ISSUE 16.42.0 • 2019-11-18

Help: customersupport@askwoody.com

In this issue

WOODY’S WINDOWS WATCH: All roads lead to Win10 1909 — but you can take your time

BEST OF THE LOUNGE: Florence Nightingale, circa 2019?

LANGALIST: A time-saving shortcut for new-PC setups?

PATCH WATCH: Ready or not, Win10 Version 1909 is here

WINDOWS: Working outside an admin account: Safe but annoying

WOODY’S WINDOWS WATCH

By Woody Leonhard

For a change, Microsoft is letting everybody decide when to upgrade to the latest release of Win10 (Version 1909) — provided they’re already running the penultimate version, Win10 1903 (and in some cases Version 1809).

That’s good news, and it represents a sea change in Microsoft’s pushiness.

Microsoft released Win10 1909 (aka Win10 19H2, aka November 2019 Update, aka code-name Vanadium) just last week. It’s labeled as a twice-yearly feature update, but as I explained in the AskWoody Plus Newsletter two weeks ago, it’s more like an old-fashioned Service Pack and less like a gut-wrenching Win10 rebuild.

For the most part, Win10 1909 has little to offer the typical Windows 10 customer. There are no major new features to speak of, no flashy new chrome, no beefed-up plumbing buried in the innards. In fact, it shares the same base code as Version 1903. (An MS webpage has a short summary of what’s new.)

No, what sets 1909 apart from the other Win10 versions (we’ve had nine of them in the past four years) is its unobtrusive entrance — and its likely longevity.

Really, the best new “feature” would be a bit of stability. Heaven knows we’ve earned it.

If you’ve been using Windows for more than a few years, you know that Microsoft’s approach to upgrading would put Atilla the Hun to shame. I’m ecstatic that the new genteel approach, at least at this point, puts Win10 customers firmly back in the driver’s seat.

With a few notable exceptions — primarily Win10 1809 Home users trying to go to 1903 (and thus avoid 1909) — most Windows 10 users will have the “Download and install now” option shown in Figure 1. Yes! You can move to the newest release when you’re good ‘n’ ready.

Figure 1. Microsoft now lets you choose when to upgrade to the latest Win10 release.

Even if you have the temerity to click “Check for updates,” Version 1909 won’t be shoved down your throat.

Look for more details in my Computerworld article.

While Win10 1909 rolls out to everyone and their dog, the next version of Windows 10 is reportedly almost baked. Windows 10 code-name 20H1, code-name Vibranium (heaven only knows what its real name will be — hopefully not “2003”) is in the final throes of beta testing. Reliable sources have it that 20H1 is now feature-complete and ready to ship before the end of the year!

Yes, that flies in the face of Microsoft’s maddening two-new-versions-a-year pace. But it aligns with the Azure release schedule. (With Azure, think “cloud” — where cloud equals running on Microsoft’s computers.)

For now, I say sit tight. If you’re using Win10 1809 or 1903, there’s no immediate and compelling reason to change. Those still on Version 1803 will have to upgrade within the next month or two, and I’ll have a separate article on that process.

Cautious by bitter experience, I still have my production machines on Win10 1809. But Version 1903 is looking better every day. Why? It has one new feature that’s worth the price of admission: the ability for everyone (Pro, Home, and otherwise) to easily pause updates for a week at a time. To my way of thinking, that’s the best new Win10 feature ever — on any version.

Windows 10 1903 is also looking more stable than it was just a couple of months ago. Still, I’m going to give it a little more time to cook — and I recommend you do the same.

Rest assured, I’ll have full details on all the moves — blocking, updating, and upgrading — that accompany every change in the AskWoody MS-DEFCON rating. Stay tuned to askwoody.com

Eponymous factotum Woody Leonhard writes lots of books about Windows and Office, creates the Woody on Windows columns for Computerworld, and raises copious red flags in sporadic AskWoody Plus Alerts.

Best of the Lounge

Possibly skirting 1996 HIPAA intentions, Ascension, the second-largest healthcare system in the U.S., is reportedly providing its patients’ medical information to Google for an AI research project.

