Windows Enterprise Desktop

October 19, 2016  9:46 AM

It’s the simple things that really plague Windows security

Eddie Lockhart Eddie Lockhart Profile: Eddie Lockhart
Biometrics, microsoft windows 10, Windows 10, Windows Security

In the hit 90s animated TV show Hey Arnold!, Arnold’s neighbor Mr. Hyunh becomes an unlikely country star with his song “Simple Things.” He sang about the simple things he likes about life — rain, spring, spicy chicken wings – but he might as well have written the tune about Windows desktop security.

Windows administrators may stay up at night worrying about complex attacks hackers are concocting, but what they really need to focus on is the basics. Sophisticated attacks exist, but attackers could also just steal passwords.

Something as simple as bad passwords can be a gateway to infiltrate Windows. That’s why IT should set length and complexity standards, and require users to change passwords periodically. They should also consider multi-factor authentication such as Windows Hello in Windows 10. This biometric authentication tool allows users to log in by scanning their fingerprints, irises or face.

Admins also must prevent users from accessing unapproved information and limit what they can do with certain data. The Windows 10 Anniversary Update helps IT do just that with Windows Information Protection (WIP), formerly known as Enterprise Data Protection. WIP uses what Microsoft calls enlightened apps to differentiate between personal and business data in Windows 10. Admins can also choose which applications can access what data and prevent users from performing tasks such as copying and pasting business data into unapproved apps.

It is also important to make sure security patches and antivirus software are up to date on every device, as well as encrypt all devices in the organization. Otherwise, if a user loses a device or it gets stolen, it’s easy for someone to access company data because the device password is the only line of defense. Finally, IT should invest in a Windows logging or monitoring tool to see which users might be opening up vulnerabilities.

Any Windows admins losing sleep over security should use Mr. Hyunh’s crooning as a lullaby and remember that it’s the seemingly trivial — summer breeze, 16 cans of peas and a two-speed window fan — that make him happy. It’s the little things that are most likely to come back and haunt Windows security, too.

October 17, 2016  10:52 AM

MS Opens Its Update Catalog to Non-IE Browsers

Ed Tittel Ed Tittel Profile: Ed Tittel
Edge Browser, Internet Explorer, Windows 10, Windows Update Management

For a long time, one beef among experienced Windows users has been the company’s insistence on using Internet Explorer for grabbing updates. But starting in mid-October, 2016, MS opens its Update Catalog to non-IE browsers. But there’s a catch. Those who visit the catalog using another browser still see this message if they visit

MS Opens Its Update Catalog to Non-IE Browsers

If you use Google to navigate to the Update Catalog in Chrome, you still see this.

But if you know where to surf, you can see and access the Update Catalog quite nicely. This works for those using Chrome, Edge, or another non-IE browser of your choosing. The new, browser-friendly URL is Here’s what Chrome showed me just now, using that URL instead of the preceding one:

MS Opens Its Update Catalog to Non-IE Browsers

Insert a www in front of the old base URL, drop the “s” in https, and Chrome shows this.

Why MS Opens Its Update Catalog to Non-IE Browsers Matters

This may seem like a non-issue to some readers. But in some corporate environments, policy dictates use of specific browsers, and only those browsers. If IE wasn’t on that list, admins were unable to access the Update Catalog without somehow circumventing that policy. Now, the new URL works with all the modern browsers I tried (Chrome, Edge, Firefox, and Opera). Thus, I’m assuming the doors are also open to other browsers outside this short list of leading choices among the hundreds of browsers available for Windows today. Certain recent issues with installing Cumulative Updates can necessitate manual downloads of items that don’t or won’t install automatically. That’s what makes this new open-door Catalog a good thing.

Anybody looking for a deeper explanation for why this change occurred need only look at this message that appears in Edge. It pops up when you try to open the old URL for the Update Catalog:

MS Opens Its Update Catalog to Non-IE Browsers

It would hardly do for MS’s new flagship browser to describe the current Update Catalog as “vintage web tech” eh?

