ISSUE 16.40.0 • 2019-11-04

Help: customersupport@askwoody.com

In this issue

WOODY’S WINDOWS WATCH: Peering into the Windows tea leaves

LANGALIST: More on restoring drivers from local backups

BEST OF THE LOUNGE: Unhappy with Firefox UI changes

WINDOWS PATCHING: Take charge of Windows 10 and Office 365 updating

BEST UTILITIES: Freeware Spotlight — Best diagnostic tools

WOODY’S WINDOWS WATCH

By Woody Leonhard

You can expect some significant changes — existential changes — to Windows in the very near future.

Based on some official announcements and more than a few highly reliable leaks, it looks like Windows is in for a very bumpy ride.

Let’s start with a given: Windows used to sit at Microsoft’s core. The OS brought in oodles of cash and drew an outsized portion of the tech talent. But those days are long gone — and they aren’t coming back.

Nowadays, we don’t know how much money Microsoft’s making from Windows (the accounting heaps are masterfully jumbled), but we do know that Windows rarely draws attention in Microsoft’s corporate reports. And for every official public mention of Windows, you’ll see a dozen references to Azure or AI or some other buzzy thing.

Not to put too fine a point on it: Windows is old, it’s boring, and it’s not drawing as much revenue as a good cash cow should.

Moreover, Microsoft has split the development of Windows 10. In case you missed the news 18 months ago, with the departure of Terry Myerson, Microsoft broke Windows into two major groups. On the one hand we have Windows Core, which has been assimilated into Scott Guthrie’s Azure team. On the other hand, Joe Belfiore’s Windows Client Experience team is part of the Experiences and Devices group under Rajesh Jha — who used to head up the Office Product Group. We’re just starting to see the results of that bifurcation.

At least to a first approximation, the technical core of Windows will continue to belong to Azure, while the user part of Windows will remain part of the Office 365 organization.

Surprisingly (at least to me), Office 365 is pulling in lots and lots of rental income, month after month. No doubt Microsoft would like to do the same with Windows, possibly under the umbrella of Microsoft 365.

So again, the Windows core is getting sucked into Microsoft’s online service Azure, and the user part has its feet firmly in the rental business.

We already know much of what’s going to happen with the next release of Windows — Version 1909. (See the details in my Computerworld article.) Win10 1909 won’t be treated like a new version but rather will look like a normal cumulative update. We can only hope that this “feature update,” with few discernible new features, will minimize the awful problems we’ve seen with past version changes.

That said, there are still plenty of unanswered questions. For example, it’ll take a few months before we know whether Microsoft’s experimental Service Pack–like upgrade is a success. But based on preliminary results, I believe (or at least hope) Version 1909 will finally take us off the two-versions-a-year treadmill we’ve been reluctantly tolerating since early 2017 (Versions 1507, 1511, 1607, 1703, 1709, 1803, 1809, and 1903).

Don’t get too comfortable, though. There are bigger changes coming.

Windows Central’s Zac Bowden dropped a bombshell last week with what appears to be an insider scoop. Although the report hasn’t been verified as much as I’d wish, Bowden says that the next-next version of Windows, code-named Vibranium (aka 20H1), will finish development in December in order to align with the Azure development cycle.

But that version of Win10 may not actually ship until March or April, to match up with the xx03/xx09 release schedule we’ve seen since 2017. Nevertheless, freezing the design and features in December severely limits the number of feature changes we’re likely to see. At this point it looks like 20H1 (for obvious reasons, I hesitate to call it 2003) will have a new cloud-based reset, Windows Update bandwidth limits, Cortana starts to chat — and not much else to recommend it.

I talk more about that prospect on an AskWoody post.

Let’s call it 20H2. It looks like Microsoft will change from a March/September upgrade schedule (xx03 and xx09 version numbers) to a December/June upgrade schedule — again, to align with the existing Azure cycle. Right now that’s speculation, but we should know more in the next few weeks.

Of course, December updates make absolutely no sense for a consumer product. Nobody’s crazy enough to change operating systems in the middle of the holiday shopping season. But it may make sense for Windows: releases could be held (and, heaven help us, tested) for a few months after they’re declared officially ready.

