On December 4, I reported a mismatch between DISM and SFC for Windows 10 in Build 10586.17. It is apparently related to conflicting versions of the opencl.dll driver file associated with Nvidia graphics adapters, where the OS is looking for a smaller Microsoft-supplied version and the runtime environment generally also comes equipped with a larger, OEM-provided version from Nvidia itself (file sizes are 30K vs. 110-120K). Since that time, a new version of the Nvidia driver has been released (361.43) and the build number for Windows 10 has incremented to 10586.36 on the Current Branch. This morning, I tried the combination of DISM and SFC commands shown in the following screenshot, only to observe that the mismatch has not yet been fixed:
Despite changes to both sides of this mismatch since 12/4, the opencl.dll issue persists.
For the time being, unless CBS.log from SFC reports corruption in files other than opencl.dll, it’s probably best to rely on DISM to check for potential file corruption issues in Windows 10. I’ll keep checking this issue as new Nvidia drivers and new Windows 10 cumulative builds become available, and let you know if and when this mismatch disappears.
One more thing: as the foregoing screencap shows — it come from my Surface Pro 3 which hosts only Intel HD 5000 graphics from the unit’s i7-4650U CPU — this problem is not limited to PCs that host Nvidia graphics adapters, as I had originally believed. It apparently affects all Windows 10 PCs (like my Surface Pro 3) whether or not they have Nvidia graphics installed. Given this breadth of impact, I’m a little surprised that MS hasn’t yet fixed this problem.
TechNet describes Windows’ built-in REAgentC.exe command as able to “configure a Windows Recovery Environment (Windows RE) boot image and a push-button reset recovery image, and to administer recovery options and customizations.” The same reference goes onto observe that “You can run the command on an offline Windows image or on a running Windows operating system.” As one should expect with a command that operates on the way the OS recovers from problems with booting or running, this command must be run from an elevated command prompt (easily accessible through the Command Prompt (Admin) option in the pop-up menu that results from striking Windows Key-X in Windows 8 or 10).
Here’s a bit of syntax by way of example that grabs information from REAgentC for use in the disk partition (diskpart) command that provides some powerful illustration of what this command can do, and why one might want to do it. The screen capture comes from my Surface Pro 3, originally purchased running Windows 8.1, and then to 10 (it’s currently running Build 10586.36).
This SP3 tablet shows the remains of two previous OSes in its listing of recovery partitions.
[Click on image to see full-size screencap]
The preceding screenshot shows how you can combine the info option for REAgentC with the diskpart command to figure out which WinRE partition your current OS is using, to see where it fits into your current disk layout. What this information tells me is that a WinRE partition for Windows 8.1 may still be hanging around (probably in partition 1) even though it’s no longer in use, that partition 5 is where the WinRE partition boots from, and that it gets its boot image from partition 6. Were one in need of extra disk space, one could use a tool like Paragon’s Hard Disk Manager Suite to recover the space that unused partitions consume, though I’d recommend a complete image backup and a known working image restore capability (which the Paragon utility also provides) before mucking about with recovery partitions of any kind. In my case, that’s only 350 MB of disk space, so it’s not worth the effort to me to get less than 0.1% of my drive space back (the drive has 230 GB of usable storage space in all).
This is a useful tool for inspecting recovery partitions to see what’s on machines under one’s management, but REAgentC.exe also supports setting the location of a WinRE boot image of one’s construction and/or choosing. It’s also suitable for working on images offline, for admins who must manage libraries or collections of such things. You can also use the command “REAgentC.exe /BootToRE” to force Windows to boot into the Recovery Environment the next time a target machine reboots.
Good stuff, and worth getting to know!
From pocket desktops to virtual reality devices to tablets and more, expect tech presents galore stuffed in stockings and nestled neatly under trees everywhere this holiday season.
While Santa is making his list and checking it twice up at the North Pole you might want to do the same thing to find out what new devices might enter your network after the new year.
Take a look at a few of the top items tech enthusiasts are asking for this holiday season and find out what security lessons you can learn from a Barbie doll.