Obviously, if MS wants to hitch its wagon to Edge going forward, it should handle the Update Catalog directly. I’m just glad the company decided to let other browsers into the catalog as well. They could just as easily have restricted it only to Edge and IE, and left all the others out in the cold. I hope it speaks to the new sense of open-ness and Open Source support that’s manifesting at Microsoft that they let the other browsers in through the same door that opened for Edge. When MS opens its update catalog to non-IE browsers, everybody wins!

October 12, 2016  10:15 AM

Cleanup 3.99 TB from 500GB Drive!

Ed Tittel Ed Tittel Profile: Ed Tittel
Disk cleanup, Windows 10, Windows Update Management

Yesterday was Patch Tuesday, and included another Cumulative Update: KB3194798. This one included a bit of a surprise. Cleanmgr.exe offered to cleanup 3.99 TB from my 500 GB C: drive. It’s best appreciated from this screen cap:

Cleanup 3.99 TB

That’s not something you see often on a 500GB drive!

How Can You Cleanup 3.99 TB from a 500GB Drive?

As it happens, Windows Update files reside in the Windows Component Store (aka the WinSxS folder) along with OS components. Though these files are reported elsewhere in the disk structure, too, they really reside in WinSxS, and are linked to other folders. Thus, for example Notepad.exe really resides in WinSxS, but shows up in C:\Windows in the “Location” field on the General properties tab in File Explorer.

Here’s what the Windows IT Center article “Determine the Actual Size of the WinSxS Folder” says about file size reports:

For operating system files, it can appear that more than one copy of the same version of a file is stored in more than one place on the operating system, but there’s usually only one real copy of the file. The rest of the copies are just “projected” by hard linking from the component store. A hard link is a file system object that lets two files refer to the same location on disk. Some tools, such as the File Explorer, determine the size of directories without taking into account that the contained files might be hard linked. This might lead you to think that the WinSxS folder takes up more disk space than it really does.

This set of update files must be hard-linked all over the place. That explains why their reported size vastly exceeds the 1.3 GB of actual disk space that they occupy. The number was good for a chuckle, however. It also provided an opportunity for me to learn something useful and interesting about the WinSxS folder. There’s more going on than you might think when it’s time to cleanup 3.99 TB of update files.

One More Thing…

This particular cleanup takes a looooong time to complete, so be patient. It averaged between 15 and 20 minutes on my Windows 10 PCs. After it’s done, you’ll want to restart your PC. Then brace yourself, because cleanups will continue for another 15 minutes or more before the machine shuts down and restarts. Apparently, there’s a LOT of cleanup involved here!

[Note: thanks to TenForums user Bree whose forum comment brought the cited TechNet article, and its WinSxS explanation, to my attention.]

October 10, 2016  1:06 PM

RegEdit Gets Address Bar

Ed Tittel Ed Tittel Profile: Ed Tittel
RegEdit, Windows 10, Windows Registry

Normally, I don’t write much on Insider Preview releases for Windows 10 here. But the latest build, 14942, includes a small but significant and noteworthy change. It appears as a single line of data in the Registry Editor, aka regedit.exe. In that single line RegEdit gets address bar capabilities. There, it displays a string for whatever key is selected.

RegEdit gets address bar

The address bar reads “Computer\HKEY_CURRENT_USER\Control Panel\Cursors”

Why RegEdit Gets Address Bar Matters

Since time immemorial, extracting key strings from the Registry required multiple steps. They are: high-lighting a key, right-clicking an entry of interest, and selecting Copy Key Name from a pop-up menu. In stark contrast, the new approach is simpler. Simply highlight the current value in the address bar, and click Ctrl-C. Once in the paste buffer, paste that string as needed. Little, well-thought-out conveniences like this improve Windows 10 usability. Because they must often use registry keys in scripts and such, this change is especially helpful for admins and power users,

Ordinary users can’t do this until the next major Windows 10 build comes along. Right now, that upcoming release is code-named Redstone 2. Best guesses suggest it will probably debut in Spring 2017 (see this Windows Central story). This next Win10 milestone should focus on “productivity improvements for the desktop” along with “much-needed features and enhancements” for Windows 10 Mobile, from that same source.