Plus member samak shares a link to the Wall Street Journal’s article about “Project Nightingale.” The story states that Google is doing this project for free. But we can be excused for assuming data collection and profits are Google’s true end game. How much do you trust the company when it comes to protecting your personal information? Join the discussion.

If you’re not already a Lounge member, use the quick registration form to sign up for free.

LANGALIST

By Fred Langa

What are the pros/cons of copying the entire contents of the “Users” folders to a new PC, en masse?

It’s a very fast way to move user data into a new PC, but what else might be going along for the ride?

Plus: Great resources for testing firewalls and routers, and is it safe to use a high-rated battery charger on a low-rated device?

Like many of us, long-time subscriber Dean Simes acts as semi-official tech support for those around him. After setting up some new PCs for others, he had a question.

Glad you’re a member, Dean. Thanks!

Copying everything in C:\Users\[username] can work, but it’s risky. The outcome depends entirely on the PC’s specific setup and use — including how similar the old PC’s hardware and software are to the new machine’s.

Normally, the recommended method of manually moving user files is to concentrate on the human-generated files and folders. This usually includes the contents of C:\Users\[name]\Documents, plus …\Desktop, …\Music, and so forth. You can almost always shuffle that stuff from PC to PC without incident or concern.

But the machine/software generated files and folders — such as AppData, NTUSER.dat, etc. — are far less interchangeable. The less alike the old and new hardware, OS, and apps, the greater the odds that your mass-copying will overwrite something important, introduce something that the new PC will mishandle, or simply add useless and unneeded data to the new setup.

So the copy-everything method is not ideal; it’s somewhat a roll of the dice.

In your case, you improved the odds by skipping any like-named files on the new PC — and you did not report any follow-on problems. So things seem to be working OK. And that’s great!

But if you want to tidy up the new setups, or if it later turns out that something did get lost or mangled in the move, you can usually correct things with a nondestructive reinstall or a Reset.

Resets are extremely simple in Win10 and Win8.1 — the process is baked right into the OS (MS Reset info for Win10 and Win8.1).

It’s a bit more complicated in Win7, but it’s still possible. See my “Win7 nondestructive reinstall” article, AskWoody/Windows Secrets 2011-07-14 issue.

A Reset/nondestructive reinstall should correct most or all issues in the machine- and software-generated portions of the User files while leaving the human-generated content alone.

In future setups, I think you’ll obtain somewhat more reliable results if you copy just the user-generated data between PCs. Let the OS and apps manage their own data!

After reading “Is one firewall enough? Is two too many?” (AskWoody Plus 2019-11-11), subscriber Michael Horowitz sent in links to his excellent, curated lists of firewall/router security tests and tools:

That’s an outstanding collection of resources, Michael! Thanks!

Subscriber Wern Han wonders about charging electrical devices with mismatched chargers.

On the face of it, plugging an 18w device into a 22.5w charger — or plugging any device into a supply with a higher wattage rating — usually isn’t a problem.

You can prove it to yourself with an easy thought experiment. Consider: You routinely plug your chargers into your home’s wall sockets, right? In the U.S., a standard 120v/20amp residential circuit can deliver about 2400 watts. But if your device’s charger is operating properly, it won’t try to draw the whole 2400 watts at once. Rather, it will draw only what it’s designed to handle.

That said, there’s more to device charging than just the wattage rating!

Normal USB sockets operate at 5.0 volts. But “fast” (or “quick” or “adaptive,” etc.) chargers crank up the voltage — a lot. There are at present over 20 different fast-charging standards in use, operating anywhere from 20 volts to 50 volts! (See this Digital Citizen article.)

Obviously, you don’t want to plug a device expecting 5v into a 20v or 50v power source!

However … a properly operating device and fast-charger should communicate via the charging cable; the charger should deliver the higher voltages only if the device explicitly supports whatever quick-charging standard the charger offers. Also, the circuitry should cap the charge if the battery gets too hot and should stop the charge when full.

All those ifs and shoulds are the problem. A fast-charger’s safe performance depends on the manufacturer’s following the applicable standards accurately — and using good-quality materials and manufacturing methods.

For that reason, the safest approach is to skip the off-brand fast-chargers and suspiciously cheap gear. Stick with decent, warranteed hardware that explicitly matches your device’s stated fast-charging standard.