Have yourself a merry little mobile desktop
The Kangaroo Mobile Desktop delivers a desktop that fits in a user’s pocket. At only 14 millimeters thick, the Kangaroo works on any monitor and can easily make like a joey and hop into users’ pockets when they’re on the move. It was built for Windows 10 and runs the full 64-bit version of Microsoft’s newest OS. It even runs Windows 10 on Apple iOS devices with its OS Linx feature. In addition users can access documents, photos and OneDrive through the Kangaroo Mobile Desktop.
The big drawback, particularly in the enterprise, is the Kangaroo’s limited storage capacity. With just 2 GB of RAM and 32 GB of storage, it simply can’t replace a full desktop and should really only be used for a limited number of apps and Web browsing.
What tablet is this?
Microsoft’s Surface Pro 3 was the standard by which other tablets and notebooks were judged. Now the Surface Pro 4 is out, and although it doesn’t feature any revolutionary changes, it tweaks the formula slightly to make improvements over the Surface Pro 3. Among the changes are the addition of the Surface Pen and its magnetic dock, Windows 10 integration, and the Type Cover with its Chiclet keys, glass trackpad and fingerprint sensor.
Simply put, the Surface Pro 4 is the best Windows tablet or notebook hardware available. However, if users already have the Surface Pro 3 they don’t really need the Pro 4. Both devices have the exact same ports and users can buy the Surface Pen and Type Cover for the Surface Pro 3.
Virtual reality is comin’ to town
Smartphones make the virtual reality of today far more practical than the absurd contraptions of the past. Nowadays users just place goggle-like devices such as Samsung’s Gear VR on their heads and slide their phones into the viewers to enter the virtual world.
The Gear VR improves upon previous models by charging users’ phones while they use the virtual reality tool and rectifying the overheating issues of the past. It also includes a Super AMOLED display, wide field of view and head tracking.
Although virtual reality devices are mostly for playing games and watching videos, they could easily make their way in to the enterprise as ways for workers to look at 3D models or simulations for example.
Barbie its cold outside
As great as these tech presents are, it’s important to remember that while you’re putting up the tree, stringing the lights and in the words of Paul McCartney, simply having a wonderful Christmastime, hackers are still trying to access your corporate data. Even when you sit down for a well-deserved glass of eggnog you have to keep security at the top of your mind, especially as more and more devices enter your network.
Even Barbie isn’t safe these days. One of the hottest toys for kids this Christmas is Hello Barbie, a Barbie doll that connects to the Internet to answer children’s questions and interact with them much in the same way that Siri or Cortana work on a smartphone. It sounds innocent enough, but a security expert was able to hack into the Barbie doll and access user information, audio files and photos. He also believes hackers could access the microphone and make the doll say anything the hacker wants.
Obviously this is scary for parents, and while most workers (probably) don’t bring Barbie dolls to work, it should also be scary for you. As Internet of Things devices — which Hello Barbie is — become more popular and employees bring them to work, hackers can access your network through one of these potentially less-protected devices. They could also unearth valuable information the device picked up through video, photo or audio files. The lesson is that the more internet-connected devices you have in your organization, the more gateways there are into your corporate data.
So as your employees make merry this December and try to simplify their lives with nifty gadgets, remember the Grinch is always lurking around the corner and those gadgets could be an entry way for disaster. Happy Holidays!
Trolling for this morning’s blog fodder, I was both bemused and amazed by the results of a visitor survey on Windows news source NeoWin.net. Here’s a graphic I captured after responding to their survey question for today on a whim, that returned some surprising results:
Survey sez: your answer not only depends on who you ask, but also on what you ask!
Is there even a remote chance that these results represent anything other than a self-selecting population with a strong interest in the leading and/or bleeding edge of Windows OSes? My answer has to be “Not only no, but heck no!” By way of comparison, here are this morning’s figures for the “Desktop Operating System Market Share” from NetMarketShare.com, which I have to believe captures a population more generally representative of who’s out there using desktop devices on the Internet:
NetMarketShare’s figures are drawn from a much broader and more representative population.
