expressed as an absolute difference (Diff) and a percentage difference (%-age). The Delta column shows how the growing percentage difference as we increase the scale of the units actually decreases (that is, from GB to TB, from TB to PB, and from PB to EB, or Exabyte). That’s a good thing because it means the increase is arithmetic rather than geometric or exponential.
There’s an online tool you can use to work other numbers out for disks sized using MB, GB, and TB units. It’s entitled USB Hard Disk Real Capacity. But of course, it works for any kind of binary storage where buyers must convert a less-than-perfect decimal number into its binary counterpart. While you may or may not check it out, you can use the percentage numbers for each unit from Table 1 to reduce claimed disk sizes to the actual numbers you’ll see showing up in Windows Explorer (or its platform equivalent, such as the Finder for MacOS, and file/directory commands for Unix/Linux).
Actual Table Data
WordPress wants images, so I took a snap of the table below in HTML to turn it into a graphic. Here’s the table for those who may want to grab it in actual numeric form for manipulation in a spreadsheet or something…
Game of Thrones fans who want to avoid spoilers are running for cover in light of last week’s HBO ransomware attack. End-user computing administrators should take notice and learn about security measures that can protect their employees’ data from similar attacks.
Hackers stole a variety of data in a ransomware attack, then released episode scripts, plus HBO employees’ phone numbers, emails and other personal information. This week, they threatened to dump further confidential data.
Typically a ransomware attack corrupts endpoints by taking advantage of Windows operating system vulnerabilities. Hackers encrypt stolen data so that users cannot access it and demand payment in exchange for decrypting the data.
Most often, the actual attack vectors are social engineering tactics, in which hackers trick users into clicking on links or opening email attachments that launch an attack that exploits the OS vulnerability. If a hack affects one device, it can spread through the rest of a corporate network. That’s why user education is the most important tool EUC admins have against a ransomware attack.
Organizations can hire security consultants to educate users, or adopt training software that continuously tests users to ensure they keep endpoint security top of mind. Third-party services can also send fake attacks to users, then report results back so IT can provide extra awareness training to employees who need it.
But security training isn’t always successful. Phishing attacks, for example, are becoming more advanced and can easily trick even the most discerning users. Technology such as email and web filtering tools can help, as well as endpoint and network monitoring suites. Or, organizations can require SSL client certificates that specifically authenticate the domain that a request for a user’s credentials come from.
“The underlying issue here is that any protection that relies on a human being making a reasonable decision is going to fail,” said Karla Burnett, security engineer at mobile payments provider Stripe, at last month’s Black Hat conference, SearchSecurity.com reported.
To make matters worse, ransomware attacks have increased dramatically in the past three years. They’re growing at a rate of 350% per year, according to Cisco’s 2017 Annual Cybersecurity Report. And about 40% of spam emails contained links to ransomware in 2016, up from just 1% in 2015, IBM said in a Cybersecurity Ventures research report.
As in the HBO hack, it’s not just corporate data on the line. Employee privacy is also at risk if users store personal information on their devices. IT departments should implement security and training tools to safeguard their organizations before the White Walkers — ahem, hackers — breach the wall.
Earlier this week, I reported on my experiences in performing a repair install on my production PC. To recap: in the wake of installing KB4032188 on that machine, I couldn’t enter a pin or password to login after the reboot. Eventually, I did get that PC started. Because those boot issues kept re-appearing intermittently, I ran an upgrade/repair install to fix them. The good news is that this approach worked. But there have been some consequences, as Win10 post-repair-install issues appear. Let me elaborate…
A repair/upgrade install fixes many Windows ills, but it only mostly leaves the prior install intact. What falls outside the “mostly” can get interesting…
Details When Win10 Post-Repair-Install Issues Appear
The appeal of the upgrade (re)install is that this OS repair leaves an existing Windows installation mostly intact. Over the past couple of days, I’ve been learning what falls outside that “mostly” umbrella. Here’s my list of observed items so far. Future experience may cause me to expand as new items make themselves felt or known:
8GadgetPack: Yeah, I know I’m not supposed to run gadgets any more. But they’re so darned handy I do it anyway. Each time an upgrade runs on a Win10 machine, it disables gadgets. Fortunately, Helmut Buhler’s run-time notices this, and offers a repair shortcut on the desktop. A quick double-click on same and gadgets are back at work.
System Restore disabled by default: upgrades and clean installs start up with restore points disabled, no matter the prior state of the OS beforehand. One must remember to visit the System Properties window to turn restore points back on for the boot/system drive (if they’re wanted).
Windows 7 Games: I’m still hooked on Freecell, Solitaire and Hearts. Something about upgrade or clean install kills the ability to run those old games on new Windows versions. A reinstall turns out to be required, but neither terribly difficult nor time-consuming. Prior to repair, the icons still show up (in generic form) but nothing runs; after repair: game on!
Norton Identity Safe: I use Norton Internet Security on my production PC. Norton Identity Safe is my password store on that machine. Also, a Web-based version lets me use it on any machine with Internet access. Although I disabled Norton during the upgrade process, and re-enabled it afterward, Identity Safe wouldn’t run. I ended up downloading and using the Norton Remove and Reinstall tool to fix this.
People: I don’t use the People feature in Windows 10. (Instead, I use Outlook contacts in various versions of Office 365). People still shows up by default on my Taskbar. Thus, I have to unlock the taskbar, then turn off People in Taskbar settings. Finally, I re-lock the taskbar to keep from changing it by accident.
Nvidia GeForce Experience: the first time I fired it up, post-upgrade, it re-installed itself and informed me I needed a new GeForce driver. Looks like something about the upgrade stymies the operation of and automatic update check here.
That’s it so far. The great joy of Windows is that you often don’t recognize a problem until it hits you over the head. I’ll keep adding to this list of items as they do that to me. Stay tuned! If any new Win10 post-repair-install issues appear, I’ll let you know here.
Every month, like clockwork, I get an email blast named “MCP Monthly” from Microsoft Learning. In fact, anybody who’s ever passed any MCP exam can sign up for and receive this newsletter. This latest issue includes an item entitled “Windows 10 Security in Real Life.” As it happens, this points to an MVA (Microsoft Virtual Academy) course of the same name. The featured instructors are Erdal Ozkaya, MS Cyber Security Architect, and Raymond Comvalius, an independent IT architect. The course includes 6 modules from 8 to 45 minutes or so in length, with total playing time of 2:46, as shown in Table 1. Because MVA offers free Win10 security course to all, it makes sense for interested parties to give it a try.
So MVA Offers Free Win10 Security Course:
Where Do I Find It?
Sign-up is easy at the Microsoft Virtual Academy. You’ll use your Microsoft Account to login directly to the course at MVA. Then, simply work your way through the six modules in sequence. Along the way, you’ll hear from your friendly and voluble instructors. It’s interesting stuff and worth digging into for those charged with managing and maintaining security for Win10 PCs on organizational networks. You’ll definitely want to check it out.
The content is useful and interest, the topic timely, and the price entirely right. What more could you want?
If you’ve been itching to learn about new MS security technologies such as Windows Hello and Credential guard, you’ll find them covered here. Same goes for data protection using Windows Information Protection (WIP) and Conditional Access. Likewise for Windows Defender’s Advanced Threat Protection. It can help detect, diagnose, investigate and respond to so-called Advanced Persistent Threats (APTs). Good stuff, all the way around. Please dig in at your convenience!