Fred Langa has been writing about tech — and, specifically, about personal computing — for as long as there have been PCs. And he is one of the founding members of the original Windows Secrets newsletter. Check out Langa.com for all Fred’s current projects.

PATCH WATCH

By Susan Bradley

The September Windows 10 feature release … um … no, the November feature release — well, in any case, the 1909 version is finally out.

This time around, Microsoft is apparently doing something new that just might take some of the pain out of upgrading Windows 10. As Woody notes in a Computerworld column, Version 1909 has the feel of a Windows 7–style service pack.

That sounds good, but we still recommend putting off the new release until Microsoft fixes its inevitable foibles. (Woody still isn’t completely comfortable with Version 1903, but it’s now the standard at my office. So far, I’ve not noted any issues.)

A less disruptive update? As an MS Windows IT Pro Blog post notes, Versions 1903 and 1909 have an identical set of system files. So the new features in Version 1909 did not require major changes to the core OS. It also means that both versions will share the same update patches. (The post also includes a good summary of what’s new in Version 1909.)

But the process of updating to the new release has significantly changed, according to an MS Community post. Version 1909 now uses a new Enablement Package.

Surprisingly, the new Version 1909 features have already been included in the “quality” updates for Version 1903. But they’ll remain inactive until users run the small enablement package to switch them on — which then officially upgrades them to Version 1909.

As noted in another MS Windows IT Pro Blog post on Version 1909 delivery options, IT pros using WSUS can acquire the enablement package via KB 4517245. To be clear, this will work only for upgrading from Version 1903 to 1909.

If you’re using Windows Update, that same post notes:

“The Windows 10 Version 1909 update will be presented just like any feature update. The installation process will be faster, but, as with any feature update, you will have the ability to choose when to install Version 1909 using the controls that we announced earlier this year.”

In other words, you’ll be able to choose when to upgrade, even if you haven’t deferred updates. That said, I still don’t recommend clicking “Check for updates” because you’ll also get optional .NET 4.8 patches such as cumulative-update KB 4522741, released in late October for Version 1903 (more on that update below).

This month’s updating went off with a bang, starting with an incorrectly signed Windows 7 Malicious Software Removal Tool installer. It’s now been fixed, according to Günter Born (AskWoody post).

Not fixed is an Access bug introduced in the November updates. The Office app started throwing off “Query is corrupt” errors. According to an MS post, “purchased” versions of Office won’t be fixed until next month and Click-to-Run versions should get patched sometime around November 24. The recommended workaround: “[U]pdate the query so it updates the results of another query, rather than updating a table directly.” Or better yet, uninstall the offending updates.

Also, Woody warns us that it’s your last chance to download Version 1903 from the Windows Update Assistant. I highly recommend downloading and saving these ISOs, should you need to rebuild your PC and you want a specific version.

And as we wind down 2019 and get ready for the holidays, Microsoft acknowledged it’s not the season for overtime. As Woody posted, the company will not be releasing the optional (C and D weeks) updates in November and December. That means we won’t be able to acquire any “fix-up” patches until the following month — so you’ll want to watch for patch issues extra carefully through the end of the year.

Finally, we’re still tackling issues with Intel processor bugs. November’s security updates include fixes for the Intel Processor Machine Check Error vulnerability (CVE-2018-12207). Note that this fix isn’t enabled by default — you must use the registry setting described in an MS article. (I recommend skipping it.)

Protections against the Intel Transactional Synchronization Extensions Asynchronous Abort vulnerability (CVE-2019-11135) are also included. Use the registry settings described in a Windows Server article. (These registry settings are disabled by default for Windows Server OS editions but enabled on desktops. You might need to monitor the change and disable it if performance is significantly impacted.)

What to do: I’m sticking with our standard updating plan. Defer the updates below until we give the all-clear — and keep an eye on askwoody.com for new developments.

For the past several months, I’ve noticed reports cropping up regarding the Windows 10 error message “Updates Failed. There were problems installing some updates, but we’ll try again later” — along with the cryptic “0x80073701” or “0x800f0988” error codes. As noted in KB 4528159, the workaround is to open a command window and run the DISM command dism /online /cleanup-image /startcomponentcleanup as an administrator.