There’s a world of difference between those numbers as even a glance at both sets of numbers will demonstrate. Which one do I believe? Neither, completely, but the second set much more than the first. In fact, I think NeoWin’s results speak to exactly who their readership is, rather than to the more general public. Even so, that’s a pretty amazing proportion of the audience to be on the Current Branch of Windows 10.
Just a little something for your Christmas stocking, perhaps?
As 2015 draws to a close, the staff of TechTarget’s end-user computing sites took to Slack and held an hourlong chat about the year’s biggest trends. Over the next few days, we’ll bring you slightly edited excerpts from those discussions. In today’s post, our editors discuss Windows 10 and the uncertain future for tablets.
Jamison Cush, executive editor: Windows 10 threw cold water all over the so-called tablet revolution. It’s a mouse- and keyboard-friendly OS, closer to Windows 7 than Windows 8. The wholesale rejection of Windows 8, which was developed at a time with the iPad was king, illuminated the fact that people aren’t ready to ditch QWERTY and precision navigation for finger taps and swipes.
Maggie Jones, site editor: But it’s adaptive, too. You can still use it on a tablet. Is that not a good user experience?
Jamison: It’s tablet-friendly, but Windows 8 was tablet-focused. In other words, the tablet experience on Windows 10 stinks. It’s an afterthought.
Maggie: That seems backwards to me. There’s all this talk about Continuum, the feature that lets Windows 10 tell what device you’re using, which is obviously focused on 2-in-1s.
Jamison: It’s so ham-fisted, I turn it off. It’s annoying and sluggish.
Maggie: What’s the point of a 2-in-1 that runs Windows 10, then? Just get a straight-up laptop.
Jamison: Portability, mostly. And some of the various modes are useful. Tent mode works well.
Colin Steele, editorial director: What about the overall trend of tablets becoming more PC-like? We’ve had the Surface for a few years now, but things really stepped up in 2015 with the Surface Book and iPad Pro. Is this just a slow realization that there aren’t a lot of tablet-specific use cases?
Jamison: People misread what made tablets so popular from 2010 and onward. It wasn’t the touch navigation that we liked, but the all-day battery life, the instant-on, the thin design and portable build.
Alyssa Wood, managing editor: It’s a realization that tablet use cases are really most viable in certain verticals like manufacturing but not really in the office.
Maggie: And if you have to add a keyboard and mouse to make a tablet work for you, then how much of a tablet is it?
Bridget Botelho, senior news director: People like the idea of a tablet — the cool factor — but ultimately need a laptop experience to do meaningful work.
Colin: I don’t think people need laptops, per se. But they do need a device that replicates most of its functionality. I love traveling with my iPad Air 2 for work, but why do I love it? Because it has Word and a physical keyboard, like a PC.
Adam Hughes, news editor: As someone who has had an iPad for four years now, I learned very quickly that you can’t get any real work done on it. Even with Office as an app, I’m still going for my crappy Dell laptop to work on a story.
Colin: Totally disagree. I do real work (writing and editing) on my iPad all the time.
Bridget: You are using a keyboard, not the touchscreen, to do work. I can’t even do that, though. I brought an iPad to a conference, with a Bluetooth keyboard, and by the end of the day I wanted to throw the damn thing.
Adam: I had a keyboard a few years ago with my iPad, and it was fine for the most part. I mean, it cost over $100, but again, it just felt more inconvenient than using my laptop. I stick to my iPad to watch Netflix and answer emails.
Jamison: The rise of big-screen smartphones have also dented tablet sales. We really don’t need them. A phablet and a laptop is good enough.
Bridget: The iPad in my house is primarily used by my 3-year-old to watch Nick Jr. I have a Fisher-Price safety case on it. Does that say it all about the usefulness of tablets?
Maggie: Once I got a smartphone and my super-thin Dell from IT, I pretty much stopped using my iPad altogether.
It’s been an interesting last couple of days on the Windows 10 front. Just yesterday, I got word that a new technical preview had become available, so I upgraded both of my test machines to what promises to be the first in a series of builds whose numerical designations begin with “11xxx” instead of the “10xxx” associated with the initial version first released this summer. Later that same day, a new Cumulative update (KB3124200) for production Windows 10 showed up with a designation of 10586.36 (up by .07 from the previous production version numbered 10586.29). Here are the side-by-side Winver outputs from my production PC (left) and Dell VP 11 7139 (right):
The downloads from Windows Update were flying fast and furious yesterday (12/17/2015).