My primary source for this information comes from Rafael Rivera at His 10/7/2016 story “Windows 10 Registry Editor Gets Very Welcome Address Bar” inspired this blog post. Thanks a bunch, Rafael! He uses phrases like “awesome” and “super-excited” in describing this addition. I’m not sure it’s worth that much exuberance, but it is a nice change.

October 7, 2016  11:28 AM

Windows Updates: CAB vs MSU Files

Ed Tittel Ed Tittel Profile: Ed Tittel
Automatic Updates, Windows 10, Windows Updates

This morning, TenForums reported that Microsoft released a new Cumulative Update KB3197356 for Windows 10. But though some users have reported obtaining this through Windows Update, users who’ve successfully installed the previous update — KB3194496 — probably won’t get this latest roll-up. Those who want it anyway must visit the Microsoft Update Catalog so they can download and install it manually themselves. While this particular update is a Windows Standalone Installer (MSU) file, other updates can appear as Cabinet (CAB) files, particularly device drivers. That got me wondering about differences between the two formats. So, I researched CAB vs MSU files and report on what I learned.

CAB vs MSU Files

The update elements for KB3197356 are .MSU files, other downloads are .CAB files. What gives?
[Click image for full-size view]

Understanding CAB vs MSU Files

MSU files are associated with the Windows Standalone Update Installer, of type Microsoft Update Standalone Package. Thus, this program is called when any filename ending in .msu is executed. Device drivers, on the other hand, don’t always need a special installer. Instead, you might access their contents using the “Update Driver Software…” right-click option in Device Manager. Also, CAB files are archives that support a variety of compression formats. They work with various Windows installation engines. These include the Setup API, device installers, or advpack.dll. says: “CAB files typically contain drivers, system files and other Windows components.”

Here’s the core of the difference, in a nutshell. MSU files are more or less self-installing, thanks to the Standalone Update Installer program included with Windows OSes. But double-clicking a CAB file gets you nowhere automatically. You must either invoke the right installation engine, or otherwise access its contents. Much of the time, a program like 7zip does the trick nicely. But those who remain perplexed will find the Windows 10 CAB Installer (download links: x86/32-bit, x64/64-bit) helpful in using CAB contents (source: TenForums).

October 5, 2016  10:12 AM

Repeat Cumulative Updates Need Cleanup

Ed Tittel Ed Tittel Profile: Ed Tittel
Windows 10, Windows Update Management

Microsoft pushed out 3 cumulative updates that hit my PCs in September. They appeared on 9/1, 9/13, and 9/26. After the third one came through at month’s end, I found myself thinking: “I wonder if repeat cumulative updates need cleanup.” Dashing into the Disk Cleanup utility (cleanmgr.exe), my presumption appeared warranted. Here’s what I found:

Repeat Cumulative Updates Need Cleanup

The highlighted item shows 1.64 GB of Windows Updates for cleaning up.

Why Do Repeat Cumulative Updates Need Cleanup?

Each time a Windows client gets something from Windows Update, it receives files in the %windir%\SoftwareDistribution\Download folder. Electing the option shown in the screenshot cleans out that folder, thereby freeing up disk space. It’s also worth noting that, once removed, such updates can no longer be uninstalled. That is, if you click “Uninstall updates” in the Update History window, you won’t see them among the list of items available for removal.

Then too, cumulative updates are a bit different from regular updates. In fact, they “roll up” all updates provided since some checkpoint in time. The three updates that hit my PC in September are best described in Knowledge Base (KB) articles:

KB3194496 (9/29/2016): 402 MB (x86) or 753 MB (x64)
KB3189866 (9/13/2016): 255 MB (x86) or 431 MB (x64)
KB3176938 (9/1/2016): 205 MB (x86) or 331 MB (x64) [Actual release date: 8/31/2016]

Adding those items together for x64 Windows 10 machines, you get 1,515 MB, or 1.48 GB. The Update clean-up number shown in the screenshot is 0.16 GB bigger. Thus, it’s obviously counting other updates from that period as well. But update cleanup removes them all. With usable restore points or image backups prior at hand, one can always roll back their effects. That’s why I don’t worry about cleaning up, either. Given the current cadence of cumulative updates from MS, this is a likely monthly drill for admins.