Win10 1803 reminder! These are the last updates for Pro and Home versions. By now you should have upgraded to Version 1809 (not easy), Version 1903 (less difficult), or Version 1909 (the new default). We recommend not jumping to Version 1909 at this time.

Check the links below for known issues. Many of the side effects and bugs noted in the Version 1903 release notes point to outdated drivers and BIOS. Now’s a good time to check that both are up to date before patching.

Lest you think we’ve made a mistake with the duplicate KB numbers for Versions 1909 and 1903, keep in mind that they use the same updates.

Cumulative Windows updates (released November 12)

Servicing-stack updates

.NET Framework updates

.NET releases are still awkward. We’ve not seen any November .NET rollups, and you’ll receive October’s rollups only if you click Windows Update’s “Check for updates” — they had no new security fixes, so these are optional.

You might see cumulative updates KB 4522741 for Win10 1903 and KB 4522742 for Win10 1909. Both were released on October 24 and both are optional. Check out the related .NET blog post for a description of what’s fixed. Bottom line: Don’t install them unless they’re needed.

Also, .NET 4.8 updates were released on November 13 to fix an issue with ClickOnce applications. As noted in a .NET Blog post, “The update for .NET Framework 4.8 is available via Microsoft Update Catalog for supported versions of Windows, and the reliability improvement will be available on all regular distribution channels through upcoming releases.”

Now here’s a .NET update you might want to bookmark: On November 11, Microsoft released a new edition of its .NET Framework Repair Tool, designed to find and fix common installation failures.

Note that Microsoft says it’s still working on a resolution for the Cluster Shared Volume issue.

If you plan to purchase extended support for this OS, you need to review the required procedures listed in a Windows Support post. (There are no listed known issues for the following patches.)

As noted above, November’s Office security updates fixed various issues, but they also introduced an Access bug (more info). If you’ve already installed one of the following updates, your best bet is to roll back to the October patches. As it stands now, this bug won’t be fixed until late this month and/or sometime next month.

Office 2016

Office 2013 SP1

Office 2010 SP2

The following Office non-security enhancements and fixes were released November 5.

Office 2016

Office 2013 and 2010

There are no new non-security updates for Office 2013 and Office 2010.

Stay safe out there.

In real life, Susan Bradley is a Microsoft Security MVP and IT wrangler at a California accounting firm, where she manages a fleet of servers, virtual machines, workstations, iPhones, and other digital devices. She also does forensic investigations of computer systems for the firm.

WINDOWS

By Lincoln Spector

You’ve probably been told to have both a standard Windows account for safety’s sake and an administrator account because Windows demands one.

But let’s face it, most of us have ignored this advice because … well, juggling two accounts isn’t much fun. It’s especially annoying when using a standard account and you’re constantly asked for the password proving you’re allowed into the administrator sanctum. It’s worse when you’re not asked for the password — and you have to figure out how to bring up the dialog box for entering it.

I’m going to remind you why you should use two different Windows accounts. Then I’ll tell you how to set this up — just so you don’t have to waste time dredging it out of your mental closet. Finally, I’ll note the drawbacks of using these two accounts — and tell you how to sidestep these problems.

I’m using Windows 10 1903 for this exercise. Earlier versions — Win7 and Win8.1 — will be somewhat different.

Every Windows computer has at least one account. When you boot your PC, the password you enter isn’t for the machine — it’s for your account (or one of your accounts).

Here are the account types:

Administrator: This is the all-powerful account. Anything you can do with Windows can be done here — including messing everything up. Every Windows installation must have at least one administrator account; if there’s only one such account on a machine, Windows won’t let you remove or demote it.

Standard: This more-limited account will let you run almost any program on the PC. But if you want to install a new app, change Windows settings, or delete a system file, you often will need to take the extra step of using an admin-level password. Sometimes that’s easy, other times less so.

Child and Guest: As the names suggest, these two account types provide far fewer privileges than even a standard account. (Note that a guest account is no longer available in Win10 settings, but you can still create one from a command line.) We’ll leave this topic for another day.

I haven’t seen any numbers, but I strongly suspect that most home Windows users spend all their computer time in an admin account — mostly because it’s what Windows created during the PC’s initial setup. And they continue to use it because the account works for everything.