[Click image for larger version]
The New Tech Preview: 11082.1000
I’m not sure where the .1000 suffix in this version number comes from, but there you have it. Installation went without a hitch on both test machines (a Dell VP 11 7139 hybrid tablet, and an i7-2600K homebrew desktop), and quite quickly as well. Total size of the download was on the order of 2.5 GB, and the Windows.old files on the post-install systems were just over 15 GB (Dell) and 18 GB (desktop). I did find some spurious drivers (older versions rendered obsolete by newer ones) in the DriverStore after the update, mostly for graphics devices (Intel and Nvidia), system devices (Intel and others), and network adapters (Atheros and Intel). But both systems kept chugging along nicely after the upgrade was complete, and seem to be working just fine. So far, I can’t tell much difference between the pre- and post-update OS versions, but I haven’t made a detailed pass over the basic system utilities and File Explorer interfaces just yet, either. I’ll report further later as stuff pops up under my eyeballs, or in the news elsewhere.
A New Cumulative Update Takes Production Win10 to 10586.36
As is apparently now typical for Windows 10 cumulative updates, KB3124200 (x64) appeared without explanatory details as to what’s been changed or updated with this code tweak (see Catalog page for complete collection; IE required to view this page as intended). So far, only a few TenForums users are reporting issues with the update (one with PIN vs. password login, some with miscellaneous error codes) and most are reporting modest but noticeable performance improvements, especially in File Explorer and the built-in search function. A handful have reported fixes to some networking and Bluetooth issues. Over at InfoWorld, Woody Leonhard reports that “one bug that caused the WLAN AutoConfig service to crash randomly, bringing down Wi-Fi services in the process” may have been fixed. Woody also provides an interesting list of cumulative updates released since build 1511 first appeared that confirms my gut feeling that we’d been seeing these things at a better-than-once-a-week frequency:
In the five weeks since build 1511 appeared, I count six cumulative updates:
Version 1511 (OS Build 10586), released Nov. 12, is the first version 1511 — the one that raised the old RTM build 10240 version of Win10 to the November Update/Threshold 2 level
* Cumulative Update 1, KB 3105211, Nov. 10, build 10586.3
* Cumulative Update 2, KB 3118754, Nov. 18, build 10586.11
* Cumulative Update 3, KB 3120677, Nov. 24, build 10586.14
* Cumulative Update 4, KB 3116908, Dec. 2, build 10586.17
* Cumulative Update 5, KB 3116900, Dec. 8, build 10586.29
* Cumulative Update 6, KB 3124200, Dec. 17, build 10586.36
None of the other usual sources for good Windows 10 news and details (such as WinBeta.org and NeoWin.net) shed any further light on this cumulative update as yet. Stay tuned for more news on this, too!
Users who haven’t used the GWX Control Panel to remove the “Get Windows 10” stuff from Windows 7 or 8.1 systems are now faced with an interesting choice when that runtime facility triggers in the OS. Here’s what it looks like:
If you didn’t know better, you’d have to believe what it says…
[Source: InfoWorld 12/15/2015]
To the untutored eye, it looks like the user MUST upgrade to Windows 10. If not immediately, then later on over the remains of the same day. But that’s not really the case: one need only close the window without selecting either option (the “Alexandrine solution,” from the story of the Gordian knot), and then make sure to uncheck the box for the Windows 10 upgrade option the next time one chooses to run Windows Update. No upgrade required, unless it’s a matter of free and unfettered choice.
Of course, there’s been another hue and cry about Microsoft’s weasel ways in using all of its considerable wiles to move users up from their current older versions of Windows to Windows 10. InfoWorld’s story does a pretty good job of detailing the skulduggery of which MS has been accused including installation of the GWX program dating back to April 2015, nagging from a balloon notification emerging from the system tray to inform users that the upgrade is ready to install, background downloads of the necessary upgrade files (a 3 to 5 GB load on the drive where the Download directory lives), and even accidental selection of the checkbox in Windows Update to fire off the upgrade in October.