In keeping with that cycle, Win10 version 20H2 would be finalized in June but not released until later — say, September or October — with a full three months of ageing and bug-swatting under its belt.

Is your head spinning? Wait. There’s more!

It looks as though Microsoft is working on something generally called Windows Core OS. It’s not so much an operating system as a cookie cutter for making operating systems. With Windows Core OS, Microsoft can wave a magic wand and come up with an operating system for Xbox consoles, or for desktops, or for VR headsets, or for … dual-screen phones?

Windows Core OS wouldn’t run regular Windows programs. Rather, Win32 support (as it’s called) would be built as an extension of the Core OS.

At least, that’s the theory. One Win10 at the core of them all. Developers could, for example, write programs for the Core OS and not worry about the hardware running them.

Of course, Microsoft’s been promising this approach for ages — Win10 Mobile was just Win10 adapted for phones, right? But this time it looks like some serious effort is being devoted to creating an OS foundry.

Rumor has it that Windows 10X — the new, new version of Win10 reported to ship next year on Microsoft’s new dual-screen Surface Neo, but also destined for other hardware (The Verge) — may be based on Windows Core OS (assuming that Core OS is ready). If that’s the case, it’s possible that Win10X and Windows 10H2 may both reach the final testing stages in June 2020. Or maybe not.

Figure 1. A leaked screenshot of the prototype Windows 10X Launcher, which would replace Start. Source: The Verge

The future, beyond next month, is still misty. There are lots of possibilities, some of which seem worthwhile. I doubt that we’ll know much until Microsoft announces something officially — and even then, it’s best to wait and see what actually happens.

Hey, all I want is a stable operating system — not more useless features.

Eponymous factotum Woody Leonhard writes lots of books about Windows and Office, creates the Woody on Windows columns for Computerworld, and raises copious red flags in sporadic AskWoody Plus Alerts.

Best of the Lounge

Not everyone is overjoyed when a familiar browser (or any other software, for that matter) changes the way things are done. In this case, AskWoody Plus member and MVP Ascaris took issue with the new look for Firefox’s Add-ons Manager. Ascaris even posted screenshots of the old and new formats as illustrations.

Ascaris’s comments prompted a larger discussion about Firefox and alternatives. What’s your take on the changes to this popular browser?

If you’re not already a Lounge member, use the quick registration form to sign up for free.

LANGALIST

By Fred Langa

Windows offers an add-driver command, but it doesn’t do what you might think!

Plus: Tracking down the scattered locations and various methods for obtaining official Windows 7, 8.1, and 10 installation files. Also, are there issues with whole-disk encryption?

My recent articles on Windows–driver backup and restoration (“Easily back up all your PC’s current drivers,” AskWoody Plus 2019-10-14; and “When and how to restore your local driver backups,” AskWoody Plus 2019-10-28), generated quite a few emails.

For example, after reading how you can make local driver backups using the export-driver command in Windows’ Deployment Image Servicing and Management (DISM) app, AskWoody subscriber John Paterson Jr. wondered whether DISM’s add-driver command was the functional inverse.

You’d think so, wouldn’t you? But alas, the answer is no.

DISM is mainly used to create and service the Windows Imaging Format (WIM; info) files used in recovery operations and customized installations.

DISM’s add-driver command takes the drivers previously collected via its export-driver command and adds them to an existing WIM file. The add-driver command can’t insert drivers into a running copy of Windows.

In fact, there are only three driver-related DISM commands that work with an active Windows session:

To restore drivers to a running and online copy of Windows, you’ll need to use Device Manager or the other techniques discussed in When and how to restore your local driver backups.

For more information on DISM driver-servicing options, see this Microsoft Hardware Dev Center page.

It’s a good idea to keep a copy of Windows installation/setup files on hand for use with PC repairs or recovery.

To its credit, Microsoft offers these files for all current Windows versions — for free.

However, they’re not all in the same place, and they don’t set up in the same way! That in turn leads to questions like this from AskWoody subscriber Jim Van Sickle.

Here you go, Jim — for all Windows versions.