That’s a really bad idea for two reasons: user errors and malware. (Sure, knowledgeable PC users already know this, but I’ll bet many of them are regularly using admin-level accounts, too.)

Recovering from a user error isn’t a calamity, but accidentally deleting a critical system file could make your computer suddenly unusable. Sure, you can restore Windows, but is that how you want to spend the next day or two?

Malware is a much bigger problem. If it gets into your standard account, the chances are good it will do minimal damage. It can’t, for instance, secretly install a malicious program or change certain Windows settings.

But if the malware enters via an admin account, it can do almost anything it wants. Viruses have been known to disable anti-malware apps and browsers, making recovery extremely difficult.

So if you’re still using an admin-level account for your daily tasks, take some time to set up a standard account — you can then do almost everything through it, and you’ll have a good balance of safety and usability. You may discover that you rarely, if ever, sign in to the admin account again.

If you already have your PC setup with admin and standard accounts, you can skip down to the next section, “Problems with the two-account solution.” There you’ll find solutions for working in a standard account.

But if you have only an admin account, here’s the fix: Setting up a completely new standard account is a hassle. It’s much easier to create a new admin account and demote the account you’ve been using.

Now it’s time to move to the new account.

Get up, do some stretches, or have a snack — whatever you do when you’re not on your computer. Windows will take a few minutes to set up the new account. Don’t worry about personalizing it. Again, you’ll rarely use it.

Change your original account to a standard user.

Here’s the sorta bad news: Running your PC in a standard account isn’t quite as easy as working in an admin account. For the most part, the problems are little more than a mild annoyance. But occasionally you might have to run through some hoops to get something done — or, in my case, argue with tech support.

Consider, for instance, installing a new program in a standard account (which, of course, is where you should be). As soon as you launch the installer, your screen’s brightness drops and the User Account Control (UAC) box pops up. In an admin account, all you typically do is click OK to proceed. But with a (more secure) standard account, you’ll be prompted to enter an admin-level password (see Figure 8). To Windows, you’ve proven you have administrator privileges — something malware would be unable to do.

Figure 8. The admin-level password prompt in a UAC

(Note: You can turn off the UAC pop-ups, but I wouldn’t recommend it: doing so adds an unnecessary layer of risk.)

UACs will pop up occasionally in some ridiculous ways. For instance, to manually create a restore point, you’ll need to type in the admin password. I can understand why restoring a saved point would require administrative responsibilities — but creating one?

Here’s a case in which using a standard account really annoyed someone — and it wasn’t me. I recently needed tech support for my new Brother printer. The problem was serious enough that a Brother support person called me and requested permission to take control of my PC remotely.

The tech discovered the problem in Device Manager, but when he realized I was in a standard account, I could hear some anger in his voice. He insisted I sign in to my admin (Alpha Lincoln) account. (He might have to work on his people skills.)

Annoyingly to me, that step wasn’t necessary. All I had to do — or he could have done via remote control — was open Control Panel, find Device Manager, right-click it, select Run as administrator (see Figure 9), and type in my admin password.

Figure 9. The easy way to run a Control Panel app as an admin

You can use that right-click trick to open nearly any application as an administrator. You might, for instance, right-click any app on the Windows start menu, select More, and then click Run as administrator.

Here’s another trick: Press the Winkey + R key combo, enter the program’s name into the Run box, and press Shift + Ctrl + Enter.

You could use that trick to open Control Panel as an admin, but it won’t help much. Control Panel is in effect a menu of apps; you’ll still have to go through the UAC every time you open one of them. Moreover, in some cases, running one of the Control Panel apps in admin mode is a simple right-click; in other cases, opening the program will bring up the UAC.

Yes, running Windows as a standard user can be occasionally annoying — and sometimes worse. But it’s a small price to pay to keep malware from taking over your system — and stealing or holding hostage your personal data.

Lincoln Spector writes about computers, home theater, and film and also maintains the blog Bayflicks.net. His articles have appeared in CNET, InfoWorld, The New York Times, The Washington Post, and other publications.

Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.

Your email subscription:

• Subscription help: customersupport@askwoody.com

Copyright © 2019 AskWoody LLC, All rights reserved.