I can understand why MS wants to move users up to its latest and greatest desktop OS, but I have a little more trouble understanding why they think it’s necessary to badger, bludgeon, and bedazzle users into making that upgrade so forcibly. I’m still running 8.1 on a test system so I can try stuff out in that OS, and I have Windows 7 VMs at my disposal, so I’ve been there and done that. But I have also installed — and updated — the GWX Control Panel on all of those installations, both physical and virtual, ’cause I just got tired of dealing with it. Sigh.
I’ve been reading about it for some time now on TenForums.com, but I finally decided to visit the MS TechBench site over the weekend.
For those who don’t want to use the MS Media Creation Tool (and I’ll explain some reasons why later in this post), this online resource provides download access to the following x86 and x64 versions of Windows 10:
+ Windows 10
+ Windows 10 KN (Korea, no Media Player, Music, Video, Voice Recorder or Skype)
+ Windows 10 N (Europe, ditto above)
+ Windows 10 Single Language
There’s also a set of documentation to explain how the environment works, as well as the ISO files for the various Windows 10 versions one might wish to grab. Alas, once you’ve chosen a particular version from some particular PC, that’s the only version you’ll be able to see as long as the cookie for the TechBench page remains present. I was able to work through the options and selections by logging in from different browsers and PCs, but you’ll want to be aware of this restriction.
Why Might Somebody Want a Windows 10 ISO?
There are several reasons for this, including wanting to be able to access the .wim file that the ISO includes (I spoke to a Windows-head over the weekend who maintains a current .wim by using DISM to add packages to that image for each new Windows update, to make sure he can always patch his running image using the /restorehealth option in DISM and that patched image for the /sources parameter), the ability to use Rufus or some other third-party tool to create a bootable installer USB flash drive, or the desire to customize the image to be installed before actually performing the installation (many tools are available to operate on .wim files, including DISM; I can’t find any other than DISM that offer even minimal abilities to do likewise to .esd files).
So, if you need a windows image file (.wim) for Windows 10, TechBench is the place to go to get one (though you can also get them at MSDN if you’ve got a subscription with download rights to that file repository). One more thing: if you’d like to convert an .esd file to a .wim file (or vice-versa), the free Wim Converter utility from Winreducer.net is up to the task. Lots of ways to get around this .esd-vs-.wim situation, as it turns out…
[Note added 8/19/2016: TechBench has been closed down since just before the Anniversary Update came out on August 2. These days, the place to grab a current Windows 10 ISO file is from the Download Windows 10 Disc Image (ISO File) page in the Microsoft Software Download pages. I’m not sure why this has changed, but it looks like TechBench is no longer around.]
I’m currently on tap to develop a Webinar for Spiceworks that’s sponsored by Microsoft on a number of Windows 10 topics (I’ll add an update to the end of this post when I find out the broadcast and/or access details for this event). First and possibly foremost among those topics is “Windows as a Service,” which caused me some initial confusion because this term is subject to multiple uses even by Microsoft itself. I’m pleased to report here that for most purposes and situations, WaaS refers to the new model for Windows updates in Windows 10. In Windows 10, the OS is subject to a “consistent stream of updates” that “is in alignment with the Microsoft cloud services strategy across Office 365, Azure, and Microsoft Dynamics CRM online” (both quotes come from the Microsoft US Partner Community blog in a 9/21/15 post from Diane Golshan entitled “Windows 10 Partner Community: Understanding Windows as a Service, and what it means to you as a partner“).
The next statement in that blog post pretty much sums up the philosophy of WaaS, so I’ll repeat it verbatim here, then tease it apart with some analysis:
By providing users with always-on updates, we can better protect their systems and let them take advantage of new user experiences, productivity tools, and hardware innovations as they are released by the Windows engineering team. This approach supports the four Windows 10 innovation for business promises:
- Protection against modern security threats
- Managed for continuous innovation
- Increased productivity
- Innovative devices for your business
In practice, this means that consumer-grade users get updates as they are pushed to Windows Update, within the constraints on their Windows Update settings. The idea is to make sure that vulnerabilities and exposures get patched ASAP, and that upgrades and enhancements to the OS can be pushed out incrementally, rather than waiting for Service Pack level updates (or even the next upcoming “Update Tuesday” on the current calendar). I’m not sure how this translates into increased productivity, but MS has been both aggressive and proactive about updating firmware for its own PC products (Surface, Surface Pro, and Surface book chief among them) and adding drivers for new devices and classes of devices on a pretty timely basis.