October 3, 2016  11:03 AM

Setting Windows10’s Lockscreen Image

Ed Tittel Ed Tittel Profile: Ed Tittel
Personalization, Windows 10

When Windows 10 finishes booting up, it displays what’s called a “lockscreen” image. When you click on that image, or strike any key on your keyboard, you’re prompted for login credentials. By default Microsoft displays lockscreen images from a pool it maintains. It also asks users to like or dislike its choices, so it can improve upon them. But what happens if you want to use the lockscreen for status or app information? Or if a user emphatically dislikes some lockscreen image or images? No problem. Setting Windows10’s lockscreen image is easy, if you know how.

Personalization Handles Setting Windows10’s Lockscreen Image

You can pick a slideshow or a static image to replace the rotating collection of default MS choices through the Settings app. Click Personalization, then Lock Screen, then Background to produce this array of choices:

Setting Windows10's Lockscreen Image

Here’s what those choices are about:

  • Windows spotlight: this is the rotating collection of default images, some of which are truly stellar. You can download the excellent $0.99 Spotbright application from the Windows Store. It lets you grab and view these images independently. Otherwise, they are something of a pain to find and view on your own.
  • Picture: a single image of your choosing, obtained via a file system browse after choosing this option.
  • Slideshow: a rotating collection of images, which you also specify by browsing your filesystem, and then choosing a photo album (a collection of images) among which the lockscreen on display will rotate

On Choosing Window10’s Lockscreen Image Setting

Why might you choose one of the three options shown above over the others? It just so happens that only the Picture option also lets you choose an app which shows status info. The default is the Calendar app, which if synched with your personal appointments and so forth shows you what’s happening today. This also allows Cortana access without logging in. That means you can use Cortana directly from the lockscreen.

I learned all this — and more — recently when my wife asked me to keep some images she found unpleasant from showing up on her Windows 10 lockscreen. This subject is covered in more detail in Lance Whitney’s excellent PC Magazine story entitled “How to Use and Tweak your Windows 10 Lock Screen.”

September 28, 2016  11:10 AM

Win10 Hits 400M Users as Adoptions Slow

Ed Tittel Ed Tittel Profile: Ed Tittel

On Monday, September 26, during the first day of its Ignite conference, Microsoft officials disclosed that Windows 10 now runs on 400 million active devices. Thanks to Mary Jo Foley sharing this news, I can speculate on the current run rate versus the historical average. Here goes: 300 million adoptions on May 5 gives a 100 million increase over 20 weeks. That’s an increase of 5 million per week. Doesn’t sound half-bad, eh? But when Win10 hits 400M users how does that indicate a slackening adoption pace?

What Win10 Hits 400M Users Really Means

If we look at the run rate up through July 29, the official release date for the Anniversary Update, we get an interim number of 350 million active devices at that time. That means that the period from May 5 through July 29, and the period from July 30 through September 26 each saw approximately 50M Windows 10 adoptions. That’s 12 weeks for the first period and roughly 9 for the second period. This indicates recent history has improved somewhat, in fact. It’s a 33% improvement because of the shorter time period for the second 50 million increment.

But the slowdown effect becomes clearly visible if we stretch our time horizon back to July 29, 2015, which adds 52 weeks to the overall time window. Adding the 9 weeks from July 29, 2016 to September 26, 2016, that puts the whole span up to 61 weeks. Divide 400 million by 61 and you get 6.55 million per week. Recent adoptions reckon at 4.16 million for May 5 through July 29, and 5.55 million for July 30 through September 26. That’s an average of 5 million for that entire period. Thus, it’s readily apparent that the trend is downward, though not at a horrific pace.

What does a 5M monthly run rate mean for Microsoft’s 1B active users objective? Starting from October it means 10 more years (120 months) before that milestone is reached. That’s 2026! Methinks MS will have to find ways to speed things up a bit. As long as it doesn’t involve another nefarious push like their “Get Windows 10 ” (GWX) initiative, I wish them luck.