With all Windows versions, it’s a good idea to replace the setup/installation files after each major change to the OS. For example, when Windows 10 1909 becomes available (soon!) and you’ve upgraded your PC, discard or archive last spring’s Win10 1903 installation files and then download/save a fresh set of new install files.

With current setup files on hand, you’ll always be ready to repair, recover, or reinstall Windows — if and when you need to!

Subscriber Idris Abdullah asks:

If the whole-disk encryption setup is healthy, there’s just a small performance penalty. Encrypting/decrypting adds a little extra time to saving and retrieving data from the disk. But with today’s PCs, this delay is usually insignificant — typically below the level of human perception.

On the other hand, serious system failures and software errors — or, more commonly, plain human error — can result in extremely messy consequences. A lost or mangled recovery key/password, or a technical misstep, can make the entire disk unrecoverable by any means — even to the original user.

Personally, I think that whole-disk encryption can create a false sense of security. The encryption stops when the files leave the disk. If you export, copy, or send files from your encrypted disk to any place outside the direct control of the encryption software (e.g., into the cloud, to another PC, to a flash drive, or whatever), you lose the protection of encryption. That typically includes the time your data are in transit between locations.

For that reason, I prefer file- or folder-level encryption (e.g., via an app such as 7-Zip; info). Errors, if any, generally affect only the specific file or folder you’re working on — not the entire disk. And your encrypted files will retain their full encryption, even when moved, copied, pasted, backed up, transmitted, or stored in unencrypted locations.

Both types of encryption can work, and both help keep your data out of the hands of snoops. But in my experience, the go-anywhere flexibility of file- and folder-level encryption is the better option.

Fred Langa has been writing about tech — and, specifically, about personal computing — for as long as there have been PCs. And he is one of the founding members of the original Windows Secrets newsletter. Check out Langa.com for all Fred’s current projects.

WINDOWS PATCHING

By Susan Bradley

Recently, I started the process of migrating Windows Server 2008 R2 and Server 2012 R2 to Server 2019.

Unfortunately, Server 2019 (and 2016) has a problem in common with Windows 10 — limited user/administrator control over when and how the OSes get patched.

Both the server and workstation versions of Windows use the same updating code, and thus they have the same patch-management complexities: which updates are offered, when they’re installed, and when a machine reboots. And for businesses, there is a host of other potential updating traps.

Take system rebooting, for example. An unscheduled system shutdown can be a serious problem for all Windows systems. But it’s especially precarious with servers, such as those acting as hosted workstations for multiple users, both locally (a terminal server) and remotely (via remote desktop). It’s even more problematic on servers hosting Hyper-V virtual systems (more info).

Unfortunately, we can no longer simply make changes to the registry or group-policy settings that let us download updates, review them, and then choose what gets installed. Updating is now a waiting game — we can only defer patches, hoping any problems get fixed before we’re forced to install them. And for small companies, Windows Update for Business (MS info) only adds to the misery. The service has confusing settings that can result in unanticipated complications.

Moreover, servers hosting both Windows and Office (e.g., for remote-desktop applications) have yet another complicating factor: the transition to a world where the Windows and Office updating mechanisms have nothing in common. Microsoft’s Click-to-Run technology downloads a complete version of Office every month, and the process has absolutely no connection to the Windows-update interface (which, some would argue, is a good thing). That means managing two different updating systems.

If you have a “one-time-purchase” or MSI-install version of Office, you’ll see feature and security patches offered through Windows Update. And you manage them just as you would Windows patches.

On the other hand, updates for Click-to-Run versions of Office are effectively invisible — they dribble down to your system in the background. But they can still be managed.

To determine whether you have a Click-to-Run version, open any Office app and click Account. (If you have a document open, click File and then Account.) Look for labeling that you’re running Office 365 or Office Professional Plus 2016. You should also see the Version number and whether it’s on the “Monthly Channel” or “Semi-annual Channel.” Oddly, that information will show up in the section about the currently open app — e.g., “About Excel” (see Figure 1).

Figure 1. Click-to-Run versions of Office place the version number and channel next to the open app’s About box.

You can delay these “dribbled” patches, but it takes a bit of action on your part. In the Account interface you should see the Office Updates section with an icon labeled “Update Options.” (Note: Editions of Office 365 Home and Personal purchased through the MS Store don’t have this setting; you manage updating through your Store account. More on that in a future article.)

Normally, the Office Updates section has text stating “Updates are automatically downloaded and installed.” To change that behavior, click the icon and select “Disable updates” (see Figure 2). You’ll see the description change to “This product will not be updated” (See Figure 3). Now — and this is really important — put a reminder on your calendar to go back into this interface once a month to click the Update Options icon again and select Update Now.

Figure 2. Office Professional Plus 2016 includes three updating options: Update Now, Disable Updates, and View Updates.

Figure 3. If you use the Disable Updates option, future Office patching will cease — until you manually select Update Now.

Next, I recommend moving your Office 365 updating from “Monthly Channel” to “Semi-annual Channel” (more info). You’ll still get security updates every month, but you won’t receive the potentially jarring user-interface changes and additions as frequently.

This process, however, takes a few steps. Here’s the quick version, based on an Erwin Bierens blog post.

You’ll see a box pop up on your screen, initially stating “Checking for updates” (see Figure 5) — then “Downloading Office updates ….” You’ll now have a “new” Office setup that’s actually just a version of the slower-to-update Semi-annual Channel. I’ve been able to flip all my Office 365 editions to “semi-annual” — from one provided by GoDaddy to Microsoft 365 E5 licenses.

Figure 5. After you finish entering the given commands, Office will download and install updates — but in fact, you’re just switching to the slower updating channel.

When Office finishes updating, open one of the Office apps and check Account again. You should see that your edition of Office is now set to “Semi-annual Channel” and not “Monthly Channel.” Reminder: If you disabled Office 365 updating, you must remember to manually check for updates. You’ll still want to keep Office patched — but now you’ll get them when you are ready for them.

The point of managing Windows updates is to control system interruptions to some extent. To be clear, at no time will I ever recommend never installing updates (as some people do). Rather, my recommended changes let you decide when patching — and especially rebooting — takes place. No business wants its production systems to be, in effect, beta test machines for recently released updates. (That’s what test platforms — and forums such as AskWoody — are for.)

Using Group Policy to control updates. I gave most of the following instructions in the most recent Patch Watch column, but here they are again, with some added details. (Reminder: Windows 10 Home does not have the Group Policy Editor. You’ll need to upgrade to the Professional editions.)

You’ll also want to push off quality (monthly cumulative) updates for at least two weeks. Here’s how.

When I feel comfortable that an update is stable and won’t cause any significant problems, I allow it to be installed — at a time that will have the least impact on productivity.

As most IT admins should know, you don’t have to worry about feature releases impacting servers that have the full graphical user interface (GUI). Those servers are typically on the Long Term Servicing Branch (LTSB) and thus are not subject to the semi-annual updating process on desktops.

You can defer automatic updating. On my unmanaged home PCs, I may set Windows to defer updating for a few days. It gives Microsoft time to pull back patches that immediately break things. (This is a viable option for the systems of friends and family you’d rather not actively manage — assuming they’re running Win10 Pro.)

Again, this requires gpedit in order to set the day and time for automatic patch installation. Click through Computer Configuration\Administrative Templates\Windows Components\Windows Update\. Next, double-click Configure Automatic Updates, click Enable, and then enter a scheduled day and time from the drop-down lists — typically 7-Every Saturday at, say, 3 a.m.

I then leave the system turned on, knowing that it will automatically install updates and reboot on the Saturday following Patch Tuesday — when I’m sound asleep.

Other business updating tactics: On some business systems, I might place Windows Server Update Services (WSUS) between my machines and the Redmond mothership. If you do use WSUS and set any of the deferral options (the “Windows Update for Business” settings) you must enable the Group Policy setting “Do not allow update deferral policies to cause scans against Windows Update.”

That option’s help states: “If this policy is disabled or not configured, then the Windows Update client may initiate automatic scans against Windows Update while update deferral policies are enabled.” In other words, if this option is not enabled, your system might ignore your WSUS settings and install patches from Windows Update.

On the other hand, I do not recommend enabling “No auto-restart with logged on users for scheduled automatic update installations.” This option prevented my Win10 systems from rebooting on the weekend, as I wanted them to. Worse, it actually triggered a reboot when a user was actively working on the system. When I turned the “No auto-restart …” option off, Windows respected my WSUS settings and behaved better.

Depending on your geek level, there are several other options for handling updates. For example, if you’d rather not tinker with Group Policy, I recommend the free/donationware Windows Update MiniTool. It’s a sort of Windows Update with real controls. You can use it to search new patches, download but not install updates, add patches when you’re ready, and much more. (Note: There are no real instructions for this app, nor is there support. But the interface is relatively simple.)

Your patching routine should also include keeping applications up to date. The free Patch My PC Updater is a good tool. It quickly scans for all applications on your system and lists whether those it finds are up to date or not. It also makes it easy to selectively update apps.

For server admins who want to keep consumer-oriented software off their systems, the PowerShell module lets you control updates from the command line.

The most important point for updating servers is to never disable updating without a thorough plan for when and how you’ll manually install and deploy patches. Those plans can include PowerShell, Microsoft’s WSUS, PDQ Deploy, BatchPatch, WSUSOffline, and other third-party patching tools.

Again, I can’t stress this enough: Turning off updating indefinitely is not appropriate behavior these days. Yes, the recent threats of worms and zero days haven’t materialized. But as the spread of WannaCry points out, especially on older Windows operating systems, not installing patches can be dangerous. We had the WannaCry patch a month before the attacks started, yet many of us never applied it — and suffered the consequences. Nearly all the impacted machines were running Windows 7 — a system on which we had full patching control.

A Windows 7 reminder: Consumer and small-business versions of the OS will soon reach their end of support. But on December 1, Microsoft will offer an extended-support program for businesses of any size. I’ll be purchasing a subscription and giving you the full details on how to buy a single license for Windows 7 extended-support patches. Stay tuned for more ways we can keep Windows 7 platforms secure.

Stay safe out there — and please don’t stop updating. Just decide when it’s right for you.

In real life, Susan Bradley is a Microsoft Security MVP and IT wrangler at a California accounting firm, where she manages a fleet of servers, virtual machines, workstations, iPhones, and other digital devices. She also does forensic investigations of computer systems for the firm.

Best Utilities

By Deanna McElveen

After 20 years of troubleshooting and repairing computers, Randy and I have seen many fine and free diagnostics tools come and go.

And while we use many utilities for our work, we rely on a core set almost every day.

In this column, rather than focus on just one freeware app, I’ll tell you about 10 of our currently favorite PC-service utilities. (We are always looking for new apps that make PC repair faster and easier.) With one exception, all of the listed apps are free and are hosted on our OlderGeeks.com site. (The exception is Malwarebytes Premium, which has a trial period but is otherwise subscription-based.)

In most cases when I’m diagnosing a faulty PC, I’ll start by scanning for malware and other noxious software.

1) Malwarebytes AdwCleaner

In my opinion, AdwCleaner (Figure 1) is the best tool for an initial scan and removal of malware and other unwanted software that’s often the bulk of what’s impairing a PC. Before running this app, be sure the machine is connected to the Internet so that AdwCleaner can automatically download the latest malware definitions before scanning.

Figure 1. AdwCleaner from Malwarebytes removes system-clogging detritus such as adware and unwanted programs.

2) Malwarebytes

Malwarebytes has a long history of superior malware removal. It started out as a free on-demand utility for cleaning PCs of viruses and other malicious software. But over time, it added the ability to protect systems full-time.

Malwarebytes Premium (Figure 2) is the subscription-based version that blocks malware in real time. But you can still acquire the free version for just scanning and cleaning — it even includes a 14-day trial of Premium. And for diagnostics, a quick scan may be all you need.

Figure 2. Malwarebytes offers both free and paid versions. Subscribe to the paid Premium for full-time malware protection.

Drive diagnostics and repair is a massive utility category. Here are four we use frequently.

3) Piriform Recuva

Recovering files is a big part of our computer-repair services. Often that task requires advanced and expensive tools. But there are free apps for more casual recovery.

Recuva is a good utility if you’re just trying to bring back deleted files. Try it before moving onto more complicated tools. Note: As with any recovery program, never install and run Recuva on the drive you’re targeting — install it in a USB drive enclosure and run Recuva from another bootable drive. In some cases that will be a bootable CD or flash drive.

Figure 3. For relatively simple data-recovery tasks, start with Recuva.

4) Clonezilla

With the growing popularity of solid-state hard drives, we’re often asked to clone data from old spinning-disk drives to super-quick SSDs. Clonezilla is an app you’ll have to pry from my cold …. In “rescue mode” it’ll chew on a damaged hard drive for a week in order to give you a perfectly functioning clone.

You can burn Clonezilla ISO to a disc, but I prefer to use Rufus to build a bootable USB flash drive.

Figure 4. Clonezilla is an excellent free tool for upgrading to an SSD.

5) Hiren’s BootCD PE

Bootable discs and flash drives are often life-savers when troubleshooting. They let you work outside a failed operating system to run tasks such as malware scanning, file recovery, and fixing partitions.

Hiren’s BootCD PE is our go-to tool for creating bootable media. It also comes with many useful diagnostics tools (Figure 5) you can run from a CD. You can also load it onto a USB flash drive by downloading and running ISO2USB.exe (Figure 6; download link) on your computer — just point ISO2USB at the downloaded Hiren’s BootCD PE ISO.

Figure 5. Hiren’s BootCD PE includes diagnostics and repair tools such as CheckDiskGUI.

Figure 6. The ISO2USB tool lets you burn Hiren’s BootCD PE to a flash drive.

6) FastCopy

Moving files from one hard drive to another is common with PC servicing, but the process often seems to take forever. Well, that’s Windows for you. But there are tools for speeding up the task.

FastCopy is another staple in my toolbox. A copy job that takes Windows an hour will finish in just a few minutes with this utility. Better yet, the transfer is almost never paused — as is often the case when Windows waits for you to answer a stupid question (usually when you’ve walked away for a few minutes).

Figure 7. When moving large batches of files, FastCopy is our go-to tool.

7) GeekUninstaller

Removing stubborn programs is always annoying. It seems some apps won’t uninstall for the silliest of reasons.

There is only one uninstall utility we keep on our flash drive–based toolkit: Geek Uninstaller. As with all good utilities, it’s portable and highly effective. It’s been around for years. Not only will it remove any stuck program, it’ll quickly remove all traces of it from everywhere on a system.

Figure 8. If you have an app with a broken uninstaller, go to Geek Uninstaller.

8) StopUpdates10

Sometimes you have to really put the brakes on updates. With some of the craziness coming out of Redmond lately, this is true more than ever.

StopUpdates10 is our pick for stopping all updating activity in Windows. No matter what Microsoft changes to restart updating, this utility kills it!

Figure 9. When you really need to defer updates, StopUpdates10 always comes through.

9) Tweaking.com’s Windows Repair 2019

There was a time when a PC tech had dozens of floppies and/or CDs containing tools for every problem. Now we use all-in-one suites whenever possible.

Tweaking.com’s Windows Repair 2019 has a tool to repair nearly any Windows issue. Check the boxes for specific fixes — or heck, just let it fix everything!

Figure 10. Tweaking.com’s Windows Repair 2019 is the Swiss Army Knife of Windows repair utilities.

10) NirLauncher

We discussed this suite of utilities in a past Freeware Spotlight (AskWoody 2019-09-02). It’s truly the PC-repair jack of all trades — everything from cracking passwords to scanning networks to repairing Outlook or Windows. No one who maintains PCs should be without it.

Figure 11. NirLauncher is a suite of utilities with a convenient user interface for installing and launching PC-repair tools.

It’s difficult to whittle down our list of favorite utilities to just 10. But I’ve used all the above for so long, I can run them with my eyes closed!

Happy Computing!

Deanna and Randy McElveen are celebrating 20 years in the computer business, seven years running OlderGeeks.com, and 26 years of putting up with each other. Their computer store is in a small town in the Missouri Ozarks. Believing that happy customers are always the best advertisement, they hope to do it for another 20 years.

Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.

Your email subscription:

• Subscription help: customersupport@askwoody.com

Copyright © 2019 AskWoody LLC, All rights reserved.