For WaaS, MS divides Windows devices into 3 classes with matching “branches” of the Windows as a Service codebase, namely personal (“Current Branch”), specialized systems (“Long Term Servicing Branch”), and business (“Current Branch for Business”). The key differentiator is how updates are staged and deployed to the devices in each class as described in this table from the afore-cited blog post:
The more sensitive to updates Microsoft judges your environment to be, the longer you have to test them, and the more control over them.
Please note that ordinary, garden-variety users (consumers, small businesses, and so forth) all fall into the Current Branch model, too, where they get updates as soon as they hit WU, within the constraints established on their devices for when and how automatic updates get applied.
To conclude the US MS Partner blog post from which I’ve been drawing this description of WaaS, the company offers up some interesting (and free) online training resources on Windows 10, among other things. Of particular interest: Windows 10 Management Masters (6 weeks, 5 major topic areas, good stuff: partners and employees only), Getting Started with Windows 10 for IT Professionals (MVA, free to all, 8 modules, about 4 hours of training), and the Windows 10 Tech Center, a collection of resources, downloads, and more. See also the (free) video presentation entitled “Preparing Your Enterprise for Windows as a Service.”
On December 8, 2015, Microsoft announced the release of a new version of its System Center Configuration Manager (the SCCM I used in the title of this post, for brevity’s sake). There’s some interesting stuff here, not least of which is that the product now explicitly references Windows 10, to the point of assuming Version 1511 as part of the product’s identification. An SSCM Team Blog post labels the platform as “System Center Configuration Manager and Endpoint Protection (Version 1511)” for which trial (or licensed) versions are available for download from the Microsoft Evaluation Center, MSDN, and/or the Volume Licensing Service Center. Here’s a relevant graphic from the video included in that PR piece:
Lots of former functionality gets dropped from this release, as Windows 10 support gets added.
By far, the most interesting coverage of this latest version of SCCM appears in TechNet, under the heading of “What’s new in System Center Configuration Manager,” also updated on 12/8/2015. Here are some snippets from that page:
Starting with this release, SCCM drops the year or product identifier from its name, as was previously the case with versions such as Configuration Manager 2007 or System Center 2012 Configuration Manager. As the 1511 nomenclature in the current name, SCCM will now support “incremental in-product updates, also called update versions.”
In-console updates for Configuration Manager will be used to install new update versions, to be released periodically, and will includes product updates and sometimes, “new features you can choose to use (or not use) in your deployment.”
Service Connection Point replaces Microsoft Intune Connector.
Usage data about sites and infrastructure will be compiled and submitted to the MS cloud service by the service connection point. It is “required to enable Configuration Manager to download updates for your deployment that apply to the version of Configuration Manager you use.”
Native support for Intel Active Management Technology (AMT) has been removed from Configuration Manager. Going forward, continuing with AMT will require using the Intel SCS Add-on for Microsoft System Center Configuration Manager. A complete list of removed and deprecated features for SCCM is available online, and includes dropping XP and Vista on the desktop, and Server 2003 and 2003 R2, along with various Mac OS X versions (10.6-10.8), Nokia Symbian Belle, and Windows CE 5.0-6.0.
A new task sequence to upgrade an OS from an upgrade package has been added, to upgrade PCs from Windows 7, 8 and 8.1 to Windows 10. A Windows PE peer cache has been added to minimize WAN traffic when deploying in branch office situations. Also, support for Windows as a Service is now a valid method for managing Windows in SCCM.
There are lots of new enhancements for application management in the latest SCCM version, including support for Universal Windows Platform (UWP) apps, installer-based apps, in-house iOS apps, and more.
For all the details, please visit the “What’s New…” page.