September 26, 2016  6:30 PM

MS Upgrade Analytics for Win10

Ed Tittel Ed Tittel Profile: Ed Tittel
Predictive Analytics, Windows 10

Today at its Ignite Conference, MS issued a flurry of announcements and info. Less than a month after the release of Windows 10 Anniversary Update, it’s no surprise that Windows 10 items dominated. In fact, I’ve just finished listening to several sessions online (available on the conference home page). IMO, the richest vein came in Rob Lefferts’ talk entitled “Windows 10 — The time is now.” Lefferts introduced a raft of topics I’ll be mining for a while, starting with MS Upgrade Analytics for Win10.

Upgrade Analytics for Win10

This is the top-level dashboard for MS Upgrade Analytics.
[Click image to view full-size]

What Is Upgrade Analytics for Win10?

Upgrade Analytics seeks to help organizations gather data to evaluate their application and driver situation. Typically, IT pros validate business-critical applications before upgrading PCs that run them, to make sure deployment won’t downgrade productivity. Most organizations use hundreds to thousands of applications, which makes testing all of them in advance costly and time-consuming. Upgrade analytics helps IT admins speed Win10 upgrades with reports on:

  • Current application and driver inventory, with usage data
  • Information about known driver and application issues, with mitigation advice (where available)
  • Tracking which drivers and applications are ready for Windows 10
  • Per-computer readiness assessments to target PCs for Windows 10 deployment

An Upgrade Analytics public preview is already available. It requires an Microsoft Operations Management Suite (OMS) workspace. But Upgrade Analytics incurs no extra charges for those using a Standard or Premium tier workspace. The 7/22/2016 announcement blog post includes all the details. At today’s Ignite, Microsoft added support for Site Discovery and Ready for Windows data to Upgrade Analytics. The former provides an inventory of web sites that Windows 7 and 8.1 devices visit, while the Ready for Windows website lists software applications broadly adopted on Windows 10. Upgrade Analytics helps IT pros identify potential risks involved in Windows 10 deployment, and provides advice on how to bypass potential problems. This one should be fun to try out, and play with.

Here’s a list of additional resources and reading material on Upgrade Analytics:

September 23, 2016  11:57 AM

BSOD — Insider Preview to the Rescue!

Ed Tittel Ed Tittel Profile: Ed Tittel
Beta Testing, Troubleshooting, Windows 10

It’s one thing to read about Windows 10 problems. It’s another thing entirely to live them through oneself. I follow the action at closely because it’s a timely and reliable source for Windows insight and intelligence. That’s why I knew what I was seeing after installing the latest Enterprise Insider Preview (Build 14393) on my test desktop PC. It was the dreaded “Black screen of death:” a black screen with a mouse cursor. The cursor moves, but the OS is otherwise unresponsive. A catastrophic graphics driver fail that somehow occurs after initial OS installation appears responsible. In solving this particular BSOD — Insider Preview pages at the MS website were a life-saver.

Fixing the BSOD — Insider Preview Had the ISOs

I tried fixing the installation using the usual methods. I had already killed Windows.old and other traces of the previous installation, so a rollback was ruled out. I also tried an image backup, and that didn’t work either. That meant a clean install of the new OS, which in turn meant I needed an ISO file. Upon searching the ‘net, the only source I found was a Russian website (WZOR, a terrific source of Windows rumors and leaks).  But it would take 50 minutes for an ESD download. Then, I’d have to convert that ESD into an ISO, and build a bootable installer UFD. Too much time and work!

Then it hit me: why not check the Insider Preview site? This is an unimpeachable “official” source, and offers fast downloads. And in fact, the Download Windows 10 Insider Preview ISO — Advanced Options page had the goods. Here’s a screen cap:

BSOD -- Insider Preview

ISOs for the latest (and next-latest) Insider Preview builds available here, in many flavors.

Sometimes, the obvious source is also the best source. Thank goodness Microsoft consistently makes current Insider ISOs available on its Insider website. It restored my test PC! Others in the same boat will find this download link useful as well. If you run Insider Previews, add this to your favorites. It may come in handy someday. Sooner or later, reported bugs may stop at your door, too!

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: